Archive for the 'Standards' Category

Microsoft vs Tomtom: Is this Ragnarök?

Published by Rowan Wilson on February 27, 2009 in Business, Development, Legal and Standards. Comments

Frantic cries have been heard from all around the FOSS community since the announcement that Microsoft has taken patent infringement action against a distributor of the Linux kernel. Tomtom, an extremely successful Dutch company which sells GPS navigation devices is being sued by Microsoft for infringing on patents it holds, some related to mobile computing, others to the FAT file system. It’s the latter that is disturbing the Linux community, as the Linux kernel implements compatibility with the FAT file system and indeed it is the Linux kernel in some of Tomtom’s devices that Microsoft is accusing of infringing its FAT patents. Horacio Gutierrez, Microsoft’s senior intellectual property lawyer characterised the alleged  infringements this way:

“Yes, well, three of the eight patents in this dispute read on the Linux kernel as implemented by TomTom. The other five relate to car navigation proprietary software used by TomTom.”                   

Words like these bring back terrible memories of Microsoft’s - and particularly Microsoft CEO Steve Ballmer’s -  past statements in this area. Back in 2004  Ballmer told the Asian Government Leaders Forum in Singapore that Linux infringed on “over 228″ software patents and that

“somebody will come and look for money owing to the rights for that intellectual property…”              

Journalists seeking clarification of Ballmer’s comments at the time from Microsoft’s PR department were told that Ballmer was referring to a 2004 study by Dan Ravicher  that identified 283 potential software patent infringements within Linux. Ravicher responded that Ballmer was misreporting the essence of the report, which was that any operating system would necessarily infringe the 283 patents in question (Ravicher did not list them) and that therefore Linux was in no greater danger of infringement than any other operating system. The report was commissioned and published by a firm called Open Source Risk Management, who coincidentally were just about to start selling insurance for users of Linux who feared being hit with unexpected patent fees. Ravicher is now Legal Director of the Software Freedom Law Center, a law firm that specialises in helping authors of FOSS.

Of course this was not the only piece of horse-spooking that Microsoft has engaged in over the years. In May 2007 senior Microsoft lawyers Brad Smith and Horacio Gutierrez (sound familiar?) told Fortune Magazine that Linux infringes on 235 Microsoft-owned software patents and that:

“This is not a case of some accidental, unknowing infringement… There is an overwhelming number of patents being infringed.”       

Shortly after this Microsoft announced a deal with Novell that would protect customers using Novell’s SUSE Linux distribution from patent action by Microsoft - the obvious implication being that customers of all other Linux distributions must therefore be at risk (OSS Watch covered this issue and the Free Software Foundation’s reaction in our description of the GNU GPL v3 here).

So is the current climate of fear really warranted? Probably not. For a start, Gutierrez himself is at pains to say that this is not the beginning of the earth-shattering IP showdown that Linux users have been fearing for years:

I should say, Microsoft respects and appreciates the important role that open-source software plays in our industry, and we respect and appreciate the passion and the great contribution that open-source developers make in our industry. That appreciation and respect is not inconsistent with our respect for intellectual-property rights. Partnership with all technology companies, including those that adopt a mixed-source model, must be built on mutual respect for IP rights — rights that we all rely on for driving innovation and opportunity.Now, this case is against TomTom, and it involves infringement of Microsoft patents by TomTom devices. Each case is different, and this one is specifically about the use of software by TomTom in its devices.        

(from here.) In the past it has clearly been a strategic aim of Microsoft’s to cast doubt on the legality of Linux. The Microsoft quotes mentioned above were without doubt intended to make potential Linux users think twice about where they should spend their money. With the Tomtom case - in contrast - Microsoft seems to be at pains to go further than it needs to in calming Linux users about the potential for broad litigation against their chosen operating system. Just note the contrast between the Gutierrez of 2007’s Fortune article and the Gutierrez of 2009’s Tomtom-related interview. There seems to be a genuine movement towards playing down the implied threats of the past.

