Interview with Bob Sutor
Bob Sutor studied mathematics at Harvard and Princeton before joining IBM Research in 1982. His exploration of ways of exchanging documents containing mathematical formulae so that they preserved their functionality led him to become active in the then-new field of XML. After a stint working on Web services and IBM's WebSphere family of application servers, he became Vice President, Open Source and Standards, in January 2005.
GM: When did you first come across free software?
BS: It was back in the mid-1990s. I was in IBM Research for 15 years, in the Math department there, and we had produced something called techexplorer, a plugin for Netscape Navigator that let you see [the results of the typesetting systems] TeX and LaTeX. We had come to the conclusion that we weren't going to get decent built-in math support in the browsers. In fact, this was the first Netscape plugin IBM ever produced, so it was kind of new and wild.
As we wanted to move beyond a Windows implementation, we started looking at GCC. So we started trying to understand the intricacies of GPL, as it was back in the mid-1990s, and what exactly the rules were. [There were] some very, very early exchanges with Richard Stallman, just trying to figure out what this thing was and what was allowed. We maintained a fairly rapid e-mail exchange back and forth, until he felt I understood the situation.
It was before IBM made its big push into Linux and made any sort of formal announcement, as we did a little bit later in the 1990s. I was a mathematician, who was doing a lot of software development. I certainly understood commercial software, but [free software] wasn't a deep philosophical stretch for me, coming from mathematics; I had never charged anybody for a lemma or a corollary. So it was very much trying to figure out how that fit into the IBM world, which at that point was completely commercial, traditional, proprietary software.
GM: When you became Vice President, Open Source and Standards, in January 2005, what did that involve?
BS: Initially, a lot of it was around internal transformation. IBM is a very big place. We can tackle aspects of the same problem in many different parts of the company. And so when it came to standards, particularly things like industry-specific standards, we did a lot of work there to tie together the different parts of the company, to do the right thing in a very coordinated way.
I have had, since I left research, a fairly vocal position. For example, when [the international standards body] OASIS really kicked in around 1999 or so, I was on the first board of directors there. I had been used to making a lot of noise, if you will, externally, about standards, about industry directions and so forth. And so in this current role, there are internal management aspects of it, as it relates to standards and open source across IBM, [and] there's also an external role as well.
GM: What is IBM trying to achieve with open source?
BS: From a business perspective, I would give a fairly traditional answer of saying, “Well, it's providing our customers with the appropriate IT tools and technologies to become better businesses.” It may sound vanilla, but that really is the ultimate goal.
But then you kind of back up and say, “Well, how do you do that?”. You've got potentially a very large number of choices of software and ways you can mix and match them in together. You have traditional proprietary software and you have some open-source options as well. So for us, the business goal is to optimize this hybrid mix of proprietary and open-source software to give our customers what they need.
GM: IBM was one of the first major computer companies to support open source, so why hasn't it followed Sun in pledging to open all of its code?
BS: Well, let me say that Sun will do what Sun feels is appropriate for its business model and its history in the software business, and we will do the same. We will look at where we have successful businesses: if that's around proprietary software we will continue them, if that's what customers want to buy. Where customers want a more hybrid strategy, such as what we've done with WebSphere, we can do that too. If you go and you talk to our folks in the Linux Technology Center, they are just totally open source.
We have the breadth that we don't feel that we have to just make some overarching, universal statement. We have a number of business models, some of which are traditional, some of which are completely open source—and increasingly, they're a combination of the two. So we do what works and, we hope, what our customers need us to do. Maybe something else works for Sun, but that, at least, is what's working for IBM. We're very willing to change these in different ways over time.
GM: So if you thought you could serve your customers better and still make a profit, would you then be happy to make everything open source?
BS: Well, I want to get away from this “everything open source”, because I'm afraid people will extract just snippets of that discussion. We are doing more open source in 2007 than we did in 2006, let's put it that way. And as we figure out how to serve our customers, we will go with that.
