User: Password:
Subscribe / Log in / New account

Leading items

The future of the FUD mill

There's yet another Microsoft-funded analyst study out there; this one, done by VeriTest, compares deployment times for Microsoft Windows Small Business Server and Red Hat Enterprise Linux. No doubt everybody will be surprised to hear that the study (available in PDF format) concludes that Windows is better. Four tasks were set out: install the system with basic services, set up performance monitoring and reporting, set up an intranet web site, and configure the network for remote management. Doing these tasks with Windows took, they say, 4 1/2 hours and 125 steps. Linux required 7 1/2 hours and 555 steps.

It is not hard to poke holes in the study, of course. Somehow it was possible to set up an intranet server on Windows with zero steps - but it still took seven minutes. Somehow the report didn't comment on the discouraging time per step required to accomplish this task on Windows. Errors made by the (Microsoft-hired) consultants performing the Linux installation were counted as steps. Tasks like checking the system with nmap were also counted. Setting up remote administration took 100 steps; we could suggest a shorter way of doing that:

  1. Enable sshd.

The VeriTest people, instead, set out on a series of tasks involving installing the kernel source, setting up PPTP, and carrying out several tasks on the Windows client - all of which counted as steps, of course.

One could go on about this report for a long time; see, for example, the letter from Leon Brooks on this week's Letters Page. The more interesting development, however, is that Forrester Research has, after having Microsoft trumpet one of its studies, issued this statement on the integrity of its reports.

Recently, in two isolated and unrelated cases, we conducted privately sponsored studies for two vendor clients. We stand by the integrity of both studies. However, we erred in allowing those clients to publicize the research findings. In response to these two isolated events, Forrester has taken immediate steps to tighten our internal process and clarify our Integrity Policy. As part of this clarification, the company will no longer accept projects that involve paid-for, publicized product comparisons. This move revalidates and strengthens Forrester's research integrity.

Forrester, in other words, is getting out of the analyst-for-hire FUD business. Given that this business can only be lucrative, Forrester's decision to leave it behind is worthy of note.

FUD-for-hire has long been an important business tool in the technology world. Analysts have been happy to have the business, and they have been able to live with the fact that their output always seems to support the sponsor's agenda. Technical journalists have long liked these reports; they can easily be cast into a story without requiring much in the way of creative or critical thought. The whole system worked smoothly as a way of shaping public perception of technology products.

Something has happened over the last decade or so, however. The net has made it easy for interested parties to rip apart biased or poorly-done studies. And the rise of free software has greatly increased the number of people who feel some sort of ownership interest in the systems they use. As a result, anybody publishing a report critical of free software had better be very sure of his ground, because that report will be subjected to intense scrutiny. Some of the people performing that scrutiny will know far more about the subject manner than the analysts who wrote the text, and they will not be afraid to say, in public, what they think. Shoddy research and skewed studies do not fare well in the modern environment.

It has been noted for years that FUD attacks on Linux tend to backfire; even Microsoft has commented on this fact. The combination of the net and the Linux community has managed to neutralize - or at least strongly diminish the effect of - FUD. Analyst companies which are seen as taking part in outright FUD attempts have seen their own credibility suffer; remember MindCraft? Now some analyst companies, concerned about the perception of their integrity, are realizing that the FUD business is a poor place to be in the long run. That is a victory for the Linux community, and for the level of technology industry discourse in general.

Comments (5 posted)

An Evening with Bruce Perens

October 8, 2003

This article was contributed by Joe 'Zonker' Brockmeier.

Bruce Perens was in Denver this week for IBM's Linux strategy briefing and offered to speak to the Colorado Linux Users and Enthusiasts (CLUE) Linux User Group the night before the IBM event. The talk was billed as "The Future of GNU/Linux and Free Software," but Perens talked a great deal about the history of free software as well.

After covering his history with Linux and the open source movement, Perens turned to current events. He talked a little bit about how many companies doing Linux-related business suffer from multiple personality disorder. On the one hand companies like HP are looking to push Linux and are trying to embrace Linux and do the right thing for the Linux community. On the other hand, these companies have to maintain relationships with companies like SCO and Microsoft and participate in groups like CompTIA that actively work against open source. Perens cautions the community to pay attention to everything a company does, not just its support for open source.

We know that both Hewlett-Packard and the other members of CompTIA were sponsors of the so-called Software Choice Initiative, which works against open source. So, it's important to watch our friends.

Perens also noted that the next likely legal attack against open source would be via software patents, and said he thinks its unlikely that corporations like HP or IBM would help the community in that event.

Though Perens says he hasn't made up his mind yet, he indicated he was thinking seriously about trying to form a community-driven answer to Red Hat's enterprise products.

I'm wondering if it's time for a grass-roots enterprise Linux, and the way I figured I would do this... is first of all take Debian, why is there a Fedora project when there's Debian, a ten-year-old project with all its policies done...with over a thousand developers? That is what the Fedora project should be. Take that, and get together the community of enterprise users who depend on Linux and really want a zero-cost enterprise distribution.

After the talk, we caught up with Bruce for a few minutes one-on-one to ask about issues not covered during his talk, and to get further information on the grass-roots enterprise Linux effort. The first question was about the disagreement between the Free Software Foundation and the Debian Project over the GNU Free Documentation License (FDL). Perens has helped mediate between the groups, and says that they're on their way to working it out.

I wanted to take the emotion out of the whole thing, and it looks like we're succeeding at that. I'm not tremendously happy to have coverage of Debian and FSF bickering, we have a lot more important things going on.

I think that it's going to take care of itself more or less now. You probably will have some conference calls that are exciting... I'm not asking either organization to compromise with each other, I'm asking each organization to follow their own rules. I feel that it's not permissible for Debian to compromise its ethos for FSF nor is it permissible for the FSF to compromise its ethos for Debian and resolution of this issue does not call for either.

Perens also clarified his thoughts on a possible "grass-roots" enterprise-ready Linux distribution:

It's something I'm still thinking about. I think I will go ahead and do a call for people to work on it. Obviously I'm open for people who want to discuss it. The project is not yet announced. I really debated this in my own head for weeks now, and part of the reason was that, I feel that it's a big personal expense to me to do any large project. On the other side every open source thing I've ever done has paid back much more than I've put into it... I feel that I must participate because I'm one of the few people in the community with the cachet to pull this off, who can talk to all the people on the executive side and all the people on the community side and has reasonable credibility with both of them. That doesn't mean I have to run it, definitely doesn't mean I want to be its CTO, it does mean I would be evangelizing it publically for quite some time.

I'm thinking about whether it is time for the community... to provide directly a Linux distro certified to LSB and to proprietary software providers that are willing to do so, guaranteed to be free software and free beer, free speech and free beer. A certified distribution that is zero cost, free software... and I'm convinced that creating a Linux distribution is a expense-sharing system rather than a profit-making system, even Red Hat now admits this as they attempt to offload production of their distribution to the community.

We also asked Perens how he felt about companies that use open source software, but do not contribute substantially to the projects they use.

I have a scale for commercial collaborators with the community. It has four points. It runs benefactor, partner, user, parasite. Benefactor: NASA's a great example. They funded most of Linux's Ethernet drivers at one time. At that time they were not able yet to make extensive use of Linux, now they are. They put in more than they got out. Most companies would not want to be benefactors, it looks bad to your stockholders.

Partner is what companies should be if they expect the cooperation of the free software community. At Hewlett-Packard, we could not get them to help us with the IA-64 kernel until we made the printers work. Very good lesson for companies, we put out 60 printer drivers on Linux because of that.

User is a company that makes use of Linux and open source that complies with the licensing, but does not make any contribution unless they just can't avoid it. The usual GPL. I put Linksys in the user category if they finish resolving the issues they're working on with the FSF right now. Linksys is a division of Cisco, a very big company, that's important.

Parasite, SCO comes to mind. They're making fraudulent claims to get value out of the Linux and open source community by kiting their stock and you can quote me on "fraudulent," "libelous," "slanderous," no problem with that. Other parasites, well who sold Linksys and Cisco that wireless access point? A chip company with a "B"... a number of engineering companies that seem to be in Taiwan and Korea, transfered intellectual property that was not theirs to Linksys and Cisco, in ways that did not comply with the licensing, leaving these companies whose goodwill we want out of compliance with our licenses and they don't know how to resolve the problem. So I don't like it because those Taiwanese or Korean companies made us enemies with Cisco when we want those guys to put Linux in their next product, we just want them to comply with the licenses and they should have been given full directions for doing so when they bought those WAP designs.

Finally, we asked Perens if he had any thoughts on Eric Raymond's prediction that Sun is doomed.

Yeah, I wish Eric hadn't written that, actually. At least not quite the way he wrote it, because first of all not having worked at HP as I have, Eric doesn't understand how long a company can run on a legacy product which is an extremely long time. And, secondarily, I think Eric was angered by things Sun has been saying about Linux not belonging in the data center and Sun's explicit collaboration with SCO spreading FUD. However, Sun also helps us. Remember what I said about corporate multiple personality disorders. They've done $70 million dollar investment in OpenOffice, and I don't see where it paid off for them. They bungled the strategic aspect of it, they need help with it, but it was a very large contribution to Linux and open source. So, first of all, Sun's not going away, they're not dying. If anything, they'll be acquired. They're still a company with some value, and obviously their price is becoming more attractive. Who will acquire them? I think it's either Microsoft or IBM.

We thank Bruce for taking the time to talk with us.

Comments (27 posted)

VeriSign backs down - for now

The September 18 LWN Weekly Edition asked "whose Internet is it?" in response to VeriSign's deployment of its "SiteFinder" service. SiteFinder is an attempt to profit from mistyped domain names; it is implemented as a set of wildcard entries in .com and .net which direct the user to VeriSign's paid index pages. VeriSign's unilateral change broke a number of network services, modified how DNS works with no input from anybody else involved, and raised a great many privacy concerns. Nonetheless, VeriSign seemed determined to weather the storm and keep its changes in place. That is not a surprising position, given that the company expected SiteFinder to generate a revenue stream in the millions of dollars.

