Wednesday, October 31, 2001

Microsoft's Digital Rights Manamgement Cryptome has a good article about how Microsoft's Digital Rights Management System works. Sharing this information is probably illegal under the DMCA, which is a pity, because how else would people learn MSFT has once again broken standards by using "the non-alphanumeric character '*' instead of '/', and '!' instead of '+' in some places, and in other places they replace '/' with '@' and '!' with '%'. This means that any software dealing with these strings cannot use a standard Base64 decoder, but must use a custom-build decoder." Custom built by Redmond, of course.

Type-it-4-Me for Windows Here's a text expander for Windows. Thanks to Mark for the link.

Tuesday, October 30, 2001

Where will new technology demand come from? First lets get one thing straight: there is no pent-up market demand for technology right now. None. No one wants new servers, application or otherwise, and no one needs a new PC. So where's the demand going to come from? On the consumer side, Walter Mossberg guesses it'll build on AOL, Palm, cell phone, and wireless networking, all of which put ease-of-use before technology. They also focus on helping people share stuff, which when it moves beyond text (i.e. movies, pictures, audio) will be the next big driver of PC hardware upgrades. Editting pictures, movies, and sound files all require the sort of clock-speed and memory only useful for games (to date). Apple twigged this a while ago and has done much to improve the experience in this area.

Monday, October 29, 2001

Interview with Sleepycat President and CEO, Michael Olson How to make money with the GPL. How to promote and spread free software. How open source's experience advantage with developers gives companies a competitive edge. Sleepycat President and CEO Michael Olson shows us what happens when free software meets intelligent business strategy.

Could you tell us a little about Sleepycat?

Sleepycat Software was founded in 1996 to develop, maintain and support the open source Berkeley DB product. Our approach to business has been very different from that of many other software companies that started during the past several years. We've always been funded by our revenues, and have never taken any capital from outside investors. We've been profitable since inception.

We have a dual licensing strategy that permits us to distribute an open source product but still make a living off of software licensing for that same product. Open source licensing has given us an enormous installed base and a large pool of developers who know and like our product. Our for-pay licensing strategy has allowed us to hire developers, salespeople and marketing staff, and to promote and support Berkeley DB.

We've doubled revenues annually since we started Sleepycat. Despite the tech downturn in 2001, we expect to record substantial growth in revenues this year as well. The company was started by two people, Margo Seltzer and Keith Bostic. Today we have thirteen employees, mostly in Boston and the SF Bay Area, with a few elsewhere.

Nearly all of our customers are original equipment manufacturers, or OEMs. They embed Berkeley DB in the products that they build, and then ship those through to end users. We have a very small direct sales force to reach our OEM customers.

We have a couple of hundred paying customers, and an unbelievable number of non-paying users under the open source license. I did some work last year to quantify our installed base. Counting all the projects and products that bundle and redistribute Berkeley DB, we estimate that there are more than 200 million copies deployed worldwide. We get about 1200 copies downloaded daily from our Web site. That doesn't count copies from mirrors, copies bundled with other open source distributions, or copies shipped by proprietary vendors.

If you surf the Web, send email, or shop on-line, the chances are that you use our software. Berkeley DB is embedded in network infrastructure products like routers and switches, DNS and Web content caches, email servers and clients, and is used by an enormous number of ISPs and ASPs for Web content delivery or back office services. Companies like Cisco, Sun, HP, IONA, Amazon and Sendmail use Berkeley DB. Open source projects like Cyrus, Squid, RPM, Postfix, and MySQL include it.

We're proud of the success we've had. It's due to the quality of the people that we've managed to attract and retain. We're small, but everyone here is very smart. We have a very senior team of technical people working on an established, mature software product.

We don't look like a typical technology company. In a male-dominated field, we're about evenly split on gender lines. In a work-all-the-time industry, we emphasize the importance of families and interests outside the company. We've always earned more money than we've spent, so we have never had to do layoffs. Lots of companies talk about empowering employees -- at Sleepycat, everybody makes important decisions every day. We have a remarkably liberal benefits policy for a company our size.

Sleepycat is the best place I've ever worked.

How did the Berkeley DB code base come into existence originally?

In 1991, Keith Bostic, Margo Seltzer and I were all at UC Berkeley. Keith was working for the Computer Systems Research Group, which produced the Berkeley Software Distributions (BSD, popularly known as Berkeley UNIX). At that time, the CSRG was trying hard to produce a version of the distribution that included no AT&T copyright code, so that people could get the source code for Berkeley UNIX without having to buy a source license from AT&T.

Margo and I were doing graduate research in database systems. Keith approached us and asked us to produce a version of the dbm library, which is still a widely-used single-user data store on UNIX systems, that was unencumbered by an AT&T copyright. We thought it was an interesting project, and agreed to work on it.

The result was eventually shipped with the 4.4 BSD release as "Berkeley DB". That version had a dbm-compatible interface and supported two storage structures, hash tables and btrees. It was distributed under the same BSD licensing terms as the rest of the BSD software. Not long after it shipped, I went off to do other things. Keith and Margo continued to maintain it, and eventually got to release number 1.85 under that license.

The 1.x code was picked up by a lot of different open source and proprietary developers. Notable among those, for later business reasons, were Sendmail, the SLAPD group at University of Michigan, and the Cyrus project.

In 1996, Netscape Communications decided to build a suite of server tools. That suite was to include an LDAP server, and Netscape recruited a number of the core team from University of Michigan that had done the LDAP work there. With guidance from those developers, Netscape approached Keith and Margo to ask them to add some new features, including support for multiple users and for transactions and disaster recovery, to the 1.85 version of Berkeley DB.

Margo and Keith agreed, and on the strength of that deal founded Sleepycat. The agreement with Netscape left ownership of the new intellectual property with Sleepycat. Margo and Keith wrote a lot of code, hired an attorney, crafted a new license for the 2.x release of Berkeley DB, and filed incorporation papers in Massachusetts.

Since the release of 2.0 in 1997, we've done about three releases per year. We're currently at release 3.3. We'll ship version 4.0 late this year. Our staff of 13 includes nine software developers. That's the team that is doing the engineering work on new releases, the testing, and the software support. The 3.3 release is about 150K lines of C code, with fairly thin API layers for C++ and Java. There are Perl, Python, Tcl, and PHP bindings as well.

How does Sleepycat's dual licensing model work?

The original version of Berkeley DB was, as I said above, released under a BSD license. When Margo and Keith formed Sleepycat in 1996, they wanted a license that would encourage open source projects to use the library, but would allow them to make money from proprietary vendors. They crafted a new license, called the "Sleepycat license," and used that for version 2 (and, later, versions 3 and 4) of Berkeley DB. Version 1.85, the last of the pre-Sleepycat releases, is still available (you can even get it off of our Web site), and it's still under the BSD license. However, the multi-user transactional engine is only available under the Sleepycat license.

The Sleepycat license says that you may download and use Berkeley DB at no charge, provided that

- you do not redistribute your application code off of a single physical site; or

- you make the complete source code for your application freely available at no charge.

These are, effectively, the same terms as the GPL. We didn't use the GPL for historical reasons -- carrying the BSD license and copyrights from 1.85 would not have been possible under a straight GPL. However, the license was designed to work exactly the way the GPL does.

Proprietary software vendors generally can't agree to these terms. They can't afford to give away the source code to products they sell. If a company wants to redistribute Berkeley DB as a part of a proprietary product, they can come to Sleepycat and pay us a fee to purchase different license terms from us. In that case, we sign a pretty conventional license agreement permitting use and redistribution in binary form, without forcing them to ship source. We make the usual representations and warranties, indemnify the customer against certain damages, and so on.

In effect, Sleepycat's dual licensing strategy says that

- if you're open source, so are we; but

- if you're a proprietary software vendor, we look exactly like all of your other proprietary suppliers.

This works for two very important reasons.

First, Berkeley DB is a library. In order to use it, developers must link it with their applications. That gives us leverage over the terms under which the embedding application is distributed. We can force them to use an open source license or to pay us money. This strategy doesn't work for standalone applications like Web servers, relational database servers, or mail servers, because the end user doesn't change those or link directly with them. Note also that this wouldn't work if we applied something like the LGPL to Berkeley DB -- it's only the full-blown GPL-style license we have that gives us the leverage to charge money.

Second, Sleepycat owns the intellectual property in Berkeley DB. Unlike many other projects, there's no developer community outside the company that's contributing code to Berkeley DB. We do the development. In some rare cases, we do get code contributed from a customer. When that happens, we require that ownership of that code be transferred to Sleepycat before we'll incorporate it into our source tree. If we allowed third party contributions that we didn't own, we would not have the standing we need to cut proprietary licenses for our paying customers.

So for example, if MegaISPCorp downloads Berkeley DB and uses it to build the authentication and user database for their Web site, but it runs only inside their data center, then they don't have to release their source code or pay us any money. They're not shipping our code. None of the users who visit MegaISPCorp's Web site need to release anything, because they're not redistributing our software either.

The restrictions apply only to people who actually ship Berkeley DB. That's the action that requires either payment or release of source code. Building a Web service on top of Berkeley DB and making it available via HTTP doesn't require payment or release of code.

It's not quite right to say that "under the Sleepycat license" they can ship closed source. They can't do that at all under the Sleepycat license -- it's effectively the GPL. If they want to ship closed source, they need to pay us for a different license. That license looks just like all the other agreements that vendors sign with each other. The "dual licenses" are the Sleepycat license and a separate license agreement for proprietary use and redistribution.

How does bug fixing work at Sleepycat? That's a big draw of many open source models.

We don't have a large number of third party developers posting bug fixes. Occasionally we'll get a proposed patch from the field. Most often, we get very good bug reports: "At line X in file foo.c, you release a mutex that you already released on line Y in file bar.c because you're not checking condition baz." Customers use the source to investigate problems thoroughly. We generally produce the patch, integrate it into the source tree, and run it through our regression and coverage suites prior to the next release.

We still have many eyes making all bugs shallow, but we don't have many hands making the patches.

One important reason for this is that, in Berkeley DB at least and likely in other database engines, you can't make changes to (say) the locking subsystem unless you understand the assumptions behind recovery processing. People who have been building database servers for a long time understand how all the pieces fit together, but it's hard for a casual programmer to join a project like Berkeley DB and make contributions quickly. There's just too much state to absorb. By contrast, a casual contributor can get up to speed quickly on projects like Apache or Linux, where you can work in an area that's entirely independent of the bulk of the system.

