Wednesday, November 22, 2006

Why Google's approach to IP is unhealthy

OR

Who's afraid of the Affero GPL?

Howdy.

I was fortunate enough to catch a moving keynote by Eben Moglen, Head Counsel for the Free Software Foundation, at the Plone Conference in Seattle recently. Along with many great ideas on how Free Software answers economic questions of olde and is shaping a Brave New World for the 21st Century, Eben touched on a very sensitive point for me.

I'm going to take this opportunity to say that I am super unhappy with the approach to IP which has become common at dotcoms and to a great extent at Google, behind the dressed-up face of Google Code is the lore of Google's big secrets on how to solve, basically, every problem that anyone in the world has with large-scale computing for any purpose, and espescially for large internet sites.

So, just down the hall from your nearest "Don't be evil" sign, just past the Summer of Code sign-up sheet, someone has an employee manual which probably stipulates that it must be explicitly understood that Google's competetive advantage is in their superior ability to build distributed computing systems which are designed to allow many machines to fail without waking anyone up.

In the name of every pager-carrying sysadmin in the world, a public cry:

Please Share More.

Please. ;*-(

Seriously, have you guys *ever* modified some GPL code to make it crash less for Google.com? Please share, and share more of this infrastructure, and advertise that you are using world-class Open-Source software. AT&T, who just bought out SBC, one of the ma' bell subsidiaries, is not hurting in the long-run after giving away SysV. Software is not a competetive advantage, the genius army you have used Sequoia's money to hire is your competetive advantage. The software, on the servers, in its' running form is an asset, and maybe your ideas on search engine technology should be secrets, assets, but please, the distributed filesystem?

Rumour is that, when I telnet to port 80 on google.com, a modified version of Apache answers, or a web server which sits in front of Apache and other web and application servers answers. Under Affero GPL, it would probably be a violation to remove the Apache banner, and it would certainly be necessary for code.google.com to contain all patches that Google is using on systems which are publicly accessible, and even on proprietary systems for all users, paying or non.

I highly suspect that some of this secrecy is in the name of security - if I don't know Google.com is running Apache 2.0.38 or somesuch, and an Apache vulnerability is announced which affects this version, the likelihood of it affecting Google.com is, to some extent, reduced by hiding what is running, although I bet nmap could guess based on its' behaviour. ;)

In any case, Bruce Schneier, or any other decent Security Guru, and an average of 38% of American High School Seniors today, according to "New Scientist"[0], will tell you that Security by Obscurity is not a winning approach, and every now and again one of those high school kids decides to prove to the world that he is god and shut a bank or two down. ;)

So, who's afraid of the Affero GPL? I'd muse that probably most developers who use Free and Open-Source Software to provide a proprietary service to the public. Hey, there's nothing to be afraid of. Has anyone used the LiveJournal code to put them out of business? Nope, far more people have simple stolen their ideas, sans perl.


I'd also estimate that investors are shaky, and that this is why the developers are not highly promoting this idea. Here's a hint for when you talk to your boss about this: if your competitors use your software, and modify it, they also have to give it back. I'm pretty sure this would bring the sort of balance to network-based software offerings that today's GPL has brought to locally hosted applications - be they running on your own server, a leased server, or a desktop / workstation / notebook.

GoogleFS is no different from SGI XFS, IBM AFS, or any other technology which was designed to give one commercial entity's customers a competetive advantage over other companies by

[0] I'm joking about New Scientist, but not about the High School Seniors.

Wednesday, November 15, 2006

Plone for ACM.org

So, I noticed today this article on Planet Plone. Indeed, as I understand it, we are planning to launch Plone for the ACM and, progressively, all of acm.org's counterparts and the sites of any sub-organizations such as SIGGRAPH, SIGCHI, and conceivably SIGWEB as interested. Consequently, ACM SIGWEB has the only website I've ever seen which is not Plone, and advertises compliance with Accessibility Standards.

In any case, we are actually not running a public beta. The site at plonebeta.acm.org is simply a demo I have produced for the ACM IS team, and a place where I can demonstrate various products. Membership is closed, though it will eventually be open to all ACM Members, and many tools which could eventually be available to members may not be available to the public.

I just want to be up-front about this. From what I know, I don't think this was published in response to any announcement from the ACM, but more likely based on our url being in bug reports and being discussed on #plone. I love viral marketing, but I don't want anyone to get the wrong idea. We certainly do plan to announce a public beta in January and to sponsor future Plone events and conferences.

BTW, someone commented on the speed of Plone. Just this morning I dumped a diatribe of thoughts on Python and Zope-style application development, based on my thoughts over the past five or six years. Curious parties can read the living document here.