Rant

Who Did You Sleep With To Get This Job?

Posted on by tarus

With all the money that is spent, why is it so hard for government to demonstrate even an acceptable level of competence when it comes to technology? I’ve long ago given up hope that they could provide something that would make me go “wow” but, jeez people, can’t you get the basics right?

At The OpenNMS Group we get paid once a month, and today I’m running payroll. This is the first payroll with our 401K deductions, so it is a little more involved than usual, but it doesn’t tend to take me very long.

Our business is headquartered in the state of North Carolina, so I have to deposit withholding taxes each month. I usually do this online, but when I went to the site today I see this message:

Okay. Cool, new services. How bad can it be? Well, pretty bad. When I go to register on NCID the first thing I see is:

I’m not sure why Verisign isn’t a recognized root certificate authority, but it looks valid so I’ll soldier on.

Now the next thing I get is:

What? In this day and age I don’t expect every web application to support every browser perfectly, but it should support every standards compliant browser and at least Firefox well enough for something like this. Since Internet Explorer is Windows only, I need to write the North Carolina State government to ask for my free copy of Windows so that I can use the services that my tax dollars helped create. Sheesh.

But considering the level of competence displayed by the designers of this abomination, I’m going to assume that there is nothing that really requires IE but that they were too lazy to test it using other browsers, so I’ll see what happens.

Well, about halfway through the registration process I get this error:

Great. This system is going to be the only way of paying my taxes electronically in a week and this is how well it has been tested. Although 500 errors indicate something is wrong with the server, I’ve seen with OpenNMS cases where IE rendered relative links differently than every other browser, and even though I filled out submitted a form to report the bug I’m sure the answer will be to blame Safari.

I did manage to get an NCID, and when I went to logout I got:

Close the browser? Why? Does the application not clean up after itself?

What’s even funnier (in a sad, developing into maniacal laughter sort of way) is if you hit the “exit” button you get:

No wonder people have no faith in government anymore. One would assume with all of the web programming talent available in the area they would be able to get someone who knew what they were doing. Of course for a website like NCID you’d want to use only the best technology, like, say, FrontPage:

	<meta http-equiv="Content-Language" content="en-us">
	<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
	<meta name="ProgId" content="FrontPage.Editor.Document">
	<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

Gaaaaah! I assume it was some politician’s relative with a copy of Frontpage for Dummies that won the bid.

I’m going back to mailing in my tax check. They’re only going to waste it anyway.

The War for Open Source

Posted on by tarus

Starting about the time that Bill Gates wrote his infamous Letter to Hobbyists, the commercial software industry has sought to control and restrict access to source code. Before that time, code wasn’t explicitly free, but it was often freely exchanged. The rise of the commercial software industry put an end to that.

When the modern open source software movement was formalized by Bruce Perens and Eric S. Raymond, the commercial software establishment pretty much ignored it. There was no way that useful software could be created for free. Then along came the Linux kernel, the GNU operating system and applications like the Apache web server, and suddenly open source software was not only useful, its adoption started growing phenomenally.

Since it is hard to say software isn’t useful when millions use it, the commercial software industry changed its tactics. A campaign of Fear, Uncertainty and Doubt was started. Can you trust software made by a bunch of anonymous hippies? Who will support it? Who can you hold accountable?

In response came companies like Red Hat, who said “hey, I’ll support it, and I’ll give you better, more responsive service than you get from the commercial software guys.” Slowly, the FUD argument started to fade.

Now I’ve seen the next front on the war for open source. Commercial software companies are attacking the term itself. They are trying to say that commercial software and open source are actually the same thing, even though there is a huge difference between companies that garner most of their income from the support of software and those that earn most of their revenue from the sale of proprietary software licenses.

Words are important. One of my favorite philosophers, the late George Carlin, based much of his work on the examination of how words are used to control people. Take the invasion of Iraq by the United States. Following on the heels of the 9/11 terrorist attacks in New York, the US government sought to justify it by associating Iraq, even though not a single terrorist charged in the attacks was from Iraq and studies showed no link between Saddam Hussein and those terrorists. Yet in 2007 a Newsweek poll showed that 41% of Americans thought that Iraq was responsible, which was actually an increase of 5% from September 2004.

Now it is not the purpose of this post to start a debate about the war, but I wanted to demonstrate that if you say something enough times, even if it is false, people start to believe it. The commercial software companies know this.

