Follow Us on Twitter
by jcannon on July 18, 2006 02:15pm
There is a buzz word floating out there – “business readiness”. It seems everyone (including people here at Microsoft) are trying to capture something important to organizations and people that are responsible for selecting, deploying and maintaining software for businesses. What does it really mean though?
Does it mean that a software package, distribution or application meets a benchmark? Does it mean that it is supportable without getting the Big Three consulting companies involved? Does it mean that all its functionality has been tested using regression test cases? Does it mean performance and scalability of the software meets needs? Does it mean that the software will be kept alive into the future by a vibrant community?
In my opinion it means all of the above.
So, what is the problem?
The problem is that business readiness is in the eye of the beholder! (Definition of beholder – the dude who happens to be holding the software when the music stops!)
I think this is a complex problem for two reasons
I will concentrate on the first point – how do you objectively measure business readiness, and suggest a way to look at this. This is not a recipe, just a few thoughts on what we should pay attention to. Hopefully you can dive into the suggested links and find stuff that helps you evaluate the business readiness of some software you are considering.
There are many levels at which software must be evaluated – I assume here that the functionality of software is not the issue. Of course this is a big assumption, but the evaluation of software “features” is a better understood art than the non-functional aspects of software. (There is even a term called “non-functional requirements” while doing requirements and specifications – I never quite got my head around how something that didn’t function could be a requirement!).
What is the state of the art? This is a question that is very hard to answer. For any piece of software the best most people can do is to compare it to its competitors in the marketplace. Most organizations that use open source would not have the luxury of having the commercial software to compare against. They would have to rely on word of mouth or other such imperfect evaluations. Even for most commercial software it is hard to get a good grasp of how that software compares with other software.
There are some organizations such as ISBSG (International Software Benchmarking Standards Groups) that is a non-commercial organization that collects data about software projects and quality. This data is submitted voluntarily by organizations that are software organizations all across the world in many different areas of software. The software for which such data is submitted is largely proprietary and commercial.
A good use of ISBSG data would be to compare defect density within an open source project to the benchmark for that kind of application within the ISBSG data. This would serve as an indicator of the quality of the open source software.
Other data available includes “cost per function point” for a project – this can help evaluate if the cost of the project/product to your organization is close to the “standard” price for good quality projects for the application area chosen.
Evaluating the software Once the gold standard is known other evaluation criteria for the software at hand can be applied. The gold standard provides an quantitative upper bound in terms of number of defects and cost. But IT departments do not run on cost alone….
For open source software there are a number of evaluation benchmarks/certifications being made available. However, the criteria used to evaluate open source doesn’t exist in a vacuum – it is based on hard earned lessons in software development in general. I think that these criteria apply to all software whether open source or commercial software.
Some of the standards bodies out there include:
There is nothing stopping you from considering criteria from each of those models to evaluate the “business readiness” of the software you are concerned with. I suspect that any good model will show comparable results, or the discordant models will fall by the wayside!
Show me the money In their “Expert Letter” ,CAP Gemini - developers of the OMMM model, try to make the point (somewhat unconvincingly in my opinion) that because commercial software is developed differently from open source it has to be evaluated differently.
In my opinion, its all about the value the software provides. If the value can be derived down to dollars, that may be the best way of convincing people.
Khaled El-emam, has this cool ROI process that starts with software metrics such as number of bugs and ends up with a dollar calculation about how much a software product/project will cost the users in terms of “cha-ching”. Maybe every product needs to be put through this “business readiness” measurement!
I am now thinking about visualizing the business readiness using some cool graphic tools – “be the software, be the soooooooftware” (apologies to “Caddyshack”!)
by jcannon on July 21, 2006 03:51pm
Sam interviews Martin from Teamprise, a company which has developed a pretty interesting suite of client applications that can access Visual Studio Team Foundation Server from Macintosh, UNIX or Linux clients using Eclipse. The Teamprise implementation allows development teams to use the source control features as well as work item tracking from within the Eclipse IDE.
Related Links: - Check out the Teamprise site - Download the MP3 File Directly
Podcast Related Links: - Subscribe in the Port 25 Podcast Feed - Subscribe to Port 25 Podcasts in iTunes
by jcannon on July 23, 2006 08:21pm
Honeypots and User-Mode-Linux (UML) Part I: Setting up UML
(Special thanks to Dan Simonton for the testing and writing in support of this tech tip)
In technical terms, a honeypot performs a function very similar to that of a “honeypot” in the outside world: a sweet lure. A “honeypot” is a system designed with the purpose of attracting the attention of prospective attackers, to assess how they are attempting to infiltrate the machine and what they doing once they gain access. There are literally thousands of honeypot networks and systems setup by security professionals and hobbyists worldwide. These systems can provide a wealth of information into forensics and assessing trends in network intrusion.
This is Part One of a two part tech tip, which will address the setup of User Mode Linux (UML) for honeypot use. Part Two of the tech tip will cover the containment of intrusions and other security topics that arise while using UML as a honeypot. Also addressed in Part two will be the “forensics” i.e. identifying what exploits were tried on the honeypot.
One of the more popular methods for constructing honeypots in the Linux world is to set up a kernel to run in “user mode” on a host Linux machine. In function, this is very similar to running a “Virtual PC” on a Microsoft Windows or Apple Macintosh system. The primary difference is that “User Mode Linux”, or UML is open source and (depending on your personal depth of knowledge of the Linux kernel) you can really tweak any and every aspect of the host and UML kernel to your liking.
User Mode Linux is essentially an entire operating system running as a program in user space. It masquerades as an OS because for most purposes, it is one. The immediate benefit of running a honeypot this way is that with proper precautions taken, there is no significant threat to the host machine, or its operating system. When or if an attacker gains control of the UML instance, you can simply shut it down and restart at no cost to the hosting machine’s uptime or stability.
The first step is to download a copy of the actual kernel source that you wish to compile on the designated host machine. This can be obtained from http://www.kernel.org/ or any associated mirror site. In this tech tip we will use the 2.6.16 kernel. The patches for the UML kernel can be obtained from:
http://www.user-mode-linux.org/~blaisorblade/patches/skas3-2.6/skas-2.6.16-v8.2/skas-2.6.16-v8.2.patch.bz2
You will also want to create a filesystem for the UML. In the interest of time and space, there are a number of filesystems that can be downloaded for various distributions from:
http://uml.nagafix.co.uk/
In this example we will be using Slackware-10.2
First of all, the standard commands are applied to unpack the source
$ tar –zvxf linux-2.6.16.tar.gz $ bzip2 –d skas-2.6.16.-v8.2.patch $ cp skas-2.6.16.-v8.2.patch linux/ $ cd linux-2.6.16/ $ patch –p1 < skas-2.6.16.-v8.2.patch
Note: In every step of the build process, it is crucial that the “ARCH=um” argument be passed along with the various kernel configuration and compilation commands.
Next we will clean out any .config files (if any are present) and generate a default configuration:
$ make mrproper && make mrproper ARCH=um $ make defconfig ARCH=um
Now we manually check and edit the configuration:
$ make menuconfig ARCH=um
At the very top of the list are UML-specific options. It is important to know what some of these are:
[ ] Tracing thread support [*] Force a static link [ ] Host processor type and features ---> [ ] Three-level pagetables (EXPERIMENTAL) [ ] Memory model (Flat Memory) ---> [*] Networking support [*] Kernel support for ELF binaries <M> Kernel support for MISC binaries < > Host filesystem < > HoneyPot ProcFS (EXPERIMENTAL) [*] Management console [ ] Magic SysRq key (0) Nesting level [ ] Highmem support (EXPERIMENTAL) (2) Kernel stack size order [*] Real-time Clock
There are two options here in particular to take note of.
The first is the “Host Filesystem” option. This gives the UML Linux kernel access to the host filesystem. If you enable this, be careful how the access is applied. A safe course is to apply extended mount and read-write restrictions over filesystems on the host machine.
The second is the “HoneyPot Procfs” option. This essentially overwrites entries in the /proc filesystem of the UML kernel with that of the host. This is useful in that it removes fingerprints which might otherwise indicate the host is a honeypot. It could also be a potential troublespot for someone could map out the architecture of the hosting machine using this information. This is less of a threat than it is something to keep in mind.
NOTE: Be sure to include general kernel support for ext2, ext3 and reiserfs.
Looking further down from the kernel configuration tree, see the options for UML network devices. If you want to get to the outside world from the user mode kernel, be sure to enable ethertap and tun/tap support. This will allow the user mode kernel to communicate with the host tun/tap device.
Be sure to check any other “non-uml” options for your kernel that might be relevant to your machine. There is one last step before you can build the kernel. Due to a macro called by the patch that is now deprecated, one of the kernel source files must be manually edited. In whatever text editor you prefer, open up the file: (within the source tree) arch/um/os-Linux/sys-i386/registers.c and add the following to the preprocessor directive:
#ifndef JB_PC #define JB_PC 5 #define JB_SP 4 #define JB_BP 3 #endif
Once all this is done, build the kernel with:
$ make ARCH=um
At this point, we have our hard drive image (with distribution) and a UML Linux kernel. We have a few more things to set up on the host before we are ready to boot our UML instance. First, we need to make /dev/net/tun writable (by the user the UML kernel will be running as). The quick and dirty way to achieve this is to make it world writable (NOTE: not a “best practice”, just a quick way to get from a to b).
Alternatively you could create a separate group with write access to /dev/net/tun. Tun0 which is a tunneled interface to eth0, is used to negotiate traffic between the user mode kernel and the primary physical interface of the host machine. To configure the 1st interface (tun0)
tunctl –u umluser umldev
This command invokes tunctl, specifies the creation of a device, assigns ownership to user (via –u) to “umluser” and name its “umldev”. The IP side is configured the same way as a standard Ethernet interface via ifconfig:
ifconfig umldev (ip address)
We’re ready to start our instance. We’ll want to specify the Ethernet device on start.
linux ubd0=Slackware-10.2-root_fs mem=256M eth0=tuntap,umldev
Once you are asked for a login, simply enter “root” and it should drop you right to a shell.
dhcpcd: MAC address = fe:fd:00:00:00:00 Starting OpenSSH SSH daemon: /usr/sbin/sshd Updating shared library links: /sbin/ldconfig
Welcome to Linux 2.6.16-skas3-v8.2 (tty0)
yadda-yadda login: root Linux 2.6.16-skas3-v8.2. Last login: Thu Jul 20 00:53:38 +0000 2006 on tty0. You have mail. root@yadda-yadda:~#
On the UML side, use ifconfig to give an ip address to eth0. This needs to be something routable by the umldev IP of the host machine. The route then must be set to the outside world (via the host umldev interface).
route add default gw (umldev ip)
On the host, packet forwarding and proxy_arp must be enabled:
Host# echo 1 >/proc/sys/net/ipv4/ip_forward Host# echo 1>/proc/sys/net/ipv4/conf/umldev/proxy_arp
Now you should be able to reach the outside world from UML:
[uml@yadda-yadda]$ ping www PING www.yadda-yadda..com (192.168.0.1) 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_seq=1 ttl=127 time=12.1 ms root@yadda-yadda:~# ssh www.yadda-yadda.com root@www.yadda-yadda.com’s password: Last login: Thu Jul 20 11:00:50 2006 from yadda-yadda.com [root@www ~]#
You should have a functional UML kernel running in its most basic form. You may kick it around, experiment with distributions (see links provided below), or otherwise abuse it as you see fit without consequence to your hosting system. This entry barely scratches the surface of one use of a usermode kernel, but if you have not considered running one before or are new to the idea, we hope this provides some useful information. Below are some links to some other resources, as well as the user-mode-linux project homepage.
http://user-mode-linux.sourceforge.net/ - UML Project homepage http://www.honeynet.org/misc/project.html - The honeynet project http://uml.nagafix.co.uk/ - A repository of disk images to use with your kernel
by jcannon on July 13, 2006 01:38pm
First of all, I will not be held accountable as it relates to typo’s and confusing sentence structures. I got back a day or so ago from Europe, so I am using the Jet Lag excuse as long as I can!
I am going to start my blog with a little story that happened a few weeks ago. The in-laws were in town and the wife and I decided to take them to a nice restaurant. The restaurant chosen was Salish Lodge, this is a very nice place and it is famous for it’s brunch.
The restaurant is sitting just off to a very large waterfall (Snoqualmie Falls here in Washington State, (http://www.snoqualmiefalls.com/), and this waterfall is used to make electricity as well. Now, in this restaurant is a large gauge on the wall, This gauge supposedly shows the water flow per second over the fall.
I was always under the impression that it was connected directly through some measuring device directly to the falls, and as such would provide real live data.
Imagine my surprise that while we where waiting for our table I started checking this device out, the gauge was not connected to anything, but instead it is turned by hand to indicate how much water is flowing over at that moment in time. And you might guess what I could not stop myself from doing next, Yep, turn that puppy up to the highest setting it can go. This, if you believe the gauge, is about 40000 cubic feet per second.
(below is a picture after I turned it up)
Now, this was like I said a few weeks ago and it was sunny and probably 70 degrees or so. There was no flooding, no weird high water levels. And the river feeding it (Snoqualmie River) was as calm a river as you can imagine. The amount of water going over at that time was not that much more than a trickle. And I very much doubt that in real life the falls ever had that much water go over it. I would assume that that amount of water would take the better part of the restaurant down with it.
Anyway, so why am I writing this story? Well, it started out as a prank, but turned into an interesting social experiment. While we where waiting, people behind started forming up, I heard comments about the gauge and what it was set at. Without fail, everybody behind me took what the gauge said as fact.
This shocked me to no end, nobody said, ‘hey, that sounds like way to much. This thing must be broken’. Nobody seemed to think about that the amount of water that the gauge was indicating was so high as to be completely incorrect to the facts. (The water they could see going over the falls)
Nobody seemed to apply any critical thinking to what they saw.
And this now comes to what I wanted to write about in this blog, critical thinking. I hear a lot of things in the IT industry that are considered important, or essential for a project/product to be successful. Methodology, standards and testing to name a few. All these are _very_ important, but the one thing that I never hear about is the need for critical thinking. I do not think you can be good at IT if you do not let yourself be guided by a good dose of critical thinking.
At a previous project, I was asked to help re-design an application that was spidered into many different systems interfaces. One such interface confused me to no end. It did not seem to add any value, and resulted in delays in processing. I tried finding the documentation on the interface but was unable to locate it (sounds familiar?) and I asked the people who used the output of the interface. And they did not know why it was done the way it was done. Nobody ever questioned it, it was always done this way through this interface, so that is what was expected. The interface was removed in the new design by me, and it was an uphill struggle to get it removed. It was always there, so there must have been a reasoning for it, nobody wanted to check or question if it could be done better or was ever even needed. The removal resulted in a few less failure points, and noticeable customer improvement in response times.
I constantly find that using critical thinking skills more than anything makes me more effective at my job. And I am fortunately to be able to work with my two colleagues that seem to possess this same skill, Anandeep and Kishi. And force it on me when I am not using it enough every once and a while
So, what have you all found to be the best tool in getting the job done?
And about the gauge? Well, it took a little over an hour and a half before somebody realized the indicator was set to an unrealistic level.
by jcannon on July 18, 2006 07:37pm
By now, many of you have seen the article, Microsoft Gives Linux a Virtual Hug.
If not, I recommend checking it out.
It describes Microsoft’s partnership with Xensource (www.xensource.com). For those who do not know anything about the technology and what they would use it for, I will give a brief description. Many years ago when processors where not so fast, memory was expensive and general computing hardware was not very powerful, we needed all we got to make a single computer run as fast as we could. Now, today, we are in an area where a lot of people and companies have hardware that is very powerful (And some could argue relatively cheap) that many have machines that are way more powerful than what they need. So they end up with machines that are underutilized. So, what can we do to squeeze the last bit of performance out of the hardware we bought? In comes a technology called hypervisor (http://en.wikipedia.org/wiki/Hypervisor), which in laymen terms is a method (Either hardware or software implemented, or a combination thereof) that allows multiple operating systems to run at the same time. This, as I stated, can reduce hardware operating costs and adds a level of security and stability. (One operating system can not crash another one running on the same machine for example). Interestingly enough, Hypervisor is a relatively old technology, and was used early on in the 1970’s in mainframes.
I personally do not claim to have any insight to the articles meaning. (And we in the lab were not involved) But I think it indicates a trend here, the trend is that Microsoft is looking at OSS. Another example is of the OSS lab we work at here in Microsoft, which something many people did not think would happen any time soon. (If ever) As some of you might have read from my earlier blogs, I am very new at Microsoft, and I would have never expected to work here myself. As my colleagues can attest, I still walk the hallways talking about ‘them’ (Microsoft) and ‘us’ (OSS). So seeing changes like this are very exciting to me.
I was reading Slashdot, and the responses to the above article. And I have to smile about some of them. There is a wide array of peoples opinion on the interpretation of this, the usual “Microsoft’s latest attempt to dominating the world” to people who seem surprised and excited about this direction.
Here in the Lab, we are taking what we do with our work very seriously, and all that comes out of the OSS world, we look at from many different angles. This group is very new inside Microsoft, and already we are making an impact. Several years ago the perception was that Microsoft was discounting OSS, and who would have predicted than that there would ever be an OSS research group at Microsoft.
There are many things we can continue to learn from each other, and we at the OSS Lab are very much looking forward to help erase FUD on both sides of the isle.
As always, comments/suggestions etc appreciated.
- Hank Janssen
by MichaelF on July 28, 2006 10:09pm
While we were at OSCON this week we were fortunate enough to get some time to sit down with Tim O'Reilly. I dare say Tim, author of the O'Reilly Radar, needs no introduction but just in case: Tim is an Open Source Software advocate as well as the Founder and CEO of O'Reilly Media, Inc. He is also one half of the duo that founded OSCON along with Matt Asay. While this is his first time on Port 25, Tim also joined Bill Gates at Mix 06 for a conversation and Q&A session.
In this interview Bill and Tim discuss the redefinition of "Open Source", Web 2.0, and some other topics that arose in the first two days of the conference.
Stay tuned: Monday we will post another interview from the conference between Bill and Matt Asay wherein they discuss mixed environments and commercial OSS trends. If you haven't already, sign up for our RSS feed and we'll notify you when this interview is published.
by jcannon on July 26, 2006 01:37am
In addition to technical tips, blogs and video interviews, the Open Source Software Lab at Microsoft conducts a number of technical analysis and research projects throughout the year to help inform and solve key interoperability challenges between Microsoft and open source technologies. Since our launch, we've been working on a number of projects, the first of which we would like to share today.
Abstract: The Open Source Software Lab at Microsoft is a key advocate within Microsoft for interoperability with Open Source technologies. In order to drive discussions and engineering plans around interoperability, we need to initially build a core knowledge base in the particular technology which we can share with product and field teams.
This paper is the first in a four part series on Linux networking technologies: DHCP, IPSEC/VPN, RADIUS, and DNS.
The capabilities of a leading Open Source DHCP software package, ISC DHCP Server, are the focus of this document. The analysis concentrates on the manageability aspects of the ISC DHCP server and provides an overview from the point of view of the Open Source Software Lab, where the DHCP Server was installed, configured and tested. The intent of the document is to pass on the hands on experience gained from the installation, configuration and testing experience.
Download the Networking Roles Analysis Paper: ISC DHCP (PDF, 556KB)
by jcannon on July 11, 2006 04:32pm
*Updated* So, this weeks tech tip is about memtest, and yes, I am sure there are some that might scoff at this....But I think we have a tendency to loose sight of the basics. For instance, last week we had quite an interesting time debugging a problem that occurred intermittently and we where not able to find a way to consistently reproduce the problem. We ran through all kinds of things until we decided for grins and giggles to run memtest. And low and behold, it found memory errors. We replaced the memory and have not seen a recurrence of the problem.
We decided to pull this old but trusty tool back out of the stable. Special thanks goes to Kyle Adams and Stephen Zarkos who did a lot of the footwork on this one.
Memtest is a simple program that is designed for the x86 architecture. You would use it for things such as when hardware hangs or when your computer doesn’t boot at all. Either way, you could just grab memtest and throw it onto your computer.
Actually, there is not a hard and fast rule when to use it. There are two ways I would put it in the toolbox to use, and they have to do with methodology more than anything.
Honestly, I think number one is one that happens more in real life. A lot of people do not think that HW like memory will be causing any problems. They forget that often with memory it is not a black or white issue. It is not an all or nothing failure. It sometimes happens and sometimes it does not. I have never really seen a failure that I would say without question, that is memory! You can get it here (Linux GPL, and windows version); http://www.memtest86.com/
(There is also a non GPL, but still free version for windows available here http://hcidesign.com/ I am not to familiar with how it works, but the web page gives you a lot on information) One thing to note, this can run for a very long time, several hours in some cases.
GENERAL FEATURES Memtest gives a user the ability to access the memory in an effort to pinpoint a problem in the memory itself. It uses a set of algorithms to check for consistency and errors in the placing of memory. The algorithms that are used by memtest to test the memory are the following:
The point: applications still need error-free memory to execute correctly, especially today with application complexity increasing all the time. How do you replicate problems in your lab environment with such diverse environments across your network, or even more importantly, separate hardware from software failure?As always, comments/suggestions etc appreciated. Hank Janssen
by MichaelF on July 31, 2006 01:33pm
Matt Asay, formerly of Novell, now VP of Business Development at Alfresco and co-founder of OSCON took some time out of his busy conference schedule to sit down with Bill for an interview. Matt, author of the AC/OS Blog (Matt Asay on OS) is a vocal supporter of Open Source Software and has some interesting insights on where commercial Open Source Software is headed.
In this interview Matt and Bill discuss Open Source business models, monetization opportunties for open business apps, and thoughts on the first days of OSCON.
Here is a link to a recent blog post by Matt that further explains some of the concepts he mentions around Open Source business models.
Big Thanks to Matt for taking the time to join us on Port 25!
by jcannon on July 10, 2006 01:30pm
When I first started writing software, my only understanding of the term ‘license’ was that it was something I needed to drive a car or to catch fish. As my career progressed, I learned that software also has licenses that describe – ideally - how the author of the software wants his or her creation to be used (terms, conditions, permissions, etc.). Of course, there are many types of software licenses today. You may not follow this topic that closely, but you certainly have seen things such as End User License Agreements – that little agreement you can choose to click ‘I Accept’ or ‘I Do Not Accept’ after you read in infinite detail all the terms, conditions and restrictions (right?). Early in my career, I typically just used a) whatever license the company I worked for used or b) whatever licenses other developers seemed to use. It was a combination of laziness, naïveté, and general indifference to all things legal. This perspective of course changed as I began to understand that licenses were indeed quite important and powerful in determining how I could control the thing that I wrote – or how I could lose control.
Thus began my entrée into the legal world of software licensing. I’m generally not one for bureaucracy or unnecessary complexity, so, to be frank, some software licenses seemed ridiculous to me. Many still do. But again, I’m not a lawyer (nor do I play one on TV) and I do have a high degree of respect for all my friends in this discipline, so I understand it’s not always as simple as one may desire it to be. That said, it doesn’t hurt to try to strive for simplicity. Programmers and IT professionals learn early on that the K.I.S.S. rule is the only true path to technical enlightenment, so I try to apply this same thinking to software licenses.
Licensing is a broad field, so I’m going to focus in on what we’re doing with our community software licenses. It’s worth noting that there is an important difference between binary and source licensing. The fact of the matter is binary licensing governs the vast majority of revenue-generating activities in commercial software. Source code licensing is about the use (and re-use) of the underlying intellectual property in terms of copyright, trademark, and patent. I’m focusing on what source licensing programs we are doing for our community projects.
Around a year ago, we rewrote our software licenses that we will use for many of our community programs in our Shared Source Initiative. If you’re not familiar with Shared Source, this is a program we have where we share source code with customers, partners, developers, academics, and governments worldwide. There is a variety of software we have in this program, such as wikis, Atlas/Ajax toolkits, IronPython (Python in .NET), drivers, installers, and so on. Jason Matusow announced these new community licenses on his blog last October.
There were four main goals for writing these new licenses:
(To be clear, I was just a cheerleader and supporter of these efforts, smarter people than me did the actual work to meet these goals in each license .)
The result was something we were quite happy with. But it’s not just for Microsoft’s Shared Source projects – SugarCRM, the leading Open Source CRM solution, has chosen to use one of these new licenses, the Microsoft Community license. As John Roberts, CEO and founder of SugarCRM commented:
"We were really impressed by the Microsoft Shared Source Community License and like it a lot. We think it is a license that represents the ideals of our community and is one that they want to use, especially those customers who already run on the Windows platform.”
You can read more about this news here.
I’ll be blogging a lot more about Shared Source in the future. As this blog entry’s title suggests, I’m a Kubrick fan and although I’m not worried about fluoridation conspiracy theories, I did want to share a snapshot into how we think about community source licensing. Regardless if you write code, manage an IT environment, or just install applications on your desktop or server, understanding software licensing is an important aspect of the software world we live in. It is my hope that the future of software licensing gets simpler, more pragmatic, and more empowering for the world’s software authors.
And since I’m so lazy in writing my blogs, I now have to add in a bunch of post scripts…
P.S.: In the same theme, we have also recently announced some interesting work with Office, giving authors the option to create Creative Commons licensed work using a plug-in within Office. Creative Commons is a nonprofit organization that has written licenses that allow content creators to share information while retaining some rights. Creative Commons was founded by Larry Lessig, a Stanford Law Professor I've come to respect and read often – Larry blogs about this news here. We’ve worked with Creative Commons in the past, on a spec for RSS extensions and the PatternShare wiki site (using the Creative Commons Attribution-ShareAlike license and the Creative Commons Attribution license, respectively).
Stephen McGibbon's has a great blog about the Creative Commons Office plug-in here, with screenshots and commentary.
Speaking of Office, you may have caught the recent news about the new community project building an Open Document Format (ODF) converter for Word 2007 (up on SourceForge: http://sourceforge.net/projects/odf-converter). If you are a spectator in the Open XML vs. ODF debates (a very en vogue topic for Open Source pundits), I suggest reading Chris Capossela’s letter about the differences between Open XML and ODF. Chris is one of the key leaders of our Office organization and this letter helps clarify a lot of the FUD spread by Microsoft competitors around Open XML and ODF.
P.S.S: On licensing, CIO Magazine Technology Editor Christopher Lindquist just wrote an article on OSS licensing that is worth reading.
by admin on July 17, 2006 06:00pm
Hank just blogged about critical thinking. If I had to state my own concise definition of what lies at the heart of critical thinking, it would be a personal commitment to finding the right solution to any problem, regardless of whether or not figuring it out and the subsequent implications are easy or comfortable (in practice, this usually means being the resident skeptic right at the point everyone else is getting excited.) This is not necessarily a comfortable thing to do: we tend to have a psychological affinity for propositions that confirm or reinforce, rather than challenge, our existing beliefs. And there are many sources of social and institutional pressure that militate against “naysayers” and “people who make things more complicated than they need to be.” Moreover, no matter how many tools the hardcore skeptic has in his or her toolbox—years of accumulated experience and wisdom, technical savvy, statistics and operations research skills, or sharp psychological intuition—the context for bringing those tools to bear is seldom ideal.
As an example, consider a team trying to lock on a project plan under some challenging time constraints: success means leaving the room with (1) agreement on a plan; (2) shared conviction that the plan can achieve the team’s goals, if every contributor executes against their commitments; and (3) an accurate understanding of the probability of achieving the goals. From experience, you probably know (1) and (2) are difficult enough—now think about being the one person in the room who says “you know, if you bracket our point estimates for milestones with sensitivity limits and run a Monte Carlo, I think our point-based-looks-like-99%-chance-of-success looks a lot more like 20% chance of success…”. (I use this example deliberately, thinking of the Carnegie-Mellon Software Engineering Institute (SEI)’s Capability Maturity Model Index (CMMI) —“level 2” project management entails items (1) and (2) from my example—the kind of quantitative management becomes institutionalized at “level 4.” Whether or not you are a CMMI fan, it does provide a benchmark indicating how few organizations would find our data-driven critical thinker’s suggestion easy, comfortable, or routine.)
