Bobulate
Home [ade] cookies
Changing standards for standards
November 10th, 2009
Yesterday I rattled on about change processes for open standards; or at least, tried to suggest I’d done some thinking on the topic. This post is a little more “meta” because I’m going to point to some articles describing how the standards up to which standards are held, change — in non-open ways.
First off, the Free Software Foundation Europe (FSFE) has a definition of Open Standard. Like I said, it’s one of many; it is based on the European Interoperability Framework (EIF) definition, strengthened a little for Free Software. The Dutch government agency for software, NOiV has a Dutch definition, again directly derived from the EIF one.
There is an update coming to the EIF, described in (among others) ArsTechnica’s “EU waffles” article. The update is still in draft form; the draft was leaked to Brenno de Winter. Since the update was supposed to have been published by now, the fact it’s still in draft suggests that the (non-open) process for updating it is not going too well. Ryan Paul picks out many of the key problems with the new (draft) definition, in particular changing the language from fairly clear, fairly forward thinking, to one that is muddled and unclear. Replacing clarity with confusion does not, to me, constitute a valuable change in a standard (a meta-standard, describing how other standards should work: in other words, muzziness here is damaging across a far wider scope than just one badly-written standard elsewhere).
In a sense, you could say “closed is the new open.” Or maybe “closed is just a kind of open, at the 0.0 mark on the sliding scale of openness.” Yes, and slavery is just 0.0 freedom, and broken is just 0.0 functioning. Indeed, on scales like that, you can make almost anything mean anything at all (lemons just taste 0.0 sweet).
Karsten Gerloff has the FSFE’s response, and points to an article by Glyn Moody (where I see Keith Jones has added a comment that pre-dates this entry, with the same gist — I think he misses the point where the new EIF says “for interoperability, we need open standards, and open standards are ..”; relatively good comments thread there, anyway.)
FSFE Fellowship Grants
November 10th, 2009
Starting in November 2009, Free Software Foundation Europe (FSFE) will award three people with a Fellowship grant every month for the coming year. Everybody who is actively working for Free Software but cannot afford the Fellowship contribution can apply for the grant.
That’s from the Fellowship of FSFE news page. The Fellowship of FSFE is the way that individuals can support the work of FSFE; by becoming a member you add to our resources of people, time, enthusiasm. However, it costs money, which not everyone has, so we’re looking to recognize people who contribute time, enthusiasm and skills to Free Software with a complimentary Fellowship.
The Fellows in an area also organize get-togethers — after all, they are members of one club — and the groups in various cities in Germany are quite active and successful. In the Netherlands, not so much, but we’re looking to change that by getting together in the second half of january (after jan. 14th, when the New Year’s borrel for a whole bunch of Free Software and Open Standards groups happens). For those in .nl — keep an eye on the national mailing list.
Changing standards
November 9th, 2009
The nice thing about standards is that there’s so many to choose from. Joel Spolsky elaborates on Martian handsets in the context of web standards — it’s a fun read, go on. It’s somewhat relevant in the context of Open Standards (there are many definitions out there, largely compatible and differing in details; the FSFE uses on definition of Open Standard, the SIUG uses a slightly different one). Now, one of the characteristics of an Open Standard is that there is some change process — new features are added, ambiguities in the standard worked out. Article 4 of the FSFE definition asks for “managed and further developed independently of any single vendor”. I think none of the available definitions demand “don’t be daft.”
But when changing standards (e.g. producing a new version of a standard with new features, new extensions, or clarification and disambiguation), some form of “don’t be daft” needs to be taken into account. Clearly there’s a need for measured progress, although we can argue about what “progress” means. As a (former) formal-verification-kind-of-guy, I suspect I use words like “specification” and “standard” differently from, say, the ISO. A specification states truth, and does so elegantly. In my academic experience, changing a specification raises two main questions: is this true? is this the best possible way to express the spec? These academic specs, too, are written by small groups of people, with strong co-working ties.