Among other things, VeriSign had ignored a request from the Internet Corporation for Assigned Names and Numbers (ICANN) to suspend the service. It would seem, however, that ICANN is not entirely without clout - or value. On October 3, ICANN sent a more strongly written letter to VeriSign:

In addition, our review of the .com and .net registry agreements between ICANN and VeriSign leads us to the conclusion that VeriSign's unilateral and unannounced changes to the operation of the .com and .net Top Level Domains are not consistent with material provisions of both agreements....

Given these conclusions, please consider this a formal demand to return the operation of the .com and .net domains to their state before the 15 September changes, pending further technical, operational and legal evaluation. A failure to comply with this demand will require ICANN to take the steps necessary under those agreements to compel compliance with them.

In response, VeriSign grumbled a little, then removed its wildcard entries and turned off the service. However, anybody who thinks that VeriSign has seen the light and realized that, as the steward of a public resource, it needs to act in a more responsible manner would be well advised to read this column by Mark McLaughlin, a VeriSign VP.

ICANN appears to have bought into claims that the Internet has broken or will break. Anyone who has used it in the last three weeks knows that claim to be false. More likely, ICANN caved under the pressure from some in the Internet community for whom this is a technology-religion issue about whether the Internet should be used for these purposes.

The company also had some strong words at the special ICANN meeting held on October 7. Among other things, it said that it may have other surprises to spring on the net in the future. VeriSign, in other words, is absolutely unrepentant. This company's history suggests that it will not give up on the SiteFinder idea anytime soon. At the moment, it appears that the net's governance mechanisms have brought about the right result. But it would be a mistake to assume that this particular episode is over.

Comments (5 posted)

Quick SCO update

Many people have wondered how it could be that SCO's stock price continues to increase even as the company's claims are publicly torn to pieces. A partial answer to that question came to light this week, in the form of this SEC filing. It would seem that Royce & Associates, the manager of the "Royce Technology Value Fund," now owns over 1.4 million shares of SCO. That is, as it turns out, over 10% of all the outstanding shares in the company, and almost 20% of the shares in active circulation. For whatever reason, Royce has made a huge bet on SCO, and has managed to keep the price high in the process.

This fund is managed by Jonathan Cohen; some information about Mr. Cohen and SCO can be found on this page. Among other things, he has been talking up SCO stock in a number of forums; see, for example, this posting on MSN/CNBC. "Cohen said the company's stock has done well this year on the back of solid fundamentals. It has an enormous base of intellectual property rights, he added." Solid fundamentals indeed.

Meanwhile, more documents on the IBM case, and, in particular, the pre-trial discovery process have come to light; they can be found on the always useful Groklaw site. There's some fun stuff there. Consider the following from "Exhibit E," SCO's response to IBM's discovery demands:

Please identify, with specificity (by product, file, and line of code, where appropriate) all of the alleged trade secrets and any confidential or proprietary information that plaintiff alleges or contends IBM misappropriated or misused...

...SCO notes that discovery has just begin and it has not yet received responsive discovery from IBM that would allow it to fully answer this question because part of this information is peculiarly within the knowledge of IBM.

SCO responds to a number of questions in this way. One way of translating this response into English would be something like "we don't know, we were hoping IBM would tell us." It is hard to imagine a judge being impressed.

IBM also asked for information on "any person on whom plaintiff intends to rely as a witness, declarant, or affiant in this action." SCO's response was "None at this time." Could the company really have no witnesses at all?

IBM has filed a motion with the court attempting to compel SCO to back up its claims. The company has also asked for an oral argument before the judge on the issue.

Good cause for oral argument exists because of the nature of the discovery issued upon SCO and the significance of its refusal to respond. SCO has the burden to prove the existence of a trade secret or misappropriation by IBM of confidential or proprietary information, and there is no presumption in SCO's favor in this regard... As a result, SCO's apparent inability to respond to IBM's interrogatories as required under the Federal Rules of Civil Procedure has potentially outcome determinative consequences.

In other words, if SCO can't back up its charges, it's time to call the show over. Nobody ever thought IBM's lawyers would make it easy for SCO.

Finally, Drew Streib is still trying to buy an SCO "Linux license," but still has not succeeded. "I can't believe that a sales force is this incompetent, or instead of that possibility, that SCO could be so blatantly outright in their lying about license availability." SCO also continues to state that it will not be sending out invoices because the "response has been adequate." One might conclude that the company is having second thoughts about its licensing program.

Comments (1 posted)

Authors wanted

It has been the better part of a year since we first started taking externally written articles for LWN. That effort has had its ups and downs, but, overall, we have been pleased with the result. Externally contributed material has allowed us to bring new content and viewpoints to LWN. We have convinced ourselves that we can bring in more content and maintain the quality of our publication.

So, the time has come to expand our external author program. Writing for LWN will not be easy; as editors, we are fussy and difficult to please. And it certainly will not be a path to riches, or even away from the day job. But it is a way to get your byline out there and help us make a better LWN. If you think you might be interested, please take a moment to look at our author guide. If you're still interested afterward, we would like to hear from you.

Comments (none posted)

Page editor: Jonathan Corbet
Next page: Security>>

Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds