Well, it’s been a busy week in Lake Wobegon, hasn’t it? First, the Wall Street Journal broke the story that Microsoft had unwittingly sold 22 patents, not to the Allied Security Trust (which might have resold them to patent trolls), but to the Open Inventions Network. A few days later, perhaps sooner than planned, Microsoft announced the formation of a new non-profit organization, the CodePlex Foundation, with the mission of “enabling the exchange of code and understanding among software companies and open source communities.”
Not surprisingly, more articles were written about the apparent snookering of Microsoft by AST and OIN than about the new Foundation. But while the tale of the 22 patents is now largely over, the CodePlex story is just beginning. Microsoft says that its goal for the new Foundation is to create an open and neutral environment, and that the formation documents posted and governance structure described at the CodePlex Foundation site can provide a foundation for such an organization. The CodePlex site also makes clear that the Bylaws you can find there are just a starter set, stating, “Our governance documents are deliberately sparse, because we expect them to change.”
That’s good to hear, because I’ve reviewed all of the material at the CodePlex site, and I think that quite a bit of the governance structure will need to change before CodePlex can expect to attract broad participation.
Steve Jobs is a genius of design and marketing, but his track record on calling the right balance between utilizing proprietary arts and public resources (like open source and open standards) is more questionable. Two news items caught my eye today that illustrate the delicacy of making choices involving openness for the iPhone platform - both geopolitically as well as technically.
The first item can be found in today's issue of the London Sunday Times, and the second appears at the MacNewsWorld.com Web site. The intersecting points of the two articles are the iPhone and, less obviously, openness. But the types of openness at issue in the two articles are at once both different, and strangely similar.
The Sunday Times piece recounts the (unsuccessful) efforts of Andre Torrez, the chief technology officer at Federated Media in San Francisco, to switch from the iPhone to an Android-based G1 handset, because he objects to the closed environment that the iPhone represents. But after just a week, Torrez reverts to the better app-provisioned iPhone. The Sunday Times author concludes in part as follows:
Modern society harbors many bad habits. One is its penchant for enthusiastically embracing the benefits of new technologies before considering their less desirable side effects. Whether we look at the development of automobiles (first) and safety features (much later), or industrialization (first) and environmental protection (much, much later), the story is always much the same: we reach for the candy before we grasp the reality of the cavities. Only after the problems become too great to ignore do we investigate the unintended consequences, realize how difficult and expensive they are to address, and grudgingly start to rein in our appetites and exercise a bit of prudent self-discipline.
Perhaps we should not be surprised, then, that the U.S. government is only now becoming alarmed over the vulnerability to which we have become exposed as a result of our whole-hearted embrace of the Internet. With the operations of government, defense, finance, commerce, power distribution, communications, transportation, and just about everything else now dependent on the healthy operation of the Internet, that alarm is well-justified. And with the creation and storage now of virtually all data in digital, rather than physical form, exposure of our financial as well as our most intimate personal and health information is only a hack away as well.
Man's ability to affect the land is all too evident in these times of climate change, pollution and habitat destruction. Happily, the landscape can change man as well.
The weather finally broke last night, dropping 30 degrees by dawn, and thanks be for that. The night before I had camped in the Sheyenne National Grasslands, heavy with heat and humidity. But the next day it was pleasantly cool (upper 60s), albeit overcast rather than sunny.
Nor was this the only change. It took over 2400 driving miles to finally leave the Eastern, and then Midwestern terrain behind, but today I reached the beginnings of what I think of as the West. More than anything else, in my mind that means “dry.” For the last 800 miles, the landscape had been primarily flat, lush - and transitionally post-glacial. That last factor means an area where the great ice sheets completed their periodic southward pulses, dumping rich, black earth born of thousands of miles of ice grinding down stone, some deposited by glacial steams, and other as windblown “loess” – very fine mineral particles.
Mea Culpa. I am uncharacteristically late in commenting on the XML Wars of August, 2009, which have already received so much attention in the press and in the blogs of the technology world. The wars to which I refer, of course, broke out with the announcement early in the month that Microsoft had been granted an XML-related patent. The opening of that front gave rise to contentions that patenting anything to do with XML was, in effect, an anti-community effort to carve a piece out of a public commons and claim it as one's own.
