Nicholas Goodman on Business Intelligence

Irony 1: 
An organization (OSI) that was formed to promote a commercial friendly form of a concept is NOW being described by some as inflexible and not suitable for “commercial open source.”  Well, keeping it real for 7 years ain’t bad! 

Irony 2:
The anti-forking license clause (forced UI attribution) may cause a fork in open source.  One of these companies has suggested that if OSI supporters don’t “shape up” and approve their licenses another organization will lilkely serve that need better.

Irony 3:
These companies believe some of their “freedom” to write software under a license of their choice is being diminished.  They believe it’s out of a philosophical opposition to companies investing in IP and then gaining revenue from that IP.  Not so.  Open Source has THRIVED alongside other models (proprietary, shared source, etc).  YOU ARE WELCOME to license software you create any way you like (shared source, proprietary, etc): that’s FREEDOM!  Just don’t be surprised if you claim to be Open Source and you’re NOT that people take notice and call it!

These companies have fought long, hard battles to get Open Source into the corporate data centers.  It was an uphill battle, requiring education on a concept new to many people.  They couldn’t just blaze a path for themselves, they had to prove an entire business model; explain its viability, its resulting products, and value.  The developers and executives at these companies fought a hard, honest war and have established a beach head.

The Marines have blazed the trail.  No mucking around with convincing a CIO that “not just anyone can update their source automatically” and that Open Source companies can generate real value, revenue with a product you COULD use for free.  The value they’ve provided has EARNED Open Source (as a defined concept) the respect of IT purchasers/developers/users to be treated as equals.

After fighting with both hands tied behind the back (education process, incumbent vendor FUD, giving product for FREE) they’re winning their fair share of market; true to their values and they’re being rewarded for their hard work and this commitment to Open Source. 

I’m baffled.  Why are none of these leaders speaking up about people taking what THEY’VE worked for (CIOs willing to buy Open Source when it meets their needs) and turning it into something confusing, less valuable, and ultimately NOT what Open Source is? 

These companies have partnerships, alliances, webinars, back scratching, with a new breed of “open source” (term used lightly and incorrectly) companies who find no need in actually being Open Source.  I’m not dogging OS companies having partnerships with proprietary vendors; I think there’s plenty of room in the world for FOSS and proprietary code to coexist.  MySQL and SAP; no problem.  Good for MySQL, good for SAP.  I take issue with them building partnerships, sponsoring conferences, etc with companies claiming to be Open Source that are not.

These companies are short sighted if they don’t see that by offering to let these new entrants muck with, distort, nudge, and ultimately dilute the term “Open Source” that their long term prospects diminish.  Five years from now, Open Source could be identified by confusion, vendor lock-in, and ultimately probably some nasty litigation/complaints made quite public.  Picture this: Customers buy services from these new “open source” companies only to find out later they don’t have the “things” they thought made open source compelling.  For instance, the ability to customize their own GUI of an open source application (mockup here)  How about being allowed to fork a project if the original vendor isn’t providing the best service?

MySQL, Redhat, IBM, Apache, Eclipse, HP, Novell: You all have a stake in making sure Open Source is not a concept to invite scrutiny and mistrust.  You have significant influence and can help your own business stay healthy by keeping Open Source real, and healthy.  Why associate in partnerships with companies claiming to be Open Source without adhering to the same honest commitment to Open Source that you have?  You are helping companies that dilute the value of Open Source for everyone; it may, temporarily, benefit their and your bottom line but what happens when the term Open Source becomes just as useless as “100% Organic,” “Money Back Guarantee,” and “As Seen on TV?“

I suppose, the final question might be, do they even know?  Are these companies taking the claim of Open Source at face value?  Open Source is a trusting environment; perhaps it was just assumed they were OSI approved (that’s the Open Source thing to do)?

From me, to Ross and license-discuss:

Socialtext which wishes to find a resolution for the attribution issuethrough the proposal of a Generic Attribution Provision.  A copy ofthe following message is available in HTML format here:https://www.socialtext.net/stoss/index.cgi?attribution_memo

I look forward to the conversation,

Ross, as I commented on a ZDNet thread, you’ve earned my respect (not that it matters) by bringing your license to OSI and having a real discussion about UI attribution.  I’m one of the critics of UI attribution licenses, but I’m glad someone brought it to place where forced UI attribution can be vetted to OSD in a reasonable manner.  I do hope you receive the criticism of this provision in that light.

needs than Linux. These application products could be “lost” in thelarger distributions. The obligations imposed by the attribution

I’m uncertain why copyleft licenses don’t meet the needs for “avoiding larger distrib hiding” without compensation.  Where does a license like the GPL not suit your needs?  If people are hiding it in their distributions will GPL (even with FOSS exception) not meet your needs?

provision are very similar to the reproduction of legal notices whichare found in virtually all open source licenses.

Attribution in documentation, source, and a splash screen at startup (to date approvals) are not “very similar” to a required use of a trademark that is not owned by the person fulfilling their obligations.  Redhat has sent letters to downstream vendors clearing stating their rights to not have their trademarks used.  They are quite different (more below).

However, we understand that attribution may cause problems for OSI,particularly since different companies may have different attributionnotices and may use different “base” licenses (all recent attributionagreements are based on the MPL).. Socialtext would like to suggestthat OSI consider an “attribution” provision which can be used for any“modifiable” license.

I think if an attribution provision, limited to be reasonable and in line with previous approvals (docs, splash page, etc) would not be detrimental to the open source effect.  I think having it as a general provision would be beneficial in license proliferation and remove objections from these companies just writing their own licenses willy nilly.

Generic Attribution Provision

Redistributions of the [original code] in binary form or source codeform, must ensure that each time the resulting executable program, adisplay of the same size as found in the [original code] released bythe original licensor (e.g., splash screen or banner text) of theoriginal licensor’s attribution information, which includes:

(a) Company Name(b) Logo (if any) and(c) URLs 

IMHO this allows exactly the problem with the current Mozilla Exhibit B going around.  This provision allows a “blank check” because HOW the original code attributes determines how prominent or  onerous it is.  I’m not a player in this (ie, OSI board) but I’ve suggested alternative language below that would limit to more common and appropriate attribution locations.  This is similar to what MOST people do currently (in Documentation, About Page if present, etc).  Common places to acknowledge the work that contribute to the whole application.  Remember the open source effect is TRYING to make multiple open source projects open for reuse in subsequent applications NOT limit those uses.

					POSITION STATEMENT

	1.	Consistent with OSD.  Attribution is merely a form of notice whichis consistent with Section 4, the Integrity of the Author’s SourceCode, of the Open Source Definition. Virtually every OSI approvedlicense requires the inclusion of copyright and other legal notices(and frequently more elaborate information, see below). Theattribution requirement is similar to this notice requirement.

They’re similar in that they are both attribution, but they are quite dissimilar in their burden.  Let’s be clear: there is a BIG difference between a note in a splash screen, document and a badge (amount many) on EACH UI screen. 

Consider other attribution circumstances: The artist that samples (perhaps even with payment) a Beatles song attributes the original copyright and work in a page inside the CD.  Or the inside CD cover, or … The attribution clause proposed this would require the new artist to place Powered by the Beatles(tm) on EVERY customer facing “screen” such as concert posters, CD covers, websites, etc.

Rationale: Encouraging lots of improvement is a good thing, but usershave a right to know who is responsible for the software they areusing. Authors and maintainers have reciprocal right to know what

Let’s say we’re in perfect agreement that no one should try and hide the source of the source, but should users be required to know the hundred or so names of developers that contributed to the Apache web server when they go to a website?  Should someone claim they wrote it?  No.  Should someone remove license copyright notices?  No.

they’re being asked to support and protect their reputations.Accordingly, an open-source license must guarantee that source bereadily available, but may require that it be distributed as pristinebase sources plus patches. In this way, “unofficial” changes can bemade available but readily distinguished from the base source.

