Ubuntu Linux Founder Mark Shuttleworth urged development of a Linux desktop to rival what Apple has done in this space and aired a vision of software changing the world.

Shuttleworth, speaking at the O'Reilly Open Source Convention (OSCON) in Portland, Ore., on Tuesday evening, also urged development of a new revenue model to fund free software and set his sights on a services-based mechanism for this.? He also stressed the importance of interoperability with Windows.

Shuttleworth, of Canonical, emphasized development of the Linux desktop as well as mobile development.

"Can we go right past Apple in the user experience we deliver," Shuttleworth asked the audience. There is a profound challenge in the Linux desktop during the next two years to build this type of desktop.

"Certainly on the desktop experience we need to shoot beyond the Mac, but I think it's equally relevant [in] the mobile space," said Shuttleworth.

"The challenge for us is to figure out how to deliver something which is crisp and clean," without sacrificing the community process, he said.

An audience member mentioned issues that would emerge in developing an Apple-like desktop in the free software world.

"It would be hard to do from a free software point of view, I think, because so many people have so many different opinions," said Brad Cavanagh, data reduction software engineer at the Joint Astronomy Centre in Hilo, Hawaii.

"That's not to say you can't get good things out of open source. Obviously, you can but it?s going to be tough," Cavanagh.

Shuttleworth cited the need for newer business models, beyond advertising for free software.

"We had the Web for quite a long time before we figured out how [to do] ad-funded Web businesses," said Shuttleworth. But he said he did not see how advertising could fund Web-based applications and free software applications. He instead noted an emerging emphasis on services, calling services the engine for funding investments in free software.

"I think advertising works very well in the search case, but I don?t think it?s the sort of final solution in terms of business models to drive investment in free software," Shuttleworth said. "A more general view of services is required."

There will be tremendous innovation and experimentation with services, he said.

The free software world is in a quest for a complementary economic model. "When we look back at this era, we'll be looking at economics," as much as factors such as technology, Shuttleworth said.

Technology, he said, provides the opportunities to drive economic change, create wealth, and change society. "The way we run our lives today, software determines more and more of it," Shuttleworth said.

"In a very real sense, everything is becoming software," said Shuttleworth. "There have never been better opportunities to create wealth, better opportunities to change the world."

Recent wealth creators such as Google have been built on free software, Shuttleworth said. Free software, meanwhile, is "the ultimate form of disclosure" and serves as an engine for innovation.

"The question we should be asking the free software world is how can we stimulate that? How can we drive innovation faster," said Shuttleworth.

Shuttleworth also promoted the notion of cadence in free software releases. "The idea of establishing a regular rhythm or regular, predictable release schedule for free software is, I think, gaining prominence," and helps to stimulate the free software development process, he said.

Society, he said, needs a "pipeline of innovation."? A free software platform must be made accessible and architected for innovation, Shuttleworth said. The Firefox platform for instance, has been effectively made a platform for innovation through extensions and plug-ins, he said.

Linux, Shuttleworth said, must link up with Windows.? He stressed his belief that "Linux is the platform of the future. But I think it?s essential that we learn how to work with Windows."

Extensible software must work across both platforms, said Shuttleworth.

Shuttleworth also asked how free software changes the perception of software methodologies. He suggested extending agile programming. "If I look at the innovation story, the methodology story, the common thread on both of those to me is collaboration and participation," said Shuttleworth.

At Ubuntu, there is a goal of enabling people to make changes and build a community around changes, with nobody having to ask permission to participate.

Adobe Systems has released a new version of its Flash Player software, fixing a critical security bug that could make the Internet a dangerous place for Web surfers.

The new Flash Player 10 software, released Wednesday, fixes security flaws in Adobe's multimedia software including bugs that could allow hackers to pull off what's known as a clickjacking attack, wrote Adobe spokesman David Lenoe in a blog posting.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

For those who can't update to this new version of Flash, a Flash 9 security patch is still about a month off, he added. Adobe rates the clickjacking bug as 'critical.'

Although not widely used by criminals, clickjacking has received a lot of attention since it was first discussed a month ago. Flash isn't the only software that is vulnerable to a clickjacking attack, but Flash attacks have been considered among the most dangerous.

The security researchers who discovered the problem, Robert Hansen and Jeremiah Grossman, had intended to fully discuss clickjacking at a Sept. 24 security conference presentation. But they backed off and gave a slimmed-down version of their talk when Adobe asked for more time to patch its software.

Last week, however, security researcher Guy Aharonovsky showed how an Adobe Flash clickjacking attack would work, and with the information now out in the open, Hansen and Grossman went public with their findings.

In a clickjacking attack, the hacker users a variety of techniques to take control of what links the victim is actually clicking. In one attack, for example, the attacker would first have to trick the victim into visiting a malicious Web page and then clicking on what appeared to be a regular Web link. In reality the victim would be clicking on something altogether different such as a Flash object that turned on his microphone. "It's almost impossible for a user to determine what's going to happen when they click on a link," said Hansen, who is CEO of SecTheory.org, in an interview last week.

A clickjacker could wiretap victims' PCs, force them to execute online stock trades, delete blog pages, change a router or firewall configuration, create new Web mail accounts, or even force them to download software, Hansen said.

Because clickjacking affects other browser plugins, the best way to fix the clickjacking problem may be to change the way browsers work, Hansen said. "Browser makers understand the problem and they're trying to find ways to mitigate it," he said.

TopCoder, a company known for its competition-based software development services, is turning its sights on the SMB market with a new portal called TopCoder Direct that will come out of beta at the end of October.

Whereas TopCoder has previously used its community of programmers to develop custom applications for enterprises, the new offering will enable a wide range of customers to set up coding contests on their own.

[ Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

Users furnish a description of what they want developed, name a prize purse, and start a contest. Community members then submit entries, and the user chooses a winner and downloads it.

"The enterprise business is still strong. But this was always the vision from the start," said Robert Hughes, chief operating officer.

Initially, TopCoder Direct will focus on front-end tasks like logos and Web site look-and-feel. Later the service will move to full-blown application development. The second release will introduce "co-pilots" -- community members that for a negotiated fee will help customers set up competitions.

There is no charge to access the site; customers pay to start a contest. TopCoder will make money by taking a cut -- now set at 20 percent -- of the prize purse.

"It took us quite a while to build the supply side -- the community -- and to build out the processes, to get a predictable outcome from the community," Hughes said. "There'll be somewhat of a learning process for us [with TopCoder Direct]. Not everything is going to work right out of the gate."

Financial services provider Tree.com has been involved in the TopCoder Direct beta-testing period.

The service doesn't yet appear to be a money-saver, but that is not why Tree.com is involved, according to Keith Moore, senior vice president and head of the company's emerging business unit.

"We have a lot of great of ideas, but don't have a lot of flexibility to ramp up projects and ramp them back down," Moore said. "It's not an outsourcing model for us, it's really a bandwidth and innovation model ... I can see over time how it could be a potential money-saver for us, but we're not looking at it that way."

In general, outsourcing application development can make sense, assuming the project is concretely defined and it is easy to measure success, according to RedMonk analyst Michael Coté.

"It's a very binary sort of thing. Either the code works or it doesn't," he said.

"The more you know what you want, the cheaper it is," Coté added. "You can imagine if you made a house without a blueprint. You'd probably start over a few times."

TopCoder claims to have more than 170,000 community members in more than 200 countries. In addition to the custom development work these individuals perform, TopCoder has a catalog of prebuilt application components. The company claims that a program can be half-completed from the start, thanks to the catalog, which is available via subscription.

Intel has acquired the assets of NetEffect, a maker of Ethernet chips and adapters for high-performance computing clusters, for $8 million.

The company's Gigabit Ethernet and 10-Gigabit Ethernet adapters, ASICs (application-specific integrated circuits), and intellectual property will complement Intel's current Ethernet portfolio, Intel announced on Wednesday. The added products will help Intel address demand for server compute clusters, server virtualization, and convergence of network and storage traffic, Intel said.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

NetEffect's products support iWARP, a set of extensions to Ethernet from the RDMA (Remote Direct Memory Access) Consortium that is designed to eliminate overhead and latency in Ethernet networks. Intel described iWARP as an alternative to InfiniBand.

NetEffect was formed in 1998 as Banderacom, a maker of an InfiniBand switch and adapters, and recapitalized under its current name in 2004. Its 30 employees have joined Intel but will remain in Austin, Texas.

Intel will continue to sell NetEffect's adapters and work with the former NetEffect engineering on future generations of ASICs, said Steve Schultz, director of marketing for Intel's LAN access division. Intel supports but doesn't make InfiniBand products, and NetEffect's iWARP-based products give Intel a lineup that offers comparable performance with the benefits of Ethernet, he said.

Consolidation and virtualization of datacenter servers has created new challenges in connecting them at high speed. InifiniBand is commonly used to meet those challenges, but there is a long-term trend toward using Ethernet as the single networking technology across LANs, datacenters, and storage. The transition to a single network protocol from datacenters that today may have Ethernet, Fibre Channel, and InfiniBand is expected eventually to simplify administration and lower costs for enterprises.

The NetEffect acquisition may be a good move for the long term but isn't likely to change the game soon, analysts said.

Although the RDMA Consortium was kicked off in 2002 with support from several big names, including Broadcom, Microsoft, Adaptec, and NetApp, iWARP has remained a niche technology because the top manufacturers have stuck with InfiniBand, said Bob Wheeler, an analyst at The Linley Group.

"Having a company the size of Intel behind iWARP should help substantially" in the long term, Wheeler said. "Strategically, it fits into Intel's vision of having Ethernet everywhere."

The Ethernet-based RDMA technology doesn't yet match InfiniBand for reducing latency, said Yankee Group analyst Zeus Kerravala.

"InfiniBand still gives you better performance at a lower cost, with lower latency," Kerravala said. "I do think Ethernet is the way the market will go. I just think it will take a while."

Opera Software on Wednesday revealed a search engine that indexes structural information about Web pages so Web developers and standards bodies can see what technologies are being used to build Web sites and how they are being used.

The Metadata Analysis and Mining Application search engine -- "MAMA" for short -- is being tested by the company and should be released in an invitation-only beta by the end of the year, said Snorre Grimsby, vice president of quality assurance at Opera in Oslo, Norway.

MAMA grew out of tests Opera routinely does to make sure its own browser software products work well with existing Web pages that use the most commonly used Web site-creation technology, he said.

"We realized internally that we needed to be able to find lots of live sites out there that used certain technologies in certain combinations so we could test our browser on them," Grimsby said.

The resulting search engine crawls the Web, but instead of indexing the content of Web sites, as most search engines do, it discards the content and indexes the types of technologies being used on sites, such as CSS, HTML, XHTML, and the like, Grimsby said.

This information is helpful for Web developers, who can use MAMA to identify sites that are using certain kinds of technology and see how other developers have implemented it, he said.

"It's a known fact that Web developers borrow ideas from each other," Grimsby said. If developers are working with a Web application that needs, for example, a new menu system, MAMA can help them find sites that use the technology being considered to build the system to get ideas for their own implementation.

Developers also can use MAMA to see how well sites conform to current World Wide Web Consortium (W3C) specifications for commonly used Web standards, such as CSS, HTML and others. The W3C oversees the creation and maintenance of specs for many of the most prevalent Web-site development technologies.

Grimsby said that in Opera's own use of MAMA, Opera found that the average Web page has 47 discrepancies in how the site renders W3C-maintained technologies and the W3C specifications themselves.

MAMA also can be useful for the W3C and other standards bodies to help them set priorities for developing specifications. For example, if a technology is used a certain way on the majority of Web sites, or not used very much at all, the W3C "can change the spec or take something out of the spec," Grimsby said.

During an interview Wednesday, Grimsby demonstrated MAMA in real time by using it to crawl an International Data Group Web page, http://www.idg.net/idgns, to find out what technologies the site used.

According to the search engine, the site is running on version 2.2.8 of the Apache Web Server on a Windows 32-bit hardware server, has 56 hyperlinks and uses XHTML (Extensible HTML) 1.0 and CSS, he said.

In the next eight weeks Opera expects to publish a series of articles on its developer Web site about its own internal use of MAMA, noting key findings, statistics and trends the search engine discovers, he said.

By the end of the year, the company will invite key people within standards bodies to test the search engine, with a goal of releasing it publicly to developers sometime in the first or second quarter of next year, Grimsby said.

A beta version of Linux Standard Base (LSB) 4.0 released this week adds developer features to technology intended to reconcile differences between Linux distributions, the Linux Foundation said.

Version 4.0 offers application and shell script-checkers and a multiversion software development kit, the foundation said.

The full release of LSB 4.0 is set for this fall.

"This LSB 4.0 release is aimed at the practical needs of developers, both those looking for a standard platform and those who just want some practical advice on portability," said Jeff Licquia, senior engineer and technical lead for LSB 4.0 at the Linux Foundation, in a statement released by the foundation.

The multiversion software development kit lets developers build applications to previous LSB specifications without changing SDKs, the foundation said. By reducing differences between Linux distributions, the LSB reduces costs of porting applications to different distributions, the foundation said. After-market support costs and test expenses are reduced as well.

With the LSB, ISVs can address a global market for applications, the foundation said. New tools help make it easier to ensure applications are LSB-compliant. Portability is tested by a revised Linux Application Checker.? The checker draws on a testing framework developed by the Russian Academy of Sciences and the foundation to examine binary files of an application to determine how it will run on LSB-certified distributions.

A shell script-checker in LSB 4.0 catches potential cross-shell problems in scripts so that a script on one distribution can safely run on another. The SDK in the beta release can build applications to LSB 3.0, 3.1, 3.2, or 4.0 specifications. The SDK will be decoupled from the release of new specifications.

LSB 4.0 includes Mozilla Network Security Services (NSS) and Netscape Portable Runtime (NSPR) for cryptography. The combination offers Secure Sockets Layer (SSL) capability.

While popular, the OpenSSL library has raised a concern that poses a problem for standardization, according to the foundation. As it has been developed, it has not maintained full backward compatibility with earlier versions. NSS and NSPR have maintained backward compatibility with earlier versions and thus are a better fit for the LSB, the foundation said.

The sample implementation of Linux code featured in version 4.0 has been redesigned and is now based on rPath Conary technology instead of Linux from Scratch, the foundation said. The implementation will ship with utilities to make it easier to use.

The LSB 4.0 beta specification, test suite, and developer tools are available on the foundation Web site.

The foundation also said this week that its free and open source software (FOSS) governance workgroup, called FOSSBazaar, has nearly doubled in membership since being launched in January. New members include Ars, Aperta, Black Duck, BT, Krugle, Palamida, and nextB, bringing the total number of members to 15. The initiative was founded by the foundation along with vendors such as Google, HP, and Novell.?