For example, let me pick on Matt Asay (I could probably pick on Dave Rosenberg but I don’t read his blog). On December 22nd he ran a blog post with the paragraph:

Five years from now, I’m not even sure what it will mean to talk about “open source” and “commercial software” as if they are two separate and distinct things.

See, Matt works for an open core company that makes their money from selling commercial software licenses on top of a core piece of software that is published under an open source license [Note: see comments below – after researching it, it seems that Alfresco is not “open core” but neither is Alfresco Enterprise “open source”]. To drive value to his company he has to make the argument that while open source is good, it can’t produce value unless someone pays for it, thus there must be a commercial software component. I disagree.

He follows this up on Christmas Day with a post about an InfoWorld article on the future of open source:

Dave Rosenberg writes that 2009 will be the year when open source becomes paid software, but I think we’re already there. We’ve been there for at least two years, in fact. We just didn’t know it.

Once again the association that open source and commercial (paid) software are one and the same.

Now I have no doubt that commercial software companies will have to become more open. They’ll have to provide better and more free APIs and they will have to work hard to build communities around their products, but that doesn’t make them open source.

Finally, the next day Asay follows up with a very paternalistic post on the struggles that the data portability field is having on defining what is “open”. I say “paternalistic” because he comes across as if the whole topic is boring and beneath consideration.

See, we in open source have been through this (attribution/badgeware debate, anyone?), and we resolved it by throwing up our hands in despair and moving on.

Oddly enough, that was probably the right thing to do, as the only people that really care about such things are the vendors involved. Customers don’t care

I claim that customers don’t care because they don’t understand. It’s posts like Matt’s that really blur the lines between open source and commercial software. They didn’t care about Linux when no one used Linux, but suddenly less than a decade later Linux is doing well. Now as open source moves up the stack it’s the same situation. Once true free and open source software becomes a viable alternative it will cause customers to care.

But it’s comments like this that make the process take longer. I’ve helped build a business around OpenNMS, which remains 100% open source software, and as I try to explain the value to potential customers I can no longer rely on “it’s open source” to mean what it used to mean. We still get replies like “yes, it’s open source, so how much is the enterprise version?” It’s “free food” all over again.

Now some of my detractors will say that I just make up terms to suit me, and that my understanding of “open source” is not valid. I get mine from The Open Source Definition by the Open Software Initiative. If anyone says that it is not valid, I’d love to hear the reasons why. What I love about it is that it starts off with “Open source doesn’t just mean access to the source code” (emphasis mine). The commercial/open core/hybrid/shareware folks would love for people to believe that’s all it means.

I can’t say that I blame them. I’ve seen the power of open source in action and if I ran a commercial software company it would be in the best interests of my shareholders to leverage anything I could, including even the most tenuous association with it. But likewise it is in my best interests to point out how wrong they are.

I’m not going to have any effect on those companies, and I realize this. Heck, Matt has his bully pulpit on cnet and my three readers get to visit my rants on an old Dell server with donated bandwidth. But who I really want to reach are those that might consider buying these companies. As Matt says the clients don’t care about open source so the investors shouldn’t either. They need to judge the value of a commercial software company against other commercial software companies.

And they need to keep in mind that projects like OpenNMS are growing stronger every day. While our open core competition might have prettier interfaces and more features, we’re catching up. We’re also focusing directly on the needs of our community, and not the buzz-word du jour. How much value does a piece of commercial software have when we might be able to replace it in six months? Customers might not care about truly open source software in large numbers now, but I’m willing to bet they will. I’m wondering who’s betting they won’t?

Greed (Rant)

Posted on by tarus

I like money. Money buys a certain amount of security, and security buys freedom.

But Gordon Gekko was wrong: greed is not good. Trying to make money for money’s sake is usually the wrong thing to do. Build a product, help your customers, and take care of your employees and the money will come. Shortcuts often lead to heartache.

Take today for example. The Dow Jones Industrial Average had the lowest single point drop in its history, due to the fact that a bunch of people got greedy and for once Congress decided not to write a blank check. And for those of you who think the sky is going to fall if something isn’t done right now, I agree with these guys.

But on to other news that’s more directly related to open source, it looks like Ringside Networks is closing shop.

I really hate it when things like this happen. Now, I’m not worried about Bob Bickel. I’ve met him a couple of times and he’s pretty smart so he’ll be fine. But my guess is that he worked with a lot of cool, smart people who haven’t quite had his level of success. They probably put a lot into their product and now, due to some bad decisions, it seems to be over.