 Why has this happened? It’s almost impossible for an outsider to say.It is clear that Microsoft’s former strategy of implying that Linux was about to disappear under storm of patent infringement suits did not significantly affect Linux uptake. The Linux community adapted through initiatives like the Open Invention Network - a patent-holding organisation supported by Sony, Novell, Red Hat, IBM, NEC and Philips that licenses its IP at no cost to anyone who agrees not to assert their own patent rights against Linux. Of course, if you choose to assert your rights against Linux, the OIN will closely examine your products to make sure that none of their patents are embodied in them. In practice it’s this kind of ’sue-me-and-i’ll-sue-you’ standoffs that prevent all-out patent war in the IT sector, and the number of patent-holding corporations with a stake in Linux now makes it potentially as risky to sue as any other single large technology player - maybe riskier given the added liability of blogosphere backlash and community hatred for any moves against FOSS. 

When OSS Watch spoke to OIN’s then-CEO Jerry Rosenthal in 2007 he believed that they would probably never have to actually sue a big player like Microsoft. So while the Microsoft-Tomtom case probably does not herald the the final Microsoft campaign against FOSS, it will be interesting to see whether OIN sees it as sufficient reason to look into enforcing their own patents against Microsoft. Tomtom must be hoping that they do. 

UK Government to level the playing field?

Published by Ross Gardler on February 25, 2009 in Discussion, Strategy and Policy and Standards. Comments

In May 2008 OSS Watch published a workshop report with the title “Levelling the playing field: developing a mixed economy for software procurement”. This report focussed on procurement in the Higher and Further Education sectors and recomended that we work to:

  • ensure all solutions use open standards and provide protection against vendor lock-in
  • facilitate better communication with senior managers across HE/FE as to the potential benefits and pitfalls of making use of open source solutions
  • encourage educational ICT bodies with an overview of the sector such as UCISA and BECTA to assist institutions with open source related training and knowledge
  • work to improve the ITT and PPQ processes within institutions

OSS Watch has been funded by the JISC since 2003, part of our remit has been to facilitate the appropriate adoption of open source in the sector, yet the recomendations made in our workshop were largely the same as they were in 2003. Did this mean that OSS Watch was having no effect?

I’m pleased to say that OSS Watch have had some influence on the adoption of open source in the  education sector. For example, we worked with our own funders on an open source policy which was adopted in 2004. Similarly, we worked with BECTA during the creation of the Open Source Schools project (as well as helping BECTA understand what the goals of this project were we continue to provide advice, guidance and materials to the company running the site).

However, when it comes to influencing individual procurement decisions we have struggled to have any significant impact. Put bluntly, there is very little our small team can do when faced with procurement policies and staff that are predisposed towards the incumbent suppliers products.

I was therefore encouraged when the Cabinet Office published “Open Source, Open Standards and Re–Use: Government Action Plan“. This document is intended to put open source software onto an equal footing with proprietary forms for procurement.

As with the 2004 government policy on open source we are assured that “Procurement decisions will be made on the basis on [sic] the best value for money solution to the business requirement, taking account of total lifetime cost of ownership of the solution, including exit and transition costs, after ensuring that solutions fulfil minimum and essential capability, security, scalability, transferability, support and manageability requirements” and “The Government will use open standards in its procurement specifications and require solutions to comply with open standards. The Government will support the development of open standards and specifications.”

However, this new document goes a small, but important, step further.

It states “Where there is no significant overall cost difference between open and non-open source products, open source will be selected on the basis of its additional inherent flexibility.” Many commentators have, so far, missed the importance of this statement. The key is in the acknowldgement of “additional inherent flexibility”. This is over and above the flexibility provided by the adoption of open standards.

This “additional inherent flexibility” is a result of having access to the source code. Closed source software can adopt open standards, but they still provide a form of lock-in since there is only one source of customisation and maintenance for that product. When the source is freely available one is able to shop around various support providers in addition to selecting from various interoperating products.

The introduction of competition through open standards is clearly a step in the right direction. However, competition between software providers is also desirable. This is a topic I cover when presenting at procurement related events, and is something OSS Watch believe is very important given that requirements for software usually change as an organisation matures. These changes may not be aligned with the business model of the current support provider.

I’m also encouraged to see that the document identifies a number of actions including “develop clear and open guidance for ensuring that open source and proprietary products are considered equally” (action 1). This is a very complex issue and is something OSS Watch have been trying to do in the education sector for some time.

The problem is that open source and closed source solutions cannot be compared using the same techniques. Whilst the software products themselves can be compared on a feature by feature basis, the softer aspects, such as quality of support, security, flexibility and sustainability of the solution cannot be easily compared like for like. Consequently, it is necessary to change the procurement process itself before any real impact will be seen. Simon Phipps of Sun Microsystems suggests one potential model for a level procurement playing field through adoption led approaches, and warns about how the existing process can be gamed.

