The Bio

Recent Posts

View Stephen Walli's profile on LinkedIn
Subscribe to the feed

Categories

Archives


Search stephesblog

Google


Disclaimer and License

The posts on this blog are provided ‘as is’ with no warranties and confer no rights. The opinions expressed on this site are my own and do not necessarily represent those of my employer.
Creative Commons License
This work is licensed under a Creative Commons License.
Locations of visitors to this page
Powered by TypePad

« June 2006 | Main | September 2006 »

22 August 2006

Overcoming the Barriers to Open Source Adoption

Update [24-Aug-2006, 17:15]:  Here's the link to the recorded webinar.  Enjoy.

This Thursday (24 August, at 1PM EDT) I will be delivering the next Optaros webinar.  The subject is understanding trends and overcoming the barriers to open source adoption.  There is still a lot of confusion in the industry around open source, from the latest licensing changes and acquisitions, to ongoing concerns about support and maintenance and legal issues. 

The presentation will cover the four hot spots and how to think about them in the context of your enterprise.  The invitation link is here on the Optaros web site.

August 22, 2006 at 03:05 PM | Permalink | Comments (0) | TrackBack

20 August 2006

Hyperic: Business Models and Open Source Software

The Hyperic Logo

I first met Javier Soltero (CEO) and Doug MacEachern (CTO) from Hyperic last February.  They were at the point of determining how best to go large with what was otherwise a cool concept, and as ex-Covalent, Apache-shaped people open source software was obviously to be part of the mix. Hyperic is one of the companies that Tim O'Reilly identified in an Executive Briefing session at OSCON 2006 as a company to watch.

Hyperic started as an off-shoot from Covalent a couple of years ago.  Covalent was reshaping itself, and this intrepid team gained the rights to the technology base they were building around large scale system administration and started their own company.  They've been profitable almost since they began with key customers and an early OEM relationship with JBoss.  (There are further impressive customers than those listed that can't be named.) They're now funded and away to the races. 

The list of cool things to love about the company and the business model:

  • It recognizes that the HQ development team can't innovate all the plug-ins to keep up with all the customers scenarios and is creating and investing in their user community.  This value provides value to all the other users and customers in the HQ world.  Their Free Software model enables this.
  • Sys admins also dig deep into how things work. They're responsible for maintaining the integrity and stability of their facilities and have learned to not trust vendor claims of omniscience and omnipotence.  They're the first people answering the phone when it all breaks.  Providing the software as Free Software supports their customers needs (and fears) as they in turn support their end customers.
  • Those same knowledgeable sys admins can help harden the underlying tech base in their maze of twisty environments (all different) as it's Free Software.  We all know that the ratios of users to bug reports to bug fixes to well-formed patches falls by orders of magnitude when you "run the numbers" over history.  But history doesn't measure when the diamonds arrive, and community led innovation isn't being disdained or marginalized by Hyperic. 
  • Hyperic recognizes that their potential customer base is a well connected group of people that share software and ideas constantly through multiple channels, and gives them something to share.  System administrators have always believed in open source software (for decades before we called it open source) and have always shared tools and knowledge.  Hyperic understands their customer.
  • The technology base started life recently as a well thought out re-engineering of the problem space, built over a couple of years by a coherent well-funded team. First, contrast this with the Frankenstein products of the Big Guys in this space (BMC, CA Unicenter, Tivoli, HP), stitched together through acquisitions to try to solve more of the problem.  To now take the product into community means there's a stable core around which the community can rapidly contribute.  (I am assuming the community engagement will be well managed here as John Mark Walker is in charge.)  This is a much shorter life cycle to critical mass from a business perspective than starting as an open source software project that needs to build the core base over time before trying to build a company around it.
  • Attaching the GPL to the open source software base means the Big Guys won't be able to take advantage of the published source base, while customers and the user community can.  N.B. I did not call these players competitors.  HQ might be competition for their offerings, but they are not competition for HQ. Hopefully Hyperic stays laser focused on their customers and user community, and ignores the distractions from the Big Guys, just like MySQL did. 

Prediction: the Big Four will now start the rhetoric around open source with respect to security, scalability, and reliability that we saw first from the OS vendors, and then the database vendors. 

  • The base open source is completely useful by a sys admin.  The enterprise  subscription provides support, training, indemnifications, certified binary images, and a few additional features that a really large IT environment would want to add.
  • Hyperic has a flat pricing model and one that is inexpensive enough to creep in under the floor boards of large organizations.  Contrast this with the more costly Draconian multi-axis pricing models of some of the Big Guys which essentially penalizes the customer for each new management point when they need it the most. This literally becomes self-limiting.  There will come a day when the customer says "enough".  (And the day will probably be extended with new enterprise agreement style subscription pricing to try to assuage the customer and extend the life of the Big Products just a little longer.) 
  • Instead of engaging in a heavy expensive sales cycle with the C-level execs against the Big Four Incumbents around Enterprise Management, they can slip into the bottom of the organization buried in departmental budgets when the open source users become customers. They can send alerts up through the big tools, so they fit into the environment quietly and can begin to displace it.

I finally got a demo last week at Linuxworld.  I am not a system administrator or network ops person, but I was standing with two that run really big networks and both saw the potential.  (One works in a Really Big Facility with an installed base of tools that would need to be gently introduced to HQ, but he was still impressed.) 

If you're a sys admin or merely count them among your friends, take a look at Hyperic HQ here.  If you're a business person thinking about open source, start imagining how to engage a community of users in the small (away from the internal toxicity of ROI and TCO discussions with the CxO and an incumbent sales force), so they grow into customers in the large. 

Congratulations, gentlemen.  Well done.

Post to del.icio.us

August 20, 2006 at 11:23 PM | Permalink | Comments (5) | TrackBack

18 August 2006

Oracle Linux Rumours Continue

Rumours began in the Spring around Oracle delivering it's own Linux distribution and resurfaced this week during LinuxWorld on Jeff Nolan's blog, where the rumour suggests the Oracle version will be based on Red Hat's distro.  The fun bit was Jeff's update to his entry:

UPDATE: Oracle’s investor relations group is now saying that the announcement will be pushed out possibly past OpenWorld in October.

So apparently Oracle remains coy about the rumour.  My opinions haven't changed from the blog posting I wrote in the Spring.  Oracle taking on its own distro rather than continuing to contribute to the community is engineering inefficient and a waste of shareholder money, and it doesn't solve the customer's problem any better.  If Red Hat  is unreasonably behind in delivering the platform to Oracle's needs, they could better invest in the relationship than in undertaking to take on their own distro based on Red Hat. 

Dave Gynn and I were part of an email discussion, and he gave me permission to share his ideas as well: 

Creating a distro based on Red Hat ties Oracle to Red Hat's release cycle and roadmap.  It will be difficult and expensive to offer support for Red Hat that can compete with Red Hat's own Red Hat Network offering.  Oracle is just an expensive middleman whose value is unclear.

If anything, this only makes Red Hat stronger.  Oracle will be required by the GPL to make available any modifications they make.  So the Red Hat codebase will benefit.  Developers will continue to target Red Hat since applications that work on Red Hat should work on Oracle's derivative distro.

With their own distro, Oracle will neglect support for the Oracle database and other applications on other Linux distros.  Open source databases like Postgres and MySQL which run well on all distros will continue to be a more flexible solution.

There is no reason to believe that an Oracle Linux distribution would be compelling or successful. 

Well said.  Oracle is still very like some other software companies, praising open source on the one hand around Linux, but with contradictory rhetoric on the other hand around such things as Postgres and EnterpriseDB and MySQL.  Oracle Linux, or Oracle Red Hat Linux, would be bad business for Oracle. 

The Spring posts:

Post to del.icio.us

August 18, 2006 at 05:57 PM | Permalink | Comments (0) | TrackBack

14 August 2006

Sun and Open Source Java versus the Microsoft .NET Efforts

I attended the small event Sun hosted this evening to talk about the next steps towards an open source Java world.  On hand for the discussion were Sun Software EVP Rich Green, VP of Developer Programs and Products Laurie Tolman, and VP of Mobile and Embedded Systems Alan Brenner.  Dan Farber covers the details well here.

