Recent actions by Microsoft prompted us to re-issue this position paper and add a section on intellectual property.
This position paper will address the question, “Can the open source approach to software development promote transparency and remove FUD — fear, uncertainty and doubt?”
By requiring that source code is freely available to all, the open source movement has made transparency and peer review two of its guiding principles. Transparency undermines FUD because all users have the ability to see exactly how the software works. Transparency increases quality by subjecting all aspects of the code to constant peer review. Transparency and peer review negate FUD by shifting the debate to the objective “what is it” from the subjective “who is it”.
Freely available source code also reduces the risk of unintended intellectual property infringement, because potential litigants can perform discovery on-line and can avoid legal expense and delay. Once a cause for action is identified and made public, the open source project can remove the offending code or unveil prior ‘art’.
IBM is credited with inventing FUD to undermine its competitors when it had a virtual monopoly in the mainframe era. Today, proprietary software vendors like Microsoft are trying to protect their franchises by spreading FUD about open source software. Some proprietary software companies raise fear and create uncertainty and doubt with the goal of causing organizations to abandon the deployment open source software.
Open-Xchange believes that the open source model will have the opposite effect and lead to transparency and the end of FUD. Universal access to source code and intense peer review will replace FUD with objectivity.
This is another in a series of Open-Xchange position papers on IT Management topics. Each of the papers will focus on a trend Open-Xchange has observed, what impact this trend is expected to have on the industry and how Open-Xchange, Inc. will help organizations respond to that trend.
The Origin of FUD
IBM invented the concept of FUD during the mainframe era. IBM perfected a three-pronged sales strategy based on the subjective Who and its corollary, fear, uncertainty and doubt. First the ’42 Longs’, young athletic white males, secured the beachhead by winning over the secretaries guarding the executive suite. Then trust was deepened as the executives bonded with account managers, older 42 Longs, on a private IBM golf course. And finally the SE’s or Sales Engineers cemented the deal by offering the IT professionals job security – no one ever lost their job selecting IBM. The misfits outside of this comfortable inner circle were to be feared because they threatened the status quo.
The advent of the personal computer and client-server architecture changed the playing field. The What become more important because users got firsthand exposure to computers and software. But the What was restricted to features and functions because users only had access to object code.
The confluence of the Internet and the open source movement in the early 1990’s changed the landscape completely. Now everyone could access information previously available only to the inner circle. The What became more important than the Who as people gained access to the source code, “the thing itself”, as evidenced by the Linux operating system.
The Source Code Requirement
To be designated open source software, the source code has to be made available to all and it must be easy to locate and download.
The most prevalent open source license form, the GNU General Public License, Version 2, states it this way:
“Our General Public Licenses are designed to make sure . . . that you receive source code or can get it if you want it . . .”
The approved license forms on the The Open Source Initiative web site all include a provision to access the source code. www.opensource.org/licenses/ OSI states the underlying principle in these words:
“The program must include source code, and must allow distribution in source code as well as compiled form. Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code for no more than a reasonable reproduction cost–preferably, downloading via the Internet without charge. The source code must be the preferred form in which a programmer would modify the program. Deliberately obfuscated source code is not allowed. Intermediate forms such as the output of a preprocessor or translator are not allowed.”
Peer Review
The scientific method, which is the underpinning of most intellectual progress, is based on experimental replication and the ethos of peer review. The open source movement applies these two fundamental tenets to software development for the first time. Instead of a closed system restricted to owners of intellectual property, the open source movement opens up software to the unfettered scrutiny of the public at general.
By giving all interested parties access to source code, the open source movement makes peer review possible by enabling experimentation and testing. Everyone can see how it works. Everyone can offer suggestions and improvements, not just members of a single vendor’s development team. Major open source software projects are downloaded hundred of thousands of times. Each one of these downloads is an opportunity for peer review and improvement.
Each user of open source software is encouraged to find bugs or suggest enhancements. More enterprising users are free to actually implement their suggestions and submit their enhancements to the community.
Open Source Means No Hidden Code or Functions
As organizations adopt open source software and “join the open source community”, they have the opportunity to inspect each and every aspect of the code they’re running. This means that the entire open source community has complete transparency of the ‘stack’ from the operating system through the middleware to the application layer. If anyone in the community discovers a flaw, it’s a straightforward task to isolate it and determine where the cause is in the ‘stack’. Once a bug is isolated, it is a straight forward task to fix it, test it and contribute a patch into the common code base.
Keeping the code base consistent is important because code branches slow innovation by increasing fragmentation and dissipating energy/focus. Hence, we see little difference between proprietary software companies and open source vendors who customize the ‘stack’. Once the ‘stack’ is customized, the democratization of software is violated and prevented. At Open-Xchange, we do not customize the open source distributions or the middleware stack that our code relies upon.
Open Source Also Means Open Standards
Having access to source code is a part of the equation, but not the full equation. To ensure maximum effectiveness, open source software also needs to be based on open standards and data formats. This means that all API’s, protocols, and data structures are transparent to the entire user community. Everyone can see how everything works together. If problems arise, the root cause can be identified. Open-Xchange is dedicated to basing its collaboration integration platform on open standards and data formats that are accessible to the general public.
Intellectual Property
One of the most effective forms of FUD raises concerns about the ownership of the software. SCO took this type of FUD to a new level in 2003 when it sued IBM for $1 billion. It alleged that IBM had violated SCO’s UNIX copyrights by contributing proprietary source code into the Linux code stream. SCO made the users of Linux nervous by threatening to sue them, in addition to IBM, for infringement if they didn’t pay a ‘protection’ fee. Luckily, very few companies fell for this ploy.
Eventually, the SCO lawsuit collapsed because SCO did not produce the offending source code. Even if SCO had provided evidence of copyright infringement, the open source community would have quickly removed the offending code and replaced it with clean code. SCO used FUD to disrupt the open source movement for the temporary monetary benefit of a small number of ‘insiders’ who sold into a valuation bubble created by the FUD.
Today, Microsoft is trying a similar tactic alleging that the Linux kernel and open source software violate 235 of its software patents. Microsoft’s timing is curious. In April, the US Supreme Court ruled that source code is nearly impossible to patent. So why raise the specter of FUD now? It is probably a tactic to cower certain open source vendors into a patent cross-licensing deal. At Open-Xchange, we have joined the Open Invention Network (“OIN”), a patent pool created by IBM, NEC, Novell, Philips, Red Hat and Sony. In the event, Microsoft initiates a lawsuit against one or more of the OIN’s members, OIN may counter with a lawsuit against Microsoft and its Windows operating system.
But for the man on the street, who just wants to use the software, all of this FUD about intellectual property ownership is disconcerting. The peace of mind that open source software can offer is that transparency and peer review are the best protection against intellectual property infringement.
What versus who
Although many in the industry bandy about the statement that users want ‘one throat to choke’, we disagree. Users want control of their environment. And control is attained by having a transparent view of the entire stack.
Open-Xchange believes that security is better served by knowing what you are working with rather than who you are working with. Having access to the objective what gives the user much more control than contact with the account rep at the subjective who. Being dependent on a single vendor’s ‘black box’ is not the sign of control and certainty, but the hallmark of powerlessness and dependency. Access to the source code, i.e., transparency, means that it is nearly impossible for a vendor to insert code that adds “hidden” functions or services that could provide the gateway for a security breach or malicious mischief.
Why Open-Xchange?
Open-Xchange has always developed software based upon common open source components and international standards. Open-Xchange Server uses only standard APIs, protocols and data formats. This obsession with reliance on open source software and compliance with open standards has made it easy for our customers and partners to implement, integrate and customize their collaborative solutions.
Since its inception, Open-Xchange Server has architected its collaboration platform based on a modular structure at both the component and data object level. This means that Open-Xchange can integrate open source middleware and application components such as Apache, MySQL, Postfix, Cyrus, ClamAV, Spamassassin, and Open SSL into its collaboration framework with relative ease. At the data level, by relying on standards such as WebDAV, IMAP, iCal, and vCard, Open-Xchange can provide a unified collaboration solution.
This architecture has enabled Open-Xchange, from the beginning, to offer integrated email, calendar, contacts, tasks, folders, together with role-based document sharing, centralized knowledge and bookmark stores. Over time, the Open-Xchange community and its partners have developed and will continued to developed OXtenders that make it simple to add tools, such as Instant Messaging, blogs, Wikis, Voice over IP, into its integrated, secure collaborative environment.
Open-Xchange’s objectives are to:
(1) Offer more than users expect at an affordable price,
(2) Only provide software that is open source and transparent,
(3) Base our integration platform on a stack of ‘plain vanilla’, unmodified open source components, and
(4) Adhere strictly to open, international standards.
Open-Xchange encourages peer review of its open and standard software. Every bug that the community helps us fix makes the software more useful and productive. Every enhancement or extension that the community creates enlarges the user base. The guiding principles of transparency and peer review make Open-Xchange an ideal choice for organizations seeking an open source collaborative solution. By embracing open software, we are working towards the end of FUD.
This article is a derivative work from an early article co-authored with Dan Kusnetzky.
If you have any questions please contact:
OPEN-XCHANGE Inc.
303 South Broadway
Tarrytown, NY 01591, USA
info@OPEN-XCHANGE.com
www.OPEN-XCHANGE.com
303 South Broadway
Tarrytown, NY 01591, USA
info@OPEN-XCHANGE.com
www.OPEN-XCHANGE.com
Leave Your Comments