Further to the need to change the procurement process we must also ensure our workforce has the necessary skills to evaluate and engage with open source software. Without this skillset policies and action plans will fall on deaf ears, who is going to implement them? I discuss this in my November post “We have an open source future - or do we?

Despite these concerns, I welcome this document from the Cabinet Office and encourage those with an understanding of open source and, in particular, how it should be evaluated to actively review and comment on the document using the CIO defined tag of #ukgovOSS so that it gets picked up and syndicated on a special public FOSS Aggregation page.

Microsoft, POI and odd distinctions

Published by Rowan Wilson on April 9, 2008 in Development, Legal and Standards. Comments

In the run-up to the ISO vote on the controversial OOXML specification, Microsoft - OOXML’s creator - announced that they would be funding development of the open source Java API to access Microsoft Office formats Apache POI to support the new standard. Information Week reported on this announcement, and made the following statement:

For patented protocols, Microsoft said it would offer licenses on “reasonable and non-discriminatory terms.” Open source developers can access the protocols for free for noncommercial use without fear of lawsuits, Microsoft said.

Now, as we mentioned a week ago Microsoft accompanied their submission of the OOXML standard to the OSI with an ‘Open Specification Promise‘ in the following words:

Microsoft irrevocably promises not to assert any Microsoft Necessary Claims against you for making, using, selling, offering for sale, importing or distributing any implementation to the extent it conforms to a Covered Specification (“Covered Implementation”), subject to the following. This is a personal promise directly from Microsoft to you, and you acknowledge as a condition of benefiting from it that no Microsoft rights are received from suppliers, distributors, or otherwise in connection with this promise. If you file, maintain or voluntarily participate in a patent infringement lawsuit against a Microsoft implementation of such Covered Specification, then this personal promise does not apply with respect to any Covered Implementation of the same Covered Specification made or used by you. To clarify, “Microsoft Necessary Claims” are those claims of Microsoft-owned or Microsoft-controlled patents that are necessary to implement only the required portions of the Covered Specification that are described in detail and not merely referenced in such Specification. “Covered Specifications” are listed below.

This promise is not an assurance either (i) that any of Microsoft’s issued patent claims covers a Covered Implementation or are enforceable or (ii) that a Covered Implementation would not infringe patents or other intellectual property rights of any third party. No other rights except those expressly stated in this promise shall be deemed granted, waived or received by implication, exhaustion, estoppel, or otherwise.

This would seem to be a blanket promise (or covenant) to avoid taking patent infringement action against anyone implementing the current OOXML standard or using such an implementation - for example Sourcesense and the users of POI who will be receiving their Microsoft-sponsored OOXML code. There is no mention of a different deal for commercial use of open source implementations, as the Information Week story seemed to imply. Does this discrepancy matter? Well it has certainly caused anger and confusion among some in the free and open source community. Michael Tiemann President of the Open Source Initiative (OSI) and Vice President of Open Source Affairs at Red Hat Inc. quickly responded to the article with a blog post on the OSI site entitled ‘Microsoft’s new weapon against open source: stupidity‘. In it, Tiemann laments the unquestioning attitude of the media in reporting Microsoft’s seemingly discriminatory attitude to open source as cosy non-discriminatory affection. Trouble also kicked off on the Apache developer mailing list for POI, with a quotation of the Information Week article and a call for the Sourcesense code to be rejected from the project as it was ‘encumbered’ by Microsoft’s seeming insistence that patent licenses must be obtained for commercial use.

The mismatch between the Information Week article and the Open Specification Promise puzzled me, so I contacted Microsoft here in the UK to see what the truth of the matter was. The query found its way to Microsoft US’ Public Relations firm Waggener Edstrom who replied as follows:

Apache libraries are open source code, and available through broad licensing. Any required Microsoft patent rights relative to Office Open XML are available on a royalty-free, perpetual basis to all implementers, as outlined within the Microsoft Open Specification Promise.

So it would seem that the indirect quote from Microsoft in the Information Week article was either misreported or inaccurate, and the dismay in the free and open source community is the inevitable mistaken result of this mistaken account.