I don’t think the source is an issue, is it?  I’m not sure anyone is saying that there should be no attribution in source files.

	2.	Already Approved.  OSI has approved several licenses which includeattribution, Attribution Assurance License, Open Source License andthe Adaptive Public License, as consistent with the Open SourceDefinition.

I wasn’t around for the rationale but I’m guessing they were limited enough in scope, as to not limit rights but rather provide modest attribution in appropriate “give credit where credit is due” places.  I don’t think they intended approving attribution to dictate a visual logo (advertisement) on EVERY UI screen.  Perhaps others can revisit this for the benefit of everyone?

2.  Redistributions of the Code in binary form must be accompanied bythis GPG-signed text in any documentation and, each time the resultingexecutable program or a program dependent thereon is launched, aprominent display (e.g., splash screen or banner text) of the Author’sattribution information, which includes:(a) Name (”AUTHOR”),(b) Professional identification (”PROFESSIONAL IDENTIFICATION”), and(c) URL (”URL”).

Notice it says launched.  ie, notice of copyright NOT a UI banner on each screen.

	3.  Not a Burdensome Requirement.   Some individuals have expressedconcern that attribution requirements will result in products wherethe screens are filled with logos. Yet, by their nature, licenses withattribution will only permit the original licensor to include its logosince the license cannot be amended by sublicensors. Many open source

Are you saying that multiple UI attribution license can not be combined? 

If they can be combined the UI filled with badges could be VERY real if enough people use badgeware.  Certainly many of the badgeware applications would look different if the open source projects they used had the same requirement.  I counted 18 for Sugar; a testament to how good open source projects can benefit everyone.  How many OSI approve licenses does SocialText use?  If you send me the list of the projects SocialText used I’m happy to create a mockup of YOUR UI if we live in a badgeware world.  You can see what the commercial viability of your software would be if those that came before believe they deserved this same right.  Do you have an splash screen or an about page for every END USER of SocialText listing all the COPYRIGHT holders you’ve used?  Remember open source projects often have MULTIPLE Copyright holders that might have different attribution clauses.  Joe Jimmy from Jersey and Susy Soody from Sarasota could probably have their picture included.

If they can not be combined (can you explain what you mean if I’ve misunderstood) then that seems to be in conflict with OSD; and VERY much against the open source effect.  Open Source strives to make it easy for people to reuse code; increases quality and decreases duplicate work.  Not being able to combine two licenses that are both OSI approved would be, well, very odd.

	4.  Applications.  The needs of “application” open source softwareare different from the more traditional “operating system” open sourcesoftware. Application software is frequently distributed by thirdparties with other products without any notice to end users; this

I would venture to say that infrastructure OS is more commonly distributed then applications. 

By different are you really saying better?  Somehow because you are writing code that is geared more towards end users it is worth MORE protection and recognition then everyone else?  For instance, the ~7500 lines of code that make “grep” that are used ubiquitously and with great utility; it receives no such place on the UI screen for a web application that is a few simple lines of perl code.  In all the code that comes together to display a web page or processing a record or do any number of application things why is the 5% these application companies (some php code) special?  Each took $$ and time to make, but somehow an application is special? 

I don’t understand… Please do share why widely distributed  code built using real developers and real costs ($$) are worth less than what application companies are writing. 

possible under open source licenses without attribution. For example,the incorporation of application programs anonymously intodistributions by large companies could destroy the market for opensource application software.

Again: consider using a copyleft license if you want to prevent this.  This force you claim can destroy the market can be mitigated by a license which makes it difficult, if not impossible to embed.  Why does GPL not meet this need?