Bob blames it on bad luck (well, the lack of good luck which is the same thing). It sounds a lot like the problems with the current financial markets – ooops, it was just bad luck that the sub-prime mortgages we made to people who couldn’t pay, well, didn’t get paid.

I’m being a bit cruel and I’m definitely oversimplifying, but if you read his description of the failure from my point of view, it does seem a bit like sour grapes.

Although he doesn’t name them, it appears that while Ringside Networks was trying to raise money from VCs, they were approached by Google who wanted to acquire them. He writes “we decided that the larger company would enable us to get our technology to market sooner and with more impact.”

I read that as “w00t! We can cash out early!”.

When Google changed their minds and the acquisition didn’t happen, Bob said they were unable to get any money since “we kind of burned the VCs”.

Bah. You don’t “burn” VCs. VCs are soulless, pure businessmen. The best are unemotional. “You don’t want our money? Fine. See ya”. They could care less about not being able to fund Ringside. If their technology was so good, “the very best VC firms” would have been fighting to fund them.

What they did care about was that Google decided to pass on Ringside. Google is a company known for integrating some of the best technology out there as well as incubating new, small companies, so if Google didn’t want your product, there must have been a reason.

Bob doesn’t tend to work with crap, so my guess is that Ringside probably had a pretty good project going, but that greed got in the way. Bad decisions were made. It wasn’t luck. For instance, they could have taken the best term sheet offer they could and then sold to Google at a later date, but that would have diluted the company considerably. It might have made them less appealing (but then the deal never happened anyway) but they would still be around.

It is real easy for me to sit back and armchair quarterback this story, and like many things I probably have it wrong, but since this purpose of this blog is to provide a reference for others who might want to start an open source business there is one other thing I want to point out.

Bob says, “our development had stalled because of our desires to build stuff aligned with our new direction in the non-evil company.”

Back in the early part of 2007 we were approached by a company that wanted to acquire our company. We were pretty excited, but as things moved along we began to have doubts. I have a very strong idea of what an “open source” company should be, and unfortunately that doesn’t always agree with the guys on Sand Hill Road. Walking away from that deal was one of the hardest things I’ve ever done, but I think one of the best.

During this process OpenNMS development damn near stopped. Thank goodness the community was able to step up and keep things going, because we were worthless. It is very easy to get caught up in the process and to let drop the things that made you attractive in the first place.

So that’s today’s small nugget of wisdom. Stay focused on your product, focused on your customers and focused on your team – no matter what – and you’ll make your own luck.

[Note: Ben had a lot to do with some of the thoughts behind this post]

Cloud Computing: What is it? It's complete gibberish. It's insane. When is this idiocy going to stop?

Posted on by tarus

Well, I guess there are worse people to be compared to than Larry Ellison. There is a short article on his views on cloud computing on CNET:

The problem is that every tech company now wants to be associated with cloud computing, no matter if their products and services meet the basic criteria. At least Ellison isn’t afraid to address the hijacking of the phrase by marketers, including Oracle’s.

I complained about this, although much less eloquently, on Coté’s podcast.

Why People Need Support

Posted on by tarus

I like to think that the people who use our services get value for their money, but I sure many more ask the question “why do I even need support?”

At OpenNMS, we don’t sell software (all our software is free). I like to say we sell time. At the moment, anyone who has found out about OpenNMS, installed it and decided to use it obviously possesses well above average intelligence, impeccable taste and is most likely devilishly attractive. They are capable of figuring out issues without a support contract, either by experimentation, using the free resources such as the mailing lists, or both. But do they have the time?

Normally, most of the trouble tickets we get concern configuration, a few involve actual bugs with OpenNMS itself, and more than you would think are the result of vendors not honoring standards. We spend a lot of time figuring out issues with things like poorly written SNMP agents and even operating system problems.

And then there are the bad MIBs.

Recently I got an e-mail from a person who uses the Anevia Flamingo product. They wanted some help using mib2opennms to convert Flamingo SNMP traps into a format they could use.

Usually I have to politely decline helping people who contact me privately about OpenNMS issues. It wouldn’t be fair to our paying clients if I spent time helping people one-on-one for free, so I point them to free resources like the mailing lists. When I have time I try to help out there, as that gets archived publicly and might help others. The catch is that you may or may not get a timely answer to your question on the list, whereas you can always pester us about support tickets.