The question remains, though, how did the error occur? Certainly it could have been a typo somewhere, but I wonder if it is perhaps a result of the phraseology Microsoft adopts when discussing free and open source. To return for a moment to the web page of Microsoft’s ‘Open Specification Promise‘ we find that there is also a lengthy FAQ to elucidate the effects of the covenant. In this FAQ, Microsoft twice draws a distinction between ‘commercial’ and ‘open source’ software:

The Open Specification Promise is a simple and clear way to assure that the broadest audience of developers and customers working with commercial or open source software can implement specifications through a simplified method of sharing of technical assets, while recognizing the legitimacy of intellectual property.

and later

The Open Specification Promise is a simple and clear way to assure that the broadest audience of developers and customers working with commercial or open source software can implement the covered specification(s).

This is an odd way to speak, given that there are large commercial open source companies out there of whom Microsoft must be aware. While one can only speculate about Microsoft’s reasons for giving the impression that open source and commerciality are mutually exclusive, it certainly seems possible that this odd linguistic tic is the root cause of the confusion in Information Week and the resulting screams of protest from the free and open source community.

Notice: Sourcesense have provided speakers for OSS Watch events in the past, and a member of Sourcesense sits on our Advisory Committee.

Microsoft’s OOXML Wins ISO Approval

Published by Rowan Wilson on April 2, 2008 in Development, e-Administration, e-Resources, Legal, Software, e-Learning, Standards, Strategy and Policy and Community. Comments

Perhaps wary that the date might detract from the news, ISO - the International Organization for Standards - waited until today before announcing that Microsoft’s Office Open XML (OOXML) document description schema has finally been accepted as an ISO standard as of April 1, 2008. There has been a long and bitter battle over whether this schema should be adopted. For one thing, an ISO-approved XML standard for describing office documents already exists in the form of OpenDocument created in association with Sun Microsystems by the Organization for the Advancement of Structured Information Standards or OASIS. Many argue that having multiple standards for the same objects defeats the purpose of establishing standards in the first place. While this is on the face of it a reasonable argument, it seems a little Utopian to expect complete global unanimity on these subjects, particularly where such valuable commercial interests are at stake. After all, the world has not even managed to agree on a standard standards body, so expecting agreement at any lower level seems over-optimistic. Microsoft’s OOXML has been a standard according to ECMA International since 2006, while OASIS approved OpenDocument back in 2005.

So why is there such bitterness over this issue? Well, some of it comes from the perception that OOXML is in itself an inadequate standard which has triumphed through Microsoft’s expertise at lobbying ISO member bodies for their votes. Critics point out that the standard is itself is incredibly long and complex - over six thousand pages. It has also been widely observed that rather than trying to select a set of characteristics that need to be described in order to define a document minimally and efficiently, OOXML instead describes a huge set of overlapping characteristics that define the many different ways Microsoft has described documents over the almost twenty year life of the Microsoft Office product. It is easy to see why they have done this; it greatly facilitates conversion of all legacy documents into the new format. Still, it also results in a swollen specification that competitors will find very difficult to implement in their products. For example, OOXML defines many functions such as shapeLayoutLikeWW8, which instructs a rendering application to arrange text around a shape in the same way as Microsoft’s Word 97. Clearly Microsoft will have an advantage over competitors in making their products reliably behave in these ways.

Back in September 2007 OOXML lost an adoption vote at ISO, partly as a result of muscular lobbying from the free and open source communities, and hundreds of changes to the standard were requested by the voting members. While many of these were implemented by Microsoft and ECMA, the majority remained unimplemented at the time of OOXML’s approval.

