Monthly Archives: September 2009

Supporting two domains in one ASP.NET MVC site – A Poor Man’s Approach

Hosting Two Different Domains in Same ASP.NET MVC Site

Motivation – I am Cheap!

I have a hosting account at DiscountASP.NET that I have used as a playground for anything I want to host on the web. My personal Coding Out Loud site is hosted there (with a few directories that are not linked, for example). Since starting the Boston Azure User Group, I need a place to host a page. While I would eventually like to host the user group site on Azure itself, for now I have produced a simple ASP.NET MVC site. To avoid paying for two hosting accounts, I am reusing my existing account – sharing the hosting across bostonazureusergroup.org and codingoutloud.com – but still maintaining their distinct identities.

We can consider the Boston Azure User Group the main site, and Coding Out Loud the secondary site.

Requirements

The approach I take makes sense to me since I want a solution that is:

  • Very simple
  • Inexpensive
  • Easy to manage once implemented
  • Treats bostonazureusergroup.org as the main site, but “tolerates” codingoutloud.com being around (in other words, maintainability/risk of errors for codingoutloud.com is less important)

Solution

In order to host two sites with a single hosting account, you have a few steps:

  1. Add a Domain Pointer with your ISP. If, like me, your site is hosted on a shared IP address, this step is necessary so that the site’s IIS web server knows which top-level directory your domain is associated with. In my case, this tells both codingoutloud.com and bostonazureusergroup.org to go to the same site.
  2. Configure your DNS. This is easier than it sounds. Your ISP will tell which DNS servers your should point to. You could also deal with Godaddy’s Domain Forwarding and cloaking, but for a one-time cost of $15 with my ISP (DiscountASP.NET) I just added the pointer – a cleaner solution, and possible more search-engine-friendly.
  3. Note that the following changes to the code are only necessary if you want different results dependent on which domain is used to access the site – in other words, I don’t want my bostonazureusergroup.org visitors to be stumbling across any codingoutloud.com artifacts, and vice versa. The following screen shot includes the hack simple code modifications – they are circled – a private method with a little dirty work, invoke the method in the right place, and display a specific View. Note that the view is specified in a different file – and under a folder that is specific to your secondary site – CodingOutLoud in my case.

Poor Man's Domain sharing in ASP.NET MVC

To create the …/Views/CodingOutLoud/Index.aspx view shown in the right-hand pane in the screen shown above, you would do the following:

  1. Right-Click on Views folder and choose Add > New Folder from the pop-up. I called mine “CodingOutLoud” and it is shown above.
  2. Right-Click on the newly created Views/CodingOutLoud folder, this time choose Add > View… from the pop-up, as shown below. I called my View “Index” (and since it lives under CodingOutLoud folder it does not clash with other Views with that name, given the default routing rules).

image 

Name your view – and I also chose not to use the master page, so I unchecked it:

image

Once created, …/Views/CodingOutLoud/Index.aspx can contain any code you like – even plain old HTML.

This is all it took to get this simple approach to work. Now when users visit via “codingoutloud.com” they are diverted to …/Views/CodingOutLoud/Index.aspx, and otherwise the usual machinery of ASP.NET MVC takes over.

Other Potential Approaches

I considered, but did not adopt, some other approaches – mostly since I wanted to do something very simple. Here are some of the other approaches:

Advertisements

Cloud Security – A Business Tradeoff?

I took notes during the Boston Cloud Computing Group Meetup 23-Sept-2009 – the raw notes are below, but a couple of more noteworthy highlights appear first with some of my views interspersed.

Executive Summary – Key Take-Aways & Highlights

Notes from Javed Ikbal’s talk (http://10domains.blogspot.com) are in regular type. My editorial comments and thoughts are in italics or bold italics – so don’t blame these on Javed. 🙂

