Archive for November, 2007

Open Standards are not enough to prevent lock in

Published by Ross Gardler on November 30, 2007 in Development, Discussion, Strategy and Policy and Standards. Comments

Many people claim that open standards are the answer to lock in problems of software. Even our government can be heard to claim open standards are the answer:

There can sometimes be a danger of lock-in with some proprietary providers, and we must avoid developing an over-reliance on individual suppliers. The Government, via the Office of Government Commerce, work hard to avoid that by using open standards to ensure that different suppliers’ software can be used interchangeably. (Angela Eagle, The Exchequer Secretary to the Treasury during a parliamentary debate)

However, there is much more to the lock in problem than the format the data is stored in. We also have to consider how this data is stored and processed in any given business process.

Until recently I’ve been reading about peoples concerns over the closed nature of Microsofts Sharepoint with a pinch of salt. I have to admit I just didn’t get the problem. If the data was in an open format you could just take your data and run, right?

Well no, that is not the case. Thanks to my old boss Randy Metcalfe, I now realise the lock in comes in the form of business processes tied to the repository. Matt Asay explains in an interview with lwn.net:

Let’s assume you store data in ODF in a Sharepoint repository. It doesn’t matter that ODF is an open format. The repository holding it is proprietary, and that proprietary lock-in is doubled by the fact that the enterprise will build (proprietary, non-standard) workflows to manage that content which keeps content a prisoner to Microsoft.

This may be true, but the fact is that Sharepoint makes it possible to build these workflows. I’m aware of no other single tool, open or closed, that is as complete. Almost certainly this is why many of the people I speak to in the education sector report an interest in Sharepoint.

What worries me is not that these people are considering Sharepoint, it’s that they think that a move to Sharepoint, coupled with an adoption of open standards will prevent a lock-in to a single vendor. This does not appear to be the case.

So, if you are concerned about vendor lock-in what can you do?

Firstly, you should recognise that no software tool can be rolled out across an organisation without significant configuration and optimisation for the (often fluid) local business practices of that organisations. Buying any off the shelf product will always result in the need to also buy consultancy and/or staff training to provide ongoing support . As a representative of a major UK university recently told me “we thought we could buy the licences and pay some consultants and that would be it. Unfortunately it’s not as simple as that.”
Secondly, we must recognise that it is possible to create a software stack using mature and successful open source software that will do everything Sharepoint will do, and more. Sure, it takes effort to do this, but it can be done.

Finally, we must ensure that we evaluate any closed source solutions against any open source alternatives, taking into account all strategic, technical and resource objectives.

Why must we consider open source? There are many reasons, the most relevant to this post is that open source, coupled with open standards prevent lock-in.

What are open source and free software?

Published by Ramón Casero Cañas on November 28, 2007 in Discussion. Comments

I have been noticing in my LUG’s mailing list that some people (even the geeky linux-friendly sort) have a hard time defining “free software” and “open source software”, and sometimes take this topic as if there was a good vs. evil war going on.

“Free software” and “open source software” are notoriously loose terms

The advocates of “open source software” tried to make it a trademark, saying this would enable them to prevent misuse. This initiative was later dropped, the term being too descriptive to qualify as a trademark; thus, the legal status of “open source” is the same as that of “free software”: there is no legal constraint on using it.

Free software aficionados are usually quick to point out that ‘free software is software that fulfills the 4 freedoms in the Free Software Definition of the FSF’.

Recently, somebody wrote to the aforementioned mailing list saying that software is free or not irrespectively of what the FSF says. It just needs to fulfill the 4 freedoms. But then again, who decides whether the 4 freedoms are fulfilled? The problem is that when you say ‘This program is free software’, as Bill Clinton famously put it (in a different context),

It depends on what the meaning of the word ‘is’ is.

That is, the 4 freedoms are not a mathematical expression that can be evaluated unequivocally. They are not even in legal language that can be argued in court (as my colleague Rowan noted). Something similar happens with the Open Source Definition of the OSI.

Somebody replied in the LUG’s mailing list saying that all you need is to ask a lawyer who knows about licences, and he or she will tell you whether the 4 freedoms are fulfilled. But this is not good enough, obviously, as different lawyers may have different opinions, and as I said before, the 4 freedoms are not in legal language.

What is more, not even the FSF thinks that the 4 freedoms are a perfect expression of the idea they have about “free software”

Finally, note that criteria such as those stated in this free software definition require careful thought for their interpretation. To decide whether a specific software license qualifies as a free software license, we judge it based on these criteria to determine whether it fits their spirit as well as the precise words. If a license includes unconscionable restrictions, we reject it, even if we did not anticipate the issue in these criteria. Sometimes a license requirement raises an issue that calls for extensive thought, including discussions with a lawyer, before we can decide if the requirement is acceptable. When we reach a conclusion about a new issue, we often update these criteria to make it easier to see why certain licenses do or don’t qualify.