IBM changes. What one considers IBM today, may change tomorrow. We do acquisitions, for example. We change our business models. We change our mix of what we offer customers, on a fairly constant basis. So I don't want to make one such strong statement. But let me say that if it makes good sense to get more involved with open source in certain areas, we have not been shy to do that in the past, and I don't anticipate our being shy to do that in the future.
GM: Another important area of your work involves the OpenDocument Format (ODF). Where does ODF fit into IBM's overall strategy?
BS: Well, there are two levels. On one hand, you can look at the very practical problem of interchange of information, as represented in office suite data formats. It's nice to represent them in XML; it's even better to represent that information in good, well-designed XML. What this means is that we get full fidelity of exchanging information between applications made by different people. They could be proprietary, they could be open source.
The other aspect is that the fundamental model of how information is created and then shared is changing radically. This notion of a standalone office suite, at this point, is almost ancient in the software world: we've had office suites for well over a decade. To think that we will always use office suites the way we imagined them ten years ago, I think, is just silly, because we are seeing a shift to, for example, on-line applications, software as a service, exchange of information in ways that people never really imagined.
That is, we don't always know who the users of our information are going to be, and we certainly don't expect them to be using exactly the same applications as we are. Indeed, they may not even be people, they may be new computer programs that munch and do very fascinating things with this information. Therefore, breaking loose the data from any particular application that happens to create it so it can be used by any other type of application, I think, is very important.
Now, there's plenty of room for competition there. I don't expect people to completely stop using office suites, of course. But I do expect that people will simply compete on the quality and the price and the support of that category of software. That is, you don't get to just lock some people in to a particular product category because you happen to have a particular market share at a particular time. You continue to keep your customers by having high-quality products and support at the right price.
If this leads to interchangeability—that is, the ability to use different applications on the same data—that's okay, because frankly, customers like that idea. A vendor or a software provider may not like this idea that you could possibly use somebody else's application, but from a customer perspective, that's pretty good. And, there are more customers than software providers, I may say.
GM: We've seen some pretty interesting things happening around ODF since the commonwealth of Massachusetts standardized on the format in September 2005. What do you think can be learned from that experience?
BS: First, let me say that we have been pleasantly surprised by almost everything that has to do with adoption of ODF. If you look historically, I can't name another standard that's gotten this much attention.
[The] various attempts by people to say that open document standards are a good thing is all progress, because it represents awareness. We went from a situation where people never even thought of this issue to people actively thinking, “Well, yeah, maybe open document formats are a reasonable thing to have.”
Massachusetts brought a lot of attention to the issue. It really raised the profile of the importance of information, and who controlled the information. It comes down to a question of the sovereignty of the state of Massachusetts. What happened in 2005, as a result of this discussion around ODF, was this clear separation that said to vendors, “Thou shalt not tell governments what governments can and cannot do with this information.” That was a historic turning point in the industry.
It's funny, I had a couple of instances where I've spoken to rather senior people. They've said things like, “We'll have a discussion about ODF”, or they'll say, “Well, everyone in my organization uses Microsoft Windows, and they have to use Microsoft Windows and Microsoft Office.” And then right before the end of the conversation, almost as we're out the door, a person will slip in, “But of course, at home I use OpenOffice.org.”
What I think this is saying is that people at work in businesses and organizations are still bound by some of their traditional decisions. But a lot of the furor, the discussion around ODF, and [Microsoft's] OOXML, means people are actively looking at this again. And what I'm finding, in a more ad hoc way, is that when these very smart people in positions of power are making decisions about what to do with their own money on their own systems, you know, guess what they're choosing?
And so if you look at any of the things like Massachusetts, or the study bill in Minnesota, or what came up in certain legislatures this year and may come back next year, this is a matter of time. We are all in this for the very long haul. There is not going to be any one event that suddenly makes everyone on the planet use ODF, right? This is just relentlessly incremental, and it's all positive in different ways.
GM: One of the key issues in the open-source world today is software patents. Shortly after you became Vice President, IBM made an unprecedented release of 500 patents to what you described as the patent commons. What was the background to this move?
BS: Well, I got this job at the beginning of 2005. I think the first day of the week was a Tuesday because of the beginning of the year. Someone said, “You're briefing Forrester tomorrow on this patent pledge.” And I said, “Oh really? What patent pledge is that?” And, in fact, it had been in the works for a little while.
That was designed to shake up people's thinking about the use of software patents in open-source and proprietary software. It was a way of telling people, “Look, if we can make patents available to the Open Source community, and if maybe they can innovate and take them beyond what we have done with them, and then maybe we could use their results, that's a good thing. This is collaboration. And oh, by the way, no one has done this before; we're trying to figure this thing out too.”
That is, whatever you thought of the old IBM and what it's done with its patents, maybe you don't quite know what's happening here. And, maybe we all need to rethink this. Maybe we are in some type of transition from our traditional view to something new. We're not saying we have the answers. But we're saying that there are a number of things that one can do with intellectual property to accommodate both open-source and traditional software.
GM: Many people, especially in the open-source world, believe that the patent system is seriously broken as far as software patents are concerned. What is IBM's position on that?
BS: In part it's a philosophical issue. I haven't found any stone tablets anywhere that directly say yes or no in terms of patents. So I think it's a fairly social decision as to whether people think they're good or bad. IBM has supported patents, where they are available, for the traditional reasons. But in ways I've described, I think we've been more flexible than almost anybody else in terms of its use.
We wouldn't say that the system is broken. We would say that the system is under a lot of stress. And so it's for that reason we have been working with the Patent Office in the US and other places as well to just generally try to improve the system.
There was in Europe, you may remember, quite a big action around software and patents. And eventually, the bill was dropped because it had so many different things in it. But our position there at the time—and I think we're pretty consistent about this—is that software interoperability is extremely, extremely important. If you look at where we have gone royalty-free, for example—and royalty-free will typically translate to mean there can be open-source implementations—we have basically said that software patents should not get in the way of software interoperability, where it means data formats, where it means protocols and where it means APIs.
GM: On a related note, I wondered what IBM's relationship with Novell was these days.
BS: They're a strategic partner of ours—they were and are.
GM: So what do you think of the agreement Novell and Microsoft announced in November 2006?
BS: Speaking for IBM, we didn't feel it was necessary. We do not think anyone needs that particular protection from Microsoft. There's never been a successful suit against open source in any way, and so there was no particular need to strike such a deal. If it leads to the greater adoption of open source, the greater adoption of Linux, well, that's probably good for Novell. It's probably good from a partner situation. But we don't think that the world is fundamentally better off because that agreement was made.
GM: Software patents are one of the key areas that GPLv3 attempts to address; what is IBM's view of the new license?
BS: We think they did a great job. We think it was a tough task they set up for themselves. And Richard Stallman and the Free Software Foundation, they opened this up to the community—people who were fervently pro-free software, people in the middle with open source, as well as people who wanted to get involved who maybe didn't like the idea whatsoever. They completely opened themselves up for a tremendous amount of input from all sorts of groups.
And through all of this, they had to look at the use cases. They had to understand philosophically what they were after and what they could practically get. And we think ultimately they played it pretty well. And so I certainly applaud what Richard's done, Eben Moglen as well, in getting to this [result].
I don't think anyone can deny that all the attention this got fundamentally points to the importance of free and open-source software, and the degree to which it is core to the IT industry today. If no one cared, no one would have said anything. It wouldn't have generated articles in the New York Times and the Wall Street Journal and BusinessWeek. And so, in many ways, free and open-source software has come of age. It's here to stay, and it's part of the mix.
Glyn Moody writes about open source at opendotdotdot.blogspot.com.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- The Humble Hacker?
- The Death of RoboVM
- On Your Marks, Get Set...Gutsy Gibbon!
- The US Government and Open-Source Software
- Why Python?
- Open-Source Project Secretly Funded by CIA
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide