Rant

MonitoringForge Redux

Posted on by tarus

A few months ago I blogged about a new site called “MonitoringForge.org“. It seemed to me to be a thinly veiled marketing attempt with little value, but I was willing to give it the benefit of the doubt and time would tell.

Well, I was reading Coté’s blog today and read a link where they created a press release to trumpet their 2,000th registered member.

This struck me as funny because, in the same sentence, they state that there are “more than 2,000 projects” registered on the site.

Wah?

So, if only one unique member of each project on their site registered, there should be more than 2,000 of them, yet they have less than that, and this is considered news? Heck, we have nearly 1300 people on the opennms discussion list and we’re just one project, but with their site running at an average of less than one person per project I guess we’re doing pretty well. And while I’m sure that 80 or so of our subscribers are directly working on OpenNMS, that still leaves about 1200 end users.

I’ll leave the similar calculation for MonitoringForge as an exercise for the reader.

(sigh)

Now I’m not one to beat a dead horse, but when the “Chief Marketing Officer” is willing to issue a press release on a site she calls “the epicenter of all open source projects that relate to IT monitoring” with such, in my humble opinion, lame numbers, I’m willing to stand by my original impression that this is just a marketing ploy.

Am I wrong? Can anyone comment who found the site valuable? Inquiring minds want to know.

More on Copyright Assignment

Posted on by tarus

A couple of days ago I saw a post by Dana Blankenhorn continuing the discussion of copyright assignment in open source. He pointed to a piece by Michael Meeks that he describes as:

This may be one of the most important papers on open source since The Cathedral and the Bazaar. It is well worth your time to read it in full.

With a comment like that, how could I not read it?

The main driver for a lot of this discussion is the impending acquisition of Sun, and thus MySQL, by Oracle. MySQL had a policy that any code contributed to the project required that the author assign the copyright to to the MySQL corporation. This gave them full control over the application, including the ability to publish it under different licenses.

The problem I foresaw with this was that some contributors would be reluctant assign copyright, and thus community contribution to MySQL would be lessened. This really didn’t seem to affect MySQL at all, and the fact that they “owned” 100% of the code definitely helped them get bought for US$1 billion by Sun. Their ability to generate revenue from that code was also responsible for their rapid growth and in a large part helped make the MySQL database what it is.

But now that MySQL looks destined to be owned by Oracle, people are worried that Oracle won’t put much energy into the project. MySQL was designed to be a replacement for Oracle’s bread and butter products, so it is obvious that as the new owner, Oracle won’t be working too hard to put itself out of business, thus the only real question is how much less effort will be put into MySQL. Since MySQL was published under the GPL, it would be very hard for another company to commercialize it, which will limit the chances that a well funded fork could be created. MySQL’s future growth looks pretty small, or at least much smaller than it could have been under a different owner.

Because of this, one of the MySQL founders, Monty Widenius, has even started a petition to prevent the sale by appealing to the EU.

Now I’ve had a couple of e-mail exchanges with Monty and I found him to be a very friendly and nice guy, but I’m a little puzzled by his actions. One can only assume that as a founder of MySQL he made quite a bit of money on the sale of the company, and that he was also instrumental in creating the company that eventually was sold. Thus his decisions led directly to this predicament. It seems to me, well, “wrong” to accept VC money, have a record breaking buy-out and then want things back the way they were, so I have little sympathy for this effort. Perhaps instead of trying to block the sale via legal channels he would be better off forming a foundation to try and purchase MySQL back from Oracle and then he could make it as free as he wanted.

Anyway, had MySQL been licensed under a more permissive license, or had contributors not assigned copyright, it would make it much easier for a third party to step in and commercialize a fork. I responded to some of Brian Aker’s comments on the subject a few weeks ago, and now I thought it’d be fun to examine those of Michael Meeks.

The two main points I took away from Michael’s paper were that copyright assignment should be avoided, and that one should use a permissive license. This is in order to build “a social environment built for the common good”.

I can’t really disagree with his conclusions. I believe that, yes, if one wants “a diverse, and thriving developer community” creating software with the most freedom is important. But it is based on one of the biggest flaws and misconceptions about open source, which is that simply by being open source thousands of qualified people will give up nights and weekends to work on your project.

I would never base any business plan on altruism. In fact, I don’t think it exists, at least on a large scale. People are selfish, and they do things in order to bring themselves personal gratification. The trick is to align those things that benefit individuals with those that benefit the group.

In many cases the ideas that Michael describes work. If you take a look at some of the successful open source projects, the end users are also developers (Spring, JBoss and to a lesser extent MySQL). The product that is sold is usually built using the open source tools, but it is not the tool itself. Thus having permissive licenses can make this very beneficial for all involved, since they are then free to commercialize the final product as they see fit.

But what happens when the project is aimed at end users and not developers? Take OpenNMS for example: our end users are network and system administrators, not Java coders. The project is the product. In order to develop this software, someone has to write it, and the most qualified coders tend to have things like mortgages, car payments and other needs that require money. It’s fine to preach altruism when you work for a large company like Novell or Sun, but what about small companies that are dedicated to open source? How can they make money and protect their work, while still remaining true to open source ideals?

In my own experience with OpenNMS we had a company that took our project, made some changes to it and distributed it in violation of the license. They had raised several million dollars in VC money and thus were able to hire the resources necessary to rapidly advance the application, and they claim to have made millions more selling, ultimately, the work of our community.

Had OpenNMS been published under a permissive license, this would have been perfectly legal. Thus the work of a small but dedicated group of people could have easily been commercialized by a larger company with more money. But since OpenNMS is published under the GPL this was not permitted, so we decided to pursue legal action.

The first thing you learn is that you are on your own. No one really cares that someone is abusing an open source license, especially if the code being stolen is maintained by a commercial institution. Luckily we were in a position to afford to hire a legal team.