The second front opened when a small Canadian company, named i4i, won a stunning and unexpected remedy (note that I specifically said "remedy" and not "victory," on which more below) in an ongoing case before a judge in Texas, a jurisdiction beloved of patent owners for its staunch, Red State dedication to protecting property rights - including those of the intangible, intellectual kind.
So if this is war, why have I been so derelict in offering my comments, as quite a few people have emailed me to tell me they are waiting to hear? Here's why.
Cybersecurity is an increasingly frequent topic in the news, and this week brought word of the indictment of someone who must be the leading contender for the title, Master Cybercriminal of All Time (Payment Card Fraud Division): Albert Gonzalez. More recent press reports point to additional conspirators who Gonzalez's attorney contends were there real masterminds. Top honors aside, government prosecutors contend that the team are responsible for all of the most high profile data breaches publicized to date: Heartland, Hannaford, TJX, and more - gaining access to information relating to an astonishing 130 million credit and debit cards or more.
With so many breaches in the news, you might understandably be wondering how safe your own financial information is, and whether anyone is doing anything to protect you. Happily, the answer is "yes," and as it happens, the organization that has been tackling this problem is a client of mine, PCI Security Standards Council, which creates and enables a global, end to end ecosystem of standards, certifications, auditors and more to secure payment card data from the moment that your card gets swiped on a reader to the time it reaches its ultimate destination.
In 2001, I took a one month solo cross country trip, driving from Massachusetts across the Northeast, the Midwest, and then the prairie states, until I reached what we generally think of as “the West” – the land of canyons and buttes, deserts and mesas. Once there, I spent the rest of the time backpacking in the canyonlands of Utah, and then meandering North on dirt roads until I reached Glacier National Park, in the Northwest corner of Montana. After that, I zigzagged back East until I reached the Mississippi. Then, it was just a straight highway shot till I arrived back home once again. It was during that trip that I began writing in earnest, although I haven’t (yet) posted anything from that journey to the Web.
Last week, Microsoft and the European Commission each announced that Microsoft had proposed certain concessions in response to a "Statement of Objections" sent to Microsoft by the EC on January 15 of this year relating to Microsoft's bundling of Internet Explorer with Windows. If you've been reading the reams of articles that have been written since then, you may have noticed that the vast majority of the virtual ink spent on the story has been directed at the terms relating to browser choice. Typically, and as an afterthought, most of these stories have added a brief mention that Microsoft also proposed commitments relating to "another" dispute, this one relating to interoperability.
While the browser question is certainly important, in many ways it is far less important than the interoperability issue. After all - the primary benefit for consumers under the browser settlement is that they can choose their favorite browser when they first boot up their new computer, as compared to investing a few extra clicks to download it from the site of its developer - as they can already do now. Interoperability, of course, goes far deeper. There's no way that you can make one program work the way you really want it to with another unless it comes out of the box that way, or unless you have not only the ability, but also the proprietary information, to hack it yourself. And if both programs don't support the same standards, well, good luck with that.
So what exactly did Microsoft promise to the EC, regarding interoperability? Let's use ODF as a reference point and see.
I'm pleased to report this morning on the formation of a new advocacy group for the use of free and open source software in the U.S. Government. I'm also pleased to have been asked to serve on its Board of Advisors, along other proponents of free and open source software, such as Roger Burkhard, Dawn Meyerriecks, Eben Moglen, Tim O'Reilly, Simon Phipps, Mark Shuttleworth, Michael Tiemann, Bill Vass, and Jim Zemlin.
The new organization is called Open Source for America (OSA), and you can find its Web site here. Tim O'Reilly will officially announce OAS at OSCON later today, and you can find the launch press release here, as well as pasted in at the end of this blog post for archival purposes. I'm sure that you'll also see quite a few articles blossom across the Web today relating to its announcement, but having been in on the planning, here's what it's all about.
The dominance of Microsoft's Office in the marketplace would be logical (if frustrating, to those that think that competition breeds better products), if it was simply a matter of developer seats. After all, Microsoft deployed hundreds, and then thousands of engineers to develop and evolve its flagship app over the last 25 years. How could anyone expect a less well funded commercial competitor, much less an open source project, to equal Office for features, performance and interoperability with other office suites?
At the same time, people keep trying - a lot of them. Not just long-established competitors, like Corel, with the venerable and estimable WordPerfect office suite it bought from Novell, open source projects like OpenOffice and KOffice, as well as projects launched by much larger players, such as IBM (Lotus Symphony) and Google (Docs).
WordPerfect aside, most of these offerings disappoint when it comes to round tripping documents with Office users, although many provide perfectly fine alternatives for stand-alone use, particularly by those that don't need to create the most complex business document.
The funny thing is, though, that the quality of the result, and even the ability to interoperate in a world dominated by Microsoft's Office, doesn't necessarily equate to the depth of the resources of the developer. Now isn't that an interesting observation?
Quote of the Day
“In 2009, the government spent £16bn on IT services. That is 1% of the UK economy – a lot of money”
-UK Government CTO Liam Maxwell, announcing a move to "Government as a Platform"
W3C Launches Web Payments Initiative W3C.org October 21, 0214 - W3C announced today a new Web Payments Initiative to integrate
payments seamlessly into the Open Web Platform. W3C calls upon
all industry stakeholders –banks, credit card companies,
governments, mobile network operators, payment solution
providers, technology companies, retailers, and content
creators– to join the new Payments Interest Group and leverage
the unique ability of the Web to bridge ecosystem diversity and
reach users everywhere, on any device. The result will be new
business opportunities, an improved user experience for online
transactions, reduced fraud, and increased interoperability
among traditional solutions and future payment innovations.... ...Full Story
China Celebrates "World Standards Day" USITO.org Weekly October 21, 0214 - Last week, the General Administration of Quality, Supervision, Inspection & Quarantine (AQSIQ) andStandards Administration of China (SAC) co-hosted a conference to mark World Standards Day, embracing the theme of "Standards Level the Playing Field, Standards Construct Unified Market Rules."
At the conference, SAC announced three immediate standardization reform measures:
- Promote information disclosure of mandatory standards
- Initiate pilots on enterprise standards self-declaration disclosure system
- Expedite systemic reform of code allocation to organizations
Mr. Tian Shihong, Director-General of the SAC, highlighted three key medium and long-term goals:
- Efficient management of mandatory standards
- Development of consortia standards
- Improving participation in international standardization work... ...Full Story
ANSI Seeks Input on the Possible Revision of ISO/IEC Guides on the Adoption of International Standards and Deliverables ANSI Weekly News October 17, 0214 - The International Organization for Standardization (ISO) Technical Management Board (TMB) is seeking respondents for a survey connected with the possible revision of two ISO/International Electrotechnical Commission (IEC) Guides providing information on the adoption of International Standards and deliverables. As the U.S. member body to ISO, the American National Standards Institute (ANSI) invites interested parties to respond to a brief ISO survey on this matter.
The two guides are ISO/IEC Guide 21-1, Regional or national adoption of International Standards and other International Deliverables – Part 1: Adoption of International Standards, and ISO/IEC Guide 21-2, Regional or national adoption of International Standards and other International Deliverables – Part 2: Adoption of International Deliverables other than International Standards. The results of the survey will be used, in conjunction with similar surveys taking place in thirteen other ISO TMB member nations, to inform the TMB’s decision-making process regarding the potential revision of the guides, which were last updated in 2005. Further consultation with the IEC regarding the revision is expected following the end of the survey period.
Stakeholders are asked to complete the survey form, available online, and submit it to Steven Cornish, ANSI senior director for international policy, at firstname.lastname@example.org by close of business on Friday, November 7, 2014. ...Full Story
HIMSS seeks specific guidance from NIST on cybersecurity framework Susan D. Hall FierceHealthIT October 16, 0214 - The healthcare industry needs the National Institute of Standards and Technology (NIST) to get specific about how to implement its cybersecurity framework, HIMSS writes in a letter to NIST Acting Director Willie E. May....In the letter to May, HIMSS said healthcare entities have long been focused on HIPAA compliance, yet compliance does not equal security....It also asks for specific guidance on what an ideal "target state" would be for a healthcare organization and standard metrics or tools to measure progress toward that goal. In addition, both privacy risk management and information security risk management should be addressed.... ...Full Story
AQSIQ and SAC Push for Reform of Enterprise Standards Management USITO.org Weekly October 16, 0214 - On September 30th, officials from regional quality supervision bureaus and the Standardization Administration of China (SAC) convened in Chongqing to discuss a new system of self-declaration of compliance for commercial product standards....Tian reiterated Premier Li Keqiang's objectives of "completing the national standards system, pushing forward the reform of mandatory standards, and improving the effectiveness, progressiveness and adaptability of standards, inspection and testing." Self-declaration of compliance for commercial product standards is seen as an important step in deepening the reform of the standardization regime, Tian said....Implementation of the new system will take place gradually, with an initial series of pilot initiatives. ...Full Story
Can We Talk: Creating a Common Language for Cybersecurity Brian Heaton Emergency Management October 15, 0214 - As hacking attempts become more complex, governments continue to improve their cybersecurity presence through sophisticated firewalls and expanded procedures. But while high-profile data breaches have focused more state and municipal attention on cyberintrusions, a decidedly old-school problem continues to plague efforts to beef up security — communication.