There were generally supportive statements around open sourcing javac and the hotspot VM by the end of year, as well as the JavaME (Mobile Edition).  This is all good.  The web site to follow for the work is http://community.java.net/jdk/opensource/

The interesting thing to watch here is how Sun works this opportunity as it's sort of backwards.  Standards exist to enable multiple implementations.  This is certainly how the JCP has functioned, and the Java certification program protects the brand.  Open source software describes a licensing model that ensures a collaborative community can be developed around a software project, and Sun has a long history of participation in such communities, including its own, so should be able to develop a new community here. 

Historically, standards often arise out of collaborative technology communities, and the shared technology snaps to the standard once created, enabling all the community participants to rapidly develop products.  Here, the development community is coming somewhat out of order, behind the specification, but lets set that aside for a moment.   

So what will open source Java mean?  First remember that this effort has been driven not by Sun, but demanded by the community around Java.  Whether the demands are valid or not, or indeed politically motivated or not, there are still good things to be had from the process. 

Sun has driven the Java standardization process through the JCP for some time and has a strong collaborative community and process, supported by a strong certification and branding program.  (The certification will always protect the brand and expectations of integrity, and Sun needs to finally stop the hand wringing over open source projects "drifting" from the specification.  It doesn't happen in the real world, and it won't happen with Java.) 

Delivering Java technologies as open source still makes sense, however, even if the standard has led the implementation so to speak.

As a primary reference implementation, it will provide the following benefits to the entire Java community, Sun included:

  • It will harden the primary implementation for Sun's and the community's benefit.  Allowing others to tinker and explore will find new and interesting problems.  They can be addressed.
  • It will enable new innovation.  Many claim Java's day is done.  Allowing new implementors to explore the primary production base will invariably lead to new ideas and innovation on the platform beyond JCP participants, and to everyone's benefit.
  • As new code enters the source base, it will likely come in at a very high level of quality.  Even if Sun developers act as the primary committers for the foreseeable future, a high level of inspection will be brought into play on code coming in from the outside.  For new work delivered from the inside, the inspection will likely be equally vigorous from the community.

That is not to say there won't be challenges.  As with any large code base that exists in a commercial product, all will need to be inspected carefully from a number of angles.  Sun won't want any obviously embarrassing code released, but as well, they need to ensure all code licensed in from outside can be released, and manage that process. 

Sun already supports a strong development community around OpenSolaris, and hopefully that experience can be leveraged by the “OpenJava” team.  (Certainly the questions I asked of Sun people tonight indicated the Java folks were absolutely sharing notes with the OpenSolaris community.) 

Likewise, Sun already supports a strong collaborative community in the Java Community Process, so they have a great channel to begin their open source efforts when they figure out how they intend to publish what sources. 

Perhaps it would be better to contrast this against other similar efforts.  Microsoft developed C# and the Common Language Runtime (CLR)  of .NET as a product first.  The specification for the C# language, and the Common Language Infrastructure (the CLR plus the base class libraries) was then taken through ECMA International, an industry consortium, to develop a standard, and then through the international standards process at ISO. 

During the same period as the initial standardization, a team at Microsoft created a shared source project around the standard, aka Rotor, providing what was essentially a reference implementation of the standard by cutting down the product code base to the standard.  The project, however, was not open source.  It’s license restricts commercial distribution.  It was essentially developed to drive academic research. 

Neither are changes accepted back from the community around this "Shared Source" project.  The code base is still linked to the product code, and Microsoft has concerns about intellectual property taint.  It’s unfortunate.  One of the first contributions from the outside world, within a day of the initial release of a million lines of code of implementation and test harness, was a fragment of code that improved the just-in-time compiler performance by 10%.  It of course couldn’t be accepted.  Nor the first robust bug fix the was contributed the next day.  The community quickly got the message and stopped contributing. 

A second implementation sprang up after the ECMA standard completed.  The mono project was started by Ximian as a complete ground-up implementation of the ECMA C#/CLI standard, and distributed as open source software under the GPL.  Ximian has been since acquired by Novell. 

Microsoft continues to position mono as “an interesting science experiment” in its market commentary, despite its growing success, and to maintain an arm’s length ambiguity about the state and status of non-essential patents that may be infringed by mono. 

Instead of encouraging multiple implementations of a standard they instigated, they discourage them.  Instead of embracing open source collaborative development, innovation and contribution, they keep the community hobbled.