Then we hit the second hurdle. At the time no single entity held copyright to the OpenNMS code. All code up until version 1.0 was held by Raritan (which had bought the assets of Oculan after they went out of business) and most of the remaining code was held by the OpenNMS Group. The company in question claimed that if it was using the code in violation of the license, it was only the code for which Raritan owned the copyright, and thus we had no recourse, as only the copyright holder can enforce the license.

It took us a year working with Raritan before they could join us in pursuing this company, and in that time the company ripping off our community’s work tried to clean up their act by releasing a fork of OpenNMS. While I can’t see how that fork would absolve them of their licensing issues (OpenNMS is a Java program published without the classpath exception, so simply importing OpenNMS classes is the creation of a derivative work under the GPL and there is no way this forked code could have been used without importing those classes) it did muddy the water quite a bit. I also found out that the legal system in the United States is reluctant to award damages based on software that used to violate a license, even if that software was sold for large amounts of money.

Before we could pursue it much farther, that company closed its doors. Whether our actions had anything to do with it, I don’t know, but part of me likes to think that there were some consequences for the theft of our code. But we did get a benefit: Raritan was willing to sell us the copyright to the code we didn’t own. It wasn’t cheap (two houses had to be mortgaged to cover the cost of the loan) but it was fair.

Once we purchased the copyright to the 1.0 code, all that remained for us to be able to defend OpenNMS from cases like this in the future was to reach some sort of agreement concerning copyright with the 40 or so contributors to OpenNMS since 1.0. Copyright assignment seemed to be the best way to go, but it didn’t seem fair to me. For example, suppose a member of our community comes up with a cool algorithm for doing some task and they integrate that into OpenNMS. Copyright assignment would mean that they were giving away that work, and if they wanted to reuse it in the future they would have to license it back from us. While it is important for all of the OpenNMS code to have a single owner, that was not fair to, and definitely discourages contribution from, the original programmer.

Our solution came from an OGP member named DJ Gregor who suggested that we adopt the Sun Contributors Agreement (SCA). This introduces the concept of dual-ownership: the copyright is assigned to a third party yet the author also maintains copyright. While this has never been tested in court, I trust the Sun legal team that it will hold up. I was happy to see that this meets, somewhat, with Michael’s approval, as he mentions the SCA a number of times in his article.

Thus, based on my experiences with OpenNMS, for a small company trying to make it with a business based on open source software, I think restrictive licenses like the GPL are crucial, as is copyright assignment.

The key part of any community is trust, and open source communities are no different. We don’t have huge numbers of people outside of the company contributing code (heck, we tend to hire the most prolific coders) but we do have an active core of people that help keep the project moving forward. The way we’ve been able to maintain that is by promising that no matter how much OpenNMS grows or is packaged in the future, the source will always be 100% available under an open source license. This is a promise we maintain by doing all of our development publicly – even custom development projects have their own branches in our git repository.

And we truly do listen to our team (DJ’s suggestion of the SCA as a case in point) even if they aren’t employed by the commercial side of the project. They are empowered to help determine the direction of the OpenNMS even though they don’t work for the company.

I think it is easy to describe a utopian world where all software is free, especially when your paycheck doesn’t directly depend on revenue from that software, but for a company that wants to both generate revenue and remain 100% open source, some sense of ownership and control is necessary.

I agree with Dana that the article is definitely worth reading, although I’d stop short of comparing it to The Cathedral and the Bazaar. Also check out the links at the bottom of Michael’s post. It includes the aforementioned article by Brian Aker as well as a great one by Bradley Kuhn called “‘Open Core’ is the New Shareware“.

At OpenNMS we try to avoid the pitfalls of open core commercial software by publishing 100% of our work publicly, but that requires such things as a restrictive license and copyright assignment. As with any situation involving trust it takes time to build, but we hope to continue to earn it.

The Whine List: Cold Weather, Cold Food and Cold Apps

Posted on by tarus

Note: This is one of my travelog posts with little OpenNMS content.

I like Chicago. I think it gets a bad rep in comparisons with New York and San Francisco, but I almost always enjoy my trips here. This may come as a surprise to many, since this is the eighth year in a row I’ve spent a week in Chicago in December, and I must admit the fact I like the city has a lot to do with being here other times during the year (we have a large number of clients in the area).

It’s cold here. As I write this it is 2F (-17C). This is actually an improvement over earlier this week where, while it was warmer, there was constant sleet/snow/rain. On Tuesday when I was walking back to the hotel, the 40 mph winds coming off the lake combined with pellets of sleet that could quite literally flay the skin off your face. Luckily, I have the world’s best travel umbrella, which acquitted itself quite well. Since the wind caused the sleet to hit you horizontally, I just held the umbrella up in front of my face to block most of it, with the occasional peek around it to make sure I didn’t walk into anything or anybody. The wind was so strong that it reduced the umbrella into a cone with a base about 10 inches wide, but it didn’t fail or invert and it got me back to the hotel with my face intact.

Compared to yesterday, that was a pleasant experience.

As my three readers know, I recently bought an iPhone. This trip has been my first chance to really use it and I am quite pleased. While the voice quality is just okay and the camera isn’t very good at all, as an overall communications device it works quite well. I am at a long time customer that happens to be a bank and as such their network is very locked down. Usually I am completely cut off from e-mail and IM, but with the iPhone I can easily keep in touch. The AT&T 3G network has been very responsive (I’m on the third floor of the building next to a window) and the intuitive interface of the phone makes using it a breeze. Battery life has been good – lasting the entire day even with a Woot-Off in progress.

And at least it hasn’t driven me to run over it with a truck, like my friend with the Droid. (grin)

One thing I didn’t understand about the phone were these new “push” notifications, and I’m still not sure I understand them completely. On the iPhone OS, third-party apps are not allowed to run in the background. Thus when using, say, an instant messenger application, you have to keep it in the foreground in order to know that someone has sent you a message. I was using an app called “IM+ lite” by Shape Services and I was bragging that I could stay connected even with it in the background since it supports push notifications and a little pop-up would appear when there was a new message for me to read.

It didn’t dawn on me that the only way that could work is if some third party server was acting as the client by connecting to my Jabber server as me. Since the IM+ app wasn’t in the foreground, there is no way for it to maintain a connection to the server to know that new messages were waiting, so there had to be another method for it to “know” there was a message waiting.

This really pissed me off.

As I have mentioned many times before, I am somewhat of a security nut. We have a Jabber server just for internal communication that a) we control and b) we require SSL connections throughout. Thus I feel really safe when using IM.

What pissed me off was that nowhere in the documentation for IM+ does it mention that some company in Germany is going to receive your credentials in the clear and then masquerade as you on your server – giving them access to your contact list as well as being able to log your conversations. I verified that, indeed, a server using the IP address 87.106.135.189 (which puts it in Berlin) was connected to my Jabber instance.

I was more pissed at myself for not being more careful, but still – I was under the impression that German law required companies to be quite clear about the information they collect over the Internet and how that information is used, but apparently that doesn’t apply to Shape Services. I am paranoid enough not to use my Jabber login as the admin login, so all I had to do was change my password, but still I was angry.

Be very careful when using push notifications on the iPhone.

I have since switched to the Jabber app from OneTeam, and I hope that push support comes to Openfire soon.

But no worries – I figured last night would make me forget all about it since that was our annual pilgrimage to Shaw’s Crab House. I have always loved Shaw’s – nice atmosphere, great service and good food.

To quote the Princess Bride, I have got to get used to disappointment.

To start with we ended up getting seated very close to a large round table full of about eight men and, oddly enough, just one woman. The guy closest to me must have been six and a half feet tall and over 300 pounds, and he was very drunk. This caused him to repeatedly get out of his chair, and since we were about an inch apart it would slam into mine. He would slur an apology but manage to do it again later.

Now the restaurant really doesn’t have too much control over that, but they do have control over the wait staff, which seemed uninformed and not very responsive. Our order of a dozen oysters took over 40 minutes to arrive. This was followed by our main courses, even though two of us had ordered a cup of lobster bisque that should have been served before the mains.

I love the bisque, but it was not to be.

Perhaps because of the delay on the oysters my scallops came out at room temperature. They were perfectly cooked, with just the right amount of caramelization, but just not hot. I ate about half of them before complaining to the table, and my dinnermates suggested that I mention it to the waitress. I did, and she offered to take them back and heat them up, but I resisted. Heck, this is a nice, expensive restaurant and they should be able to deliver food right the first time, and “heating things up” is what I do with leftovers when I get home.

When I said “no, that’s okay”, she got real snippy and said “well, why did you bring it up if you didn’t want me to do anything about it?” So like a punk I let her take my plate and 20 minutes later my scallops returned on a different, heated plate, ever so slightly warmer. By this time I wasn’t hungry anymore.

I blame myself – I should have asked to have our table moved away from the large, drunk guy. I should have replied to the waitress “well, I was hoping you could have suggested something other than heating up my poorly delivered meal, perhaps the manager can suggest something? Will you get him for me?” but I didn’t do any of these things.

I’ve noticed that a lot of unhappiness in this world doesn’t come from bad things happening to people, but from unmet expectations. I was expecting the excellent service and great food I have experienced at Shaw’s in the past, and they under-delivered (in all fairness I should point out that they did comp two desserts because of the missed bisque). I might have been able to mitigate the situation by talking with the manager, but I didn’t, which just deepened my mood even more.

Whenever I experience a bad service situation, I do try to learn from it. I’m going to have to think of ways within our own business when dealing with OpenNMS support to make sure expectations are properly set, and to encourage people to complain to management (i.e. me) if they aren’t. If I have an unhappy client I will do my best to set things right, but I have to know they are unhappy first.

Next time I’m in Chicago I’m eating at Vong’s due to this experience at Shaw’s.

I hope none of our OpenNMS clients feel the same way about us.

Trademarks and Open Source

Posted on by tarus

Slashdot pointed me to a post on open source software and trademarks on a PC World blog that concludes “Trademarking is almost totally incompatible with the essential freedom offered by open source.”

It really pissed me off.

The author was upset about some comments Canonical made about his use of the word “Ubuntu” on his website to promote a book he had written on the subject. When he reduced his use of the name and images in order to comply with fair use, apparently his website was now “graphically barren” and thus trademarks must be wrong.

Look, open source is all about sharing, modifying and making derivative works. But the problem with mainstream adoption of open source is who to hold accountable for problems. Trust me, enterprises would much rather deal with a company for support issues than “HaX0rBoi” on an IRC channel. In order for a company to protect its investment in building a brand and a reputation, trademarks are vitally important.

Implicit in the idea of commercializing an open source software application is an exact definition of the product. It has to at least have a name, a version, and someone responsible for it. Open source allows for modifications and forks, but if it weren’t for trademarks how could you tell the difference between Adam’s Firefox, Bill’s Firefox and Charlie’s Firefox? It is perfectly fine to take something like Firefox, change it, and release it as Iceweasel. But don’t call it Firefox. It is perfectly fine to take Red Hat Enterprise Linux sources, remove trademarked images, make your own binaries, and call it CentOS, but don’t call it Red Hat. And as we saw last week, one can take Nagios, change it, and release it as Icinga.

Can you imagine how chaotic it would be if there was no way to enforce a name? Heck, the first time I hired a lawyer with respect to OpenNMS was to send a cease and desist order to a company in California that claimed to be producing “OpenNMS for Mac”. They had taken issue with our need to use the Java 1.4 SDK (OpenNMS would simply die under 1.3) since 1.4 it wasn’t supported on OS X at the time. So they removed the code changes that required 1.4 and released their own version of OpenNMS.

I tried to reason with the man, even pointing him to the Mozilla policy on the use of their trademark, but he insisted that since OpenNMS was “open source” he could call his code OpenNMS. After several failed e-mails I had to send that letter to get him to stop.

