Commentary

SCaLE 8x

Posted on by tarus

I have safely made it back home from SCaLE 8x. Once again it was a great show. Unfortunately, I didn’t get to see many talks since I was manning the OpenNMS booth, but the feedback I hear was that most of them were excellent. I really hate the fact that I missed seeing Brian Aker, although he posted some interesting comments on his blog about the show.

My Sunday keynote seemed to be well received. I was a little nervous – not because I was speaking in front of a large crowd, but because I like the show so much I didn’t want to disappoint. If you were unable to see it and are curious about my thoughts on starting an open source business, it is available via streaming on-line.

I made some new friends and after the show managed to spend some time with Karen Sandler and Bradley Kuhn. Bradley and I were able to continue our debate on copyright assignment, with me firmly in the camp of dual copyright and him warning that the potential for evil is still too high. I don’t think we changed each others mind any, but like any rational argument I hope that we each can see better into the others reasoning.

I always love the fact that user group and volunteer driven conferences like SCaLE seem to be better than the “professional” conferences I attend. I am looking forward to SELF in June, where we are a diamond sponsor. Jeff went last year and said it was great, but this will be my first time attending.

More importantly, I am getting more and more excited every day about the OpenNMS users conference in May. I couldn’t be happier with the speakers. The first day, with the exception of my talks, is completely made up of users of OpenNMS who can tell their stories of how they use it, why they like it, and how it makes their jobs easier.

The second day features some of the main developers of the project giving in-depth workshops on the internals of OpenNMS. If you ever wanted to get started customizing the software, this is the place to be.

Remember, early-bird registration is available at a discount and we are required to limit the number of attendees due to space constraints, so if you are interested in coming be sure to register early and often.

Hope to see you there, at SCaLE or at SELF. Be sure to stop by and say “hi”.

Leadership Lessons from Dancing Guy

Posted on by tarus

A friend of mine makes music, and her first CD was published by a company I had never heard of called CD Baby. I fell in love with their wonderful ideas concerning customer service. Here is an example taken from an e-mail after I bought the CD:

Your CD has been gently taken from our CD Baby shelves with sterilized contamination-free gloves and placed onto a satin pillow.

A team of 50 employees inspected your CD and polished it to make sure it was in the best possible condition before mailing.

Our packing specialist from Japan lit a candle and a hush fell over the crowd as he put your CD into the finest gold-lined box that money can buy.

We all had a wonderful celebration afterwards and the whole party marched down the street to the post office where the entire town of Portland waved ‘Bon Voyage!’ to your package, on its way to you, in our private CD Baby jet on this day, Sunday, November 19th.

I hope you had a wonderful time shopping at CD Baby. We sure did. Your picture is on our wall as ‘Customer of the Year’. We’re all exhausted but can’t wait for you to come back to CDBABY.COM!!

CD Baby was founded by Derek Sivers, who has some really interesting ideas on community, running a business and social contracts. On his blog today he posted a link to a Youtube video called “Leadership Lessions from Dancing Guy”. It was from a talk he gave yesterday at TED.

If you’ve learned a lot about leadership and making a movement, then let’s watch a movement happen, start to finish, in under 3 minutes, and dissect some lessons.

It’s pretty cool and worth a few minutes to check out.

Congratulations Saints

Posted on by tarus

Yesterday I, along with a large number of other people, watched the New Orleans Saints win their first Super Bowl.

Last year I watched the game in a hotel room in Milan (when my Steelers won their sixth championship – number 43 we miss you) but this year I was able to hold a little party.

Now, like hot dogs go with baseball, pizza is fast becoming the food of choice for football, and no Super Bowl party would be complete without some Papa John’s.

Of course, my Mom also showed up (that’s her behind the pies – “Hi mom”) and she brought enough food to feed an army. I think everyone left stuffed.

Anyway, Denise Dubie at Network World wrote an article about how Papa John’s uses OpenNMS, and how they delivered 6 million slices of pizza yesterday.

They worked so we didn’t have to (well, except for Mom. Thanks Mom).

Open Source, Social Contracts and Running a Business

Posted on by tarus

When I started my first company in 2002, I had a lot of previous employers to provide examples, both positive and negative, of how to run a business. At the time IBM and Hewlett-Packard were leaders in network management, so I could have modeled my business on them.

