Archive for February, 2007

What is open source anyway?

Published by Stuart Yeates on February 28, 2007 in Discussion. Comments

Open source is often seen as a community-based method of building software that utilizes grass roots community to allow a democratization of software. The source code is readily accessible to all, enabling open standards and undermining entrenched monopolies. As open source projects build on each other they provide mutual support—upstream and downstream software users have access to the source code so they can debug the software to find bugs and patch the bugs that matter to them. By allowing users to allocate their own resources to develop the software the software evolves to meet the needs of those users who invest resources.

This Utopian view of open source has a key problem, it’s not applicative: you can’t apply it to classify a piece of software as “open source” or “not open source”. Lets take a look at a couple of pieces of software to see whether they might be open source:

WIX (Windows Installer XML) is a software project to allow open source projects to build, package and distribute Microsoft Windows installers for their projects. It is licensed under the common public licence, bearing the Open Source Initiative stamp of certification and hosted by sourceforge, the stereotypical hoster of open source projects.

WIX is not a good fit with our Utopian view of open source, because it is not built by a community, but by employees of Microsoft Corporation on company time, it does not enable open standards but is tied to Microsoft Windows operating systems on a small handful of hardware platforms, and far from undermining Microsoft’s entrenched monopoly on operating systems, appears to be specifically designed to defend Microsoft Windows from open source rival Linux.

ProGuard is a Java “obfuscater,” a tool that converts Java source code to a form from which it is extremely hard to infer any program details. Obfuscators are used to hide the source code and the intellectual property embedded in it. Obfuscators have secondary benefits, because the resulting code can be smaller and run marginally faster, but the primary use is to hide the source code. ProGuard is also hosted on source forge and released under the GPL.

ProGuard’s primary action hides source code rather than making it open, makes third party debugging much harder and third party patching effectively impossible, thus undermining the openness and community aspects of open source.

So should these software packages be considered “open source”?

Patent Claims Against Open Source

Published by Ross Gardler on February 23, 2007 in Legal. Comments

In the last few days there have been a number of reports that Steve Ballmer (CEO of Microsoft) has made a veiled threat against commercial open source providers with respect to software patents. At least one report provides the whole context of the alleged “threat” and has given Microsoft the opportunity to clarify any potential misunderstanding. The response does not appear to indicate any misinterpretation. Microsoft reaffirmed that their intention is to license their patent protected IP, stating that “Our agreement with Novell is yet another affirmation of our policy to license our IP to others - including open source companies.”

So do software patents threaten open source?

Patents do not threaten open source any more than they threaten closed source.

“Open source” is a term used to identify a licensing model, it is not a term that represents every single software package released under an open source licence. It is therefore true to say that patents threaten individual open source software projects, but it is also true to say that patents threaten individual closed source projects too. It is worth noting that Microsoft themselves were recently ordered to pay $US1.52 billion in damages as a result of a case concerning MP3 patents owned by Alcatel-Lucen (and that’s not the only case MS have lost or are fighting).

How is Open Source Tackling the Patent Issue?

Some open source licences explicitly protect the user against patent claims, for example the Apache License 2.0 contains a patent grant for any code contained within the product. This clause allows the licensee to exercise patent rights that would normally only extend to the licensor.

The validity of this clause is largely dependent on the organisation that issues the licensed software since it assumes that the contributor of the affected code owns the patent and therefore can legally grant that patent licence. Organisations such as the Apache Software Foundation (ASF) have formal IPR management policies to ensure that all downstream users of ASF produced software are adequately protected by this clause.

Even without a patent clause within an open source licence supporters of open source would argue that the peer review process found in community developed open source projects will reduce the risk of inadvertently infringing a patent. In a closed source development model this peer review process is rarely present and so the protection it affords the software producer is lost.

One more protection for open source software is the fact that many companies, such as Sun, IBM, Oracle and Novell have granted licences to use at least part of their patent portfolios within any open source software products. That is, they will not (can not in many cases) sue open source companies. It is interesting that these companies usually retain their right to use their patents against closed source companies.

The Conclusion

It is clear that patents are an issue for all of us to consider, whether we produce open or closed source software. They are not a threat to “open source” since this is a licensing model. They are, however, a potential threat to individual software projects regardless of the licence those projects adopt.

