|| ||firstname.lastname@example.org (Bruce Perens)|
|| ||Open Source "State of the Union" address|
|| ||Thu, 7 Aug 2003 07:21:29 -0700|
Good Morning, and thanks for coming.
I'd like to go over near future challenges for Free and Open Source
software, Linux and the GNU system. Before that, please allow me a few
minutes to talk about my sponsor, a very interesting Open Source product
in itself, my book series with Prentice Hall PTR publishing.
The Bruce Perens Open Source Series of books now has 4 titles in print,
and three more are on the way. The text of these books is under an Open
Source license, and the books are released online in "source" form a few
months after the release of the printed version. Yet, these books make
as much money for the publisher as non-Open-Source books. At this show,
we're introducing two titles: "Intrusion Detection with SNORT, Apache,
MySQL, PHP, and ACID", by Rafeeq Rehman, and "Managing Linux Systems
with Webmin", by Jamie Cameron. We're also announcing the availability of
online "source-code", actually the word-processor files and illustrations,
for our first two books, "The Linux Development Platform", also by Rehman,
and "Embedded Software Development with eCos", by Anthony Massa. Unlocked
PDF versions of these books are also available. All of the files are at
With the source now released under terms that allow duplication and sale,
these books need never die. Even if the publisher and authors were to lose
interest, any Open Source maintainer could keep the books in print. This
is especially important for the eCos book, which is the only title in
Our three upcoming books are: "Implementing CIFS: The Common Internet
File System", by Chris Hertel. CIFS is the protocol of Samba, the file
and printer sharing program that is compatible with Microsoft, Unix,
and Linux systems. "The Official Samba 3 How-To and Reference Guide",
by John Terpstra and others, is the manual for the next generation of the
Samba software, and "Rapid Application Development with Mozilla and XML",
by Nigel McFarlane, one of the Mozilla core team. The book tells you how
to use Mozilla's GUI toolkit to create complex browser-based applications.
On to the rest of the speech.
<<< I introduced OSAIA, a new lobbying organization for Open Source, and Jamie,
their general counsel, spoke for a few minutes. I don't have a transcript
of that, but please see www.osaia.org . These are professionals spinning
off of CCIA (see www.ccianet.org) with about a dozen staff, half of which
are lobbyists, and offices in Washington DC, Brussels, elsewhere. They are
the first real lobbying organization for Open Source, and it's an essential
project since ill-thought-out legislation, things like UCITA or software
patenting, are one of the most serious perils that we face. >>>
This is a "Linux" show, focusing upon a product. But the real subject
of this trade show, Free Software and Open Source, is a social
movement. Like other social movements, it advances its own ideas -
in our case, ideas about software quality, competition, copyrights and
patents as property. It's extremely unusual in that few other social
movements make real products - the only thing that comes close to it in
the social space is art. We have so far manufactured over Two Billion
US dollars worth of software for everyone's free use. And the fact that
we make real products has made us real enemies.
The most visible enemy today is SCO. But behind SCO stand more serious
enemies like Microsoft, which has provided significant funds for SCO to
pursue its war on Free Software.
This is a new phase in the SCO case, as the Open Source producers start
to mount their own offensive. But I want to point out that the two
current SCO cases, while they are expected to come out in our favor,
will be disappointing for other reasons. The Free Software developers
would like to see SCO's evidence, and expect it to be brought out for
public view in these cases. That will not happen. Before SCO presents
its evidence in either case, it will ask the judge for a protective order
sealing that evidence from outside view. SCO will claim that they can not
properly present their own case without such an order, and the judge will
be disposed to grant it. If SCO could claim that it lost its case due
to the constraint of not being able to present trade secrets and other
proprietary information, that would be ammunition for SCO to overturn any
unfavorable verdict on appeal. Judges generally don't like to create
viable appeals for their own cases, and thus the protective order will
be granted. So, don't expect to see any evidence during either case.
But we'll see the verdict, won't we? No. SCO has no reason to allow either
of these cases to go to a verdict. Once it is clear that a verdict will
be unfavorable, SCO will settle the case. Both IBM and Red Hat have
the ability to decline a settlement and go for a definitive verdict -
but will they? Both companies have a fiduciary responsibility to their
stockholders, and of course litigation is expensive and uncertain in its
outcome. And of course a settlement comes with its own confidentiality
agreements. So, we on the outside may never see the terms upon which
the two parties to the case settle their dispute.