So Sun has a huge opportunity to “do it right” with Java. They began the release of Java EE 5 with the GlassFish project, and continue the work in the context of a culture shift that has delivered OpenSolaris.  Now time will tell if they can harness all their collective experience in open source software, standards, and the JCP to bring about a complete open source Java world.

Post to del.icio.us

August 14, 2006 at 11:33 PM | Permalink | Comments (0) | TrackBack

04 August 2006

Free and Open Source Software Development Education Materials (for Free!)

I've been asked a few times over the past month for a set of references on free and open source software by people hoping to teach or learn about the concepts and mechanics of community development.  They are not interested in a business model primer, although many of the references below would be invaluable to understanding the culture for a business person interested in open source software. 

The first person was asking from a teaching curriculum perspective, so I started thinking in terms of what's available that would meet a student's price point.  So here's my list.

On Culture:

On Development:

On Legal and Licensing:

Most of the blogs I read are more "the business of open source" sorts of things, and so I haven't included them here.  If anyone has other suggestions for pointers, please send them along.

Post to del.icio.us

August 4, 2006 at 11:22 PM | Permalink | Comments (3) | TrackBack

03 August 2006

OSCON 2006: That's Billion with a "B"

Matt Asay (Alfresco) and Stephen O'Grady (Red Monk) have been having a fascinating debate that began at OSCON last week over whether we will see a billion dollar pure open source play or not, if so when, and whether that's the relevant yardstick or not.  The entire discussion is well worth the read and the links are included below.

The one thing I find troubling is the focus on the billion dollar yardstick. Every new technology shift sees the creation of new companies that can't be measured using the same metrics as the historical base.  It's meaningless to compare MySQL to Oracle using revenues (the MySQL user and customer bases don't pay for the database), or installed base (MySQL is easy enough to use that it can be trivially dropped into place as a groupware or departmental database). 

But then we need to ask why comparing Oracle to MySQL AB is even relevant. It isn't particularly to the way MySQL AB runs its business.  It isn't to MySQL's customers.  The only people that seem to need the analysis is Oracle itself so it can demonstrate to customers and investors that "everything's fine."

Drucker (as a good economist) pointed out:

A business doesn't exist to maximize profits — that's a measure of success.  A company exists to make a customer.  To make a market.

You have to love the simplicity of that statement.  In the end it is all about customers and making them wildly happy by solving a problem they value.

Stephen argues that volume is a more relevant measure of success for an open source company, and this starts to get to the customer focus through the volume of users.  MySQL has a huge deployed user base and focuses on converting users to customers.  This conversion rate discussion is central to Matt's thesis, but I'm still worried there's a subtle but important aspect of the customer that's being missed. 

Matt gave a great OSCON presentation last week (Making Sales while making Friends: Lessons Learned from Open Source Businesses), and his blog posting sums up the key slides best.  He is struggling though with the concern he's voiced many a time that the open source applications space will NEVER have the volume downloads of the open source infrastructure space.  Essentially, no one will ever download Alfresco 40M times.  So raising conversion rates defines his battlefield and therein lies the problem.   

Alfresco rebranded itself to an Enterprise Content Management solution through the Fall and Winter of last year.  Essentially, "we are all things to all people in the content management space", instead of staying with the laser sharp focus of the best document management system on the planet at a "free" price point, and as an open source solution.  Presumably, they're wrestling with the problem of value definition to their customers, and feel if they position themselves as the Documentum or Interwoven killer, they'll have an easier time of it. 

That's the problem.  They now have to live up to that solution, and a customer's existing investment in the entire space.  While they're having success with conversions (and Matt's discussion of how they convert many customers was brilliant), they're still limiting their perceived value to the few people that consider content management problems in the enterprise. 

They need to live their all-things-all-people marketing message.  Indeed, for those of us that attended the O'Reilly Radar Executive Briefing last week, we were horrified to watch John Cochrane (Alfresco) give what amounted to a standard marketing product pitch for his 10 minutes of fame, identified on the O'Reilly Radar as one of the hot open source companies to watch.  The other seven companies talked about what the company did, why open source was fundamental to the business model, and how their communities were central to success.  Mr. Cochrane told us why the Alfresco product was better than its competition with a feature list. At the end of the session, you have to wonder why they're a hot company to watch.  They didn't tell us. 

