The Converging Network

   My editor at Network World Microsoft Subnet, Julie Bort, posted this video parody of the movie The Matrix that pokes fun at Microsoft Windows. No matter if you're a Linux fan, Mac user or you use Windows regularly, I think everyone will enjoy this video.

Alan was in town last week for us to record episode 52 of the SSAATY podcast. After some dinner at CPK in Boulder CO, we got together at Scott Converse' recording studio down the street.

Not only is Scott the CEO of ClickCaster where we host the SSAATY podcast, Scott is our podcast guest on this rollicking, in-studio edition where we have lots of fun doing our usual shtick. It's a lot more fun doing the podcast when Alan and I are in the same city and I think that will come across pretty clearly as you listen in to our madness.

I guess the podcast is the "in place" announce career moves and company launches -- During the interview, Scott tells us about his exciting new Internet TV venture Medioh! I also announce my joining Absolute Performance Inc. as CTO, a rockin' SaaS On Demand software and enablement company based in Boulder.

In addition to talking shop about Medioh and Absolute Performance, Alan and I cover the acquisition mania of Sun / MySQL, Oracle / BEA and VMware / Thinstall, Vernier's inevitable plummet into the sun, and recent announcements of multi-gigabit IPS products.

Welcome me in congratulating Scott Converse on his launch of Medioh. Enjoy the podcast and feel free to drop us any suggestions or questions at podcast@stillsecure.com.

P.S. Is it just me or does Scott have a slight resemblance, albeit younger, to one of my favorite actors Charles Durning? Maybe next podcast we'll have Scott announce us as the Soggy Bottom Boys (O Brother, Where Art Thou?).

mp3 file

During the week the Open Source Initiative organization approved two Microsoft licenses as OSI compliant, the Microsoft Public License (MPL) and the Microsoft Reciprocal License (MRL). (See PC World article for more.) From all reports, both sides (OSI and Microsoft) played nicey-nicey and after a few changes to the Microsoft licenses they sailed through without any shouting. That wasn't true externally as some wanted to make a beef "in principle" for allowing capitalistic Microsoft to have any license they could legitimately call open source, more-less licenses that are OSI approved. Sort a fox in the open source hen house argument. But Microsoft played this wisely and to their benefit.

The MPL in particular is really a very open license. You can modify, distribute, commercialize and charge for modifications. It doesn't skirt the edges of open source but rather embraces it. Microsoft has had three licenses (one wasn't submitted) as part of their Shared Source Initiative, a way for Microsoft to dip it's toe into the world of open source.

So whether you love Microsoft or love to hate Microsoft, all of us have to give them their due for playing by the rules and cooperating with the OSI. Is this the proverbial "slippery sloap" or has Microsoft had a mid-life open source change of heart? Have no doubt, Microsoft is doing this because it benefits them by at least starting to play in the open source sandbox. I've viewed it as something that's inevitable but was surprised at how cooperative Microsoft was in getting these licenses approved. Where and how broadly they use the MPL and MRL only time will tell but for now they at least have their Open Source Players Card and keys to the open source locker room.

Ever order a new model of a computer or server only to find that Linux doesn't yet have a driver to support the chipsets? This can even happen when there isn't a new model or a substantial engineering change. A simple rev of a network chip or graphics processor can send your Google browser search bar a' humming, looking for any news of a driver update. Sometimes it's no problem. Or you may have to use a beta driver or just wait until one emerges.

Intel Chief Linux and Open Source Technologies, Dirk Hohndel, disclosed during a presentation that a major OEM customer (Dell, IBM, HP? We'll just have to guess) is requiring an open source driver be available within 12 months of a new chip. That may sound like a long time but 12 months would be the longest they'll wait. And, chips don't make into boxes right away. Suppliers have to exhaust existing inventory or exchange with others who can use their inventory in order to take a new chip. Manufactures also have engineering, QA, testing processes and manufacturing specs and verification processes to go through in order to replace or introduce a new chip.

The good news for us is that either the chip makers will need to release an open source version of their drivers, or otherwise seed creation of open source drivers. Hopefully this means we'll have both; choice of drivers to use, and drivers available to more quickly test and use. Either way, it's a bell weather moment of one customer saying to their supplier, we require be open source software be available to help our products get into customers' hands. That's good news for all of us.

Note: Slides are available here if you are interested.

Back in early July, Microsoft thumbed it's nose at the Free Software Foundation, claiming that even if software Novell included contained the GPLv3 license, the GPLv3 would not apply to software under their agreement with Novell. In effect it appears Microsoft basically said their agreement with Novell somehow supersedes the GPLv3. It's tough to see how this is the case. Now, the free software foundation lobbed a volley back Microsoft's way calling bull on Microsoft's claims of GPLv3 immunity.

