Having lived through the entire lifecycle of "open source," it seems like its place in development communities and businesses is well-established, with a mix of different licensing and deployment models for whatever anyone wants to do. So...is there really anything interesting left in "open source" to talk about? (Software patents, maybe, but even that's picked up some case law.)
Perens: There's a lot to talk about, if you consider that “Open Source” is a way of introducing people to the ethos of Free Software as much as it is an economic and technical paradigm for software development. The ethos part of the job is hardly done.
There is always going to be a conflict of interest between a company's needs and your needs as a user or customer. Who has control? It should be you, rather than the company that made the software or a government that tells them what to put in it as the U.S. Government did with RSA Security.
Imagine the billions of dollars paid by companies that thought they were buying security while RSA had a clear conflict between the government's needs and those of the customer. Now, Heartbleed has shown us that there are some problems that don't have enough eyes, but I still can't think of any way to resolve the conflict-of-interest issue without giving everyone the right to read, modify, use, and redistribute software. A third-party can then audit and repair government-inserted security issues as Red Hat did by auditing GNU TLS and making their results and a patch public. If that same problem exists in proprietary systems – and I assure you it does – you can't see it, you can't fix it, you can't help yourself or others, and if others know something they can't help you. But we've not made much progress in selling that idea to the end-user.
State of the Union address / 16 this year
by Martin S.
The OSI is 16 this year and in many ways has experienced a difficult childhood but has grown stronger as a result. What challenges do you foresee for the future?
Perens: Please forgive me for interpolating your question a bit: the Open Source and Free Software movement are important to talk about, OSI the organization isn't. And of course Free Software is older than 16 years, it goes back to the genesis of software. We're still not where we need to be: to the point where everyone can run Free Software for every task, without the threat of litigation over patents, and without being locked in by digital rights management. Regarding Software Patents, we've backslid from the time that we were able to derail a thrust for a Pan-European unified software patent system. That's essentially happening without our objection now. Why? Because we're no longer seen as a movement for helping people and giving them control, we've positioned ourselves as merely an economic and software development paradigm. That was a bad move. Folks, pump up the philanthropic and helping-others aspects of what you do! You dis-empower yourselves and our movement when you fail to do so.
I think we've also backslid regarding DRM, as shown by the W3C accepting a DRM API into their standards process. Indeed, we've not made much progress regarding viewers and reader's rights to use any device, and to have a durable copy of their media that works today and forever because it isn't in some black-box format. A lot of us convert those Kindle books to open formats on the sly, just to preserve them for the future. We should be able to do that in the bright light of day without fear. Or we should not have to do it.
I have been encouraged by the Science Fiction writers. Very many of them refrain from use of DRM these days. Their revenues don't suffer. Neither did the revenues of my own book series. Unfortunately, readers other than the Sci-Fi market don't know what to ask for. Can we tell them convincingly?
I think we all need to think about what we're doing with our lives and how we can help improve electronic freedom for everyone. Together we have the power, we're just not using it.
Automation Technology Displacing Tomorrows Worker
I'd like to know your perspective on the future need for programmers while automation technology continues to displace workers in many industries.
Perens: I don't oppose automation displacing people from their jobs, but for a reason you might not expect. Human beings are demeaned when they perform “mechanical” tasks for their employment. They are not machines! Whether picking fruit or stock in a warehouse, People are not enriched by doing it and it does not exercise their unique capabilities as thinking entities. So, I'll ask a different question: When we can automate so much, why is it still necessary for so many to do the most demeaning sort of work just to feed, shelter, and clothe their families? Our society needs to move those people into rewarding work instead of the demeaning mechanical sort. We do a very good job at generating obscene amounts of wealth for a few while too many suffer. What are you doing about that?
Regarding whether programmers will be automated out of a job:
Once “computer” was a job title for people who did math all day, and the automation that so completely replaced them in that job was called an “electronic computer”. Those people moved on to other jobs, often as programmers.
What about the future need for programmers? There was a big, government-funded scientific research project to develop “automatic programming”. It produced what we today call the “compiler”. It reduced the price of programming, but that actually increased the demand for programmers.