Instead I modeled it on Ben and Jerry’s ice cream.

Many might think it was a strange choice, but it seems to have worked out well, at least for us.

First, they make a good product. This is of paramount importance in any business.

Second, they limited the amount of money the highest paid people could earn in salary. In their case, the highest paid person could not make more than seven times the lowest paid person.

I am constantly disgusted by executive salaries these days. Being a previous employee of NORTEL, now in bankruptcy, I find it highly ironic that the executives responsible for driving the company into the ground received huge retention bonus to keep them from leaving. In a just world they would have had no where to go, and particularly they would not be financially rewarded for poor performance.

To me a salary should exist to cover the basic necessities of living, but the real compensation should be based on the performance of the company. Let me stress that I want there to be no limits on overall compensation – if the company is doing well I want everyone’s “upside” to be unlimited. But getting a huge salary just for showing up feels wrong, especially if the company is doing poorly.

Steve Jobs, one of the most successful CEOs ever, takes home a salary of just $1.

Back to Ben and Jerry’s. The one other thing they did that I admired was to donate a certain percentage of pre-tax profits to charity.

I like donating to charity, but I find that I am most eager to give to those organizations that are a) small and b) concerned directly with something I care about. Thus each year I give to the EFF, the FSF and the SFLC, plus a number of local charities.

When the earthquake in Haiti happened, we were shocked and saddened like most of the world. I wanted to help, but I wasn’t sure how. Luckily, the opportunity came in a most unexpected way.

Matt and Jeff (along with Alex) were hanging out in the OpenNMS IRC channel (#opennms on freenode.net) when a man named Andris Bjornson joined and started asking questions about OpenNMS. It turns out that he works for an organization called Inveneo that supplies bandwidth in rural and under-served areas in the developing world. Haiti was the perfect example of a place that needed their services, since a lot of the relief effort is run by non-government organizations (NGOs), and they rely on communications in order to maximize the good they can do.

Haiti’s communications infrastructure, such as it was, was destroyed by the earthquake, and Inveneo is using wireless technology to provide a timely replacement. Of course they need some way to manage this infrastructure (as you can imagine, it is in high demand) and they chose OpenNMS.




Andris installing an antenna in Port au Prince (click for more pictures)

Andris has been using OpenNMS for awhile, but he had some questions and there were some issues in managing the radios they were using. The guys in the channel were more than happy to help out, but we wanted to be involved in a more formal way.

We decided to donate a commercial support contract to Inveneo to help them out in Haiti.

It’s pretty cool to be involved, at least in some small way, with getting Haiti back on its feet. It was also cool to have OpenNMS chosen from all possible apps out there to play a role.

You can read more about Inveneo and OpenNMS in this press release, and please consider donating to their efforts.

Open source has a large social component, and I have a theory that being involved in open source software makes one generally more interested in social issues. I want to hear from others about their experiences with social causes tied to open source. Jon “Maddog” Hall is also a fan of Inveneo, and I’d love to have more examples.

UPDATE: Here’s a network diagram of the Inveneo network, and the “How to Deploy” document mentions us by name.

Why We Do What We Do

Posted on by tarus

“There are two goddesses in your heart,” he told them. “The Goddess of Wisdom and the Goddess of Wealth. Everyone thinks they need to get wealth first, and wisdom will come. So they concern themselves with chasing money. But they have it backwards. You have to give your heart to the Goddess of Wisdom, give her all of your love and attention, and the Goddess of Wealth will become jealous, and follow you.”

– Dr. Joe Vigil, quoted in Born to Run by Christopher McDougall

I am reading a book David loaned me called Born to Run. It discusses the Tarahumara people who live in the Sierra Madre mountains of Mexico. The book focuses on the fact that these people can run hundreds of miles without stopping or getting hurt (I also found it interesting that their economy is based, in part, on the trading of favors).

In trying to determine why these people can run so far so fast, it appears that the main reason is that, quite simply, they like to do it.

When I was younger I kept hearing from older people “choose something you like to do for a career” and I kind of ignored them. I wanted money, so I was going to choose the career that provided the best path to financial security.

It was only later that I lucked into doing something that I loved. When I became the OpenNMS admin in 2002, I went from a solid six figure salary to sometimes earning $300 a month. That was way less than minimum wage (and was offset by better months), but at least I enjoyed the work. We made adjustments to our expenses and I was surprised to find that at the end of the first year I had spend only $5000 out of savings.

Things took off from there, and I managed to attract amazing people who also loved what they were doing. We decided on a mission statement of “Help Customers – Have Fun – Make Money” with the emphasis on the first two. The money showed up. While all of us could make higher salaries in a more traditional job, we are content for now to use our profits to build a better company, since that increases our ability to both help customers and have fun doing it.

I can remember bringing up open source software on the OpenView Forum mailing list many years ago and being called a communist. I am far from it, although communist and community do share the same root (and I am very interested in the latter). I just want to create an environment where people are rewarded for doing good work, and the best way to get good work is to find people who enjoy and even look forward to doing it.

Ultimately, I think this is the best way to make money. Provide value and you will become valuable.

I end every employment offer letter I make with the same sentence. It has nothing to do with money or even network management, but it distills into five words why I get out of bed in the morning: Let’s go do great things.

“Let us live so that when we come to die, even the undertaker will be sorry” – Mark Twain

Rackwatch and OpenNMS

Posted on by tarus

One of my favorite clients is Rackspace Managed Hosting. They have been using OpenNMS since 2002, and they were either our second or third official customer (I can’t remember if they came before or after NASA), and I’m happy to say that they are still a client.

We like to describe OpenNMS as a network management application platform, and what that means is that it is easy to integrate OpenNMS into other systems to build a custom and unique management solution. In the case of Rackwatch, OpenNMS is integrated into an internal Rackspace system called CORE (CORE Objects Reused Everywhere).

We have a server hosted at Rackspace which we, of course, monitor with OpenNMS. This morning I got an e-mail from our OpenNMS system:

Subject: Notice #19845: HTTP down on 10.1.1.1 (10.1.1.1) on node server.opennms.org.
Date: January 10, 2010 7:46:07 AM EST
To: Tarus Balog

The HTTP service poll on interface 10.1.1.1 (10.1.1.1) on node server.opennms.org failed at Sunday, January 10, 2010 7:38:56 AM EST.

What I though was cool was that at approximately the same time I got an e-mail from Rackspace:

From: support@rackspace.com
Subject: Created Rackspace Ticket #100110-01016: Service Down: Webport (Computer #40906)
Date: January 10, 2010 7:39:59 AM EST
To: Tarus Balog

Dear Tarus Balog,

The following support ticket has been created:

Ticket #: 100110-01016
Subject: Service Down: Webport (Computer #40906)
Status: Confirm Solved
Account #: 14290 (Sortova Consulting Group)
Date: 01/10/2010 6:39am CDT
Comment:
————————————————————————

The Rackwatch monitoring system was unable to reach the
Webport service on computer #40906.
It may be down.
————————————————————————

Note the times of the notices were nearly identical, although this is more of a coincidence since our polling rate it set at 5 minutes (I believe Rackwatch is more frequent).

I just thought it was cool to actually experience OpenNMS in action at such a large company (we have instances of OpenNMS running in all nine data centers as part of the Rackwatch application).

Anyway, this notice allowed me to fix an issue with the Apache config on that server, and I dutifully got “resolved” messages from both Rackwatch and our own internal instance of OpenNMS when it was detected as being back up.

Sometimes you get so caught up in the internal issues with running a project that you forget that people actually use it, and it is nice to think that we play some small role in helping Rackspace provide fanatical service to their tens of thousands of customers.

More on Copyright Assignment

Posted on by tarus

A couple of days ago I saw a post by Dana Blankenhorn continuing the discussion of copyright assignment in open source. He pointed to a piece by Michael Meeks that he describes as:

This may be one of the most important papers on open source since The Cathedral and the Bazaar. It is well worth your time to read it in full.

With a comment like that, how could I not read it?

The main driver for a lot of this discussion is the impending acquisition of Sun, and thus MySQL, by Oracle. MySQL had a policy that any code contributed to the project required that the author assign the copyright to to the MySQL corporation. This gave them full control over the application, including the ability to publish it under different licenses.

