Good Morning, and thanks for coming.
I'd like to go over near future challenges for Free and Open Source software, Linux and the GNU system. Before that, please allow me a few minutes to talk about my sponsor, a very interesting Open Source product in itself, my book series with Prentice Hall PTR publishing.
The Bruce Perens Open Source Series of books now has 4 titles in print, and three more are on the way. The text of these books is under an Open Source license, and the books are released online in "source" form a few months after the release of the printed version. Yet, these books make as much money for the publisher as non-Open-Source books. At this show, we're introducing two titles: "Intrusion Detection with SNORT, Apache, MySQL, PHP, and ACID", by Rafeeq Rehman, and "Managing Linux Systems with Webmin", by Jamie Cameron. We're also announcing the availability of online "source-code", actually the word-processor files and illustrations, for our first two books, "The Linux Development Platform", also by Rehman, and "Embedded Software Development with eCos", by Anthony Massa. Unlocked PDF versions of these books are also available. All of the files are at phptr.com/perens .
With the source now released under terms that allow duplication and sale, these books need never die. Even if the publisher and authors were to lose interest, any Open Source maintainer could keep the books in print. This is especially important for the eCos book, which is the only title in its field.
Our three upcoming books are: "Implementing CIFS: The Common Internet File System", by Chris Hertel. CIFS is the protocol of Samba, the file and printer sharing program that is compatible with Microsoft, Unix, and Linux systems. "The Official Samba 3 How-To and Reference Guide", by John Terpstra and others, is the manual for the next generation of the Samba software, and "Rapid Application Development with Mozilla and XML", by Nigel McFarlane, one of the Mozilla core team. The book tells you how to use Mozilla's GUI toolkit to create complex browser-based applications.
On to the rest of the speech.
<<< I introduced OSAIA, a new lobbying organization for Open Source, and Jamie, their general counsel, spoke for a few minutes. I don't have a transcript of that, but please see www.osaia.org . These are professionals spinning off of CCIA (see www.ccianet.org) with about a dozen staff, half of which are lobbyists, and offices in Washington DC, Brussels, elsewhere. They are the first real lobbying organization for Open Source, and it's an essential project since ill-thought-out legislation, things like UCITA or software patenting, are one of the most serious perils that we face. >>>
This is a "Linux" show, focusing upon a product. But the real subject of this trade show, Free Software and Open Source, is a social movement. Like other social movements, it advances its own ideas - in our case, ideas about software quality, competition, copyrights and patents as property. It's extremely unusual in that few other social movements make real products - the only thing that comes close to it in the social space is art. We have so far manufactured over Two Billion US dollars worth of software for everyone's free use. And the fact that we make real products has made us real enemies.
The most visible enemy today is SCO. But behind SCO stand more serious enemies like Microsoft, which has provided significant funds for SCO to pursue its war on Free Software.
This is a new phase in the SCO case, as the Open Source producers start to mount their own offensive. But I want to point out that the two current SCO cases, while they are expected to come out in our favor, will be disappointing for other reasons. The Free Software developers would like to see SCO's evidence, and expect it to be brought out for public view in these cases. That will not happen. Before SCO presents its evidence in either case, it will ask the judge for a protective order sealing that evidence from outside view. SCO will claim that they can not properly present their own case without such an order, and the judge will be disposed to grant it. If SCO could claim that it lost its case due to the constraint of not being able to present trade secrets and other proprietary information, that would be ammunition for SCO to overturn any unfavorable verdict on appeal. Judges generally don't like to create viable appeals for their own cases, and thus the protective order will be granted. So, don't expect to see any evidence during either case.
But we'll see the verdict, won't we? No. SCO has no reason to allow either of these cases to go to a verdict. Once it is clear that a verdict will be unfavorable, SCO will settle the case. Both IBM and Red Hat have the ability to decline a settlement and go for a definitive verdict - but will they? Both companies have a fiduciary responsibility to their stockholders, and of course litigation is expensive and uncertain in its outcome. And of course a settlement comes with its own confidentiality agreements. So, we on the outside may never see the terms upon which the two parties to the case settle their dispute.