He didn’t seem to realize that if someone like MacWorld downloaded his version (we support OSX through the fink project) and it was crap, it would negatively affect my business. More than that, he didn’t seem to care. I even pointed out that he was free to do exactly what he was doing if he would just stop using our trademarked name and logos, but it wasn’t until the letter got sent that anything happened.

It was upsetting. The main way we make money at OpenNMS is through our brand. We put a lot of work into insuring that OpenNMS doesn’t suck, and we market that our services around OpenNMS are the best you can get since we are the experts on it. As we expand we want to make sure that terms like “OpenNMS Certified” and “Powered by OpenNMS” mean something.

Mr. Thomas doesn’t seem to understand this. He takes exception, in part, because he knows that the tighter he can associate himself with Ubuntu the more books he will sell. But where does he cross the line between presenting himself as a freelance Ubuntu expert to presenting himself as being endorsed by Canonical?

His conclusions show a serious naiveté about open source business.

Trademarking is a way of severely limiting all activity on a particular product to that which you approve of.

What? Is he saying that the authors of an application don’t have the right to determine what they can do to it? Just because a product is open source doesn’t mean there are no concepts of ownership. You are free to benefit from the work of the authors through use of the source but you are not free to totally co-opt their brand.

That’s what it was created to do, and that’s what it unapologetically does on a daily basis around the world. If an open source company embraces trademarks then it embraces this philosophy. On the one hand it advocates freedom, and the other it takes it away.

I’m confused. Where do trademarks infringe in any way on the Open Source Definition? Which “freedoms” are being taken away? How about this: let’s remove the requirement that medical doctors, just the ones Mr. Thomas uses, be licensed. Having to be licensed to practice medicine infringes on my freedom to call myself a “doctor”, doesn’t it? The medical establishment does this on a “daily basis around the world”.

Trademarking encourages organizations to foster back-room deals, and negotiations to get permissions. It’s almost exclusively a domain for lawyers

I get very sad when I see stuff like this. For seven years now I have worked incredibly hard to help create OpenNMS and we give most of that work away for free. We’ve built a brand around the name and that value is what drives our revenues which, in turn, allows us to create more OpenNMS. Is it wrong for us to require that anyone calling themselves a “certified OpenNMS partner”, such as Nethinks in Germany, actually have staff on hand that we know will represent OpenNMS in the best light?

But this isn’t good enough for (and I am thankful for this) a small minority of users who think that any restrictions whatsoever cramps their style. They seem to think everything should be free (as in gratis) and when it is not it is somehow removing some God-given right.

I wonder how Mr. Thomas would feel if I downloaded the PDF version of his book and started selling it as my own? What if I put my own print version up on Amazon for a couple of dollars less than his?

Trademarks are the only way that open source projects can protect their work in the marketplace. It’s why they are called “trade” marks. If it wasn’t for the work of the Ubuntu project, Mr. Thomas would be spouting his inane comments interspersed with “do you want to supersize that?”, yet when they asked (and nicely it appears) that he respect their trademark his reply is to accuse them of “back room deals”.

He is a prime example of why I use the term “open source” instead of free software. People like him are more dangerous to open source software than any open core or commercial software company. Those companies want to compete with open source efforts – he wants to steal them outright.

Medsphere Gets a Microbus

Posted on by tarus

Okay, my day was going pretty well. I’m am trying desperately to finish an RFP. I’d caught up on mail and tickets, and although I’d rather be outside (since it is a beautiful spring day) I finally got focused on getting my reply written.

I take a little break and what should I find on my RSS feed but a post by Matt “I live to press Tarus’s buttons” Asay featuring a cute little VW microbus and my blood pressure went skyward again.


Photo yoinked from here

If you want to see me rant about the abuse of the term “open source” you really have to look no further than Medsphere. In fact “Remember Medsphere!” is my rallying cry to caution other entrepreneurs about being careful while seeking investment.

Medsphere was founded by the Drs. Shreeve (Scott and Steve). They accepted investment, proceeded to develop their software, released it on Sourceforge and were promptly sued by their investors for US$50 million. The suit listed twelve counts including violations of RICO, which if found true could have left the Shreeves penniless.

An interview with Fred Trotter gives a good summary of the situation.

They eventually settled the lawsuit, but I don’t know the details. Steve Shreeve blogged about the situation while he was still involved with the company, but he hasn’t posted in nearly 2.5 years and as far as I can tell he and his brother are not involved with the company they founded. I can’t help feeling that he knew these actions had destroyed Medsphere’s open source credibility and he was trying to boost it back up, but his non-involvement with the company seems to provide proof that it wasn’t to be.

Cool bus or not, I find it hard to believe that Medsphere is the example we in open source should be striving to emulate. It is the prime example of a company using the term “open source” to market proprietary software. It takes more than a hippie bus to embrace hippie ideals, but I think in almost every value system Medsphere got it wrong.

The Sharecropper Model for Commercial Open Source

Posted on by tarus

As I was running through my RSS feeds this morning, Roberto Galoppini pointed me to a post by James Dixon (the CTO of Pentaho) on the Beekeeper Model for Commercial Open Source (PDF).

It references Geoffrey Moore’s Crossing the Chasm which I’ve used for years to drive our OpenNMS business, so it caught my attention. I haven’t blogged much about open core for awhile, but I thought this article deserved a closer look.

Since I’ve been labeled a hippy open-source purist, let me state again my contention that companies that label themselves “open source”, including “commercial open source,” need to produce products where 100% of the software code is available under the OSI Open Source Definition via an OSI approved license. If the business model involves generating the majority of revenue by selling “enterprise” software via traditional closed licenses, that software doesn’t meet the definition of open source and should not be called such. I’m perfectly happy with “Commercial Open Core” but let’s not confuse a neo-proprietary software model with open source.

My bullshit meter jumped slightly when I read his list of open core companies:

Companies using the single-vendor or open-core commercial open source models include MySQL, Ingres, Compiere, Open Bravo, Liferay, SugarCRM, Mule, Alfresco, JBoss, Digium, and Zimbra.

The meter only jumped a little because he used the term “or” instead of “and”, but on reading the rest of the article it seems like they are equivalent, so I need to point out that not all of these companies are open core.