Are we at the beginning throws of a FSF/GPL vs. Microsoft war of words? Or worse, will a legal battle ensue? Certainly Microsoft has the legal resources and cash reserves to take on such a battle, but others are likely to line up behind the FSF with their own cash to help keep the fight alive. Or will it even come to that. But unanswered legal questions don't help Microsoft appear legit in their dealings  with Novell and distributing certificates for Novell's SUSE. I  believe Microsoft will bring down not only the wrath of the industry and customers, but also potential anti-competitive practices (you can hear the EU ruling now, can't you?). Lets hope that cooler heads prevail and Microsoft decides some other course than making up their own rules.

We've had one of our first interesting rulings on an open source license violation that if upheld, could have interesting ramifications to the open source industry. Whether good or bad, it depends on where you sit and what you expect to gain or restrict through an open source license.

Robert Jacobsen, member (and I assume contributor) to the Java Module Railroad Interface Project, sued Matthew Katzer of Kamind Associates for violating federal copyright law, in this case the Artistic License. Jacobsen failed to include the notices specified in the license.

What's interesting here is not whether Jacobsen was guilty of infringing on the license but the remedy, and possible precedence set for other copyright based licenses (such as the GPL.)

There are two important aspects of the judge's rulings. Below are two excerpts from Kevin Fayle of REG Developer (he put it very well, so I'll let him summarize it).

• The court held that Jacobsen had implicitly promised not to sue for copyright infringement by distributing the source code under a nonexclusive license.
• The license was subject to certain conditions - which the defendants may have violated - but any transgression was a breach of contract, not a copyright violation, according to the court.

There's a lot more to the story so if you want more info/background, here's JMRI's history of events.

Net-Net: If software is distributed under a non-exclusive license that is copyright-based, then violating the terms of the license is a contractual issue, not a copyright issue. In this case an injunction was denied because copyright law was deemed not to be the governing law related to the stipulation in the license that notifications be included with the software. Jacobsen is left with seeking monetary remedies but his status as the copyright holder does not allow him to prevent Jacobsen from further distributing the software.

One thing that has clouded the GPL, and why there isn't much case law around it, is it's always been believed that copyright law governed the license. Now that doesn't look so cut and dry. Many have been "afraid" to be the guinea pig and find out what the courts would have to say about a copyright-based software license. Without any precedence we've been left to rely on the copyright holder's interpretation and enforcement, a lot of fuzzy and conflicting legal opinions, and zealous discussions on forums, email lists and blogs.

Now I'm no lawyer, but I did stay in a Holiday Inn last night, so you'll have to take my reading of this with a big caveat. (It's certainly not anything close to what you'd call sound legal advice, so shame on you if you take it that way.) Here are some thoughts on the pro's and con's of this ruling, should it stand up over time through the test of the legal process:

Pro

• Clear enforcement and remedy: copyright based licenses work just like any other license. Contract law applies and everyone generally knows the paths to enforcement that are available. It's much more clear for the vendor, user and abuser.
• Open source end users would be more at ease, and so would their lawyers. Copyright law is much less of an issue. Normal contract law applies and lawyers know how to interpret software licenses.
• Less fear of being the guinea pig in the court system. Unless we see a rash of obscure challenges, ambulance chasers, etc., trying to argue some nit or fine point of copyright law, everyone will have a better understanding of the license and its correct application.

Con

• Confusion in the open source community. Are contributors' contributions protected and licensed in the ways they expected? If not, then license would need adjusting and I don't think any of use want to go through a GPLv4 process anytime soon.
• If it ain't in the license, it doesn't apply. Copyright holders wouldn't be able to argue on their email lists or forums that the GPL means whatever they want it to just because they are the copyright holder. It makes the license more black and white (as much as a legal document can) than the current environment of "interpretation by copyright holder".
• Would the GPL still provide the benefits intended by it's creators? If not, why not just use a non-copyright based license.

It's early in the life or death of this court ruling so we'll have to see what happens through the legal process. I'm sure my interpretation of events will evolve and change over time as this plays out. For the most part, I think this kind of a ruling will benefit everyone as it takes a lot of the copyright mystery out of the equation, making it more clear for everyone how to interpret many open source licenses.

I'm a big supporter of the GPL and many other open source type licenses - they are a great innovation for our industry, but the lack of understanding around interpretation and enforcement has led to a confusing array of uses, abuses and FUD about open source licenses. Anytime we can add more clarity it is better for everyone. I look forward to seeing how all this plays out.

UPDATE: Slashdotters had a bit to say on the subject.

Sounds like an oxymoron, right? Microsoft and open source. Death Star and Rebel Alliance.