Obviously, I encourage both IBM and Red Hat to go for a verdict. That would be useful to the Open Source developers, who have as a class been libeled and damaged. We can mount our own class action as a follow-on to a verdict in the the IBM and Red Hat cases much more easily than if we have to win the first case.
What would the Free Software developers ask for damages? The only salable asset of SCO, the Unix copyrights. This is something that Red Hat or others who sue SCO could ask for, as well. Now, we already own a superior product to any SCO Unix that has ever been shown, so we don't consider this an extremely valuable asset. But it would be a suitable close to the SCO story for the Unix copyrights to be transferred to the Free Software Foundation.
SCO has recently announced a so-called "license" for Linux. The absurdity of this should be obvious, but let's touch upon a legal aspect. Every party who enters into this license will be in violation of the GPL, and in infringement of the collective copyrights of the Linux and GNU system authors. As a customer, if you purchase the SCO license, you can be sued by every copyright holder who has contributed to the Linux kernel and other components of the system. You can be sued by IBM, by Red Hat, by me, by tens of thousands of people and companies. Of course, nobody's going to buy an license for software that SCO doesn't own anyway, so it's just hollow posturing.
But the most dangerous part of SCO is not the case itself, it's the fact that it distracts us from more dangerous threats. So my purpose here today is to urge everyone to start looking forward, and let those directly involved in the SCO cases resolve them while we pursue more important enemies.
SCO is nothing beside the threat that the Open Source developers face from software patents, a fight that we are losing badly. Next month, the European Community parliament is expected to vote for unified European software patenting. In its call for public comments leading up to this vote, the vast majority of replies opposed software patents. The survey takers rejected these comments because they were associated with the Open Source community. They justified that because Open Source was, in their words, "not economicaly significant". I'd like all of you from the press who have been attending this trade show to send a message to the EC Parliament that Open Source is very obviously economicaly significant.
The survey takers accepted the remaining few percent of comments, which called for software patenting, as valid, and declared the survey a mandate for software patenting in Europe. This is the situation we are facing there - all anti-software-patent arguments are simply rejected out of hand.
In addition, we've had a false-flag operation telling European parliament members that software patenting is acceptable for Open Source. That organization has proposed no protection for Open Source other than a passive monitoring of the damage to us and publication of reports about that damage.
[I have just been informed that some of its members have been able to convince that organization, Open Forum Europe, to change its direction. But perhaps that is too late to do any good. The European software patent vote is next month, and the damage is already done.]
Individual Open Source developers are simply not equipped to defend themselves against even the most simple software patent prosecution. The only option for them is to settle the case, regardless of its merits, by signing over their copyrights to the plaintiff, giving up significant funds and property as a monetary settlement, and ceasing Open Source development. Thus, the Open Source developer is vulnerable to even the most specious patent claims. Legal funds like that created recently by Red Hat would be exhausted quickly. The American Intellectual Property Law Association estimates that it costs Two Million US dollars to defend a single patent infringement case, twice the amount donated by Red Hat to its legal fund. So, we currently have half of the money necessary to win a single case, and we expect hundreds of them.
But we've not heard of software patent cases being pursued against free software, have we? This is because the patent holders have no wish to create bad news for themselves before they have laws passed in every nation where they need them. That's when the prosecutions can be expected to start. And these will be much more of a problem than SCO.
To give you an idea of the immediacy of this threat, we had reports prior to the SCO case that an embedded systems vendor had been solicited to assert its patents against Linux implementations. For obvious reasons, the embedded CEO isn't willing to come forward. He declined to pursue us, as unlike SCO they had a going business that would have been destroyed by the effort. But no doubt other patent holders have been found, and the form of the early cases will be similar to that of SCO, a small failing company with a big backer that is under competitive restraints and can't afford to pursue us directly.
Software patenting is especially problematical for us when royalty-bearing patents are inserted into industry standards. Since the free software developers are not compensated for their work, we can't afford to pass on any royalty whatsoever. When the World Wide Web Consortium proposed to embed royalty-generating patents in web standards, we were able to persuade them that this was a bad idea. That fight is being much more difficult with organizations like IETF, which accepts many royalty-bearing patent declarations without making a judgement regarding their validity or impact upon implementors.