The MySQL user community weren't Oracle DBAs and CIOs looking for a "cheap" fix to the Oracle spend. They were non-users of databases (or people that didn't have easy departmental access to the "large corporate database resource").  And it spread like wild fire.  They didn't care that it wasn't "an enterprise class database" in the beginning.  It solved their problems brilliantly. 

So instead of thinking of Alfresco as "an Enterprise Content Management" system, let's for a moment treat it like a quick-and-easy document sharing system.  Every project, workgroup, department, and medium sized business (or school, or non-profit, or religious organization, or community center) could drop down such a system instead of all those important Microsoft Office, Wordperfect, and OpenOffice documents being stuck in people's laptops and desktop machines, which we all know is becoming a problem. I could trivially drop an Alfresco server on Windows or Linux.  Just like all those non-database savvy users dropped MySQL database servers all over the place.  Millions of them.  For free. 

Now there rapidly comes a point, especially when multiple people in large organizations start dropping document shares down like candy, when the corporate infrastructure people get involved to do the responsible thing, and need to support and maintain the resource. And that's when they start calling Alfresco.  But the joy of this is that it is likely a greater number of enterprises that will have this problem than the fewer number that thought they wanted to tackle an Enterprise Content Management problem.  It's all about the area under the curve.  Conversion rates are important, but I want thousands of customers calling me to convert on the hundreds of document sharing servers they're already running, not hundreds of customers needing to call me as they try to wrestle the behemoth of the ECM to the ground. 

This is the ground that Microsoft already wants to go after with Sharepoint Server 2007.  Indeed, they're boldly telling customers that this will be the value "lock" for the next generation.  Of course, they're telling customers that are tired of lock, that want choice, that are beginning to investigate open source solutions to regain a sense of choice, and that are exploring OpenOffice on Windows as a way to manage the Microsoft spend.  Alfresco doesn't need to "compete" with Microsoft directly to succeed against Sharepoint.  They're already ahead of the curve here. 

But it will require a sense of focus and indeed humility.  It requires focusing on customers' problems (the reason you're in business), rather than investors measuring profits and growth towards a billion dollar company.  Can they step away from being ALL THINGS TO ALL PEOPLE to merely being the world's greatest little document management system ... at least until the world is breaking down their door.  Who needs to be a billion dollar company, when you can be a wildly successful and growing company that happens to be profitable.

The posts that began the discussion:

 

Post to del.icio.us

August 3, 2006 at 12:41 PM | Permalink | Comments (1) | TrackBack

02 August 2006

Rambus, Patents, and Standards

The system DOES indeed work — just slowly sometimes.  Every once in a while I get embroiled in discussions with people that believe (a.) the sky IS falling with respect to patents and standards and hence (b.) we need to get all patent holders to forfeit their future business rights in overwrought and strict IPR policies within standards development organizations.  The Rambus abuse is universally the example of the danger, in a similar way that the SCO Group lawsuit is the singular data point extremists use when trying to spread open source litigation FUD. 

Occasionally I run into the debate that (c.) patents are so important in terms of value to a company that all other industry practices (e.g. standards, collaborative development, etc.) are subservient to this incredible tool, but these debates were typically inside Microsoft with its extreme IP fetish and can safely be ignored. 

The Rambus case is a classic case of submarine patents in a standards setting forum, cheating the rules, and litigating for fun and profit.  Today the U.S. Federal Trade Commission reversed its previous ruling and has slammed Rambus appropriately, stating that their practices were anticompetitive, and beginning the process of damage calculation.  Brilliant!  Here's the quotable bits:

... the Commission found that, through a course of deceptive conduct, Rambus was able to distort a critical standard-setting process and engage in an anticompetitive “hold up” of the computer memory industry. The Commission held that Rambus’s acts of deception constituted exclusionary conduct under Section 2 of the Sherman Act and contributed significantly to Rambus’s acquisition of monopoly power in the four relevant markets. The Commission has ordered additional briefings to determine the appropriate remedy for “the substantial competitive harm that Rambus’s course of deceptive conduct has inflicted.”

Here are the links:

  • The FTC announcement is here.
  • Andy Updegrove's excellent write-up is here, providing the historical background.  (Andy filed a friend of the court brief in this case, and has deep knowledge.)
  • The FTC docket is here if you want the complete historical legal depth. 

I've long maintained that patents are simply tickets to negotiations. Occasionally the negotiations go awry.  Sometimes people abuse the rules.  In the end, the economics of the system works. 

Post to del.icio.us

August 2, 2006 at 04:45 PM | Permalink | Comments (2) | TrackBack

01 August 2006

OSCON 2006: Open Standards and the Open Source Initiative

The Open Source Initiative hosted a BoF last Thursday evening at OSCON 2006, and one of the primary topics of discussion was possible compliance criteria for an open standards requirement.  Lots of thought and effort has gone into developing a strawman proposal, and the discussion is just beginning.  I would strongly encourage you to participate in the discussion if you have a standards and open source background.  The discussion list sign-up is located at http://opensource.org/osr/

This issue has been simmering for a while now, all the way back through debates about the relationship between standards and open source, and comments from various open source participants about various standards development organizations' IPR policies.  The topic is coming back into the forefront. 

The rest of this post is the edited version of my first post to the OSI discussion alias.  I will happily entertain debate and discussion here, but would encourage your participation in the OSI discussions if you want to be heard in the outcome. 

First, let me state I agree with the goal of developing a clear statement supporting the ability to develop open source software implementations of standards.  Second, the following views and ideas were shaped over the years of participation in the POSIX/UNIX standards development process from the late 1980s.  (I'm still in recovery.)

I want to set the stage with a few definitions I keep in my head, so hopefully this is actually coherent.

Specifications and Standards:
A specification is simply a document describing some interface for interoperability.  Lots of companies publish specifications to enable customers and partners to better interoperate with their products.  In such cases, where the specification is published by a single commercial entity, it benefits the company by encouraging lots of add-ons.

A standard is a specification that has been put through some form of consensus process by a collection of interested parties.  It may be a formal government supported de jure process with checks and balances to ensure that the consensus isn't anticompetitive collusion. It may be an industry or trade organization (CBEMA, ECMA, IEEE) with a broad interest in an area, e.g. computing standards. It may be an industry group with narrower focus (e.g. OASIS, W3C, IETF).  The consensus process has rules that define such things as participation, acceptance, interpretation, amendment and withdrawal.

The economic purpose of a standard is to encourage and enable multiple implementations of the thing specified, i.e. it is the opposite of a company specification which benefits the company's own ecosystem.  A standard is designed to increase choice and benefit consumers.  A successful standard has to have multiple implementations that conform and interoperate.  If there's only one implementation, then it is just a vendor specification regardless of the process it was put through to receive a stamp of approval.

[For taxonometric completeness:

  1. A de facto standard isn't.  A de facto standard is a technology that is so ubiquitous as to be "a standard in fact".  But it's typically controlled by a single vendor, i.e. not a lot of consensus involved.
  2. A corporate standard is an ambiguous entity that may be selecting de facto technologies to simplify and narrow procurement choice, OR a reference to de jure standards that is designed to increase procurement choice.  Sometimes both.  Context is everything.]


Patents and Standards:
Patents exist to protect a single implementation of an idea. They serve a completely different purpose in the economic spectrum to standards which encourage multiple implementations.  Because of this, every standards organization has developed some form of IPR policy to attempt to survive the discovery of a patent in their midst, and indeed to discourage participants from embedding them so as to avoid such problems.

This does not mean there are not examples of industry standards groups being mirrored by trade organizations and relationships with patent sharing agreements. But within the standards organization itself, there is neither the legal bandwidth or financial depth to deal with them directly.  (And yes, some naive vendors would love to have a patent on a standard because obviously the world will want to beat a path to their door to pay a tax on the standard, but it seldom actually works out this way.)  

So here are my concerns per the current compliance criteria.

Criteria 1: The standard must include all details necessary for interoperable implementation.

This is tough.  Standards participants are there because of some level of experience and expertise (regardless of whether they are lone participants or corporately sponsored).  By definition the context of the discussions and debate result in a standard that has "holes" where things were simply "understood" by the participants.  This is why every formal organization needs rules to interpret and amend standards.  (Standards are actually living documents, but with a lifecycle more akin to trees than people.) English is an inexact language. 

As well, some holes are deliberate.  There is sometimes a fine line in relaxing the standard to allow implementation and conformance for as wide a set of participants as possible, without breaking the underlying interoperability model.  Without the IETF requirement of two independent and interoperable implementations, there is NO WAY TO KNOW if the standard includes all details necessary for implementation, or more exactly, all details necessary for interoperability.

Criteria 2: The standard must be freely and publicly available (e.g. from a stable web site) under royalty-free terms. 

I have no issue with this one per se, except that some of the core standards in our industry embodied in open source were expensive books in the past (e.g. ISO/ANSI C/C++, POSIX, UNIX, SQL).  REQUIRING this royalty free access seems a bit off.  Didn't stop us before.  Won't stop us in the future.

Criteria 3: All patents essential to implementation of the standard must be licensed under royalty-free terms. 

Today any standard can be shot by an idle patent from outside its community of interest, regardless of the occasional pathological abuse from within (i.e. Rambus), and regardless of the IPR policy in place.  Just like any community developed project licensed under an open source license.  No rules the OSI puts in place will change this.

You're asking me as a standards participant to agree to the terms for your  "open standard" definition, when I already have the ability to so declare through the standards orgs IPR policy or any public non-assert or covenant I make about my own patents, only to have it taken away by a non-participant at ANY time.  Why does this criteria have ANY value to me as a standards participant?

Criteria 4: There must not be any requirement for execution of a license agreement, NDA, grant, click-through, or any other form of paperwork to deploy conforming implementations of the standard.

By requiring no paperwork or click through to deploy conforming implementations of a standard, you just narrowed the definition of an "open standard" to only open source projects freely available on the web.  No product based on open source even fits if it has a support/maint contract in place.  And I think you would discover that if your definition of "open standard" excludes a standard that is properly implemented multiple times by closed source commercial products that interoperate, you'll be laughed out of the house of "open" by all participants in standards orgs the world over.

Criteria 5: Implementation of the standard must not require any other technology that fails to meet the criteria of these requirements.

The requirement that "open standards" implementations must not require any other technology that does not itself meet the open standards criteria dooms this to a utopian failure.  Many standards depend upon other standards.  If one at the bottom of the pile (or the end of the dependency list as the case may be) can invalidate the entire chain, I see no value as a standards participant to ever buying into your definition of "open standard".  It puts the implementation burden on me in such ways that I may not have control over it.  POSIX (IEEE) was based on C (CBEMA).  Different orgs, different rules of engagement, with different non-overlapping parties of participation.

The Term "Open":
The term "open" is perhaps a red herring here.  The term was polluted with respect to standards at least 15 years ago and customers and vendors alike have long memories.  We started with "standards", and the messaging battle moved to "open systems" to get away from the constraint of standards to which a vendor might have to actually conform and certify.  The term "open" was slammed onto "standards" to try to find yet more definitional integrity OR ambiguity, depending upon who you were. (Indeed we get to see the current fetish with marketing people and "open" in open source today.) 

Instead of trying to force a definition into a space where you are sailing into the teeth of the gale of mass vendor mass marketing that aligns with your goals only partially, and historical shoals on which to run aground, perhaps we can modify the terminology to suit the OSI need and to be readily defensible by the OSI.  What you really want is a "open source enabled standard", where regardless of the consensus process used to arrive at it, the product (i.e. the standard itself) can easily be identified as being implemented in open source software.

Implementation:
Culturally, you want standards organizations to adopt something similar to their IPR policy with respect to "open source enabled". You want each to have the simple ability to say that within their overall process of standards development, they can readily identify a standard as "open source enabled".

Participants in standards efforts are the customers of standards organizations.  As such, there needs to be the flexibility in the system to encourage the right thing to happen while preventing such a hard-line discussion that even should the OSI definition of "open standard" be adopted by the organization, the participants are sufficiently disenfranchised in how they meet their business needs that they move their standards setting efforts elsewhere.

Organizations as engineering-centric in their process as the IETF could create their own implementation by simply requiring one of the "at least two independent and interoperable implementations" be licensed under an OSI compliant license.  OASIS on the other hand could add an upfront step in the scope and reference terms of the working group similar to their IPR policy where the working group agrees to provide a reference implementation under an OSI compliant license. It wouldn't require every OASIS standard so to do, but rather gives their working groups the policy framework up front to declare their intentions for all to see (and OSS developers the encouragement to participate).

This gives vendor participants that support open source the ability to selectively support standards with open source implementations to competitive advantage, while still providing closed implementations themselves in other areas.

Those are the opening concerns and ideas.  Looking forward to the discussion.

Related Posts:

Post to del.icio.us

August 1, 2006 at 02:46 PM | Permalink | Comments (0) | TrackBack

OSCON 2006: IBM, Microsoft, and Open Source Strategy

Bob Sutor gave a fine talk at OSCON 2006 in Portland last week called "The Future of Software is a Blend, but of what?" (slides here).  It was a classic IBM talk.  He developed an architecture of thinking about using free and open source software in the enterprise.  It is obviously a mixed environment between free/open software and closed software.  The additional questions of what is commercial or not and what standards-based software is used opens the discussion into a multi-variable landscape that reflects the real world of most enterprise software architectures.  Of course, when discussing how one might consider these options against closed product decisions, IBM software choices were made. 

Bob's use of language was perfect.  For example, when one needed to "step up to a scalable enterprise database", it was of course DB2.  (Look for the transition between slides 13 and 14.) This is exactly the sort of perfectly pitched rhetoric we've seen from IBM over the years, back through initial engagements with the Apache and Linux communities, and on through the development of the Eclipse community.

Before the reader thinks I'm bashing at IBM, let's look at Microsoft's OSCON 2006 engagement.  Danese Cooper (Intel) interviewed Bill Hilf (Microsoft) during an Executive Briefing session on Tuesday before the main conference opened.  Bill is director of the Microsoft Open Source Lab, and helped create Port25, which is a careful view into Microsoft's Shared Source world similar to Channel9. 

Danese asked lots of difficult questions, and Bill gave lots of pro forma answers that typically involved: "That's a good question." + a restatement of the question + the scripted response from the Rude Q&A + "Microsoft is still learning from the open source community." 

[A Rude Q&A is the document Microsoft teams develop with PR before announcements and events that covers all the questions you DON'T want to be asked by the press and analysts, and what the best response can be.  There is an art to writing these documents and it helps keep the message delivery sharp.]

Danese didn't probe too hard because it would have been impolite to beat up a Silver Sponsor, which is pretty acceptable.  And in Bill's defense, he's worked extremely hard with Jason Matusow this past few years to get the message to the point that the Microsoft executive team isn't still running around offering personal opinions based on conjecture.  So the fact that we didn't learn anything other than the Microsoft rhetoric is being buffed to a very high shine isn't surprising. 

But here's the simple difference between the IBM and Microsoft open source strategies.  IBM participates.  Microsoft talks about "still learning from open source."  Port25 is interesting.  Re-casting and re-branding the plethora of licenses to the few Shared Source licenses is nice.  Cutting a few partnership deals with companies creating products based on open source is just business.  Opening a portal where other people can share code is fine.  But it all pales in comparison to IBM employees' direct and constant participation in project communities around the open source world, including the creation of their own, for what has to be going on eight years. 

Whether it's a lack of executive will, the frenzied fear of IP loss or litigation from Legal Affairs, or the cultural inability to collaborate because of the historical competitive nature of the company, Microsoft professionally talks up a weak story and refuses to actually engage and participate.  Maybe it's just pride (which is really just another word for fear).  IBM's practiced rhetoric is much much more acceptable and credible, because at the end of the day they participate and contribute. IBM deeply understands the competitive advantage and business credibility it brings.

In the end, Microsoft is going to have to DO something. Be Bold.  Contribute.  Participate. Risk something.  At one point in the interview with Danese, Bill said that Gates and Ozzie support his team's work.  There's a huge difference, however, between supporting a mean-well market message and supporting the cultural shift it takes to actively participate. 

Vive la Société libre! [With appropriate apologies to de Gaulle.]

Post to del.icio.us

August 1, 2006 at 10:56 AM | Permalink | Comments (0) | TrackBack