Search



Recent Entries

Syndicate this site (XML)
Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.17

« January 2005 | Main | March 2005 »

February 02, 2005

OSDL Conference Key Thoughts: Linus Torvalds, Andrew Morton, Mitch Kapor, Brian Behlendorf

On Security

Brian Behlendorf thinks that computer systems are going to be understood in far more biological terms in the future. We talk about viruses and anti-viruses. How about vaccines? He points out that many viruses and worms are not harmful but they could be. In this way they are like vaccines, where an infectious agent spreads and causes an immune response. Perhaps the best way to provide security is to send out harmless but annoying viruses to keep the computing immune system well-primed.

Linus thinks if you are paranoid about security, as one foreign defense force person in the audience asking the question was, you would feel safer examining the code for trojans. While a lot of work, in open source it is always possible, while with proprietary systems, it is not always. Also, in terms of stupidity in coding he points out that a lot of corners are cut where the developer knows no one can see the code. In open source "if you see someone has a comment that it does  not work in a particular case, you ask yourself What drugs is he on?".

On the Communities Surrounding Open Source

Brian says Apache does not have leads. Decisions are made by concensus. One nice thing is the graceful gradient of contribution: user -> expert user -> bug submission -> patches -> committer -> maintainer. This makes it easy to move up.

Mitch wonders about the right level of control. Too open and you get a babble; anarchy. Too closed and you turn contributions away. The Firefox leads think they have been too tight. For the last two years they have not admitted anyone to their group. A key is to decouple systems. This allows parallel development. The project lead should have good judgement more than anything else. What to leave out and what to leave alone.

Andew Morton manages the 2.6 kernel through 50 maintainers of each subsystem. Repository management becomes a key skill.

Open Standards and Open Source

Brian believes that they are two sides of the same coin. He points out that Apache was formed to implement a server for HTTP.

Linus thinks that some companies pay lip service to standards but deliberately seek to add proprietary features when implementing standards. These companies are not motivated to improve the standards. He thinks all open standards should demand an open source reference implementation. Standards are not always set by standards bodies. Open source projects can become defacto standards. These are accepted by the public as standards, because no one can take the implementation away, so it is always safe to build on.

On Software Patents

Linus has thought this has been on the open source radar for the past 5 years. It is bad for open source. It is just as bad for proprietary software. He despairs at the special interests in Europe who keep trying to get software patents in. A light at the end of the tunnel is the patent grants given by IBM, Sun and others. He thinks many other companies will follow suit, but not Microsoft.

Mitch Kapor wrote a paper in 1990 entitled "Why patents are bad for software". He goes way back. The big problem is that tens of thousands of bad patents have been issued. 15 years ago the Patent Office changed policy. Until then they checked for prior art and the other rules. Then they decided to grant anything and let it be fought out in the courts. This could create a future Patenet Bhopal, with toxic stockpiles of patents waiting to explode. He thinks that Microsoft's last stand will be to use their toxic stockpile as a Patent WMD, a weapon of mass destruction. He says we need patent reform. Which will happen first? He does not know.

5 Years From Now

Linus does not predict the future. He says those who look into the distance at Utopia stumble on the rock in front of them. He looks at the rocks. He wants to fix things today, and then fix things tomorrow and so on. He says he is an anti-visionary.
He has no visions.

Andrew sees open source as inevitable.

Mitch sees irreistable force in open source meeting immovable objects. He thinks interesting things will  happen. He cites Wikipedia as an example of what can happen with decentralised self assembling systems. An invaluable resource created far more cheaply than their closed source counterparts.

Brian sees open source as an emergent property of the Internet itself. The software lives in an ecosystem where many parallel experiments with different forms take place concurrently.  This causes super-fast evolution and survival of the fittest. He likens closed source to the failed centrally planned economies of the communist countries. The market won. Microsoft has criticised the lack of a central authority to take responsibility. Brian asks "Does Microsoft see out lack of a single point of failure as a problem?"

The Nature and Culture of Open Source Developers

Linus thinks that cooperation is not motivational. Its more fun to compete. Lets not cooperate too much. Bad coders do not get their contributions accepted. Good programmers do. Good programmers are almost never politicians. It is insufficient to want a career path to do open source. You need another motivation. You do it because you would do it anyway.

Andrew thinks that politics is dealt with by developers getting subverted. They end up more loyal to the open source project than to their companies.

Mitch notes that most open source developers are in the US and Europe. (He seemed to miss the fact that Andrew Morton, an Australian was sitting next to  him and that per capita, Australia contributes the most to  open source.) Developers from other countries use open source but do not contribute as much. Maybe language? Maybe culture? Brian avoids developers who want to make a pot of gold. He thinks developers over 30 are likely to recognise that they need enough for a home and to care for their children. From their it is about feeling good about what you do, about contributing, seeing your code live and not be yanked out a week before release by a "deranged Venture Capitalist".

Brian thinks open source developers have to be good communicators to succeed. They need to be able to debate and defend themeselves. They also need good judgement. An open source programmer will usually be a good hire.

Personal Observations on the Panel

The panel was an amazing assembly of open source talent. Looking at them I came up with some descriptions:

Linus Torvalds - Glowing with goodness, happiness and calmness. He projects it like the Dalai Lama.
Andew Morton - The dour realist. Linus' right hand man as he calls him.
Mitch Kapor - The wise old owl. He is really from another time, which gives him perspective on the current time. Though look out for Chandler, a PIM. He is cooking up a killer app. Also check out the new calendaring standard CalDav.
Brian Behlendorf - He reminds me of a friend of mine. He seems to be the archetypical Californian (not sure if he is), from pony tail  to Zen views. The biological perspective he has is very appealing.

Posted by gluck at 04:54 PM | Comments (0)

MSN Test Drive: "java sucks" vs ".net sucks"

The first question on my mind about MSN's new search engine is whether it provides an unbiased view of the Internet. Judge for yourself

"java sucks"

Google: 410,000
MSN: 846,373

".net sucks"

Google: 3,000,000
MSN: 245,041

Posted by gluck at 02:13 PM | Comments (3)

February 01, 2005

Report from Day One of the OSDL Linux Enterprise Summit

I am attending the OSDL Linux Enterprise Summit in Burlingame, just south of San Francisco. Interestingly a good proportion of the attendees are corporte lawyers. The focus right now is on getting the law right to avoid future difficulties. Following are some highlights from day one.

Open Source Licensing, Larry Rosen

  1. Used to be mainly about copyright, but is now needing to deal with patents as well.
  2. The differences of Composite versus Derivative works and the exact legal meaning of many others terms are being defined. Their is a lack of case law (a good thing!) which makes it a challenge.
  3. Larry has a book called Open Source Licensing. He is hoping Justice Scalea of the Supreme Court reads it when considering open source.

Reviewing Use of OSS in the Enterprise, Karen Copenhaven>

  1. Most organisations have a contingent liability due to breach of open source licenses.
  2. Session mainly on the need for and conduct of a Legal Review process .e.g. Product contains OSS with breach who in turn distributes that to another customer, thus propogating the breach
  3. Potentially a big threat to OSS use, because it may be easier to just say no to OSS. In reality most organisations are spinning up their lawyers instead.
  4. Commercial software companies are starting to offer indemnities. 5 years ago no one did. HP is an example of providing indemnities for Linux.
  5. A common approach is to get the lawyers to review a project and put it on an approved list. It is not sufficient to have a list of approved licenses. The pedigree of the source must be examined.
  6. Black Duck makes tools to automate open source review.

Andrew Morton

I ran into Andrew who I have met before. We talked about adoption of the 2.6 kernel. He is the maintainer of 2.6. He moved over to the US from Wollongong, Australia about 4 years ago and is doing some work for the OSDL for his employer Digio. His quote, which is the quote of the day - "Open source is inevitable".

Novell

Plenty of Novell people were on hand today. The head of server marketing thinks that 20% worldwide desktop use is achievable in the next 5 years. Currently it is at 3.5% but just a few years ago it was barely measurable.

Posted by gluck at 02:40 PM | Comments (0)