Thursday Oct 08, 2009

Building a Scorecard for Open Source

Perching Gull

In my previous posts, I've drawn an analogy between open source software and organic food, hinting that in both cases the rush to create a working brand lost some of the essence of the vision. I've suggested that having businesses identify "open source" purely on the basis of one "input" - using an OSI-approved license - is no longer adequate, because the success of the open source approach has led so many different companies to want to exploit the name. The need is clear; so many companies want to describe themselves as "open source businesses" that debates about "open-core" and "open source business models" were dominant at Open World Forum.

To address this, I'm proposing the Open Source Initiative go beyond the Open Source Definition and the Free Software Definition to devise some sort of a Software Freedom Definition which articulates a holistic vision of software freedom against which businesses can be benchmarked. I propose also creating a self-certified score-card which companies can complete to indicate the approach they are taking to promote software freedom as part of their business model - maybe "the Open Source Audit". I'd then expect abuses to be policed by the community at large with final arbitration from OSI.

What would be included in the two? My initial thoughts are that it should include 7-10 elements, each of which have a "yes/no" answer and each of which should be backed by a more detailed definition to make clear whether the answer is yes or no. Sample questions might include:

  • Is the license OSI-approved?
  • Is the copyright under diverse control?
  • Is the community governance open?
  • Are external interfaces and formats standards compliant?
  • Does your community operate under a patent peace arrangement?
  • Are trademarks community controlled?
  • ...
and so on. Suppliers could then state "This product achieves 4 stars on the 10-point Open Source Audit" as they self-certify. In addition, procurement policies could then state they required a minimum number of stars for products and services they procure. And the only companies that could claim to be "an open source business" would have all products scoring 10/10 - probably very, very few. A focus on software freedom - the code, rather than the company - is the answer to the issue.

[Also posted on my OSI blog. You can also watch the talk.]

Thursday Oct 01, 2009

Truth In Labelling

When I wrote about Organic Software recently, I was largely eulogising the community dimension of open source software. But there's another way in which the idea of "organic software" is helpful to understanding the dynamic in free and open source software. Here are the comments I have been making at Open World Forum here in Paris.

Heather

Reading Michael Pollan's excellent book The Omnivore's Dilemma gives an insight into the real vision of the community behind the term "organic" as applied to food. Pollan describes spending what were clearly a few life-changing weeks at a New England farm that "farms grass". They feed the grass to cows for dairy and for meat. They fertilise the grass with chickens, which give eggs and meat and themselves clear the waste left by the cows. They have a complete cycle of production, working the land and returning it to richness and fertility rather than treating it as a "natural resource", exploiting it for monoculture and relying on petro-chemicals to keep it going. This sustained cycle of richness was the original vision behind "organic" - a rebellion against industrial food, yes, but a positive rebellion leading to skilled people with quality lifestyles farming sustainably and leaving the land better than they found it while producing wholesome and natural food. They treat the farm like an organism - which was in fact the origin of the term.

Branding

"Organic", of course, is just a brand. Brands ought to be good things - attention-markers that classify their bearer in the group of things we trust. The appropriation of the term drives my scientifically-trained friends nuts, because they (like me) were taught to understand the word as a classification for carbon chemistry. But it's a strong brand that people seek out, and that strength has itself led to a problem.

Seeing that "organic food" rang bells for consumers, the food industry wanted to use the term to label their products. There's a problem, though. The food industry has optimised their supply chains by driving monocultures in different regions, driving down prices by commoditisation. They further exploit government subsidy for things like maize and petroleum by-products to drive up yield as the monocultures use them to increase crop volumes - at the expense of the land. All the exact opposite of the vision that led to "organic", in other words.

But people were willing to compromise in order to achieve a little good - "surely it's better to have something than nothing?". The food industry managed to get "organic" defined not holistically but in terms of "inputs" - the things needed to drive the monocultures. Rather than changing their production and economic systems, they simply switched to techniques so that the monocultures could come to harvest without artificial chemicals. The rest of the context? All the same. So today, most people think of "organic" as just meaning the absence of artificial additives and fertilisers in the ingredients in the foods we buy.

But "organic" means far more than just "inputs". It actually describes a whole approach to food, embracing the lifestyle of the producer, the lifestyle of the customer and the relationship between the two. It implies "slow food, "local food", animal welfare, local diversity, sustainable agriculture, environmental awareness and more. Reducing it down just to the "inputs" misses the core values of "organic" and leads people to false conclusions (like the recent UK agency report denouncing organic food as no more nutritious than processed food). Inputs and nutrition are the currency of industrial food, where supposed health claims are the benchmark for marketing something unpalatable by ignoring the stuff that would make you run away (something that happens in the property market too). Hearing "organic" measured by them is a sure sign that the speaker has co-opted the brand rather than embraced the lifestyle and values.

