Saturday, October 29, 2005

Sound and fury signifying what, exactly?

About a month ago, Oracle Corporation announced that it had acquired Innobase, a tiny Scandinavian technology company, for an undisclosed sum. Oracle has lately been on an acquisition tear, so a small buy like Innobase would have passed unnoticed were it not for the fact that MySQL, a strong emerging competitor to Oracle, used Innobase technology in one of its products.

Discussion of the move swamped the mailboxes of open source execs and the commentary on Slashdot. Oracle had moved against open source competition! There was all kinds of speculation on what would happen next, but the smart money was betting we'd hear more from Redwood Shores.

On Friday, Oracle made another announcement, aimed expressly and unapologetically at MySQL: Oracle plans to release a version of its database, to be called Oracle 10g Express, at no charge, for low-end use. Andrew Mendelsohn of Oracle mentions MySQL by name in explaining the company's decision to release the new product.

What does this announcement mean? Has Oracle finally figured out open source software?

There's no question that the Innobase buy was an entertaining and well-played move by Oracle. The news broke simultaneously with a new product announcement by MySQL, distracting press and customers for a couple of weeks. Oracle has gained some influence -- though not, in fact, control -- over a small piece of technology that MySQL uses in its current software release. Instead of simply continuing to use that technology, MySQL must now consider whether it should replace it, offer alternatives to it, or continue to work with its new partner and long-time competitor.

None of that has anything to do with open source at Oracle, though. Note that there is no credible announced plan to continue to develop the Innobase technology as open source software. It's not that Oracle has said it won't do that; it's that open source, as a development and distribution strategy, isn't even among the talking points at Oracle. Mendelsohn has said only that the Innobase technology might be used in future Oracle products. That's an awfully faint endorsement of the team and technology.

What, then, of Oracle 10g Express?

As is true for any preannounced product, it's impossible to say for sure what this is, or what it means. Since no real product is available for customers to evaluate and use, we should assume that this announcement is intended to confuse MySQL's customers, and not to inform Oracle's.

Nevertheless, here's what I think is happening.

Oracle has had a product called Oracle Lite on its price list for a long time. This software, originally developed as a desktop database, has never gotten any serious attention from customers. If Oracle's field sales team hasn't been able to move it, you can bet that it's very hard to sell.

I predict that Oracle 10g Express is a rebranded release of Oracle Lite. Oracle is making a virtue of necessity. Since it makes no money from this low-end product anyway, it may as well give it away for free. In the worst case, nothing is lost. In the best case, Oracle slows adoption of competing open source products like MySQL and EnterpriseDB.

Don't confuse the announced 10g Express product with Oracle's existing Oracle Express Server product line. The existing product is a data warehousing and mining package for Oracle's biggest customers. The new announcement has nothing to do with it.

Oracle's positioning of 10g Express reinforces my conviction. Instead of talking about enterprise adoption, where open source databases are growing most quickly, Oracle focuses on student projects and low-end users. The database is limited in the amount of data that it will store, and in other ways. This is all consistent with the Lite product, but not with Oracle's workhorse enterprise offerings, which are much too valuable to the company to give away for free.

Once again, I'm impressed by the move. It costs Oracle very little, attracts a great deal of attention, and forces competitors to respond, at least in the press. In the long term, though, it's not going to work.

Here's why.

Oracle is confusing free beer with free speech. The success of open source software is only loosely tied to its zero-dollar price tag. In fact, most of us in open source realize that a realistic accounting of software cost has to include the expense of ongoing maintenance. Just because a product is free to download doesn't mean that it is free to use and manage.

What really drives adoption of successful open source is the size and enthusiasm of the community surrounding the software. Products like Berkeley DB, MySQL and PostgreSQL are successful primarily because of the vibrant developer communities that adopt, support, extend and evangelize them.

The market hasn't ignored Oracle Lite because of its price tag. A few hundred dollars is't enough to make a difference, even to most individuals. Two things matter: quality, where past adoption is a meaningful metric, and the size and activity of the global development community that uses the product.

Oracle needs such a community around its products if it is to compete with open source products. The way to build that community is to release the complete source code of a powerful and useful product, so that smart software developers around the world can learn how it works and make improvements to it.

Even then, building a community is a tremendous challenge. Computer Associates' attempts to build community around the old Ingres software have largely failed. Long-term successful vendors of proprietary software have been closed and exclusionary for years. Opening their development and strategic teams, and taking advantage of the power and intelligence of the global Internet community, is very hard.

