Old world and new world colliding

The last forthnight was an interesting one for closed source vs open source debate. This time, the two worlds seems to be colliding with a lot of fireworks flying around.

First salvo was Oracle's Ellison's interview by the Financial Times. I do not have a Financial Times subscription, so I only have access to an "excerpt" of the Interview Excerpt. It is widely reported and draw a response from IBM (See this article) and RedHat. Then there is the launch of Freespire Project. Freespire is the "open-sourced" version on Linspire. Linspire claims to be different from other Linux distribution on the issue of "close source" friendliness. Finally, a new news report emerged yesterday from the ZDNet network about "Banks not contributing to Open Source"

What do all three news items have in common? It is about traditional business model, the closed source approach, colliding with Open Source Development model. However, there are two twists here. The first twist here is we are sparkling this debate with money, not monopoly money but real money. The overwelming impression I got from Ellison's interview is that he is a businessman trying to control the market by out maneuvering his competition. He is prepared to spend money acquiring other companies if he can drive his competitors out of the market. He kinda demonstrated it with the InnoBase acquisition. However, this time it appears that he is really unhappy that RedHat has given him a taste of his own medicine by acquiring JBOSS.

The second twist is that all three episodes can be viewed as readiness to leech on open source. For the Bank vs Open source case this is obvious. In Oracle's case, Ellison had said that Oracle has no quirm in building on open source and cited Oracle's adoption of Apache as an example("No. If an open source product gets good enough, we’ll simply take it. Take [the web server software] Apache: once Apache got better than our own web server, we threw it away and took Apache."). In Freespire case, Linspire opens itself to accusation that it trying to profit from open source with respecting community value.

Other interesting tidbits:

• Oracle News: We got from the horse mouth, the conclusive proof we need (if one is really needed) that
  • Difficult to achieve vendor lock-in. Mr Ellision is interested to "lock-in" his customers to increase Oracle's value. His words about Oracle wants offering a "full stack" of software and willingness to acquire RedHat or Novell to give IBM headaches demonstrate this. However, he finds it difficult to attempt to control open source through traditional business methods such as acquisition and (unholy) alliance.
  • It is an impetus for innovation: Oracle uses Apache, but have to innovate on top of Apache to add value.
  • At risk of being accused of mentioning the obvious, Mr Ellison is very unhappy that RedHat bought JBoss.
  • Brian Profitt Editorial on this topic at LinuxToday is worth reading.
• Freespire case:
  • Although I do not think missing open source and closed source software the way Freespire/Linspire wants to is appropriate, I am willing to let Freespire/Linspire try it out and let the market decides.
  • PJ is obviously unhappy about it. She do raise a few valid points. She accused Linspire of "We [Linspire] like to make money from the community's free stuff without honoring community values" strategy. I would not go so far to accuse Linspire of "not" honoring community values, but will instead says that Linspire stretches community value too far. However, I welcome this challenge, a "value" is not worth its salt if it cannot withstand tests like this. "Values" do change and evolves. It is through challenges like this where values are rethink, reevaluated and emerge stronger than before.
• Banks vs Open Source :
  • Besides the fact that they make a lot of money, how do banks behaviour differs from that of other enterprises? Banks are consumers of technologies, not providers. Hence it is not surprising that they are not contributing especially they do not see themselves in the business of making technology better.
  • Through works for Banks, there are indirect contributions from Banks into open source. Their technology suppliers who build softwares for them, such as IBM might actually used open source program. They will therefore have to tinker with open source software and put them through its paces. It is very likely that these improvement do trickle into the community.
  • Banks are rather inept at technologies. It is not unheard of that they spend a lot of money on one piece of software just to see their staffs bypassing that investment. 

Victory for Whois Database Privacy

EPIC is carrying news about an important victory on the privacy of Whois database (the international database holding the information about owners of domain names), the body incharge of defining the policy on the use of Whois database (Generic Names Supporting Organization (GNSO)), decided that the Whois database is only to be used for the administration of the Domain Name. As EPIC points out, the ruling means that Whois data will not be expanded for other purposes, such as law enforcement and copyright investigations.

I am not arguing that the proposed "other" purposes of Whois Database has no merits, but they compromise the original purpose of Whois Database. While the Whois Database is by no means 100% accurate, allowing the database to tbe used for the purposes stated simply encourage people to hide their identity. For example, it encourage me to anonymized my detail not because I am involve in criminal activity, but simply to protect myself from unnecessary harrassment from authorities. The irony is, I do not think that I have  to save myself from the authority of the land I live in, but from other authorities who might take a dislike to my activity and has access to the Whois database.