Interestingly, the places where third party contributions *do* happen in Berkeley DB are completely outside the core library. For example, Robin Dunn does a fantastic job on the Python language bindings for Berkeley DB. Likewise, Paul Marquess keeps the CPAN archive up to date with the Perl bindings for the latest release of Berkeley DB. The API bindings don't depend on library internals in any way, and that's a place where we do get some leverage from developers in the open source community. We don't own these, and we can't charge money for them, but we don't need to. It's good for us that people writing code in those languages can use our software.

Do customers come to Sleepycat asking for custom services often? Does this dual license allow Sleepycat to continue development Berkeley DB successfully?

Customers do tell us what new features to put into the product. When we do our release planning, we look at the customer requests we've gotten, decide which ones are interesting to our customer base generally, and include those.

We very seldom get requests for custom development, however. We really don't like those. They take expensive engineering talent and put it on a project that only matters to a single customer, and we can't charge very much for the work. I can count maybe four instances in the last three years where we've done any amount of custom development at all, and all of those were very small projects. Even in those cases, we owned the changes and they got rolled into our main code line, even though the majority of our customers won't take advantage of them.

We vastly prefer to make a living off of software licensing, not services. In fact, three quarters of the money we make comes from licensing, and only a quarter from support and related services. Given that, it's much more in Sleepycat's interest to have our high-powered developers working on features that we can go sell to lots of customers, rather than projects that we can sell to just one or two.

Could Sleepycat exist if Berkeley DB was under the GPL? Do you think the work Sleepycat has done would be (commercially) possible if the original code was GPL'd?

Sleepycat could absolutely exist if Berkeley DB were under the GPL. Our business model depends on our ownership of the intellectual property in Berkeley DB, and on our ability to use dual licensing for companies that don't want to comply with the open source terms of the Sleepycat license. The GPL would permit this in the same way that the Sleepycat license does.

Both Sleepycat and the Free Software Foundation have looked hard at the two licenses, and we agree that the Sleepycat license is compatible with the GPL. This means that GPL'ed projects can use Berkeley DB under the Sleepycat license, because the GPL meets the "open source" requirement of the Sleepycat license and the Sleepycat license imposes no additional restrictions beyond those in the GPL.

A big reason for Sleepycat's success has been the widespread adoption of the 1.85 Berkeley DB code under the BSD license, dating back to 1991. Kirk McKusick has an apt characterization of the BSD license: There's copyleft, which in some sense requires broad distribution of copies, and there's copyright, which is intended to limit the distribution of copies. Then, according to Kirk, there's copy center, as in, "Take it down to the copy center and make all the copies you want." BSD is a copy center license. You can make copies and use them for whatever you want without paying anyone any money.

It's hard to say how Berkeley DB would have fared under the GPL in the early 1990s. Certainly it was well-written and useful, and it would have had some success. However, I can't say whether it would have been picked up by the projects, like SLAPD, that directly led to the formation of the company.

I will say this, though: Sleepycat couldn't exist if the current release of Berkeley DB were under the BSD license. I'm not taking a political stance, here -- I think that open source licenses like the GPL and the BSD license are valuable, and that both have created enormous value. As a business matter, though, the BSD license wouldn't allow Sleepycat to pursue the dual licensing strategy that we have with Berkeley DB.

The business lesson here is that you need to consider your product strategy, your business model, and your licensing terms as a coherent whole. Our answers are embedded storage management, revenues from product licensing, and dual GPL/proprietary terms. If you change any one of those three, the business doesn't work anymore.

Why aren't dual licenses more common among free software businesses?

Most free software projects are standalone utilities. Unless you can impose restrictions on the end user's application code, you don't have the leverage you need for dual licensing. This is simplest for libraries that are released under GPL-style terms, like ours. There are a few cases besides us that I know about. For example, MySQL AB in Sweden has GPL'ed their client-side library, but they'll sell customers proprietary licenses to build MySQL clients using exactly the same dual licensing strategy that we have.

And, as noted earlier, ownership of the IP is crucial. If you've got ownership shared among developers all over the globe, there's no single entity that customers can approach for a closed-source redistribution license.

Is relaxing the GPL's redistribution requirements was valuable to some customers?

There are GPL'ed packages -- like Linux and the GCC toolchain -- that have enormous installed bases, but there aren't so many *libraries* that are widely redistributed under the GPL. The FSF created the LGPL to address exactly this problem: proprietary vendors can't use libraries under the GPL in their closed source products, but the LGPL allows that.

We weren't really being calculating when we released Berkeley DB 1.0 under the BSD license. All Berkeley software was under the BSD license. We just did what the rest of the people in our building were doing. If we'd chosen the LGPL instead, it likely wouldn't have made any difference to how broadly our software got picked up and used by other projects and by proprietary vendors.

I can't say what the difference would have been if Berkeley DB 1.0 had been GPL'ed instead. I can't point to any single early user who would have declined to use Berkeley DB under the GPL.

That said, starting with a BSD license and switching to the Sleepycat license certainly worked for us. It's ironic, really. You often hear that the BSD license is business-friendly, and that the GPL is the great destroyer of intellectual property. Well, in Sleepycat's case, switching to a BSD license would kill our company. Our ability to charge money for our intellectual property depends entirely on a license that's just like the GPL.

