Open Source: unstop-able wave

Lin Huang: Alhtough Open Source is just catching up. But, with a lot of Governments outside U.S. are strongly supporting them, it becomes more and more competitive. A lot of Governments are using this opportunity to florish the domestic software development, and to counter balance the U.S. software dominance.

Open Source, although, it is right now, quoted as community involvement and kind of "free", but, I believe it will more towards like platform. I think in the neare future: A lot of govenment agencies are using their resource devleope software using Open Source as the platform, and leverage community to pitch in the resource and time. It is no longer a just a community activity, that sometimes it is hard to control project schedule and delivery, it is more central resource control, and leverage extra community resources.

Another counter part of the Open Source vs Proprietory Software is the security. Although both has pro and cons. Open source, it is more transparency with viewable source, and allow community to fix and find bugs; however, because of source is available, it is more easy for attackers to construct attach using theories. Proprietory, the most is untransparency, and a lot of Government doesn't like the potential "back door" concept.

It is interesting to see how that play out. In my view, open source will stay and become more strong, and will be very competitive than the existing Proprietory software.

Post Feature Test Bug-rates in OS vs. IP – Story of the Lazy Developer

Tolba:When looking at the chart presented by Ed about bug-rates in Apache and other unnamed IP products I believe there is another (maybe supplemental) explanation for the high rate of post-feature-test bugs. I believe working for a company where system test is part of the process (especially when this company is a large corporation) developers tend to be over reliant on the fact of system test backing them up. In some cases the QA organization is reduced to be the guinea pig of the developer. In such setup unit tests tend to slim down and sometimes even totally disappear. Whole features are checked-in with no significant developer verification since it’s someone else’s job to make sure it ‘works’.

Tolba 00:42, 30 Oct 2004 (PDT)

JamesWelle: I definitely agree with this. I think it is just human nature to be much more careful and thorough when you know you have no testing vs. when you have an extensive period of test when you know your work will be checked. It would be interesting to compare open source numbers against closed source code where both environments involve very little formalized testing. (I don't think we will see open source testers any time soon)

PMHalupt: Also it can be the corporate development process - there are feature milestones where folks need to get all their features in - and then there are stabalization / bug fix phases where everything gets fixed/finished. Any feature not added in the feature milestone is cut - hence there is a push to jam in all the features at least to a limping level and then fix it up later, to avoid getting your pet feature cut. In "Debugging the Development Process" that approach is not approved and doing high quality development feature by feature is endorsed as more efficient. But I see that phenom over and over at MSFT - causing the bug count to look really high at the end of feature milestones, where in open source there wouldn't be this high pressure date for an initial check-in to be made.

Some thoughts about "The Power of Openness" Article

[John Spaith:] The first few pages of "The Power of Openness" reminded me a lot about the Nation article on evoting. Both have their share of rhetorical flights of fancy and both have a left wing bias. However, despite some flaws this article got stronger the more I went into it. In particular, the guy was pretty honest in looking at open source's challenges and was practical and not ridulously optimistic about being able to solve them. If I were an open source guy (I'm not), I'm sure my heart would be pounding at the thought of a reasonable H20 center as he proposes.

None of the anti-Microsoft/anti-proprietary stuff really stood out (at least compared to the general Open Source party line) except for this little gem:

"Many feasible schemes are imaginable. James Love of the Consumer Project on Technology, the Nader affiliated group, has proposed a 1-2% vendor tax on commercial software that would be used to finance the development of GPL-licensed open code software at state universities... the public would get free software and new tools for combating anticompetitive practices in the marketplace."

Being a gentleman I won't record here the exact words I thought when seeing this. Sorry, I don't think Uncle Sam has any business openly competing with commercial operations like this. Don't get me wrong. I don't necessarily have a huge problem (how's that for legalese?) with innovations making it into Linux via gov't sponsored research. Let's say a PhD student figures out a smarter way to schedule threads, does his work on Linux since he thought it most convenient, ends up making their kernel %2 faster, and Linus thinks it was swell and puts it in the 3.0 kernel. Linux getting better is a side effect, not direct result. And this new thread scheduler (subject to the weird licensing office rules - ugh) will increase the state of the art and may ultimatly make Microsoft products better too.

What the author proposes here is the opposite of that. He wants to enlist an army of kids to do grunt work to try and commoditize software companies in general, Microsoft in particular. That does nothing to increase the state of the art. In fact it sucks brains away from helping on that new thread scheduler and puts it into non-researchy grunt stuff like chosing pretty pictures for icons or getting the font on some dialog just right.

A totally unrelated note - from the first pages of the article, I gathered that the author has a devotional shrine to Stallman. I said to myself, "I bet he doesn't call Linux 'Linux' but instead by the Stallmanesque 'GNU/Linux'". I wish I'd had someone to bet real $ against because of course I was proved right. Since I was right on that point, logically I must be right on all the other stuff I've argued here as well :).

TedZ: I'm about halfway through this article, and I've already rolled my eyes a few times at the anti-Microsoft rhetoric. He seems to take it as a given that Microsoft is guilty of all sorts of "market crimes."

TedZ: Another comment. The thing that seemed "wrong" about the 1-2% tax is the idea of taxing commercial software companies to fund open software development, in effect taxing the commercial software companies to fund a competitor. That struck me as very odd. Also, if you're going to pay some people at universities to develop OSS, who decides who gets paid? That seems even more fraught with peril.

patrickh: I agree, having software companies pay folks to commoditize their software goes agaisnt the American free market system.

I'm surpised open source releases can maintain any high quality and robustness level in their releases. At the commercial software company I work for, Microsoft, the testers outnumber the developers. All features get unit tests, often by both development and test. The features are carefully designed and reviewed by a large number of folks, and then its implementation is carefully planned to be performant and robust when integrated into the product. Customer feedback is used to design the new features and then usability testing is done once the features are completed to be sure they solve the customer issues. Huge regression tests, stress tests and functionality tests are performed to verify the software. Tracking all this process through a release is a very time consuming and not very fun process - unlike writing the code and getting it working which is rather fun. In Open source I don't know how they can get breadth coverage of all the features added to a product and maintain the quality at a commercial software company's level. I don't use open source much - but it seems hard for me to imagine how this very demanding and tedious quality push can be replicated by volunteers.

Microsoft's take on Open Source Platform and Linux

winfredw: Here is a recent email from Bill Gates in which he compares Windows against Linux on several fronts, including TCO, security, Indemnification, and time-to-market. Interesting read.

http://www.microsoft.com/mscorp/execmail/

Open Source vs. Commercial -- biting the unpopular change bullet

Throughout last night's lecture on Open Source, I found myself thinking of what I see as one of the key differences between open source development and commercial development. In commercial development (the only arena in which I have experience), there are many outside factors that can force the development team along a path it might not choose by itself. For example:

1. Sales requirements
2. Marketing requirements
3. Top-down organizational decisions
4. Powerful architects zealous about a new technology

...

For example, recently in my division a mandate was given that all UI should be completely reimplemented on a new tech stack. Not all teams agreed with the choice, but we were forced to begin immediately on the reimplementation effort, abandoning other projects.

In general, the development team has no choice but to comply with these directional changes, which can force the expenditure of a great deal of effort from all developers on a project in ways that the developers might not agree with. In the end, for good or for ill, the effort is made and the product moves on with the changes incorporated.

It occurs to me that this kind of thing is only possible in a commercial environment because the developers have not only their emotional investment in the product on the line but also their jobs. It doesn't even occur to most developers to walk away from their job because of a mandated change, though of course when job satisfaction decreases people start looking elsewhere.

In open source, on the other hand, the choices for an individual developer are different. If a project no longer appeals to the developer technically, he or she can walk away more easily. Or, as discussed last night, he or she can attempt to fork the project and continue in a different direction.

This seems to be a pretty fundamental difference. In a fork, presumably a large number of developers would decide to pull away from the original project. This might be all right in the sense that there's now competition between two ways of building the product. But clearly it represents an enormous brain drain for both forks of the project, relative to the developer community that existed before the fork. And bugfix and enhancement effort would now be duplicated between the forks.

This is just my impression... does it bear out? Does anyone have any experience with this kind of fork? Are there well-known examples of such a schism either breaking or eventually improving an open-source project? The link I included above includes some relatively positive examples of forks... does anyone know of examples where a fork has destroyed a successful project? I'm not sure if the Unix wars count, since the battle there is between commercial versions of Unix.

Recommended: Steven Weber The Success of Open Source

cmbenner: This is a very recent book by a political scientist at UCB, the first social scientist, I believe, to look at OSS. He looks at the political economy of open source development, trying to explain why this model for producing intellectual goods works. He also traces the detailed history of the open source movement in at least a somewhat engaging style for those looking for background. I think there's a class project that may be looking at developer motivations in the open source community: You guys might want to take look as he spends some time on this.

SMM: MIT Economist Eric von Hippel has a book coming out from MIT Press early next year. Actually, The Cathedral and the Bazaar is very level-headed. It gets cited for propositions that are significantly wilder than what it actually says, you get a pretty good sense of the economics even if the phrasing is sometimes oblique.

On the transparency of Microsoft's Intermediate Language

cmbenner: Managed code is more transparent than unmanaged code. Microsoft wants to carefully control access to its source code, through Shared Source, etc. Yet the way the .Net platform was implemented means that Microsoft code is more transparent than before. On a transparency scale of 1 to 10, with machine language (or whatever the most non-transparent form of code is called) being a 1 and source code being a 10, developers have told me Microsoft's Intermediate Language is an 8. Is the higher transparency of its code of concern to Microsoft given its highly-controlled approach to open source: thoughts from Microsoft developers and others?

Tolba: The .Net Platform itself is can be crudely classified into 2 pieces: which are the runtime and the class library. The Runtime contains (but is not limited to) the loader, the Just In Time Compiler of Managed to Native, the garbage collector, etc. These are the components where the most IP lies and it’s all in native. As for the class library I was told by a PM friend in the CLR team that some version of the sources of the Base Class Library (BCL), which is managed, is distributed (at least to some entities). I don’t believe there is much at stake unless some of the major MS applications are fully implemented in managed which I don’t think is the case today.

Having said that I believe there is a problem for vendors who ride the wave of “Managed”. I once had a conversation with an MS partner company which was weary of their managed applications being reverse engineered into source code by competitors. I also heard that there are 3rd-party tools that obscure IL to make it harder to reverse integrate into easy to recognize code. Of course mangling is limited since those tools can’t change the IL in significant ways for it to run correctly and not to affect performance.

Tolba 00:24, 30 Oct 2004 (PDT)

APardoe: As to Microsoft protecting their own IP Tolba is correct that a majority of the Just In Time Compiler (JIT) is native code and that the Base Class Library (BCL) is (mostly) managed code. But Microsoft has also released a Shared Source version of the runtime (JIT and BCL) which is publicly downloadable under the name of Rotor. The code for Rotor is based on the same code which shipped in the currently released runtime. So Microsoft's not really looking to protect the IP of the .NET runtime through obscurity of code sources. That said, there are trade secrets and proprietary algorithms in the JIT and parts of the BCL (optimizing algorithms and the like) but overall transparency in developer tools is a good thing

As for developers using managed code, yes, there's definitely a transparency issue. Microsoft Intermediate Language (MSIL) is extremely transparent. I write it frequently and can tell you what a program in MSIL does almost as easily as I can tell you what a program in C++ does. If a developer writes a really cool program with some really important IP inside of the program managed code (either .NET or Java) might currently be the wrong choice to protect their trade secrets. Companies produce "code obfuscators" (MS ships one as well with their developer tools) but Tolba is right: it's extremely hard to obfuscate to any reasonable extent. The biggest problem isn't performance, it's correctness. Obfuscation is a really hard problem--maybe as hard as optimization--and there's little benefit to obfuscation today.

So no, I wouldn't say the adoption of managed code is an indication that Microsoft is opening up source. It's more an indication of the push toward more secure applications. I'm sure that Microsoft will figure out a way to protect source before they ship anything really important (say, Windows) which is built solely in managed code.

Note that Microsoft is opening up more, though. Rotor is only one of their disclosed source products. The new C++ compiler (for both managed and native code) that I'll be working on is open-source. Source is released only to "recognized research institutions" but that's a pretty broad opening up of code. [apardoe]

Disclaimers vs. Licenses

From: Bob Gomulkiewicz [1]

Sent: Friday, October 29, 2004 9:13 AM

To: Ed Lazowska; 'Stephen Mark Maurer'

Cc: 'Bob Gomulkiewicz'

Subject: RE: Tonight

Steve, in retrospect I wasn't very satisfied with my answer to your question "why can't you just put a disclaimer on the code, why do you need a license?" My explanation about implied warranties did not really get to the heart of the matter. I think the answer is that if you simply slap a warranty disclaimer on the code and that's it, you still have to ask the question "what rights does the user have?" in the transaction.

If the transaction is interpreted as a Copyright first sale, then the "disclaimer only" idea does not work because the user has no right to make copies or derivatives. If the transaction is interpreted as an implied license, then it's still a license and you might as well do the user a favor and explain the scope of license (especially because implied licenses often get construed narrowly). If the transaction is putting the work into the public domain, then the software publisher still needs to say something to dedicate the work to the public domain, so you're not really simplifying the transaction that much (because you either have to write a license grant or a dedication grant).

To put it another way, if the hacker does not choose a particular transaction model, the Copyright Act assigns one by default (either a first sale or implied license). In one case (first sale), the model will not grant sufficient rights for open source objectives, in the other case (implied license) there are practical reasons to use an explicit license instead.

On top of these issues dealing with the license grant, you face issues about whether a disclaimer slapped on a box without the user manifesting assent in some way is enforceable (sometimes yes, sometimes no), and the problem of how you get the user to pass the disclaimer on to other users downstream (which both the GPL and BSD licenses require). That's the point I was trying to make last night in class, but I think the one about the license grants goes more to the heart of the matter.

Bob

SMM: Bob, Thanks for the clarification, I enjoyed the talk.

At some point, the question of whether a disclaimer is a license or just a dedication grant gets pretty thin. So if worst came to worst, you could slap a license on your software but it wouldn't be much of a license.

The argument I would make to a judge is that open source should be caveat emptor, at least when no money changes hands, and I would hope that the common law will come to that. A fortiori, the same rule should apply to upstream people who gave the code to the guy who gave it to you. One wonders if there are UCC cases that ask whether you can assert warranties against goods that were handed out free of charge.

I guess my deeper point is that whatever makes open source work is only tangentially about licenses. Most open source advocates act as if picking the right license will make the rest of the collaboration run like clockwork. My strong instinct is that -- like most business transactions -- it works the other way. The trick is to figure out a logical transaction that gives the players adequate rewards. If you do that, the lawyers will almost always find a way to write it up for you.

Of course, I'm a litigator. It's possible that I'm a bit cavalier about these things ;-)

steve

Solaris 10 with no licensing fee

As expected, Sun launched the latest version of Solaris 10 with no licensing fee ... the open source version will take a few months ... they are still working on the license model

http://story.news.yahoo.com/news?tmpl=story&u=/nf/20041115/bs_nf/28405

WIPO Announces Plans to Support Public Domain, Open Source

El-Gammal: The fight between IP supporters and Open Source advocates is moving to the global arena.

http://www.eff.org/news/archives/2004_10.php#001966

It seems to me this would make OSS more appealing to developing nations.

I'm a Believer

(User: John) I enjoyed Professor Gomukiewicz's presentation. He is not, however, a supporter of open source, the free software foundation, or any other non-proprietary approach to software development. This fact is not surprising, since he used to represent the interests of Microsoft. I do not hold this against him, however, as he is an honorable advocate, and a friend. After having studied and investigated the GNU General Public License, Apache, the BSD, Mozilla, and others, I have come to the conclusion that the GPL is the best of the lot. Eben Moglen and Stallworth are in truth creating a social movement akin to the labor movement in terms of socio-economic-political clout. I am a believer in this movement for a variety of reasons. The foremost reason is that the GPL is based upon the notion that more free minds working on a problem is more effective than throwing money at a problem. I like the idea that some researchers have the "its best for all the people" feeling, rather than the "what's best for my bank account" attitude. The GPL is not the best fee software license I've ever seen. In fact, I would greatly modify the original if I had a time machine handy. But, unfortunately I don't. The really good thing about the GPL is that it does not change and it allows the movement to control the license via unilaterally accepting agents of the copyright holder. GPL can control software devlopment to the benfefit of all the people - not just the greedy mega corporations. As long as the SCO v. IBM case doesn't screw things up, we will have rapid technological progress without the toll gates of corporations. I like that, especially during these days of business worship.