Obviously, I encourage both IBM and Red Hat to go for a verdict. That
would be useful to the Open Source developers, who have as a class been
libeled and damaged. We can mount our own class action as a follow-on
to a verdict in the the IBM and Red Hat cases much more easily than if
we have to win the first case.
What would the Free Software developers ask for damages? The only
salable asset of SCO, the Unix copyrights. This is something that Red
Hat or others who sue SCO could ask for, as well. Now, we already own a
superior product to any SCO Unix that has ever been shown, so we don't
consider this an extremely valuable asset. But it would be a suitable
close to the SCO story for the Unix copyrights to be transferred to the
Free Software Foundation.
SCO has recently announced a so-called "license" for Linux. The absurdity
of this should be obvious, but let's touch upon a legal aspect. Every
party who enters into this license will be in violation of the GPL,
and in infringement of the collective copyrights of the Linux and GNU
system authors. As a customer, if you purchase the SCO license, you
can be sued by every copyright holder who has contributed to the Linux
kernel and other components of the system. You can be sued by IBM, by
Red Hat, by me, by tens of thousands of people and companies. Of course,
nobody's going to buy an license for software that SCO doesn't own anyway,
so it's just hollow posturing.
But the most dangerous part of SCO is not the case itself, it's the
fact that it distracts us from more dangerous threats. So my purpose
here today is to urge everyone to start looking forward, and let those
directly involved in the SCO cases resolve them while we pursue more
SCO is nothing beside the threat that the Open Source developers face
from software patents, a fight that we are losing badly. Next month, the
European Community parliament is expected to vote for unified European
software patenting. In its call for public comments leading up to this
vote, the vast majority of replies opposed software patents. The survey
takers rejected these comments because they were associated with the
Open Source community. They justified that because Open Source was, in
their words, "not economicaly significant". I'd like all of you from the
press who have been attending this trade show to send a message to the
EC Parliament that Open Source is very obviously economicaly significant.
The survey takers accepted the remaining few percent of comments, which
called for software patenting, as valid, and declared the survey a
mandate for software patenting in Europe. This is the situation we are
facing there - all anti-software-patent arguments are simply rejected
out of hand.
In addition, we've had a false-flag operation telling European parliament
members that software patenting is acceptable for Open Source. That
organization has proposed no protection for Open Source other than
a passive monitoring of the damage to us and publication of reports
about that damage.
[I have just been informed that some of its members have been able to
convince that organization, Open Forum Europe, to change its direction.
But perhaps that is too late to do any good. The European software patent
vote is next month, and the damage is already done.]
Individual Open Source developers are simply not
equipped to defend themselves against even the most simple software patent
prosecution. The only option for them is to settle the case, regardless
of its merits, by signing over their copyrights to the plaintiff, giving
up significant funds and property as a monetary settlement, and ceasing
Open Source development. Thus, the Open Source developer is vulnerable
to even the most specious patent claims. Legal funds like that created
recently by Red Hat would be exhausted quickly. The American Intellectual
Property Law Association estimates that it costs Two Million US dollars
to defend a single patent infringement case, twice the amount donated
by Red Hat to its legal fund. So, we currently have half of the money
necessary to win a single case, and we expect hundreds of them.
But we've not heard of software patent cases being pursued against free
software, have we? This is because the patent holders have no wish to
create bad news for themselves before they have laws passed in every
nation where they need them. That's when the prosecutions can be expected
to start. And these will be much more of a problem than SCO.
To give you an idea of the immediacy of this threat, we had reports prior
to the SCO case that an embedded systems vendor had been solicited to
assert its patents against Linux implementations. For obvious reasons,
the embedded CEO isn't willing to come forward. He declined to pursue us,
as unlike SCO they had a going business that would have been destroyed
by the effort. But no doubt other patent holders have been found, and
the form of the early cases will be similar to that of SCO, a small
failing company with a big backer that is under competitive restraints
and can't afford to pursue us directly.
Software patenting is especially problematical for us when royalty-bearing
patents are inserted into industry standards. Since the free software
developers are not compensated for their work, we can't afford to pass
on any royalty whatsoever. When the World Wide Web Consortium proposed
to embed royalty-generating patents in web standards, we were able to
persuade them that this was a bad idea. That fight is being much more
difficult with organizations like IETF, which accepts many royalty-bearing
patent declarations without making a judgement regarding their validity
or impact upon implementors.