But this question involved mib2opennms. I’ve been using that tool for six years and my mib2opennms-fu is strong, so I took the Anevia MIB I was sent, cranked it through the tool and sent back the output.

I received a reply that it wasn’t working and the user was still getting unformatted trap errors like:

Received unformatted enterprise event (enterprise:.
1.3.6.1.4.1.20967.1.12.1.30 generic:6 specific:2). 3 args: .
1.3.6.1.4.1.20967.1.12.1.30="" .1.3.6.1.4.1.20967.1.12.1.30.1="1" .
1.3.6.1.4.1.20967.1.12.1.30.2="10.180.1.232"

I went into the file I had created and noticed that the enterprise id was missing the last “.30”, which is why it wasn’t matching, so it was off to look at the MIB.

It started off normally enough, with some object definitions:

anevia OBJECT IDENTIFIER ::= { enterprises 20967 }
anevia1 OBJECT IDENTIFIER ::= { anevia 1 }
tsnmp OBJECT IDENTIFIER ::= { anevia1 1 }
manager OBJECT IDENTIFIER ::= { anevia1 12 }
aneviaManager1 OBJECT IDENTIFIER ::= { manager 1 }
aneviaManagerTraps1 OBJECT IDENTIFIER ::= { aneviaManager1 30 }

and then later in the MIB came the trap:

inputDownTrap TRAP-TYPE
  ENTERPRISE aneviaManager1
  VARIABLES { streamerInputIndex, streamerAddress }
  DESCRIPTION
    "This trap is sent when an input on a streamer becomes unavailable,
     and can no longer provide any useful data, the provided index is the
     index of this input."
  ::= 2

At least the mystery of the missing “.30” was solved. The “ENTERPRISE” value for this trap should be “aneviaManagerTraps1” instead of “aneviaManager1”. Easy enough to fix. But then I noticed that instead of the two varbinds listed in the MIB, the agent was sending three (see above) where the first one was blank (as well as being just the enterprise OID).

Grrrr.

The second varbind value of “1” could easily be the streamerInputIndex and “10.180.1.232” could be the streamerAddress but these won’t be correctly reflected in the events file since they’re off by one due to the mystery blank initial varbind.

This is the case of a poorly written MIB and a poorly implemented agent, and there is little we can do about it but work around it in configuration. I asked the user to make sure we had the latest Anevia MIB and was told we did. I wrote Anevia support but since I don’t have a relationship with them I never got a reply.

This happens way more than you might imagine, and we’ve gained a lot of experience in diagnosing and either correcting or working around such issues. Because we’ve seen stuff like this before, we can do this quickly, which is why I like to say I sell time. It only takes a few issues like this to have a support subscription pay for itself.

[Note: This post isn’t meant to be a pitch for services but a rant about the time I wasted playing with the Anevia MIB, but if it helps sell a support contract, that’s cool too (grin)]

Free Riding in Commercial Open Source Companies?

Posted on by tarus

I am way too tired to be writing what is sure to be a controversial post, but I don’t think I can help myself. In fact, I have little self control at all and I tend towards Wilde’s comment that the best way to get rid of a temptation is to yield to it.

[Note: on re-reading this it is a little harsh, even for me, so feel free to skip this post and move on to my travelogue from Milan]

I like Matt Asay. I think he’s a really smart guy, and he’s even gotten our back in the past. But lately I have to wonder what he’s been thinking. Today, especially, he went off on what he calls “free riding” in open source.

It really pissed me off.

Let’s revisit the definition of open source, shall we? The “open source definition” has 10 items (sort of a Bill of Rights), and the first three are:

1. Free Redistribution of software
2. Source Code to the software
3. Derived Works can be made from the software

Let me be blunt: the “enterprise” versions of so-called open source products built under the hybrid model violate all three of these rights. You purchase software under a restrictive license that doesn’t include the source code and doesn’t allow you to modify it. Sure, there is some small part of the code that meets the definition, but the hybrid company exists solely to profit from the sale of software.

That’s a pretty stupid business model.

Open source implies free distribution of software, which is the antithesis to commercial software. So the only reason I can think of why a commercial software company would tie itself to the term “open source” would be for marketing reasons. They want to capitalize on the success of projects like Apache and the Linux kernel, but without making the commitment to free the software. Why does this bother me so much? Because now I have to constantly explain to people what open source really means with respect to OpenNMS and it affects my ability to truly market OpenNMS as a free and open alternative to OpenView and Tivoli.