Do people ever break licensing terms? How do you manage that?

It happens. Generally it's an accident -- no real company wants to be in violation of another company's intellectual property rights, so it very seldom happens intentionally. When we find out about a case like this, we contact the person or company involved, explain the terms of the Sleepycat license, and point out the violation. Almost every single time, the other party has gotten under paid license quickly. In one or two cases, when they understood the problem, they stopped using our software.

The most common way that we find out about these cases is that someone contacts us for technical support on the product, but we have no record of them in our sales database.

How do businesses feel about using open source software? Does it give you a competitive advantage or disadvantage?

We compete with proprietary database vendors on a lot of fronts -- I'd argue that we generally win on performance, reliability, and scalability. Other factors, including open source, play a role in helping us win deals, but the major impact of open source for us is that it gets us into the deal in the first place.

Certainly companies care about control and visibility into the development process. Because they get the complete source code for Berkeley DB, our customers know they don't need to talk to us about new ports or custom features. Whether they ever do ports or custom features, both matter for planning reasons. During development, the fact that they've got our source code means that writing to the APIs, figuring out how they work, and debugging problems is much simpler. That speeds up development, and that's valuable to customers.

Most importantly, though, developers can come to our Web site and download the complete source for our product quickly and easily. There's no charge for developer licenses and no feature-crippled evaluation version. They get the actual product they'll ship, and they can try it out and integrate it into their products. This is much easier and faster for our customers, and it's good for us, as well: By the time they've decided we have a good solution, we're pretty well entrenched in their product. That makes it harder for our competitors to dislodge us.

This last issue -- ease of access for developers -- is a big competitive advantage for Berkeley DB over proprietary products, which have various problems with open-ended no-cost full-version evals. It helps us win business.

One last comment on this point: The market is generally much smarter about open source licensing than it used to be. Most of our customers at least know the term, and have heard of the GPL. That's both good and bad -- many have heard some of the more polarizing claims about open source, and need to be educated about our license and the business value it conveys on them. There's more fear, uncertainty and doubt among customers than there was a year or two ago, when the words "open source" never entered our conversations with many proprietary vendors.

Why the embedded market? Plans to go elsewhere?

Sleepycat's core strength has always been high-end Internet infrastructure applications -- we dominate the messaging and directory server markets, and we're deployed at the big ISPs and portal sites. We continue to increase our sales across the board in this horizontal market. We think we've got an outstanding product for these applications.

In the last year or so, we've begun to do substantial new business among vendors building "embedded systems." This term gets abused, but generally, it means some special-purpose device, generally without a desktop-style UI, providing a single service. Examples range from the fuel mixture sensor in your car's engine, to a palmtop computer, to a set-top box, to an eight-way multiprocessor providing storage virtualization services. It's a *very* broad market.

The companies using Berkeley DB in this market are generally building appliances that need to scale to moderate numbers of users (say, in the thousands), and that need very fast predictable response times. Examples include network file servers, wireless network gateways, and optical switches. The particulars of each of these are very different from the others, but all of them need fast, reliable data management. Most importantly, you're not allowed to ship a relational database administrator with every box you sell.

Berkeley DB's an ideal storage engine for products like that. There are two reasons that we're so excited about this emerging market.

First, it's growing explosively. Storage virtualization is $8B today, headed for $37.5B in three years. Telco and datacomm, despite the poor performance of the public players today, has a CAGR of 23% through 2005. New companies are forming, getting funding, and buying tools like Berkeley DB for the products they're building.

Second, there is no established leader selling databases in this market today. There's simply no Oracle here yet, dominating the market and booking most of the business. We believe that because of the unique technical characteristics of our product, our strong track record in the business, and our clear focus on the opportunity, we can be that leader. There's a lot of money to be made.
Link to this article

Friday, October 26, 2001

Slate degenerates utterly Slate used to be a great magazine. So great, in fact, that I even subscribed to it back in '97. Michael Lewis, James Sureweicki (sp), Paul Krugman, and a whole host of other fantastic writers graced its pages with insight and intelligence. Each redesign has made the site more frustrating to use, and the latest has rendered it utterly unreadable (with Nav 4, Mac OS 9). Just as well it no longer publishes anything worth reading. Slate used to be a steal. Now it costs its worth.

If you can find Lewis' fantastic coverage of the Microsoft trial (before he was booted) check it out. Technology journalism at its finest. I hope someone archives it somwhere. (I recently learnt that Slate's new degraded performance on Netscape coincides with a strategy of degraded performance on non-MSN browsers. This is less obviously stupid than their previous policy of no-performance, this way they get to turn the heat up more slowly.)

Controlling the bootloader Microsoft keeps rival operating systems off Intel machines through coercive, secret contracts. If the OEM does install a rival OS on a machine, Microsoft increases their licensing fee for Windows and puts the OEM out of business. But Microsoft does not need to keep rival OSes off the desktop, their lock on Office formats is enough to keep users from switching to other systems. This is the sort of behavior that makes Microsoft look bad but doesn't really bring them much benefit either. If Microsoft wants to be "free to innovate", why not OEMs?

Thursday, October 25, 2001

iPod Experience Good post from slashdot about why the iPod's experience gives it the edge over its technical peers. I'd really like one (just to try out, of course ;) )

SSSCA continued I think Hollywood honestly beleives that people like its movies. I also think they honestly beleive that secure electronic distribution technology will drive demand for faster internet connections, despite all evidence to the contrary. Obviously they've never actually tried downloading a movie over the Internet, no matter what speed you use, a trip to the local blockbusters is still pretty competitive.

PC manufacturers have woken up to the threat, but their argument (let the market decide) is a little lame. Any copy protection infrastructure should enshrine fair-use just as strongly as it enshrines control, and it should allow sharing. In such an environment, people will ignore strongly protected work because the experience of accessing it is so much worse than accessing work. The SSSCAis nothing more than a big public subsidy to the content industry so they don't have to bear the cost of enforcing existing copyright laws themselves.

Wednesday, October 24, 2001

Technology short sightedness Apple released their new portable MP3 player, the iPod. Technology guys are unimpressed because the technical specs aren't that novel. They don't understand how ease-of-use is the real driver of technology adoption for mass market goods (and therefore, the real driver of revolutionary change). Read the short-sighted whine on Slashdot. When technology folks focus on the experience of actually using their products (and seeing beyond the specs) you see dramatic spikes in demand. I don't know if Apple really is bringing a revolutionary ease-of-use to the iPod (given the Aqua nightmare) but they might be. That's the marketing copy anyway.

Tuesday, October 23, 2001

Allchin on Open Source When Microsoft attacks open source, they're really attacking the GPL. They're fine with BSD-style licenses which essentially represent free R&D for the company, but the GPL eliminates commercial software development. Microsoft spins this as "GPL'd code destroys third party development" and they're quite right, it does. The point is that lots of other things also destroy third party development including patents, bundling, tieing, giving software away for free, closed standard, broken standards, draconian licensing policies, prefered networks, etc. all part and parcel of the Microsoft playbook. Microsoft Windows operating-system chief Jim Allchin (who some say is the real power behind the company these days) outlines his plan to get Congress to outlaw sharing.

How ./'ers should lobby Q&A on Slashdot with consumer advocate Jamie Love about how to lobby Congress.

Monday, October 22, 2001

Microsoft != IBM A piece by the Economist describes how Microsoft is attempting to maintaining its policy of platform lock-in as it attempts, through .NET, to own (and/or tax) every piece of information that can be, or is, in digital form. It suggests that Microsoft fears turning into an IBM, a strong business certainly but not one that sets computing standards. But IBM's honest support of open standards (as opposed to the XML fudges MSFT makes and reporters accept) means its business incentives are aligned with its customers, unlike Microsoft who profits from lock-in, exclusion, and forced upgrades. In the future, I hope MSFT becomes a multi-OS company the way IBM has. The next 5 years will tell. (Here's the slashdot thread).

Off topic Berkeley economist Brad DeLong talks about the Islamic Reformation, how to speed it up, and how free trade can help.

Friday, October 19, 2001

Telco Idiocy Sprint's family plan adds multiple phones to the same bill. But here in the US, cell phone users must pay to both make and receive calls (as a result of lobbying to protect land lines). Therefore, on this plan, family members pay twice as much as they would if one of them was a landline (presumably the initial state of affairs). As it's pretty safe to assume that family members on a shared plan mostly call each other, a family plan pricing scheme needs to compete with seperate plans (more flexible) and land lines (half the price) instead of just offering all the cost with none of the convenience. Sprint should realize it's in the business of helping people talk to each other (pretty basic).

Thursday, October 18, 2001

SOAP Award Dave Winer won Wired's "Tech Renegade" award for putting together SOAP. Cool :)

Linux, desktop loser A long article in Wired talks about Linux's limited future on the desktop, opportunities on the server, and corporate vs. slashdot cultures. Mitchell is right -- Linux's big, obvious win is to consolidate the fragmented Unix market and commoditize it away (much to the joy of vendors in complementary markets i.e. big iron, like IBM). Sun's Solaris is under the biggest threat here.

He's also right that Linux will struggle on the desktop. Open source amortizes away development costs because users improve the program for themselves for free ("scratch their own itch.") Desktop GUI development is trying to scratch someone else's itch--for free. I'm sorry that Eazel went bust. I hope a more focused successor does better.

But I don't think that hurts Linux as a whole. Linux development is not like corporate development, there aren't a limited number of developers who either work on the kernel or work on the desktop. The people best qualified to work on the kernel are doing that. Folks flinging themselves at the GUI aren't sapping strength from development anywhere else.

Apple and consumers Apple has always been the consumer focused computer company. Their products are famed for being easier to use than anyone elses. Unfortunately they've lost this focus, as the glitzy but irritating features in OS X demonstrate. It's as if Ideo has taken over their user interface department, with catastrophic (though award-winning) results. I'm afraid for (and of) their upcoming home audio device, which I am sure will be pretty, but over-priced and needlessly irritating to use. More focus on the experience, less on the demo please.

Wednesday, October 17, 2001

CIO Mag gets it right The economics of the software industry drives it to produce bad code that does not meet user needs. Extortionate licenses, bugs, useless features, endless "upgrades" are all part and parcel of how software biz works. While some CIOs may believe shorter licenses, or software subscriptions will help them out, they're sorely mistaken. For companies with a locked-in customer base, the most important competitor is old versions of their stuff. Shorter licenses (or subscriptions) leave business as locked-in, but also eliminate their ability to avoid pointless, costly upgrades. To have technology that makes your life easier you have to upgrade on your terms, not the vendors.