On Port 25 we’ve had discussion of some hard problems: about the tough choice between MS building product capabilities versus partners and ISVs and about licensing and shared source project requirements. A big reason Port25 exists is because our point-of-view in the lab is that the best possible answers to these and other questions are unlikely to be easy or comfortable . (To use some extreme touchpoints, in my view the position that MS could answer these questions optimally by discounting the phenomenon of open source development and its history is just as almost certainly incorrect as the position that MS should answer these questions optimally by discounting the phenomenon of commercialized software development and its history in favor of “opening everything.”) If this is true, a dialogue among diverse perspectives is essential to continuously push the thinking of everyone involved away from the personally easy or comfortable—hence, the Port25 dialogue. There’s a new empirical study that I hope drives this point home and offers you the same motivation to continue to read and post to Port25 that it offers me.
Kevin Boudreau at MIT’s Sloan School of Management took an empirical approach to the question “Does Opening a Platform Generate More Innovation?” Cleverly, he looks at handheld computers (PDAs)—an area with multiple software and hardware players—and does a deep analysis of innovation measures in relation to “openness” measures. (What’s also clever, IMO, is that he includes different types of openness (ranging from licensing to SDK’s and documentation)—and innovation (differentiating between lots of incremental deltas and big breakthroughs)). What he finds overall is:
… setting an optimal open strategy may be a far more nuanced problem when trying to promote innovation, in contrast to managing the traditional trade-off between promoting adoption (by opening) versus retaining appropriability (by closing). In this traditional perspective, intermediate levels of openness might have been understood as a means of achieving some middle ground between two relatively simply opposing interests. In the case of opening to promote innovation, an intermediate level of openness might in fact be in the best interest of promoting innovation; there may not be so severe a trade-off with maintaining appropriability. However, the decision to open a little or a lot, and precisely how, will also likely involve trade-offs across multiple dimensions of innovation. (p. 25)
“Openness” was non-monotonic in relation to innovation, meaning (depending on the particular constructs used in different analyses) the curve peaked and then declined at some point. And the type of openness appeared to promote different types of innovation—lots of incremental or imitative innovations as opposed to a few breakthroughs:
Openness therefore should not only affect the rate of technical change, but also its direction. Therefore, these findings offer another explanation of why we observe so few “perfectly” open strategies in practice and why there might plausibly be place for heterogeneity of open strategies, insofar as there is space for heterogenous innovations and differentiation in a product market.” (p. 26)
Why is this exciting? Because it provides compelling empirical data from one technology domain that the question of optimal “openness” is an empirical question, not an ideological one. And that “openness” in relation to a traditional software business model is not a zero-sum, oppositional game. That means not only empirical research but also the Port25 dialogue are essential—even determinative. The bottom line: what we discuss here matters. If you download the paper, let me know your reaction. - Bryan
by admin on July 25, 2006 11:56am
More Updates (8/1):
Update, 7/25: We just wrapped up the O'Reilly Executive Day here at OSCON after two days of what many would call record heat in the Pacific Northwest. With many of the Port 25 folks having commuted from larger cities across the US, Portland is a welcome break from the office. For those who haven't been before - the pic this morning from the Willamette River might give you an idea of how beautiful this place really is.
Tuesday started with a panel - The Ghost in the Machine: The Impact of Open Source on Web 2.0 - with Chris DiBona, Open Source Programs Manager at Google, Jim Buckmaster, President and CEO of Craiglist, and Jeremy Zawodny, Technical Manager at Yahoo. The panel was moderated by Tim...an interesting discussion of how these companies, to varying extents, work with the open source community and continue to evolve their blended business models to satisfy the complex needs of both the community and their shareholders. Sorry the pics aren't great - the lighting was somewhat dark.
Bill was up next for an unscripted Q&A with Danese Cooper, Open Source Diva, Intel and OSI. We're trying to get the video so we can post the discussion on the site, but for those that were there.....you already know how unscripted it was. Bill answered questions about everything from the new ODF/OpenXML Plug-in Project to our continuing work on Shared Source licensing. Stay tuned for the video....
Some additional pics on questions fielded from the audience, ranging from general interoperability concerns between open source and Microsoft, to questions about how to grow & educate developers on Web 2.0 platforms.
We wrapped the day around 8 tonight - with the beautiful weather comes some great views of the mountain peaks surrounding Portland. Not pretending to know for sure, but I believe this is Mt. Hood from downtown Portland
We'll have more to come throughout the week - but our first day at OSCON was great! It's also worth mentioning that we met with a very interesting partner, Mindtouch, and had the fortunate luck to talk to Steve Bjorg, President & CTO. Steve recieved some positive coverage on C|NET today around the work they're doing with Wikis- but more on that later this week, as well as some additional interviews that Bill was lucky enough to conduct.
For those in attendance - welcome feedback, comments & love to hear what you thought of the tutorials & sessions so far. If you'll be there tomorrow, swing by the Expo Floor to pick-up a Port 25 tee-shirt :) Anandeep and Hank will also be roaming OSCON throughout the day.....
See you guys soon - Port 25
------------------------------- Here we go.....it's the Friday before OSCON and we're really excited about what we have planned for the show. For those of you attending, we hope you can join us for some of the planned agenda. For those who can't - keep an eye on Port 25 in early August for our wrap-up. This year - Port 25 is a Silver Sponsor of the event - and the theme of this year's OSCON is the growing influence of open source (and being open) on business. We couldn't think of a better theme to support! So here's a quick run-down of our plans.....if you have any questions, feel free to shoot us a mail at port25@microsoft.com.
There are a few other things in the hopper, so keep an eye out. We're looking forward to getting some face time with the community & listening more deeply to your concerns. We'll take them back to Microsoft and have follow-up blogs in August. See you next week!
by jcannon on July 06, 2006 05:42pm
Linux Format reported on Port 25 recently with the tagline “Reports of snowballs seen in hell as Microsoft offers to work with Linux developers,” which I thought was funny. It’s apparently getting even colder down there as we’ve now announced an open source project that adds support for ODF to Microsoft Word 2007 ("Microsoft Expands Document Interoperability").
A few months ago I started working with Jean Paoli, whose leadership on Interoperability at Microsoft is steadily moving product teams toward the goal of consistently delivering high-quality interop. Brian Jones notes this in his blog but doesn’t call out Jean by name. You can be sure that you’ll see more of Jean’s handiwork in the coming months and years.
During the time I’ve worked with him I’ve been greatly encouraged by his commitment to openness in documentation and in implementation. The Open XML Translator project is a great example of this – it’s an open source project hosted on Sourceforge.
I couldn’t help but hop over to Slashdot and check out the reactions to the news – and as usual there was a mixture of the rational and irrational, hope and fear, insight and suspicion of conspiracy. It’s worth making one point over and over.
The Open XML Translator is an Open Source project. The Open XML Translator is an Open Source project. The Open XML Translator is an Open Source project.
By definition it can’t conceal its implementation, is open to experimentation, modification, and commercialization (it uses a BSD license), and is owned by the community.
If you think it needs improvement, then improve it. If you think it doesn’t matter, ignore it. But above all, really think about it and what it means that we’ve taken this step before reacting reflexively.
This is actually something new and different.
by jcannon on July 23, 2006 08:15pm
We’ve rolled out additional updates to the site this past Friday in response to feedback, and created a new section of the site: Forums.
You’ll also notice:
We are behind on providing transcripts for all of the interviews, but this work is still under way. It’s important to us both for accessibility and to make it easier for non-English speakers (enabling machine translation). We got a suggestion to try using Amazon’s Mechanical Turk for transcription but we haven’t tried that yet ;)
Finally, I hope that the podcasts are useful. I enjoyed learning about Martin Woodward’s work on an open source, cross-platform (Eclipse-based) integration to Team Foundation Server.
Hope you have a great week, Sam
by jcannon on July 28, 2006 01:36pm We'll have more videos and blogs to come on OSCON2006; in fact, later today we'll be posting an interview with Mindtouch, as well as trip reports from Hank & Anandeep next week. For now - we wanted to share a few pics we snapped from the show floor for those that couldn't make it all the way to Oregon. As you can see from our first picture, the weather stayed beautiful for Day 3 at OSCON :)
Greenplum struck me as interesting startup with remarkable passion - especially the keynote delivered by Scott Yara, which challenged the open source community to stay dangerous in the face of establishment thinking. I believe O'Reilly is starting to post the presentations, so you may want to check back. His keynote was eclectic, and was appropriately titled, "School of Rock" - a discussion that thematically drew connections between the disruptive nature of open source and the way rock'n roll changed music in the 50's, 60's and 70's.
Some pics from the show floor - and our vantage point...no shortage of interest around O'Reilly.
Sun.....
We also had some time to catch up with colleagues from Microsoft who bravely hosted a BarCamp session on Microsoft and OSS. Tim Heuer, Anand Iyer, Woody Pewitt and Sara Ford all deserve a pat on the back. They also have some great write-ups on their experiences at OSCON as well.
More on Mindtouch later this afternoon.... -jamie