So if we cannot rely on the Definition of Free Software, does this mean that we cannot define “free software” at all? In fact we can, if we accept that free software is software released under a free licence. In this case, free form language gets hammered down into the legal mold, and a lot of ambiguity is removed.

Of course the burden is now on deciding which licences are free and which ones aren’t. Accepting that free licences are licences that the FSF say are free seems to cause a lot of discomfort to some people.

This is not so much of a problem with the open source community, who seems more willing to accept that open source licences are not those that are believed to fulfill the Open Source Definition, but those that the OSI certifies are open source (and that’s the approach we follow in OSS Watch too). The OSI has even registered the “Open Source Initiative Approved” trademark for specific software products.

I guess that the reason why giving the last word in terms of “free” to the FSF causes discomfort with some people is that the free software community is built on the idea of freedom as a paramount value, not only for software but for society as a whole, and that subordinating “free” to the FSF is giving away part of that freedom. In the end, “free” would be a badge awarded by an opaque team of lawyers.

At the same time, I don’t think that anybody would seriously consider as a better option to have any number of licences, each of which needs to be evaluated by each individual in order to decide whether they are free or not.

Both the OSI and the FSF have approval processes in place to decide not only whether a licence fulfills certain requirements, but also to make sure that it is not similar to an existing one and thus cutting down licence proliferation.

Licence proliferation is the enemy from within for open and free software, because it is possible to have licences that fulfill the open and free definition, but at the same time prevent different projects to combine their outputs and collaborate. The most significant example being the incompatibility between the GPL v2 and Apache License v2 (the GPL v3 is compatible with Apache Licence v2, though).

I believe that at this point the need to standarize licences, make them compatible and reduce their number outweights the risk of the FSF going awry, and hence I’m happy with the statement “Free software is software released under a licence approved by the FSF”.

Open Development in Football

Published by Ross Gardler on November 25, 2007 in Development and Community. Comments

Open development is spreading into unexpected areas…

For the first time in football history, fans have the opportunity to buy and
then take control of a professional football club – both on and off the pitch. Every MyFootballClub member will have an equal say in team selection, player transfers and the running of the club.

I’ve been wanting to blog this since My Football Club announced their first purchase, but other things have been getting in the way so I’ll leave the analysis to the reader.

Changing Licences

Published by Stuart Yeates on November 20, 2007 in Legal and Discussion. Comments

There’s a story in wired about licences in flickr photos. The problem is that flickr requires users to tag each photo with one of a range of licences (including “all rights reserved”). Users can change the licence at will, either on individual photos or on thousands at once.

If a third party takes a creative commons licensed image, reuses it under the terms of the licence and the user subsequently changes the licence on the image on the flickr site, difficulties arise.

The creative commons licences are perpetual, containing words like:
Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below:

So the third party can continue using the image under the creative commons licence indefinitely, provided they have a local copy. The user (the copyright owner) has now removed their offer of the image under the licence, so proving they are entitled to use the image could be problematic, unless they’ve done their homework and kept some form of log of the licence. Getting a new copy of the image under the old licence if they haven’t kept a copy is likely to be impossible.

I have no idea what happens in the case where an image is pulled dynamically from flickr and built into a composite in a way which breaches the new licence. Presumably such dynamic system need to check the licence every time, as is entirely possible using the flickr API.

The take home message? Keep track of what software and content you’re reusing, keep and archive a local copy of everything you use.

Is Open Social an open standard?

Published by Ross Gardler on November 15, 2007 in Development, Discussion, Standards and Community. Comment

The initial flurry of activity over open social is over. Now people can settle down and consider its merits and its warts. This very topic came up yesterday in a session I ran on open development at UKOLN. We discussed isues such as what makes it a standard? and what makes it open?

The initial open social partners will have us believe that it is a standard because they say it is one (a de facto standard). They also tell us it is open because anyone can implement it. But why should we listen? How can we influence its design?

The people behind open social are not stupid. They are also realistic enough to know that open social will only become a genuine de facto standard if it is used beyond the initial group. The easier it is to implement the more likely it is to be used, the more it is used the more “standard” it becomes.

Accordingly, Ning have offered to donate their implementation of open social, complete with an initial set of committers to support it, to the Apache Incubator. Assuming the project is accepted this will result in an easy route to implementation for almost any project.

So that’s initial take-up pretty well sorted then (unless the users think open social is a bad idea of course). What about the “open” part?

The ASF has a history of managing reference implementations of standards and of protecting users in standards definition processes. They are often held in high regard for this important work. I hope this means that the open social partners are going to allow the ASF to create a valid user community around open social. That is a community with a voice and an ability to influence the standard.
Lets see what smart developers can do with this. If you want to turn your project into a container you probably want to save yourself lots of effort and wait for the Ning donation to hit the Apache Incubator.