Friday Nov 13, 2009

A Software Freedom Scorecard

I spoke this morning at the South Tyrol Free Software Conference in Bolzano, Italy. My subject was the idea of a "software freedom scorecard", a list of indicators for the strength of software freedom in an open source project or product, about which I wrote recently. The slides are available for download.

I also refer to reptiles, and that's a reference to another blog post.

Saturday Oct 24, 2009

We Have An Ombudsman

Just a quick reminder to anyone who believes Sun has done something bad in the community; we do have a community ombudsman service. Send e-mail to with your complaints and they will be investigated.

Tuesday Oct 20, 2009

☝ A Remarkable Reversal

It was a surprise to see Richard Stallman's signature on a letter to the European Commission calling on them to block the acquisition of MySQL by Oracle with its proposed acquisition of Sun. The surprise wasn't primarily because of that position.

[Continued on my personal blog]

Thursday Oct 08, 2009

Building a Scorecard for Open Source

Perching Gull

In my previous posts, I've drawn an analogy between open source software and organic food, hinting that in both cases the rush to create a working brand lost some of the essence of the vision. I've suggested that having businesses identify "open source" purely on the basis of one "input" - using an OSI-approved license - is no longer adequate, because the success of the open source approach has led so many different companies to want to exploit the name. The need is clear; so many companies want to describe themselves as "open source businesses" that debates about "open-core" and "open source business models" were dominant at Open World Forum.

To address this, I'm proposing the Open Source Initiative go beyond the Open Source Definition and the Free Software Definition to devise some sort of a Software Freedom Definition which articulates a holistic vision of software freedom against which businesses can be benchmarked. I propose also creating a self-certified score-card which companies can complete to indicate the approach they are taking to promote software freedom as part of their business model - maybe "the Open Source Audit". I'd then expect abuses to be policed by the community at large with final arbitration from OSI.

What would be included in the two? My initial thoughts are that it should include 7-10 elements, each of which have a "yes/no" answer and each of which should be backed by a more detailed definition to make clear whether the answer is yes or no. Sample questions might include:

  • Is the license OSI-approved?
  • Is the copyright under diverse control?
  • Is the community governance open?
  • Are external interfaces and formats standards compliant?
  • Does your community operate under a patent peace arrangement?
  • Are trademarks community controlled?
  • ...
and so on. Suppliers could then state "This product achieves 4 stars on the 10-point Open Source Audit" as they self-certify. In addition, procurement policies could then state they required a minimum number of stars for products and services they procure. And the only companies that could claim to be "an open source business" would have all products scoring 10/10 - probably very, very few. A focus on software freedom - the code, rather than the company - is the answer to the issue.

[Also posted on my OSI blog. You can also watch the talk.]

Sunday Sep 27, 2009

Organic Software

By The People, For The People

This weekend we went to Winchester Farmers' Market. It was a beautiful day and the season is especially rich so there's a wonderful range of produce on offer. Our larder and fridge are now full of produce grown nearby: onions, squash, courgettes, beans, fir apple potatoes, garlic, watercress and plenty more. Tonight we'll have River Test trout, sip a locally grown wine, nibble local cheese and finish with berries we harvested ourselves last week.

Wandering around the market, I used two of my OSCON bags - an older canvas one to carry my cameras, and one of this year's black nylon Chico bags for produce. A stallholder spotted them both and asked me which convention I'd been to. I told him I'd been to the Open Source Convention each year for the last decade, and he was interested to find out what that was. "Organic software", I said. I explained to him that he could be using open source software free of charge and be liberated from the corporations that were taxing him on computer software.

Rather like me at the Farmer's Market actually. I'm there because I'm tired of being in Nestlé's net, sucking from the teat of the maize and sugar industry, wondering if I'm eating Frankenfood, ignorant of the environmental cost of getting the food in front of me. Rather than going to a big-chain supermarket and leaving the provenance of the food to them, I go to the farmers' market because I get to ask the producers about their food, get encouraged to cook creatively and even grow my own (several plant stalls there) and give help to other people doing the same.

Some people do ask whether the farmers' market is scalable - surely having a big corporation planning all the production is better? But no, each week the market is full of produce produced by local people who love growing it, and producers turn up to sell in proportion to the number of people who show up to buy. No-one seemed to be struggling to make a living. The stallholder had never heard of or Firefox, but easily got the idea that software made by a community could be great and that having everyone doing the part they can for themselves means there's no need to have a big corporation wanting you to pay. There are no hidden ingredients either, and despite the lack of pesticides there seem to be fewer bugs...

Open source is "organic software" and its time has come. He's going home to his organic produce and to look for "open source software" and "open office" on the web. Me - I'm reflecting on Software Freedom Day as I prepare my trout.

Wednesday Sep 23, 2009

Mind Your Own Business (Model)

Achat de Chevaux

I'm not sure why, but the "there is no open source business model" discussion has woken up again, with Matthew Aslett and Stephen Walli in particular chipping in views. Last time this debate arose was when 451 published a report of the same name. That report made quite a few people in the FOSS communities unhappy because it propagated the "open core" view that a business with an open source element somewhere in its activities (what Stephe calls a tool) could be described as an "open source business".


Why is there no "open source business model"? Because open source is not a business. It's the same oxymoronic thinking as the question "how can you make money if you give the software away for free", which simply can't be answered without correcting the questioner's worldview.

To assert there is "an open source business model" is to lose sight of the nature of open source. It may have been a fair thing to do when open source was a novelty to business minds, but even considering there could be such a thing leads people to misunderstand open source and treat the exceptions - like MySQL - as the rule. Not that it's wrong to monetise ubiquity at the point of deployment by delivering the value that allows scaling (enabling adoption-led behaviour). It's just most open source community members don't do that.

Synchronisation of Interest Elements

An open source project is a community of participants that gathers around a free software commons, with each participant aligning an element of their interests with the interests of all the others there, in order to collaborate. The OSI-approved license gives them the freedom to do so. Each participant comes to the community with their own individual interest, which in the case of a business will stem from their own business model. The community itself is about the Free code in the commons. Just about the code - all other matters are subjugated (at least in working communities!).

An open source community is thus a mix of many motivations. If there's only one motivation present - only one "business model" - it's unlikely there is any true community either. People only care about the business model when there's only one business; in a real community the only way to get along is to mind your own business (model) and not try to mess with anyone else's.

Wednesday Jul 22, 2009

America Needs Open Source

Pilgrim Memorial, Southampton

Today sees the launch of a new coalition of businesses (large and small), organizations and individuals to speak up for Free and open source software in Washington DC. Open Source for America brings together a diverse alliance drawn from every corner of the software freedom movement. The Board of Advisors (on which I'm honoured to serve) brings together community, commercial, political and military voices, and the membership has been the easiest to recruit of any activity I have known. That's because at the heart of the organization you'll find the principles of the Free Software Definition, which themselves form the core beliefs of almost everyone supporting free and open source software.

The Freedoms at the heart of the alliance create an unparalleled opportunity for governments:

  • Open source puts government in control of if and when they spend money on software, since the it guarantees the right to use without limitations
  • It means that government IT investment is mostly spent locally with local experts since everyone is free to study and modify the code.
  • It ensures that all - government, suppliers and citizens - can freely access the software needed for government engagement without toll or tax from a vendor since everyone is free to distribute the original and changed versions.

Whatever other lessons we can learn from this new initiative, I note that it was easy and rational for people from all the apparent factions of the free and open source software movement to come together. It's time to set aside the urge to fight over semantic differences and recognise how far we have come and see how much we can achieve when we pull together. Join Open Source for America now!

Wednesday Apr 15, 2009

Five Ideas To Get FOSS Into Governments

Why is it so hard to get governments (especially local government) to use open source software? Here are some ideas discussed during my keynote today in Oslo at GoOpen 2009 for practical steps various people, from citizens to policy wonks to representatives, can do to help get open source in actual use and delivering on its promise (and I know it's not easy):

  1. Fix the procurement policy. While a policy that says open source is great is a good thing, if you don't change the procurement policy it will have no effect. The best open source solutions result from a two-phase procurement process where the first phase buys prototyping and iterating using software on a white-list of approved elements that can be supported in phase two, and the second phase buys production deployment and scaling. If you have a procurement process that basically defines software as "something you buy a license for" you'll never get the adoption-led benefits of open source.
  2. Publish tenders by default. In most places, it's illegal to specify a vendor explicitly in a generic request for tender. To deal with this, many countries have open procurement policies, but very, very few publish tender documents, so we have a problem. Initiating a scheme like the one Brenno de Winter has in the Netherlands brings the cleansing power of sunlight into the process. Brenno uses Freedom of Information requests to secure tenders and then posts them to a wiki for community review. You could do that too where you live.
  3. Demand the freedom to leave. Often, the cost of migration is used as a barrier to use of open source. But the cost of migration is often caused by being locked in by an existing vendor. If migration costs are cited, so must be exit costs (one of the key changes in the UK open source policy). If you're not willing to demand exit costs are stated, exclude migration costs too. The longer you leave this unchecked, the deeper the lock-in will become and the greater the migration costs for new solutions.
  4. Don't focus on cost savings alone. Any vendor with a decent sales function can cut one-time costs to get you locked in. If you have freedom to use/study/modify/distribute the software you use, you can drive down the costs - freedom can lead to cost savings but cost savings rarely lead to freedom. Making this the rule is a policy decision that your legislature needs to make.
  5. Consider posterity. Solutions that require proprietary formats, DRM as an enabler to tracking, closed and NDA-only interfaces (and many more tactics) - all these things result in systems that lose the reasons why decisions get made and rob future generations of their history. Demand transparency with privacy. That's freedom; secrecy with controlled disclosure is not. Discriminate against offerings that use DRM, unpublished interfaces and anything else that your vendor won't let you publish without permission.
And your bonus idea for added value:
  • Use open standards. What is an open standard? Well, that can take a great deal of argument to determine, but a great rule of thumb is if it could be implemented under all available open source licenses and is actually implemented under one, it's probably open. And if you use the open source implementation, chances are the extra freedoms will help too.
Got more ideas? Case studies? Comment below.

Tuesday Feb 24, 2009

Responding to Canada

It seems the Government Open Source Tipping Point (GOSTiP, as all government things need an acronym) is proceeding apace as national government after national government learns from the pioneers and dips a toe into the waters of software freedom.

Prior to the British government's announcement they would prefer to use open source and open formats, many of us also noticed the Canadian Government asking questions about "No-Charge Licensed Software" and using their "request for information" process to do so. Like many others we've taken a good, long look at their questions and written a suitably lengthy reply.

Do take a look; if you'd like to re-use any of it, there's also an ODF version. You'll note that we think lumping open source in with shareware, trialware and bait-and-switchware is a mistake; it's not about saving money on licenses, it's about securing key freedoms.  More inside.

UK Government Endorses Open Source and ODF

Tower Bridge

Late today (UK time), the British Government issued a bold new strategy for use of open source software - and open standards - in Great Britain. In Open Source, Open Standards and Re-Use, the government's Minister for Digital Engagement (yes, really, and he's on Twitter too) significantly revised the brave but toothless policy of 2004 "that it should seek to use Open Source where it gave the best value for money to the taxpayer in delivering public services". This is fantastic news - the digital tipping point is at hand. (The publication is also progressive in having nominated use of the tag "#ukgovOSS" in comment and coverage so it can be found and aggregated).

Like other fine policies before it, the core of the document asserts that the government

  • will actively and fairly consider open source solutions alongside proprietary ones;
  • will consider exit and transition costs as well as the total lifetime cost of ownership;
  • will pick open source where it doesn't cost more;
  • will insist proprietary vendors explain exit, rebid and rebuild costs;
  • will expect proprietary licenses to be transferable throughout government;
  • will expect public sector solutions to be re-usable
In support of this there are some key action items that include:
  • develop clear and open guidance for ensuring that open source and proprietary products are considered equally (action 1);
  • keep and share records of approval and use of open source (action 3)
  • support the use of Open Document Format (action 8);
  • work to ensure that government information is available in open formats, and it will make this a required standard for government websites (action 8);
  • general purpose software developed by or for government will be released on an open source basis (action 9).

This is all to be warmly welcomed and encouraged, and I congratulate the government on this progressive step. The endorsement of ODF is especially welcome, and would have seemed no more than an impossible dream to those of us associated with and involved in it at the start of the decade.

I will be very pleased to support and assist in any way that appropriate. In particular, I encourage the CIO Council to consider switching from an assumption of a procurement-driven approach to software acquisition to an adoption-led approach. Doing so does not favour open source; rather, it levels the playing field so that open source solutions can been seen alongside existing approaches. Sadly, if we stick with procurement-driven approaches and try to force-fit open source into them, we will be gamed.

Monday Feb 23, 2009

Hear Me Speak - Free

In the unlikely circumstance that you are longing to hear me speak about the adoption-led market and the emerging new business reality it is driving, and on the assumption you can get to New York on Wednesday March 18, you'll be delighted to hear that I'm on the agenda for CommunityOne East along with friends Tim Bray and Geir Magnusson among many others who you almost certainly will find compelling even if I'm not. CommunityOne is free to attend, unless you want some deep training on March 19 on MySQL for an extra $200.

Thursday Feb 12, 2009

Old Code and Old Licenses

Brussels Cathedral towers and moon

I was in Brussels at the weekend to attend FOSDEM, one of the handful of "real" Free software developer conferences I attend each year (another is LCA which I went to in Hobart two weeks ago). I was once again honoured to be able to briefly speak to the assembled audience as I did two years ago. This time I announced a small license change to some obscure code, written before the GPL was finalised, to fix a problem for Linux.

Why would that interest anyone? Well, the code in question is the original implementation of Sun RPC, which went on to become RFC 1057 and today is a core part of every UNIX-family operating system. Including Debian GNU/Linux.

The way the code was originally licensed was exceptionally liberal. Written in 1984 or earlier (before the GPL existed), it allowed unfettered use of the Sun RPC implementation in any program for any purpose. The only significant restriction imposed, entirely reasonable to most eyes then, was to say that the module itself could not be sold as-is, only as part of a larger work.

What was liberal is now conservative

Times change. During the 80s, Richard Stallman's Free Software movement established the four freedoms. During the 90s (1994-7), the Debian Free Software Guidelines established a need for the code in their distribution of GNU/Linux to be fully Free software. By the beginning of this decade, Debian maintainers were making a serious effort to audit the millions of lines of code in Debian for true DFSG compliance. And in 2002, they found the old Sun RPC code in core Linux files glibc and portmap.

Reading the history for Debian bug 181493 tells the next part of the story. Inside Sun, the challenge of finding the code in question was Just Too Hard, and the things reached an uneasy impasse.

The issue came back to life last year when the bug was re-asserted as part of the run-up to the Lenny release. I was contacted both by folk at Debian - notably my friend Ean Schuessler - and at Fedora asking if there was anything I could do to accelerate licensing of the old code. Both projects had decided to take a hard line and removing the code from glibc and portmap was going to be a real headache, especially for the stability of glibc.


The task of relicensing old code can be pretty time consuming and involves people who are already much in demand.

  • First, the old code is often very old. The people who wrote it are no longer with the company, it is no longer part of a current product, we sometimes can't even be sure it ever came from Sun. We have to find the original code if we're to make any progress at all. Doing so might mean retrieving crates of paper from long-term storage and crawling through them.
  • Second, once the code is located, a legal expert has to look at the origins of the code and maybe once again crawl through retrieved paperwork to find the contracts behind the code. Their job is to determine if Sun actually has the right to change the license at all.
  • Third, someone has to believe it is their job with respect to the code in question to act on Sun's behalf to evaluate the change, authorise it and bind the company officially.
All this is time-consuming and expensive, and without a current code owner inside Sun it's touch-and-go whether anyone can find either the staff time or the budget to run a license change through to completion.

With help both from Ean and friends at Debian and from the Fedora team at Red Hat, we managed to identify some modern OpenSolaris code that matched the code in Linux. This was a key step. It meant we could trace ownership through the comprehensive records for OpenSolaris and start the process moving. By last week, we finally reached the point where we felt comfortable to relicense the Sun code involved.


On Saturday I was able to tell Europe's Free Software developers that the licenses on the RPC code are no longer a barrier to Free software - we'll change the license to Sun's copyrights in the RPC code to a standard 3-clause BSD license, allowing inheritance of that licensing by both Debian and Fedora. I'm delighted to have been able to fix this problem, which arose not because of failure but because of the success of software freedom over many years and becuase of Sun's early commitment to it.

Wednesday Feb 11, 2009

The Third Wave on Video

While I was in Australia I recorded this video with the essence of my talk about the third wave of free and open source software - the adoption-led trend, the freedom to leave, the way it's Stallman's four freedoms that are the root of the value for enterprise use of FOSS and the way Sun's new organisation can deliver the value needed to succeed with open source.

Check out the full page too. I'm checking with them what happened to the Ogg version.

Wednesday Jan 28, 2009

Open Source Drives The New Sun

Full moon rising over cloud

The Register article reporting Ian Murdock's move to Sun's new cloud computing group seems to have irritated Ian and it does indeed seem to be an attempt to gather as many half-understood-half-facts as possible and sensationalize them.

Far from being a "shift in Sun's thinking from the open-source software mindset of two years back and into the nebulous cloud market", the restructure of Sun's business units (happened last November actually) demonstrates Sun moving to the next level with open source, since all three business units - that's the whole company, for those keeping count - are driven by the three viable open source business models:

Payment at the point of value
The Application Platforms group covers infrastructure software like JavaEE (Glassfish) and MySQL and its primary business model is the one I discussed a while back where Sun drives adoption of the software and then sells the means to sustain value as the customer scales deployment.
Open Source Firmware
The Systems group covers storage, servers and the software chiefly associated with them and sells high-value, low price-point systems where the open source software is the operating system or firmware. You could often make the same systems yourself if you wanted; Sun does it better, at lower cost and with full support. Take a look at Open Storage and its use of OpenSolaris, ZFS and DTrace to get the idea.
Cloud Computing/SaaS
The new Cloud Computing group that Ian has joined (leaving his job running developer marketing - he's not been at OpenSolaris for quite some time) plans to run its cloud on open source and sell a reliable, supported, scalable service over the network.

From this you'll see that, far from moving away from open source, Sun has put it at the heart of every business unit. Maybe that would have made for an even more sensational story if the journalist had asked?


Thoughts and pointers on digital freedoms and technology markets. With a few photos too.


« February 2017