Practical Technology

for practical people.

January 2, 2005
by sjvn01
0 comments

The Triumph and Tragedy of Ray Noorda

Over my years as a computer journalist, I’ve met pretty much everyone who’s anyone in the technology business. Very few of the big names have really impressed me, though. Among those who I’ve thought were really something special have been Steve Jobs of Apple, Linus Torvalds of Linux and, oh yes, Ray Noorda of Novell.

Unlike those others, Noorda wasn’t technically brilliant. He was just a hard-headed, hard-working businessman who made things happen. I admired his work ethic and his willingness to do what was right by his lights.

Sometimes that meant fighting the good fight against Microsoft, which he saw as potentially totally dominating the desktop long before everyone else did. And sometimes that meant making peace.

For example, after Novell bought Unix and USL (Unix Systems Laboratories) from AT&T, rather than continue to fight with BSDI (Berkeley Software Design Inc.) over possible Unix intellectual property rights violations in BSD/OS, an early, commercial BSD Unix, Noorda famously declared that he’d rather compete in the marketplace than in court, and the two sides settled peacefully.

Noorda also took Novell Data Systems and turned it into the LAN company of the late 1980s and early 1990s. Along the way, Noorda also shaped the modern reseller world.

It was Noorda who came up with the three-tiered approach to resellers that so many companies now use. It was Noorda who decided that training and certification were the best ways to make sure that his partners could support Novell’s products. In turn, those early Novell resellers used Novell’s CNE (Certified NetWare Engineer) to market their wares and services so successfully that every major vendor has a certification program for its partners.

If you use any certification to get a job or to sell your services, you owe a debt to Ray Noorda.

Thus, it’s with a heavy heart that I see that Noorda’s investment company, The Canopy Group, parent company of SCO, and many others involved in a civil war. It appears that an old-fashioned power struggle has developed between Noorda’s hand-picked executives, some of his family and some Canopy associates.

I don’t know the details of the fight. No one outside of the Canopy family does.

But I do know that Canopy, which is a privately held venture capital firm, almost certainly has more than $1 billion in assets. It doesn’t take a genius to see how people could fight over it.

It also doesn’t help any that Canopy’s internal structure is a Byzantine complex of, at one time, more than two dozen companies. These companies frequently share resources and officers and invest in each other.

For example, in late 2000, SCO (then Caldera) formed a partnership with EBIZ Enterprises, a Texas-based company in which Canopy held a controlling interest, to create a B2B (business-to-business) marketplace company called PartnerAxis. The company was designed to link Linux solution providers with resellers. PartnerAxis, in turn, was funded by Canopy.

I’m no accountant, but I have followed several of the Canopy-related companies, such as SCO and Novell, for more than a decade … and I can’t make heads or tails of Canopy’s internal structures. If you want to give it a try, the TWkiIWeThey site, with its listings of Canopy officials and companies, is your best place to start.

Novell, I should add, isn’t part of Canopy anymore. Noorda and Canopy largely divested themselves of Novell stock back in 1996.

In part, that was because—oh, the irony of it all—Noorda believed that Linux was the future, while Novell, now under Bob Frankenberg, killed off its internal Linux skunks work project. Soon thereafter, Noorda cut off his ties with Novell and via Canopy bankrolled Caldera Systems, one of the first Linux companies.

Over time, though, Ray’s health and memory have continued to fail. And meanwhile, Caldera, now renamed SCO, has turned against Linux and Novell has now embraced Linux with open arms. Oh the irony!

Were Ray, who is 80 now, in better shape, I’m sure that we would never have seen SCO sue IBM and launch its attack against Linux. Instead, we would have seen Novell acquire SCO, rather than SuSE, to make its Linux play. And we certainly wouldn’t see what promises to be a long, nasty fight for control over Canopy.

So it is that today I sit in my office, and I’m very sorry indeed that Ray’s legacy has come to this.

Still, in the larger sense, his legacy still goes on. Regardless of what happens to the companies he founded, he, just as much as Scott McNealy of Sun and John Chambers of Cisco, helped create the networked world we live in now, And more so than anyone else, he created the modern reseller and integrator world from which so many of us make our living.