In his post, Matt divides open source communities into three groups, those that contribute code, those that contribute cash, and “free riders”. Now, when he says cash he means “folks that pay for a license to our proprietary code”. In that sense Microsoft must have a huge open source community.

People who contribute code are pretty self-explanitory, but what about the freeloaders – I mean “free riders”? What is their usefulness?

He comes up with two reasons, which I’ll paraphrase here:

1) They give the commercial “open source” company an edge by eating away at the market share of the commercial “closed source” company.

2) They provide numbers to help create a market share around the “open source” company’s software, thus increasing their valuation to investors as this is a greater pool of people to “convert” to “cash customers”.

Is that it? Without working hard I can think of several others:

3) They find and report bugs.

4) They contribute useful documentation if the community has a decent wiki or other such system.

5) They answer questions from new users on mailing lists and forums, thus driving interest in the application.

6) They suggest new features that may make the software better at its chosen task.

7) They promote open source software within their organizations.

There is some serious monetary value to these tasks, but it seems from Matt’s post that unless is its converted into actual cash it is not worthy. It isn’t a problem in a truly open project, since it is the community that should benefit from this work, but if your business model is to sell software licenses then, yeah, I guess all of those freeloaders would get you down.

Then he goes on to say

The more free-riders, the more encouraged would-be purchasers will be to free-ride, as well. Why should you be the only sucker paying for what everyone else is using for free, and quite comfortably?

This sucks for a commercial software company, but it doesn’t bother me at all. The OpenNMS Group is a services company. We don’t sell software, so if you don’t need our services why should we charge you for them?

If you are a commercial software company with an open source component, however, this can be a big problem. In fact, if you can’t meet your software revenue targets the smart thing to do would be to withhold crucial pieces to push more people to buy your proprietary code. Can you really call this model open?

Then comes the paragraph that sent me straight to the keyboard. I’ll break it up into pieces:

Ultimately, someone must pay for software in order to have it written.

If he means cash, that’s bullshit. It is quite possible to develop great code without a cathedral of paid developers. It will take longer at first, but it can be done.

Of course, “pay” could mean donations of time and effort, which do have a monetary value, but I don’t think that was his point at all.

There are huge benefits from open sourcing one’s code, but open source is not a substitute for the hard work of development, sales, marketing, etc.

Hard work of sales and marketing? Excuse me? When has a commercial software salesman ever added benefit to an open source project. The sheer idea of a seller of free software is ludicrous. Yeah, good sales and marketing will help one sell commercial software, but it is hardly necessary for the health of a truly open source community.

So what are the “huge benefits” of open sourcing one’s code? Well, if we rule out cash and freeloaders, that only leaves contributed code. Note that these benefits are “huge” so there must be some monetary benefit from the sweat equity of these volunteers. But how are these volunteers paid back? By having their efforts commercialized. They are barred from free access to the entire code base, which is only available in exchange for cash, yet their efforts obviously save the commercial entity money since they get features for free and usually with a copyright agreement that lets them create commercial derivative works from that code.

All companies, mine included, have some idea of an “exit strategy”. In the case of these hybrid commercial software companies, the idea is to get bought. The purchase price will be determined by their software revenue, so you can bet your life that the acquiring company will do little to open up the software, and may in fact commercialize more of the code.

If you ask me the entity getting the free ride is the “commercial open source” company. Was the purpose of this post to make people feel bad for just using the code and thus drive software revenues? Software license revenues have no place in free and open source software.

Nor is [open source] a winning business model, in and of itself.

Again, wrong. My company posted a 21% net profit last year. We used that money to almost double our staff, and we plan to do it again this year, and we did it without a single software license being sold. It may not be a palatable business model for Silicon Valley, but it works fine in the rest of the world.

If you have to violate the definition of open source for your revenue, why call yourself an open source company? The emperor is naked, folks, and his little hoo-hoo-dilly is hanging out. Perhaps if enough of us laugh at him, he’ll put some clothes on and get the frack out of our damn yard.

Fire-Retardant Underpants

Posted on by tarus

I woke up this morning to find out that my Slashdot post had been accepted, as well as an e-mail from a friend saying “I hope you’re wearing your fire-retardant underpants today…”

I learned early on that to do open source you need a thick skin (there are hundreds of critics willing to tell you what *you* should do), so I was pretty prepared for the usual raft of somewhat negative comments to my post. But, hey, Bruce Perens (or someone posing as him) actually replied. That’s pretty cool.

Most of the comments advised “Get A Lawyer”.

(sigh)

I don’t want to involve lawyers. Why is it in this country the first knee-jerk reaction is to sue someone. Yes, I did post it under “The Courts” but that is because there wasn’t a better category on Slashdot. There was no “licensing” or “open source” category to choose, so I went with that one.

A lot of people pointed out that there are several references on the Cittio website that mention open source projects like OpenNMS. I was aware of them. My point in the original post was that a potential Cittio customer was totally unaware of their rights under the GPL. Part of the license is “you must show them these terms so they know their rights.” (GPLv2, Preamble) The exact timing of this would be up to the individual company, but my guess is it would have to be before reaching the quote stage. Sure, you don’t have to distribute the actual source code until ownership changes hands (i.e. I can’t demand a copy, only a customer can) but I can’t see where the license requirements for full disclosure can be upheld by revealing the information after the fact.

Note that this is not a one time thing. We have talked with other Cittio clients and potential clients in the past and they tell a similar story. This was the first time, however, that the person was actually concerned about it. I didn’t screw up on the quotes with the statement “That really irritates me” – that came from the client.

This came on the heels of a post on the opennms-install list from a Cittio developer (anonymously) about very recent OpenNMS code. The Cittio site claims they use OpenNMS 1.0.2, which to be quite frank is damn near unusable these days. While it isn’t proof that they are modifying OpenNMS code, it is enough to suggest it.

Which brings me to the open source double standard.

Open source projects are constantly under scrutiny for the potential to incorporate “non-free” code into an open source project. This is very easy to pursue, since the code is out there for anyone to see. Proprietary companies, on the other hand, can easily hide behind binaries. It is very hard to deliver proof that someone has used your code. With all of the amazing stuff being done in the open I can guess that the temptation to use open code in a closed application is strong, especially since the chance of getting caught is slim. I am *not* implying that Cittio in particular does this, but I could see it happen in general.

One might say (as many Slashdot readers did) that this is the domain of the Free Software Foundation (of which I am a member) and its legal arm the Software Freedom Law Center. I tried that route. In 2005 I got an e-mail from Daniel Ravicher that stated “SFLC unfortunately cannot generally represent for profit entities, as such could jeopardize our not-for-profit status.” As the initial code base for OpenNMS is copyright Oculan and most of the rest is copyright The OpenNMS Group (both for-profit companies) they can’t help. We are exploring ways to deal with this, but for now the SFLC can’t help.

This problem raises a number of questions for me, and I think points out a weakness in the GPL. The reason the copyright to OpenNMS is held by a number of entities is due directly to the collaborative nature of the GPL. Suppose Joomla!, a fork of Mambo, modifies under the GPL some original Mambo code, and a third party takes it and uses it in violation of the license. Does Joomla! have any right to pursue action against that party, or do they need Mambo’s permission? It’s very unclear to me.

My favorite comments were those that implied that Cittio would sue me for libel. Again, my bad for asking for advice on Slashdot, and I expected as much. Libel can be defined as “the communication of a statement that makes a false claim, expressively stated or implied to be factual, that may harm the reputation of an individual, business, product, group, government or nation.” I made only two claims:

1) A potential Cittio client that had reached the negotiation/quote stage was not fully aware that OpenNMS was being used as part of Watchtower.

2) A Cittio developer was anonymously asking questions about fairly recent OpenNMS code.

Neither of those are false. These two facts raised doubts within me about whether or not I could take Jamie Lerner at his word that Cittio was obeying the GPL, and I invited Cittio to set the record straight.

It’s not libel.

One has to remember that in 2002 Jamie Lerner contacted us about a commercial license for OpenNMS. We told him there wasn’t one and probably wouldn’t ever be one, yet he went on to use OpenNMS anyway. In 2005 we revisited this and he again assured me that Cittio was just using OpenNMS 1.0.2 and was in no way violating the GPL. This resulted in the few references to OpenNMS that can be found on the Cittio website, but no real details as to how the integration was accomplished. Per the GPLv2 FAQ:

The difference between this and “incorporating” the GPL-covered software is partly a matter of substance and partly form. The substantive part is this: if the two programs are combined so that they become effectively two parts of one program, then you can’t treat them as two separate programs. So the GPL has to cover the whole thing.