Everyone who calls their company “open source” likes to be compared to JBoss since they were purchased for so much money, but I want to stress that JBoss isn’t open core. From their website

you can see that there is no code differences between JBoss Community and JBoss Enterprise. Sure, you get patches, and hot fixes and gobs of benefits by being an Enterprise customer, but special code is not one of them.

Digium is very similar. We love the gang over Digium as they strive to make sure their code is 100% open, and we use their software in-house as well.

It is also my understanding that MySQL, another successful open source company, made 100% of its code available until a year or so before their acquisition by Sun. In that last year I believe that “enterprise” customers got to see code six months or so before it was released into the wild, which while unfortunate, still resulted in all of the code being open. Prior to that you could get MySQL under an open license or you could purchase a proprietary license and imbed it in your commercial product. As long as the open and proprietary version are basically the same code I think this is a legitimate way for an open source company to generate revenue from software licenses.

Someone please correct me if I have my MySQL facts wrong.

In two if not all three cases they pass the CentOS test, and thus I don’t consider these companies to be open core.

Mr. Dixon did score points with his statement on open source software vs. free software:

Open source is not free. In 1998 the term ‘open source’ was coined to replace the term ‘free software’ because many people assumed ‘free’ to mean ‘zero cost’ whereas it was always intended to mean ‘freedom’.

That’s it in a nutshell. Open source requires a different kind of cost, but you don’t get a free (gratis) solution. However, people have taken it a step further to mean that commercial software can be called open source since commercial software is not free, too. “Syllogisms are only partially convertable. While Alma Cogen is dead … only some of the class of dead people are Alma Cogen”.

His entire section on The Principles of Open Source is pretty spot-on. I found myself warming to Mr. Dixon.

Then we get to the meat of his document, his four models of software development:

  • The Wild Hive Model for Open Source Projects
  • The Maple Syrup Farm Model for Proprietary Software Companies
  • The Beekeeper Model for Single-Vendor Commercial Open Source
  • The Honey Gatherer Model for Services/Support commercial Open Source

This is interesting stuff, so please read it for yourself. It is so elegant and comes with nice little drawings that it took me awhile to understand why my bullshit meter was pegged.

Then it dawned on me. Instead of the Beekeeper model it should be called the Sharecropper model. The single vendor controls everything while benefitting from the community, while the community only exists to serve the single vendor. When he writes “In the Beekeeper Model the bee farm provides land, hives, and flowers etc.” it is just like a plantation owner in the old South owning all the land and means of production. The bees are not in control of their destiny, much like some sharecroppers were told when, where and what to plant.

This is at the heart of my problem with open core software. In a vibrant open source community it is the community that controls the product, not the vendor. Mr. Dixon states:

This explains the common practice of the Beekeeper companies to offer some kind of ‘Enterprise Edition’ that includes features not available to the community. These are high-end features that only larger organizations find of value.

Who decides what features are of what value? As I mentioned in my Hyperic post awhile ago their community is screaming for a feature that only exists in the “enterprise” version, yet their needs go unmet. It is obvious that Joe User needs the feature but because it drives software revenue it will never be open. According to Dixon is necessary because

It is clear that the single-vendor model is more costly to set up and operate than the services/support model. It is logical that companies using the Beekeeper Model need to generate more revenue to recoup these costs than a company using the Honey Gatherer Model

No, it is logical that if the only way you can meet your revenue needs is by selling commercial software then your open source business model is broken. Don’t say “pure” open source doesn’t work if the problem is you can’t run your business properly.

There are several other things that just slapped me upside the head:

The community gains open source software they can use for their own purposes. This software has more functionality and more resources than a ‘pure’ open source project could provide. In this way the community profits directly from the company and its customers.

If he means that an open source project with a commercial backer has more functionality, then I’d say “well, duh, of course”. But there is no reason that making money on an open source project is in conflict with being “pure”.

The customers gain higher quality software at a better price. The customers profit from the open source community’s ability to produce high quality software.

In the first statement he implies that in order to produce high quality software you have to have a commercial entity producing it, but then here he states it is the community that produces the high quality software. Which is it?

As far as price, nothing could be better than free, I agree. But if he is talking about customers having to buy enterprise versions of “open source” software the math gets a little hazy.

For example, in our space OpenNMS provides unlimited Standard Support for US$14,995 a year. Zenoss, an open core company, charges US$150/device for a minimum of 250 devices for its “enterprise” software, or US$37,500 a year, over twice as much as we do and limited to 250 devices.

However, if you take our average commercial install of 2000 devices, the Zenoss price would be US$300,000 per year. That is insane – you might as well buy OpenView or Tivoli. Over 5 years the cost will be must less than the US$1.5 million Zenoss will charge. Of course, no one should be paying list price for their software, but it is so wrong to call it open source even if you can haggle it down.

A prospective customer should not have to learn about open source in order to become a customer. The sales and marketing materials should neither hide their open source model nor require understanding of it by the market.

Why shouldn’t a prospective customer “not have to learn about open source”? Aren’t there some serious advantages to open source? That’s like saying Toyota shouldn’t educate its clients on the hybrid synergy drive on its cars. True, the customer shouldn’t have to be able to build one or understand exactly how it works, but I would think the basics of why you would want one should be explained early and often.

Educating the market will be the downfall of the open core business model once people realize that there may be “pure” open source offerings that do it better. After listing the benefits of open source so well in The Principles of Open Source why does Dixon feel it is not important to the buying decision?

Customers are not bees, bees are not customers, and you cannot convert one to another.

With OpenNMS a good portion of our clients are also actively involved in the community. In fact we encourage this. Many, if not all of our customers came to us from the community. With our commercial support offerings, however, there isn’t a requirement of community involvement. What I get out of this statement is that the single vendor company sees the community (the bees) and their customers as separate things, and will focus on the needs of the customer, in order to generate revenue, versus the needs of the community.