A version of this story first appeared in Channel Insider.

December 22, 2004
by sjvn01
0 comments

Use Firefox for a Safer System

The itsy, bitsy spider, climbed up the water spout.
Down came the rain and washed the spider out.
Out came the sun and dried up all the rain,
So the itsy, bitsy spider went up the spout again.

That was one of my daughter Alicias favorite nursery rhymes when she was small. And its a great fun as that, but it makes for a lousy IT policy. How many times must Windows desktop users be hosed before they start using a more secure desktop operating system?

Or, if youre not ready to shift over to a good, solid desktop Linux such as Novell Linux Desktop or Xandros or buy a Mac, the least you could do is start using more secure, open-source applications on your Windows.

Take Firefox for example. Ive been using Web browsers almost since before there were Web browsers, and Firefox is simply the best browser Ive ever used on any platform. In addition, Firefox is a lot more secure than Internet Explorer.

Notice I didnt say it was perfectly secure. Like any software program, it has problems. Internet Explorer, on the other hand, is a security hole disguised as a Web browser.

Dont believe me? In past few weeks, weve seen a pair of IE problems that hit fully patched Windows XP SP2 (Service Pack 2), a spoofing problem that also smacks completely patched systems, and the Bofra/IFrame bug, which SP2 does stop. And the IE faults keep coming and coming.

Do you want to spend all of your IT staffs time patching IE and praying that your users dont run into a page that opens up your network like a rotten fruit while waiting for a patch? I dont think so.

Oh, and did I mention that if your shop is still running Windows 2000, you can forget about getting XP SP2-style security patches anyway? I hope your budget is ready to either upgrade all of your systems to XP or add a lot more security to your systems, because Microsoft isnt giving you a whole lot of choice about the matter.

A Microsoft program manager, Peter Torr, recently asked on his blog, “How can I trust Firefox?” My question, of course, is how can I trust IE?

Yes, Firefox has holes, too. For example, theres a pop-up window problem that gets pretty much every browser on the planet.

People who dont get security often say that if Firefox or any other open-source software were only as popular as IE, their security would be just as bad. Nope. Wrong.

First, open-source software is constantly being looked at by numerous developers. When problems are found, and they are all the time, theyre quickly fixed. With Microsoft code, you have to trust that its programmers are on the ball and that theyll fix problems quickly. You look at their track record and you decide if thats true. I know what I think.

Second, on Windows, open-source applications are just that: applications. Microsoft programs, by their very nature, are tied directly into the operating system kernel. This means, IE—and other Microsoft Windows applications such as Outlook—enables any security hole to potentially rip open the entire operating system.

This isnt paranoia. Read eWEEK.coms security section. Youll find story after story about serious Internet Explorer holes that appear, and Microsoft sometimes takes months to patch them. Who needs this?

Torr said he thinks Firefox and its plug-ins and helper applications need better code signing so that users know that an application really is a legit one and not a hacked Trojan that will lie in wait to attack your system. Hes got a point.

But at least with Firefox, the real application isnt a problem. I know who makes Internet Explorer, and IE is the problem.

A version of Using Firefox for a Safer System first appeared in eWEEK.

November 19, 2004
by sjvn01
0 comments

Author of Linux Patent Study Says Ballmer Got It Wrong

When Microsoft CEO Steve Ballmer said he wasnt really saying that Linux violates more than 200 software patents, Microsoft followed up by saying Ballmer was only citing findings from a controversial study done this summer by OSRM (Open Source Risk Management), a risk-mitigation consultancy.

The study claimed that Linux has been found to potentially violate 283 software patents. The author of that report, however, doesnt see things the way Ballmer does at all.

“Microsoft is up to its usual FUD [fear, uncertainty and doubt],” said Dan Ravicher, author of the study Microsoft cites, who is an attorney and executive director of PUBPAT (the Public Patent Foundation).

“Open source faces no more, if not less, legal risk than proprietary software. The market needs to understand that the study Microsoft is citing actually proves the opposite of what they claim it does.”

“There is no reason to believe that GNU/Linux has any greater risk of infringing patents than Windows, Unix-based or any other functionally similar operating system. Why? Because patents are infringed by specific structures that accomplish specific functionality,” Ravicher said.