LinuxToday is reporting that Microsoft has submitted to licenses to the OSI for certification (or whatever the OSI calls it) as OSI approved open source licenses. (It must be true, it was on the Internet, right?)

The two licenses submitted are the Microsoft Permissive License (Ms-PL) and Microsoft Community License (Ms-CL). I'm going to get a hold of these if I can and understand what the differences are and how they are written.

Maybe Microsoft really is serious about open sourcing some software. It will be interesting to see, 1) if the OSI approves either or both of these licenses, 2) do either of these licenses push the bounds of current open source licenses in use, 3) with what code, research, products or technologies Microsoft choses to use these licenses.

One of my Google alerts popped up a short online article today asking the question; "Are open source databases ready for production applications?".

Huh?  At first I thought Vista Business must have implemented some buggy version of Time Machine (a Mac OS X feature) in it, zooming me back a decade or more. I had to check the date - published today, August 15, 2007. Whew, no disruption in the time-space continuum that I can detect. Hum, all time travel dials are set correctly. No measurable increase in tachyon emissions from the forward or aft nacelles. Could it be some new form of time-shifting cloaking device that creates a rift similar to the nexus? (Oooo, why did I have to bring up that bad Star Trek movie?!) Possible, but not likely. Something else must be at play here.

Are open source databases, such as MySQL, Ingres and Postgres, ready for production applications. I think we have a new reporter on the open source beat or something. Or maybe some interview went bad, and this was the only worthwhile content for which an article could be squeezed out. It's a bit perplexing to know but those are a couple of guesses.

Obvious question. And obvious answer, Yes. Not only on websites and such, those open source databases are also built into and used in many commercial products and internal IT systems.

Okay, yes - I'm being a smart alack in this post. And they say there's no such thing as a dumb question, but this article doesn't seem to me to impart any great information that furthers the conversation about databases, or open source software. Then again, I'm sure there are those who would say the same about some of my blog posts too! Lol, :)

Surprisingly "MOTO"-rola had a very big booth at LinuxWorld last week. All of their messaging was around the MOTO cell phone business, which was a bit perplexing (they've only toyed with a few Linux based phones in other markets) until I learned Motorola announced their MOTOMAGX program, Linux running as their midrange cell phone OS platform.

Motomagx is more than just Motorola announcing they will use Linux OS for their phones. They now have a platform lineup, from basic to full featured PDA-phones, of which Motomagx fills out the middle of the platform line. Motorola is clearly looking to Linux as a way to attract more developers and software to the phone platforms. They held sessions for developers and have a start on web sites to help support them.

I'm not a phone OS application developer so I couldn't tell you all the secrets to attracting developers to write software for your phone platform, but finally adopting Linux is a great step in the right direction. Motorola is also getting involved in various Linux initiatives like LiMo, Gnome Mobile Initiative, CE Linux Forum and the LinuxFoundation. Joel West has a very nice (and more complete) write up on the Motomagx announcement on his site if you are interested in additional perspective about this.

Does this mean Linux could be coming to Motorola Q near you? As a Q user who reboots my Windows Mobile device a couple of times a week (for no good reason other than Windows Mobile likes to lock up for no detectable reason, other than its running Windows) I'd love to have Linux running on my Q. We'll have to wait and see if that's in cards or not.

Bottom line, open source software such as Linux is spreading into more and more devices, consumer phones in this case. Let's welcome Motorola to the Linux community and hope they are a good steward of open source and efforts to further its use across their and other industries.

There’s been a very interesting dialog and discussion over the past month or so about what it means to be open source software. First the OSI telegraphed that they are going to more actively police vendors who make claims about being open source but don’t meet the OSI’s definition (a narrow and non-market savvy position from my viewpoint, btw.) Keep in mind too that the OSI can only do this through informal peer pressure as the OSI doesn’t have “teeth” to enforce their open source definition. I blogged previously about this and the pink elephants no one is talking about – vendors who modify the GPL by imposing their own conditions and interpretations of the GPL. (I’m referring to GPLv2 here.)

The new controversy brewing around open source is Sourcefire’s move to change, or in their words “clarify”, the licensing in Snort. Alan’s done a good job of discussing this on his blog and while I usually try not to cover the same ground I think there are a few more things to say about this situation. In summary what Sourcefire has changed is removing the ability to license Snort under GPLv3 (previously allowed), Sourcefire-favorable interpretations (but not backed up by any industry interpretations) of the GPL laid out in a preamble to the license (intending to curb commercial offerings without a separate commercial Sourcefire license), and assignment of full rights to Sourcefire of any code contributed to Snort by third parties. Added to the controversy is Sourcefire’s recent blanket change of the headers to existing code to limit the licensing to GPLv2, including non-Sourcefire open source developers’ work contributed to the code base, and making claims that rights to contributed code were granted to Sourcefire all along, and you’ve got a real brewhaha on your hands.