The job market for programmers will dry up when all of the programs that a mass of people would ever desire have been written and perfected, regardless of how automated our tools become and how powerful future computers may be. I'm not sure that such an end of need is a possible condition. It's sort of like saying that there will be no further need for horse coach designers once the coach is perfected. We stopped needing what we could imagine in the 1830's, and went on to something else.
If we ever arrive at artificial general intelligence, we may obsolete human beings as no more than an evolutionary step on the way to something else. But that is only one of many possible futures, and not an impending one.
Should the software used for Obamacare be open source. I don't just mean the website, but also things like the software controlling pharmaceuticals, X-rays, MRI, maintaining health records etc. ?
Perens: Allow me a slight diversion to talk about Obamacare. My wife, son, and I have each individually been denied private health insurance although we're healthy, for what is essentially medical trivia. One insurance company rejected us on the grounds of my son having a certain medical test, even though he passed it. I own my one-man company, and until this year had no way to provide my family with insurance. Fortunately for us my wife was able to get it through her employer, but we would have been sunk if she had lost her job.
I think Obamacare will do one really big thing that truly scares the Republican Party. It will free up millions of smart people to be self-employed, who formerly stayed in the corporate world. These folks are in their 40's and 50's, have families to take care of, but previously could not reliably get insurance on their own. The small-business revolution will come not because these people actually buy care through an exchange rather than getting it through a spouse's employer, but because they know that they can get it when they need it.
The small business revolution that Obamacare drives will create disruptive technology and thus economic churn as income moves from older established companies to more new ones. This shift from mega-business to smaller business erodes the Republican money base, and that's why the Republican Party must kill Obamacare at all costs, regardless of the damage to their own people.
Now, what about the software that is used for “safety of life and property” applications? This isn't just health systems under Obamacare, it's the stuff that operates elevators, aircraft and air traffic control, your automobile, anything where a failure can hurt people.
Karen Sandler does a great talk about this called “Unchain my Heart”. She has an implanted pacemaker due to cardiomyopathy (enlarged heart), and was justifiably reluctant to have one with proprietary software implanted.
There is no question that software failures have killed people going back to Therac-25 and probably earlier, and will continue to do so.
Software that is in life-and-property-critical applications should be disclosed. It can have all of the power of copyright protection, but it should be possible to audit it. Everyone should be able to discuss its issues, with quotes of the applicable source code as needed, on-line and under public view. If the security of your Bluetooth-enabled pacemaker is a crock (as embedded software so often is), we should be able to tell you about it, and get something done.
My experience is that people code better when the whole world is looking over their shoulder.
Credit for the OSS movement
by Anonymous Coward
Some years ago, around 2006, I attended a talk from Eric S. Raymond at a venue large enough to accommodate his massive ego and still leave room for attendees. He informed that he had essentially given HP their Open Source strategy. Your name was not mentioned once. I am curious what were your discussions like at HP during your time there, specifically in regards to the ideals of Free Software versus Open Source. My question specifically: What legal and financial hurdles and impacts, if any, did HP (and other companies) face when deciding between Open Source and Free Software models? I.e., what proprietary assets/IP could not be completely "freed"? What were the savings/costs associated with the decisions?
Perens: At some point I accumulated enough credit for achievements that it became unnecessary to fight over it :-) . But I am hardly without flaws. Most visible might be that I want to get things done and don't mind trampling others if that's what it takes. I try to keep my ego down enough so that I get through those narrow doors.
The worst problems I saw at HP had little to do with Open Source. What I remember most was the sadness. There were and are many smart people there, and so many of us were conscious that the company was in a sort of death spiral and that we couldn't do anything about it. The “pretexting” scandal was to the discredit of the board, the general counsel actually took the 5th in front of Congress on national television! Carly (the CEO) asked all of the employees to take a voluntary pay cut in the same month that she and other Board officers sold tens of Millions of dollars of HP stock. I remember my boss (a Section Manager, now the CTO) announcing at a meeting that an employee had gotten a “Reinvention Memo”. That meant lay-off, a sarcastic re-framing of HP's “Reinvent” motto that showed how even upper managers like him were in despair. There was a series of ill-advised acquisitions of second-best or declining companies that HP failed to turn around, and then sold for cents on the dollar two years after acquiring them. The Compaq merger put the company at the very top of a business with vanishingly-small margins.