Some people assume that all commercial open source models are flawed because the company does not have direct control over the direction of, and development of, the software … The services/support model does suffer from this. The company might pay for full-time developers to work on some of the open source projects that it utilizes but it does not have the same level of influence that the single-vendor model provides.

This has not been my experience. The statement that single-vendor (open core) models have more influence goes back to my plantation owner analogy – the sharecroppers/bees/community are told what to do since the plantation owner controls everything. At the OpenNMS project, influence is based on merit. We have a number of full time developers who both create code and help integrate the contributions of the people outside of our company. Since we get to work on it full time we produce more code which earns us influence. However, every major project decision is governed by the Order of the Green Polo, which got there also on merit (and not always by writing code).

It seems like in the Beekeeper model influence is bought. You, the community, do what I say since I pay for everything. And, by the way, I have to sell software in order to pay for it. It seems to be the antithesis of the open source communities I’ve known.

In summary, I do think the need for a “whole product” is valid, but I don’t think it is necessary to sell commercial software licenses in order to deliver it. The “Honey Gatherer” can deliver the whole product without resorting to commercial software licenses.

Part of my antagonism toward the model comes from the fact that Pentaho sells an “enterprise edition” and thus is an open core/neo-proprietary company, and since those companies have co-opted the term “open source” I am naturally distrustful. It’s like saying “we love the bees, we need the bees, but no royal jelly for you” and I think that is wrong within an open source environment.

But this model is slick and well written and it did make me think, which is always welcome.

More Open Core Silliness

Posted on by tarus

I came across a post by Brian Gentile, the CEO of Jaspersoft, where he is trying to defend the “open core” business model. I tried to comment on his blog but got the following captcha, which I just couldn’t figure out (and nothing really happened when I clicked on the little handicapped icon).

Since I just finished Watchmen I’m kind of in an odd mood. I sometimes question whether my devotion to protecting the term “open source” is devolving into the moral rigidity of someone like Rorschach. In any case I will attempt to address some of the points raised by Mr. Gentile.

1. Community involvement in the core code is encouraged, while community “extensions” are not only plausible, but probable.

Of course community involvement is encouraged. I’m sure all commercial software companies would like to have a group of programmers adding features to their product for free.

I’m a little confused over “plausible, but probable”. One way I would interpret it is that it’s great of you add features to our software, and it is “probable” that we’ll accept them, unless they conflict with our commercial features.

2. Commercially-available extensions, a superset of the core and ideally with visible source code access, are provided, thus creating the value and assurance commercial customers often require to sign a commercial license.

Of course, in the open core model there must be “commercially-available extensions” in order to get companies to sign a “commercial license”. Why is this? Because the open core product has been intentionally hobbled to force companies to buy the closed software product in order to get it to do the things that customers need it to do, and thus to generate revenue for the software company.

Isn’t this the same thing as a shareware application? The “free” version does some things but it is the full featured version that most people need.

Also, I want to point out a new trick in the open core marketing book: “ideally with visible source code access.” Many open core vendors are supplying the source code to their commercial clients, but under a very restrictive license. Access to the source code is not “open source”.

3. The Community needs a healthy and growing group of Commercial customers to both legitimize the open source code base and ensure necessary financial success so the on-going advancement of the products / projects are assured.

Why? This is the other argument that open core loves to make: good software cannot be created unless someone pays for it. And, it seems in this argument, good code can not be legitimate unless someone pays for it. I think it is a large, open community that legitimizes the product, not the other way around.

The thing that pisses me off the most about this statement is that you can break down the reasoning behind it as:

You, the community, can add features to our code. We, the corporation, will then use those features to help sell our commercial software. If you work hard, we’ll be successful, and if you are lucky some “free” features will trickle back down to you.

Bah.

Mr. Gentile then goes on to state that “some have claimed the only true and legitimate open source model is to provide identical community and commercial editions of the source code.” Yup. That would be the case. The Open Source Definition has many requirements, and having separate commercial editions of the source code violates many of those. Ergo, you are not open source.

He goes on:

Minimally, this argument misses a valuable history lesson. Most major software categories where open source has positively disrupted have required successful commercial open source companies to eventually use a model similar to open core, in order to continue growing. Think JBoss, Linux (Red Hat Enterprise Linux, Novell/openSUSE), SugarCRM, Hyperic, Talend, and of course, Jaspersoft.

First off, Red Hat Enterprise Linux passes the CentOS Test, so I wouldn’t call it open core. I just went to the JBoss site and I’m having trouble finding the “commercial software extensions” that would be present in an open core product. I don’t know enough about openSUSE to comment, but I assume it is very much like RHEL and would pass the CentOS test.

So, that leaves SugarCRM, Hyperic, Talend and Jaspersoft. See, all of these open core companies want to be associated with Red Hat and JBoss since those are obvious commercial open source success stories. But those two companies are not open core – they provide a lot of value without having to resort to commercial software. While the open core model may be successful as a commercial software business model, it ain’t open source, no matter how many times they say it is. If they would just own up to the fact I could stop wasting my time, and yours, on these posts.

And what about MySQL? Why did he leave that one off? Up until the last few years MySQL was a pure open source company. Sure, they would sell commercial licenses to their software, but that software was identical to the GPL version. I have absolutely no problem with this, and I think it is a valid way to generate revenue.

But look at MySQL, JBoss and Red Hat. They are all enabling technologies, and not really applications in and of themselves. This is a lot like OpenNMS, which is designed as a platform on which to build and not a rigid shrink-wrapped application. This is where open source really shines.

He concludes:

The pure open source model will continue to democratize software development and yield some commercial success. But to truly disrupt software categories where proprietary vendors dominate (and to deliver large new leaps in customer value), the open core model currently stands alone in its opportunity to deliver community progress and commercial success.

I see little difference in the “open core” model and that of “proprietary vendors”. The code, unless forked, is still 100% controlled by one commercial entity with a business plan to make revenue on software licenses. If the business is to run well, then the needs of the community will ultimately be sacrificed to the needs of the corporation. Couldn’t a proprietary software company make the same argument? That if lots of people buy our software we’ll have money to make “large new leaps”?