I’m actually very familiar with what Sourcefire wants to do here with the most of these license changes (excluding of course the changing of file headers and claiming rights to prior contributions - I will share my thoughts on that in a bit). Much of their goals are very similar to the StillSecure Community License we created for Cobia . Basically, use it as much as you want for free, here’s the source to change/modify/contribute back if you like, and here is a commercial license for those who would like to use Cobia to make money. And btw, we would love you to do any and all of these things. But, there are also some very important differences worth discussing.

There are many ways to achieve an outcome such as the licensing in this situation. We actually considered taking a similar approach for Cobia licensing; use the GPL, add or “re-interpret” our own stipulations to the GPL, and then try and walk this fine line of using the GPL while deviating away from it when it didn’t suit our needs. The problem with that approach, at least for me, is it just didn’t seem like that approach was being faithful to the GPL. But the biggest issue is that it just creates confusion and isn’t consistent with our values in how we deal with customers and partners. Rather than taking a perfectly good round peg and wrapping a bunch of duct tape around it to make it force fit some square hole, I believe it is better just to be straight forward with people, even if it means a few might chose not to use the software because it wasn’t licensed under the GPL or some other OSI license. It is more important to me to be very up front and clear about licensing a product than to come up with a convoluted way to use the GPL, making no one happy in the end. And don’t get me wrong, we took some hits for calling Cobia open source by those who only want open source to mean software under an OSI approved license. Open source is much broader than that narrow definition and that’s one we’ll just have to agree to disagree on.  

If you are going to slide down the slippery slope of splitting hairs with the GPL, are you really GPL anymore or is the GPL just a hollow label because the details are really in the fine print? It may quack like a duck, but if in the end it doesn’t really walk like a duck any longer, it ain’t a duck. If every vendor adds their own “interpretation” of the GPL to suit their own narrow interests then the GPL becomes diluted and everyone will simply discount it and jump right to the fine print, assuming you can always find the fine print. If you’ve been involved in open source or follow the communities that develop around open source projects, the one thing you learn very quickly is that more than just the software has to be open. You must be clear and consistent with your intentions and your communications. Any attempts to slip something by, or even the appearance of being disingenuous with the community, immediately breaks down trust, causing hostility and suspicion. And going dark when there’s controversy or when you need to explain your actions or intentions really causes problems.

Those considerations went not only into the StillSecure Community License we developed for Cobia, but also creating a complete license FAQ and explanation web page. We took all of the most commonly asked questions about our license, is it open source, is the license OSI compatible, when can I use the software for free, when do I have to have a commercial license, what services can I offer without a commercial license, etc., etc., and put it right there on the web site in plain English language. (Try to get the lawyers to do that!). The idea behind all of this is we want to be transparent. We are a for profit company, we are giving a lot of things to you for free (including the product and the source code), here’s how we make money and (just as important) here’s how you can make money if you want to. Nothing is hidden, we don’t couch things in funny legal terms or split hairs by applying our own funky definition to something everyone knows means something else.  

But there’s another significant difference for us. We started Cobia under this license from the beginning as a for profit company, rather than trying to turn the ship of an existing GPL project and morph it into a for profit product. What Marty and Sourcefire are trying to do, while very worthy and appropriate business goals, is also very difficult without doing damage to the trust built up over the life of the project. For example, yes, you can place requirements that future contributed code also include a broad license of rights. But you can’t change history and change the license, or on your own say that a grant of rights was in place all along. That ‘s the kind of stuff you want to be very intentional about, or else it looks like the rules are being made up as you the game is being played. There is no eminent domain under the GPL that says because you started the project or contributed the most code you can change or usurp code under a license change midstream that impacts the contributions of others. Quantity of contributed code doesn’t matter – every contributor has the same rights under the GPL. The person who contributed three lines of code has the same rights as someone who contributes a thousand. Frankly, it’s a tough thing Sourcefire is trying to do here and I don’t envy their position or necessarily agree with the approach here. It has all the signs of one of those situations where every option creates problems you’d rather not have. Sometimes you’d like to rewind the tape and start all over but in life and business that’s not usually possible.

This situation gave me the opportunity to reflect back on the decisions we made around Cobia licensing and the choice not to try and re-interpret the GPL. Trust, clarity, communications and transparency are things which are very important to creating a product, technology and community around Cobia and I hope we can continue to adhere to those goals in the future. I think this is an important topic to discuss and not let go unnoticed. I know Alan proposed having a podcast with those involved in the Snort controversy which I think is a great idea. I hope they chose to participate and even if they don’t, I think we should move forward and have this conversation on one of the upcoming podcasts.