There was one really bad day that I guess is safe to talk about now, more than 10 years later, because the information is already in the public and thus no longer subject to NDA: Microsoft showed HP their plans to sue the Open Source projects for the Linux Kernel, Samba, Sendmail, and a list of other projects. Someone immediately shot me an HP VP's memo recounting that meeting and concluding that we should back off of Open Source before the lawsuits started. When I passed it to my boss, I was told to keep it quiet. But I was hired to be an Open Source community leader first, and an HP officer second, and keeping quiet about that meant betraying the Open Source developer community. I just hated that and it poisoned my involvement with HP.
Microsoft eventually used SCO as a proxy to achieve what it disclosed to HP that day. I'd been warned long before that happened, and could do nothing until SCO announced their damaging but ultimately unsuccessful jihad against Linux.
What I think is worth remembering about HP is that it was once the great tech company that people wanted to work for, as Apple or Google might be for many today. I think a lot of what made it great left with Agilent. The Test and Measurement business was a low-volume, high-margin business that required lots of too-highly-paid old smart people who worked in expensive labs in Palo Alto, California. That became the most costly place to do anything largely due to HP's own success. But Test and Measurement was also the brain-trust of the company, and lent its creativity to all of HP's other aspects. So we lost a lot, I think, when Agilent was spun off of HP.
HP's problem regarding Open Source and Linux was that systems running Linux competed with other HP lines running HP-UX or Microsoft, and HP was structured as Organizational Silos. Each line had its own sales-people, and different lines competed with each other for the same customer. HP-9000 folks were always complaining because Linux undercut HP-UX and thus HP-9000, as were folks who sold Microsoft Windows systems based on x86. If I said anything in the press about Open Source or Linux, a customer would ask one of those single-line sales-people about it, and it would come back to my boss as a complaint rather than a sales opportunity.
HP was always to some extent in Microsoft's pocket, although they were also aware that Microsoft had screwed them and would continue to do so. HP de-emphasized further development of the HP 9000 hardware because Microsoft had told them in the late 80's that they were soon to have an enterprise-quality NT. HP believed it, but MS failed to deliver for a decade. That lost HP Billions while Sun Microsystems took the engineering workstation market from HP. The HP officer who made that decision of course went on to be a Microsoft executive.
What we did achieve at HP was a good process for deciding what to do with Open Source when individual opportunities came up. If you wanted to incorporate Open Source in a product, or you had a business reason to Open Source something, we resolved the legal issues, the community issues, we even handled some security aspects and achieved a reasonable level of reuse. That could all be achieved by middle managers. So, everybody in the company knew that it was OK to use Open Source, but there was a process you had to go through. It wasn't particularly expensive, it did sometimes sink multiple days of some engineer in doing paperwork, but that's just due diligence and we ended up on a better legal footing when we used Open Source than otherwise.
There were things we decided not to Open Source because there was no good business reason for doing so. We weren't UNICEF, so there had to be a business reason for everything. There were times when legacy customers would have gained benefit if we brought one of HP's nine legacy operating systems to Open Source, but untangling the proprietary software that originated with third parties from the rest was too difficult. There were a few times when it was decided not to Open Source a legacy product because we were afraid that IBM might use it to sell their hardware against ours. Once that happened with a system that had only 5000 existing customers, and it would have been better for the customers for HP to open it but the decision – not mine – was not to do so.
I've since helped other companies start their own internal Open Source Process, and still do so today.
What we never achieved within HP, what I never had the power to do, was: to get HP to completely stand behind any innovative product regardless of what that meant for old-line products, to make innovation the #1 job of the company, and to grow a brand-new company from the old one every year that they were in business. They needed to embrace disruptive technologies as a pioneer rather than have the disruption done to HP by competitors. I think they tried to kill the Silo organizational structure after I left, I don't know how successful that was.
Q3 for BP
What are your five biggest fears for safety on the Internet today, and where do you believe responsible admins should put their efforts for those five?
