Open Sources | Rodrigues & Urlocker | March 2007

MORE ENTRIES

March 2007

March 30, 2007 | Comments: (0)

Novell this week dissolved its Linux Impact Team (LIT), headed by Nancy Faigen, and rolled the members of LIT into the regional sales teams. While disruptive to the individuals involved (and the LIT had some of Novell's very best employees - John Vigeant before he went to XenSource, Seth Shaw (not sure where he landed), Walter Knapp, etc.), I think this is a good move for Novell. It's time to stop treating Linux as a distinct part of the company's business, and make it the company's business. Everyone in the company's business.

This has been the case since SUSE was acquired, of course, but having a distinct team to focus on Linux almost gave others an excuse to focus on it a little less. A psychological thing, perhaps, but very real in my opinion.

At any rate, I think it's a good move on Novell's part. I'm sure there will be members of LIT who won't like it, but this is in the company's best interest.

Posted by Matt Asay on March 30, 2007 10:15 AM

March 30, 2007 | Comments: (0)

Oracle customers are talking, but what are they saying? (CNET)

Stephen Shankland of CNET has interesting commentary on Oracle's recent Linux customer press release. In that release Oracle trots out 26 customers that are buying into Oracle Unbreakable Linux.

Or are they?

As Stephen suggests, the press release is interesting for all that it does not say, as much as for what it does say:

• Although all 26 customers are buying Linux support from Oracle, only IHOP specifically says it's using Oracle's version of Linux; last week, Yahoo said separately it also is.

• Of the 10 quoted customers, four also say they're using other Oracle software. Many believe the most likely prospects for Oracle Linux support or software are those who already are customers for other Oracle software.

• Although Red Hat is the most likely competitor in the Linux deals, given its market dominance, IHOP is the only Oracle customer to say it switched from Red Hat.

As I mentioned, it's highly unclear that any (except IHOP, which makes a great butter-pecan syrup, btw) have actually dumped Red Hat. Or even decreased the amount of support/service they buy from Red Hat. Or even that they've opted to replace their Red Hat bits with Oracle (Linux) bits (because it is a Red Hat fork, whatever Oracle may say).

Surprising? No. Why would you dump your primary Linux vendor to shave a few pennies? In fact, my bet is that these same customers are continuing to pay Red Hat for RHEL...and are using Oracle for supplementary support. I have no data to support this hunch - just enough experience to know that for any mission critical application, which increasingly run on Linux, few are going to take the risk of moving to an uncertified OS simply to save a few pennies.

The devil is in the details. But few details are forthcoming.

(Of course, it's almost a guarantee that none of these 26 Oracle customers are using the Oracle Unbreakable Linux support for anything beyond the Linux that undergirds their Oracle databases. That's fine, as Oracle has always said this move was to better support its own database customers.)

Posted by Matt Asay on March 30, 2007 09:52 AM

March 30, 2007 | Comments: (0)

Google too powerful? (BusinessWeek)

BusinessWeek has a great cover story this week on the rise and apparent omnipotence of Google. Lately, Microsoft has been looking very fallible, forcing us to look around for a new company to demonize. Google has assumed that mantle.

BW did an interesting Q&A with Eric Schmidt, CEO of Google, and had this telling interchange:

Is Google too powerful?
Too powerful relative to what? I mean that as a question, not as a statement.

Some people feel that Google is now or potentially could become too powerful in that it has such sway over where people go online. People worry that Google could become the gateway, and by extension the toll gate, by which people reach the Internet.
I disagree with essentially every half-sentence here. Here's why: This is all about user choice. And the studies that I've seen indicate that a majority of users are choosing Google to get information. That's great. We could lose that in a nanosecond.

Could you really?
Yeah. Were a better choice to come along, we are literally one search away. This is not like proprietary lock-in models, where users are forced to use Google....[M]y point is that to say Google is too powerful implies that users are somehow making a wrong choice.

Schmidt is spot on in this. Unlike with proprietary software, where if you buy into an ecosystem and a lack of standards or investment costs keep you locked in forever, Google's "lock-in" on its most important product really is a mouse-click away from bankruptcy for the company.

Compare this to Microsoft. I took a stroll through the company's License Advisor yesterday, and found the third question on the list to be highly correlated to the first question:

Choose to standardize on Sauron and when you pay really doesn't matter - you'll be writing checks forever. You can choose to pay annually, minutely, secondly, etc. But you can't choose whether or not to pay. That choice is made for you the minute you "centralize" on Microsoft.

Not so with Google (or open source, for that matter). I suppose this is a weakness for Google but then, business really is always about providing superior service or a product. Lock-in is a way for weak products to pretend that their buyers actually like them. Google apparently doesn't need to resort to cheap proprietary parlor tricks to keep customers.

P.S. I tried to click "Next" on that Microsoft Licensing Advisor page and sign my life away, but since I was using Firefox instead of Internet Explorer, the page wouldn't work. Thank goodness for lock-in (I mean, lock-out)! :-)

Posted by Matt Asay on March 30, 2007 07:15 AM

March 29, 2007 | Comments: (0)

GPLv3 goes weak on protecting freedom (ASP loophole resurrected)

I completely missed this on my quick read-through of GPLv3 (Draft 3) yesterday. The FSF, as Fabrizio rightly declares, completely neutered the GPL for the 21st Century of software. (Note to the FSF: Never upset an Italian. It's not pretty.)

That means 75% of the future software (which is going to be SaaS) could be offered by leeches, that suck the soul of open source for their pure benefit. They make money, while others work for them for free, to make them rich. Rich without returning anything that could benefit the community of whom they are parasites. As you can read in this interview, Google is really happy about the GPLv3 draft. Of course they are!!

I am honestly upset. My feeling is that the Free Software Foundation (FSF) did not have the [guts] to push this forward. I can understand it, because the special interests involved are big and you need to pick your fight. But they picked the wrong ones. Covering the use of open source in SaaS was the one to fight. You cannot go after TiVo because puts Linux in a box, but not after Google because it puts it behind a firewall. Just because it is Google. The vast majority of software will be run as a service, not in appliances. The world is not going there. The world is going SaaS.

Fabrizio is right. 100% right. The worst part is that it makes absolutely no sense why they did this. The ASP loophole closure was part of Section 7, which includes optional components, which you can remove from the license. Yes, this breeds complexity (which version of GPLv3 are you using?), but in larger projects (like Linux) I believe we'd see a herd effect (everyone going with or without the anti-ASP clause), and in other projects...who cares?

I was pushing for my company to use GPLv3, but the FSF just removed the number one reason to do so (and, I believe, the number one reason for many commercial open source applications to do so). The FSF, as Bryan Richards suggests, just made Linux and a lot of GPL'd software irrelevant to the future, in order to potentially preserve today's status quo.

Bad decision. Google wouldn't go out of business tomorrow if GPLv3 allowed for the closure of the ASP Loophole. Neither would Salesforce.com or others that make use of modified, GPL'd Linux. But hordes of open source applications could come into business through the protections of freedom that closure of the Loophole would have afforded.

I never would have thought RMS and Eben would capitulate....I was wrong. Bryan writes:

The future is networked. The GPL isn't.

Bruce Perens wrote in a recent article that if Novell didn't adopt the GPL3 with the provisions blocking their patent agreements with Microsoft then it "may freeze them in amber as an example of the state of software in early 2007." Maybe. But with the this latest draft of the GPL3, the Free Software Foundation may have served up a license that best represents the software of 1989 and have transformed a loophole into a tunnel you can drive a truck through.

Amen. A very sad amen.

Posted by Matt Asay on March 29, 2007 03:58 PM

March 29, 2007 | Comments: (0)

Red Hat rolls on (Analysis from its Q4 earnings call)

Red Hat continues its bullish run, but a bit less profitably than previous quarters, as reported by Forbes and other sources. Red Hat nailed $400M in FY 2007 revenue, up 48% over the previous year.

Sales were up 41% over Q3, but profit in Q4 decreased to $20.5 million, or 10 cents per share, from $27.3 million, or 13 cents per share, in Q3. Profit was pulled down by higher operating expenses, which were up 66 percent to $77.1 million, from $46.5 million in the same quarter last year.

Total revenue for the quarter was $111.1 million, an increase of 41% from the year ago quarter and 5% from the prior quarter. Subscription revenue was $95.9 million, up 44% year-over-year and 8% sequentially. For the full year, total revenue was $400.6 million, an increase of 44% over fiscal 2006 revenue, and subscription revenue was $341.2 million, up 48% from the prior year.

Net income for the quarter was $20.5 million or $0.10 per diluted share compared with $14.6
million or $0.07 per diluted share for the prior quarter. Non-GAAP adjusted net income for the quarter was $32.7 million, or $0.15 per diluted share, after adjusting for stock compensation and tax expense as detailed in the tables below. This compares to non-GAAP adjusted net income of $29.6 million, or $0.14 per diluted share in the prior quarter.