Another controversial aspect of the OOXML standard is Microsoft’s patent non-enforcement promise that accompanies it. International standards must at the very least include fair and non-discriminatory terms for the licensing of patents that their use might infringe. Generally the standards bodies prefer that associated patents are licensed at no cost, and this is essentially what Microsoft has done with their Open Specification Promise. It promises that Microsoft will not enforce their patents against anyone as a result of their activities implementing OOXML readers, writers or renderers. However Microsoft make no explicit promise that subsequent versions of OOXML will also be covered by such a promise, merely saying that they aim to continue the promise in areas where they continue to engage with open standards bodies. This has alarmed many people, pointing to a possible future where everyone has adopted OOXML only to find that Microsoft withdraw from engagement with standards bodies and also withdraw their patent promise for subsequent versions. In comparison, Sun’s Non-Assertion Covenant for OpenDocument offers a perpetual promise not to sue for both version 1.0 and all subsequent versions. In the run-up to ISO’s decision, the Software Freedom Law Center (SFLC), a free-and-open-source-supporting public interest legal practice, released a document filled with dire warnings about Microsoft’s Patent Promise, and telling anyone writing software under the GNU General Public License to shun it. SFLC’s argument is twofold. Firstly they argue that, despite the promise, a piece of multi-purpose code might be protected when used to implement the standard but infringing when used for something else. Secondly, they argue that Microsoft’s failure to extend the promise to future revisions of OOXML means that projects attempting to progressively implement newer and newer versions of the standard may hit a legal brick wall down the line.

Are these worries justified? Certainly the SFLC’s first point is well taken, given the propensity of free and open source developers to repurpose code. The second point is less persuasive, I think, and a little opaquely worded in their document. To be clear, implementations of the current version of OOXML will always be protected from patent action by Microsoft, whether they withdraw the promise from future versions or not (provided the code in question is actually used to implement the standard). As to whether Microsoft will actually withdraw the promise from future versions, it is a difficult issue to predict. Microsoft got into the open standards game in the first place in order to win procurement contracts - often in the public sector - where open standards are listed as pre-requisites. While it may be notionally possible for Microsoft to partially re-enclose their format by either withdrawing the promise from a future version or withdrawing from the open standards process altogether, the practicality of such a move would depend heavily on how Microsoft’s users would respond to it. Thus the future of the standard really depends less of Microsoft’s whim and more on ourselves and the organisations for which we work.

Open Standards are not enough to prevent lock in

Published by Ross Gardler on November 30, 2007 in Development, Discussion, Strategy and Policy and Standards. Comments

Many people claim that open standards are the answer to lock in problems of software. Even our government can be heard to claim open standards are the answer:

There can sometimes be a danger of lock-in with some proprietary providers, and we must avoid developing an over-reliance on individual suppliers. The Government, via the Office of Government Commerce, work hard to avoid that by using open standards to ensure that different suppliers’ software can be used interchangeably. (Angela Eagle, The Exchequer Secretary to the Treasury during a parliamentary debate)

However, there is much more to the lock in problem than the format the data is stored in. We also have to consider how this data is stored and processed in any given business process.

Until recently I’ve been reading about peoples concerns over the closed nature of Microsofts Sharepoint with a pinch of salt. I have to admit I just didn’t get the problem. If the data was in an open format you could just take your data and run, right?

Well no, that is not the case. Thanks to my old boss Randy Metcalfe, I now realise the lock in comes in the form of business processes tied to the repository. Matt Asay explains in an interview with lwn.net:

Let’s assume you store data in ODF in a Sharepoint repository. It doesn’t matter that ODF is an open format. The repository holding it is proprietary, and that proprietary lock-in is doubled by the fact that the enterprise will build (proprietary, non-standard) workflows to manage that content which keeps content a prisoner to Microsoft.

This may be true, but the fact is that Sharepoint makes it possible to build these workflows. I’m aware of no other single tool, open or closed, that is as complete. Almost certainly this is why many of the people I speak to in the education sector report an interest in Sharepoint.

What worries me is not that these people are considering Sharepoint, it’s that they think that a move to Sharepoint, coupled with an adoption of open standards will prevent a lock-in to a single vendor. This does not appear to be the case.

So, if you are concerned about vendor lock-in what can you do?

Firstly, you should recognise that no software tool can be rolled out across an organisation without significant configuration and optimisation for the (often fluid) local business practices of that organisations. Buying any off the shelf product will always result in the need to also buy consultancy and/or staff training to provide ongoing support . As a representative of a major UK university recently told me “we thought we could buy the licences and pay some consultants and that would be it. Unfortunately it’s not as simple as that.”
Secondly, we must recognise that it is possible to create a software stack using mature and successful open source software that will do everything Sharepoint will do, and more. Sure, it takes effort to do this, but it can be done.

Finally, we must ensure that we evaluate any closed source solutions against any open source alternatives, taking into account all strategic, technical and resource objectives.

Why must we consider open source? There are many reasons, the most relevant to this post is that open source, coupled with open standards prevent lock-in.