  • Key take-away – going to the Cloud is waaaay more about Business Tradeoffs than it is about Technology.
  • “There are 2 kinds of companies – those which have had a [data security]breach, and those which are going to have a [data security] breach” -Javed
  • Centralization of data makes insider threat a bigger risk -Javed
  • “On premise does not mean people are doing the right thing” –Javed – right on! I bet the majority of the fortune five-million (as 37 Signals refers to the medium and small business market) have insufficient IT – they just don’t know it. Any stats?
  • Someone from the audience stated there are more breaches in on-premise data centers than in cloud. Therefore cloud is safer. I don’t buy the logic. There could so many more publicized breaches in on-premise systems simply because there are so many more on premise data centers today. So this is easy to misinterpret. We can’t tell either way from the data. My personal prediction: today if there is a data breach for data stored in the cloud, people will not be able to believe you were reckless enough to store it in the cloud; 5 years from now, if there is a data breach for data stored on premise, people will not be able to believe you were reckless enough to store it locally instead of in the cloud which everyone will then believe is the safest place.
  • Someone from audience commented that business value of losing data will be balanced against business cost of it being exposed. This comment did not account for the PROBABILITY of there being a breach – how do you calculate this risk? I bet it is easier to calculate this risk on the cloud than on premise (though *I* don’t know how to do this)
  • Comment from Stefan: We can’t expect all cloud services to be up all the time (we were chatting about Google and Amazon downtime, which has been well documented). I completely agree – And many businesses don’t have the data to fairly/accurately compare their own uptimes with those of the cloud vendors – and, further, if the cloud vendors did have 100% up-time, that may destroy the economies we are seeing on the cloud today (who cares if it is 100% reliable if it is 0% affordable – that’s too expensive to be interesting)
  • Off-premise security != in cloud – different security issues for different data – Javed In other words, treat SSN and Credit Card data differently than which books I bought last year. But I can think of LOTS of data that is seemingly innocuous, but that SOME PEOPLE will balk at having it classified  as “non-sensitive” – might be my bookmarks, movie rentals, books purchased, travel plans/history, many more… not just those that support identity theft and/or direct monetary loss (bank account hacks). I think it would be a fine idea for data hosts to publicly declare their data classification scheme – shouldn’t we all have a right to know?
  • I think IT generally – and The Cloud specifically – could benefit from the kind of thinking that went into GoodGuide.com.

Raw Notes Follow

The rest of these notes are a bit rough – and may or may not make sense – but here they are anyway…

Intros

  • Pizza & drinks, some social (sat next to Stefan Schueller from TechDroid Sytems and enjoyed chatting with him)
  • Went around the room introducing ourselves
  • People who were hiring / looking for work spoke up
  • Around 30 people in attendance
  • Meeting host: Aprigo – 460 Totten Pond rd, suite 660 – Waltham, MA  02451 – USA
  • Feisty audience! Lots of participation. This added to the meeting impact.

Twisted Storage talk

From Meetup description: Charles Wegrzyn – CTO at TwistedStorage Inc. (Check actually built an Open source cloud storage system back in ’05)

TwistedStorage is open source software that converts multiple storage
repositories, legacy or green-field, into a single petabyte-scale cloud
for unstructured data, digital media storage, and archiving. The Twisted
Storage Enterprise Storage Cloud provides federated search, electronic
data discovery with lock-down, and policy-driven file management
including indexing, retention, security, encryption, format conversion,
information lifecycle management, and automatic business continuity.

History of Building Storage Management software

  • Open Source
  • Been downloaded 75k times
  • Re-wrote – now version 4 – in Python

Common anti-pattern observed in real world:

  • Users storing “stuff” in Exchange since that was a convenient place to store it
  • Results in a LOT of email storage (and add’l capacity is easy to keep adding on)
  • Can’t find your data (too much to logically manage)
  • Backups inadequate
  • Complexity, complexity, complexity

The Twisted Storage Way

  • Federated storage silos w/ adaptors/agents
  • Provide enterprise capabilities spanning sites (access control, audits, search/indexing – including support for metadata, simplified administration and recovery)
  • Petabyte-scale
  • ILM = Information Lifecycle Management
  • Open Source
  • Work-flow (Python scripts, XML coming)
  • Policy-driven (“delete this after 2 years”, “encrypt me”) (Python scripts)

Twisted Storage Design Goals

  • Always available content (via replication)
  • No back-up or recovery needed (due to replication)
  • Linear scalability (scales out)
  • Able to trade off durability with performance
  • Supports old hardware
  • Minimal admin overhead
  • Support external storage systems and linkage
  • Portable – will run on Linux, Windows, (iPhone?) – due to portable Python implementation
  • Pricing: Enterprise Edition: $500 / TB up to 2 PB (annual), minimum $10k for first 20 TB (see web site for full story)
  • versus competition like Centera which charge $15k/Silo + Enterprise Edition
  • http://www.twistedstorage.com, cwegrzyn@twistedstorage.com

Info Security & Cloud Computing Talk

From Meetup description:  Javed Ikbal (principal and co-founder of zSquad LLC)- will talk about:   “Marketing, Uncertainty and Doubt: Information Security and Cloud Computing”