Way down at the other end of the spectrum — no, I shouldn’t suggest that there’s a continuum present here; somewhere there’s a quote like “that’s not the same ballgame; heck, it’s not even the same sport” but I forget where that’s from — are fuzzy processes, ambiguous specifications and fundamental disagreements on what “progress” means. Rob Weir has a three-part blog series (Part I) on the IS29500 update process. Looking at that, I see an update process rife with procedural problems, intellectual dishonesty, and a lack of commitment to a common goal. It’s an interesting read, if only to wonder — what kind of provisions should we make in the definition of Open Standards to ensure a (better) workable change process?
Encouraging Sharing
November 8th, 2009
Whenever I say “it’s immoral to prevent people from sharing knowledge” it brings a smile to the lips of whomever I’m talking to. That’s nice, it’s a good emotional line — also one that needs a little nuance in order to work. But once you’ve got a smile, the rest of the conversation is easier.
In academia and education, dissemination and sharing of knowledge is what it’s all about — there the prevention of knowledge sharing really is at odds with hundreds of years of academic tradition, and the “immoral” argument gains strength. It’s always seemed odd to me how closed academic publication is (although to be honest the actual published papers by me are insignificant). One of the projects I’ve done is CodeYard, which tried to get Dutch students to build Free Software as part of the curriculum at high-school — in the open, as a way of sharing and demonstrating knowledge.
For educational materials as such for the Dutch computer science (informatica) classes in high school, there was the “Turing” method, which I thought had moved into an open contribution model — but I can’t find any indications of that quickly. One of the best sources for HS-CS information in the Netherlands is InformaticaVO, which also encourages sharing of information between teachers. I’m also happy to see Poland adding incentives for sharing to the creation of educational materials. Once learning materials are created (by teachers, on the public dime) there’s no economic reason to stop dissemination, and indeed a moral obligation (smile!) to share widely.
At an academic level, we have Open Access; there was even an Open Access Week (in Dutch) three weeks ago. I must say it passed largely unnoticed by me, but I might have been traveling. The University of Nijmegen had an event related to that week too, with a press release. There’s some push towards a semi-open-access repository called the “Radboud Repository”, but ironically it has CS papers only up to 2008 and every one I looked at there was closed, in the sense of no actual content, no link to the paper, no reference to where the content could be obtained; one paper was published in an NLUUG bundle, so I know that that one isn’t strongly protected by the publisher, and the one article that I spotted that is published by the university (R08007, on Size Analysis of ADTs) has no content link but does have a “related link” attached that doesn’t work.
By a roundabout way, suffice to say that the Radboud University might want to support Open Access, but it still has to lot of work on the “making it work” side of things. But sharing is, on the whole, doing well. I wonder if anyone has baked the peanut-butter cookies for which I shared a recipe during my Latinoware talk?
Down with loading!
November 7th, 2009
One peculiarity of Dutch copyright law is the fact that obtaining a copy of a (copyrighted) work that is not offered in a legal fashion (i.e. the person offering the copy does not have a license to do so) does not in itself constitute infringement. In other words, you can take, but you can’t offer. Sounds a little like “do ask, but don’t tell” to me. I believe a similar situation applies in Canada. Both countries also have a “copying levy” applied to blank media.
The effect of this situation is to turn all the Dutch computer magazines (the non-technical ones anyway) into “where to get yur music n vidz” catalogues. Something that I feel does the notion of copyright a disservice. [[ I should note that it’s possible to disagree with the notion of copyright itself or the implementation thereof, but here we’re mostly weaseling to escape the fundamental restriction that it should be the author of a work who controls what may be done with it. ]]
[[ Additional warning: all links in this blog entry lead to Dutch-language pages, so be warned that they may contain Hottentottententententoonstellingen and other examples of that raspy tongue down by the sea. ]]
In the past few weeks there have been repeated kerfuffles around enforcement of copyright — in the music business, not software — but the Dutch government has now stated that it intends to make downloading illegal. Well, fortunately a little more subtle than that (although the umbrella for copyright organizations has in the past tried to paint a picture that all downloading is illegal, until the NLUUG and others called them on that). It hit one news site as free downloads should be punishable; another headline (same site) was gov’t to ban downloading. What I make of this is that “downloading” in Dutch apparently means “obtaining a copy of a work from an unlicensed source.” See the perverse effect on language?