If the two programs remain well separated, like the compiler and the kernel, or like an editor and a shell, then you can treat them as two separate programs–but you have to do it properly. The issue is simply one of form: how you describe what you are doing. Why do we care about this? Because we want to make sure the users clearly understand the free status of the GPL-covered software in the collection.

What I want to know is how “well separated” are OpenNMS and Watchtower?

Outside of spending a bunch of money on lawyers, which I didn’t want to do, I figured I could just appeal to the community. Slashdot seemed like a perfect choice, and as Bruce Perens pointed out “You’ve achieved your desired goal”. As I’ve mentioned a couple of times, I welcome Cittio to explain how they integrate with OpenNMS, how they tell clients and potential clients about the open source tools they use, and how they distribute the source code. Perhaps this was all a big misunderstanding.

Note that I’m really not doing this as part of my day job. The OpenNMS Group is a services-only company. We don’t sell software and so the potential loss of a client to Cittio is pretty much a non-event as far as our bottom line is concerned. But I felt compelled to do this for our community. It would be just plain wrong for a company to take their work and to attempt to profit from it, so I look forward to Cittio putting all of our doubts to rest.

I was really surprised at the small amount of Slashdot comments with, for lack of a better word, “righteous indignation” at a possible GPL violation (although we did get support from unlikely corners). Perhaps we in open source are really in our own little world, and stuff like this doesn’t matter to the world at large. Well, it matters to me.

A Question of Trust

Posted on by tarus

I went to the beach this weekend for a short vacation. On the way back I stopped for fuel, and while I was pumping a man came up to me with a sob story about a broken fuel pump and how he needed some money to get home.

This happens to me about every three years or so, and I always react the same way.

I give them money.

Yeah, I know that this labels me as a sucker, but I would much rather give $10 to ten people who are lying about why they need it than to not give it to one person who did.

On the other hand, panhandling doesn’t work on me (I rarely give money to people who accost me on the street) but busking sometimes does.

It comes down to a matter of trust.

Since I work in open source software some might assume that I’m some long-haired, love thy neighbor hippy type. This is not true. Being a geek I tend to model my behavior on what makes sense. Creating a community to develop OpenNMS is simply the most rational way to create a rapidly growing enterprise-grade network management framework. What makes it work is that the people involved have a mutual respect and trust in each other.

When I started out with OpenNMS, I decided to trust in a number of people that I didn’t know. That trust has really paid off into making OpenNMS what it is today. This wasn’t a leap of blind faith but an effective strategy based on game theory called “Tit for Tat“. Also known as “equivalent retaliation” the idea is that you trust the other person at first and then behave as they do. If they prove trustworthy, you continue to trust them. If not, you stop trusting them. It has been shown that over time this is a very successful behavior.

So why do I bring this up? Back in 2005 a company called Cittio was brought to my attention. Their stuff looked a whole lot like OpenNMS with a better GUI. I investigated it and it turns out that they are using OpenNMS and probably a number of other open source tools, but they seem to be going out of their way to hide that fact. I called Jamie Lerner, the founder, and he assured me that they were abiding by the GPL. Since I didn’t have any proof to the contrary, I decided to trust him.

It seems that trust was misplaced.

I recently got an e-mail from a company that was looking at both OpenNMS and Cittio. It appears that Cittio is not telling potential clients that any open source software is being used, at least not at the level of detail required by the GPL. From the client “Oh, Watchtower told us that they used some open source apps but did not mention as to what they used”. When I brought up the fact that parts of Watchtower are based on OpenNMS, the client replied “I could not find one ounce of mention on their website to OpenNMS or any other Open Source code that is running on this product. That really irritates me.”

I should also mention that this client is in final negotiations with Cittio (they dropped their initial price considerably) so we’re not talking a first contact cold call here – they are ready to close this deal without a single detail concerning their use of open source.

So I have moved Cittio into the “untrustworthy” column.

At the moment I really can’t do anything about this. We are doing well enough that I could get lawyers involved, but I’d rather spend any extra money we have on making OpenNMS better than pursuing a company like Cittio. I am hoping that word of mouth is enough to get people asking the right questions when dealing with them.

While part of this pisses me off another part finds it kind of amusing. The part that makes me angry is that a lot of people have donated significant time to build OpenNMS and when someone comes along an exploits that work it is just not right.