The only real solution is for business to take responsibility for its own software. This may mean cobbling together systems from many vendors. This will certainly mean protecting yourself from vendor lock-in by avoiding one-stop solutions. And it will absolutely mean looking at what the people in your business actually do and creating environments around their actual behavior. Economic buyers will have to align with the needs of users and use those to make software purchase decisions. Thanks to RE for the link.

Microsoft, XP, .NET, and Hailstorm CNet has a surprisingly good article on Microsoft's war on AOL. It shows how the breathtaking scope of Microsoft's ambition means it does not see itself as a predatory monopolist. I also stumbled upon a site that tracks Microsoft fulltime. It has this accurate analysis of why Microsoft ties its media player into XP and by extension, reveals the real juice behind the government antitrust enquiry into the music biz. That investigation is just an extension of the anti-trust case the government already has against Microsoft.

Tuesday, October 16, 2001

New Handspring Devices I really like the new devices Handspring has put together. They seem to understand that person-to-person communication is more compelling than broadcast content, and are working to make that easier. Unfortunately, telco carriers have made a complete mess of spectrum and interoperability in their mad quest for "owning the customer" and "not being a dumb pipe." Their totemic fixation on controlling the network means they haven't thought carefully about how to maximize profit from their network.

Music Monopoly The government has started an antitrust investigation into exclusionary licensing plays by the music publishing oligoploy. But music publishers have every incentive to license their music as widely as possible, just as they're happy Virgin Megastore sells CDs from all labels. The real collusion here is over transmission and playback standards, something allowed by current copyright law. And this is more a battle between RealNetworks and Microsoft, who support MusicNet and PressPlay respectively. Microsoft is using much of the publishing industry as patsies to extend its desktop monopoly into the creation, transmission, and playback of all digital goods. The music industry does not understand this, as it scrambles to maximize control over (instead of profit from) its network.

Monday, October 15, 2001

Do weblogs reduce information asymmetry? This year's Economics Nobel Prize was awarded to work that described how information asymmetry (usually sellers knowing more than buyers) can cause buyers to pay only the lowest price (to avoid getting ripped off) and so destroy the market. We are all suspicious of used car salesmen because we think they're trying to sell us lemons.

Software is a lot like used cars because it 1) mostly sucks and 2) is hard to value before buying and using it.

Weblogs are one way to look inside the development process and figure out how good a package is before shelling out your hard-earned. Joel Spolsky's excellent weblog tells me more about his company's bug tracking software and upcoming City Desk product than anything else, except many a trusted friend's evaluation. Weblogs should help small developers signal the quality of their products to potential buyers.

(Update: Just heard from Joel. He tells me that "pretty much ALL [their] software sales are either people who read the weblog, or word of mouth from people who read the weblog." Good to hear.)

Link to this article

Friday, October 12, 2001

Belly of the Beast revisited I went to a presentation by the very pleasant Kurt DelBene (Del-Beh-neh) this afternoon. Kurt is a VP of authoring and collaboration software at Microsoft (he's worked on Outlook, Exchange etc.) He spoke of his work and Microsoft's plans in the future. Here are my reactions:

Why Microsoft does not think it's a predatory monopoly
Kurt paraphrased ex-GE CEO Jack Welsh and said "once you have a large % of a small market you must redefine your presence as a small % of a broader market." Basically, in Microsoft's eyes, the desktop is just a small outpost in the much larger world of all information creation, collaboration, distribution, management, and presentation. Please note the immense scale of this goal. Any action they take on the desktop cannot be monopolistic seeing as how they have all the Internet, photography, video, graphics, publishing, recording, broadcasting, and editing markets to conquer, as well as creating the digital rights management market, and swallowing the "knowledge management" market. Microsoft sees themselves as a small fish in a big pond. The pond is all information that could potentially be digitized in the universe. Just some insight into where they're coming from.

Microsoft is hurt by the falling upgrade rates
It's a big problem that people aren't running out to upgrade their operating system. Microsoft desperately needs a 2 year turnover cycle (including theri cash cow Office) to continue delivering the sort of growth their shareholders' expect. Their recent licensing moves, whatever they may claim, are entirely designed to solve this "problem" once and for all. Anything else they claim is a lie.

Microsoft wants to make peoples' lives better with software, but they don't know how to do it
Microsoft honestly wants to make peoples lives better with software. They really do. They also have no clue how to do this. As someone who has watched hundreds of people struggle with technology, I know how frustrating it can be, but the solution is often less technology, not more. Microsoft thinks the answer to every technological frustration is more technology.

Microsoft's current business model makes it impossible to deliver software that people actually want
Microsoft makes money by forcing its installed base to buy "upgrades." When first approaching a market, they work hard to improve their product and have it match customer needs. Once this is done and they've built and installed base, their economic incentives drive them to force upgrade after upgrade. But once Microsoft squeezes all competition out of an area, real innovation stagnates and the drive to force upgrades begins. Word 3.0 was great, but its degraded ever since. And since more technology is often worse, the quality of products (and the customer experience) falls.

Windows XP is a good example of this at work. Every change from Windows 2000 basically makes life better for Microsoft, but worse for the customer. I don't think they can see this.

Growth in the mid-market
Microsoft's hungry for growth, so hungry that they want to sell end-to-end business solutions to the small and mid commercial market (this was also the logic behind the Great Plains acquisition). This may indicate that big customers are smart enough to buy best of breed systems from separate vendors and integrate them together, instead of behind beholden to any one company. Small to mid-sized businesses may not be so smart. To get any productivity benefit, businesses have to take responsibility for their own technology and not leave themselves to the tender mercies of vendors.

Digital Rights Management is being built into everything
Part of the selling point of Microsoft's complete end-to-end hegemony of all bits is digital rights management. If you take photos with your digital camera and put them up on a website, Microsoft wants you to have the ability to 1) control who views photos, 2) control the digital bits of the photos so others can't copy them (by taking screen shots or downloading jpegs etc.) Such a system also creates a controllable network, controllable by Microsoft, in the way the world's best collaborative system (TCP over IP) is not.

Their execs don't seem to understand Web standards
Microsoft execs like to promote their use of XML as proof that they're following standards, even though XML is just a standard way of defining other standards (which can be closed and proprietary). I don't know if Kurt (who's a nice guy) was blowing smoke here, but he seemed to honestly assert that just because something is in XML, it's standard in a meaningful way (i.e. open and interoperable). He also confused what UDDI, SOAP, and WSDL actually do (you can learn that stuff here). Sadly, few of my business school classmates seemed to notice.

Microsoft is still waiting for Linux to implode (and they hate the GPL)
Kurt expressed surprise that Linux had not imploded yet (as do we all, at times) and said, with quite some feeling, and the GPL was bad. The GPL is bad if you're in the software development business -- it makes it impossible to sell software as a product, even for third-part developers. While free-software zealots may not agree, they're simply mistaken. Microsoft understands this part of free-software economics quite well (but not other parts). I'll focus on this all next week.
Link to this column

Thursday, October 11, 2001

Protected info rage Way back in 1970, George Akerlof wrote an economics paper called "The Market for 'Lemons:' Quality Uncertainty and the Market Mechanism" describing how markets can fail due to information asymmetry. 30 years later, he (and 2 others) won a Nobel Prize for their work. I tried to use Google to find the paper (as I'm sure many others did also) but only succeeded in downloading it because I'm currently a University of Chicago student.

A Nobel Prize winning economics paper written thirty years ago is so clearly something that belongs in the public domain that I offered it here for free. I received a letter to take it down so I have. I was instructed to point to this link instead (which does not work outside the University). The irony of this is rich.

Incidentally, I also believe that the work here has strong ramifications for software, an experiential good (i.e. you don't know what it is until you've experienced it) with a terrible reputation for being buggy or useless or both.

Convergence resurrected Convergence used to be a mushy phrase that meant TV, radio, the Web etc. were all coming together in some vague way. Now it describes the chain that links content construction (tools), recording (format), delivery (transmission protocol) and eventual "consumption" (reading). Publishers want this entire chain to be secure (thus the SSSCA) and Microsoft is only too happy to oblige, thus extending monopoly control to all digital information. Publishers are free to lock-up their content in any way they choose so long as 1) they pay for it, 2) people who still want to share can, and 3) existing fair use laws are enforced.

If the above three are respected, then publishers will do just fine in some areas and poorly in others where open, unrestricted, and free (beer/speech) alternatives deliver more value and a better overall experience (like this *ahem* weblog). Publishers are free to try and restrict access to their content, but they cannot ban sharing, nor should they eliminate the existing fair-use rights consumers enjoy. They should also be wary of any such system that hands total power over to Microsoft. In the long run it will hurt them just as it's burning the locked-in business community. Personally, I'd like to see legistlation that mandated fair use provisions in any digital protection scheme and maintained that free, open, and unencrypted information (and distribution) could not be outlawed. (Link via Tomolak)

Wednesday, October 10, 2001

Digital Copyright and Monopoly Here's a great summary piece outlining how an unholy convergence of publishers, lawyers, and Microsoft, are squeezing all competition (and innovation) out of technology. (Non sequitor: My new Timbuk2 laptop bag came today -- I love it! I have also gotten great use out of the messenger bag I bought from them last year.)

Tuesday, October 09, 2001

Hardware copyright While the music industry (and all publishers) are free to enforce their copyrights to whatever degree they choose, they should not be able to outlaw sharing. But that's exactly what they're trying to do through a series of hardware and software initiatives. Microsoft is also supportive of this, since banning sharing also bans open-source development, something the software monopoly would clearly like eliminated. And not only are publishers trying to ban sharing, they're trying to do it on the hardware and software providers' dime, essentially asking for a huge government subsidy to protect their business model.

While publishers are free to enforce existing copyright law (flawed as it is), they have no right to outlaw sharing by those who want to do it, nor should they be subsidized by the government. What I would like to see in any electronic copyright related legislation is the mandate to allow fair use and the ability to freely share if that's what copyright owners want. And no subsidies or handouts. Fighting piracy has always, is now, and should forever be, part of the cost of doing business if you're a publisher.

