Does Microsoft Have an Open Source Strategy Any More?
Whenever I write about Microsoft here I usually get a few comments asking me, with varying degrees of politeness, why I am wasting electrons on this subject on a site devoted to GNU/Linux. The reason I do this – and why I am about to do it again – is that whether we like it or not, Microsoft remains probably the single most important external factor in the free software world. It's useful, therefore, to try to understand what exactly the company's open source strategy is, in order to head off some of its worst aspects, and to build on any positive elements. The trouble is, I don't think Microsoft has an open source strategy any more.
The last few months have been particularly rich in contradictory signals. For example, we had this:
in a break from the ordinary, Microsoft released 20,000 lines of device driver code to the Linux community. The code, which includes three Linux device drivers, has been submitted to the Linux kernel community for inclusion in the Linux tree. The drivers will be available to the Linux community and customers alike, and will enhance the performance of the Linux operating system when virtualized on Windows Server 2008 Hyper-V or Windows Server 2008 R2 Hyper-V.
This was variously analysed as Microsoft seeing the light, Microsoft being forced to bow down before the mighty GNU GPL and Microsoft being its usual cunning self and piggybacking on the open source community for competitive edge.
Then we had the revelation of Microsoft “educating” third-party sales people about “weaknesses” in GNU/Linux. Except, of course, they weren't weaknesses, but misinformation or even outright lies. Now, fair competition is all well and good, but stooping to this kind of underhand behaviour hardly matches the company's recent soothing noises about wanting to work with the open source community.
Another confusing episode in Microsoft-open source relations involved some patents:
Earlier this week, the Wall Street Journal’s Nick Wingfield broke a story on Microsoft selling a group of patents to a third party. The end result of this story is good for Linux, even though it doesn’t placate fears of ongoing attacks by Microsoft. Open Invention Network, working with its members and the Linux Foundation, pulled off a coup, managing to acquire some of the very patents that seem to have been at the heart of recent Microsoft FUD campaigns against Linux.
What's interesting here is that once more, the narrative is messy. Microsoft was apparently getting rid of patents that could have been used to attack GNU/Linux: that's good, no? But some have suggested somewhat persuasively that it was trying to sell them to patent trolls that could then attack open source without Microsoft being involved, which is plainly bad.
Finally, we have the following announcement:
The CodePlex Foundation, a non-profit foundation formed with the mission of enabling the exchange of code and understanding among software companies and open source communities, launched today, September 10, 2009.
Incorporated as a 501.c6 non-profit, the CodePlex Foundation was created as a forum in which open source communities and the software development community can come together with the shared goal of increasing participation in open source community projects. The CodePlex Foundation will complement existing open source foundations and organizations, providing a forum in which best practices and shared understanding can be established by a broad group of participants, both software companies and open source communities. Initial funding for the Foundation comes from Microsoft Corporation.
This is in many ways the hardest to parse. From the FAQ:
We believe that commercial software companies and the developers that work for them under-participate in open source projects. Some of the reasons are cultural, some have to do with differing software development methodologies, and some have to do with differing views about intellectual property. In general, we are going to work to close these gaps. Specifically we aim to work with particular projects that can serve as best practice exemplars of how commercial software companies and open source communities can effectively collaborate.
That sounds laudable enough – increasing participation in open source projects. But then we have this in the same document:
The Foundation has no pre-suppositions about particular projects, platforms, or open source licenses . Particulars about the relationship between the Foundation and projects will be spelled out as the Foundation Charter is drafted, but our expectation is that we can have the greatest impact on projects where the software industry as a whole would benefit from closer collaboration between software companies and open source communities.
That phrase “software industry as a whole” seems to stand in contradistinction to things like “open source community”: in other words, the emphasis will be on commercial concerns, not ones to do with the community (never mind freedom). I also find the following worrying:
Microsoft has an evolving engagement with open source, as demonstrated by its sponsorship of the Apache Software Foundation, contributions to the PHP Community, participation in Apache projects including the Hadoop project and the Qpid project, and participation in various community events such as OSCON, EclipseCon, PyCon, and the Moodle Conference. As an additional proof point of Microsoft's understanding that they needed to be more involved, at OSCON 2009 in July, Microsoft contributed 20,000 lines of device driver code to the Linux kernel. The Codeplex Foundation is another step in this evolution.
It's true that these are all demonstrations of “Microsoft's engagement with open source”, but they are also fine examples of how Microsoft is encouraging the open source community to expend time and energy on projects that benefit Microsoft – for example, by working on Windows versions of code. I can't help feeling that the CodePlex Foundation will similarly focus on bending open source to Microsoft's advantage.
If you read the governance details, it's clear that Microsoft, and Microsoft alone, will be running this new “open source foundation”. As another page explains:
While the Codeplex Foundation is not currently structured as a membership organization, there are a number of ways for individuals, companies and projects to participate in the Foundation. One way is to sponsor, and another way is to become a member of the board, or board of advisors. Over the coming months, the board will also be determining how projects get accepted as they define project governance, which will provide clarity on how individuals or companies can contribute projects.
In other words, people, companies and projects are welcome to add their names in order to boost the Foundation's credibility, but don't expect to wield any real influence.
Now, you might argue that all these confusing signals are a natural consequence of the great size of Microsoft, and of the differing opinions within the company. And that's certainly true. But equally you would expect an organisation as successful as Microsoft at least to have an underlying strategy, even if there were deviations from it.
You could find no better symbol of the increasing rudderlessness of Microsoft in this regard than the following news about Microsoft's Mr. Open Source, Sam Ramji:
I felt it was important to provide some thoughts to the Port25 community on Sam Ramji's impending departure from Microsoft.
After many years helping to carry the open source software banner for the company, Sam is leaving Microsoft at the end of this month. You may have also heard that he has accepted the position of interim President of the CodePlex Foundation as well as a leadership position at a startup in California. (I'll let Sam and his new company share more details there.)
Sam joined my team three years ago to drive open source technical strategy. I have eagerly supported him as he passionately articulated a vision that Microsoft could coexist - and even thrive - in a heterogeneous IT world.
This underlines the pivotal role that Ramji played at Microsoft in determining that “vision”. Here's how the company tries to spin his departure:
The perspectives on OSS at Microsoft have evolved to the point where Microsoft's open source strategy is no longer just locked in a single ‘lab' on campus - now OSS is an important part of many product groups and strategies across the company. We have become increasingly clear on where we work with open source - development methodologies, projects, partners, products and communities - and where our products compete with commercial open source companies or platforms. Today, there are engineering and business leaders across the company, myself included, looking at how to drive interoperability for customers and as a lever for new growth.
Nice try, but that's not how it looks from the outside. Rather, it seems to me that the centrifugal forces within the company have finally overcome that lone centripetal force of Sam Ramji, with all those “engineering and business leaders across the company” adopting widely differing, and at times contradictory, attitudes and actions with regard to open source. Without Ramji, I think the situation is going to get even worse; what about you?
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Death of RoboVM
- The Humble Hacker?
- BitTorrent Inc.'s Sync
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide