SunMink

Simon Phipps's other Weblog
(a WebMink in the Sun)

Roller to go to Apache?

The Roller developers submitted a proposal today that Roller become an Apache project. I think this is great news and a great step for both Roller and for the Java blogging community. Way to go!

Posted by webmink ( Feb 28 2005, 08:29:49 PM PST ) Permalink Comments [0]

'Father of Method Patents' Slams CDDL

It's a funny old world. Do you ever wonder who was the "architect of the landmark decision [on] the Federal Circuit ... [that] opened the door to patents for business methods"? If you'd been at LinuxWorld last week you could have met him - Steven Henry, the man who invented method patents and whose influence was the starting point for the whole software patent situation in which we find ourselves, gave a keynote. In that keynote he tried to fling FUD on the license most likely to de-claw his invention. Which was written by a company his audience probably wouldn't expect.

Now, I am very cautious about reported speech in the media, but there are several things in the anonymous Sys-Con reportage that make the jaw drop and the eyes widen in incredulity. Some of the discussion points he makes bear exploration, but in general I get the feeling he just doesn't grok the GPL. He thinks it's a license; the rest of us know that it's the manifesto for a social movement. But exploration of that will have to wait for another time and another place.

I wonder if Steve has been reading the Webmink blog? He mentions "the elephant in the room" and that's how the issue of software patents is referred to (which Steve invented so he clearly doesn't want us to ignore that lucrative elephant). I have to say I rather doubt it because if he'd read about toads and ants he'd possibly not make such gigantic errors in describing the CDDL (which is hardly a "User license", Sys-Con). He says:

While [the CDDL] grants a limited patent license, that license is lost once the original code is modified, leaving the licensee in possible jeopardy.

Let's be clear. No part of that statement is true. Let's take it clause by clause^*:

• "...grants a limited patent license..." No. If you read the license you'll see in paragraph 2.1 and 2.2 that actually anyone releasing software under this license grants a blanket license to all IP without the need for it to be enumerated or identified in any way. That's

  "a world-wide, royalty-free, non-exclusive license... to use, reproduce, modify, display, perform, sublicense and distribute ... to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Software"

  that applies to all intellectual property and patent rights, both real patents on things and imaginary patents on software and methods, whether the parties to the license realise it or not. Are those terms "limited" in anything but the most inaccessibly technical sense? Or maybe Steve is worried he'll lose business under paragraph 6.2, which could make software patent violation lawsuits a thing of the past? Now that would be a limitation worth having.
• "...that license is lost once the original code is modified..." No. Maybe Steve didn't read it for long enough. 2.1(d) and 2.2(d) do include a clause saying that a licensee can't extend the scope of the rights grant to patents that weren't covered by the original blanket patent grant, but that's not a surprise really, is it? Without those words the license would be an unlimited license to all patents, real or imaginary, as long as you could slip in a few lines of code that needed them. No, the license is solid as a rock, even when the code is modified.
• "...leaving the licensee in possible jeopardy." There's no jeopardy here, Steve. In fact, paragraph 6.3 even makes sure that end-user licenses survive the mutual destruction caused by a patent terrorist, and paragraph 9 tries its hardest to tie up loose ends caused by differing international jurisdictions. Face it, CDDL is the best attempt so far to neutralise the Gremlin you fed after midnight.

Bottom line - The patent grants received under CDDL are retained over time, including after modifications are made. In fact, patent grants and copyrights granted under CDDL are only lost if the license is terminated due to breach or assertion of patent infringement in Section 6 of CDDL.  Steve was wrong, or at least misleading, in his comments. So while the CDDL may be "...the latest indicator of the need to address the patent issue in a constructive manner," the truth is that the CDDL also addresses that issue and constructively points the way to how to build patent-hardened open source communities, by including a blanket patent grant in the license so that the community evolves a meshed patent defence against attackers.