This kind of news hits lots of channels, and you can see, for instance, on security.nl — the usual kind of discussion focused on “music biz needs a new business model” and “copyright lasts too long” and “implementation is infeasible because I’ll use encryption.”
But let’s take a closer look at the sources (maybe not the most-original source, but closer than reports in the media): a press release from the ministry of Justice. The summary of the press release reads:
Thuiskopieheffingen op informatiedragers zoals blanco cd’s en dvd’s moeten op termijn worden afgeschaft. Daarvoor in de plaats komt een regeling die het downloaden van beschermde werken uit (evident) illegale bron verbiedt. Verder wordt het toezicht op auteursrechtorganisaties sterker en zal de contractuele positie van auteurs en uitvoerende kunstenaars worden verbeterd.
[[ Loose translation in English: ]] The blank media levy (which covers home copying of music and video) on cd’s and dvd’s should be scrapped in due time. In its place, downloading of copyrighted content from (obviously) illegal sources will be prohibited. In addition, the oversight of copyright-related umbrella organizations will be strengthened and the contractual position of authors and performing artists will be improved.
I suppose I can only say I think I applaud this (the devil’s in the details, of course), as it moves to a somewhat less actuarial approach to copyright violations and tries to come up with something that works more closely along the original setup where the author had control over the protected work (within the scope of copyright law, which is the social contract governing the use of creative work, along with its explicitly allowed exceptions).
Now all the Trolls will want one
November 7th, 2009
Oh goodness, it’s only taken until the first beta of Qt 4.6 (spoiler: it’s really Thiago!) for commercial jewelry to catch on to the fact. Especially because it’s next generation.
Private Silos
November 6th, 2009
Attached to LinuxWorld is the InfoSecurity trade show (or the other way around, since LW is about a fifth of the size of IS). It’s a nice opportunity to find out about networking, crypto, and other things going on in that part of the world. Security isn’t exactly my thing, although when I was running CodeYard I was located across the hall from the security research group at the University of Nijmegen — and of course I’m never without my Fellowship of FSFE GPG-card.
At the NLUUG conference last week I heard of the Yubikey — unfortunately I missed the actual talk by Henk, so I’m still a little confused as to what you can actually achieve with such a device that acts as a USB keyboard and spits out 16 fixed characters followed by 32 random ones. One-time passwords, sure, but I’m just not creative enough to come up with what to do then.
The FSFE is an enthusiastic user of GPG encryption and digital certificates (from CAcert) because we feel that Freedom and Privacy (through the use of strong encryption) go hand in hand. So I was happy to meet some folks from a company called Legid who are pushing certificates (S/MIME and otherwise) as means for digital signing, and have a hardware-software combination that uses a smartcard with a neat wifi-and-usb (?) enabled terminal to handle them. The terminal also apparently supports something that looks like OpenID, sending authentication requests and authorization requests (e.g. when trying to pass a doorway) to different parties for permission. The long term goal is to have everyone with a smartcard and a collection of personal (i.e. bound to your real identity) certificates for legally sound document signing; naturally you’ll want more certificates to handle the different online identities you have.
Going from there to the “but email clients are too difficult” end of the spectrum, I chatted with a company that does secure document silos — to which I largely responded “why on earth would I want a new, locked-down, non-interoperable web-based silo for document exchange?” This might signal a difference in workflows — I have different client apps for different activities (but because it’s KDE4 they integrate really well) and don’t see much value in having to go to a website to retrieve a document when encrypted attachments (S/MIME or otherwise) have been part of email for tupping ages. The company (DigiNotar) claims that that’s too complicated, and I suppose for people who have a web-browser based workflow anyway, that kind of makes sense. Especially if the silo combines document management with security — the idea behind the silo is partly that you can keep better logs of document access and document reading. Again, a move towards being able to say “I know you read the document, because you were logged in (with your client certificate) and downloaded the encrypted version offered by the portal and then sent back a signature on the document.”
For such a silo my concerns quickly turn to interoperability; I have a bank that communicates with me through such a closed sercure silo — or rather, it doesn’t communicate with me because their silo doesn’t work with my choices of browsers (and the one they do support doesn’t run on my hardware).
All in all, good to see work on privacy going on; in so far as it’s possible to get a good idea of what’s going on from a chat at a trade fair.
LinuxWorld wrap-up
November 6th, 2009
Two days of LinuxWorld have left me tired by happy. I ended up giving two talks, because Karsten and I made it a double on wednesday and then on Thursday I had another one on best practices in license selection for Free Software projects (one-line summary: pick one that is consisten with your business strategy). The Open Source pavilion at LW isn’t all that large, so 14-20 people as an audience fills it.
Besides giving some talks on licensing topics (FSFE hat), I sometimes stood around the NLUUG booth and handed out posters for the next NLUUG conference — spring 2010, topic “System administration.” Very traditional for an Open Systems and Open Standards organization. And aside from that, wandering around a trade fair with four themes — Linux, Storage, Security and Business Tools — is an education in itself. I try to make clear at the start of every conversation that I’m not a sales opportunity, as that seems to avoid wasting time for both of us if I run into a hard-sell booth (still, the one stand that asked “How many workplaces does your company have?” and then “Well, you have less than five hundred desks, you’re not interesting, goodbye!” — I never even found out what they were selling at all.) You can still get conference goodies though, so I got home with a nice collection of peppermints and flashlights for the kids.
conferences.next()
November 3rd, 2009
With the NLUUG fall conference over (and Linux Kongress and OSDevCon, all planned for the same days and me able to attend only one), my sights are re-set to the next conferences. And lo! They are almost upon us. Linux World in Utrecht (Netherlands), which is a small Linux-oriented trade show surrounded by three much larger IT trade shows (Storage, Security, and “Tools”). It tends to be fun, though not very Free Software-oriented. I especially like talking to the storage peeps, since there’s a fair amount of technology hidden under the marketing speak — for instance ZFS has dedupe now. There’s two FSFE-related items on the agenda: I will give a brief talk on best practices in Free Software licensing for your Free Software projects (one sentence summary: consider the future business implications of your choice; longer version could be had at Latinoware). Karsten Gerloff will be paneling on public procurement (probably one sentence summary: chosing Free Software is a way to ensure long-term safety of data and social investment).
After that, at one week distance, is FSCONS where I’ll run into Karsten again. Do you suffer from bumping into your boss all the time in random countries? I do. FSFE has a big lineup there, thanks to Alina and Matthias who are secretly coordinating our presence there. Again, best practices in licensing.
After that, things are clear right through to Sinterklaas, which is good for getting some desk-time.
Unfit for a particular purpose
November 2nd, 2009
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
That’s a really popular line in Free Software licenses (I copied this one out of the FreeBSD license, which is a 2-clause, permissive, non-copyleft Free Software license, but something similar can be found elsewhere, e.g. in the GPLv3). It can be the thing to hide behind in a cop-out (as in “well, it works for me, don’t bother me with bug reports”) and it can be a powerful tool to avoid liability when bugs show up that a small group of developers didn’t foresee or missed in testing — liability that might bear no relation whatsoever to the rest of the economics of the situation. It is therefore vaguely amusing to see a local council suing over software unfit for a purpose — found on the Register. Since it’s very light on details, I’ll just put up a late night comment that it’s important to pick someone negotiating a software purchase contract who is fit for that purpose; that might ease some of the pain there.