	5.  Part of a Larger Problem.  Some individuals have expressedconcern that the attribution licenses are not approved by OSI. Yet,many other modifications of open source licenses have not beenapproved by OSI, such as FOSS and Affero. OSI should address theentire problem or can be accused of selective enforcement.

Preaching to the choir here.  The OSI reviews license.  They won’t review license that aren’t submitted by original authors.  SO… There’s no selective enforcement.  It’s a community thing.  People like me applying pressure to companies claiming to be open source but have not passed the de facto vetting to the definition of open source. 

	6.  Community Acceptance.  These licenses are used by Socialtext,Zimbra, Alfresco,  Qlusters and SugarCRM. Yet their communities havenot expressed objections to this requirement. Many of these companiesare building business models which include distribution by thirdparties so the distributors do not have a problem with this approach.

Hey, Shareware with no expiration date is “beer” software.  I’m not sure you’d hear people complaining about receiving free to use software.  Oracle gives away a version of it’s database; the Oracle community isn’t complaining about that.  Calling it open source, and the connotation that it has freedoms in USE is different.  Microsoft Communities will sing the laurels of their benefactor.  Doesn’t mean it’s accepted by an open source community because people like the software you let them run for free. 

Are any of these downstream distributors able to legally use your trademarks in the distribution without some understanding or agreement from you?  All is fine and dandy when blessed by parties with a business arrangement.  Can a competitor use your code and trademark legally you have no recourse to stop them?

	7.  Consistent with Creative Commons. Creative Commons includes“attribution” as one of the key decisions that need to be addressed inusing their licenses.

Creative Commons is applied in proper places.  ie, a note in a post etc.  If I quote from a creative commons piece I have to make a note of it somewhere.  I don’t have to place their logo on my entire website.

	8.  Not BSD Advertising Requirement. An attribution requirement isnot similar to the “advertising” requirement. It does not impose“vague” requirements to mention the Berkeley Software Distribution inundefined “advertising”. On the contrary, it is very specific and easyto understand and comply with.

Well, I think the original Exhibit B is actually MORE specific than the proposed Attribution Provision.  As onerous as it may be, it at least spells out the pixel size so it’s CLEAR the impact that each combined license will have.  This requirement leaves it up to the original author how onerous the provision is (pixel size, watermarks, etc).

I’d like to suggest an alternative attribution provision that provides the same “attribution to the user” but is much less onerous.  I’m no attorney so I’m perfectly willing to let it be wordsmithed by anyone on this list.  I disagree with it, but suggest it as a useful compromise and for discussion.  I’m a strong critic of UI attribution and something like the following would remove most of my objections (not that my objections are any more or less valuable than anyone elses):

Generic Attribution Provision

Redistributions of the original code in binary form or source code form, must ensure that each time the resulting executable program, a display of items (a),(b),(c) released by the original licensor on a splash screen or about page of the original licensor’s attribution information if such a splash screen or about page is present in redistribution, which includes:

(a) Company Name

(b) Logo (if any) and

(c) URL

Original Licensor grants limited use of Trademark and Logo as necessary to fulfill obligations of this provision.

Note: the “diffs” are clearer in HTML on my blog should anyone wish to review it there.

http://www.nicholasgoodman.com/bt/blog/2006/11/27/compromise-attribution-rider-on-any-osi-license/

Kind Regards,

Nick

My good friend, Matt Casters, posted his results from what we believe to be the first 100 Million Rows of data processed by an ETL tool in the new cloud computing paradigm.  Matt Casters ran a simple 100 Million rows through Kettle on Amazon EC2.

I should really do a write up or review of EC2.  I’m LOVIN’ it and others I’ve introduced to it are LOVIN’ it too!  I just need some spare time (ha ha ha) to write it up.

We’ve just released a beta cut of the Software Quality Solution for Jira.  This project, sponsored by Pentaho is a complete BI solution that reports on Jira issue data that runs on top of Pentaho.