If you like your users why not provide all of the features as open source? Red Hat does it, JBoss does it, OpenNMS does it. The answer will always be that their business model can’t survive unless they sell closed source software. In that aspect, I can see little difference between open core companies and Microsoft.

The key phrase that struck me here was “yield some commercial success”. Pure open source works, but just not fast enough and big enough. For whom? Why the investors in these open core companies, of course. They want commercial software-sized wins in a short amount of time, and thus they have to adopt a commercial software business model, using the term “open source” to market it.

The real weakness in the open core model is that, while it adopts a commercial software licensing model, it dilutes the intellectual property value behind it. Why should I consider acquiring an open core company when I can just take the open source pieces and add the most requested missing features for much less money?

Open core software is a fad. I have no doubt that it will make some individuals wealthy, but pure open source is catching up and will eventually disrupt both the pure proprietary and open core proprietary software business models.

Thoughts on Service

Posted on by tarus

I had a horrible customer service experience this weekend. Whenever I experience either exceptionally good or exceptionally poor service I tend to spend a lot of time thinking about how I can apply it to make the services we at OpenNMS provide even better.

The situation was this: my water heater started leaking. I was doing some work on the farm, went in to the garage to get some tools, and when I came back about an hour later there was a stream running across the garage and then outside.

My house is over 15 years old and my guess is that the water heater was just at the end of its life (I could see some places near the bottom where the paint had bubbled – probably from rust). Unfortunately, the cut off valve for the heater itself was frozen open, so I had to turn off the water main to get the stream to stop flowing.

I didn’t worry about it too much since I had a home warranty from American Home Shield, and this was definitely covered. The warranty originally came with the house and we’ve been making the premium payments once the first year was up (for over nine years now). I’ve had mixed results with the AHS service in the past, with the best service coming years ago when we first started with them and then steadily getting worse.

I called their toll free number, worked through the automated attendant, explained the problem and was told they’d have someone call me.

On Monday.

Since this was Saturday afternoon I wasn’t looking forward to spending the weekend without water, so I called back to see if I could get my total lack of water considered an “emergency”.

Now I used to work for NORTEL on ACD systems, so I have a bit of an interest in how these things work. Usually, pressing “zero” or saying “agent” will short circuit all of the “press/say one” crap, but on modern systems a healthy dose of swearing will work as well.

Voice: “If you are experiencing problems with your heating and air conditioning, say ‘HVAC’. If you are experiencing problems with an appliance such as a stove or a washer, say ‘appliance’. If you are …”

Me: “Agent”

Voice: “I’m sorry, your answer was not understood. If you are experiencing …”

Me: “Transfer me to a go****n f***ing agent right now!”

Voice: “Please hold while we transfer you to an agent.”

Once I reached a human, they told me that they would contact a plumber and I should hear back within the hour. An hour and a half later I called back, went through the same routine again and got the same answer – someone would call me.

Chances are if your service company doesn’t call you back on an emergency call within an hour, they ain’t calling back. But I waited another hour before taking matters into my own hands and deciding to get it fixed on my own. I figured it would be easier to get a service person out at 5pm on a Saturday than 9pm.

What was even more frustrating about the experience is that it was the weekend and I had stuff to do. Unfortunately the cordless wouldn’t reach to where I needed to work outside, so I was basically forced to wait inside by the phone.

It did give me time to surf the web for stories about American Home Shield and they aren’t pretty. I also had plenty of time to read my contract and I realized that I had until tomorrow (the 24th) to cancel my current contract for a full refund. Of course, if you want to cancel within your 30 day period, make sure you schedule it for a business day because they won’t cancel your contract on a weekend. I found this out when I called AHS back to cancel the service call and deal with it myself.

So, what does this have to do with open source? Well, ostensibly AHS is an insurance company, and to some degree what we provide is a form of insurance. So why do I think we got it so right and AHS got it so wrong?

The main difference I think is in motivation. It is the goal of AHS to maximize profit. There are two ways to do this: sell more or spend less. From what I’ve been able to read on the web, it seems that the focus of AHS is the latter. Since there is no pre-inspection there is no baseline for determining the state of your house. There is a clause in the contract that requires you to “maintain” your property, and it appears that AHS has refused to pay for services just by stating that the problem was due to a lack of maintenance.

Should they actually decide to address a claim, it also appears that their contracts with suppliers are pretty draconian, asking the supplier to take on a fairly high level of cost and risk. Thus they only attract the lowest common denominator of service company – such as those that won’t respond to an emergency page on a weekend. One can only imagine how they would handle a more important job such as an HVAC system.

At OpenNMS we try to do the opposite – increase revenues by selling more. Our plan for that is to deliver the best level of service possible so that our current clients will tell their friends how great we are. While our support services are described in a detailed Statement of Work, we often venture into the category of “out of scope” work in an attempt to insure our clients’ happiness.

We also hire talented, cheerful and qualified people. We provide premium services and charge accordingly, so you won’t get anyone whose major understanding of network management starts and ends with the ability to spell SNMP.

Maybe one last difference is that I think I would resign if anyone had anywhere close to the experience I had with American Home Shield with OpenNMS. At 9pm on Saturday, four hours after I cancelled the service call, AHS called the house to tell us that they just couldn’t find anyone to fix our problem. At that time it would have been hard for me to find someone, so luckily I got it fixed earlier.

I tried to be nice when I called to cancel my contract this morning, but it was hard. At OpenNMS we have lost a few customers over the last seven years, but never due to performance. While I hate losing any client, I’d much rather get a note like

We do not plan to continue to utilize a support contract with the OpenNMS Group as we have quite frankly not found a need to utilize support services on the product itself. Thanks.

or

We do want to acknowledge and thank you for outstanding support and superior responsiveness; on a scale of 1 to 10 I would rate your service at the highest level, at 9.99999, only reserving the 0.00001 as incentive for continued growth.

I can live with that.