  • What is the minimum security due diligence that a company needs to do before putting it’s data in the cloud?
  • Since 2007, Amazon has been telling us they are “.. working with a public accounting firm to … attain certifications such as SAS70 Type II”  but these have not happened in 2+ years.
  • On one side of the cloud security issue we have the marketing people, whohype up the existing security and gloss over the non-existing. On the other side we have security services vendors, who hawk their wares by hyping up the lack of security. The truth is, there is a class of data for every cloud out there, and there is also someone who will suffer a data breach because they did not secure it properly.
  • We will look at Amazon’s EC2, risk tolerance, and how to secure the data in the cloud.
  • Javed is a principal and co-founder of zSquad LLC, a Boston-based information security consulting practice.

Javed is a Security Consultant

Also co-founded http://www.layoffsupportnetwork.com

Formerly worked in Fidelity (in security area)

Cloud Definition

  • Elastic – provision up/down on demand (technical)
  • Avail from anywhere (technical)
  • Pay-as-you-go (business model)

Cloud Challenges

  • Data stored in China – gov’t could get at it
  • We never have direct access
  • May be locked in? (for practical reasons)
  • March 7, 2009 from WSJ – Google disclosed that it exposed a “small number” of Google docs – users not supposed to be authorized were able to view them. Google estimated < 0.05% of all stored Google docs were impacted – BUT! – this is a LOT of documents. http://blogs.wsj.com/digits/2009/03/08/1214/
  • Sept 18, 2009 from NYT – a recent bug in Google Apps allowed students at several colleges to read each other’s emails – this impacted only a “small handful” of colleges (like Brown University, for 3 days)http://www.nytimes.com/external/readwriteweb/2009/09/18/18/18readwriteweb-whoops-students-going-google-get-to-read-ea-12995.html
  • Google’s official policy for paid customers states “at your sole risk” and no guarantee it will be uninterrupted, timely, secure, or free from errors
  • Amazon states it is not responsible for “deletioreach” – Javedn, destruction, loss” etc.
  • Google will not allow customers to audit Google’s cloud storage claims
  • Amazon says PCI level 2 compliance is possible with AWS, level 1 not possible
  • SAS 70 Type II reports not meaningful unless you can see which controls were evaluated
  • “on premise does not mean people are doing the right thing” –Javed
  • Perception of more breaches in on-premise systems – but there are so many more of them, it is easy to misinterpret
  • Business value of losing data will be balanced against business cost of it being exposed – but this does not account for the PROBABILITY of there being a breach – how do you calculate this risk? I bet it is easier to calculate this risk on the cloud than on premise (though *I* don’t know how to do this)
  • We can’t expect all cloud services to be up all the time – right, and many businesses don’t have the data to fairly/accurately compare their own uptimes with those of the cloud vendors – and, further, if the cloud vendors did have 100% up-time, that may destroy the economies we are seeing on the cloud today (it may be 100% reliable, but too expensive to be interesting)
  • Off-premise security != in cloud – different security issues for different data
  • “There are 2 kinds of companies – those which have had a [data security]breach, and those which are going to have a [data security] breach” -Javed
  • Centralization of data makes insider threat a bigger risk
  • Customers should perform on-site inspections of cloud provider facilities (but rare?)
  • Ask SaaS vendor to see 3rd party audit reports – SalesForce has one, Amazon does not (Google neither? What about Microsoft – not yet?)
  • Providers need to be clear about what you will NOT support – e.g., Amazon took 2 years to provide an answer… Amazon/AWS disclaimers are excellent models
  • Providers need to understand they may be subject to legal/regulatory discovery due to something a customer did
  • Unisys has ISO 27001-certified data centers (high cost, effort)

Creating Secure Software

  • Devs care about deadlines and meeting the requirements
  • If security is not in the requirements, it will not get done
  • if devs don’t know how to code securely, it will not get done right (if at all)
  • Train your devs and archs: one day will help with 90% of issues!
  • Build security into your software dev life-cycle
  • Let security experts, not necessarily developers, write the security requirements
  • Secure Code Review can be expensive –  bake in an application security audit into your schedule, to be done before going live
  • (high customer extensibility + low provider security responsibility) IaaS – PaaS – SaaS (low customer extensibility + high provider security responsibility)

Your First Code Camp Talk

I gave my first Code Camp talk earlier this year – at the New Hampshire Code Camp in Feb  2009. Have you ever thought about giving a Code Camp talk yourself, but have had trouble getting over the hump from “want to do” to “have done”?

I am considering giving a talk at the upcoming Boston (Waltham) Code Camp 12 titled “So, You Want to Give Your First Code Camp Talk” which will address that. Would that be of interest to you? If so, I’d like to hear from you in advance. Please comment either via comments to this blog post, or email me directly (to codingoutloud at gmail dot com).

What is blocking you from presenting?

From those of you who have successfully presented, do you have pointers for the aspiring speakers among us?

Inquiring minds want to know!

Azure Development Requirements

Executive Summary

This post describes some key aspects of your development environment that need to be in place in order to to write and test code for Windows Azure.

Windows XP does not natively support Azure Development

For all the developers running Windows XP face an obstacle to writing code for Windows Azure:  developing for Azure requires Windows 7, Windows Vista, or Windows Server 2008. The fundamental dependency is that the Azure Fabric Controller (which runs on your desktop for development purposes, simulating cloud behavior) relies on IIS 7, which (you guessed it!) ships with Vista, Windows 7, and Windows Server 2008.

One option is to upgrade your operating system. If you are not quite ready to do that, you have another option – use Virtual PC to run Windows 7 from Windows XP. (This technique also works to run a virtualized Windows 7 image from Vista – or even Win 7 itself – since maybe you don’t want to foul your machine with beta software, like a sandbox for Visual Studio 2010 while it is still in beta (beta 1 as of this writing)).

Essential Software to Develop for Azure

The four essentials are:

  • Have IIS 7.x on one of Windows Vista (Business or Ultimate, I believe) –or– Windows Server 2008 –or– Windows 7
  • Install Visual Studio 2010 – currently in beta (beta 1 as of this writing) – or Visual Studio 2008
  • Install Azure plug-in – currently in beta – to Visual Studio 2010 or Visual Studio 2008
  • Create an account on Azure hosting in order to deploy to/test on the cloud

I wrote a separate, detailed post on creating a virtual machine image for Windows 7 using Virtual PC 2007.

Creating a Windows 7 Virtual Machine Image using Microsoft Virtual PC 2007

cool-monkey-thinker

Executive Summary

This post describes how to install Microsoft Virtual PC 2007, followed by a detailed walk-through of how to create a virtual machine image of a fresh Windows 7 installation using Virtual PC 2007.

In this post I concentrate on creating a Virtual PC image for Windows 7, but the steps for the other operating systems are similar.

Note this post deals with concerns for Developers. This post does not cover use of (related) virtualization techniques which are very popular today on the server-side.

Why Use Virtual Machines?

There are several reasons to use a Virtual PC-managed virtual machine for development:

You don’t want to install Pre-Release software (like a CTP – Community Technology Preview, which means “very rough”) or beta software directly on your development machine. A virtual machine environment makes it easy to manage these without risking your real machine.

You want to experiment. You may want to try out some testing with 4 GB or RAM, then maybe with 1/2 GB or RAM – so you know what to expect. Or you to keep testing something that changes your machine – and need to “start from scratch” frequently.

You want to run multiple operating systems. You may want to run Windows 7 to make sure your apps run fine on it – but you also don’t want to give up XP quite yet. You can run Windows 7 within a Windows XP host.

You want to set up a machine configuration and reuse it. You go through a lot of trouble to get your configuration “just so” and now want to share that with colleagues – or with yourself (on your home machine).

Are there other Virtualization options?

If you are a developer running XP -or- are running Win 7 on hardware that does not support hardware virtualization, Virtual PC 2007 is very likely what you want.

If you are running Windows 7, you can look into Virtual PC (sometimes seen as Virtual PC 7) (which includes XP Mode). Unlike Virtual PC 2007 which will work regardless of whether you have hardware virtualization, Virtual PC will work ONLY WHEN your computer supports hardware virtualization. Does my PC support hardware virtualization (or XP Mode)?

Unlike Virtual PC 2007, Virtual PC is for Windows 7 will not work on XP (but will work on the Windows 7 beta, sometimes known as Vista :-).

Only one of Virtual PC -or- Virtual PC 2007 can be installed concurrently on any given machine.

From Microsoft, other vendors, and open source, there are other sources of virtualization technology, and some might even be compatible with Virtual PC or VHD. [Did you know VHD format is an open standard?]. Though, consider that Virtual PC 2007 does not cost anything beyond the Windows license you (presumably) already have. Microsoft has many virtualization solutions, some with different purposes, such as App-V which is more for enterprise roll-out of apps (get it? App-V) to minimize incompatibilities due to other apps or environmental changes.

For developers, let’s assume (for reasons stated above in prior section) that you want a parallel universe to run other software within – safely – like an early beta… Virtual Machine images make these scenarios possible and easy! Let’s get down to business and walk through how to install & configure these virtual images.

Ready to Get Started?

Enable Hardware Virtualization in your Computer

The newer your PC, the more likely it is that it supports hardware acceleration for Virtualization. If you have this, you want to enable it for better performance. You may need to enable it in your BIOS. Unfortunately, the specific instructions will vary by computer manufacturer, so you’ll need to search the web for steps to enable Hardware Assisted Virtualization.

Installing Virtual PC 2007

Visit the download page for Microsoft Virtual PC 2007 download page for Microsoft Virtual PC 2007 sp1 and then select the appropriate version for your system (that is, 32- or 64-bit version).

image

Once downloaded, install it.

image

If you already have an earlier version of Virtual PC installed, you will likely see this self-explanatory message to uninstall the older version. If you are upgrading to Virtual PC 2007 sp1 from Virtual PC 2007, the installer will handle it for you.

image

Go to your trusty Add or Remove Programs applet and remove any remnants of old Virtual PC installs and proceed.

You can run Virtual PC 2007 and look in Help > About to see which version you are running. Version “Microsoft Virtual PC 6.0.192.0” is Virtual PC 2007 sp1, which is the one expected by the rest of this post.

Installing Microsoft Virtual PC 2007

Run Virtual PC 2007 installer

image

image

image

.. fill in your own info here, of course.

image

I kept the default installation location and let it rip. It completed around 2 minutes later.

NOW GET DOWN TO BUSINESS!

Create fresh Windows 7 virtual machine environment using Microsoft Virtual PC 2007

Download Your Windows 7 ISO Image

In order to install Windows 7, you need a copy of Windows 7. This could be a retail version of Windows 7 (from a DVD), but let’s make the assumption here that since you are a developer, you will be using a download image from MSDN that comes down as an ISO file, such as en_windows_7_professional_x86_dvd_x15-65804.iso. Note that you will need to install a 32-bit operating system to run under Virtual PC 2007. Log in to your MSDN account and select an appropriate version of Windows 7 to download, download it, and also be sure to copy the Activation Key (if applicable).

Run Upgrade Advisor

You may wish to run the Windows 7 Upgrade Advisor on your machine to make sure Windows 7 will be happy (as of this writing, the upgrade advisor tool is in beta). Assuming that goes well..

Run Virtual PC 2007

Run Microsoft Virtual PC 2007. From the opening screen, click the “New…” button:

image

The wizard will start. Click the “Next >” button:

image

image

Select “Create a virtual machine” and click “Next >” button…

Give your new Virtual Machine an appropriate name:

image

I also changed my location:

image

Select “Other” as Operating system and click “Next >” …

image

The recommended RAM will likely not be sufficient, so click “Adjusting the RAM” option:

image

How much memory is right? Considering Windows 7 system requirements (which call for at least 1 GB in the 32-bit version) and Visual Studio 2010 (beta 1) system requirements (which also calls for 1 GB (though not an additional 1 GB), you will hopefully be able to allocate at least 1 GB. I have 3 GB on my host machine, so I allocated 1.5 GB (1024 MB + 512 MB = 1536 MB). These values can also be tweaked later using Virtual PC.

image

I chose to create a new virtual disk:

For disk space, you have another set of decisions – Windows 7 wants 15 GB, Visual Studio 2010 wants 3 GB, so I rounded up to a nice even 18.5 GB (since I don’t have an abundance of space here):

image

Click “Next >” and you are almost done with this step.

image

Click “Finish” and now we are in business within Virtual PC:

image

Click on “Azure Dev” (or whatever you called your image) and click “Start” button to proceed:

If you have trouble starting your virtual machine due to not enough memory available, as in the following message, you either need to adjust its memory requirements of free up some memory.

You might consider throttling back your Anti-Virus software which could be a big consumer of memory (I disabled the on-the-fly file-system protection). Also, of course, close all unnecessary processes. The long-term solution is to buy a 64-bit machine with oodles of memory and be happy with that.