Software Quality Reports for Jira is an analytic application; it provides classic slicing and dicing of issue data, along with helpful trend lines, custom reports, etc.  Jira does a GREAT job at operational reporting (what is assigned to me) but isn’t setup to do adhoc, complex, time series and historical reporting.  Things such as bug burndown, average days to close by product and priority, trend lines on bug balances, etc.

Here are some graphs that come “out” of the solution using the web based end user tool:

NOTE: These are reports built from the Jira installation Pentaho uses to track issues for our products, http://jira.pentaho.org:8080 a couple of days back.

This beta release is the first public release of the solution.  We’ve had a customer using the solution, and we’ve been using it against our Jira data now for several months.  In fact, we actually wrote the Jira build PRIOR to the Bugzilla build.

At this point, the primary goal is to collect feedback and set direction to make it more useful.

• What do you think?  Is it useful?
• Is it worth the additional installation (Pentaho server) for reporting above and beyond reports in Jira?
• What do you want to see next?  Dashboards, more reports, additional attributes on the Person dimension, etc?

Feedback here is fine, or email through to me ngoodman __ pentaho  — ORG.

Hope you find it useful!

I’ve just reviewed Ross Mayfields proposal for an attribution provision that can be added to any other OSI approved license and still remain OSI approved.

First off, I’d like to say that I think the spirit is right here.  Instead of approving specific attribution clauses in each of the licenses, come up with one that can be added to any license.  This DOES help with proliferation!  Well done!

However, the specific text is still too broad to limit a world where this is possible.

I’m one of the strongest critics of these licenses (I don’t really matter either).  I’m a peon who has little to benefit if these particular companies succeed or fail.  I do have a vested interest in the success of revenue generating Open Source (ie, companies that generate real $$ from OPEN SOURCE projects).

I’d think that if you limited the attribution clause to an appropriate statement to allow for headless/GUI-less uses and “reasonable attribution”

Generic Attribution Provision

Redistributions of the original code in binary form or source code form, must ensure that each time the resulting executable program, a display of items (a),(b),(c) same size as found in the original code released by the original licensor on a (e.g., splash screen or about page or banner text) of the original licensor’s attribution information if such a splash screen or about page is present in redistribution, which includes:

(a) Company Name
(b) Logo (if any) and
(c) URL

Original Licensor grants limited use of Trademark and Logo as necessary to fulfill obligations of this provision.

I think this is reasonable and in line with previous OSI approvals (ie, documentation, source code, executable startup, about box).  The trademark grant is necessary to ensure that there can’t be a royalty tied to use of the software (clearly in violation of OSD) but only so much as to comply with this provision.  Ie, if you HAVE to put their trademarked company name/logo on your about page they can’t come after YOU and required you to pay for use fo that mark or to stop using it.

Is this attribution, clearly identifying the original work fo the company and community sufficient?  This is pretty common practice in creative commons as well.  ie, Creative commons says you have to ATTRIBUTE, not that you have to attribute in EVERY PAGE of your magazine and blog.   You just have to acknowledge somewhere.  I still think this isn’t very “open source - eee” but it’d be something would remove most of my objections.

Over the past few of weeks, the debate on badgeware has percolated to a real public debate on if they meet the OSD. 

• Matt Asay asserts that forced UI attribution license (aka badgeware) are open source on his blog.
• Ajeen Narayan wants to know if APL is actually open source.  Asks OSI to comment.
• I submit WPL to OSI for approval to get a determination if Exhibit B is congruent with OSD.
• I blog about the ramifications of a world where forced UI attribution (Exhibit B) is kosher.
• David Berlind blogs at ZDNet Are SugarCRM, Socialtext, Zimbra, Scalix and others abusing the term “open source?”
  GOOD ARTICLE!  Covers the business rationale but clearly identifies the issues.
• John Roberts (from SugarCRM) who was the first to use badgeware responds to the article here.
• Danese Cooper (OSI Board member) blogs about the board is about to consider Attribution Licenses.
• Ross Mayfield of SocialText blogs about his proposed “attribution” rider to any OSI approved license.

