Through PJ’s lens…

PJ of Groklaw‘s contribution to open source and free software is huge, especially when it comes to legal issues. Unfortunately, her “Microsoft” len are often bending lights wrongly.

One case in point: PJ’s comment on Fortify Software alliance with Microsoft in her news pick. Less than a month ago, Fortify Software release a “study” that says that Open Source software development methods are insecure by quoting a study looking at 11 Java-based project. PJ linked it with the Microsoft-Fortify Partnership and ‘Get the facts’ campaign.

I think it is wrong for PJ to do so. Independent of Microsoft, it is highly conceivable that Fortify will still carry out such a “study”. After all, it is in the business of selling software to improve software security. Its link with Microsoft? We cannot read much into it since one can safely assume that the majority of companies selling software have links one way or another with Microsoft.

We must see the study as what it is, advertisement. Even if we assume that this is part of ‘Get The Facts’ campaign (which I do not see any link),  ‘Get The Facts’ campaign is only one of those marketing initiative in disguise as studies.

I have to take beef against Warwick Ashford, the article writer, for not fully disclose Fortify Software’s business in the article which I think is extremely relevent. Ashford did provide a link which identify Fortify’s business. However, the conflict of interest in the study clearly warrant a statement about Fortify’s business.

They are advertisement, so see it as advertisement

Microsoft released two videos recently. Both were criticized for “economical” with the truth. The first about Windows running on OLPC. The second is about the Mojave Experiment. As expected, the second was much more polished and fine-tune as it definitely has a larger budget and was intended for a larger audience.

Whenever you see these type of demo, treat it as advertisement. What we might think is twisting/economical with the facts is generally speaking, more strigent than people in PR and Advertising. They are trying to sell a message, and will do virtually anything to do it. Challenging the advertisement guideline and fall on their swords (as recorded by adjudication by watchdogs such as The Advertising Standard Authority) are not the risk of the occupation, but the norm in the business. If you ask me, it is a catch and mouse game for the authorities as they have to make sure that falling on their sword does not turn up to be a badge of honour by the advertising agencies.

My advise is always to try things out yourself. Define what you want before trying the unit out to make you more resistance to sales pitch. That way, you are making a more informed choice.

OpenSolaris in hot water? May be

The biggest revelation in Judge Kimball final order on SCO vs Novell is that SUN did not get the immunity it thinks it got from SCO to open source Solaris, a.k.a. OpenSolaris. That makes SUN perhaps the biggest potential loser in the SCO vs Novell lawsuit. During the oral arguments we have hints that SUN might be the biggest potential loser, Judge Kimball annulment of the relevant sections of the SUN-SCO agreement seems to be the confirmation. My initial reaction was, what was SUN and its legal team doing???

It turns out, they are not that dumb. PJ of Groklaw highlights a paragraph in the judgement that says SCO will indemify SUN in all infringement cases brought against SUN. She then opined that since SCO is now pennyless, Novell would have a good reason to sue SUN as SUN will simply push the case for SCO to handle. Moreover, in my opinion, an even bigger hurdle is to have to go against SCO’s crafty legal teams with no gold at the end of the tunnel.

I do not think it is that done-and-dusted for SUN. The lawsuit, if Novell choose to file it, is against SUN. If SCO does not have the resources to indemnify SUN, SUN will still have to pick up the fight by default. And if SUN then turns around and sue SCO for non-performance of contractual duty, it has to jump through the same hoops that Novell will have to jump through if SCO picks up the fight for SUN.

Do I think Novell will sue SUN? I think SUN will have to part with some more money to satisfy Novell. I do not think a full blown lawsuit is in the making. For all we know, SUN may be already in secret talks with Novell which we are not privy to.

It will be correct to say OpenSolaris is at the mercy of Novell now. At present, I do not think Novell is going to sue. IMHO it has no apetide for it. If it did, there is a PR risk of undoing the kudos it earned from open source community for picking up the fight with SCO. It will not be as much as the MS-Novell agreement, but it will still cost Novell.  Had SUN was still the same beast it was when the SCO-SUN agreement was signed, Novell would had scored points instead. For good or for bad, SUN had changed. It still have to pay for its past misadventure with SCO, but the number of people that wants to see blood had dropped.

Misplaced confidence in technology

Well, it did not surprise me when it was announced that robbers got away with blank UK passports. It is, and always will be, a matter of time before this happens.

What I take offense is the assurance from the passport service which said  that “… the stolen documents could not be used by thieves because of their hi-tech embedded chip security features.”

The next paragraph on the BBC report already proven that it can be misused as not all misuse require the chip. In these cases, it does not matter how many security features you put on the chip.

Moreover, can anyone really says that the chip cannot be compromised? Just look at the Oyster card in London. The maker tried to censor publication of an exploit. Luckily, the judge in Netherland think otherwise.  In that case, the maker is  lucky that an ethical security research expert found it first. Moreover, it was given ample time to cure the problem. If you ask me, the purpose of pursuing the gag order is the cost of correcting the problem. The maker hopes that by successfully stopping the publication, it need not fix the problem. This is of course, misguided.

Can the passport service guarantee that nobody anywhere already develop an exploit? I don’t think so.

Microsoft uncripple its Open Specification Promise

Microsoft finally see the light of day and uncripple its Open Specification Promise. It was short-sighted when it decides to exclude GPL-ed software and, if I remember correctly, exclude everyone that competes with it, using the euphemism “Non commercial” software.

Before this, Microsoft used the standard PR technique of not admitting GPL-ed software is not covered. It is now saying explicitly that GPL-ed software is covered. This is a very very big step for Microsoft and we need to recognize and commend it.

Yet another reason why DRM is bad

Yeh, I know, my reaction was “Yahoo! had a music store????”. However, This news is yet another reason why DRM should be rejected.

I am sure a lot of people will say DRM is just one of the many way why you cannot play the music you purchased any more. That is true. In my opinion, DRM should not be forced on to consumers but make it a choice. Most of the time, it does not make sense, unless it is a throw-away pop song, where DRM can reduce the price to a pittance.

I still think DRM is not there for the consumer and that those music and movie industry are misguided in thinking DRM is protecting them.

Misguided attempt at stopping internet piracy

Don’t get me wrong, infringement of Intellectual Property Rights is wrong. However, the deal that British ISP signed up (BBC, FT, PaidContent coverage)  to is absolutely misguided attempt to stop piracy on the internet.

First, ISP are Postal Services/Telephone Company in the internet age. They all transport information. They have no rights to inspect the information you sent, or should they police the content. There are already adequate laws to police these services.

Second, it is wrong to allow ISP to act on allegations of IP infringement, such as slowing down one’s internet speed or to disconnect one from the internet. We already have legal process to deal with it. To do this will be to punish someone without a fair hearing.

And I have not mention the fallacy of the process used to identify infringers….

IP content owner has the duty to police its own IP property. It is not the duty of the ISPs.

Don’t be too fast in writing off SCO

Scott Bradner of Network World thinks that SCO’s future is all used up. A lot of us share this sentiment the day SCO filed its lawsuit against IBM. It was already in trouble then. The lawsuit against IBM was the start of the downwards spiral of SCO the way we know it. It is still a question whether it will come out of bankruptcy. The award of mere 2 million dollars (instead of the 20 million asked for) make the situation less worse.

I will write off SCO as a software company. Threatening to sue the world without merit is not something a software company do. If anything, SCO’s history for the past few years does not inspire confident in it. It is seen as a bully, and nobody wants to do business as a bully.

Write it off completely? No. As reported by GrokLaw, SCO has dreams of being splited into two post bankruptcy. I can imagine that SCO’s software and its licensing collection agreement goes to one company. There are still some residue value in SCO software and the UNIX licensing fee collection worth exploiting, but this company will be a shadow of the SCO we know.

The one that is making the headline when Darl McBride first mentioned the possible split is SCO as a litigation company. Here, ironically, the fact that it has a demonstrated history counts in its favour. I can see the current SCO ligitation business team in action as a patent troll. They demonstrated their competency. It is true that we do not need yet-another-patent-troll, but I am afraid unless some legal measure is taken to defang patent-trolls, things are out of our control.

Procedures must not only be followed, but seen to be followed

Every since Groklaw break the news about the leaked recommendation about the appeals of ISO OOXML decision, a lot of people (PJ, Rob Weir, Andy Updegrove and Alex Brown to name a few), including yours sincerely, offered our opinion on the topic.

I think I have one thing to add. To paraphrase a famous quote: “Procedures must not only be followed, but seen to be followed”. Any rules or procedures should be clear to the person on the street. To inspire confidence, especially in controversial case where procedures REALLY matters, it cannot be made up on the spot, or changed at somebody’s convenience. Enough said.

Divide and Conquer

I took no much notice when the web was circulating on the fact that BECTA cannot fulfill a freedom-of-information request on its dealing with Microsoft because it contains commercially-sensitive information. After all, every big deal anyone strike anywhere will have commercially-sensitive information, so why should I care.

In truth, some information deemed commercially sensitive are rather seen as rather stupid. For example the redacted version of Microsoft/Novell’s agreement blackout information about delivery dates which Novell must deliver OOXML compatibility in OpenOffice.org and the clincher? Those compatibility stuff is going to be open-sourced.

Then I see this The Inquirer article, saying that the sensitive information is price. On itself, nothing new. Business contract usually requires both parties to keep price secret. Even lawsuit gets settled for “undisclosed sums”.

This is the classic “divide and conquer” technique which create an uneven playing field for suppliers and consumers. Most of the time, it is beneficial to suppliers rather than the consumers. Why? Only the supplier has a picture of how the market is for its product. Consumers do not have any market data on to make their decision. [In fairness, under normal market condition, all parties know roughly where the other stands. From a consumer view point, play one supplier against another and you can have a fairly accurate picture of the market. For suppliers, having to bid against the same party over-and-over again will give you a picture of the market as well]

However, lets not forget Microsoft has a monopoly on PC and had abused its dominant position before. EC said that. If Microsoft agreed to an ridicuously low price or insist on bundling as part of the deal for BECTA, or other organizations, then there may be a case for abuse of dominant position, since it put rivals at unfair disadvantage. Consider this: If Microsoft bundle some educational software with Windows/Office, then other vendors of similar educational software will be disadvantaged as it will be more difficult to sell to BECTA. This is similar to Windows Media Player bundling. We cannot know unless the terms of the deal and condition are make public. In the alternative, the deal must be scrutinized by the EC or the monopoly commission. We see none at present.

Sure, BECTA had itself submited complain about Microsoft to the EC. I see this as posturing to secure a better deal in the future, rather than BECTA whole-heartedly believe it had been wronged. I would not be surprise if BECTA goes the way of SUN Microsystem and Real Networks once the complain gains traction.