How do Open Source Software Product Companies Make Money?

How do Open Source product companies make money? As a consumer, user and producer of OSS, I looked at a number of venture capital-backed, open source software product (OSSP) companies to help understand what their motivations are and where they might be going.




Size of Linux Distributions for the Cloud, 2016

The size of a fresh Linux install on EC2 is a rough proxy for it’s complexity, how big the attack surface is and how frequently it will need updates. Less is definitely more. In 2015, I compared the number of packages on default install on AWS EC2. Let’s see how things changed or not. This time, in addition to the number of packages installed, I also checked on-disk image size. Corrections and additions welcome.


XML, JSON, YAML, TOML for Configuration

In an ideal world, your application wouldn’t need a configuration file. Perhaps everything can be passed in using flags or environment variables. Perhaps it can pull down configuration over the network. But assuming you do need a configuration file, that can be read and written by humans, what format should it be in?

TLDR: Use TOML, and still looking for an even simpler format.


Golang and Gracefully Handling Lists in Configuration Files

Most configuration files are processed using ‘object unmarshaling’ (or deserialization) into internal data structures. While this is easy and fast, it’s not very flexible for configuration. In most cases a “single value” and an element with a single value are treated differently.


Comparison of Linux Distributions on AWS EC2

How do various Linux distributions implement a operating system for use in virtualized or cloud environments? One proxy for size and complexity is the number of packages installed. While not a perfect comparison, in general, less is more. In Amazon’s US-WEST-1 region, I fired up the a number of Linux distributions and counted the number of packages installed.


Libinjection: From SQLI to XSS V2

libinjection: From SQLI to XSS (version 2) was first presented at Code Blue, Tokyo Japan on 2014-02-18. English and 日本語

Libinjection: From SQLI to XSS V1

libinjection: From SQLI to XSS (version 1) was first presented at OWASP AppSec Socal, in Santa Monica, California.