Great!  Finally… A real debate on whether or not “badgeware” is open source!
PS - I just picked up the term badgeware.  I like that better than my slightly one side “forced UI attribution.”

I hadn’t had a chance to post yet, but Mark made mention of it on his blog so I figure it’s about time to post about it.

OMB is the TCL based scripting language that comes with Oracle Warehouse Builder that allows you to do OWB “things” programatically (ie, without the GUI).  It is very useful for doing ETL generation, mass updates, deploying mappings, etc.  Basically, anything that you are doing repetitively is a good candidate for making into an OMB script.  OMB is a cure for “tennis elbow” from clicking hours on end in the OWB GUI.

I’ve released a handful of OMB scripts that I used on consulting gigs, presentations, articles, etc.  There is nothing spectacular here, but hey, they’re not doing me any good!  If just one or two people find them useful it was worth the time to slap the Apache 2.0 license and upload them to http://sourceforge.net.

The release (initial and only unless someone else out there wishes to take on the management/augementation) includes scripts to:

a) Generate base SOURCE to STAGING Truncate/Staging mappings and tables.
b) Generate base STAGING to WAREHOUSE Insert/Update mappings, tables, and sequences.
c) Install repository and the standard CIF targets (Staging, Warehouse, AreaMart).

Let me know what you think and I do hope someone, somewhere finds it useful!
PS - I haven’t used OWB for nearly 9 months.  For something I used day in day out for YEARS that’s a long time to have not even touched it!

Startups are interesting: Some days you love your job, other days you want to throw yourself out the window.  Yesterday I hated my job, for a variety of reasons.  One of the things that cheers me up when I’m in the midst of some tough stuff is looking at the big picture.

To date, Pentaho has built more than 313,981 lines of open source code.  It’s an estimated 81 person years.  At 55,000 USD / year for a developer that roughly equates to about 4,400,000 USD of “code” built and released under a business friendly, OSI approved, open source license (MPL).

WOW!

We put the vast majority of our stuff into the open source project (more than 80%); it’s a complete product in and of itself and that’s something I personally am proud of.  I’ve added the “OHLOH” badge for Pentaho to the upper right hand corner so there’s a ticker on this page to keep track of the breadth, size, and investment in the open source edition of Pentaho:

Incidentally, the metrics are calculated by a very cool upstart ohloh.  They slurp data from source control systems and display cool metrics about projects, like ours.  Check them out!

UPDATE: I’ve submitted the WPL to OSI for approval. It’s a proxy for the Exhibit B licenses used by the companies listed below. We’ll find out soon enough if the OSI believes Exhibit B meets OSD.
UPDATE: OSI has refused to approve the WPL; not because it has actually been vetted to OSD but because the OSI does not want to consider a license from anyone except the original license author. That means, like now, the FOSS community won’t know if Exhibit B companies are actually releasing open source.
UPDATE: Someone told me that Mulesource is also using this. Added them to the list below.
UPDATE: It’s like a bad dream. Dimdim doesn’t care about “Open Source” either. Added them to the list below.
First of all, and no tongue in cheek, I’d like to attribute this as a follow on and continuation of the debate on attribution licenses started on “AC/OS.” In that spirit, I hope this is a “distribution” of that debate, and not a “fork.”

Second, I have nothing but respect for the principals at the companies that are using Exhibit B. I take issue with the substance of their license; nothing more. From my use/evaluation/understanding their products are excellent. I have a sincere desire for them to be successful, just believe they need to do it adhering to the same principles adhered to by the majority of the open source community.

It’s a clause appended to the Mozilla Public license by some open source startups (listed below). In this blog we’ll consider a fictituous version of this license from “WhizbangAppCompany.”