Perens: Centralization: too much depends on too few companies. It's not entirely a matter of architecture, it's a matter of getting customers to distribute themselves. So maybe it's a social engineering problem to a great extent.
Conflict of interest: Back to those companies again. They are operating your internet infrastructure, and their interest isn't yours. I found out today that my kid's school is using Turnitin. The problems with that are well covered at Wikipedia. We need a way to provide sustainable infrastructure that works for the customer, instead of exploits them. I'm for non-profit common carriers and services, using Open Source.
Politics: we still don't have much of a footing, despite our numbers, and even our wealth! We need to get more of the people we listen to and admire into elected offices, and in communications regulators like ITU and FCC. Way too much of the leadership there is from the exploitation side.
Privacy: I am afraid we're going to shoot ourselves in the foot pursuing it. We're rapidly heading for a locked-down Internet as IETF pushes for an HTTPS-only web. From there it's only a very short step to certified browsers, user digital signature requirements, Open Source and anonymity both locked out of the system. Yes, the metadata thing is unsettling, but we also have to be clear that we employ spies to work for our country and to help protect us, and they have an important job to do. We need to work on the politics of regulation and oversight of our nation's espionage rather than the nerd approach, which is to attempt to treat a social problem as a bug in the network software.
Economics: If OpenSSL had been dual-licensed AGPL3 and commercial, we would probably not have Heartbleed. There would have been money from its commercial users. Imagine companies like Intuit using OpenSSL and not giving much back to its maintenance at all! That was a mistake. IMO dual-licensing has a bad reputation because of MySQL, and also because some folks at Red Hat have promoted against it. We need to revisit it.
Do you find your views on blended/mixed license models evolving over time? Is it time to lay down the pitchforks some of the time?
Perens: PR isn't really a pitchfork. It's always been about people who are calling something Open Source when it is not. Not against mixed models. If you want to have something that has some community participation and doesn't meet the Open Source Definition, don't call it Open Source or Free Software and nobody will pursue you with pitchforks. We may continue to say our way is better, but that's fair.
In that vein, keep in mind that Creative Commons is not Open Source. A few, actually a minority, of creative commons licenses are. About the only right that all Creative Commons licenses have in common is the right to read.
Open source HARDWARE
What are your views on Open source hardware? Is it as important as open source software, or less important, or not important at all?
Perens: Let's please call it Open Hardware, in the interest of simplicity and good marketing. Unless you are interested in calling it Free-Libre Open Source Hardware or FLOSSHW. I bet there's somebody that silly.
I think it's important. But there's an important thing we should be aware of about Open Hardware. It's backwards in a way. Richard Stallman's Free Software movement opposed software being copyrighted. Copyright does not, for the most part, apply to hardware designs because they are functional (read about CAI v. Altai to understand this). Patents apply to hardware designs, but most Open Hardware designers never pursue a patent on their designs. What then do they license to others?
It turns out that we have a group of people at CERN, and one of my favorite lawyers and Yahoo, and even me, trying to add restrictions to something that is, for the most part, already in the public domain. And it came to me that this was backwards, and that we could be working against our own interest that way.
We all get to use the vast body of electronic designs that we've read about in magazines since the dawn of ham radio. Now, imagine if those were suddenly copyrighted and under enforceable licenses.
The problem is that when we start licensing things that are actually in the public domain, we create norms that the courts take seriously. And they start enforcing licenses on things that could not be licensed before. We really can write new law when what we do gets to a court case, and we want to be careful what law that is. If we were responsible for taking hardware designs from public domain to copyrighted status, we'd be shooting ourselves in the foot.
So, for a while I was uncomfortable with my own Open Hardware evangelism. Was I doing the right thing? I think I've worked out the right path now and will be warning the community about this issue.
There's also a lot of confusion about how effective Open Hardware licenses are. If you make a 3D printer and you think your license keeps other people from manufacturing copies, sorry! It does not protect your design unless you have filed patents. Copyright won't do it. It might keep people from selling the plans, but not the devices.
We also have a bunch of people who use “CC BY-NC” licenses on their designs and then call it Open Source Hardware! Funny how eager they are to call it “Open Source” and then they don't even follow the rules of Open Source. Open Source includes the right to use in any way. If it's “no commercial use allowed” like CC BY-NC, it's not Open Source.
So, there's room for a lot of education there.
Re:How do we address the weaknesses of Open Source
More to the point, how do you reply to the criticism and practice that Open Source is worthless because there is no company to back it? I run into this all the time. First, no one stop shop to get tech support from if we have trouble. Second, No company to go after for liability. Third, no company to maintain regular bugfixes and general currency and freshness. We don't have a policy against Open Source, we just have a standard the vast majority of (perfectly adequate) software can never meet.
Perens: Well, I bet your employer doesn't do as well as Google. Or any number of companies that make money hand over fist while using an Open Source infrastructure. So, I thought I could stop evangelizing on this issue. But maybe not.
Having a shop to get tech support from is important. But you guys are kidding yourselves if you think there isn't one. Even IBM will do that. Indeed, they make a great deal of money implementing and maintaining solutions that are glued-together Open Source programs for the most part.
Or is it that you want a different company for every different program, like in the proprietary world. That's not so nice when you have to use them, is it? You spend the day trying to convince them that their product is broken and having to deal with them pointing fingers at each other rather than fixing your problem. Sometimes it's nicer when one contractor really can fix all of the pieces. How do you do that without Open Source?
The liability issue is a red herring. How often have you actually sued a software provider and collected all of your damages and court costs? Many of them would go bankrupt first. I am an expert witness on some of those cases, and they cost so much to fight that you lose even if you win.
But there are the big vendors like Microsoft, you're safe with them because they have the cash, right? How often do you hear of a customer actually collecting court costs and damages from them? Go read your EULA.
If you actually want liability that works, you need the vendor to provide insurance-backed support for your individual account. That means the insurance policy covers your account, not their other 10,000 customers, and it persists with you as the beneficiary if the vendor goes away. Most companies aren't willing to pay for that.
Regarding regular bug-fixes and freshness, this is another thing that it's difficult to get for proprietary software. Do you really know what the bugs are and if they are being fixed? I bet that information is a trade secret. This is an area in which it's easier to work with Open Source.
Again, I didn't think I still had to make this sale. Usually, the companies that think they don't use Open Source these days really do, it's just that engineering hasn't told management. I get called in to help the managers make policy when they find out.
You are on record as being rather firmly against private ownership of firearms. Frankly, I thought this extremity of anti-gun zealotry was a Republican myth, a straw man used to rile the rabble. I understand that people in less civilized territories will on rare occasion use guns for murder and atrocity, I am not aware of this impulse being a general hazard of gun ownership.
I'm from Alaska. All the people that I know who have guns have only ever used them for hunting. I'm less sympathetic to those who can acquire an alternate hobby besides shooting, but there are yet many places where hunting is a means of subsistence. I've known many people to bow-hunt, but I suspect if your dinner depended on your marksmanship you might prefer the more effective instrument. Does your plan involve screwing hunters as well as the millions of other lawful citizens?
Originally we are a revolutionary state, and I believe the People yet preserve the right to revolution. Furthermore, Mao was right about the origins of political power: violence is the defining characteristic of government. Do you believe that the 'tree of liberty' is no longer hematophagic? Else, by what means are we intended to obtain and keep self-governance?
Perens: I'll start by calling B.S. on your dialogue above. The existence of disapproval of the private ownership of firearms isn't a “Republican myth” unless you have never heard of the United Kingdom, where – the horrors! - private ownership of handguns and the like is not allowed. You should get out of the county sometime. Indeed, you'd have to be living in Plato's cave to be ignorant of Lincoln, the Kennedys, Martin Luther King and his mom, poor congressperson Giffords deprived of part of her brain and the power of speech, and 11,000 firearm murders in the U.S. every year. So thanks for taking advantage of my interview to give a little deceptive speech rather than just ask a question.
The last time I was in Denali, where 1000 pound grizzly bears would walk right in front of me down the main shopping street in town, I felt the urge to carry some large-bore repeating rifle. Not that it's easy to stop a grizzly. But I understand that out in the boonies, it's different than it is in Oakland.
There's a crime scene with some teenager shot dead a short drive from where I live, almost any evening. And unfortunately there is no shortage of people who decide to find a dozen innocent folks, often kids, to snuff before they take their own lives or persuade a cop to do it for them.
What of my right to life, liberty, and the pursuit of happiness when every nut-case seems to have been issued sufficient automatic weaponry to cut all that I love right out of this world?
I don't have firearms in my home, and my kid doesn't get more than a BB-gun to plink targets with, because I don't trust myself to be 100% sane for every moment of the rest of my life. People aren't built that way.
I learned that from my dad. He killed some Nazi soldiers and brought home a Luger, with the firing pin carefully removed and destroyed. So we had an authentic human trophy in the house, but not one that would fire. Dad was a reserve and was activated for both WWII and Korea. He had a Purple Heart, a bravery medal, and a panel chock full of campaign ribbons. But he wouldn't trust himself to be 100% sane for the rest of his days and keep a functional firearm at home.
Each society decides on the balance between liberty and protecting the weak from the strong. My problem with firearms is that they make you too strong for the safety of the people around you, and you are not capable of rationally wielding that strength throughout every moment of your life. People do break, and when they do, things happen for which every one of us should be sorry. So yes, I do believe the balance as it exists in the United States today is wrong. If you are not a subsistence hunter and you don't face ursus arctos and maritimus when you take out the garbage, I would indeed have you disable your weapons by leading the barrel, which is a more permanent means of disabling a firearm than just removing the firing pin.
In Jefferson's time, when individuals working together could fight off a regiment, individual ownership of firearms was an implicit limit on the power of the state. No longer can any number of people weigh their armor against that of a modern military, rather than pick at its edges dishonorably with IEDs. The Tree of Liberty today is renewed by the blood of journalists, not marksmen.
I grew up reading Heinlein, like so many of us, and was captured by the romantic image of the armed freeholder. R.A.H. didn't bother to preface his stories with any mention that he was a failure as a miner and too sickly for most of his life to survive without society's protection. For him, those stories were wish-fulfillment. Heinlein invented some aspects of modern warfare (his contribution to the Operations Room or CIC is most cited), further arming society against the individual and killing his own dream for good if it wasn't dead already.
Perhaps there are real freeholders protecting their rights with their guns somewhere, but mostly there are fat old guys with a 300-channel cable TV package and some freeholder fantasy going. Kids don't have to die for the sake of some old fart's toys.
It's damn past time that the anti-firearm folks got as much lobbying power as the NRA. There are enough of us. Count me in if you can make that work.
Thanks for the interview, folks!
Perens: I'd like to tell people what I'm up to this year.
At the moment, I'm CEO of a startup called Algoram. We make a power-efficient mobile software-defined-radio transceiver, which is to dual-licensed Open Hardware and commercial with some tricks that let us both be Open and preserve our revenue, and we're building dual-licensed Open Source and commercial software for digital radio communications. The radio can use any modulation on frequencies of 50 to 1000 MHz, although it's not made for spread-spectrum. Its major market will be commercial and municipal two-way radio, where they don't particularly want Open Source, but hams are experimenters and their Open Source development helps us.
A partner and I have funded the company out-of-pocket through getting our first product working. It's better to ask for venture funding when you already have something to sell.
I'm also operating my consulting firm to pay the bills. I work with law firms and companies that need help with Open Source. Sometimes they need policy and processes, some have been GPL violators who need a path to compliance. I am the bridge between law and engineering, explaining each side to the other, training engineers to identify legal problems in software and work with attorneys effectively, rewriting part of a customer's product to cure an infringement. I get to do good (by helping companies to comply with Free Software licenses) and pay the bills too.
I'm not doing the Free Software Evangelist job very much this year. Taking a break after working on this since about 1991 feels good. I haven't changed what I believe, but I won't be traveling much for Free Software conferences in 2014 and I've turned off a lot of writing and mailing-list participation. I will be back to that, but right now I'm focused on running a company and making something new.