Dear Mr. President: Buy My Software, please

Posted on by tarus

Readers of this blog know that I am somewhat of a purist when it comes to the term “open source“. I believe that if you are in the business of generating most of your revenue by selling software licenses you can’t be an “open source vendor” (although there are a number of corner cases that make it difficult to categorize some companies).

Recently Matthew Aslett over at the 451 Group was kind enough to continue the discussion of what constitutes an open source vendor, and his post seems to have caused others to join in. While I don’t agree 100% with his conclusions, I’m glad people are at least talking about it. Of course, Matt Asay thinks we’re all silly and the question isn’t even worth considering, since open source and commercial software are basically the same thing.

The importance of trying to define an open source vendor becomes apparent when I see things like this open letter to President Obama from “15 leaders of open source projects and companies”.

Now I, of course, believe that government can definitely benefit from open source, but I’m not sure now is the time to be bringing it up. I mean the man is busy resurrecting the economy, trying to end two wars, and restoring the country’s international standing. Personally, I’d rather see the credit markets loosen up a bit first before really worrying about bringing open source to the government.

And I have to wonder about the motives of the signers, since many head up commercial open core software companies. I know they mean well, but couldn’t this be just a publicity stunt to get their commercial software products on the government’s radar?

Let’s suppose that the USA issues an open source mandate requiring that open source solutions be considered in any software purchase. Can you imagine how that conversation might go?

USA Government Guy: Okay, we have this mandate to move to open source solutions, so I want to know if you can help me.

Open Core Vendor: Sure. I’m certain we can.

USA: Okay, does your software do this, this and this?

Vendor: Of course, it’s our core competency.

USA: Great. Now this is important … can it do that?

Vendor: Yes …

USA: Excellent, now concerning …

Vendor: … in our enterprise version.

USA: Excuse me?

Vendor: That is only available in our enterprise version.

USA: What’s an “enterprise version”?

Vendor: Well, we have two versions of our software: the community version and the enterprise version, and the enterprise version has more features.

USA: Well we definitely need that, so I guess we’ll need the enterprise version. It’s still open source, right?

Vendor: We have built a great open source community.

USA: But the enterprise version … I get the source code, right?

Vendor: Well, no. That’s our community version.

USA: I don’t understand. I can modify the enterprise version, correct?

Vendor: I don’t see how, we don’t let you see the code.

USA: Are there limits on how I can distribute the enterprise version?

Vendor: Oh yeah, we’ll charge you a license for each device you need it for.

USA: Charge me?

Vendor: Yeah, see, you have to understand, there are three types of people in open source. Those who write code, those who pay for code and freeloaders. Those who write code we call “our community” and well, freeloaders aren’t useful for much at all, but you get to be in the third group, which we call customers.

USA: I thought open source was about sharing, both the costs, the benefits and the goals, and that it created such great things as the Linux kernel and the Apache web server. How does this apply to your product?

Vendor: You can’t get good code unless someone pays for it.

USA: Okay, I’ll bite: how much does your enterprise version cost?

Vendor: $500 …

USA: That’s not too bad, I thought it was going to be …

Vendor: … per device.

USA: What ?!? I have hundreds of thousands of devices!

Vendor: Yeah, that’s why they call it a stimulus package. I’m stimulated just thinking about it.

USA: Man, this open source thing is going to get expensive. Well, what’s the life of the product? At least I can spread the cost over a couple of years.

Vendor: Maybe I wasn’t clear. That was $500 per device per year. We work on a “subscription” model.

USA: I am so confused. If I have to pay you that much each year, I might as well go with the solution from IBM or Microsoft like I always have.

Vendor: But we’re open source.

USA: Some of your product is open source, but it seems like it exists solely to drive people to your commercial “enterprise” product. Both Microsoft and IBM create some open source software, so how are you different?

Vendor: We put “open source” on our website.

Ooooh, I’m going to hell for that one.

Netcool? Hyperic IT is Not Cool

Posted on by tarus

I’m certain that the title of this post will raise some eyebrows, and not just for the bad pun. I’m not talking about the Hyperic we all know and love. As much as I disagree with open core software’s business strategy of using the term “open source” that doesn’t mean I don’t like the people involved, and the Hyperic crew are pretty nice folks.

No, the Hyperic I am talking about is a company calling itself Hyperic IT.

I was working in Milan today when I entered some search terms into Google. Google uses your source IP address to direct you to the site most customized for your location, so while I am in Italy http://www.google.com takes me to http://www.google.it.

One of the terms I searched on was “opennms” and I noticed that Hyperic had bought an adword link. I clicked on it and was taken to http://www.hyperic.it. There I saw the expected orange and blue, and since the site was in Italian I just figured they had opened an Italian office like with our http://www.opennms.it.

I dropped Javier a note to ask him about this and he replied that he had no idea that site existed. On further examination it appears that a company called netEdge Srl is taking the open source part of Hyperic, forking it, and selling it as Hyperic IT.

Look, I personally think taking the open source part of an open core project and forking it is fantastic. But open source code does not mean you can steal someone’s brand. That is most uncool.

For a company like The OpenNMS Group, the OpenNMS brand represents most of our value. What more do people want – we give away all of the source code under a free license – at least let us build our identity and reputation around the trademark. Yet some people don’t understand this and think they can take that, too.

By calling the product Hyperic IT, using the same color scheme and even the Hyperic HQ logo in their screenshots, this company is obviously trying to rip off the real Hyperic. If their product was any good they could have renamed it something else, easily removed all of the trademarked logos (a la CentOS) and worked to build their own business instead of trying to steal someone else’s.

If they are willing to so blatantly steal from others, would you really want work with them?

From what I can understand from my friend Antonio, this company is an Srl or Società a responsabilità limitata, similar to our LLC (I could be wrong since my Italian is weak). If this is the case, since Hyperic is trademarked in the EU, the people at netEdge may not have the protections of a corporation and could be held personally liable for their actions. Not too smart.

I’m hoping this blight is soon removed from the Internet.