With a variety of security options available, public-sector agencies often are deploying tools and using strategies that utilize different terminology and principles. These differences can lead to frustration when trying to compare cybersecurity programs and address the latest digital threats across agencies or jurisdictions. Without a standardized language, it’s difficult to gauge how strong another organization’s cybersecurity is.... ...Full Story
Patents and Standards Public Consultation Enterprise and Industry European Commission October 14, 0214 - Standardization and intellectual property rights are key contributors to industrial innovation and industrial competitiveness. Standards ensure rapid diffusion of technologies and interoperability between products. Patents provide incentives for research and development and facilitate knowledge transfers. Many standards comprise innovative technologies that are protected by patents.
Public authorities and the standardization community have developed rules and practices to ensure the efficient licensing of such standard-related patents. These rules and practices aim to give patent holders a fair return on investment in research and development and to allow all users of the standard fair access at reasonable cost.
Public consultation (14/10/2014 - 31/01/2015)
The European Commission is interested in your views on:
– how the current framework governing standardization involving patents performs
– how it should evolve to ensure that standardization remains efficient and adapted to the fast-changing economic and technological environment... ...Full Story
Government as a platform will be fully ready in three years, says Liam Maxwell Archana Venkatraman ComputerWeekly.com October 14, 0214 - Government CTO Liam Maxwell has outlined the UK government’s digital transformation vision of delivering “government as a platform” – moving to common, shared technology platforms and ending silos....According to Maxwell, there are more than 300 websites across the government delivering public services, which is confusing for people. “Every part of the government has been a silo. Everyone is doing the same things, such as hosting and publishing,” he said.....
He added that the government is progressing quickly towards achieving its common platform vision by offering services such as the Public Services Network (PSN). Other services such as shared hosting and shared desktops will be launched soon and the idea of government as a platform will be fully functioning in two to three years’ time, he said....Talking to delegates at IP Expo, Maxwell also called for an end to “big IT” in government services.
“In 2009, the government spent £16bn on IT services. That is 1% of the UK economy – a lot of money,” he said.... ...Full Story
Central Military Commission Issues InfoSec "Opinions" USITO.org Weekly October 13, 0214 - Cnstock.com reported on October 8th that the China Central Military Commission recently issued a document entitled "Opinions on Further Strengthening Military Information Security Work."
According to the report, the "Opinions" require that the military thoroughly implement multi-level
information security risk assessment, with an emphasis on information security implementation and management. The "Opinions" also require that the military work to advance domestic indigenous technology and its applications.
This is the latest set of "opinions" designed to improve information security in key sectors of the economy and society, following recent guidelines from the Ministry of Industry and Information Technology (MIIT) for network security and from the China Banking Regulatory Commission (CBRC) for banking industry network security. ...Full Story
It’s an IoT standards shakeup as Broadcom dumps Intel’s Open Interconnect Consortium Stacey Higginbotham Gigaom October 13, 0214 - Standards formation is a messy business, and that’s proving true for the internet of things, as Broadcom leaves Intel’s Open Interconnect Consortium after a disagreement over IP.
Broadcom, one of the founding members of the Open Interconnect Consortium, has left the group over a disagreement on how to handle intellectual property, according to a source involved on the OIC. The standards group was formed this summer as a competitor to Qualcomm’s efforts to push AllJoyn as a device-to-device protocol that would help identify and assess the capabilities of connected devices.... ...Full Story