And yet, a pro software patent agenda is being pursued by some of the
largest and best partners we have in the Linux industry. IBM stands out
in this regard. Obviously, IBM has done a lot for our community, and
the very fact that IBM endorses our systems and distributes them so well
to our many customers has helped us gain the economic significance that
gets us taken seriously by standards organizations and legislators. At
the same time, we have frequently found IBM taking an adversary position,
one harmful to the open source developers, in patent policy discussions
at standards organizations, and at governments here and abroad. There's
no question that IBM is one of the major parties supporting the effort
to expand software patenting to Europe. So, we're at the point, in the
progress of Open Source, where we realize that we have very good friends
who can still hurt us in significant ways if we don't push back against
them. We must push back, or we will simply not survive the upcoming
The fact is, none of our company partners other than Red Hat have even
given us any assurance that we are safe from their own patents. IBM and
HP, when confronted, have pointed out that they haven't sued any free
software developers. We all know how frequently company managements change
and we lose our friend in the front office. Thus, I'd sleep better if I
could see something on paper that spells out just what sort of armistice
we have with IBM, HP, and others.
If we can't get that, and of course we can't get it from every company,
we will have to do something
else. I am calling for all Open Source projects to incorporate mutual
software patent defense terms into their licenses. Under these
terms, if one Open Source developer is sued for patent infringement,
all of the licenses of Open Source software used by the plaintiff terminate.
If people are going to pursue us with software patents, the least we can do
is make sure they don't profit from our software. Software patent mutual
defense terms are in licenses being developed by Larry Rosen of the Open
Source Initiative. These licenses are still evolving. There may be anti-trust
problems with them that we haven't yet worked through. It may be a problem
getting the Free Software Foundation to accept such terms, simply because
they are uncomfortable with adding restrictions. But I think they can be
won over to the idea.
Another of the problems we face today is the rise of "Proprietary Open
Source". The best example of that is Red Hat Advanced Server. Red Hat is
another great friend of Open Source, one of the best we've had, who happens
to have a policy problem we need to talk about. As Open Source becomes
more popular in business, expect this - good friends with which we need to
have a dialogue.
Let's think about the advantages that bring people to Open Source -
one of the big ones is the ability to go to multiple competing service
vendors for a product, which increases the quality and lower costs
of those service vendors. The license terms of the Red Hat Advanced
Server customer agreement pretty much lock the customer into Red Hat
service. Service bulletins are under a confidentiality agreement, and
if you release Red Hat's service information to other vendors, they'll
terminate your service. According to the advice of several attorneys
that I've contacted, the agreement is within the letter of the GPL, but
outside of its spirit. And companies seem to be diving into this because
Advanced Server is Oracle certified. It seems silly for Oracle to be the
arbiter of what distributions are acceptable to business - only a tiny
fraction of these systems actually run Oracle, and Oracle is technically
quite capable of supporting any Linux Standard Base compliant system.
In this situation, the companies seem to be jumping headlong into another
Microsoft model. Of course, Red Hat wouldn't ever really become another
Microsoft, and I don't really like to compare the two companies in the same
sentence. But the point is that companies are discarding an important part
of the Open Source model without realizing what benefits they are going to
Another problem we face is that Open Source users are being denied access
to popular culture. We can't legally play DVD discs using Open Source software
today. I once went to do a DVD demonstration, showing how you could technically
use Linux to play a DVD but it wasn't legal, but was convinced not to do so
by my then employer, HP. They would have had to fire me immediately because
they did not want to become a scapegoat for the movie and music companies (a
reasonable concern on their part), and I might have gotten a $500,000 fine
under DMCA. Just for playing the disc I paid for in my own computer. The
problem is that modifiable software, any Open Source that plays their media,
is considered a theft tool by the movie and music companies, because someone
could modify it to tap the unencrypted data stream, and could then upload
the data to the net. But I think we need to prosecute the people who commit
that crime, not the software tool makers who only want to play legitimately
purchased media using Mozilla, Linux, other Open Source. This is going to be
much more of a problem with the rise of Palladium, because most web pages
will eventually be protected by DRM to prevent source viewing, printing, and
saving. The web sites want to charge you for printing, etc., so they will go
for that. When you can't use Mozilla to view a web site, Open Source becomes
an uncommunicating island, and nobody will be able to use it.