So what does this sound and fury signify?

Clearly, Oracle has joined IBM, Sun, Microsoft and others in paying real attention to open source software. We'll certainly hear more from Redwood Shores in the months to come. Fundamentally, though, neither of these developments suggests that Oracle understands open source. It's looking for ways to beat open source. That's not going to work.

Tuesday, October 25, 2005

Hacking the tax code.

Mitchell Baker posted a good article to her blog recently about the relationship between Mozilla Corporation (of which she is president) and the Mozilla Foundation (of which she is a board member). I want to write about that relationship here, because it's a great example of the old-school hacker ethic.

If you don't know the Mozilla Foundation, think Firefox and Thunderbird. These code lines are descendants of the Netscape browser released under an open source license in the late 1990s. The Firefox browser in particular is enormously popular -- Slashdot reports that more than 100 million copies have been downloaded. Firefox is an excellent web browser with plenty of great features and lots of useful plug-ins. It's very fast at rendering pages. If you're still seeing advertisements on the web pages you visit, well, all us Firefox users are over here laughing at you.

The Foundation is unabashedly about programming in the public interest. It exists to create, maintain and enhance Firefox and Thunderbird, because the world deserves a decent browser. Mozilla is the sort of open source project that gets economists scratching their heads: Talented engineers donate their time to do hard work for no money and build great software that you can have for free. Magic!

Mozilla Corporation was created by the Foundation on August 3rd of this year. The Corporation exists to productize and distribute the open source packages. So why bother having a Corporation, if it's just shipping what the Foundation builds?

Well, US tax law makes it hard for the Mozilla Foundation to be dynamic and agile. In technology, you often need to strike partnerships, build up funding, make investments, enter into business deals and pay for work from consultants and contributors. The Foundation is a not-for-profit organization established under section 501(c)(3) of the US tax code. The details of the code are complicated, but the effect is reasonably simple: The Foundation isn't allowed to earn a profit from its operation. In exchange, it never has to pay taxes.

Paying taxes in the US, especially for a corporation, is a lot of trouble. It's expensive to do -- you generally can't fill in the forms yourself, but need to hire a professional accountant to do it for you.

The Foundation, focused on building software, neither needs nor wants the hassle of quarterly tax filings. On the other hand, in order to make the Mozilla project really successful, the Foundation needs to be agile. It needs money. It needs the freedom to use that money in complicated and interesting ways, without worrying about whether it has transgressed some piece of the tax code limiting the activities of non-profits.

And that's where the interesting old-school hack comes in.

By hack, here, I mean a really clever and novel solution to a problem. The term has lost its meaning lately in the popular press -- what we used to call pirates and crackers and script kiddies are sometimes referred to as hackers, now. When I use the term, I mean the same thing that Steven Levy did. Self-modifying code on early generations of computing hardware? Sweet hack. Woz's floppy disk controller design for the Apple II? Unbelievably cool hack. Building a golf course in Scott McNealy's office on April Fool's Day? Hack!

What Baker and the other Foundation board members did by setting up the Corporation was a really neat hack. Corporations exist to create value for their shareholders. They work hard to make money and invest it in ways that maximize that value. The only shareholder in the Mozilla Corporation is the Mozilla Foundation. The Foundation's mission is to serve the public good by promoting the development and adoption of the Mozilla code base. There's just one way for the Corporation to create value for its sole shareholder: Invest to support the mission. Fund Mozilla's programming in the public interest!

The Corporation has much more freedom to earn and manage capital than the Foundation has. It can sell boxed sets of software. It can negotiate partnerships and development agreements with big platform vendors who want to distribute the Firefox browser on their computers. It can enter into service agreements. Granted, the Corporation has to pay taxes, but it presumably earns enough from its various activities to do that. The Foundation is insulated from the hassles of corporate tax law, and is free to focus on collaborative development of great software.

This adaptation of corporate behavior to serve the interests of a non-profit, by creating a combination that mixes them, but which allows each to behave exactly as it normally would, is really clever. Corporations sometimes create foundations in order to channel their charitable activities and shelter them from tax law. Foundations creating corporations -- well, that's much less common. It's a pretty good hack.

Sunday, October 23, 2005

Links for 23 Oct 2005

Friday, October 21, 2005

Web 2.0.17r3?

Most buzz-heavy tech neologisms bug me. I can't stand the word "webinar." In the late 90s, it was "e-everything" -- e-commerce, e-publishing, e-nough! I'm even tired of iStuff from Apple.

Most recently, Web 2.0 makes me cringe. It's not that I don't like Google Maps. I love Google Maps. I just don't know anything new from a term like "Web 2.0". It scares me a little bit: Did the old one stop working? Will there be a patch release or service pack for the 2.0 version in three months? What happened?

Joel Spolsky has posted an article to his blog that explains why Web 2.0 is the wrong thing to say. There was no New Economy in 1998, and there is no new web today.

Wednesday, October 19, 2005

You have the right to make copies.

Copyright law and software licensing have been top-of-mind this week. After a considerable gestation period, O'Reilly has published Open Sources 2.0. I wrote Chapter 5, which explores the interaction of business models, copyright law and software licensing practices in an open source business like Sleepycat, so I am glad to see the book in distribution.

The 2.0 book follows an entirely different book, Open Sources: Voices from the Open Source Revolution. The first book was published in 1999, and explored the underlying politics and technology of the open source movement. The new book focuses on how open source has transformed business and the economic systems on which they rely.

The original book is published on-line, and you can read it right now if you like. I enjoy the debate between Linus Torvalds and Andy Tanenbaum tremendously, and re-read it about once a year.

The new book is 445 pages of collected essays, and my freebie arrived in the mail just Monday, so I have only skipped through it lightly so far. I particularly enjoyed Wendy Seltzer's chapter on copyright politics. She articulates the argument for copyright limitations very well; Larry Lessig and others have been making the same argument for a long time, and it's good to see the case made so clearly in the new book.

This morning, I saw Jason Matusow's announcement that Microsoft has published three new source code licenses. Microsoft assiduously avoids the term "open source" for these, calling them "shared source" instead, but a pragmatist is more concerned about effect than naming. In effect, these licenses look a great deal like open source licenses the community understands.

The Microsoft Permissive License resembles the Berkeley Software Distribution (BSD) license. It permits proprietary and open source use, modification and redistribution. The Microsoft Community License has an effect similar to the GNU General Public License (GPL). Like the Sleepycat Public License, which was designed to do the same thing, the Microsoft Community License is reciprocal, and requires sharing of modifications. Like the Sleepycat license, it's considerably shorter and simpler in construction than the GPL. The Microsoft Reference License is most like Microsoft's earlier source-available licenses; it's effectively a look-but-don't-touch license, allowing selected partners and customers to view Microsoft source code, but strictly limiting rights to modify or distribute copies.

One significant addition to Microsoft's licenses, compared to some older open source licenses, is the explicit grant of patent licenses. This reflects more recent thinking on intellectual property ownership, and builds on work done at Sun, IBM and elsewhere on patent licensing for open source software. Patents are a big issue in the debate over intellectual property rights and open source. It's good to see that Microsoft has considered them.

There will certainly be blowback in the community. Disdain for Microsoft is reflexive among some open source proponents. I can't speak to Microsoft's motivations in creating these licenses, but it's a safe bet that the company believes that it will derive tangible benefit from them, or it would not have spent the effort to produce them. I am not personally bothered by Microsoft's success, and I am always glad to see smart people do interesting things.

What is, to me, most interesting is that Microsoft has chosen to create these licenses at all. It is a tribute to both the strength of open source in the industry -- its success just can't be ignored -- and to Microsoft's legendary agility and willingness to adapt. Everyone has heard the story of Bill Gates' whole-hearted embrace of the Internet in the middle 1990s. That was certainly good for Microsoft and its customers. It's much to early to say that this is as significant a shift in philosophy, but this is the company that just a few years ago viewed open source as a threat to its existence. Just by publishing these licenses under its own brand, Microsoft has moved a tremendous distance quickly.

The real test, of course, is what software Microsoft makes available under each of these licenses. Open Sources 2.0 makes the case strongly that open source is about collaboration, so that widely distributed people can create valuable artifacts by working together. To the extent that Microsoft embraces this philosophy, and to the extent that it gives its customers an opportunity to work together in that way, this is an exciting development.

Good job, Jason.

Tuesday, October 11, 2005

Links for 12 Oct 2005

I love this Internet thing. I really think it's going to catch on.

Monday, October 10, 2005

The only way to see the City

Sleepycat is having its sales kickoff meeting this week. We have people in town from the UK, Spain, Germany, and from Seattle and Boston, in addition to those of us who live in the Bay Area. It's Fleet Week, so the Blue Angels were flying (as was Oracle, by the way -- I didn't know about this until I was putting together the content for this blog entry, but I'm amused that the US Navy and a database company were patrolling the skies). The Bay was packed with boat traffic and the ferry services were all running late, but the weather was gorgeous.

We took a really great tour, offered by the San Francisco Electric Tour Company. These guys take groups out on Segway Human Tansporters -- the Dean Kamen two-wheeled scooters. They were a lot of fun to ride.

Top speed on these scooters is eighteen miles an hour, according to our guides. The scooters have lots of sophisticated software controls, including speed governors that are tied to specific keys you use to start your scooter. As novices, we were issued four-mile-per-hour and eight-mile-per-hour keys. By the end of the two-hour tour, we were all feeling bulletproof, gunning our scooters at top speed and cornering sharply. Probably a good thing we didn't have the full-speed keys.

I had planned to take lots of pictures, but it turns out you can't shoot and drive simultaneously, so I got only a few. They're here.

If you want to know what to get me for Christmas, look no further.

Thursday, October 06, 2005

PHI conferece addendum

On Monday, I wrote up the PHI workshop and mused on identity management.

Dick Hardt from Sxip delivered a fantastic keynote at Web 2.0 that is exactly on target. I missed the conference; found the link on O'Reilly Radar.

Gotta love the blogosphere.

I Zimbra!

Lots of chatter about the launch of Zimbra, formerly Liquid Systems, just lately. There's plenty to like about the company. The principals are good people and plenty smart, they're working on a very important problem -- client-neutral, shared calendar and email support -- and they named their company after a Talking Heads song from the best album of 1979.

Most of what I do every day is driven by my on-line calendar and email. I'm constantly frustrated at the difficulty of working with other people and sharing information. The people I work with use lots of different platforms -- Windows, MacOS, Linux, BSD variants -- with lots of different client software. It ought to be easy for us to share calendars and schedule meetings, or to get to our email over the Web. It's not. In fact, just this week we had a mail server failure at the office that shut us down for half a day. Scary stuff when you rely on email as much as we do.

So I want Zimbra in the worst way.

I've taken the test drive. The Ajax client is responsive. Google Maps really taught the world a new way to build thin-client apps, and Zimbra's learned the lesson well. The UI is well-designed and intuitive.

As much as I like the company and product, though, the software needs some work before we'll be able to replace our current systems with it. The main problem is that it is missing the critical shared calendar features that we need. Right now, you can't share calendars with other users and you can't synchronize your calendar with your PDA. That's my worst problem with our current systems, and until there's a good client-neutral solution, the pain of switching from the devil we know is just too high.

I'm sure that the Zimbrainians will have this stuff working soon. Their forum posts say they're already working on the features. I'm looking forward to my next test drive.

Tuesday, October 04, 2005

Links for 4 Oct 2005

Three interesting sites from the PHI conference that didn't make it into yesterday's writeup:
  • RealAge, an online service that quizzes you about diet, exercise and other health habits, and tells you whether you're older or younger than you ought to be.
  • DNA Direct, an interesting personalized health service that, for a fee, produces a DNA sequence for an individual and scans it for specific marker genes related to particular diseases like breast cancer and others.
  • The Body Journal, a tool for managing personal health information for you and your family. Keeps track of illnesses and treatments for different people, and allows you to publish data to a secure site for access by your doctor or other caregiver.

My summer lake reading this year was Jeff Hawkins' book On Intelligence. This will probably be the best book I read this year when December winds down. I learned today that Hawkins' research institution, the Redwood Neurosciences Institute, has moved from the Peninsula to UC Berkeley (Go Bears!). I hope to make it to a few of the seminars. Hawkins also has a venture-backed private company working on the theories he espouses in his book; that's Numenta.

I've not gone crazy about Sudoku the way that some of my friends have, but I think the puzzles are interesting and a lot of fun. They're a sneaky way to teach logic to kids; they look like simple number games, but it's really not about the numbers at all. Robert Woodhead has published Sudoku Susser. It's a useful tool for learning the technique of solving puzzles, and a good cheat if you're stumped by a tough one.

Monday, October 03, 2005

Esther Dyson's PHI conference

I spent all day Friday, September 30, at the Personal Health Information workshop, hosted by Esther Dyson of Release 1.0, at the New School in New York City. It was interesting and a lot of fun.

I am a database guy, not a health systems guy. I signed up for the workshop mostly for mercenary reasons. My company makes data management tools; if there is some new work going on in the health field that will require a lot of new personal health information to be stored, then I figured I should find out about it. I learned a lot, so satisfied my main goal. More importantly, though, I came away with a better sense of where health delivery systems, at least in North America and most of Europe, are likely to go over the next decade.

A "Personal Health Record," or PHR, is a record that captures the interesting information about you and your medical history. It records, for example, allergies, medications that you take, current and past diseases or injuries, and information about any treatment you're receiveing, or have received. Obviously, a PHR is useful to a doctor who sees you for a normal checkup, or during a visit you make because you're sick or hurt. A PHR would be a tremendous advantage to emergency services personnel treating you for a serious injury if you're unconscious.

The conference attendees included a number of physicians, some practicing and some who had moved into public policy or entrepreneurial jobs. The strong concensus was the PHR is critical to the future of health services delivery. Several stated baldly that people are dying today because they get no care, or the wrong care, because doctors and EMTs don't know enough about their medical status or the medications they use.

I'm not a health services guy; I can't prove that claim. I do know that the understanding of, and treatments for, many diseases are getting more sophisticated. Drug interactions are increasingly complicated. The availability of individual genomic information, and a steadily increasing understanding of the genetic basis for many diseases, mean that future prevention and treatment will rely on a doctor's access to the actual nucleotide sequence for a patient.

Obviously, there are a lot of important social policy issues that need to be addressed in order to make PHRs work. An individual's right to privacy is one. At the same time, doctors and others need access to the record in emergencies. Insurance companies ought not to be able to deny coverage to someone based on the contents of his PHR.

Though no one at the workshop said so out loud, the PHR is just another form of digital identity. Much work has been done on building digital identity management systems already (see, for example, directory servers and the Liberty Alliance). The technical infrastructure for managing digital identity is already sophisticated. Granted, a PHR has more, and more complex, data (nucleotide sequences, medical images, lists of medications and dosage frequencies and more) than does the list of preferences you have for your Gmail account, but those differences are technical, not fundamental. We should expect to see early PHR systems build on the digital identity infrastructure already used to store and manage other kinds of identity.

There was a good deal of discussion at the workshop on who would store PHRs and where they would be kept. My bet is that there will never be a single central repository of patient identity; rather, your PHR will be broken into pieces, with each piece stored and owned by the person or organization who cares most about it. An insurance company and a patient are interested in different pieces of a PHR; ownership will split along organizational lines. A chronically ill patient under the ongoing care of a doctor needs much more frequent access to his rapidly-changing PHR than does a healthy patient who sees her doctor once a year; the chronically ill patient is likely to have much more control over his PHR.

Since PHRs need to be readily available, it's reasonable to assume that they will be on-line, protected by access restrictions and encryption. I expect that independent services will spring up to store and manage these records, or at least the parts of them that are of most concern to patients. I would not be surprised to see Google, or some competitor, offer this service. PHR is digital identity, and the big online service providers are good at managing digital identity.

Already there are analogues for the PHR. In the US, your insurance company knows a lot about your medical history, because it processes claims that doctors and hospitals make about treatments they provided to you. The insurance record concentrates on services, procedure codes, allowed fees and accounting for payments, but there is a lot of information there about you. Your doctor knows when you came in and what happened during your visits. Your pharmacist knows what drugs were prescribed for you, and what your dosage and course of treatment were. Not all of this information is in electronic form today, and tying it together is often impossible, but that will change.

The PHI workshop was exciting: New trends in computer and medical technology are driving us toward big distributed systems with important privacy and public policy issues that have to be solved. There are plenty of smart people working on this stuff; I bet that the demos at next year's workshop will be good.

Sunday, October 02, 2005

Why subclock?

I've been meaning to set up a blog for a long time, but kept putting it off because I thought that it would be too much trouble to get started. Stephen O'Grady published an article on starting a blog in his blog and proved me wrong. I followed his instructions, which led me to blogspot.

All of the blog URLs that I wanted were taken. It turns out nearly everyone in the world decided to start a blog in 2001. They grabbed all the good blog names on blogspot, staked out their claims, posted a single article and left, never to return.

It took me half an hour to set up my blog, virtually all of which I spent searching for a free name. I finally settled on "subclock" because I have a clock from a Russian submarine mounted on my home office wall. I've used it for about ten years. It requires some discipline -- it needs winding once a week, and will drift from the true time if I don't adjust it slightly when the humidity changes.

Besides that, there's too much overclocking in the world today; it makes sense, sometimes, to slow down, take a look around, and think deliberately about the next thing to do. I don't always do that, of course, but maybe the name will remind me.

Here's to paying attention.