Monday, October 08, 2001

.NET and viruses After listening to Microsoft describe its .NET vision of massive interoperability, I think it's probably safe to conclude there will be more virus problems under this new architecture than there are currently. It's easy for malicious code to spread through a monoculture where everything is designed to interact with everything else. Two solutions: 1) use slightly non-standard products (i.e. Eudora instead of Outlook, Mac Office instead of Windows Office etc.) 2) use simpler products that don't talk (or listen to) everything else (email clients distinct from address books and calenders). Neither of these is compatible with Microsoft's strategy, so virus problems will get worse.

Friday, October 05, 2001

The Joys of Text Expansion The text-expander is a simple program that automatically recognizes alphanumeric combinations and expands them to longer strings. For example, I could set my text-expander to automatically turn generate "zimran ahmed" whenever I typed in "za", or generate today's date if I keyed in "dt".

This unassuming little utility could kill Microsoft's Passport strategy. In its current incarnation, Microsoft wants to host all personal information, such as shopping passwords and addresses, in a central database in Redmond. By using its desktop monopoly to force high registration rates for its services (they way it does now by pushing on its desktop, then pushing hotmail on, and automatically registering people for Passport when the sign up for hotmail) it can goad online merchants into supplying Passport friendly features on their site. By building critical mass on both sides, all merchants would have to offer Passport, consumers would have to sign up for Passport, and Microsoft would take a cut of every transaction online.

That's the plan, anyway. The security dangers of a centralized authentication database have not been lost on those who think about things, particularly when the keeper would be a traditionally security-shoddy company like Microsoft. So they call for a decentralized authentication database, that would keep distribute personal information and so not provide any single juicy target to script-kiddies and crackers.

In my mind, the ultimate decentralized system is the PC itself. Even if one PC was compromised, the cracker would know nothing about anyone else's PC. And although having your info on the hard-disc means you can't remotely access it, this is no big deal for 99% of PC users who aren't even sure what "remote access" is.

The simplest way of keeping this sort of personal data on a PC is in a text-expander. "pw" can expand to a generic password, "pwebay" to an ebay specific one. "addr" can expand to an address, with built in tabs filling out web-forms correctly. The list goes on.

Its pretty characteristic of the technology community to approach something as simple as quick personal information submission over the Web with schemes as hairy as Redmond's bald attempt to illegally further extend its monopoly or the open source community's complex, infrastructure obsessed decentralization services. Canny readers will note that actual customer needs haven't been addressed anywhere in all the debate around Passport. 99% of customers can have their needs simply met by using a text-expander on their desktops. Here's a great one for Macs, and a random (untested) one for Windows.

Bonus: Text-expanders are also helpful to speed up writing (common phrases get reduced to short letter combinations), form letters, personal spell-checks (enter all the words you commonly misspell to have them automatically fixed in all applications), bookmarks (common URLs become short strings) etc. etc. etc.
Link to this article

Thursday, October 04, 2001

XML and Web Services low down Clay Shirky hits the current hype over XML and web services on the head. His points:
1) XML is not a standard, it's a standard to define other standards (i.e. an alphabet, not a language). This means that anyone claiming anything is open, standards compliant, or public domain just because it's in XML is either lying or doesn't know what they're talking about.
2) Interoperability does not exist because of business reasons, not technology reasons. Technology cannot "make" things interoperable. Things will only be interoperable when businesses i)want them to be or ii)can't stop them from being.
3) Technology is dumb and can't understand semantics or context. No "cloud" can solve this problem, not UDDI or WRLD or any other fancy contextual description markup. AI has failed to solve this problem for 50 years, and there is no hope in sight.

Wednesday, October 03, 2001

Quick Link Hong Kong, remarkably, gets it.

Music Industry Insanity The RIAA is now going after some of the post-Napster peer-to-peer services, arguing that "supernode" computers are similar to the centralized Napster database. I also have it on good authority that RIAA wants to count each compression format of a song as a different song for royalty purposes (which would outlaw online radio). Now, going after the new peer-to-peer services I understand, but banning streaming internet radio? They're nuts. Anyway, here's the Slashdot thread.

WC3 Software Patents As expected, the W3C posted a response to the recent patent outrage stating "in a world where patents exist and may be used to constrain conformance to standards, how should W3C best proceed in order to accomplish its mission?" How indeed? The current proposed policy isn't a bad approach.

Tuesday, October 02, 2001

Security Bruce Schneier, digital secutiry expert, has some good comments on recent measures implemented by airports. In particular, the twigs that identification requirements will help airlines price disciminate but do nothing to improve actual security. While rags like the New York Times talk about "boosting confidence", it's good to see someone discriminating between real security and the (often false) sense of security.

Monday, October 01, 2001

Digital Copyright Here's a very old article about how the recording industry (copyright maximalists) tried to destroy fair use back in 1997. They're trying it again through the SSSCA. While copyright owners are free to enforce their legal rights, they should i) bear the full cost of that expense and ii) be unable to ban sharing. The SSSCA does exactly that, acting as a huge subsidy to the publishing industry by shifting enforcement costs onto hardware manufacturers. It also destroys interoperability and outlaws plaintext and Open Source Software, which is why Microsoft is a secret big backer of the bill. The recording industry claims that this bill will boost broadband rollout and Internet rollout. This is a lie, person-to-person communication has always overshadowed broadcast content.