Posted by webmink ( Feb 20 2005, 06:44:24 PM PST ) Permalink Comments [0]

Proliferation of Proliferations

Seems open source license proliferation is the topic of the week - obviously some memo went round that I didn't get. Here are the paths I have seen proposed so far to end license proliferation:

1. Just use the GPL for everything (and kill the rest). This is actually not a solution as I explained in my earlier essay. The GPL is not miscible with other licenses and thus offers no path for open sourcing software of mixed heritage. In addition, it does not have a strong mechanism to deal with the issue of protecting developers from patent indemnification issues. Both of these will get fixed I hope when licenses "proliferate" a little more with the creation of GPL v3.
2. Analyse the licenses and build a chart showing which licenses have which effects so that new licenses appear less necessary and old ones can be recycled. SFLC are offering to do this and it will prove useful to lawyers seeking to license new projects, but the effect it will have on proliferation is small if there's no license model that actually meets their needs.
3. Close down OSI, or at least prevent it approving any more licenses. The latter seems to be what Martin Fink from HP and SJVN want to do, but it would solve nothing. Licenses proliferate because existing ones don't fit people's needs (or at least so their lawyers tell them), not because OSI exists and keeps approving new ones (or as a rapper might put it, "licenses don't kill software, lawyers do"). Having said that, the new ideas OSI is having for including necessity as one of the approval criteria are good.
4. Create a small set of generic, miscible licenses that need no modification to suit most needs and which can be gently modified without creating new non-miscible 'fragments' of the open source code space. This is what CDDL set out to do, and I believe what GPL v3 sets out to do, and is in my view the best solution to license fragmentation. It's also something that OSI could adapt itself to regulate.

So why are people (and there are plenty) who know better trying to paint CDDL as part of the 'license proliferation' problem? Are they too afraid to be positive about it just because Sun had it written (largely by non-Sun open source experts, by the way). If the term 'proliferation' applies to CDDL, it will also have to be applied to GPL v3.

CDDL was designed from day one to be a possible solution to the problem of license proliferation, which is largely the result of corporate lawyers wanting to use the MPL for their software but being unable to do so because of issues with the license. CDDL intentionally deals with those issues in a generic way, so that others can use CDDL where they need an MPL-style license. Indeed, John Cowan pointed to the license during the approval discussion at OSI as a replacement for the MPL and went on to justify it.

So it can't be that the CDDL is part of the problem - it's way too much part of the solution for that, as John Cowan just asserted. Maybe the people slinging mud at CDDL are actually slinging mud at Sun, for some other reason? Maybe there's another agenda? The politics of competition, maybe?

Posted by webmink ( Feb 18 2005, 09:04:38 PM PST ) Permalink Comments [2]

Quince Flowers

Quince flowers

Posted by webmink ( Feb 16 2005, 04:13:18 PM PST ) Permalink Comments [1]

On Cane Toads, Fire Ants and Patents

My first distillation of discussions on Groklaw¹ concerns mainly patents. Asterisks show links to sample comments on Groklaw, just in case you think my examples are imaginary. My aim is to explain rather than to attack so please read things that way and e-mail if you think there's an attack snuck in.

Theories

Groklaw theories on why Sun created the Common Development and Distribution License (CDDL) included active tactics like "undermine the GPL", "set up a walled garden of development*", "attack Linux**", "copy Microsoft Shared Source*" as well as passive diagnostics like "not getting open source*", "being clueless" and so on. Actually, the team led by Claire Giordano understand open source really well and had none of those motivations. It was obvious from day one that any future software licensing would need to use OSI-approved licenses rather than indulging in the sort of experimentation that was possible for Sun in the late 90s. Experimentation with licenses to form communities around software was all valuable back then². Sun and others learned a great deal from trying bold licensing ideas like SISSL and SCSL, including their flaws. Since then, it's become clear that each experiment can live for ever as we now extract ourselves from modern dislike of those licenses untempered by a view of their historical significance.