Once you have enough memory available, you will see the virtual machine complain very soon as it craps out after spinning up and thinking for a couple of minutes:

image

This is expected. You still need to install Windows 7 to move this along. To do this, make sure you have a ready-to-go image of Windows 7 as an ISO file (as you might download from MSDN) or physical media. You have two menu options, one for each of these cases:

image

In my case, I selected “Capture ISO Image…” and installed from there. Note that you navigate your host file-system for the ISO image to capture – not the file-system on your virtual machine, since that does not yet exist.

image

Click “Open” and notice how the CD menu on the virtual machine has been updated:

image

Now you can reboot your virtual machine to let the installation on the captured ISO image run (as if it was auto-starting to install on a physical machine). To reboot, choose Reset from the Action menu:

image

You will be warned:

image

But since you don’t have any unsaved changes to worry about, select the Reset button and proceed with the reset. (You have saved some information, you may be thinking, like memory and hard disk configuration; but that is all metadata about your image – not changes within the virtual machine itself – so there is no problem here.)

The reset begins…

image

Here is a warning which we will come back to. Dismiss this for now:

image

The system will chug and chug for a looong time – mine took around two hours to run (the good news is I let this run while I was watching the New England Patriots game this Sunday; the bad news is the Patriots fell to the Jets):

image

You will then proceed to install Windows 7 … mostly you will be just moving along without much fanfare, though you will need to name your “computer”, come up with a username (and optionally a password), and will need your Activation Key for Windows 7. Here is a good guide for installing Windows 7 on Virtual PC 2007. (And another.)

Don’t that forget the magic key/mouse combo to un-capture your mouse from the Virtual Machine is Right-Alt while dragging the mouse!!

image

After you get Windows 7 all configured, you probably still want to come back and install some updates:

image

image

But that’s the end of the detailed tour. You should now have a usable baseline virtual machine image that you can reuse, share, play with, etc. Make sure you create a back-up copy! And have a look at the features which allow you to manage roll-backs.

Good luck!

Boston Azure User Group

Coming soon – a new user group for the Boston/Cambridge/Waltham area:

The Boston Azure User Group will focus on Cloud Computing, specifically as it relates to Microsoft’s Windows Azure platform.

This group will likely kick-off in October 2009 – exact date to be determined – exact dates have now been determined – now working on the times 🙂  – see the Boston Azure User Group site for details and updates – and to join the mailing list.

What would YOU like to see covered in the meetings of the Boston Azure User Group? Please leave a comment with your thoughts / feedback.

And see you at the Boston Azure User Group!

The Fountainhead of Open Source

Just watched the The Fountainhead movie from 1946 (yes, from netflix).

Howard Rourke hacking Open Source code

Howard Rourke hacking Open Source

Here is the plot summary, brought up-to-date:

  • Open Source is represented by the protagonist, a brilliant architect named Howard Rourke. Rourke is idealistic, does his own thing, is uncompromising, and is not driven by money or recognition – and certainly not by Big Business.
  • Big Business is  represented by newspaper magnate Gail Wynand. Wynand wields substantial influence and is in perpetual pursuit of any means to incite the populace – an energized populace buys more product.
  • Consultants and Certified Vendor X Developers and Vendor Partners are represented by  architect Peter Keating. Keating goes with the flow, producing whatever the powers that be say is desirable. At one point, he mentions to Ms. Francon he’s polling folks on what they think of Rourke’s latest building to which she responds (with some disdain) “why, so you’ll know what you think of it?”

Lessons:

  • Talent != influence. Keating’s influence is limited to those who recognize his greatness. Most only recognize as great what they are told to recognize as great.
  • Passion can be directed constructively (Rourke pours his love into his life’s work) or destructively (Wynand devotes his career to controlling the masses through his newspaper).

The movie is based a book of the same title. The author, Ayn Rand, became well known for her Objectivism philosophy of life, exemplified in the movie by Gary Cooper who played the lead character, Howard Roark. [I wonder what Richard Stallman thinks of the book?]

I wonder how many professional software developers identify more with Howard Rourke or Peter Keating? And which is more desirable?

Any my clean analogies fall apart when one considers the combinations of Big  Business and Open Source. Microsoft just announced CodePlex.org and the CodePlex Foundation “to enable the exchange of code and understanding among software companies and open source communities.”

A dirty little secret of Eclipse, Linux, Apache and other high-profile projects is that they also have professional, full-time staff – sponsored by Big Business (like IBM) – since the success of these endeavors is strategic for their business.

Maybe Open Source isn’t as pure as the romantic notion of developers from around the world contributing since it was a nice thing to do. The world-wide altruistic contributions may still be there in some cases, just supplemented by Big Business. Which is okay with me, though might not be with Howard Rourke.

Continue reading