The amusing part is that this situation reminds my of the old joke about the Space Shuttle program. The Soviet’s had a very similar program called “Buran”.


Image yoinked from here.

As you can see, the two systems are strikingly similar. The joke after the Challenger disaster was that it put the US space program back 2 years and the Soviet one back 10.

In the same vein, it looks like Cittio would like to run their stuff on Windows. When we announced our Windows port, one of the outstanding issues was that jrrd had not been completely ported yet. So it was funny to see a question on our mailing list from Orhan Aglagul, a Senior Software Engineer at Cittio according to LinkedIn, asking about compiling the jrrd.dll. He used his gmail.com account when he posted on our list, but he used his cittio.com account when he asked the same question on the RRDtool list. Sneaky, huh? And not very smart, as I doubt Tobi has any clue as to what jrrd is.

When Ben is able to finish jrrd.dll (it is not needed for OpenNMS to run) I guess that will save Cittio some time, although it is published under the GPL and not the LGPL and thus they can’t use it without exposing at least some of their code to the GPL. It doesn’t appear this has stopped them in the past.

If there are any Cittio customers out their that have purchased the product and received the source code I would be interested in hearing from you and I will update this post accordingly. Likewise, if you have purchased the product and not received the source code, I would be interested in learning about that too.

Let me be clear that I welcome people to take and use the OpenNMS code, tweak it to your heart’s content and perhaps contribute some of that work back to the project. I even welcome people who make changes for their personal use and don’t, for whatever reason, feel like sharing those changes. But I have to draw the line and someone taking the code, hiding or at the bare minimum obsfucating that fact, and distributing it to others in violation of the license.

Congressional Order of Merit

Posted on by tarus

Okay, I’m not known for being able to keep my mouth shut. When I see something stupid or wrong or misleading I have to say something. I can’t help it. I sometimes feel like I should join one of those help groups:

Hello. My name is Tarus Balog, and I’m a talkaholic.

So this post will delve into the realm of politics, one I try to avoid. For those of you who are sensitive to such things, you’d be better off checking out Dilbert.

Within America’s two party system, I’m unaffiliated with either party. My views can’t be easily grouped into either one. I’m a social liberal and a fiscal conservative (one of the reasons that OpenNMS is profitable). In the past I have voted for both Republican and Democratic candidates.

I am really concerned with how well a potential US President understands technology. Things like patent reform, net neutrality and intellectual property rights are very important to me, as well as broader ideas such as science education and medical research. I want someone in office whose grasp of the Internet is more than just “a series of tubes“.

Today I received a message from the office of Congressman Tom Cole of Oklahoma informing me that I had received the “Congressional Order of Merit” for being a “business leader”, and, I assume, such a darned nice guy. It was delivered with such a flourish that my head filled with images of medals, State dinners and at least one thing to blog about. (grin)

However, it seemed a little too good to be true. I mean, I doubt there is a single member of Congress who has heard of OpenNMS, much less the OpenNMS Group, and since I’ve been online in some form or another since 1984 I’ve learned that things that seem too good to be true often are.

So it was off to Google.

It appears that the Congressional Order of Merit is nothing more than a ploy by the National Republican Congressional Committee to hit me up for money. While I figured it was as much, it pisses me off in a couple of ways.

First off, did they not think I would look it up online? It seems that they’ve hit up some other “leaders” too, such as Ira Flatow from Science Friday and this guy who took the process to its conclusion.

Second, why the subterfuge? Why the misleading phone calls? Why not call up and say “Hello Mr. Balog, we see that you are a small businessman and here’s our vision on how the NRCC can help you. We need your donation to help us realize that vision” versus the whole “Order of Merit” crap.

If the NRCC can’t be honest about that, I doubt they can be trusted to do anything in my best interest. I guess it is time for a change.

Automation Gone Wild

Posted on by tarus

This is just a short rant on the difference between getting information and getting useful information. At OpenNMS we try to build tools that solve problems – not just ones that look pretty.

For an example of the difference between wisdom and knowledge, I’ve been getting hit with a lot of these notices:

Panda GateDefender Performa has detected malicious content (FakefromWorm) in the following file

While I doubt anyone from Panda Software reads my blog (or anyone else for that matter) I would love for them to answer the following question:

If you KNOW the mail had a fake FROM address, then why in the hell are you mailing ME about it?!?

(sigh)

Time to filter “GateDefender” at the postfix level.