Letstalk == FAIL

January 29, 2008 Leave a comment

I was quite excited when I found out I had been excepted into the N810 maemo device program. I own an N800 and really like it. Nokia is doing some really interesting things with both the N-series and Open Source, so I was looking forward to being able to get an early look at the device and post about it here. I even had plans to give away my N800 to someone who was willing to do something interesting for maemo. It has been epic fail ever since. The main target of the program was developers (so they could get early access to develop), documentation writers (so they could get early access to write docs), bloggers (to stir up interest), community supporters, maemo evangelists – well, you get the idea… early adopters and influentials. The first thing that struck me as odd was that this program made the device available long after the device was available to the general public. Ironic, considering the target market. For the deal I was getting though, I was happy to let this slide. Then came the mix up with discount codes. As this point, the device has been available in stores for about two months. The problem has been pretty well documented. I still held off on commenting. Hiccups happen (especially when the size of a program is so small, compared to the size of Nokia). They were doing a good thing, I figured, and I really like the N800 – so I’ll cut them some slack.

Then, I am finally able to place my order. I figured I’d still have the device in time for SCALE, where I could show everyone how great it was. The device came with 2 day shipping standard. About 5 days later, still no N810. I log in to check the status of my order. Status: CANCELED. No call or email from Letstalk, just canceled. I thought it might be a mixup, but yesterday I got an email saying the order was canceled (with no explanation). So, today I call Letstalk. They don’t seem to be 100% sure why the order was canceled, but it may be because I have placed too many orders with them in a short period of time. I have never even heard of this company, let alone order anything but this N810. So, I try to place an order over the phone. First, they tell me I’ll have to transfer to a different department right after my order, or else it will be auto-canceled again. Odd, but whatever. Then, they can’t get the developer discount code to work. A couple times on hold and finally that is resolved. Then, they place the order with a completely made up address (I kid you not – after telling him my address multiple times and having my previous order to look at… the confirmation email I got said Michigan). Another call and they straighten out the address, but my order has to be “confirmed”. Another call for that. The rep explains that they will need to call my bank and verify the shipping address and some other information. Sure, no problem. About 20 minutes later he says that the bank has confirmed all my information and identity. He now needs my SSN so he can access some public records and verify three questions. At this point, I canceled the order. I’m not sure what would have been needed after I answered the three questions, but I assume it would have involved a blood sample. If you getting word directly from my bank is not good enough, what is?

So, I guess I won’t be getting an N810 after all… which is a shame. I’ll certainly never do business with Letstalk again and it really reflects poorly on Nokia as well. The N-series is fantastic in general and the N810 looks to be the best yet. Nokia just bought Trolltech and seems to be moving more and more toward Open Source. I really do wish them the best, but I hope they wise up to the fact that Letstalk is giving them a very bad image.

–jeremy

Filed under maemo, Nokia

Nokia to acquire Trolltech to accelerate software strategy

January 28, 2008 Leave a comment

Continuing what is becoming a popular trend, another Open Source company has been acquired. This time it’s Nokia acquiring Trolltech, who are best known for QT and Qtopia. From the press release:

Espoo, Finland and Oslo, Norway – Nokia and Trolltech ASA today announced that they have entered into an agreement that Nokia will make a public voluntary tender offer to acquire Trolltech (www.trolltech.com), a company headquartered in Oslo, Norway and publicly listed on the Oslo Stock Exchange. Trolltech is a recognized software provider with world-class software development platforms and frameworks. In addition to the key software assets, its talented team will play an important role in accelerating the implementation of Nokia’s software strategy.

Nokia will offer NOK 16 per share in cash. The board of directors of Trolltech has unanimously recommended that its shareholders accept Nokia’s Offer. Holders of 35,024,830 shares, representing approximately 66,43 % of Trolltech’s issued shares and votes have as of January 27, 2008 irrevocably undertaken to accept the Offer. Haavard Nord, Vuonislahti Invest AS (controlled by Eirik Chambe-Eng), Teknoinvest and certain funds managed by Index Ventures are among the shareholders who have agreed to tender their shares to Nokia.

The acquisition of Trolltech will enable Nokia to accelerate its cross-platform software strategy for mobile devices and desktop applications, and develop its Internet services business. With Trolltech, Nokia and third party developers will be able to develop applications that work in the Internet, across Nokia’s device portfolio and on PCs. Nokia’s software strategy for devices is based on cross-platform development environments, layers of software that run across operating systems, enabling the development of applications across the Nokia device range. Examples of current cross-platform layers are Web runtime, Flash, Java and Open C.

It’s good to see that Nokia has explicitly confirmed its commitment to keeping Trolltech products Open Source and available under the GPL. I think the move makes quite a bit of sense, although I remain unsure what the real future of Symbian is. Nokia is creating some really interesting devices (although I am still waiting for my N810). It should be noted that while QT forms the base of KDE, devices such as the N810 currently run Gnome. Congratulations on another successful Open Source exits. With the current trend, it’s unclear how much longer we’re going to have “Open Source companies”. It seems that more and more, Open Source is simply being seen as a logical way to develop software, even in historically proprietary companies.

–jeremy

Filed under Nokia, Open Source

Bill Gates Issues Call For Kinder Capitalism

January 24, 2008 Leave a comment

I almost didn’t post this, but… does anyone find it ironic that one of the richest people in the world, one who amassed his fortune through crushing competition (often using obviously illegal tactics), leveraging monopolies and being quite often just generally anti competition and flat out predatory is now calling for kinder capitalism. Don’t get me wrong, I am whole heartily for helping others. If you’re doing well for yourself, I highly recommend you visit 10over100. I’m a huge proponent of Kiva and other local organizations. This world clearly needs change. This, however, just seems a bit hypocritical. We’re talking about someone who derided CEO’s for having “finite greed”. To quote Adam Smith, who argued against monopolies, is almost comical.

As Bill ages, I’d guess he’s reflecting on his life and the impact he’s had on the world. What he’s done and how he’s done it. He’s worried about his legacy, his spot in history. This seems quite common, if you think about it, but at least the robber barons of yesteryear (think Carnegie, Rockefeller, etc.) poured their ill gotten gains into infrastructure that could make a long lasting difference. The hospitals, research centers, universities, libraries and other centers they built are still paying huge dividends to mankind today. Hopefully what Mr. Gates does will do the same, but it doesn’t seem like it’s infrastructure he’s interested in.

In the end, on one hand I certainly commend him. He looks to have the best interest of human kind at heart. Regardless of how he obtained the money, that’s a great thing. Hopefully the investments he makes will benefit the world for lifetimes to come. Tying aid to the use of Windows, which Microsoft recently did, most certainly does not qualify. When the history books of tomorrow are written, how will we look back on William Gates? That remains to be seen.

I should note that I consider commercial Open Source a sort of “kinder capitalism”. It almost inherently protects against monopolies and therefore should provide a more even distribution of wealth, it avoids lock-in, provides better value for the consumer and by nature almost guarantees that a company focus on what the client wants and not how to artificially inflate the value of 0’s and 1’s. Proprietary software has its place and will have a place for a long time to come, but Open Source is surely kinder and gentler. Of course, I may be a bit bias ;)

–jeremy

Filed under Microsoft

Sun acquires MySQL III

January 21, 2008 Leave a comment

Another quick follow up, hopefully my last on the topic (at least for a while). Things are finally starting to quiet down a bit on the MySQL Sun acquisition front, but I wanted to post a few recent links I’ve run into.

Jonathan posted a little about how the deal went down, how in will impact partners/employees and some other tidbits from an internal Sun perspective.

Are there revenue synergies in the deal?

Everywhere we look.

Where are the revenue synergies?

The more interesting question is “where aren’t the synergies?” Wherever MySQL is deployed, whether the user is paying for software support or not, a server will be purchased, along with a storage device, networking infrastructure – and over time, support services on high value open platforms. Last I checked, we have products in almost all those categories.

In addition, the single biggest impediment to MySQL’s growth wasn’t the feature set of their technology – which is perfectly married to planetary scale in the on-line/web world. The biggest impediment was that some traditional enterprises wanted a Fortune 500 vendor (“someone in a Gartner magic quadrant”) to provide enterprise support. Good news, we can augment MySQL’s great service team with an extraordinary set of service professionals across the planet – and provide global mission critical support to the biggest businesses on earth.

Where will you take MySQL next?

That’s a question you’ll need to vector to MySQL – both before the acquisition (given that we’re still separate companies), as well as after. We’re not acquiring them to tell them what to do – we acquiring them to listen. To their leaders, their community, and their customers.

And having listened to about 10 customers face to face over the past couple days, I’ve heard only one comment, made consistently – “Congratulations, this is absolutely fantastic news for all of us!”

I totally agree.

marcf is still left scratching his head a bit.

So I will repeat the party line as if I had understood it.

MySQL is everywhere (true). They had flat revenues because they couldn’t monetize their installed base due to lack of services (probably true). SUN will be able to monetize this by bringing to bear a huge structure that gets it and will sell, sell, sell (maybe if they don’t mess up the integration and SUN has a really bad track record here but whatever). The most insightful thing I have heard from a good friend is “the margins on MySQL will be higher than anything they have seen in hardware”.

So I turn to other aspects of analysis. Vanity provides some avenue of progress. PTB’s quote that this is “the most significant acquisition for SUN” points to a CEO wanting to make his mark on the company he heads. It is vanity, but in this particular case, vanity served by intelligence so it is worthy of praise as it shows COJONES.

The most signal I get is in marketing. For anyone that doubted that SUN wanted to be a software company, this is it. I mean how more serious a signal do you need. SUNW makes 13B in hardware and is saying loud and clear: software is our future.

Because, unlike IBM and ORACLE they have NO SW business to speak off, they can embrace OSS fully. Fair enough. All I have to say to them is God Speed to them.

Stephe posts about business models and how Sun is evolving its message.

Christensen is the first to point out in his presentations that what he originally called “disruptive technology” in The Innovator’s Dilemma was later observed to be a “disruptive business model” by Andy Grove during a presentation at Intel. (The book had already gone to print, and so we now have loads of technology companies running around thinking their technology is more important than their business models.)

Christensen models demonstrate that a disruptive business model generally begins with an inexpensive “inferior” technology offered at a lower price in a different margin business model that enables customers either to do something they’ve never been able to do or to avoid the expensive control point. The “inferior” technology matures as the business grows and eventually the business grows into mature markets (i.e. the business model is disruptive). Think Linux from undergraduate project in 1991 to the IBM and Red Hat/MSDW Wall Street keynotes at LinuxWorld in 2002. So too with MySQL.

IBM evolved to be a company that offered their customers all the technology choice AND the expertise to knit it together into a coherent unique customized solution. It doesn’t matter how imperfectly true that statement may or may not be — but rather what customers perceive it to be. That doesn’t mean IBM isn’t happy to push an IBM-centric technology agenda, but it’s the customer relationship that’s important (since they’re the people with the money and the choice) and IBM focuses on ensuring they have the breadth of product offering to best map their customers’ self-selected heterogeneous needs. They are no longer the “Selectric” company and have even evolved with the networked IT world to be more than the “mainframe” company. IBM continues to build their message around open systems, standards, and open source, which suits their customer’s heterogeneous decisions. IBM is the “data center” company.

Sun is also evolving its message and its offerings to suit their customers heterogeneous web-based applications needs. They’re building relationships with IBM, Microsoft, the Linux community, and now they’re acquiring MySQL. Sun is in a position to deliver a heterogeneous technology base to their customers’ heterogeneous needs and to shape a marketing message that began as technology slogans around “the network is the computer” and “the dot in Dot Com” into a customer centric idea like the “Web” company. That doesn’t mean they won’t meet severe competition from IBM for which idea word is more important in customers’ minds, but they’re still in the game after being counted out too many times in the past.

It seems pretty clear to me that people are seeing this acquisition from a ton of different angles. Opinions vary quite a bit on this one, and a lot of it is going to come down to execution and integration. Overall I think it really could be a great pickup for Sun and a real win for Open Source. As you can probably tell, I’ll be keeping a close eye on this one.

–jeremy

Filed under Open Source Tagged with ,

Sun acquires MySQL II

January 17, 2008 5 Comments

A quick follow up to a previous post. The buzz created by the Sun acquisition announcement is still going strong. I’m still digesting the news and doing additional reading, but here are some interesting items I’ve run across.

Other Open Source database participants have been quite positive about the news. Josh Berkus, a member of the PostgreSQL Core Team and a Sun employee, was quick to welcome Brian Aker and the MySQL team aboard. You can see comments from Andy Astor, of EnterpriseDB here. This is friendlier stuff then you typically see in the proprietary world. I think that’s a function of both Open Source being different and us still being quite early on the adoption curve (where a rising tide is seen as lifting all boats).

From Matt: Guess how long the entire process, beginning to end, took? Five weeks. From the first phone call to today’s announcement, the deal took five weeks. That time frame is absolutely astounding. With a company the size of Sun, getting a simple partnership deal done usually takes more than five weeks. To have an acquisition of this size pulled off (Sun spent about 36% of its cash on the deal) is a testament to how bad they wanted a deal done.

Here’s a quick comparison to the BEA deal by Savio:
First off, kudos to Sun for valuing MySQL at this price. The deal represents ~36% of Sun’s Cash & Cash Equivalents (of $2.7B) on hand at the end of their last quarter (Sept. 2007). But considering how cheap debt is these days, Sun could probably fund a portion of the deal through cheap debt.

A reader commented on BEA and MySQL being founded in the same year, but BEA being sold for 8x more than MySQL. True, but BEA has ~$1.5B in revenue versus ~$60M for MySQL. When you take revenue into account, MySQL secured 3x more in acquisition price for every dollar of revenue than did BEA. OSS vendors must be sleeping with dollar signs in their eyes tonight….

Here’s a Q&A with Stephen O’Grady:
Q: So does that make this “We’re the Dot in the Dot Com,” the sequel? With the commensurate crash to follow?
A: Some would contend that’s the case, yes. Particularly a couple of members of the media we’ve spoken with. And of course it is possible that the model propping up Google’s immense valuation and those similar to it will prove to be similarly illusory. But somehow I doubt it. The fact is that the Google’s of the world have made real what Sun itself could not: a network that is, in fact, the computer. And the Google’s of the world, far more often than not, run on MySQL. Via this single acquisition, Sun’s made itself a relevant vendor in a space that very few, if any, of the larger commercial systems suppliers can play in.

Whether you agree with the valuation or not, YouTube sold for $1.6 billion, and consumed virtually no software from any of the major vendors. If that acquisition was to take place today, they would have been buying from Sun.

Not everyone is seeing this as a positive. Jay worries about the large company syndrome and Ben wishes Sun would focus on their core. Sun’s poor history with acquisitions seems to come up a lot, but none of those were under Schwartz.

Some additional comments:

* The MySQL founders are happy with the deal. That’s a good thing.
* Who this impacts and who else could have pulled off an acquisition seem to be popular questions. I’d say the latter is a fairly small list: Oracle, Red Hat, IBM and maybe Google or Yahoo. Who it impacts remains to be seen, but I think the implications will be pretty far reaching.
* The possibly Google/Yahoo above brings me to an angle that I haven’t seen much commentary on. I’d expect Sun to offer some kind of “MySQL in the cloud” service that could be one component in a service offering that competes with Amazon an its S3/EC2/SimpleDB offerings.
* It’s clear that Sun has made a significant investment in the M from LAMP here. I continue to question how they feel about the L in LAMP though. This seems to be one of the biggest sticking points people have. Will MySQL focus less on Linux (which leads both MySQL sales and downloads by far, from what I understand) and more on Solaris? Will Sun push Solaris while selling MySQL? More questions than answers on this one, so we’ll have to wait and see.
* I’d expect a couple long time MySQL employees to cash out after this and quickly found some very interesting startups based on what they did at MySQL AB.

That’s all for now.

–jeremy

Filed under MySQL, Open Source, Sun

Sun acquires MySQL

January 16, 2008 1 Comment

Sun made a huge announcement today. They are acquiring MySQL AB, for roughly $1,000,000,000. From Jonathan:

But the biggest news of the day is… we’re putting a billion dollars behind the M in LAMP. If you’re an industry insider, you’ll know what that means – we’re acquiring MySQL AB, the company behind MySQL, the world’s most popular open source database.

You’ll recall I wrote about a customer event a few weeks ago, at which some of the world’s most important web companies talked to us about their technology challenges. Simultaneously, we gathered together some of the largest IT shops and their CIO’s, and spent the same two days (in adjoining rooms) listening to their views and directions.

Both sets of customers confirmed what we’ve known for years – that MySQL is by far the most popular platform on which modern developers are creating network services. From Facebook, Google and Sina.com to banks and telecommunications companies, architects looking for performance, productivity and innovation have turned to MySQL. In high schools and college campuses, at startups, at high performance computing labs and in the Global 2000. The adoption of MySQL across the globe is nothing short of breathtaking. They are the root stock from which an enormous portion of the web economy springs.

But as I pointed out, we heard some paradoxical things, too. CTO’s at startups and web companies disallow the usage of products that aren’t free and open source. They need and want access to source code to enable optimization and rapid problem resolution (although they’re happy to pay for support if they see value). Alternatively, more traditional CIO’s disallow the usage of products that aren’t backed by commercial support relationships – they’re more comfortable relying on vendors like Sun to manage global, mission critical infrastructure.

This puts products like MySQL in an interesting position. They’re a part of every web company’s infrastructure, to be sure. And though many of the more traditional companies use MySQL (from auto companies to financial institutions to banks and retailers), many have been waiting for a Fortune 500 vendor willing to step up, to provide mission critical global support.

In addition to the current MySQL offerings, Sun is unveiling new global support offerings. This has huge implications, not only for Sun and MySQL… but for Open Source in general. MySQL AB was one of the hottest commercial Open Source companies. Almost everyone thought they were headed for a 2008 IPO. Sun was already one of the largest contributors of Open Source in the world, but this puts them at the epicenter of the LAMP stack. How this will impact their on again off again relationship with Linux remains to be seen, but I’m already seeing promises that this acquisition will not impact MySQL support on non-Solaris platforms.

As you can imagine, the blogosphere is buzzing due to this announcement. I’m still digesting the news and doing as much research as I can, but the real implications of this will not be fully known for some time. I’d like to congratulation the entire MySQL AB team. Monty and David have built not only a wonderful product but a fantastic company. This is well deserved. Marten has been an exemplary Open Source CEO. Congratulations should also go to Sun. They continue to prove their dedication and understanding of Open Source. This is a fantastic pickup for them and I think it could be a great fit.

I’m sure I’ll have more to say about this once I have a chance to do more research and think about it further, but in the meantime here is some additional reading:

Zack Urlocker
Q&A from kaj
Press release
Tim O’Reilly

–jeremy

Filed under Linux, Open Source, Sun

Ruby company raises $3.5 from Benchmark

January 15, 2008 Leave a comment

marcf takes a look at a recent VC deal and makes a couple comments on both services as a business model and Open Source.