Google to enjoy another summer of code

Published by Stuart Yeates on February 16, 2007 in Software and Community. Comments

Google have announced this year’s “summer of code,” in which they sponsor (mainly computer science and software engineering) students to write open source software with existing projects.

Projects participating last year included moodle, debian, ubuntu and OpenOffice.

How Open is the Open Solutions Alliance?

Published by Ross Gardler on February 14, 2007 in Discussion and Community. Comment

I’m a fan of open source software, that’s why I work for OSS Watch. When I first started working with open source (about 10 years ago now) the term actually meant more than code was released under an open source licence. It meant there was a community of developers who came together to create a software solution to a shared problem.

However, as the business world has become increasingly aware of open source products as a viable way of creating high quality software for resale, things have begun to change. In some quarters of the open source business domain the importance of an open community in open source software development seems to have been lost.

I subscribe to perhaps the most extreme view of community in open source. That is, I believe that looking after a truly open and healthy community will result in the production of quality code.

Whilst I accept that there are different ways of managing a healthy community, one thing I will not budge on is that a healthy community is one in which everyone has a voice and everyone has free will. Unfortunately, there are many businesses releasing “open source” code where this simply is not the case.

So, when I first read about the Open Solutions Alliance I, like many others, ran off to the Internet to try and understand the implications of this new non-profit open source advocacy group. Unfortunately I found very little commentary other than gut reactions. So I had to do some work, to answer my primary question of “are these folk going to look after the open source community?”

The first thing that worried me was the following quote in a linux.com article:

Klawans [OSA spokesperson] acknowledges that exactly what licenses a member business may or may not use is rather vague. “We didn’t take a stance on it so we could get the launch done,” he says, “but we do know that a business has to be supporting the open source project that their project is based off of. They should be contributing code and effort back into the project and moving it forward.

At a time when the Open Source Initiative are attempting to tackle the problem of licence proliferation I would expect an organisation wanting to strengthen the position of open source in the business world would take the view that only OSI-certified licences are appropriate for its membership.

Whilst this stance on licensing is concerning, it says nothing about the OSA opinion of community since the OSI is concerned with open source licences, not with open communities. So, lets take a look at the OSA website itself, in particular their objectives:

Initially, the OSA will focus on the following activities:

  1. Defining and promoting tools, frameworks and best practices that facilitate easy deployment and interoperability between member applications;
  2. Building meta-communities by partnering on projects that involve a variety of companies, communities and individuals to drive innovation and collaboration; and
  3. Coordinating joint marketing campaigns to raise awareness of business-hardened open source applications and solution suites.

Point 1 is something that should be done within existing development communities. Nothing in the alliance’s web site states they will do this behind closed doors, but then it doesn’t say they will do it in the open as part of the existing communities either.

Point 2 is also something that should be done within existing communities. If there is really a need for such meta-communities then they should be created as open communities in full view of all developers on all affected open source projects. Again, there is nothing on the web site to suggest it will not be done in the open, but I would like to be reassured.

Point 3 can be interpreted in at least two ways, the first (pessimistic interpretation) is that open source products are not business-hardened and so customers should only use solutions provided by OSA members. If this is the impression their marketing materials will give then they will be very harmful to open source as a whole (not to mention untrue). Furthermore, if the implication is that only the OSA members have business-hardened open source solutions then why are they not contributing their business-hardening code back the projects as part of the developer community?

Perhaps I should be generous and assume they actually mean that the OSA members are experts in products that are, as open source products, business-hardened. If this is the case then I can hardly take issue with point 3, let’s see what the future holds.

It is encouraging to find the following in the OSA code of ethics:

[Members agree to]

Remain committed to open source business practices including supporting user and developer communities, and maintaining access to source code.

So, with my optimistic hat on I can assume that the OSA truly intend to operate in a fashion that is supportive of community development models. I therefore proceed to wonder why organisations like The Apache Software Foundation have not been invited to join up. After all, many of the initial member companies use ASF software in their products.

[NOTE: to my knowledge the ASF has not been invited, since I am a member of the ASF I should be aware of this if it has happened, but perhaps I missed something]

In order to proceed, I’ll assume it’s an oversight that the ASF has not been invited to join. Exploring the membership details on the OSA site I discover that there are three classes of membership, two of which cost money and are for profit making organisations. The third one does not cost money and is for non-profit organisations.

So, open source foundations can join up. However, their membership level affords very little influence on the actions of the OSA. Such members do not get a vote and they can’t sit on the board. Of course, they are still expected to provide the same 20% FTE of resources that profit making organisations are expected to provide - quite a drain on the resources of a non-profit organisation that is already expending a great deal of resources creating the software at the core of the other OSA members products.

The non-profit membership of the OSA doesn’t sound too good/useful to me.

But then again, being on the “inside” of a potentially closed group, even as an observer, can help open things up considerably. At least such members would be able to report back to their own, open, communities. Well, you’d have thought so wouldn’t you? Lets check the membership agreement…

If Member fails to meet the responsibilities of its membership class, the Member may, at the discretion of the Board of Directors, have its membership terminated.

OK, I accept there there needs to be some protection in place. Nobody wants a rogue in the ranks. However, I’m concerned that it is the Board that make the decision to boot people, not the membership. Recall that only commercial, paying members, can vote for or sit on the board (in fact only the top level paying members can sit on the board).

Am I just being paranoid?

Let’s look at what it is that members are supposed to do with their 0.2 FTE contribution in order to avoid being booted. One of the responsibilities of membership is to Express public support for the OSA and the OSA website. Or to put it another way, a member can be thrown out for publicly taking issue with anything the OSA say or do.

What worries me is that non-profit members have no influence over the strategy of the OSA, yet they are required to support that strategy, even if they disagree. Of course, they can leave and so not be bound by the requirement to support the OSA.

I will be watching the Open Solutions Alliance with a great deal of interest. What I want to know is, just how open is the Open Solutions Alliance going to be? If it is open, the OSA could be a great thing for open source. Some coordinated marketing operations (optimistic interpretation of their third objective) is certainly needed within open source and I would welcome it with open arms. But…

If it intends to be truly open, why was it created behind closed doors and why is its structure designed to protect its paying members but not the non-profit organisations that are the guardians of the very software on which those members base their businesses?

Resolving the “good but not encyclopedic” tension on Wikipedia

Published by Stuart Yeates on February 14, 2007 in Community. Comment

Wikipedia has a clear vision to be an encyclopedia, but editors are sometimes tempted to leave non-encyclopedic entries because they are witty, funny, well-written or just good. To resolve this tension Wikipedia has the Bad Jokes and Other Deleted Nonsense, from which the best is extracted to be kept permanent in a “best of” series.

The Best of Bad jokes and other deleted nonsense is the source of such gems as:

C is for Cookie

C is for Cookie can be regarded as a case study in persuasive oratory, emphasizing the emotional aspect of public speaking. Cookie Monster builds excitement by answering his opening rhetorical question, “Now what starts with the letter C?” with the obvious reply, “Cookie starts with C!” He then challenges the audience, “Let’s think of other things that starts with C,” before quickly replying, “Oh, who cares about the other things?” casually dismissing a whole range of other possibilities as irrelevant. Thus, having ostensibly come for the purpose of covering the letter C in its entirety, Cookie Monster has already focused his agenda exclusively on cookies, employing the classic bait and switch tactic. Several times in his presentation, Cookie Monster emphasizes what appears to be the central thesis of his remarks: “C is for cookie, that’s good enough for me!” The appealing rhythm of this slogan appears designed to entrance listeners, swaying their emotions and making them instinctively want to chant along with him. After rousing the crowd, Cookie Monster systematically lays out the logical underpinnings of his pro-cookie ideology, comparing cookies to round donuts with one bite out of them and to the moon during its crescent phase, in essence using a straw man argument that implies his opponents would advocate the superiority of these competitors over cookies. In this sense, Cookie Monster may be proposing a false dichotomy representing cookies as the only viable choice to a group of obviously inferior alternatives. But before the audience has a chance to catch on, Cookie Monster launches into another round of repetitive chanting, “C is for cookie, that’s good enough for me, yeah!” as young children sing along. Here, Cookie Monster uses a propaganda technique strikingly similar to that employed in George Orwell’s Animal Farm by the pig Napoleon, who trained the farm’s sheep to bleat, “Four legs good, two legs bad” on his cue. Cookie Monster then adds visual stimulation to his discourse by chomping into a large cookie, concluding his remarks with “Umm-umm-umm-umm-umm” and other chewing sounds.