Questions and Answers
Q So say you're an IT Manager and you've successfully added Linux and
Open Source software to your organization and its running with other
proprietary software from IBM...Bruce interjects "and Open Source and
proprietary software should be running together..."
BP - Yeah
But, should you be worried about this
BP - Okay, at this stage you as an IS customer should be putting pressure
upon your vendors asking them What are you guys doing to ensure the
future viability of Linux and Open Source in the face of software patents,
trusted systems, etc (software patents and trusted systems are the most
important ones) and be prepared to get a somewhat equivocating answer
because, as we know, IBM - great friend and one we want to keep, is the
biggest technology patent holder and the technology patent department of
IBM is an independent fiefdom. It is able to override the Linux department
on some patent decisions. And that's sort of what IBM is like. I guess
they're still a silo organization internally, so software patenting in
IBM doesn't have to respond to Linux. The only place you will get that
decision made is at the CEOs office and the customer should applying
enough pressure on its vendors that it gets there. As an IS person, hey
we've given you a great deal. We've made it a lot easier and cheaper for
you to operate your operation and now is your vendor going to protect
this or not.
Bob (Mcmillan) - Can you tell me what specific areas of patents IBM holds?
BP - IBM holds a good many software patents. Although, software patents
aren't the major revenue maker, hardware patents are the major revenue
maker for them right now but you can look at their standards declarations
to IETF for examples where there's one place on the IETF Website where you
can see standards declarations where companies have said "We have patent
in this space and we will make it available for use in this standard
under and I quote "reasonable and non-discriminatory terms." The problem
is that the reasonable and non-discriminatory terms are only reasonable
if you're not an Open Source developer because there may be a 3 or 5
percent royalty or something. First of all, we don't even know what our
stuff costs. Secondly, we can't pay anything. The Open Source developers
outside of the big companies are not being compensated for their work. All
they are asking is that they don't have to pay other people.
Bob - So, you're saying that by IETF standards Open Source could face
some software patent vulnerabilities?
BP - There are already software patent vulnerabilities in Open Source
implementations of IETF standards. There are potentially one or two in
W3C standards because of working groups that were in progress before the
existing patent policy was advanced. So, even there I think VoiceXML is
an example of early significant patent impact.
Q - Before Europe can be addressed, what about the Asian community-
BP - I can't admit to know much about what is going on in China. I just
got invited over so maybe I'll be able to learn some more by some of
the national standards organization people there.
Q - Are you seeing the same kind of problems regarding patents?
BP - Well, Japan in 2002 passed software patenting laws and they're a
little better than us. You know everyone says, well we're not doing
US style software patenting. That means they're not doing business
method patenting. That really doesn't help us very much. In the case
of Japan, they've passed a pretty good reexamination system. The US
has a new reexamination system since I think last year. I don't think
its gotten tested out very much so we don't know if it's any good. And
in Europe I hope there's a good reexamination system where you can get
patents reexamined outside of the courts. Let's take for example the
"RIM systems" news that happened this morning. It happens I'm a radio
ham. I did Internet email on ham packet radio before 1992 when this patent
filed. In fact, in 1981 we were using another protocol other than TCP/IP
and using email as the major application of packet radio. So, when RIM
goes to reexamine this particular patent, they will probably win. But
we have to test how well that system works. And we know the way patents
are originally examined is just terribly poor in the United States.
DOC: Two things. Is your speech going to be online?
BP - The part I typed. I'm going to have to sit down and type the rest
that I didn't get a chance to type this morning. This is going to be very
interesting because I want to see what I get back. Because I've tried to
make it very clear. Hey, IBM you're a big friend but we've got a problem
with you. Hey Red Hat, your not quite following the ethos anymore, but
we know how good a friend you are. And I think it's really important
to get that dialogue going. And so I'd like to see whether you and the
other people in the press can sort of keep this moving.
DOC: The other thing...with Larry "Lessek" lending his blogger notes
to Howard Dean for a while...Is I think there's a real opportunity here
to take the current political season and make the most of it if we play
our political cards right. I'm wondering what your thoughts are on that.
BP - There have been a lot of calls to integrate Open Source into a
much larger political agenda. This is something that must be done
extremely carefully because obviously we wouldn't want to be friends
with everyone and we would not want to base all our hopes on a single
candidate. Although we may have the urge to do so. You know, Valerie
was after me to run for Governor of California and I told here I didn't
want to compete with the "Govenator" (Arnold Swartzenegger) or that
model. But, I think it is time to integrate Open Source into a larger
political dialogue about Freedom and you just have to be careful exactly
how we do it and that we remain friendly and acceptable to all sides of
a broader political argument.
Q = As the topic circulates in the public policy realm and as you've
outlined in your bullet points that we don't have the resources (i.e. the
dollars) and players like IBM and others have pretty big economic packages
to sway one way or the other on this topic - are there corporate customers
who have embraced Open Source that can be brought into the dialogue.
BP - Yeah, actually this organization the OSAIA that we talked about at
the beginning of this speech is a very good place for those customers
to have their forum. Actually, I once sat down with the acting CTO of
Federal Express. That was not his title but that's what he did, and so
he sat me down and explained how important Open Source was to FedEx and
I thought I'd died and gone to heaven. And we have no forum right now
for that person that is effective. We're hoping that OSAIA can help
us establish that forum. The other thing is that you know in general
software customers are not standing up to their vendors. On a whole
lot of issues. There are a lot of proprietary issues where the software
customer knows they're being fed an addiction model of purchasing. You
know, buy from one vendor and then stop and nothing else works with
your products. Why are they not pushing back against that. And you know
organizations like OSAIA might be good to help with that as well.
Q - So, you're curious why companies don't stand up to their vendors?
BP - Well, its because they don't care enough
Q - Because they don't have the money enough to?
BP - No, that's not really true. If you look at what they've been
losing as far as a large corporation or a government agency with a
Microsoft relationship they could have easily thrown $100,000 towards
this cause. It's a matter where is there leadership there that values
that rather than feeling that its money just wasted. So, we haven't got
that yet and we have to get it. This is something for all customers and
it transcends Open Source.
Q - So, this is the fight between the guys in the server room and the
boardroom. You know the guys in the server room would love to add the
latest Open Source product.
BP - Yeah, we've actually done a really good with that particular
fight. I 'm actually trusting the guys in the front office to know what
their fiduciary interest is. So, I don't have quite as big a problem
with that. If their company is hem ridging money on IS, as many of our
companies and governments are, its really up to them to take steps to
resolve the problem. We just have to provide them a little leadership
to do so.
Q - Which companies are parts of the OSAIA right now?
BP - I don't want to say right now. We haven't really had the formal
launch and until then I'd rather not say so. But I saw 3 or 4 really big
companies and a bunch of smaller very important companies on the list
as well. For example, I'm still Director of the Desktop Linux Consortium
and we're there. But I just don't want to go into listing who's on before
we give them a chance to get on.
Q - I was reading in the Wall Street Journal the other day that Linux
is undergoing DOD certification.
BP - Its common criteria. Its great. It happens that it's only SuSe. But
I'm hoping that it will lead to other products getting certified. With
another organization we're working on certifying some of the other
open source software. For example, we have a cert of Open SSL that will
be usable by any distribution. It happens that HP is one of the major
sponsors of that. Now IBM was the major sponsor, SuSe the minor sponsor
of this common criteria cert. Now here are places, where these guys are
helping us and we appreciate it. We just want to have a dialogue on the
places where they are not.
Q - SuSe is very popular in Europe isn't it?
SuSe is very popular in Europe and it is a technically good
distribution. I am concerned whether or not hey can maintain their
financial independence. You know when IBM owns Red Hat and Novell owns
SuSe, or whatever, I worry if things are going to be quite so nice
as they are today. I have friends at IBM and Novell but they're big
companies and they have the concerns of great companies.
Q - Seems like there will always be tension for large companies looking
to make a profit and Open Source policy. How do you see this in terms
of sponsorship in OSAIA?
BP - I think that there are some vendors with a conflict of interest
who'll never join this. We also have this interesting situation where
most of these companies are already in CompTIA, which operates the
initiative for software choice, which operates against open source
lobby in government. There are members of AEA, which was a major
part in killing an open source bill in Oregon. So they've already got
conflicts. And we should point them out so we can encourage them to join
this organization and have them talk out of both sides of their mouth
successfully :-). There will be continuing tension. And that's what
political life is all about. You don't want it to be the leftist nirvana
nor the capitalist land Barron nirvana. You want it to be somewhere in
between where most people are reasonably well served and no one is happy
with the compromise. And that is what we'll get.
to post comments)