Moreover, license proliferation has now run rampant. As it turns out, a huge amount of the proliferation is revisions to the otherwise excellent Mozilla Public License (MPL) caused by the hard-wiring of some of its clauses. People change the company name and jurisdiction in the MPL and then don't seem to be able to stop themselves adding a little something extra too, thus creating yet another license with reciprocal terms that fragments the license space (as Larry Rosen has pointed out). As Mitchell Baker's MPL is so popular (and rightly so), it was used as the starting point for the new license that seemed inevitable once the factors below were understood. In an effort to reduce license proliferation, it was decided to make the license generic and re-usable rather than specific to Sun. Hopefully we'll see a reduction in reworded MPL variants being brought to OSI, not least as people seek to join the defensive patent pool created by the CDDL.

Factors

A number of factors showed the team the problem space Sun faces:

1. First, there are patent terrorists³ around, even in the most unlikely guises. Until a reform of US patent law results from the brave resistance of citizens in Europe⁴, we can expect attention to detail over patents to become more rather than less important.
2. Second, Sun is heading towards a greater empowerment of all its communities of deployers and ISVs - there will be more open source projects, it's a societal shift not a passing trend. It will be necessary to have a license that allows for the blending of code with licenses from the various geological eras of software history as each one goes open source.
3. Third, while a do-as-you-please approach was widely appropriate in an earlier and gentler age, today it's often important to encourage all users of a code base to make an ongoing commitment to engage rather than seeing open source projects as a parts shop with no checkout desk - "shared development", not just "published source".

Looking at the current range of OSI-approved licenses it became clear that none of them was a perfect fit and that a new license would be needed. The GPL was pretty popular with many people in Sun, but its most obvious failing was in issue 2 - it doesn't allow mixed licensing⁵. For something like OpenSolaris, that's essential. While Sun's legal team has done amazing work over the last five years renegotiating licenses from the various geological eras, there's still a variety of licensing in the huge code-base that is Solaris and indeed there are likely to be modules that will need to stay binary only, at least at first.

Toads and Ants

None of the licenses looked at really seemed to have a good answer to patent terrorists, and this was a primary motivation in the design of the CDDL. Patents on methods are like cane toads or fire ants. In the habitat where their natural predator is present, they are irritating but containable, but allowed to roam elsewhere they are a menace that threatens the otherwise defenceless native species. For patents, the natural predator is the patent portfolio backed up by the will to fight and the cash to do so. To provide a good defence, that portfolio needs to encompass the whole code-base it applies to - if it can attract a diversity of co-operating owners, all the better.

Usually that's a matter for the company developing the software product, who file patents as they go along, but for an open source community it's harder and so far no-one has created a mechanism to build the defences. The idea of the CDDL is to seed a patent portfolio for the code-base involved, and then ensure that as contributions are made over time each contributor also supplies the community with the patent rights necessary to defend their work.

Consequently, paragraphs 2.1 and 2.2 of the CDDL make every contributor grant all necessary rights for their code in a blanket grant, and then section 6 binds them in a 'patent peace' arrangement so that any patent litigation leads to a loss of rights - an idea pioneered in the GPL and MPL. At a minimum, paragraph 3.2 ensures all contributors declare they have rights to their ideas, just as the original licensor does by the act of creating the original work.

Scattering or Building?

Groklaw people are fond of asking "why doesn't Sun do it right like IBM**" but IBM's approach of gathering a small selection from their huge patent portfolio and hoping someone can do something good with them is much less focussed - a fine gesture of openness and generosity nonetheless. People preferring IBM's approach presumably regard patents as a seed-idea from which to be creative under an OSI-approved license. That approach requires study of each and every patent both by the donor and the recipient - something only those with access to specialist legal advice will find comfortable. However patents may have been conceived in earlier times, they have become the protective barbed wire around corporate products.

The Sun approach results in a blanket grant to all patents found to be necessary and creates a project known to be protected. It's not about seeding ideas - but then modern patents do their best to gain protection while revealing as little as possible that's useful anyway. Both approaches to patents are good if we have to live with them, but it's like the difference between throwing a handful of coins into a crowd and hoping it will do some good versus endowing a charitable trust. The charitable trust is theoretically more restricted (not everyone can grab a coin) but in the end solves the problems in its charter better than any general approach.

Entrapment?

A common objection is that developers are in some way more at risk** from looking at the OpenSolaris source than they are looking at the source of some other commercially-derived open source project, because the patent grant only applies within the scope of CDDL-licensed projects. However, once you realise that most US technology corporations encourage developers to file patents as they go along, to build defensive protection for their products, you will also realise that it's likely all substantial corporate-origin open source projects are heavily encumbered⁶. Even smaller contributions from big patent holders are probably affected. Just because Sun has quantified it for OpenSolaris, that doesn't mean that it's any less safe to look at than any other open source project. If you use either the code or the ideas behind any code-base you are likely taking a theoretical risk, possibly a practical risk if you allow it to inform other, non-OSI-licensed projects. That's not an attempt to scare you - it's just a fact. Patents apply whether you know about them or not and reading people's code neither increases nor decreases your risk from them.

Of course, it's no comfort to know that you have always had a problem and that it's not gone away, and I suppose there are grounds for jealousy that CDDL projects will have something other OSI projects haven't got yet. Despite popular Groklaw accusations like "trying to entrap Linux developers to use Sun patents so they can be sued*" and "misleading people by saying there's a patent grant but keeping it all for themselves*", Sun is actually doing a new thing that solves rather than creates a problem, while doing no harm in the worlds of existing licenses. To suggest Sun is going to suddenly start patent suits against other open source community members is ludicrous. Like IBM, Sun has no intent of doing that. Unlike IBM, Sun also has no intent of turning its patents into a revenue centre from commercial developers. Sun has, like Red Hat and MySQL, accumulated its patent portfolio as a defensive measure against patent terrorist. The CDDL now gives Sun and others a way to extend that protection to others, through the specific wording of a specific license.

First Steps

There's plenty more to say on this subject, but I'll end for now with a pointer to Greg P's recent comments on the subject. I personally think the steps CDDL takes with creating blanket patent protection are an essential step that the open source meta-community will have to take with other licenses in the future; maybe GPL v3 will take similar steps and thus become miscible (or at least safe to dual license) with CDDL, to the satisfaction of both the OpenSolaris and Linux communities?

-----

Posted by webmink ( Feb 13 2005, 08:14:23 PM PST ) Permalink Comments [0]

404: "Open Source Community" not found

Spoooky moment just now. James Governor is spot on with his assessment that the "open source community" is neither a single entity nor homogeneous. He says:

Its important to understand there is no open source community. Rather i there are many open source communities with their own licensing and governance approaches, lexicons, characters, superstars. Its a carnival mash-up, a diverse cornucopia of views attitudes and styles.

"Open source is not about having five different operating systems, it's about everyone working together to create one rock-solid operating system," he said.

I really think Dan is missing the point Sun is making - maybe I should get in touch.

Posted by webmink ( Feb 11 2005, 05:58:35 PM PST ) Permalink Comments [1]

San Diego Preso

Speaking today at the Desktop Linux Summit in San Diego in the OpenOffice.org Regional Conference. Great audience (watched by Doc Searls in the front, Ashlee Vance from The Register over to the side), and I enjoyed presenting (here are my slides). It was also a pleasure to meet Ed Peterlin and interview him on stage - the interview is attached as my first Podcast, and if you can bear the poor audio quality you'll hear me call for NeoOffice/J to get equal billing over in the OpenOffice.org community.

Update: You can now hear my talk (and the other talks from the conference) by visiting Daniel's page at OpenOffice.org.

Posted by webmink ( Feb 09 2005, 03:15:19 PM PST ) Permalink Comments [6]

Two Days Awake

Last week I spent two solid days awake and several others in almost as intense focus, reading and typing over on Groklaw, the web-site set up by Paralegal-turned-Journalist Pamela Jones. Groklaw was set up to apply the community-contribution model to the lawsuit between IBM and SCO and has become an exemplar of investigative reporting as well as a treasure house for those wanting the source documents from the proceedings. It also provides a pretty partisan forum for discussing current issues of concern to its community. Many contributors to the discussions on that site would have the sort of lifting-the-rocks-and-looking-under approach to evidence that would, applied to a party like Sun, see in the shared "PJ" of her career transition and of her name a suspicious sign suggesting a concealment or a fabrication.

That's certainly how Sun's announcements around OpenSolaris have been treated. In a series of postings, Pamela has communicated her extreme suspicion of Sun's motives and actions. Contributors have then spent thousands of words finding and reiterating theories of Sun's motives ranging from incompetence and senility to conspiracy and corruption. I devoted so much time because it just seemed right to show up and honestly engage in the conversation that was happening there, and I'll be back some more if the topic turns to Sun (or patents). While trying to avoid trolls, I did my best to answer the assertions people made and I thought it would be good to try to distil some of the ideas here. I'll post the resulting essays as they happen. If you just can't wait, the discussions are here and here.

Posted by webmink ( Feb 08 2005, 09:38:29 PM PST ) Permalink Comments [0]

Satire or Shallowness?

I was reading some excellent satire over on DivisionTwo (so convincing it's had the lower IQ members of the Mac community raging over how anyone could be so shallow) when my attention was directed towards eWeek's staff Sun-hater used-to-like-Sun-guy, Steven Vaughan-Nichols, who has mentioned me in an article today - I star in page 2.

At first read I assumed it was the same sort of satire as DivisionTwo trade in, but after a while it dawned on me that it wasn't. As I have spent a great deal of time and effort responding carefully to similar (if sometimes more thoughtful) comments in the very same Groklaw item SJVN implies I haven't seen (presumably he only read the top part and neglected to read my comments) I'll not repeat all the arguments here yet, but suffice to say that Steven is sadly mistaken, in a Slashdot-first-post sort of way.

To summarise: OpenSolaris is open source because it uses an OSI-approved license; Sun has been a leading member of the open source community of communities for years, participating fundamentally in things like Gnome, OpenOffice.org and Mozilla and many more; CDDL introduces no threat to any open source community but does offer genuine, provable patent safety to projects that use it; you are confusing copyrights and patents as are people who think they are safe from patent suits if they don't read encumbered source code; and you've misunderstood Larry Rosen's real point so badly it will have to wait for another posting. Sorry if the summary is cursory, it's late here in the UK.

Posted by webmink ( Feb 04 2005, 07:51:12 PM PST ) Permalink Comments [1]

Opposite Sides of the Street

Ben Rockwood at Cuddletech has a great insight into the squabbles over whether Sun or IBM has it right concerning open source - he says:

People keep trying to duke it out with me over whether Sun or IBM is more commited to open source. And really, it's a hard discussion to have because it depends on which side of the street you are and where you want to go. ... Sun is giving to the world what it has to offer and IBM is giving to the worlds offers what it has to add. These are two polar ways to go about it all, and naturally why so many battles break out.

Ben's looking for understanding and brokering peace. Unlike the shameless Dana Blankenhorn, who just puts words into others' mouths so he can criticise those words. Who is demanding royalties, Dana? Not Sun. How can one "not meet the obligations of open source" if one donates full source to the community under an OSI-approved license? Or is there another rule for Sun that people are making up on the fly?

The real issue, of course, is the elephant in the IT kitchen.

Posted by webmink ( Feb 02 2005, 06:03:04 PM PST ) Permalink Comments [0]

Scott on Privacy - why I agree

James Governor thinks Scott has changed his mind on privacy. I don't - read more in Privacy is Dead, Long Live Privacy.

Posted by webmink ( Feb 01 2005, 05:19:46 PM PST ) Permalink Comments [0]