“Patents dont care how the infringing article is distributed, be it under an open-source license, a proprietary license or not at all. Therefore, if a patent infringes on Linux, it probably also infringes on Unix, Windows, etc.,” he said.

It makes no difference whether and how software is distributed, Ravicher said. “The bottom line is theres no reason to believe that Windows, Solaris, AIX or any other functionally similar operating system has any less risk of infringing patents than Linux does.”

“Ballmer makes a very bold statement by saying Linux infringes hundreds of patents,” Ravicher said. “That is extremely different than saying Linux potentially infringes X patent, because the requirement to prove infringement is much more difficult than the requirement to simply file a case claiming infringement. As the SCO saga shows, filing a case based on an allegation is one thing; proving the merits of the allegation in court is something completely different.”

Speaking Thursday at the Microsoft-sponsored Asian Government Leaders summit in Singapore, Ballmer said, “There was a report out this summer by an open-source group that highlighted that Linux violates over 228 patents. Someday, for all countries that are entering WTO [the World Trade Organization], somebody will come and look for money to pay for the patent rights for that intellectual property. So, the licensing costs are less clear than people think today.”

In fact, the study said Linux potentially violates 283 software patents, not “over 228” as Ballmer said in his speech.

But Ravicher said Ballmer misinterpreted his studys findings. “He misconstrues the point of the OSRM study, which found that Linux potentially, not definitely, infringes 283 untested patents, while not infringing a single court-validated patent.”

“The point of the study was actually to eliminate the FUD about Linuxs alleged legal problems by attaching a quantifiable measure versus the speculation,” he said. “And the number we found, to anyone familiar with this issue, is so average as to be boring; almost any piece of software potentially infringes at least that many patents.”

The study shows that when it comes to software, open-source varieties face fewer patent threats than proprietary ones, Ravicher said. “If one believes the proof is in the pudding, open-source software has much less to worry about from patents than proprietary software.”

“Consider this—not a single open-source software program has ever been sued for patent infringement, much less been found to infringe. On the contrary, proprietary software, like Windows, is sued and found guilty of patent infringement quite frequently.”

These include the patent battle over Eolas Technologies browser technology and the recent settlement between Eastman Kodak Co. and Sun Microsystems Inc. over Kodaks patent being infringed by Java.

Ravicher wasnt the only open-source leader to take offense at Ballmers comments.

“At OSDL, we have a lot of confidence in the robustness of Linux around IP, patents and copyright,” said Stuart Cohen, CEO of OSDL (Open Source Development Laboratory), the home organization of Linux creator Linus Torvalds.

“Some of the worlds largest vendors share our view and are willing to stand behind Linux to protect their customers, as are we,” Cohen said. “HP offers its Linux customers indemnification. So do Red Hat and Novell. Both Novell and IBM have publicly promised to use their extensive patent portfolios to protect Linux customers.”

Cohen said OSDL has set up a $10 million legal defense fund for Linux customers. “With Linux adoption growing three times faster on the server than any other operating system, customers are clearly not intimidated by FUD and are continuing to embrace Linux,” he said.

Cohen said none of the challengers to Linux has specified where the platform may be overstepping its bounds.

“Over the past 18 months, a handful of companies and individuals who are threatened by Linuxs success have tried to argue that Linux may infringe others software patents. We find it interesting that none of those companies or individuals have said which patents Linux may offend.

“Yet patents are, by their nature, public; inventions must be disclosed in exchange for the rights granted by the PTO [the U.S. Patent and Trademark Office]. Detractors of Linux on patent grounds should be asked to point to the specific patents that they claim infringe.”

A version of this story was first published in eWEEK.

October 19, 2004
by sjvn01
1 Comment

Author of Linux Patent Study Says Ballmer Got It Wrong

While Microsoft CEO Steve Ballmer cited Dan Ravicher’s study as saying that Linux has been found to violate more than 200 software patents, Ravicher says Microsoft is “up to its usual FUD.”When Microsoft CEO Steve Ballmer said he wasnt really saying that Linux violates more than 200 software patents, Microsoft followed up by saying Ballmer was only citing findings from a controversial study done this summer by OSRM (Open Source Risk Management), a risk-mitigation consultancy.

The study claimed that Linux has been found to potentially violate 283 software patents. The author of that report, however, doesnt see things the way Ballmer does at all.

“Microsoft is up to its usual FUD [fear, uncertainty and doubt],” said Dan Ravicher, author of the study Microsoft cites, who is an attorney and executive director of PUBPAT (the Public Patent Foundation).

“Open source faces no more, if not less, legal risk than proprietary software. The market needs to understand that the study Microsoft is citing actually proves the opposite of what they claim it does.”

“There is no reason to believe that GNU/Linux has any greater risk of infringing patents than Windows, Unix-based or any other functionally similar operating system. Why? Because patents are infringed by specific structures that accomplish specific functionality,” Ravicher said.

“Patents dont care how the infringing article is distributed, be it under an open-source license, a proprietary license or not at all. Therefore, if a patent infringes on Linux, it probably also infringes on Unix, Windows, etc.,” he said.

It makes no difference whether and how software is distributed, Ravicher said. “The bottom line is theres no reason to believe that Windows, Solaris, AIX or any other functionally similar operating system has any less risk of infringing patents than Linux does.”

“Ballmer makes a very bold statement by saying Linux infringes hundreds of patents,” Ravicher said. “That is extremely different than saying Linux potentially infringes X patent, because the requirement to prove infringement is much more difficult than the requirement to simply file a case claiming infringement. As the SCO saga shows, filing a case based on an allegation is one thing; proving the merits of the allegation in court is something completely different.”

Speaking Thursday at the Microsoft-sponsored Asian Government Leaders summit in Singapore, Ballmer said, “There was a report out this summer by an open-source group that highlighted that Linux violates over 228 patents. Someday, for all countries that are entering WTO [the World Trade Organization], somebody will come and look for money to pay for the patent rights for that intellectual property. So, the licensing costs are less clear than people think today.”

In fact, the study said Linux potentially violates 283 software patents, not “over 228” as Ballmer said in his speech.

But Ravicher said Ballmer misinterpreted his studys findings. “He misconstrues the point of the OSRM study, which found that Linux potentially, not definitely, infringes 283 untested patents, while not infringing a single court-validated patent.”

“The point of the study was actually to eliminate the FUD about Linuxs alleged legal problems by attaching a quantifiable measure versus the speculation,” he said. “And the number we found, to anyone familiar with this issue, is so average as to be boring; almost any piece of software potentially infringes at least that many patents.”

The study shows that when it comes to software, open-source varieties face fewer patent threats than proprietary ones, Ravicher said. “If one believes the proof is in the pudding, open-source software has much less to worry about from patents than proprietary software.”

“Consider this—not a single open-source software program has ever been sued for patent infringement, much less been found to infringe. On the contrary, proprietary software, like Windows, is sued and found guilty of patent infringement quite frequently.”

These include the patent battle over Eolas Technologies browser technology and the recent settlement between Eastman Kodak Co. and Sun Microsystems Inc. over Kodaks patent being infringed by Java.

Ravicher wasnt the only open-source leader to take offense at Ballmers comments.

“At OSDL, we have a lot of confidence in the robustness of Linux around IP, patents and copyright,” said Stuart Cohen, CEO of OSDL (Open Source Development Laboratory), the home organization of Linux creator Linus Torvalds.

“Some of the worlds largest vendors share our view and are willing to stand behind Linux to protect their customers, as are we,” Cohen said. “HP offers its Linux customers indemnification. So do Red Hat and Novell. Both Novell and IBM have publicly promised to use their extensive patent portfolios to protect Linux customers.”

Cohen said OSDL has set up a $10 million legal defense fund for Linux customers. “With Linux adoption growing three times faster on the server than any other operating system, customers are clearly not intimidated by FUD and are continuing to embrace Linux,” he said.

Cohen said none of the challengers to Linux has specified where the platform may be overstepping its bounds.

“Over the past 18 months, a handful of companies and individuals who are threatened by Linux’s success have tried to argue that Linux may infringe others software patents. We find it interesting that none of those companies or individuals have said which patents Linux may offend.