For the full year, net income was $59.9 million or $0.29 per diluted share, compared with $79.7 million or $0.41 per diluted share in the prior year. Non-GAAP adjusted net income for the year was $113.6 million or $0.54 per diluted share, compared to $77.9 million and $0.40 per diluted share the year before.

Non-GAAP operating cash flow, as detailed in the tables below, totaled $56.4 million for the quarter and $217.5 million for the full year. At year end, the company's total deferred revenue balance was $338.6 million, an increase of 52% on a year-over-year basis and 9% sequentially. Total cash, cash equivalents, and investments as of February 28, 2007 were $1.2 billion.

Very good numbers, but the profits are of concern. Red Hat has always run such a tight ship - I can't imagine that the company is significantly deviating from that. Perhaps the sales required more travel to convince shaky customers to re-up. I'm not sure, but missed the part of the call when Red Hat management discussed profit.

A few interesting points:

A Merrill Lynch asked about competitors and whether recent rumblings (Oracle, Microsoft, etc.) have affected Red Hat. Matthew Szulik's response was classic (I'm paraphrasing): "Since Red Hat's inception, dealing with bigger competitors - hardware, software - has been a fact of life for us. We compete by providing value to our customers, and will continue to do so."
Average length of contracts has continued to be ~18 months, with no change in discounting or other incentives to drive long-term deals. Matthew was emphatic that they have not had to resort to discounts to compete.
On Microsoft/Novell, Matthew Szulik indicated that Red Hat has been working with (and will continue to work with) Microsoft to improve Linux/Windows interoperability, which I found interesting. That's the first I've heard of it, though I knew Red Hat was talking with Microsoft before....
A Citigroup analyst asked about JBoss integration...and Charlie Peters indicated that sales/marketing/engineering are all fully integrated into Red Hat. I know that this has not been painless (at least, from the JBoss side), but I'm not sure how telling that is. It's hard to be assimilated.
Global Equity Research asked about Yahoo's alleged defection to Oracle. Matthew indicated that he spoke with Yahoo! executives yesterday, and they were "quick to affirm their support for Red Hat." They expect to continue to use and expand Red Hat Enterprise Linux usage within Yahoo!
This same analyst (Mark Murphy) also asked about how it's going selling subscriptions to JBoss, given how good the product works (such that many elect to use JBoss without buying support). Matthew indicated that Red Hat has brought JBoss into new channels and new geographies (EMEA, APAC), and has been successful in adding value to JBoss subscriptions such that uptake has been strong (and better for Red Hat's involvement). In addition, JBoss traditionally hadn't sold many three-year deals, but that length of deal is going up considerably with Red Hat's involvement.

That said, Charlie did indicate that he's not going to separately break out JBoss revenues going forward, perhaps to guard a Still, he also said that JBoss is Red Hat's "fastest growing product on a percentage basis."
Someone asked about acquisitions (given Red Hat's growing cash horde), and Charlie cautioned people to expect Red Hat to "not go up the stack, but rather "across the enterprise," from development to production. I have no idea what this means. It must mean something to Red Hat in terms of the kinds of companies it buys (if any), but what, exactly, does it mean? Does it mean it would buy an open source ESB? Or a developer tool company? Or what? Not super important, but I was left scratching my head on Charlie's "guidance" on this one.
Maynard asked about RHX, and whether the guidance for FY 2008 includes RHX revenues. Matthew indicated that it is not. RHX is designed to augment the growing role of Red Hat's channels in bringing its products to the market. It's supposed to be complementary to existing channels - customers (new and old) learn about Red Hat (or its partners') products, and buy and get support online. So, it's not something that sales reps will be quota'd against, but rather just another way to buy into the Red Hat ecosystem. Matthew later said to think of RHX as "upside," and that no one should hold it to a material revenue increase.
Renewal rates. Charlie said renewal rates continue to improve, but are better for direct sales versus indirect channels (and that the company is trying to improve renewal rates for its indirect channel sales).
Top 20 customers all renewed at 120% of dollar value over last year.
JBoss did not make its earn-out target for the year.

All in all, very impressive. Some wonder why I'm a Red Hat fan. It's because the company delivers. It executes.

I heard from a friend that I'm persona non grata over at Novell these days. Not surprising. But, Microsoft patent deal aside, my main problem with Novell is that it doesn't execute. It was my biggest complaint when I was an employee of the company, and absence has not made my heart grow fonder of ineptitude. If you want to be taken seriously in business, you deliver. Red Hat delivered today, as it did last quarter, and the quarter before, and....Oracle? I have my issues with the company, but it delivers. Same with Microsoft. Open source is not an excuse for ineptitude - it amplifies it.

Congratulations to the Red Hat team on another excellent quarter.

Posted by Matt Asay on March 29, 2007 01:19 PM

March 29, 2007 | Comments: (0)

Time-based release methodologies and open source communities

Martin Michlmayr has just finished his doctoral dissertation at the University of Cambridge, and has posted it online. I've reported on some of Martin's other work before, and think it's fascinating. (Btw, if you don't want to plow through his dissertation you can find some of his commentary on his blog, as well as a summary on Linux.com.

What is Martin's research?

This research has identified considerable interest amongst the FOSS community in a novel release management strategy, time based releases. In contrast to traditional development which is feature-driven, time based releases use time rather than features as the criterion for the creation of a new release. Releases are made after a specific interval, and new features that have been completed and sufficiently tested since the last release are included in the new version.

This dissertation explores why, and under which circumstances, the time-based release strategy is a viable alternative to feature-driven development and discusses factors that influence a successful implementation of this release strategy. It is argued that this release strategy acts as a coordination mechanism in large volunteer projects that are geographically dispersed. The time based release strategy allows a more controlled development and release process in projects which have little control of their contributors and therefore contributes to the quality of the output.

I think this is useful information, and certainly matches what I see happening in the commercial open source world. I don't follow projects like Debian and such closely enough to know if this is happening there, but I'll take Martin's word for it.

Unlike previous research which has described FOSS development as unstructured and unorganized, the present work has identified a major shift in large and complex projects towards a more organized and planned approach using increasingly disciplined processes. This finding suggests that FOSS development is gaining maturity, possibly in part as a response to new requirements of users and large corporations which rely on the output of FOSS projects. (175)

Interesting, and particularly because the way it is maturing is apparently by becoming more like proprietary software (in terms of release methodologies):

The introduction of time based releases is an effective mechanism to establish better planning in projects with little control over voluntary contributors. The evidence found in this research suggests that time based releases are more appropriate in complex FOSS projects than feature-driven releases because the completion of features in volunteer projects is hard to predict and therefore makes planning difficult, if not entirely impossible. (175)

I find this fascinating. I actually don't think it exclusively applies to community-based projects (as opposed to commercial-based projects), as the longer a commercial open source vendor (or proprietary vendor) is in business, the more its customers push it to time-based releases (because it makes it easier to consume the software that way). That was certainly what I heard at Alfresco's Customer Advisory Council last week in New York: "Slow down!" "Release early and often" is still a good release strategy, but perhaps for a different audience...

Why do time-based releases help coordinate projects?

The time-based release strategy is effective because it is associated with two factors that can be considered as coordination mechanisms: regularity and the use of schedules. Regularity establishes reference points, contributes to familiarity with the release process and leads to a more disciplined development process. Schedules are a means of describing dependency information between different work items and to set deadlines and milestones. As such, time based release management allows contributors to perform their work with a high degree of independence, thereby reducing the amount of active coordination required. (175)

In short, time-based release strategies work in open source for the same way that they work in proprietary software: deadlines help focus development and make consumption of the software easier on customers.

Proprietary vendors are increasingly exploring open source development methodologies. And now, apparently, open source communities are exploring prorietary development (or, at least, release) methodologies. There are strengths on both sides, so it's good to see interaction between the two.

Btw, speaking of interaction, one thing that Alfresco has found useful is to keep the pace of our Community product (functionally equivalent with our Enterprise product - we don't have a base version and then a pro version) very fast and slow our Enterprise product. Customers have asked for this, just as they once asked Red Hat and Novell SUSE to slow releases for Linux.

In our case, it helps us because it allows us to fuel our community with the latest and greatest in Community, while providing value for paying customers in Enterprise (more rigorous testing, longer release cycles, etc.). The Community-development is fast enough that it never becomes fully baked, nudging enterprises that need a production-grade system to opt for Enterprise.

It turns out that enterprises will pay for you to be stodgy, slow, and safe. :-)

Posted by Matt Asay on March 29, 2007 07:51 AM

March 28, 2007 | Comments: (0)

Oracle Linux customers: Finally they're talking (UPDATED)

Oracle today announced a range of customers that have signed up for Oracle Linux. It's an impressive list.

How much money changed hands is not known, and won't be. In fact, it's completely unclear from the language used in the press release that anyone is actually using Oracle Linux at all. They're paying Oracle for support, but are they paying Oracle support on top of Red Hat support? Or are they using Red Hat's software and simply paying Red Hat to support it? (This is another way of saying that they'd be paying both for Red Hat Enterprise Linux/support and Oracle support on top of that.)

In short, it's not clear to me anymore in re-reading it that anyone is actually swapping out Red Hat Enterprise Linux for Oracle's Unbreakable Linux at all. Read a few of these glowing quotes:

"We at IHOP see tremendous value in the enterprise-quality, lower cost support delivered by Oracle's Unbreakable Linux program," said Patrick Piccininno, CIO, IHOP. "Oracle provides the responsive support we need to deploy and maintain Linux-based solutions, and the switch from Red Hat support couldn't have been easier."
"At Timex, we are excited to take advantage of the opportunity the Oracle Linux support alliance offers," said Archana Deskus, CIO, Timex. "With the Oracle Unbreakable Linux offering, we are now able to rely on one partner to meet the Linux and Oracle support requirements, greatly increasing our efficiency and reducing our costs."

"At Diebold, we run Oracle Business Intelligence on Linux, supported with Oracle Unbreakable Linux Support," said Sean Forrester, Vice President, Information Technology, Diebold. "We take advantage of Oracle's global support organization, giving us access to the comprehensive, integrated, enterprise-quality support we demand."

See what I mean? The phrasing certainly seems to point to continued use of RHEL, while supplementing it with Oracle.

I'm willing to bet Red Hat hardly loses a dime in this. It's great if Oracle gains a few, but I don't think this is a win for Oracle against Red Hat.

If any of these customers are using Red Hat Enterprise Linux, I'm guessing they're going to keep doing so, just as Yahoo! is. In fact, Red Hat confirmed today (March 29) that Yahoo! is as committed to Red Hat as ever. Maybe more so.

Same thing as when Novell announced its Microsoft customers, some or all of them got screaming deals on the software to induce them to announce for SUSE, and none of them dropped their Red Hat installations.) So, it's not as if Oracle's gain is necessarily Red Hat's (or Novell's, in case these were SUSE customers) loss.

But it's still an impressive list:

Yahoo!, IHOP, Timex, Diebold, GlobeCast, ABC Stores, Stuart Maue, Replacements, Ltd., Mutual Materials and Hays Medical Center, BNP Paribas, Raley's, Powell Industries, Columbia Forest Products, Deseret Power, Fulcrum Analytics, New York State Insurance Department, The Cobalt Group, Stemilt Growers, The Gem Group, Stanford University, Vcommerce, Knife River Corporation, Primavera Systems, Centre de Services Partages du Quebec, and Spaulding Equipment Company.

I still don't understand why, other than out of spite, Oracle doesn't simply adopt Ubuntu and run with that, but perhaps it's the same reason that we used to start with Red Hat Linux back in my Lineo days (as did every other embedded Linux vendor of which I'm aware) - it was just easier to start with what was perceived to be the best.

Anyway, it's good to see Linux thriving, even if Oracle feels it needs to do so at Red Hat's expense. I'm assuming the world is big enough for both, especially if Linux sales start to cut into Windows' growth. So far, that hasn't happened. If Oracle can drive Linux into Windows shops, I'm all for that.

Posted by Matt Asay on March 28, 2007 08:10 PM

March 28, 2007 | Comments: (0)

Shai Agassi says "auf Wiedersehen" to SAP

I'm not the biggest fan of Shai Agassi, President of SAP's Products and Technology Group. I therefore think his announced departure from SAP is a net positive for the company. Shai is the one who made the terribly gauche comments about open source. (He narrowly got out of delivering Peter Graf's OSBC keynote which increased the SAP-rubbish-quotient-on-open-source, as Stephe Walli pointed out.)

He was the one who suggested that SAP's budget would atone for its many failings in innovating with SaaS. At least he wasn't the SAP automaton that said this about open source:

It is an option for operating systems and databases but not at the business application level," he said. "There are no open source ERP products that are any good for the high end, although it could be argued that they could be developed for the low end.

It might be true that his ERP business is today safe from open source, but it is emphatically, demonstrably silly in the extreme that open source is not hitting the business application level. This is so clownishly wrong that it almost begs someone to take der Bollo and give him a healthy dose of reality. I work for and advise several open source application companies, and our customers are Global 2000 companies with enterprise-wide deployments of Alfresco, SugarCRM, JasperSoft, Pentaho, etc etc.

Shai is apparently heading to the "alternative energy" sector. Good luck. I hope he learns a bit more about what it means to be disruptive, because SAP is stuck in a mental cloud that causes it to think that its proprietary business will last forever. It won't. Just ask Unix.

Posted by Matt Asay on March 28, 2007 03:15 PM

March 28, 2007 | Comments: (0)

Linus Torvalds likes Draft 3 of GPLv3 much better (CNET)

Let's face it: Linus' opinion of GPLv3 matters a heck of a lot more than yours or mine, and Stephen Shankland was able to get his read on this latest draft. Said Linus:

"I'm actually pretty pleased. Not because I think it's perfect, but simply because I think it's certainly a lot better than I really expected from the previous drafts," he said. "Whether it's actually a better license than the GPLv2, I'm still a bit skeptical, but at least it's now 'I'm skeptical' rather than 'Hell no!'"

In particular, one provision against digital rights management has been narrowed, and another that Torvalds feared could lead to multiple incompatible versions of the GPL has been removed or defanged.

"I'm much happier with many parts of it. I think much of it reads better, and some of the worst horrors have been removed entirely," Torvalds said.

I agree (again, not that it matters). I liked the previous version fine, but it was much more complex. Draft 3 is cleaner and easier to follow.

Posted by Matt Asay on March 28, 2007 12:45 PM

March 28, 2007 | Comments: (0)

Novell speaks up on the latest GPLv3 draft

On Bruce Lowry's blog (Bruce is the PR demi-god for Novell, and a great person) today he has Novell's position on the latest draft of the GPL. From his post:

We will continue to distribute Linux. Nothing in this new draft of GPL3 inhibits Novell's ability to include GPL3 technologies in SUSE Linux Enterprise, openSUSE, and other Novell open source offerings, now and in the future. This is good news for our customers....

We are firmly committed to continuing the partnership with Microsoft and, as we always have, fully complying with the terms of the licenses for the software that we ship, including software licensed under GPL3. If the final version of the GPL3 does potentially impact the agreement we have with Microsoft, we'll address that with Microsoft.

Not earth shattering, but it does make me want to take a closer look at the draft's implications for the Novell/Microsoft pact, as the pact is a primary reason for the draft's delay (as the FSF was looking for ways to close the patent loophole Microsoft exploited).

For instance, Draft 3 has this provision, which seems to undercut what Bruce says above:

Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims in its contribution, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contribution.

For purposes of the following three paragraphs, a "patent license" means a patent license, a covenant not to bring suit for patent infringement, or any other express agreement or commitment, however denominated, not to enforce a patent.

How does this not undermine the Novell/Microsoft "covenant not to sue" deal? As I read this (IAAL, but not a very good one :-), the Novell/Microsoft covenant not to sue would have to apply to all downstream users of v3 software. So, while Novell and Microsoft could shake hands on a covenant not to sue over alleged patent violations in Linux, for example, they'd have to extend that same protection to all users of the software (or those who have a copy of the software).

Or is that what it says? Actually, it talks about this applying to contributors, and not necessarily to those selling support around the software itself. A contributor is defined thus:

A "contributor" is a party who licenses under this License a work on which the Program is based.

So maybe this just means that anyone who licenses their software under v3 would have to grant a patent license? Still need to think this through....

As you know, I'm an ardent critic of the pact, but I also don't think GPLv3 will be well-served trying to eradicate the possibility that it, or similar circumventing agreements, will happen again. For that sort of governance, we have to rely on the community to speak up.

Posted by Matt Asay on March 28, 2007 10:47 AM

March 28, 2007 | Comments: (0)

Next draft of GPLv3 is now live

You can read the latest draft of the GPL (v3) here. I continue to be bullish on the draft, and hopeful that we can sort through the DRM/NRM (Novell Rights Management :-)/etc. so that we can get to a final version soon.

Some of the best (though still short) commentary I've seen yet on it is from Simon Phipps' blog.

Posted by Matt Asay on March 28, 2007 07:37 AM

March 27, 2007 | Comments: (0)

The open source download heist

Javier Soltero (CEO, Hyperic) has a great post taking the download bean counters to task for...counting downloads. Actually, his qualm is not with those who tout their download counts so much as those who a) inflate their download counts (so that they can flaunt them), b) assume that download counts substitute for community/value/revenues, c) both "a" and "b."

