Tangled in the Threads
Jon Udell, July 27, 2001Lawyers and Geeks
Microsoft, Open Source, and software licensing
The debate about GPL vs shared source broadly affects the health of the Internet ecosystemIt's been an interesting week here at the O'Reilly Open Source Conference in San Diego. On Wednesday, there were back-to-back presentations by Microsoft's Dave Stutz on the shared-source implementation of the .NET Common Language Infrastructure (CLI), and by Ximian's Miguel de Icaza on Mono, an open-source implementation of the CLI.
The CLI is one of the core pieces of software infrastructure widely discussed here this week. Web services are another -- including the SOAP and XML-RPC transports, but also identity management a la Passport. I've long argued that the open source community must "embrace and extend" these technologies for two reasons:
They embody the right principles needed to advanced networked software.
They are too important to be controlled by Microsoft.
As you'd expect, the open source hackers who attend this conference harbor deep suspicions about the nature of the standards, licensing, and patent arrangements surrounding this stuff. As I mentioned a few weeks ago, the Mono FAQ warned would-be contributors to steer clear of the shared-source CLI, in order to avoid possible legal entanglements. Stutz, however, asserts that Microsoft wants to assure "taintless viewing" of the source code, and that it can indeed be used as an implementation guide to jumpstart alternative CLI implementations.
Why do we need alternative implementations? The health of the software ecosystem requires it. The Java Virtual Machine (JVM) aims to enable software to flow into new network configurations. But the JVM allied itself with one programming language, Java, and in the networked era, software development is more than ever a game of multiple programming languages and seamless use of components.
In his talk on Mono, de Icaza described the two techniques used so far in the GNOME project for cross-language componentry: language bindings, and CORBA interfaces. Language bindings allow fine granularity, but require careful planning and coordination which retards the pace of development. CORBA interfaces can enable things to happen more spontaneously, but at coarser granularity. The CLI approach, which blurs the distinction between programming-language objects and language-neutral components, is -- de Icaza has concluded -- simply correct. "Fresh air for developers," he calls it.
Mono is, as de Icaza admits, currently vaporware. The Microsoft shared-source implementation isn't ready yet either. Even so, I felt I was witnessing an historic moment. On both sides of the fence, important cultural changes are trying to happen. Open source hackers who mainly want to scratch their own itches are being invited -- by one of their leading luminaries -- to implement something that's been specified by Microsoft, rather than invent a completely new alternative. And Microsoft, for its part, is trying to create what Stutz calls "a corner of the open source community," a place where hackers can create and use that implementation on terms acceptable to them. Stutz and de Icaza say that they are on friendly terms. I believe them, and I wish them well as they try to draw their respective communities into a more fruitful collaboration.
The Mundie/Tiemann debate
The main event of the show was the debate between Microsoft's Craig Mundie and Red Hat's Michael Tiemann. Inflammatory remarks made recently by Mundie, and by Jim Allchin -- widely reported as an attack on open source software -- provided the context for the debate. In his introduction, Tim O'Reilly -- perhaps the only person who could have orchestrated such an event -- took a refrain from The Cluetrain Manifesto. "Markets are conversations," he said, "and one of the most important conversations at the moment is about proprietary versus open software."
Microsoft is a company that pays attention to its competitors, learns from them, and adapts to them. That Microsoft sees open source software as a competitive threat was made abundantly clear in the 1998 "Halloween document." It acknowledged the power of the collaborative methods that characterize open source development, and of the open protocols that sustain it.
Sure enough, a few years later, we see Microsoft actively engaged in a flurry of standards activities that, O'Reilly said, represent bold advances and an ambitious attempt to define the next Internet architecture. "Everybody laughed at Windows 1.0," he said, "but they eventually got it right. This time, we want to help them get it right."
Mundie then bravely entered the lion's den. Microsoft, he said, has no beef with open source software per se. It's one part of the software ecosystem, Microsoft another. There are reasons to have software projects live in an intellectual commons, available for study and experimentation as well as commercial use. There are also reasons to have software businesses that generate billions of dollars of tax and export revenue. The goal, says Mundie, is to ensure that there is "informed choice" when people consider the spectrum of source-licensing options that can apply to software development.
Microsoft is unapologetically a software business that depends on strong protection of intellectual property. As such, it opposes the GNU GPL (General Public License), which Mundie's speech on May 3 characterized this way:
The GPL mandates that any software that incorporates source code already licensed under the GPL will itself become subject to the GPL. When the resulting software product is distributed, its creator must make the entire source code base freely available to everyone, at no additional charge. This viral aspect of the GPL poses a threat to the intellectual property of any organization making use of it. It also fundamentally undermines the independent commercial software sector because it effectively makes it impossible to distribute software on a basis where recipients pay for the product rather than just the cost of distribution.
At this week's debate, the rhetoric was toned down considerably, but the message was the same. Microsoft and the GPL are, and will remain, very far apart. That said, Microsoft does recognize a number of valid reasons to share its source. Customers, he said, relish the opportunity to interact more directly with the code, and with Microsoft's developers. There are legitimate reasons to offer a range of source licenses for specific business relationships, as well as to nourish the intellectual commons.
Then it was Michael Tiemann's turn. And he pulled no punches. "There is no reality to shared source," he jabbed. "Not unlike the alternative minimum tax, it is neither alternative nor minimum." It is, he said, not a license but a treaty, designed to buy Microsoft time to quell a "civil war" within the company fueled by recognition of the technical superiority of open source.
Microsoft writes strong proprietary licenses, he said, but the GPL is an equally strong free license. "Red Hat benefits by not being excluded from the market. We are healthy -- profitable ahead of schedule -- who says the GPL is bad for business?"
Building, and governing, the next Internet
Despite the high stakes and heated nature of this debate, the panel discussion that followed was diverse and rational. And it broadened to include some larger issues which the source-licensing debate tends to obscure. One of the most thoughtful comments came from Mitchell Baker, the Mozilla "Lizard-wrangler." Among the choices we need, she said, is the choice of leadership. We are fast moving into a world in which "vast amounts of software and information flows will be controlled by Microsoft," and in which a lot of innovation will be increasingly "filtered through its business plan." Open source is much more than a licensing arrangement, it's a breeding ground for innovation through experimentation, and the health of the entire system requires us to find ways for more such experiments to succeed.
The writer Clay Shirky asked point-blank: "Can I have a roundtrip HailStorm transaction without phoning home to Microsoft?" Yes, said Dave Stutz, that will be possible (though, he added, many people will want to take advantage of Passport authetication). Added Mundie: "Once we publish the protocols and schemas, I don't know why others can't use them as they wish."
Brian Behlendorf, of Apache and CollabNet, voiced broad concerns about centralization of the identity management piece of the HailStorm/.NET architecture, and about the degree to which Microsoft's patents -- if not its licensing strategies -- might hinder open use of these technologies.
Clay's and Brian's questions were crucial for me too, and I reiterated them in the press conference that followed the event. I am not a lawyer, so I am not the person to evaluate the answers that I got, but I can report what Dave Stutz told me. Yes, he said, it will be possible for other identity managers to federate with HailStorm/.NET. And no, he said, there is not any intention to use CLI or HailStorm patents in a restrictive or exclusionary way.
Clearly, we'll have to wait and see -- but not for long, I hope. The conversation that began here this week is vital to us all. Technology is pushing our culture, and our global economy, into new configurations that our legal and political systems are ill-equipped to handle. The Internet architecture that's being laid down right now is a high-stakes game, and it will affect us all in profound ways. It's going to be a rough ride, frankly, and we're going to need all the help we can get, from all of the players.
Jon Udell (http://udell.roninhouse.com/) was BYTE Magazine's executive editor for new media, the architect of the original www.byte.com, and author of BYTE's Web Project column. He is the author of Practical Internet Groupware, from O'Reilly and Associates. Jon now works as an independent Web/Internet consultant. His recent BYTE.com columns are archived at http://www.byte.com/index/threads
This work is licensed under a Creative Commons License.