And yet, a pro software patent agenda is being pursued by some of the largest and best partners we have in the Linux industry. IBM stands out in this regard. Obviously, IBM has done a lot for our community, and the very fact that IBM endorses our systems and distributes them so well to our many customers has helped us gain the economic significance that gets us taken seriously by standards organizations and legislators. At the same time, we have frequently found IBM taking an adversary position, one harmful to the open source developers, in patent policy discussions at standards organizations, and at governments here and abroad. There's no question that IBM is one of the major parties supporting the effort to expand software patenting to Europe. So, we're at the point, in the progress of Open Source, where we realize that we have very good friends who can still hurt us in significant ways if we don't push back against them. We must push back, or we will simply not survive the upcoming legal onslaught.
The fact is, none of our company partners other than Red Hat have even given us any assurance that we are safe from their own patents. IBM and HP, when confronted, have pointed out that they haven't sued any free software developers. We all know how frequently company managements change and we lose our friend in the front office. Thus, I'd sleep better if I could see something on paper that spells out just what sort of armistice we have with IBM, HP, and others.
If we can't get that, and of course we can't get it from every company, we will have to do something else. I am calling for all Open Source projects to incorporate mutual software patent defense terms into their licenses. Under these terms, if one Open Source developer is sued for patent infringement, all of the licenses of Open Source software used by the plaintiff terminate. If people are going to pursue us with software patents, the least we can do is make sure they don't profit from our software. Software patent mutual defense terms are in licenses being developed by Larry Rosen of the Open Source Initiative. These licenses are still evolving. There may be anti-trust problems with them that we haven't yet worked through. It may be a problem getting the Free Software Foundation to accept such terms, simply because they are uncomfortable with adding restrictions. But I think they can be won over to the idea.
Another of the problems we face today is the rise of "Proprietary Open Source". The best example of that is Red Hat Advanced Server. Red Hat is another great friend of Open Source, one of the best we've had, who happens to have a policy problem we need to talk about. As Open Source becomes more popular in business, expect this - good friends with which we need to have a dialogue.
Let's think about the advantages that bring people to Open Source - one of the big ones is the ability to go to multiple competing service vendors for a product, which increases the quality and lower costs of those service vendors. The license terms of the Red Hat Advanced Server customer agreement pretty much lock the customer into Red Hat service. Service bulletins are under a confidentiality agreement, and if you release Red Hat's service information to other vendors, they'll terminate your service. According to the advice of several attorneys that I've contacted, the agreement is within the letter of the GPL, but outside of its spirit. And companies seem to be diving into this because Advanced Server is Oracle certified. It seems silly for Oracle to be the arbiter of what distributions are acceptable to business - only a tiny fraction of these systems actually run Oracle, and Oracle is technically quite capable of supporting any Linux Standard Base compliant system.
In this situation, the companies seem to be jumping headlong into another Microsoft model. Of course, Red Hat wouldn't ever really become another Microsoft, and I don't really like to compare the two companies in the same sentence. But the point is that companies are discarding an important part of the Open Source model without realizing what benefits they are going to lose.
Another problem we face is that Open Source users are being denied access to popular culture. We can't legally play DVD discs using Open Source software today. I once went to do a DVD demonstration, showing how you could technically use Linux to play a DVD but it wasn't legal, but was convinced not to do so by my then employer, HP. They would have had to fire me immediately because they did not want to become a scapegoat for the movie and music companies (a reasonable concern on their part), and I might have gotten a $500,000 fine under DMCA. Just for playing the disc I paid for in my own computer. The problem is that modifiable software, any Open Source that plays their media, is considered a theft tool by the movie and music companies, because someone could modify it to tap the unencrypted data stream, and could then upload the data to the net. But I think we need to prosecute the people who commit that crime, not the software tool makers who only want to play legitimately purchased media using Mozilla, Linux, other Open Source. This is going to be much more of a problem with the rise of Palladium, because most web pages will eventually be protected by DRM to prevent source viewing, printing, and saving. The web sites want to charge you for printing, etc., so they will go for that. When you can't use Mozilla to view a web site, Open Source becomes an uncommunicating island, and nobody will be able to use it.
Q So say you're an IT Manager and you've successfully added Linux and Open Source software to your organization and its running with other proprietary software from IBM...Bruce interjects "and Open Source and proprietary software should be running together..."
Q Right
BP - Yeah
But, should you be worried about this
BP - Okay, at this stage you as an IS customer should be putting pressure upon your vendors asking them What are you guys doing to ensure the future viability of Linux and Open Source in the face of software patents, trusted systems, etc (software patents and trusted systems are the most important ones) and be prepared to get a somewhat equivocating answer because, as we know, IBM - great friend and one we want to keep, is the biggest technology patent holder and the technology patent department of IBM is an independent fiefdom. It is able to override the Linux department on some patent decisions. And that's sort of what IBM is like. I guess they're still a silo organization internally, so software patenting in IBM doesn't have to respond to Linux. The only place you will get that decision made is at the CEOs office and the customer should applying enough pressure on its vendors that it gets there. As an IS person, hey we've given you a great deal. We've made it a lot easier and cheaper for you to operate your operation and now is your vendor going to protect this or not.
Bob (Mcmillan) - Can you tell me what specific areas of patents IBM holds?
BP - IBM holds a good many software patents. Although, software patents aren't the major revenue maker, hardware patents are the major revenue maker for them right now but you can look at their standards declarations to IETF for examples where there's one place on the IETF Website where you can see standards declarations where companies have said "We have patent in this space and we will make it available for use in this standard under and I quote "reasonable and non-discriminatory terms." The problem is that the reasonable and non-discriminatory terms are only reasonable if you're not an Open Source developer because there may be a 3 or 5 percent royalty or something. First of all, we don't even know what our stuff costs. Secondly, we can't pay anything. The Open Source developers outside of the big companies are not being compensated for their work. All they are asking is that they don't have to pay other people.
Bob - So, you're saying that by IETF standards Open Source could face some software patent vulnerabilities?
BP - There are already software patent vulnerabilities in Open Source implementations of IETF standards. There are potentially one or two in W3C standards because of working groups that were in progress before the existing patent policy was advanced. So, even there I think VoiceXML is an example of early significant patent impact.
Q - Before Europe can be addressed, what about the Asian community- China specifically?
BP - I can't admit to know much about what is going on in China. I just got invited over so maybe I'll be able to learn some more by some of the national standards organization people there.
Q - Are you seeing the same kind of problems regarding patents?
BP - Well, Japan in 2002 passed software patenting laws and they're a little better than us. You know everyone says, well we're not doing US style software patenting. That means they're not doing business method patenting. That really doesn't help us very much. In the case of Japan, they've passed a pretty good reexamination system. The US has a new reexamination system since I think last year. I don't think its gotten tested out very much so we don't know if it's any good. And in Europe I hope there's a good reexamination system where you can get patents reexamined outside of the courts. Let's take for example the "RIM systems" news that happened this morning. It happens I'm a radio ham. I did Internet email on ham packet radio before 1992 when this patent filed. In fact, in 1981 we were using another protocol other than TCP/IP and using email as the major application of packet radio. So, when RIM goes to reexamine this particular patent, they will probably win. But we have to test how well that system works. And we know the way patents are originally examined is just terribly poor in the United States.
DOC: Two things. Is your speech going to be online?
BP - The part I typed. I'm going to have to sit down and type the rest that I didn't get a chance to type this morning. This is going to be very interesting because I want to see what I get back. Because I've tried to make it very clear. Hey, IBM you're a big friend but we've got a problem with you. Hey Red Hat, your not quite following the ethos anymore, but we know how good a friend you are. And I think it's really important to get that dialogue going. And so I'd like to see whether you and the other people in the press can sort of keep this moving.
DOC: The other thing...with Larry "Lessek" lending his blogger notes to Howard Dean for a while...Is I think there's a real opportunity here to take the current political season and make the most of it if we play our political cards right. I'm wondering what your thoughts are on that.
BP - There have been a lot of calls to integrate Open Source into a much larger political agenda. This is something that must be done extremely carefully because obviously we wouldn't want to be friends with everyone and we would not want to base all our hopes on a single candidate. Although we may have the urge to do so. You know, Valerie was after me to run for Governor of California and I told here I didn't want to compete with the "Govenator" (Arnold Swartzenegger) or that model. But, I think it is time to integrate Open Source into a larger political dialogue about Freedom and you just have to be careful exactly how we do it and that we remain friendly and acceptable to all sides of a broader political argument.
Q = As the topic circulates in the public policy realm and as you've outlined in your bullet points that we don't have the resources (i.e. the dollars) and players like IBM and others have pretty big economic packages to sway one way or the other on this topic - are there corporate customers who have embraced Open Source that can be brought into the dialogue.
BP - Yeah, actually this organization the OSAIA that we talked about at the beginning of this speech is a very good place for those customers to have their forum. Actually, I once sat down with the acting CTO of Federal Express. That was not his title but that's what he did, and so he sat me down and explained how important Open Source was to FedEx and I thought I'd died and gone to heaven. And we have no forum right now for that person that is effective. We're hoping that OSAIA can help us establish that forum. The other thing is that you know in general software customers are not standing up to their vendors. On a whole lot of issues. There are a lot of proprietary issues where the software customer knows they're being fed an addiction model of purchasing. You know, buy from one vendor and then stop and nothing else works with your products. Why are they not pushing back against that. And you know organizations like OSAIA might be good to help with that as well.
Q - So, you're curious why companies don't stand up to their vendors?
BP - Well, its because they don't care enough
Q - Because they don't have the money enough to?
BP - No, that's not really true. If you look at what they've been losing as far as a large corporation or a government agency with a Microsoft relationship they could have easily thrown $100,000 towards this cause. It's a matter where is there leadership there that values that rather than feeling that its money just wasted. So, we haven't got that yet and we have to get it. This is something for all customers and it transcends Open Source.
Q - So, this is the fight between the guys in the server room and the boardroom. You know the guys in the server room would love to add the latest Open Source product.
BP - Yeah, we've actually done a really good with that particular fight. I 'm actually trusting the guys in the front office to know what their fiduciary interest is. So, I don't have quite as big a problem with that. If their company is hem ridging money on IS, as many of our companies and governments are, its really up to them to take steps to resolve the problem. We just have to provide them a little leadership to do so.
Q - Which companies are parts of the OSAIA right now?
BP - I don't want to say right now. We haven't really had the formal launch and until then I'd rather not say so. But I saw 3 or 4 really big companies and a bunch of smaller very important companies on the list as well. For example, I'm still Director of the Desktop Linux Consortium and we're there. But I just don't want to go into listing who's on before we give them a chance to get on.
Q - I was reading in the Wall Street Journal the other day that Linux is undergoing DOD certification.
BP - Its common criteria. Its great. It happens that it's only SuSe. But I'm hoping that it will lead to other products getting certified. With another organization we're working on certifying some of the other open source software. For example, we have a cert of Open SSL that will be usable by any distribution. It happens that HP is one of the major sponsors of that. Now IBM was the major sponsor, SuSe the minor sponsor of this common criteria cert. Now here are places, where these guys are helping us and we appreciate it. We just want to have a dialogue on the places where they are not.
Q - SuSe is very popular in Europe isn't it?
SuSe is very popular in Europe and it is a technically good distribution. I am concerned whether or not hey can maintain their financial independence. You know when IBM owns Red Hat and Novell owns SuSe, or whatever, I worry if things are going to be quite so nice as they are today. I have friends at IBM and Novell but they're big companies and they have the concerns of great companies.
Q - Seems like there will always be tension for large companies looking to make a profit and Open Source policy. How do you see this in terms of sponsorship in OSAIA?
BP - I think that there are some vendors with a conflict of interest who'll never join this. We also have this interesting situation where most of these companies are already in CompTIA, which operates the initiative for software choice, which operates against open source lobby in government. There are members of AEA, which was a major part in killing an open source bill in Oregon. So they've already got conflicts. And we should point them out so we can encourage them to join this organization and have them talk out of both sides of their mouth successfully :-). There will be continuing tension. And that's what political life is all about. You don't want it to be the leftist nirvana nor the capitalist land Barron nirvana. You want it to be somewhere in between where most people are reasonably well served and no one is happy with the compromise. And that is what we'll get.