The Reg's review of 2014: Naked JLaw selfies, Uber and monkey madness

Rocket, Heartbleeder and Bash

People did a double take when Microsoft cast its developer crown jewels to the masses and open-sourced .NET. Conceived as Microsoft’s answer to Java and unveiled by Bill Gates in 2000, .NET was Microsoft’s great architecture for client, server and web. At that time, Microsoft was fighting open source tooth and nail.

But like Java in these latter years .NET is mentioned in the same breath as the word “legacy” with the sex and excitement around web languages and specs and open source. In a world of devices and data-centers that’s not a healthy place to be in, so Microsoft released the .NET framework class libraries and core to open source on GitHub under an MIT licence with Microsoft - in a further journey from its Windows-only history - committing to put .NET on Linux and OSX.

Once more, Java is the enemy. Almost straight away Microsoft forked .NET, for Windows desktop, store, Phone and ASP.NET.

Platform ubiquity is one thing, but Microsoft seems to accept it needs the love and attention of outsiders to nail down .NET in ways it hasn't.

Docker sailed a wave in 2014. It is an open source environment for building and managing apps inside containers regardless of external factors such as virtual machine, laptop or cloud - it taps into Linux kernel name spaces. Docker wasn’t exclusive to 2014 (the project started in 2013) but it captured the imagination and spirit of the distributed data-center times, winning all kinds of backers.

Tapping the Linux kernel sidestepped the need for Hyper-V, KVM and XEN emulation, meaning a leaner and faster management and performance hit.

The prospect was too tantalizing to resist, earning the love of Linux rivals Red Hat and Canonical, early support from Microsoft and from Amazon.

In the summer, Docker - the commercial firm that’s the open source project’s chief patron - released Docker 1.0 and then alpha Docker orchestration services.

Story over then? The future is history? No. This is tech and there is money a stake after all, and this being open source fragmentation happens.

Alleging Docker had drifted from the pure faith, CentOS chief exec Alex Polvi announced Rocket based on the CentOS infrastructure. Polvi said re-use had been sold out for larding Docker with other services turning it into a "monolithic binary". Rocket was a Linux-agnostic, ground-up alternative. Docker shot back that CentOS was more or less on its own. I guess 2015 will determine who is right.

Chances are this could be like Cloudera vs. Hortonworks in big data - two tiny firms fighting in an ocean of opportunity. The question: who among top-tier tech firms can they quickly get on their side. The nightmare scenario for somebody is the devs who made 2014 the year of Docker follow one, and - in so doing - kill the other.

Why'd you have to be a Heart Bleeder?

Open source software is secure precisely because it’s not obscure - so fans of the stuff tell us. Their code has fewer bugs than the proprietary equivalent and is less vulnerable to hackers and viruses, they claim, because there are more eyes looking for the holes. But somebody didn’t tell those working on OpenSSL.

Sys admins were scrambling to fix systems when the open source version of Secure Sockets Layer (SSL) and Transport Layer Security (TSL) was found to hold a dark secret: a memory leak that could reveal users’ IDs and passwords and let wrong-doers snoop on traffic.

Called Heartbleed, half a million trusted web sites were vulnerable to the hole, according to Netcraft, not to mention email systems, IMs, PCs and smartphones and tablets using the crypto library. Up to 4.5m patent records were exposed via Heartbleed following an attack on US health group Community Health Systems, running more than 200 hospitals.

The hardest part? It could all have been avoided - Heartbleed was the product of a mistake made during coding.

Security rock-star Bruce Schnier was frank: “One a scale of one to 10, this is an 11.”

Oh well, at least it was just an isolated event. Think again. I give you: Bash, the GNU Project’s Unix shell, that’s the default shell for many a Linux and flavour of Linux, that is used in Apple’s OSX and that been ported to Microsoft’s Windows. Bash was found to contain a back door named Shellshock that lets hackers take over systems to lift sensitive data and also run systems from afar.

The hole was thought to have sat undiscovered by the light side of The Force for 22 years leading bureaucrats in the UK’s Information Commissioner’s Office telling people to patch up ASAP as Red Hat, Apple and others scrambled to deploy fixes.