The problem I foresaw with this was that some contributors would be reluctant assign copyright, and thus community contribution to MySQL would be lessened. This really didn’t seem to affect MySQL at all, and the fact that they “owned” 100% of the code definitely helped them get bought for US$1 billion by Sun. Their ability to generate revenue from that code was also responsible for their rapid growth and in a large part helped make the MySQL database what it is.

But now that MySQL looks destined to be owned by Oracle, people are worried that Oracle won’t put much energy into the project. MySQL was designed to be a replacement for Oracle’s bread and butter products, so it is obvious that as the new owner, Oracle won’t be working too hard to put itself out of business, thus the only real question is how much less effort will be put into MySQL. Since MySQL was published under the GPL, it would be very hard for another company to commercialize it, which will limit the chances that a well funded fork could be created. MySQL’s future growth looks pretty small, or at least much smaller than it could have been under a different owner.

Because of this, one of the MySQL founders, Monty Widenius, has even started a petition to prevent the sale by appealing to the EU.

Now I’ve had a couple of e-mail exchanges with Monty and I found him to be a very friendly and nice guy, but I’m a little puzzled by his actions. One can only assume that as a founder of MySQL he made quite a bit of money on the sale of the company, and that he was also instrumental in creating the company that eventually was sold. Thus his decisions led directly to this predicament. It seems to me, well, “wrong” to accept VC money, have a record breaking buy-out and then want things back the way they were, so I have little sympathy for this effort. Perhaps instead of trying to block the sale via legal channels he would be better off forming a foundation to try and purchase MySQL back from Oracle and then he could make it as free as he wanted.

Anyway, had MySQL been licensed under a more permissive license, or had contributors not assigned copyright, it would make it much easier for a third party to step in and commercialize a fork. I responded to some of Brian Aker’s comments on the subject a few weeks ago, and now I thought it’d be fun to examine those of Michael Meeks.

The two main points I took away from Michael’s paper were that copyright assignment should be avoided, and that one should use a permissive license. This is in order to build “a social environment built for the common good”.

I can’t really disagree with his conclusions. I believe that, yes, if one wants “a diverse, and thriving developer community” creating software with the most freedom is important. But it is based on one of the biggest flaws and misconceptions about open source, which is that simply by being open source thousands of qualified people will give up nights and weekends to work on your project.

I would never base any business plan on altruism. In fact, I don’t think it exists, at least on a large scale. People are selfish, and they do things in order to bring themselves personal gratification. The trick is to align those things that benefit individuals with those that benefit the group.

In many cases the ideas that Michael describes work. If you take a look at some of the successful open source projects, the end users are also developers (Spring, JBoss and to a lesser extent MySQL). The product that is sold is usually built using the open source tools, but it is not the tool itself. Thus having permissive licenses can make this very beneficial for all involved, since they are then free to commercialize the final product as they see fit.

But what happens when the project is aimed at end users and not developers? Take OpenNMS for example: our end users are network and system administrators, not Java coders. The project is the product. In order to develop this software, someone has to write it, and the most qualified coders tend to have things like mortgages, car payments and other needs that require money. It’s fine to preach altruism when you work for a large company like Novell or Sun, but what about small companies that are dedicated to open source? How can they make money and protect their work, while still remaining true to open source ideals?

In my own experience with OpenNMS we had a company that took our project, made some changes to it and distributed it in violation of the license. They had raised several million dollars in VC money and thus were able to hire the resources necessary to rapidly advance the application, and they claim to have made millions more selling, ultimately, the work of our community.

Had OpenNMS been published under a permissive license, this would have been perfectly legal. Thus the work of a small but dedicated group of people could have easily been commercialized by a larger company with more money. But since OpenNMS is published under the GPL this was not permitted, so we decided to pursue legal action.

The first thing you learn is that you are on your own. No one really cares that someone is abusing an open source license, especially if the code being stolen is maintained by a commercial institution. Luckily we were in a position to afford to hire a legal team.

Then we hit the second hurdle. At the time no single entity held copyright to the OpenNMS code. All code up until version 1.0 was held by Raritan (which had bought the assets of Oculan after they went out of business) and most of the remaining code was held by the OpenNMS Group. The company in question claimed that if it was using the code in violation of the license, it was only the code for which Raritan owned the copyright, and thus we had no recourse, as only the copyright holder can enforce the license.