The correct answer, of course, is "c."

This means that while [an open source project's download counts are] somewhat indicative, and mildly amusing, tracking download counts is in no way a real diagnostic of a project’s success. When there’s money involved (as there always is in Commercial Open Source companies), there’s a built-in incentive to use raw download metrics as evidence that one project is ‘taking off’.

Javier then goes on to suggest a few ways that companies inflate their download statistics, disparaging both the outcome and the purpose behind doing it. (Btw, at Alfresco we felt 'less than' for a long time because we didn't have any tricky ways to game the numbers, but now that Javier has shown us how to do it...watch our downloads skyrocket!!! :-)

He therefore suggests - in the same way that grocery stores do for products with a "$0.00 per ounce" metric - that someone invent a way to measure real utility (which he suggests is best measured with community data points, rather than download numbers) in a project:

This is what the open source community needs. Price per ounce for downloads. A normalized download counter. The first step will be to defraud the numbers as they stand. The second, and more important one, is to start measuring the heartbeat of the community.

I agree. I'd actually suggest that a useful (though hidden to all but those who work for the companies in question) metric would be dollars-per-download. Or, in other words, how much revenue does your company have compared to downloads. It's not a good way of measuring community, but it is a very good way of measuring how much the buying community values one's software. I know from some experience that you don't need to have millions of downloads to have millions of dollars in sales.

In fact, as I wrote last year about JBoss, that company's downloads remained relatively flat while sales rose dramatically. It wasn't that downloads mattered more, but that the company figured out how to wring more dollar value out of them.

Isn't that what companies should be measured on? Money? I don't think shareholders care very much how many downloads one has if they're not feeding little Nathan....

Posted by Matt Asay on March 27, 2007 08:35 PM

March 27, 2007 | Comments: (0)

Killing radio...and none too softly (RIAA strikes again)

Eivind Throndsen of Trolltech sent me an email the other day that left me frustrated and discouraged. He passed along a message he received from Tim Westergren, founder of Pandora. I've blogged about Pandora before - it's a fantastic music service (along the lines of last.fm) that helps you to find new music.

Music that you buy. Music that pays those starving artists and their greedy music label landlords.

But despite the fact that Pandora actually helps people find more music to buy, the is inexplicably trying to kill it, as Tim writes:

I'm writing today to ask for your help. We've had a disastrous turn of events recently for internet radio: Following an intensive lobbying effort on the part of the RIAA, an arbitration committee in Washington DC has just dramatically increased the fees internet radio sites must pay to the record labels - tripling fees and adding enormous retroactive payments! Left unchanged by Congress, this will kill all internet radio sites, including Pandora.

I cannot fathom the depth of idiocy that the RIAA has descended into to make this move. I've said before that the music labels don't have an IP infringement problem - they have a payment problem. In other words, they need to think through facilitation of payment on the web. Honest people will continue to pay for good content, just as they always have. Most people are honest.

But all of this is somewhat beside the Internet radio rate hike. Internet radio is about exploration of new music. It's simply not a replacement for iTunes, the CD, vinyl, or anything else. It's a complement. Thomas Dolby ("She Blinded Me with Science") says as much in his guest column on the RIAA's own site:

I believe that we should encourage downloads of music, but on our own terms. It's great to introduce new fans to music, and the Web's a great place to get them hooked. But obviously, we want this to help us make money from the music, not give away the farm. So permitting the free duplication of digital songs as an alternative to a CD or tape sale is just not okay. We need to find ways to eliminate the illegal piracy of music without killing off the enthusiasm of Web music fans and the open marketplace that enabled its growth.

In short, "Downloading of music is not wrong, but we need to figure out good ways to facilitate it and to facilitate making money from/around those downloads at the same time." Agreed. I'm betting that Mr. Dolby would agree that Internet radio would drive more purchases than it would kill.

Why can't the RIAA join the 21st Century? Lots of people are making money in it. The RIAA is not helping its constituents to do the same.

Posted by Matt Asay on March 27, 2007 08:16 PM

March 27, 2007 | Comments: (0)

Baking community into companies

Jordi Mas has written a thoughtful post on the value of community in companies, and particularly open source ones. Community, as Jordi points out, is not exclusive to open source - Microsoft, for example, has a vibrant and active developer community.

But open source, because of its licensing, affords greater opportunities for communities to coalesce. Opportunity doesn't necessarily translate into actuality, as I've found in the open source companies with which I've been affiliated. Community is hard work, and requires a very different way of thinking about a product.

Regular readers of this blog will know that I think the right license is crucial to reaping the right community. Why? Because a community-friendly license firewalls the community somewhat from a company, so that they need not trust the company as much as the code. Javier, CEO of Hyperic, gets at this in a post of his own on community:

All of these things are what we had in mind when we released HQ under the GPL. In fact, it’s the driving force behind any open source software - a strong community will make or break a project. Some people like to brag about downloads as the penultimate metric of success, but it says nothing of how people are using it and interested in it. An active community will show the true heartbeat of a projects success.

I couldn't agree more.

So, how to tell when the community is truly driving your company? Jordi poses some questions that can help you determine just how community-centric you are:

Product
Is the product roadmap pubically available?

Is there any way for your community to prioritize the roadmap?

Are requests for new functionality handled in a open and transparent way?

Is your product well documented?

Are you providing infrastructures like wikis to make it happen?

Are your employees the only ones representing the product in conferences?
Development
Do developers from outside your company have privileges to make changes on the code base based on their knowledge? (meritocracy) Or are they second class citizens?

Are the architectural decisions shared with the community?

Is your development carried in open mailing lists and chat channels?

Does your development team live in the community? Or completely apart?
Engineering
Is there a public database of all know bugs? Or you still keep an internal database?

Do people document their changes using ChangeLogs and similar ways?

Are software releases done regularly to encourage participation?

I started trying to justify myself about halfway through the first question. It's hard to open up in the way Jordi's questions imply one must to gain community, but I think his questions lead to true community-building.

Most companies (proprietary or open source) have customer advisory councils that allow key customers to give feedback on product roadmap, quality of support, etc. We just had ours last week in NYC and it was very helpful.

But Jordi is talking about broader participation here. He's talking about truly turning a company inside out, so that the project becomes as important (or perhaps more so) than the company behind it. This is a very difficult leap of faith, but I think it's the right one.

Posted by Matt Asay on March 27, 2007 04:33 PM

March 27, 2007 | Comments: (0)

Linux Foundation announces BoD

The Linux Foundation, the combined OSDL/FSG group just announced it's BoD. Not too different than before.

The Linux Foundation board of directors includes:

James Bottomley, Linux subsystem maintainer and vice president and chief technology officer at SteelEye. Bottomley is an active member of the open source community and maintains the SCSI subsystem, the MCA subsystem, the Linux Voyager port and the 53c700 driver. Bottomley is the LF's Technical Advisory Board representative.

Wim Coekaerts, Linux VM tester and director of Linux engineering at Oracle. Coekaerts manages Oracle's Unbreakable Linux strategy. His group is working on and contributing to the first Cluster File System to be accepted into the Linux mainline kernel in 2006.

Masahiro Date, general manager, Fujitsu. Masahiro Date is the general manager of Fujitsu and has been involved in operating systems at Fujitsu including development and development management of Fujitsu proprietary operating systems and Solaris and Linux. Mr. Date has been active in the Linux community for many years, including serving as director of OSDL and FSG.

Doug Fisher, vice president, Intel's Software and Solutions Group (SSG) and general manager of SSG's Systems Software Division. Fisher is a veteran IT executive with a rich history at HP and today at Intel. He leads a worldwide organization responsible for a wide range of software development, including Intel's Linux and open source initiatives, and is the Intel corporate owner for virtualization.

Dan Frye, vice president, Open Systems Development, IBM. Frye is responsible for overseeing IBM's Linux technical strategy and IBM's participation in the open source Linux development community. He has also led IBM's Emerging Technologies and Business Opportunities team and co-authored the original IBM corporate strategies for Linux and open source.

Tim Golden, senior vice president, Bank of America. For the past five years, Golden has worked exclusively with Linux and open source software and has led several enterprise-level solution architecture, risk management, and infrastructure lifecycle management initiatives. He is also affiliated with several community-based organizations, provides consultation to industry financial analysts and occasionally works for select clients as an Olliance Group senior consultant.

Hisashi Hashimoto, section manager, Hitachi. Hashimoto is responsible at Hitachi for both workstations and mainframes. He also works with the Open Source Software Technology Center and is responsible for collaboration with other vendors and the OSS community, including the work with the Open Source Software Promotion Forum in Japan.

Christine Martino, vice president of the Open Source & Linux Organization (OSLO), at HP. Martino is responsible for HP engineering, marketing, open source community participation and linkage, as well as HP's Open Source and Linux indemnity and IP protection programs.

Marc Miller, open source software expert in the AMD Developer Outreach program. Miller is currently entering the seventh year of his tenure with AMD and is bridging a critical gap between industry-leading software development and cutting-edge microprocessor technology.

Brian Pawlowski, vice president and chief technology officer of Product Operations, NetApp. Pawlowski has been working on open protocols for storage since his earlier position at Sun Microsystems and was co-author of the NFS Version 3 specification.

Markus Rex, chief technology officer for the Linux and Open Source Group, Novell. At Novell, Rex is responsible for guiding the strategic direction of the technology platform and providing insight and guidance to the product development organization.

Tsugikazu Shibata, senior manager, NEC. Shibata has an extensive background in the development and management of proprietary operating systems, including work with mainframes and super computers, and belongs to the Open Source Software Promotion Center of NEC where he works collaboratively with vendors and the open source community.

Mark Shuttleworth, founder of Ubuntu. Shuttleworth is founder of the Ubuntu Project, an enterprise Linux distribution that is freely available worldwide and has both cutting-edge desktop and enterprise server editions.

Andrew Updegrove, co-founder and partner, Gesmer Updegrove LLP.
Regarded as one of the most influential legal experts on open standards and how they relate to open source and IP, Updegrove has worked with more than 75 consortia, accredited standards development organizations and open source consortia, and has assisted many of the largest technology companies in the world in forming such organizations.

Posted by Dave Rosenberg on March 27, 2007 11:34 AM

March 27, 2007 | Comments: (0)

Department of Homeland Security ups its investment in open source security

A year ago the Department of Homeland Security contracted with Coverity, a maker of a source code analysis tool, to harden open source software. (Stanford University and Symantec are also involved.) Basically, developers at open source projects (not primarily affiliated with a corporation) can submit their code to scan.coverity.com and have it scanned for security vulnerabilities. The project, as announced today, has been very successful.

In the first year, developers fixed an average of 16 defects a day. Many of the new projects are so widely used that a single serious defect could affect millions of people. For example, Coverity added regular scans of zlib, a compression program used in more than 500 applications, including MSN Messenger, Microsoft Office, QuickTime and Apache. Other new projects include FreeRADIUS, a software application that provides secure authentication to 100 million users on the Internet and on business networks.

Because of the success of the project, DHS is expanding the program to an additional 50 projects, bringing the total to 150 projects under review (and 35 million lines of code).

All of which is very significant. But what I like best in the blurb is the fact that lots of proprietary software depends on the security of lots of open source software. So however much Microsoft and others may want to cast aspersions on open source software, they can't realistically do it very much without bringing their own software under a cloud of doubt.

Could these proprietary companies rip out the open source software? Of course they could. But the fact that they've opted to use open source components says something: the open source software quality is very good and there is no compelling reason to not use them.

Posted by Matt Asay on March 27, 2007 08:21 AM

March 26, 2007 | Comments: (0)

MySQL webinar for CIOs

I received an invitation in my email today for an upcoming CIO-only MySQL webinar. I thought it was interesting because of the audience for MySQL (not to mention the fact that MySQL is clearly cutting into my OSBC territory :-).

Open source is proven in the enterprise. Many of the world's largest organizations, including Yahoo!, Sabre Holdings, Cox Communications, The Associated Press, Google, Nokia, and Nortel, are realizing significant cost savings by using open source products to power web sites, business-critical enterprise applications and packaged software.

But, it’s not just the largest enterprise companies that are implementing open source. Many companies are evaluating an open source stack as an alternative or complement to proprietary solutions from companies like Microsoft, IBM, and Oracle. Savvy CIOs in modern enterprises are exploring the use of an entire enterprise open source software stack known as LAMP....

If you are a startup exploring the LAMP stack, or a mature company that needs to understand the business implications of implementing the LAMP stack, this presentation is for you.

I'd be interested to know if Oracle has presentations like this, or Microsoft. (I'm not being sarcastic.) They may well have webinars to discuss open source with their CIO customers/prospects. I imagine the way the information would be presented would differ...but it would be interesting to compare.

Anyway, here's the MySQL information:

WHO: Zack Urlocker, EVP Products, MySQL AB
WHAT: Developing & Implementing an Open Source Strategy web presentation.
WHEN: March 29, 2007, 10:00 am PDT, 1:00 pm EDT, 17:00 GMT (the presentation will be approximately 45 minutes long followed by Q&A)

Posted by Matt Asay on March 26, 2007 02:27 PM

March 26, 2007 | Comments: (0)

MySQL use up 25%; 40% of developers using it

Oh, MySQL. That little database that just isn't quite as good as the Big Important Proprietary Incumbents....

Except that, apparently, enterprises aren't getting this message. In fact, 40% of them strongly disagree with the feeling above, as Stephen Shankland reports:

You now can discard any lingering traces of doubt that the open-source MySQL database competes with the incumbent proprietary products from Oracle, Microsoft and IBM.

Data released Thursday from an Evans Data Group survey of database usage among developers shows MySQL use increased from 32 percent in 2004 to 40 percent last year. The survey tallied real production use in corporate environments, not just tire-kicking or pilot projects

Reality bites if you're DB2 or Oracle. Because while I would think much of MySQL's gains are coming at the expense of no one (meaning, MySQL is creating new market opportunities rather than cannibalizing old ones), it's still got to hurt the incumbents.

Posted by Matt Asay on March 26, 2007 10:13 AM

March 26, 2007 | Comments: (0)

Having your Zimbra cake and eating it, too - Zimbra adds offline functionality

Just when you thought Zimbra couldn't get any sexier, it adds the sexiest feature of all:

Offline.

That's right: As Satish is set to demo at eTech on Tuesday, Zimbra Desktop (as they're calling it) is a "rich offline-capable client that allows users to have the same AJAX-based collaboration experience as offered by Zimbra’s popular web-only client." In short, Zimbra is now sexy even in the boring old world of offline applications.

From the press release (which, um, hasn't been released yet :-):

"The introduction of Zimbra Desktop means that Windows, Linux, and Mac users worldwide are no longer dependent on Internet connectivity for rich, browser-based access to Zimbra's collaboration platform," said Satish Dharmaraj, CEO, Zimbra. "The universal access that Zimbra Desktop provides represents a critical achievement; today AJAX-based Web 2.0 technologies are available no matter where a user is – at the office, on the road, or even in the air."

This is very, very cool. Zimbra accomplishes this by essentially having a micro-server running on the desktop, which syncs up with the Zimbra server upon connection. But for the user, all they need to know is that Zimbra just works, offline and online.

So, what does it cost? $0.00. Or, if you want it supported (and I can't imagine unsupported email) then you pay $25/mailbox/year for a minimum of 25 users for the Standard Edition. That's fantastic.

Now, let's put this in perspective:

Exchange is 34% of the corporate desktop server market in 2007 and Domino is 18% (Radicadi)
Microsoft Outlook is 60% all of corporate email clients in use (Radicadi)

BUT...

The vast majority of Exchange accounts are old versions of Exchange...just itching to be upgraded to something other than Exchange.

And why? Because...Outlook 2007/Exchange 2007 is painfully slow. It's slow, in large part (according to Microsoft), because people use email. That's right - the more email you have, the worse the application experience becomes. So, the answer to Exchange performance issues is to simply stop using it, or to delete all of your email (Hey! Microsoft said it, not I....)

I never thought Microsoft would lose the email war, but now I'm starting to wonder....Zimbra is an exceptional piece of software. I'd like it fully licensed under the GPL, but I can't think of much I don't like about the product itself. And now that it's fully usable offline as well as online...why not switch from Exchange to Zimbra?

Posted by Matt Asay on March 26, 2007 08:30 AM

March 26, 2007 | Comments: (0)

Is there a there there, in the Oracle suit?

Both Josh Greenbaum and Nick Carr have reviewed Oracle's 42-page filing against SAP/TomorrowNow, and both reach the same conclusion:

There's no there there.

From Nick:

I sat down this morning with a cup of coffee or four and read through the 43 pages of Oracle's lawsuit against SAP. It makes for fascinating reading, but I was disappointed to discover that the alleged skullduggery doesn't quite live up to the hype of the complaint's memorable first sentence: “This case is about corporate theft on a grand scale, committed by the largest German software company - a conglomerate known as SAP.” "Grand scale" feels like an overstatement, and despite the hint of corporate jingoism in that opening sentence, Oracle doesn't present any hard evidence that the scheme went beyond one SAP subsidiary in the very American state of Texas.

From Josh:

Okay, I've had another day to read the suit, and I'm convinced more than ever that Oracle has no case against SAP and TomorrowNow, at least as constituted in the complaint as I read it. There may have been rogue operators doing unsanctioned downloads, but the case as it is written would wash out quickly in my court....
“Defendants were aware of these economic relationships and intended to interfere with and disrupt them by unlawfully and wrongfully taking and using Oracle’s Software and Support Materials to obtain and retain Oracle’s own customers at little to no cost.”
Clearly TomorrowNow didn’t need Oracle materials to obtain customers – they had already signed them up in droves prior to November 2006, when the alleged downloading took place. The first part of the sentence is true — everyone who watches Oracle knows that maintenance revenues are sacrosanct. But, again, Oracle's attempts to prove that stealing anything from Oracle could help win over a customer is going to be interesting to watch.

So, for all those who suggested to me that the difference between Oracle trying to "borrow" off Red Hat's good brand, and TomorrowNow's trying to borrow off Oracle's "good" brand, you may want to take another look at the lawsuit. Nick and Josh may be wrong. But I'd bet on them over Oracle's good intentions any day.

Posted by Matt Asay on March 26, 2007 08:19 AM

March 26, 2007 | Comments: (0)

Novell steering Microsoft defectors back to Microsoft?

Oh, my. On the one hand, Mary Jo is reporting that, just as Novell's Bruce Lowry had said, Novell's pact with Microsoft seems to be earning it back market share against Red Hat.

On the other hand, and of much greater concern, the pact doesn't seem to be helping drive Linux forward, as the deal promised to do. Instead, it is carving up a still small Linux pie, and actually draining Linux growth and putting that money in Microsoft's pocket:

SuSE's gain seemingly isn't impacting Windows Server marketshare among the IT professionals that Yankee surveyed. About 12 percent of Windows users surveyed by Yankee who had "defected" to Linux are now reversing their decisions and coming back to the Microsoft fold," according to an executive summary of the report that I had a chance to see last week.

In short, Novell is getting what it wants - to hurt Red Hat - but not getting what it really wants - to grow the market and take a larger share of that market. Novell may have succeeded in winning a skirmish, but is also helping to lose the battle, the war, and everything else for Linux/open source.

Laura DiDio, author of the report, didn't suggest that customers are benefiting from the agreement, either, but Microsoft is. Its motivations behind the deal?

"I really think the main impetus for the MS/Novell deal was to 1) undercut Red Hat; 2) by embracing Novell, Microsoft gets to "hold its' friends close and its' enemies closer" BUT most importantly by embracing and supporting Linux in this matter, Microsoft gains an important ally in the ongoing EC antitrust actions — the Microsoft/Novell alliance severely diminishes many of the anti-competitive allegations the EC is lobbing against Microsoft. And at the time they inked the deal, that was very much (and still is,) on Microsoft's mind…"

This is what I've been saying from the beginning. Whatever Novell may think it's getting out of the deal, the bigger, stronger partner in the deal (Microsoft) is...getting bigger and stronger. The Microsoft/Novell deal is not a win for Linux.

It's a win for Microsoft. Bien fait, Novell. Your myopia on this deal may well end up hurting us all.

Posted by Matt Asay on March 26, 2007 07:46 AM

March 24, 2007 | Comments: (0)

Sync iCal with Google Calendar (SpanningSync is great so far)

In my initial posting on Google Apps Premier I noted that sync was the one thing that it lacked for *real* enterprise adoption. The fine fellows at SpanningSync solved the problem (at least on the Mac for $25/year) and I can now say that Google Apps will likely be our corporate email and calendaring within the next few weeks. For $75/user/year ($50/google and $25/spanningsync) you have 10GB of email, shared calendar, Sync and whatever other goodies Google drops on you. Just over $6/user/month is well worth it to know all your data is available. I do find it odd that 3rd parties figured out how to do the sync part before Google did...or maybe they weren't interested?

On the one hand I am terrified of lockin, and on the other hand I think that we have way too many services that we depend on too widely disparate. I am sure that Google will have some kind of meltdown sooner or later, but they will still be better than normal users will be about backups and archiving.

Right now we use Zimbra@Maccius for calendar, Rackspace for email and web hosting and we are just bringing up Contegix to host the Mule project stuff along with some new features. It's just too much.

The funny thing is that my staff is willing to deal with the random Google issue just to get the Gmail interface. It just proves that apps still matter way more than operating systems. It also proves the power of the Google brand.

Posted by Dave Rosenberg on March 24, 2007 11:20 AM

March 23, 2007 | Comments: (0)

E*Trade's OSBC Keynote

Every day comes with ever better news for this year's Open Source Business Conference. I just got the title and abstract for Lee Thompson's keynote. Lee is the Chief Technologist for E*Trade. E*Trade made a decision a few years back to go completely open source. Now, a few years into the process, Lee will report on how it has gone.

Here's his title and abstract:

The Bazaar Cathedral: A Look at Open Source at E*TRADE FINANCIAL -- Past, Present, and Future

In January 2002, E*TRADE FINANCIAL announced its technical strategy to use commodity hardware and software in its mission critical applications. Now five years into the effort, Lee Thompson will cover how open source has provided benefits to both E*TRADE FINANCIAL customers and shareholders alike. Mr. Thompson will also discuss how open source development methods have facilitated the internal product development needed to support the firm’s global product expansion.

It's awesome to have a major financial services company talking openly about its use of open source. Should be a great session for IT executives from all industries to hear how open source has changed E*Trade.

Posted by Matt Asay on March 23, 2007 09:27 AM

March 23, 2007 | Comments: (0)

White House demands "secure" Windows

The Register is reporting on "a White House directive to federal chief information officers issued this week that calls for all new Windows PC acquisitions, beginning 30 June, to use a common "secure configuration". Applications (such as anti-virus, email etc) loaded onto systems remain flexible but what will be specified in the registry settings and which services would be turned on or off by default."

In typical government fashion this is both totally logical and illogical. It absolutely makes sense that the gov't versions of Windows should be locked down and all apps as secure as possible. What doesn't make sense is why they would bother with Windows at all.

This is *exactly* the reason why Linux should be on desktops. It's much easier to secure the OS, the apps and the variety of other packages necessary. It also illustrates why open source is being adopted in governments worldwide...how can you control your infrastructure and apps if you are forced to rely on vendors who have to serve multiple market segments?

GovBuntu anyone?

Posted by Dave Rosenberg on March 23, 2007 09:02 AM

March 23, 2007 | Comments: (0)

Red Hat and the Hibernate trademark question: Much ado about...?

eWeek is reporting on the recent hullabaloo over Hibernate or, rather, the trademarking thereof. Red Hat has been limiting others' rights to advertise Hibernate training, and members of the Hibernate community are crying 'Foul!'

At the heart of the dispute is trademark law, not "Red Hat turning into Microsoft." The community may not like intellectual property law as it is, as its requirements may seem to conflict with the "we all love each other" chumminess of community. But this is something that every successful open source project - commercial or otherwise - will go through. The key is in how the project lead manages the process.

Bill Dudney, former CTO at Virtuas, writes:

Hibernate is trademarked by JBoss/Red Hat …Which means that me and the thousands of other consultants that put in a bunch of time learning the framework cannot profit by publicly claiming Hibernate services. I can claim 'OR Mapping' [object-relational mapping] services but who (with money) knows what OR Mapping is and why would they pay me for my knowledge about it.

This is only sort of true, as Deputy General Counsel Mark Webbink suggests in the comments:

Contrary to Gavin's statements above, you cannot offer HIBERNATE Training or JBOSS Training. This is an improper use of Red Hat trademarks in that the marks are being used (a) either as nouns or (b) to promote a good or service that is directly branded with Red Hat owned marks. What is permissable, and I am sure this is what Gavin meant, is that you are permitted to offer HIBERNATE(R) Object Relational Mapping Software Training or, as another example, JBoss(R) Application Server Training. Here the marks are being applied to the goods in a proper manner and it is clear that the training is being provided for that branded technology, not by the brand owner. As a further common courtesy, it would also be appropriate for those properly using the marks in this manner to make clear that they are not in anyway associated with Red Hat or its JBoss Division.

Here, by the way, is the letter that Red Hat sent to alleged violators of its trademarks:

Dear Sir or Madam:

Red Hat, Inc. has become aware that your company is offering Hibernate training courses. Red Hat does not allow the use of its trademarks without a written agreement.

Red Hat is the owner of numerous trademarks, including but not limited to, its Hibernate mark, U.S. Federal Registration Number 3135582. RedHat has made extensive use of its Hibernate marks in interstate and international commerce in connection with the advertising, promotion, and sale of its goods and services. Due widespread use, advertising and extensive marketing, the RedHat marks have become famous.

Red Hat requests that you immediately cease offering Hibernate branded training, as well as any other training that may contain Red Hat marks or marks that are confusingly similar. Although you may offer object oriented relational database mapping training, you may not use the Hibernate name to promote and advertise your products and services.

We trust you will understand Red Hat's interest in protecting its valuable intellectual property and ensuring that consumers are not misled as to the source and sponsorship of goods and services sold and/or distributed under the RED HAT marks. We trust this matter can be resolved promptly and amicably and appreciate your attention to this matter.

We look forward to your reply and request a response no later than {WITHHELD}.

Sincerely,

Meredith K. Robertson
Legal Specialist
Red Hat, Inc.

And so on. The Hibernate community objects to how Red Hat is enforcing its trademarks; unfortunately, I think Red Hat is doing what it must do to enforce its trademarks. US trademark law requires you to go through just this sort of notice that Red Hat is doing, and to consistently enforce its trademarks or risk losing them.

It seems to me that Dudney and others are conflating open source with public domain, in a way. Dudney continues:

The issue with the way JBoss (and the other companies that Gavin mentioned above) approach 'open' is that they want the benifits of community without the competition that comes from that. They want me to learn Hibernate, JBoss, whatever and evangliaze it to my clients and friends but then send me cease and desist letters when I try to profit from my hard won knowledge and work. That is what I object to, I prefer the Apache license @ apache.org because it makes this kind of behavior much harder to pull off. But the license is not as importatnt to me as the behavior of the community.

I think this conflict stems from misunderstandings of open source. Open source changes the rules of the copyright game, but it does not free people from these rules entirely. Or even at all. Just because something is open source does not mean it is public domain. Red Hat may actually like having Dudney and others provide Hibernate training, but it can't allow the advertisement of this training in such a way that violates trademarks, because otherwise Red Hat will lose the rights to those trademarks.

It's unfortunate that this has become an issue, but it's easy to see why it has: communities grow up around open source projects and come to feel ownership in the project, as well they should. But whether a project is owned by a company or simply an individual, it's important that trademarks, copyrights, and patents be honored. If the project lead chooses not to, that's fine (and many don't). Red Hat is a business. It's not a charity. It does a lot of work that may look like charity at times, just as Sun, Novell, IBM, and others give a lot of open source contributions and so appear generous (in the charitable sense). But at the end of the day each of these companies is beholden to shareholders that demand a return for their investment.

This means that they have to protect their intellectual property. I may not like how some choose to do so, but I don't question the core right and need to do so.

I suspect that this conflict between community and company is something that many projects will go through as companies assert stronger roles within these communities. It seems inevitable to me. Any valuable project will have this "problem." The important thing is in how the community lead - be it a company or an individual - enforces those rights. Soft actions may well turn away wrath....

Posted by Matt Asay on March 23, 2007 08:31 AM

March 23, 2007 | Comments: (0)

The soft underbelly of Microsoft? Open source email (ZDNet)

First off, let me just state for the record: if you don't subscribe to Mary Jo Foley's All about Microsoft blog, you should. It's consistently interesting and offers up gems of information.

Mary Jo today cites Yankee Group's upcoming report on the state of the email market. I thought that Exchange was safe from open source incumbents, due to its massive footprint (and to its tie-ins to other Microsoft technologies). But that's not what Yankee/Mary Jo is reporting:

"In an ominous portent for Microsoft, 23% of the survey respondents indicated they intend to migrate away from Exchange Server and switch to an alternative Linux or open source Email and messaging distribution platform over the next 12 to 18 months. The users attributed their decision to their belief that Linux Email and messaging packages are cheaper and easier to manage than Exchange," according to study author and Yankee analyst Laura DiDio.

And why make the switch? Cost, complexity, and difficulty of managing Exchange, apparently. 23% said that these negatives far outweigh the problems with open source email systems (missing features, etc.).

Zimbra, Scalix, and others should reap the potential bonanza here. Watch for Microsoft to continue to integrate Exchange more deeply into Sharepoint and Office as a competitive move. Or maybe it should simply improve it. You know, innovate. Innovate with features but also innovate by making it simpler to use. People would pay for that.

Posted by Matt Asay on March 23, 2007 07:39 AM

March 23, 2007 | Comments: (0)

Oracle sues SAP for allegedly behaving like it has toward Linux

Having spent a few years in law school, I'm not a big fan of lawsuits. Or legal maneuvering, generally, that replaces head to head product competition.

So it should come as no surprise that my gut reaction to Oracle's lawsuit against SAP is, "What a waste."

My second reaction was, "My, but Oracle is cheeky to launch this lawsuit so soon after its (apparently failing) attempts to pilfer Red Hat's support revenues." Read this section of Oracle's complaint:

Oracle brings this lawsuit after discovering that SAP is engaged in systematic, illegal access to – and taking from – Oracle’s computerized customer support systems. Through this scheme, SAP has stolen thousands of proprietary, copyrighted software products and other confidential materials that Oracle developed to service its own support customers. SAP gained repeated and unauthorized access, in many cases by use of pretextual customer log-in credentials, to Oracle’s proprietary, password-protected customer support website. From that website, SAP has copied and swept thousands of Oracle software products and other proprietary and confidential materials onto its own servers. As a result, SAP has compiled an illegal library of Oracle’s copyrighted software code and other materials. This storehouse of stolen Oracle intellectual property enables SAP to offer cut rate support services to customers who use Oracle software, and to attempt to lure them to SAP’s applications software platform and away from Oracle’s.

Now replace "SAP" with "Oracle," and "Oracle" with "Red Hat," and "illegal" with "legal but gauche," and you'll get a rough picture of what Oracle has attempted to do with Red Hat Enterprise Linux. Rather than build up its own distribution, Oracle has opted to piggyback on Red Hat's labor and brand. What it's doing is not illegal - the key difference, perhaps, between what it alleges of SAP and what Oracle has done to Red Hat - but it's still humorous to see this Oracle pot calling the SAP kettle "black."

Yes, stealing is wrong. But I guess I'm old-fashioned and view stealing in a much broader light than Oracle. There's what the law (or an open source license) allows you to do, and then there's what you should do. Normative law, we'll call it. I'm not suggesting that SAP should be allowed to take Oracle's copyrighted information and build a business from it. Not at all. But I'm also not hugely sympathetic to Oracle being the one whining about it, given its past.

Again, I'm not saying that the two actions (SAP allegedly against Oracle, and Oracle against Red Hat) are equivalent. They're not. One is expressly condemned by copyright law and the other is expressly permitted by copyleft law (if you will). I just find it ironic that Oracle is the one suggesting that someone is building a support business on the back of its labor. Imagine that.

Here is what others are saying:

From the horse's mouth...here's Oracle's press announcement about the suit.

Nick Carr

Josh Greenbaum has this interesting take:
Today's announcement that Oracle is suing SAP for allegedly using its TomorrowNow subsidiary to steal software code and other nasties highlights the effectiveness with which TomorrowNow is hitting Oracle where it hurts: right in the old maintenance fee. The lawsuit claims that SAP systematically stole software as part of a concerted effort to beat Oracle, etc. etc. But the real story is that TomorrowNow, which goes around taking over maintenance contracts from PeopleSoft, JDE, and Siebel customers — at 50 cents to the Oracle dollar — has finally gotten under Oracle's skin. Not surprising: cutting maintenance in half can save hundreds of thousands, or even millions, of dollars a year for the company that's not buying into Oracle's Applications Unlimited or Fusion Applications strategy. And, with the lawsuit as a barometer of TomorrowNow's effectiveness, they must be doing a helluva job.
Slashdot points out that at least some of the lawsuit stems from SAP allegedly borrowing support information from Oracle's public support site:
Oracle has filed a lawsuit against SAP. Among the claims made against SAP are violations of the Federal Computer Fraud and Abuse Act and California Computer Data Access and Fraud Act, Unfair Competition, Intentional and Negligent Interference with Prospective Economic Advantage and Civil Conspiracy. From the actual complaint: 'SAP has stolen thousands of proprietary, copyrighted software products and other confidential materials that Oracle developed to service its own support customers. SAP gained repeated and unauthorized access, in many cases by use of pretextual customer log-in credentials, to Oracle's proprietary, password-protected customer support website.
Dave Kellogg of Mark Logic has more insight into the maintenance revenue war.

Interesting times, and particularly interesting since Oracle, the company that is basically trying to freeride on Red Hat in its move into Linux and "competing" by offering better support, is here crying foul on someone else for...freeriding on its documentation and what not so that it can offer better support. Not the same, of course, but ironic enough to bring a smile to my face. Oracle is nothing else if not cheeky.

Posted by Matt Asay on March 23, 2007 05:42 AM

March 22, 2007 | Comments: (0)

Novell responds: 'Stop fixating on the patent deal'

In case it's not abundantly clear, I despise Novell's patent pact with Microsoft. But, as Bruce Lowry wrote me today (because comments are turned off on the blog, due to a massive spike in comment spam), there may be some bright spots on the Novell horizon that I have not reported. I'm willing to "concede" that, and am happy to hear about it. (I was there in the early days of Novell's Linux movement, after all.)

I just wish Novell wouldn't stifle its positive movement with a massive step in the wrong direction. The patent deal represents this. Do you think Microsoft offered this (as well as the interoperability work) to Novell first? Read between the lines of Bill Hilf's earlier comments on the topic. Of course Microsoft tried Red Hat first. Red Hat almost certainly went along with interoperability, but wouldn't swallow the patent pill, because it's hugely negative for Linux and open source generally.

I wish Novell saw this.

In the meantime, Bruce wishes I saw a few other things. His words, with his permission:

Your opposition to the Novell-Microsoft patent deal is pretty clear. But I'd challenge you on a number of statements you're making, as well as some of the assumptions you seem to be working under. First, you suggest we're getting nowhere in our Linux business in the absence of the deal. That's just not true. Numbers from the leading market research firm who counts these things (whom I won't name because I haven't gone thru the formal process of getting approvals) show us picking up almost 10 percentage points in their most recent report. This has not been at the expense of Red Hat as much as at the expense of other distros. But we are picking up share. This is showing in our financials as well - we had 46 percent year on year recognized revenue growth in Linux last quarter, which had very little to do with the Microsoft deal. Invoicing for Linux last quarter, even absent the Microsoft deal, was up 50 percent, as we said on our earnings call. So we have been growing our Linux business. The Microsoft deal will help grow it faster, but we were growing it before.

Second, I'd take issue with your claim we aren't doing much to protect Linux. You mention SCO, and I appreciate that. By the way, that case is ongoing, and we continue to spend money fighting that. We were founding members of the Open Invention Network, spending millions of dollars to buy the CommerceOne patents and put them out to the community. We made a patent pledge several years ago that said we'd use our patent portfolio to defend a patent attack on open source. We see the Microsoft patent agreement as just another level of protection for those customers who want it.

Third, you seem to suggest we're waving the IP flag to get customers to buy our stuff. This is just flat wrong. Our approach to this deal has been focused on interoperability. That's what the customers care the most about. As Ron has said before, Microsoft introduced the patent proposal. We felt that the overall package was important enough for customers that we worked with them to come up with the patent agreement. You seem to suggest we've been inconsistent on this issue. We haven't. We've said from the get-go that this was about interoperability for customers. Some may care about the patent issues. Others may not. What our agreement does is remove the issue from the table for them.

I'm sincerely glad to hear things are going better than they appear, Bruce. I truly am. Please continue to pass along good news. Except when it's Microsoft delivering Novell's good news. Because I just can't believe that Microsoft has your best interests at heart, or Linux's. It has a fiduciary duty that cuts firmly in the opposite direction.

Posted by Matt Asay on March 22, 2007 02:00 PM

March 22, 2007 | Comments: (0)

What Novell could learn from Google

There's an interesting story on Slashdot this morning about why (possibly) Google may have been spoiling for a YouTube fight, rather than hoping to avoid it. As the theory in the article goes, Google may have wanted to get sued to protect the viability of YouTube, rather than leaving the copyright fight to a company less able to fight back (financially and strategically):

[Google's P}lan A was to hope people would be nice and look the other way. That worked for a year so far, and Google hoped it would continue. Plan B was to get sued.

This isn’t any ordinary “get sued and win” plan. Waiting to get sued so you can win in court is a defensive move for most companies. But for Google, this is preemptive. This is about Google defending YouTube, instead of YouTube defending YouTube....

What’s the next big thing on the net? Video. Google cares what happens in video sharing because it wants a slice of the video ad market. It doesn’t want to just be in the market, it wants to own it like it owns text ads. But that’s not the whole answer.

Google bought YouTube because it wanted to make sure of three things:
Google has first dibs for video ads on the biggest video site on the Internet

YouTube remains legal

Expand and protect current fair use related provisions involving copying intellectual property.

In short, Google may have been willing to accept a legal fight in order to protect its ability to mine video for money, yes, but also to protect fair use rights for video on the Internet. If true, very laudable.

And very different from Novell's actions vis-a-vis Linux. Novell claims to want to sell and proliferate Linux. But it has taken the exact wrong strategy to do so. Instead of protecting Linux and standing up for its integrity, Novell has slandered its reputation with its dubious Microsoft pact. However Novell may want to color it, the agreement implies that Linux is "Unclean!"

A better strategy, then, would have been to stand up to Microsoft, rather than to lie down and grovel before it. This would have made Novell a champion, rather than the pariah it has become. There is precedent for this, too, as Novell stood up to SCO in a similar situation several years back.

You can do better, Novell.

Posted by Matt Asay on March 22, 2007 06:53 AM

March 21, 2007 | Comments: (0)

Detailed review of living with Linux on the desktop

Sharon Machlis over at Computerworld went for it--she made the switch to a Linux desktop and chronicled the whole thing. I've tried this a number of times in the past and found almost exactly the same issues she did--need for more drivers, photoshop and plug and play...otherwise the experience is shockingly good. My guess is that we'll see a quality version of OO.org (note that the good one is the one that Novell ships and hasn't contributed the code) or something very similar in the next year, or better yet we'll see browser based apps that replace MS Office entirely.

I had this same conversation with Jason Maynard today about how we'd love to switch to a tiny Thinkpad running Linux if only we had all the apps we need. I still find the MacBookPro a bit large, but I won't go back to Windows. Someone needs to figure out the app thing so Ubuntu can take over all the Windows desktops.

Previously:
Lenovo to preload SUSE on Thinkpad
ComputerWorld: Desktop Linux: If we build it, will they come?
Economic drivers for Linux on the desktop

Posted by Dave Rosenberg on March 21, 2007 09:19 PM

March 21, 2007 | Comments: (0)

Novell: Nothing is wrong with Linux (Better sign with us or you may be sued over Linux)

Am I the only one who finds Novell's continued backtracking and silliness over its patent scheme with Microsoft reprehensible? Ron Hovsepian went on the defensive (again - you'd think that Novell would learn that its opprobrium from the patent deal is not something that is easily explained away) with eWeek, suggesting:

Novell does not acknowledge any patent infringements with open source "in any way, shape or form. We would never do that, as we believe there aren't any," he said.

Great! But earlier...

He argues that the deal has been good for Linux adoption as well as for Novell, pointing to several large deals done recently that would not have happened had the Microsoft agreement not been in place.

How would Ron know? What Linux adoption has Novell been responsible for? Very little, if you look at its financials. As for "several large deals done recently," it's interesting that he would call a deal large that, in several cases, involved Novell giving away the software. For free. To get a reference. (Don't believe me? Ask the customers. I did.) Novell's Microsoft sell-out isn't driving Linux adoption, even for Novell - not much, anyway.

After all, how is it good for customers to tell them out of one side of your mouth that there are no IP problems, and then out of the other side to tell them, "Pssst! Buddy, buy some protection. You never know...." Is that supposed to give them confidence to buy?

The best thing that Novell could do for Linux is to sell it, and to stop participating in FUD around Linux. If customers have IP concerns, they don't seem to be stopping Red Hat. Even Oracle today announced that it is tearing it up (though its claims are a bit suspect, given that a few of its customers also happen to be hardware companies that depend on it for sustenance). No one is slowing Ubuntu, either.

So, is it just Novell with an IP problem? Or is Novell casting about for some excuse for why it continues to remain a distant second in the Linux race?

Hint: The answer is not to try to disqualify the race itself, Novell, but rather to start to run faster. On the same course. With a better offering. Until you do that, you deserve to lose, and need to stop trying to paper over the ugly walls of your shameless patent pact.

Posted by Matt Asay on March 21, 2007 08:08 PM

March 21, 2007 | Comments: (0)

Explaining Dave

From Slashdot:

"The Daily Telegraph is reporting that intelligent teenagers often listen to heavy metal music to cope with the pressures associated with being talented, according to research. Researchers found that, far from being a sign of delinquency and poor academic ability, many adolescent "metalheads" are extremely bright and often use the music to help them deal with the stresses and strains of being gifted social outsiders."

Little did we know just how much the pressure of being the CEO of a successful open source venture was getting to Dave. He keeps ordering up more death metal....

Posted by Matt Asay on March 21, 2007 08:02 PM

March 21, 2007 | Comments: (0)

Symantec Internet Security Threat Report

Symantec just released the 11th edition of their security threat report. It's always a fun read and always has a few tidbits that aren't totally clear. For example, the report would lead one to believe that Window