“Yet patents are, by their nature, public; inventions must be disclosed in exchange for the rights granted by the PTO [the U.S. Patent and Trademark Office]. Detractors of Linux on patent grounds should be asked to point to the specific patents that they claim infringe.”

A version of this story appeared in eWEEK.

October 15, 2004
by sjvn01
0 comments

Black Duck Moves IP Protection to the Lawyers Office

Black Duck Software, an information services company offering IP (intellectual property) risk management and mitigation solutions, will announce on Monday the immediate commercial availability of its first comprehensive source-code services program, protexIP/license management.

This is the next product in Black Duck Software Inc.s suite of development IP tools. It will be officially unveiled Monday at the annual Licensing Executives Society meeting in Boston.

The first of Black Ducks earlier programs, protexIP/development, provides companies with an extensive license and source-code knowledge base that can be used to rapidly identify instances of open-source software and associated license conflicts in developers code trees.

Its companion service, Black Duck protexIP/registry, enables software vendors to place their code in the knowledge base, after it has been scanned for IP violations by the protexIP/development module.

With this pair, developer and managers can track open source and a companys own code during the software development process. ProtexIP/license management takes the next step of moving software development IP issues from the programmers room to the lawyers office.

With protexIP/license management, a companys in-house counsel, or an outside law firm working with a business via an extranet, can look for possible IP issues during a programs evolution from starting idea to shipping product.

“This will be very useful for companies trying to introduce methodologies to address licensing issues,” said Black Duck founder and CEO Doug Levin. In turn, this will mean that the “process will enable companies to avoid costly code reviews, software audits, bad public relations and legal fees,” he said.

This problem exists, Levin said, because “virtually all companies that develop software are now working in a mixed-IP environment, where software is created on ever-increasing layers of previous work, without knowledge of copyrights and license restrictions.” At the same time, “companies want to take advantage of the benefits that open-source software solutions provide.”

However, by using the Black Duck suite, companies can “identify open-source software mixed with company-developed software” and “determine the license restrictions of the open-source software and if theyre compatible with company business goals and policies.” Finally, with the Web interface-based program, company attorneys and managers can “manage and track resolution of issues during, and not after, the development process.”

Newly hired senior product manager Keith Erskine said resolving issues early can pay off well. “With protexIP/license management, companies can get the lawyers in the loop early. Usually, IP issues were addressed late in the development cycle.” Because any IP problems were handled as last-minute details, companies often faced expensive delays in rolling out software.

This isnt just an issue for ISVs. “Were finding companies now that have software compliance teams, albeit they may go under different names. The people in charge of IT want to know now if there are any IP issues with the software coming into their companies,” Erskine said.

Testa, Hurwitz & Thibeault LLP, a leading Boston law firm, is already using protexIP in its multidisciplinary Open Source Task Force.

The law firm is finding it useful in counseling its operating-company clients—as well as venture capitalists and institutional investors—on open-source issues in the areas of software development, IP infringement and IP due diligence in venture capital financings, M&A (merger and acquisition) transactions and IPOs (initial public offerings).

Black Duck’s programs, though, are useful for more than just companies using open source or the law firms that advise them. The software also can be used to track proprietary code and licenses within a companys IT framework.

Black Duck’s chief market, however, is with companies using open source. With this new program, Levin confidently said, “Businesses can use open source safely.”

The program, which requires the use of protexIP/development, will be available Monday. Its starting license fee is $9,500 for a two-seat license.


A version of this story was first published in eWEEK.

October 5, 2004
by sjvn01
0 comments

Software Patents Gone Bad

Software patents are bad for both open- and closed-source developers, not to mention for anyone who buys software. Isn’t it time we get rid of them once and for all? Open-source and proprietary developers have at least one enemy in common: software patents.
This latest mess with Kodak and Sun is just one of many, many examples of software patents gone amok. In this most recent example, one of Kodaks patents—by way of Wang Labs—covers when applications “ask for help” from another application.

Can you say thats a little broad? I knew you could. Kodak is using it against Java, but Kodak also could use it against Microsoft and its .NET platform.

Kodak says it wont. But I suspect that if Kodak’s victory is upheld and the company has a few more bad quarters … well, lets just say I wouldnt be surprised to find a Kodak lawyer arriving at Microsoft’s Redmond campus.

Software patent law in these United States has become a laughingstock. I may not know the law, but I do know a bad joke when I see one.
Or, well it would be, if it werent so deadly serious.

I know most of you want to read about patent issues the way you do a week-old sports page. Trust me, I want to write about technology, not patent law; but patent law is strangling open- and closed-source software development, so I have to write about it.

It all seemed so funny back in 1999, when Amazon.com started this whole mess by patenting the one-click idea. But now, no one is laughing.
In the past few weeks alone, Forgent Networks has announced that its suing 42 major technology vendors over their use of the JPEG image format; Microsoft’s Sender ID-related patent proposals helped crush a once-promising way to stop spam; and Microsofts own FAT (file allocation table) patent has, for now anyway, been denied. As a developer, closed or open source, you don’t have the time or skills to look for software patents.

For that matter, some experts say you shouldn’t look anyway! “Current U.S. patent law creates an environment in which vendors and developers are generally advised by their lawyers not to examine other peoples software patents, because doing so creates the risk of triple damages for willful infringement,” Daniel Egger, chairman and founder of OSRM (Open Source Risk Management), said a few weeks back.

How did we ever end up in such a mess? Well, Im no lawyer, but Glenn Peterson, who is an IP attorney and shareholder in the Sacramento-based law firm McDonough Holland & Allen PC, said, “Many traditionalists harken back to Thomas Jefferson to remind us that ideas are not patentable. One may patent the tangible fruits of an idea, but not the abstraction, i.e., the idea itself.”

That gets tricky when it comes to software, but the U.S. Patent and Trademark Office has clearly gone too far in enabling companies to patent software—and for that matter, business ideas.

The Public Patent Foundation front page says it all: “Wrongly issued patents and unsound patent policy harm the public: by making things more expensive, if not impossible to afford; by preventing scientists from advancing technology; by unfairly prejudicing small businesses; and by restraining civil liberties and individual freedoms.”

Sounds too grand? Think again. The big patent cases ask for tens of millions to more than a billion dollars in damages. Who ends up paying the bills? The people who buy and use software.

Even when companies win, we—the users and developers—end up paying the bills because top-level patent law is expensive and takes years. Eolas is still fighting Microsoft over basic browser technology found in IE

Think that doesn’t matter to open-source developers? Think again. If upheld, the Eolas patent also can be used against Mozilla or Firefox. No one is safe from patent abuse.

The Public Patent Foundation front page says it all: “Wrongly issued patents and unsound patent policy harm the public: by making things more expensive, if not impossible to afford; by preventing scientists from advancing technology; by unfairly prejudicing small businesses; and by restraining civil liberties and individual freedoms.”

Sounds too grand? Think again. The big patent cases ask for tens of millions to more than a billion dollars in damages. Who ends up paying the bills? The people who buy and use software.

Even when companies win, we—the users and developers—end up paying the bills because top-level patent law is expensive and takes years. Eolas is still fighting Microsoft over basic browser technology found in IE.

Think that doesn’t matter to open-source developers? Think again. If upheld, the Eolas patent also can be used against Mozilla or Firefox. No one is safe from patent abuse.

Heck, even when companies don’t fight, we, as IT buyers, end up spending more because our software providers send the additional cost to us.
The only winners in the patent war are the firms that use them against other companies and the lawyers they employ.

So, what can you do? Well, if you’re in a position of authority, you can discourage your company from taking out stupid patents.

For example, am I the only one who finds it ironic that Sun president Jonathan Schwartz talked in his blog last Thursday about how he supports software patents and then, on the very next day, Kodak socked it to him?

Its not just Sun, though. Microsoft has won—and lost—hundreds of millions of dollars in patent lawsuits. Isnt it time to stop the patent madness?
I think so. You can help by supporting the Public Patent Foundation. You also can write to your representatives in Congress and encourage them to reform patent law in general and, in specific, to take software IP (intellectual property) issues out of patents and into copyright, where it belongs.

A version of this story was first published in eWEEK.