It took us a year working with Raritan before they could join us in pursuing this company, and in that time the company ripping off our community’s work tried to clean up their act by releasing a fork of OpenNMS. While I can’t see how that fork would absolve them of their licensing issues (OpenNMS is a Java program published without the classpath exception, so simply importing OpenNMS classes is the creation of a derivative work under the GPL and there is no way this forked code could have been used without importing those classes) it did muddy the water quite a bit. I also found out that the legal system in the United States is reluctant to award damages based on software that used to violate a license, even if that software was sold for large amounts of money.

Before we could pursue it much farther, that company closed its doors. Whether our actions had anything to do with it, I don’t know, but part of me likes to think that there were some consequences for the theft of our code. But we did get a benefit: Raritan was willing to sell us the copyright to the code we didn’t own. It wasn’t cheap (two houses had to be mortgaged to cover the cost of the loan) but it was fair.

Once we purchased the copyright to the 1.0 code, all that remained for us to be able to defend OpenNMS from cases like this in the future was to reach some sort of agreement concerning copyright with the 40 or so contributors to OpenNMS since 1.0. Copyright assignment seemed to be the best way to go, but it didn’t seem fair to me. For example, suppose a member of our community comes up with a cool algorithm for doing some task and they integrate that into OpenNMS. Copyright assignment would mean that they were giving away that work, and if they wanted to reuse it in the future they would have to license it back from us. While it is important for all of the OpenNMS code to have a single owner, that was not fair to, and definitely discourages contribution from, the original programmer.

Our solution came from an OGP member named DJ Gregor who suggested that we adopt the Sun Contributors Agreement (SCA). This introduces the concept of dual-ownership: the copyright is assigned to a third party yet the author also maintains copyright. While this has never been tested in court, I trust the Sun legal team that it will hold up. I was happy to see that this meets, somewhat, with Michael’s approval, as he mentions the SCA a number of times in his article.

Thus, based on my experiences with OpenNMS, for a small company trying to make it with a business based on open source software, I think restrictive licenses like the GPL are crucial, as is copyright assignment.

The key part of any community is trust, and open source communities are no different. We don’t have huge numbers of people outside of the company contributing code (heck, we tend to hire the most prolific coders) but we do have an active core of people that help keep the project moving forward. The way we’ve been able to maintain that is by promising that no matter how much OpenNMS grows or is packaged in the future, the source will always be 100% available under an open source license. This is a promise we maintain by doing all of our development publicly – even custom development projects have their own branches in our git repository.

And we truly do listen to our team (DJ’s suggestion of the SCA as a case in point) even if they aren’t employed by the commercial side of the project. They are empowered to help determine the direction of the OpenNMS even though they don’t work for the company.

I think it is easy to describe a utopian world where all software is free, especially when your paycheck doesn’t directly depend on revenue from that software, but for a company that wants to both generate revenue and remain 100% open source, some sense of ownership and control is necessary.

I agree with Dana that the article is definitely worth reading, although I’d stop short of comparing it to The Cathedral and the Bazaar. Also check out the links at the bottom of Michael’s post. It includes the aforementioned article by Brian Aker as well as a great one by Bradley Kuhn called “‘Open Core’ is the New Shareware“.

At OpenNMS we try to avoid the pitfalls of open core commercial software by publishing 100% of our work publicly, but that requires such things as a restrictive license and copyright assignment. As with any situation involving trust it takes time to build, but we hope to continue to earn it.

Thoughts on the New Year

Posted on by tarus

Okay, I have a lot of stuff I’d like to post but the problem will be finding the time, so instead of meticulously crafting a post in my usual manner (grin) this one will be more “stream of consciousness”.

Last year started off horribly for the business side of things. It was so bad that I had to cancel our annual developer’s conference, Dev-Jam. It is a huge regret, since come March things went crazy and we posted three record quarters in a row, but it was the decision to make at the time.

When we had our first Dev-Jam it was kind of a lark, but I didn’t realize how important that yearly gathering of people was to the project. We’ve inked in the week of July 25th, 2010, back at the University of Minnesota, to make sure we don’t miss out again.