b/ FALSE: the future of the software industry (as a whole) is services. I always enjoy it when in debate people mention the case of VMWare to evangelical OSS zealots. Here is a company that is creating vasts amount of technological innovation and money with a classic licensing model of software. When asked why they didn’t go OSS, the CEO responded “why would I do that?” It is embarrassing for the zealots that in this day and age one of the most successful companies is a proprietary software model. What? my ideology is not perfect? the good old model is still kicking arse? by orders of magnitude in terms of technology and, it goes without saying, financial value creation? I enjoy the squirming. The problem with the generalization above is that it assumes that proprietary license models are dying. That is just false, period. That ship is still sailing. Oracle, Microsoft, IBM, SAP are all growing healthily and running the money presses. The proprietary model is alive and kicking. The existence of OSS models DO NOT negate the proprietary models. GET OVER IT, both models will co-exist and thrive sometimes at the expense of each other, sometimes independently of each other. It is not a zero-sum game, there is value being created in both.

d/ In fact, witness the RUSH of OSS companies to emulate the proprietary licensing models to monetize their bases. The VC’s may have invested in service based companies but they are all becoming product license companies. It is not that they know something we don’t, au contraire, they are rediscovering what we all know: that giving away your core competency is a tough way of making money and nothing beats the good old proprietary licensing model. JBoss, MySQL have followed the example of RedHat with the “RHEL/FEDORA” split. AND THAT IS A GOOD THING, don’t get me wrong. That model is a proprietary distribution of OSS codebases. That is the engine that ignited RedHat’s revenue. The proprietary licensing model is still top dog and the OSS guys are falling all over themselves to emulate it. BTW, on this topic, I find that Savio Rodrigues, the “community blogger” from IBM is a more enlightened read. Maybe because he is from IBM and they literally wrote the book over the past 50 years? Going back to software as a driver for services and hardware? no problem it is called Global Services. Milking software licenses for all it is worth? no problem it is called WebSphere. Giving it all away? huh… no thank you, no!

e/ I don’t read this particular announcement as an announcement in a services model: these guys do run-time, and if they do run-time they will gravitate towards licensing models as ways to supplement revenue… why? just watch!

Marc is a smart guy and it’s always good to get as many different viewpoints as possible on a subject. I think it’s clear that Open Source creates better software. Period. But when it comes to business models, things are not nearly so cut and dry. Sure, many Open Source companies are doing fantastic. However, VMWare is just one example of a proprietary company that is also doing very very well. Commercial Open Source is still in its infancy. We still have a lot to learn. That’s actually one of the things I really enjoy about it. We have a chance to flip an entire industry on its head, while creating a lot of value (both financial and non-financial) at the same time. We can do good while doing well. Don’t get me wrong, I don’t think proprietary is going away any time soon. That doesn’t mean I think the future doesn’t hold great things for Open Source. It does.

–jeremy

Filed under Open Source

Is Apple Killing Linux on the Desktop?

January 11, 2008 1 Comment

It looks like some think that OS X may be “killing” Linux on the desktop. I’m not sure that’s the case, but it’s an interesting point to explore. It’s true that Apple has a much higher percentage of desktop users than Linux does. Even if Linux grew at a faster rate in the time period given, it was off a much smaller base (and is still under 1-3% by most accounts). In most cases though, I don’t think you can definitively say that if a user didn’t go with OS X that they would have gone with Linux. Apple does a lot of things really good. Marketing is certainly one of them, but they do create slick machines that are very appealing. The fact that most traditional UNIX tools work with OS X is huge. I do think the “they just work” part is a bit overblown, but it’s certainly a better out of the box experience than Linux. That being said, many of the things that make that out of the box experience possible are the reasons some people switch to Linux. You want OS X, you have to purchase an Apple. The lock in involved with the Apple experience is actually worse than with Microsoft. So if it’s a UNIX-like OS with a shiny GUI that you’re looking for, OS X may indeed be what you want. If freedom is what you’re looking for, Apple is probably not for you.

Don’t take this to mean that I don’t like Apple. I think they are doing some really cool things. They are at times Open Source friendly and are creating real choice in the mass OS market. I think people are getting increasingly frustrated with Apple policies and practices though. The evidence isn’t too difficult to find. Apple really has little incentive to have pro-customer policies. If you want an iPod, an iPhone or OS X you don’t have any choice. If you want Linux, you can get hardware from any vendor you’d like. In the end, however, I’d still contend that more OS X sales are good for Linux… not bad. It gets people used to not using Windows. It introduces them to a UNIX-based OS. It opens doors that would be hard for Linux to open. Once the Windows monopoly is broken, it will be easy for all other operating systems to get a fair look. I welcome that day.

–jeremy

Filed under Apple, Linux

Open Source Code Contains Security Holes

January 10, 2008 4 Comments

That’s the title of a recent InformationWeek article. I hope this doesn’t come as a surprise to anyone. All code contains bugs, and some of those bugs may turn into security issues.

Open source code, much like its commercial counterpart, tends to contain one security exposure for every 1,000 lines of code, according to a program launched by the Department of Homeland Security to review and tighten up open source code’s security.

Popular open source projects, such as Samba, the PHP, Perl, and Tcl dynamic languages used to bind together elements of Web sites, and Amanda, the popular open source backup and recovery software running on half a million servers, were all found to have dozens or hundreds of security exposures and quality defects.

A total of 7,826 open source project defects have been fixed through the Homeland Security review, or one every two hours since it was launched in 2006, according to David Maxwell, open source strategist for Coverity, maker of the source code checking system, the Prevent Software Quality System, that’s being used in the review.

A couple comments. Looking at the defect rate for some popular Open Source projects, they are consistently way below the average:

* Samba was found to have a total of 236 defects, a far lower rate than average for 450,000 lines of code. Of the 236 defects, 228 have been corrected, said Maxwell in an interview.
* Linux came in with far fewer defects than average as did a number of other open source projects. The version 2.6 of the Linux kernel had a security bug rate of .127 per thousand lines of code.
* The Apache Web server includes 135,916 lines of code, which yielded a security defect rate of .14 bugs per thousand lines of code.
* The PostgreSQL database system contains 909,148 lines of code, with a .041 defect rate.

I think those numbers speak volumes about the Open Source methodology. Beyond that though, is the fact that a study like this can be done in the first place. That’s the real power of Open Source. Security defects aren’t hidden and denied. They are out in the open and actively being fixed. Security by obscurity is a myth.

–jeremy

Filed under Linux, Open Source

McAfee Issues Warning Over 'Ambiguous' Open Source Licenses

January 7, 2008 Leave a comment

Looks like the recent Software Freedom Law Center filings may have had some impact on how companies think. From a recent InformationWeek article:

McAfee frequently cautions other companies about the latest bugs and computer viruses, but the security software maker is now warning that its own business could be in jeopardy — not from some form of malware but from the fact that its products rely heavily on open source software.

In its recently published annual report, McAfee warned investors that the “ambiguous” license terms governing the open source software it uses “may result in unanticipated obligations regarding our products.

“To the extent that we use ‘open source’ software, we face risks,” McAfee warned.

McAfee said it’s particularly troubling that the legality of terms included in the GNU/General Public License — the most widely used open source license — have yet to be tested in court.

“Use of GPL software could subject certain portions of our proprietary software to the GPL requirements, which may have adverse effects on our sales of the products incorporating any such software,” McAfee said in the report filed last month with the Securities and Exchange Commission.

Among other things, the GPL requires that manufacturers who in their products use software governed by the license distribute the software’s source code to end users or customers.

This seems like a bit of FUD to me, promulgated by a company worried about its business model. Keep in mind that it’s always an option to not use Open Source code. It seems to me that McAfee wants to enjoy all the benefits that comes with Open Source code, without giving back in any way. The fact that the GPL code is good enough that they want to use it should speak volumes. Just how long would it take them to rewrite all that code? What would the associated costs be? There is no free ride, nor should there be one. The fact is, if more secure operating systems that treat security as a first hand citizen (note, I am not just talking Linux here) become more prevalent, companies like McAfee are in big trouble. I find it interesting that some companies continue to insist that Open Source code and security are in opposition. It should be obvious why peer reviewed code would end up more secure as time goes on.

–jeremy

Filed under Open Source, SFLC

Older posts

Newer posts