Organic Software

Fruit stand in São Paulo

Which leads me to "organic software" again. An open source project is what happens when people gather round a free software commons to synchronise a fragment of their interests alongside others doing the same. To succeed, it depends on a mesh of factors, not just on the way the copyright is licensed (although that's important of course). Ultimately to proponents of open source communities and of free software, it's not just about ... well, it's not just about any one attribute. What's happened to software freedom when it was branded as open source seems to me analogous to what has happened to holistic agriculture when it was branded as organic. A valuable brand was indeed created - companies wouldn't want to use it otherwise.

The various discussions about the state of open source here at Open World Forum in Paris seem to me to often miss the heart of the issue for the software marketplace. The reason open source has made such a huge impact is that it delivers software freedoms to software users. Software freedom is the key, and a company with a focus on open source will do business by delivering value through software freedom. There's no one way to do it - every business will have a different model. But any company wanting to affiliate with the open source and free software movement needs to be graded on their impact on software freedom.

Software Freedom Means Business Success

A focus on software freedom isn't just for the revolutionaries. All the values that make CIOs pick open source software are derived from software freedom:

  • The freedom to use the software for any purpose, without first having to seek special permission (for example by paying licensing fees). This is what drives the trend to adoption-led deployment;
  • the availability of skills and suppliers because they have had no barriers to studying the source code and experimenting with it;
  • the assurance that vendors can't withhold the software from you because anyone has the freedom to modify and re-use the source code;
  • the freedom to pass the software on to anyone that needs it, even including your own enhancements - including your staff, suppliers, customers and (in the case of governments) citizens.
When software users are deciding which suppliers to deal with, they need to know whether their software freedoms are being respected and cultivated, because their budgets and success depend on it.

Truth In Advertising

That's about more than just licensing. It also includes factors such as diversity of copyright ownership, representative leadership, use of open standards, patent safety, control of trademarks, openness of governance and more. While measuring such "inputs" can never wholly identify the holistic concept which is software freedom, I am still convinced the next step for open source is to devise "open source definitions" for these other key attributes, so that we can get away from an undefined and loose understanding of an open source business and instead have a more nuanced approach.

What I would like to see is a move by OSI to create a suite of "open source definitions" against which a business could grade itself, and then indicate how many "stars" they score against the full suite. There would be very, very few businesses able to score a full set of stars, but the transparency of being able to see how companies rate in cultivating (rather just exploiting) software freedom would benefit us all in creating a strong, open market. We could set benchmarks in our procurement guidelines, requiring "no less than a five-star rating on the open source benchmark", just as we require ISO9001 and similar ratings. OSI as an organisation is ready for this evolution of its role. Who wants to help make it happen? It's time.

[Also posted to my OSI Board Blog]

Wednesday Sep 10, 2008

Project Kenai and Supporting OSI

As part of a series of open source activities around Software Freedom Day, Sun quietly rolled out a cool new open source facility this week. Before I tell you about it, I should mention I've been part of the revived discussion considering open source license proliferation and the Open Source Initiative (OSI). As you may recall, I am keen to fix the problem of the proliferation of open source licenses, even to the extent to asking OSI to regard two Sun-created licenses (SISSL and SPL) as no longer for active use.

License Choice

One of the approaches advocated in that discussion is to run open source hosting facilities that only allow a subset of licenses, making most licenses unavailable to new projects. While the ideology behind the selection may appear sound, I think that's the wrong direction to take. If OSI is to have any relevance in the future, we all need to respect its decisions and strengthen its authority. If we think they were or are now wrong decisions, we need to help OSI put its house in order and not usurp its authority and put ourselves unilaterally in the place of arbiters of what is a "true" open source license.

Project Kenai License Selection

That's why I'm pleased to say that the new community hosting system Sun opened for beta this week, Project Kenai, uses the OSI License (Anti-)Proliferation Committee's report as the basis for license selection for new communities. Expanded list of Kenai licenses

When you create a new hosted project, Kenai offers first of all the "recommended" licenses ("Licenses that are popular and widely used or with strong communities"). If you're looking for a specific license, you can "grow" the list to show the rest of the OSI-approved licenses. Finally the deprecated/retired licenses are available if you specifically request to use them (since OSI doesn't un-approve licenses). Hopefully this approach will cause new projects which don't have a specific license in mind to choose from the small pool of common licenses, while at the same time allowing existing communities to use the licenses they already prefer.

Community Hosting

Project Kenai is pretty interesting in all sorts of other ways, of course, not least that it's a Ruby on Rails application. Tim has some of the technical details on his blog. We created it because we realised that, with Sun involved in upwards of 750 different open source projects, acting as host for some reasonable number of them, we needed to have some hosting infrastructure of our own. It also gave us an opportunity to build a large-scale site using modern techniques, as well as to offer the facility as a service to the open source community at large.

It's more than just a "forge" offering Subversion and Mercurial - it includes infrastructure for social networking within and between communities as well, and the development team is continuing to enhance these. They're not quite ready to open the doors to new projects yet, but if you have a project you would like to host there, please contact me for an invitation to the beta programme and get in on the ground floor. And of course you are invited to explore the system and to join in with existing projects if you want - no invitation is needed to do either of those things. Take a look especially at the new xVM Server project, launched yesterday.

Sunday Mar 16, 2008

Software Freedom: More Than Copyright

New Forest Reflection

I was surprised last week to see a posting from Michael Tiemann, the President of the Open Source Initiative and a VP at Red Hat. Any posting with a subject of line of "Simon Phipps Was Right" is bound to catch my eye, but this one was especially unexpected because in the original discussion I had thought that Michael was largely right! Michael's posting graciously said:

Simon, I'm beginning to think that you were right and I was wrong. You said a standard's process is a crucial aspect of the standard's product, and a process that is not open cannot be trusted to produce a product that can be considered open. I maintained that I had seen and used many wonderful standards that took absolutely zero input from me, and therefore I didn't see my participation as a necessary prerequisite for assuring quality in the future. I believed that no matter what the process, a standard should be judged by the product. Watching the fallout settle from the [ISO ballot resolution meeting] in Geneva, I'm beginning to think that you were right and I was wrong.

I've been thinking about the posting for a week or so now and I've tried to respond thoughtfully. Here is the response I sent to Michael (still awaiting moderation):

Thank-you, Michael - it's not often I see a posting like this. Actually, when we spoke about this at OSCON I found I agreed with many of your arguments, even if that doesn't show in the on-list discussion. The problem is that standards are orthogonal to open source, and attempting to define them in a way that promotes and protects software freedom may be impossible. It's been said that when we create any system we create the game that plays it. The standards system is fully mature and as such is fully gamed, as the DIS29500 debacle you reference is proving.

Maybe a more productive approach going forward is to try to do for the other kinds of so-called intellectual property what the Open Source Definition (OSD) currently does for copyright licensing. Perhaps we need to rename OSD to "Open Source Copyright Definition" and then work on an "Open Source Patent Definition", so that we can avoid the kind of entrapment that software patents can threaten? And as you know I am convinced we need an "Open Source Trademark Definition" to help us as a community of communities to avoid the IceWeasel problem.

If these are interesting, I'd be pleased to spend time exploring them together. Let me know.

New Definitions

The current Open Source Definition doesn't actually define Open Source - rather, it defines a subset of the requirements that protect software freedom, in this case the copyright license. I actually think renaming it ("Open Source Copyright Definition"?) would be good since there's more to Open Source than just the copyright license. I then suggest we explore creating an "Open Source Patent Definition" and an "Open Source Trademark Definition".

What would be in these two new definitions? Both would need to define what promotes software freedom and how it can be protected. Both would need to be pragmatically principled.

  • An Open Source Patent Definition would do for patents what the OS(C)D does for copyrights. I've posted a lot on this subject before, notably in Protecting Developers from Patents and Ten Reasons The World Needs Patent Covenants, so I'd go mining there for my contributions to the discussion. But it may also be that in addition there needs to be a call for patent law reform, maybe as I outlined in Seven Patent Reforms While We Wait For Nirvana.
  • When it comes to an Open Source Trademark Definition, we would need to similarly define the signs that a developer or user needs to know whether software freedom is being promoted in a trademark policy. I've not written about this yet, but I do believe we need to collectively understand the bounds trademark law places on people who have responsibility for trademarks (read: all developers and open source communities as well as all vendors). We then need to construct a path that promotes software freedom without placing impossible demands on trademark owners to behave in ways that are contrary to their responsibilities.

This is not easy stuff. But I do believe that certain recent events between the open and proprietary software worlds mean that it's time for software freedom fighters to get together and work on these things. I'm ready to work on it. What do you say, Michael?

About

Thoughts and pointers on digital freedoms and technology markets. With a few photos too.

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today