Other than that, 2009 was a great year. We hired Jason Aras (an OGP member) as a full time employee and Seth Leger, one of the original OpenNMS coders, came to work for us on a contract basis (and we hope he’ll join us full time in 2010).

On the development side we got a lot of interesting custom development business and delved more fully into the whole “agile” development process. It has enabled us to work more efficiently (especially as distributed as we are) and produce even more robust code. The last week in December we switched to git to streamline further our development process.

We enter 2010 in the best shape of our corporate lives, and I am confident it will be a solid year for the OpenNMS project as well. Seeing all of this talk about Sun/Oracle/MySQL and copyright assignment makes me glad that we are bootstrapped and make money the old fashioned way (by spending less than we earn) versus having to make concessions to our open source philosophy.

On the down side, it is frustrating not to be able to implement some of our ideas as quickly as I would like, but our organic growth means that the pace of development is getting faster and faster. This results in higher revenues, and since we plow all that back into the company it just feeds the growth of the project.

All the experts say that this business model is flawed and that we’re not a “real” company or at a minimum we are some sort of “lifestyle company“, but you know what? I don’t care. And as long as we can stick to our mission statement of “Help customers, have fun, make money” I don’t have to. (grin)

But if I had to lay out a goal for 2010 it would be to make it easier for people to get involved, and to get those involved more involved. I think calling 2010 “The Year of Community” is a little cheesy, but that is where my heart lies. We have a new stable release coming out, our first book (in German) and an iPhone app all in the first half of the year, but I think that would pale in my mind to getting the community back on track, and I hope that Dev-Jam goes a long way toward getting that done.

Happy New Year everyone.

This Post Brought to You by Snapple

Posted on by tarus

For those of us in the open source community, you were probably under a rock this week if you missed the New York Times story “Open Source as a Model for Business Is Elusive“. It was sent to me by a number of people, including one woman who I’ve seen rarely since high school – 25 years ago.

This has been analyzed to death (see the 451 Group’s blog for a nice roundup of commentary) so I’m not going to focus on the article too much. I did find amusing the comment “There’s only one company making real money out of open source, and that’s Red Hat” since Red Hat seems to be the only large company that focuses on truly open source solutions. Surprise, surprise, the fauxpen source players are apparently “in trouble”.

I know I look at the world differently than many (if not most) people, but I’ve never seen “open source” as a business model. The term is way too big and vague – like saying “manufacturing” is a business model. Sure, it can play a role in both the development, support and marketing of software, but its not a business in and of itself.

The biggest mistake is to try and treat open source software the same way as commercial software. The rules are different, and a lot of the griping is due to the fact that the way one runs a software company is different if the software is open source. I’m often asked “how do you sell free software” and the answer is always “you don’t”.

But it is hard to get both customers and investors to think differently.

One issue is applying old metrics to new markets. The Times article seems to think that open source companies are floundering. On the other hand, here at OpenNMS we had a record year and hired two new people. I’m sure if I brought that up as a counterpoint we’d be dismissed as being too small, but these days the costs of starting, maintaining and marketing a software company are so much smaller than they used to be. The model of the future is lots of small, profitable software companies versus an Oracle or a Citrix.

I read yesterday that the new album by Susan Boyle sold a record amount in the first week of release. While that’s a laudable achievement, at the bottom of the article they point out that most young people buy single tracks and not entire albums, and Ms. Boyle’s audience is a much older demographic. In five years using album sales as a comparative measure of success will go away, in much the same way that the overall size of a software company as the measure of success will change.

I love looking at how the entertainment industry is dealing with the prevalence of broadband network access to their traditional business models. In some cases they decide to sue their customers – trying to keep the status quo.

In other cases, artists are taking the distribution of their works into their own hands, like Radiohead. While the overall total sales of a particular album may go down, the amount of money the artists receive goes up. Others, like Phish, focus on touring and even encourage their fans to bootleg their music.

Expect to see more musicians focusing on singles vs. albums, since they will become more popular and they open the door to sales of other things such as ringtones (note – as someone who loves high concept long play albums like “The Lamb Lies Down on Broadway” I’m not saying this is a good thing).