I hope that the next step will be to restrict access to the whois database to the relevent people who has to perform the duty of Domain Name Registration. This will encourage Domain Name owner to supply accurate information. For example, I had received spam in the past (both email and snail mail) as a result of maintaining a proper Whois record. Some of them are legal but downright deceiving emails such as paper mail designed to look like "invoices" but with the small print "This is a solicitation, not an invoice". Luckily for me my domain name registrar took it upon themselves to shield me from these spam. I think people should only have access to their own whois records, and Domain Name Registrar should only have minimal access to allow them to perform their duty only.

The new policy is the first step in the right direction. 

Code Optimization Rule of Thumb

Russ Olsen wrote about the "Rules" for Java code optimization (or for any other language for that matter). To lend support to him, I will confess that what he said was true for my work. These are what I will add:

• " Before you can make something work fast, you need to make it work. "
  • My rephrase for this: "People are willing to wait longer time for better results. There is no point in generating the WRONG results faster."
  • Olsen probably said it better latter in the article: "How fast is broken?"
• "Rest assured, you don't know where the problem is"
  • This is always true. Takes his advice, profile your code first.
  • Perhaps most important is to understand the limitation of your profiling tools. In particular, uncertainty and error margin of each measurements.
  • Make sure you are profiling the code in the way you are expected to use it: There is no point optimizing code for tasks which are used once every year. Where human interaction with the profiled code is needed, they have to be taken into account. There are a lot of variables (beyond computing execution) that affects optimization. For example, although a subsection of code is painfully slow, if it is only to be executed between two human interaction events, e.g. two clicks, (i.e., it is constrained by human interaction time) it might not be worth the optimization effort than another subsection that is not as slow but require no human intervention.
  • Following on the previous point, try to put profiling the code as they are used. If you cannot afford to put profiling code in the actual code use when it is used, make sure your test case for profiling fit your usage well.
  • Think before you optimize the code: If the code is in flux (constantly changing), your optimization effort is going to be futile in the next revision of the code.
• "If [new optimized code] doesn't help, take it out"
  • From an optimization viewpoint, this is true. The new code does not help, it does not belong there.
  • From a practical point of view, if you keep the new code in it,
    • It is less robust than the original, if only for the simple fact that the original is tested code
    • The original code is better understood by the programming team. There is no merits in introducing the new code since it does nothing and only one person understands it.
  • There is some arguments against archiving the new optimized code somewhere in the hope that it will be useful one day
    • [Especially if the code is to replace some extremely well-worn code] The original code is unlikely to be modified. Thus, no possible use for new optimized code.
    • The original code evolves with time. Hence, the optimized code obsolete.
    • Probably only the programmer knows about the optimized code.
  • However, I think there may be merits in keeping the new optimized code, not for optimization reasons, but for reasons such as better code organization, better architecture etc. This have to be weighted against the numerous disadvantages of "modifying a working version of the program code". Sometimes, the risk can be worthwhile.
  • "Know where to stop"
    • Before one begin, define the "Stop" criteria.
  • "But much of the time optimization is the process of taking nice code and making it longer, more complex, harder to read. In short, less nice."
    • Very true.
    • Sometimes, optimization become the "secondary" aim as the programmers elevate his personal aim of showing off to his colleague.
    • Optimization is generally fragile (any changes to the optimised code can undo the optimization effort) and require "maintainability" as the sacrificial offering to the optimization god. Good programming team weights optimization against maintainability and find the appropriate compromise.

 That's my two cents on optimization.

PR people should nib potential negative publicity in the bud, not escalate it

This post has nothing to do with Technology issue which I normally blog on. In fact, it is about political fringe and how Public Relation should not be handled.

At issue is Cherie Blair (UK Prime Minister Tony Blair’s wife) charged the Labour Party GBP7000 for her hair do during last year’s election campaign. The justification is she need to be well groomed when she goes on her husband’s election campaign. However, this revealation comes hot on the heels of another big and dead serious political story about people paying money to get honours in UK. Hence, it is some hint that some reporter is trying to stir up a (non) controversy.

I do not think there is any improper dealing here. To pay or not to pay is a judgement call. One to be made by the Labour Party’s Treasury, not you or me or anyone else. The leader of the main opposition party obviously agrees with me as he refuses to be drawn into the story by simply saying that Labour Party’s bill is not his worry. It is a non-story, and if there is anything worth reporting, the opposition leader comment would effectively nibbed it, but guess who stirred up the story into something bigger? Labour Party spokeman with his comments “So what?..we won the election.”

(Full Quote)

“So what? Mrs Blair worked fantastically hard during the election and visited more than 50 constituencies during the campaign.

“She is enormously popular with the party and, don’t forget, we won the election.”

(End Quote)

Needless to say this comment earned the story a higher ratings than the original version. It would had irked any reporters who asked the question. He effectively breath air into a dying story with his bad response. Worse, his comment had become the center piece of the story. Readers are likely to be irked by his attitude, took it as a reflection on the labour party and possibly lose Labour votes in the forthcoming local election.

Who needs negative campaigning with comments like this?

As for Mrs Blair, she could had afford all the hair dos without charging the Labour Party. I do not know the details of this affair and maintain that it is a decision between her and the Labour Party. If I were her, I will only charge for the extra hair dos I have to do to maintain a good appearance. No reasonable people will argue that the extra hair dos are not business expense incurred as she works for the Labour Party. May be she did. But we would not know as we are too busy focusing on the spokeman’s response.

CTRambler to DLink: Pay for the excess NTP traffic your product generates

I came across this open letter from BSD developer Poul-Henning Kamp last week. It is about DLink's product hammering his Network Time Protocol (NTP) server. I wanted to post it last week to show my support for him but did not because I cannot confirm whether it is a prank or not.

As it turns out, he was telling the truth. I deduced it because BBC had decided to carry the story and Richard Clayton of University of Cambridge had outlined the detective work that nails DLink as the culprit. Worse, according to the BBC story, he was not the only one having his NTP server hammered. 

He had now asked for DLink to pay for his bandwidth bill, as it is not possible for DLink to reconfigure all products it had sold that call his NTP server to not call his NTP server. I think this is the bare minimum DLink should do. DLink should foot the bill for all excess  traffic their products send/received to Mr Kamp's servers and other NTP servers on the net where the request was not appropriate. After all, in Mr Kamp's case at least, traffic to his server is not appropriate. NTP servers are organized hierarchically like Domain Name Server (DNS) to manage traffic. Mr Kamp's server is two tier higher than the one DLink product is suppose to contact. Normally speaking, like DNS, the higher up the NTP server is, the more accurate the information is but the least traffic it can handle. In Mr Kamp's scenario, DLink's configured its product to call the Danish National NTP server (Mr Kamp's), their action is like me calling up the DNS root server for UK every time I want to access any website.

NTP servers are very well understood by the majority of manufacturers. As a network gear manufacturer, DLink is extremely incompetent if it does not understand how the NTP servers work. Their extremely bad handling of the affair, as described by Mr Kamp, hopefully simply means Mr Kamp's complain was passed to the wrong people (lawyers, PR people and management) and not the technical people. I hate to think that DLink had passed on the complain to the technical people, got their advice, and think that the best way to handle Mr Kamp's complain is to either trick him (into accepting Califonia's Jurisdiction and thus ensuring it is difficult for him to defend himself in court as there is something call the Atlantic Ocean between Mr Kamp and California), offerring him "hush money" (which unfortunately will not cover his cost for the extra traffic) or downright calling him an extortionist.

DLink, please do the proper thing. I think this is what you should do:

1. Issue a public apology to Mr Kamp, and owners of other NTP servers you had abused.
2. Take active steps to correct YOUR problem. This include products now-in-manufacturing does not suffer from the same flaw, make a update for existing products and take active steps to publicize and encourage update of existing products, and finally, make sure this does not happen again.
3. Pay for ALL the excess traffic you generated to all affected people.
4. Donate money to support Mr Kamp's Danish NTP effort and related projects of other NTP server provider that you abused. 

If Eolas Patent is in Firefox, it is a ticking time bomb

David Berlind blogs in ZDNet about Microsoft’s fixed to workaround Microsoft “Eolas Patent” trouble in Internet Explorer. In that entry, he mentioned that Firefox and other open source software can use the “Eolas Patent” because the company that holds the patent permits it in open source software, provided that Firefox is not used commercially. For example, if I give you a copy of Firefox for free, I will be fine, but not if I charge you for a copy. There is also uncertainty on whether using verbatim version of Firefox in a commercial enterprise will trigger a patent fee, since the founder’s statement, quoted in the article suggest that it will.

If so, this is classic example of “going after the money”. It does it by cunningly saying that developing a software using the technology is OK, but using the results is NOT. Firefox developer are broke, so they will go for the unfortunate Fortune 100 company that uses Firefox.

In my view as a open source software developer, I will not touch this patent even with a barge pole. The licensing condition has, in effect, stopped me from using it because of the need to protect my downstream users. To me, this is a Stealth Patent or a Torpedo Patent.

It is necessary to mention that so far, only Microsoft is at the receiving end of the “Eolas Patent”. The fact that Microsoft lose this patent battle was a wake up call against software patent. The saga is with a lot of twist and turn, with the Patent Office invalidating then reinstated the patent in question.

Unfortunately, all the heat generated by this Patent case is just that, heat. There is no significant move anywhere to show displeasure about this type of patent, i.e., Software Patent. I would love to see a concerted effort to use this case to showcase the ill of Software Patents, perhaps starting with all browsers (open source or otherwise) rejecting this patent by not using it or not licensing it. But this can only happens in a dream.

Microsoft giving free domain name!

Well, it is actually an implementation loophole for Microsoft's offer of a free domain name if you sign up to Office Live Beta. At least one person claims to have successfully got a free domain free of Microsoft's control.

In short, Microsoft offers you a free domain name if you sign up for Office Live Beta. They were not incompetent and did indeed "lock" your free domain name with them. The lock is a nameserver lock. In layman's term, Microsoft is trying to force you to use their servers for that free domain name. This lock looks robust but however, it does not stop a determined person who is prepared to go through the loop to undo the lock. The weakness in the "lock", is that they name the signer as the domain name owner. This means you have full control over domain name. Microsoft is simply acting as your agent when they "lock" the domain. Therefore, you have the right, as the domain name owner, to tell their domain name registrar to transfer full control of the domain name to you. Guess what? This include undoing the "lock" and reapplying the lock to "lock" Microsoft out from re-"locking" it.

Does Microsoft knows about this loophole? Perhaps not but I think they do. It is very posssible that they are prepared to give you the domain name. Certainly, they do not like this idea so the "lock" is there to make  it slightly difficult for you to get it. At most I think, 0.01% of the total signup population will do it. It is not worth stopping them from doing so from a cost viewpoint. 

I think Microsoft will close the loophole soon. The solution is simple: Make Microsoft the owner of the domain name and instead sign a contract with you saying that you have to have what-so-ever services runned by Microsoft.

A Philosophical Question: Is it ethical to get a free domain name this way, especially if you do not plan to use Office Live at all? I tend to say it is leaning slightly towards unethical behaviour but my final anwse is No. There is no obligation to use Office Live when you sign up for a free domain name, if there were, it will form part of the terms and conditions. Moreover, part of the purpose for this promotion is to advertise Office Live, or at least get people to notice it. Having people publicize how to get a free domain name from Microsoft is indeed, an advertiser dreams because it generated more buzz and get more people to notice Office Live. It did caught my attention, didn't it?

Does Minnesota “Open Data Format” Bill remove vendor lock-in?

Andy Updegrove has a scope on a Minnesota's Bill requiring the use of "Open Data Format". It is great that the discussion on "open standard" has spreaded. However, it is my take that it does not in anyway prevent de facto vendor lock-in.

Mr Updegrove is a lawyer in the United States, so his arguement is definitely stronger than me. He believes that this bill can effective stop the use of proprietory (closed) format. Reading it from a 'non-lawyer' viewpoint, it does close a lot of avenues for the state adopting proprietory format. However, I am afraid it does not close one blatant loop hole, i.e., when there is only one vendor for an "open data format". In this case, I will argue that the format is not open at all, but a proprietory format. Nonetheless, it still satisfy the "Open" requirement of the bill.

Moreover, Microsoft's Office XML format, especially after it is accepted as a ECMA standard, actually qualify for "Open Data Format". It may allows proprietory extension, but the bill merely requires "ensures that all extensions of the data format are themselves documented and have the other characteristics of an open data format;". From an IT point-of-view, if Minnesota choose Office XML format, it can be argue that as long as the state ensure that all extensions used by the state "are themselves documented and have other characteristics of open data format", it satisfy the bill's requirement. Some may say that I am "twisting the words" the way a lawyer crook do, but the "twist" I did is perhaps the only practical way to adopt an open standard that permits extensions.

To shun "open standard" that permits extensions, but cannot guarantee that all extensions must be "open" will be like throwing away a perfectly good fruit because the manufacturer cannot guarantee that there is no sand grain anywhere on the fruit. Take the Kerberos protocol for example, it is open, but it also allow "extension". In fact, Microsoft had "extended" it to include a proprietory authentication scheme. So, should we throw Kerberos away as non-open?

As Updegrove said, it will be interesting to see how this "open standard" debate evolves.

Sell Naked PCs (PC without Operating System), or risk losing customer …

An interesting article on ZDNet UK, about Microsoft urging PC sellers not to sell Naked PC. A naked PC is a PC without operating system.

Their arguments that PC seller is losing opportunity to make more money on software on the sales is reasonable and true, but had forgotten one important cruel fact of business, PC sellers who do not want to sell naked PC might just simply lose the sales altogether. Which is worse? Not earning a penny or earning less per sale?

The cartoon in the Microsoft article strongly suggests that "naked PC" will lead to software piracy. But none of the top four reasons Microsoft says is the reason customers request for naked PC implies that selling a naked PC means the buyer is very likely to commit piracy or indeed any other crime later.

In fact, the fourth reason "To take advantage of a volume licensing agreement" suggests that they already hold a valid Windows Operating System license for the new PC. How can Microsoft now justify that they pay twice for the operating system on that PC?

Moreover, the four reasons stated suggest that customers that request "Naked PC" are competant customers who knows about PC sufficiently to do the stuff suggested in the reasons. These customers are less likely to be sway by anything PC sellers can throw at them, unless, of course, the PC seller sweethen the deal considerably.

When they say selling naked PC is "a risk to your customer and a risk to your business", I take it as a veiled threat. Does this means they are going to harrass PC sellers and customers who buys Naked PC?

Although Microsoft UK says that they are not going to be paricipating in "customer visits", i.e., dispatching operatives into the premises of customers who attempted to buy a naked PC, the mere suggestion of this is a cause of alarm. It looks like a hard sell technique, possibly with veiled threats. Nobody like a hard sell. The next time any service providers pays me a visit, I really have to check the credential of everyone to ensure I do not have anyone sneaking into the premise. If I were a customer who my PC seller trys to bring someone outside the company for the "hard sell", I will, in no uncertain terms, tell him that I am not happy about the disclosure of my purchasing intention to a third party. Of course I will phrase it diplomatically, something on the line that I thought my initial enquiry are private communication with their company. I am surprise that they brought a third party in and I thought we have developed a trust over the conversation. The fact that they feel necessary to bring a third party violate the trust. I may have to reevaluate our relationship. The last line is of course an attempt to get a better deal from him.

Microsoft UK confirm in the ZDNet article that it is concerned that the sales of naked PC may be linked to the use of counterfeit software. While this is true, it has nothing to do with PC sellers and it is a solely Microsoft problem. There are a lot of legitimate use for Naked PC and the PC Sellers are NOT even participating in illegal activity with the sale. Microsoft will have to use legitimate means to stop piracy of their software, harassing PC sellers and their customers is unethical if not illegal.

Let the market decides whether is there a place for Naked PC Sales. May be there is no place for it but I doubt it. If any, the existance of the article is a piece of evident for such a market.

Lousy Logo that only tricks the naive : “Windows Vista Ready”

Microsoft failure to deliver Windows Vista before the Christmas rush is totally unforgivable, because of the pain it cause retailers. It not only means lower sales volume, but customer will choose to delay their purchase until Windows Vista arrive in 2007.

So guess what, they designed a "Windows Vista Ready" logo to push sales for the Christmas rush. I recommend against buying these computers unless you really have to. First of all, there is usually a price drop between January and February of every year, so why pay more for something on a promise for the sake of Christmas when you can get the same thing cheaper when the promise is fulfilled?

You paid more twice: First on dearer hardware and then to buy a Vista Upgrade. In other words, your retailer sc**w you twice.

DO NOT LET THE RETAILERS SHIFT THEIR PROBLEM ONTO YOU!

If you really have to get a computer, try the post-Christmas sales. If you buy it for your kid, rather than buying a "manufacturer's promise", why not sell your kids "parent's promise" instead?