It’s all about efficiencies. Cut out the marketing and production machine required to produce a piece of music and it is possible to make the cost to the consumer go down while the profit for the producer goes up.

Change bothers people, but it also provides an opportunity for creativity. On the show Glee the story line involves three to four musical numbers per episode. The producers then offer those tracks on iTunes which provides a totally new revenue stream. With people skipping the ads during shows, some are imbedding the product placement right into the story (with 30 Rock being the most obvious about it).

I am certain we will continue to see articles that cast open source in a bad light because it doesn’t conform the way software has traditionally been handled in the past. I’ll ignore them and keep looking for opportunities to shake things up.

I’m betting I’ll find them.

Black Duck Software

Posted on by tarus

I sat in on a webinar from Black Duck Software today on managing compliance when using open source software. As someone who has gone through the process of trying to resolve a GPL violation, this is something pretty near and dear to my heart.

For those who don’t know, Black Duck provides an application that helps companies identify if there is open source software in their product. My understanding is that they maintain a huge database of projects, code and the respective licenses and their software will then search for that code and produce a report. We received the output of the Black Duck software program from Cittio and, in my mind, it showed a number of violations. However, our attorney, Eben Moglen, wasn’t happy with it. The comment I remember from him was that this report was supposed to make people like him go away, and it didn’t make him want to go away.

But the report is pretty darn detailed, and while it may not solve all issues with open source used within a commercial software organization, it is a great place to start.

The main reason I attended this webinar was that Addie Welch, a legal advisor for Zenoss, was one of the presenters.

I’ve always been confused at how Zenoss is able to have a GPL’d version of their software (Zenoss Core) and a commercial version (Zenoss Enterprise) where the “core” version uses GPL’d code that is not owned by Zenoss. If one owns the copyright to the code, they can publish it anyway they want, but when that code includes third party GPL’d code, the derivative work must also abide by the license.

According the Zenoss website, they use a number of GPL’d programs, and I was curious to learn how they can separate “core” from “enterprise” such that the enterprise version does not constitute a derivative work. I was hoping to get an answer from Ms. Welch.

One reason I am curious about this (outside of the fact that I really dislike the fauxpen source business model that Zenoss uses and like to point out flaws whenever I can) is that if you look at the Zenoss Subscriber Agreement (pdf), there is a very odd clause required of all users who buy the enterprise version that forbids forking.

We used Google to search on “zenoss support agreement” and found a PDF copy of their subscription agreement. Section 12.2 states:

12.2 Forking of the Zenoss Core Software

“Forking” and “to Fork” means create derivative works of the object or source code for a product, or to distribute a product or a derivative work of a product under a new or different brand, regardless of any right to do so under any license.

During the term of this Agreement and the twelve (12) month period after expiration or termination thereof, and notwithstanding any rights under the terms and conditions of any license, you agree that you shall abide by the following rules of conduct:

(a) Neither you nor any entity controlling, controlled by, or under common control with you (an Affiliate”) shall offer, promote, distribute or otherwise make available any Forked version of any software product released by Zenoss, including without limitation the Zenoss monitoring platform, the Zenoss client libraries and any component thereof.

(b) You understand that Zenoss may make some or all of its software—which may include, without limitation, the Software—available in versions that are distributed without charge under the terms of the Free Software Foundation’s General Public License (“GPL”) (such versions the “Zenoss Core Software”). Zenoss Core Software may, at Zenoss’ sole discretion, be identical to one or more of the Software. This Agreement does not prevent You from distributing Zenoss Core Software pursuant to the terms and conditions of the GPL, provided that You comply with the Forking prohibition in subsection (a), above.

Although I am not a lawyer, this seems to be a violation of the GPL, specifically Section 6 which states:

You may not impose any further restrictions on the recipients’ exercise of the rights granted herein.

Since a fork could be considered as any modification without the express permission of the copyright holder, this “no forking” requirement seems to be a “further restriction.”

I asked this question on the webinar, but they ran out of time (sigh).

But the webinar did underscore the need for some sort of compliance procedure for commercial software that uses open source, but it failed to address the need that buyers should beware that the contracts they are asked to sign when purchasing commercial software may request that they give up some of their rights.

The right to fork is a fundamental part of open source software, and I can’t understand how a company can claim to be “open source” while striving to remove it.