It’s the second clause of a two clause addition to the Mozilla Public License that basically states:
a) You must include on each UI screen a tagline or logo reading “Powered by WHIZBANGAPPCOMPANY.”
b) You have no right to use the trademark WHIZBANGAPPCOMPANY even if it’s included in the UI.

Here’s the Exhibit B text from our WPL (this is just a copy and replace on actual Exhibit Bs).

I’ve copied and pasted one here for reference:

WhizbangAppCompany Public License 1.0 - Exhibit B

Additional Terms applicable to the WhizbangAppCompany Public License.

I. Effect.

These additional terms described in this WhizbangAppCompany Public License – Additional Terms shall apply to the Covered Code under this License.

II. WhizbangAppCompany and logo.

This License does not grant any rights to use the trademarks “WhizbangAppCompany” and the “WhizbangAppCompany” logos even if such marks are included in the Original Code or Modifications.

However, in addition to the other notice obligations, all copies of the Covered Code in Executable and Source Code form distributed must, as a form of attribution of the original author, include on each user interface screen (i) the ” WhizbangAppCompany Community” logo, (ii) the vendor disclaimer “Supplied free of charge with no support, no certification, no maintenance, no warranty and no indemnity by WhizbangAppCompany or its certified partners. Click here for support. And certified Versions” and (iii) the copyright notice in the same form as the latest version of the Covered Code distributed by WhizbangAppCompany at the time of distribution of such copy. In addition, the “WhizbangAppCompany Community” logo and vendor disclaimer must be visible to all users and be located at the very bottom left of each user interface screen. Notwithstanding the above, the dimensions of the ” WhizbangAppCompany Community “ logo must be at least 176 x 26 pixels. When users click on the “WhizbangAppCompany Community ” logo it must direct them back to http://www.whizbangappcompany.com. When users click on the vendor disclaimer it must direct them to http://www.whizbangappcompany.com In addition, the copyright notice must remain visible to all users at all times at the bottom of the user interface screen. When users click on the copyright notice, it must direct them back to http://www.whizbangappcompany.com.

There’s a lot of implications… Suffice to say it means A LOT because it’s the difference between meeting the definition of Open Source (OSI approved) and not meeting the defintion of Open Source (not OSI approved). The Exhibit B license is being evaluated currently but the determination of whether these companies are actually releasing open source code is in question.

A long term “litmus” test for user rights re: open source, is to not be bound to one company or organization. Open Source must be able to fork, even though it’s often undesirable.

I’ll reiterate a scenario I posted on a scenario with how this could turn out really bad for customers “thinking” they have the benefit of open source when they implement and purchase services:

2007 - WhizbangAppCompany (company and project) flourishes. Acquires 1000 customers on the premise of Open Source.
2007 - WhizbangAppCompany (company) bought by big mean company where products go to die.
2008 - WhizbangAppCompany users and customers are unhappy. Partners, users, developers, customers are relieved they are using “open source.”
2008 - Coalition of users, customers, and developers “fork” and a new company is formed “EmailRulez”
2008 - EmailRulez screwed, customers LOCKED IN. Can’t remove references to WhizbangAppCompany (can’t remove from UI), but are threatened by large big mean company for Trademark infringement for distributing a product with WhizbangAppCompany trademark.

Probably the primary reason this doesn’t meet the open source definition is that a royalty or other fee (trademark) can be enforced by anyone who uses, or distributes this product. Would these companies actually do this? Probably not, but they CAN. Exhibit B was conceived (in part) to prevent a fork; damned if you do (break license to remove trademarks), damned if you don’t (use a Trademark you don’t have a license for).

Only an attorney could put those two terms (can’t remove trademark, and you can’t use trademark) next to each other and take them seriously. No offense to attorneys who would recognize these two opposing stipulations and ring the “common sense” bell.

Exhibit B is MORE VIRAL than GPL. This has profound implications. Take for instance, a scenario, again, outlined on the original blog:

WhizbangAppCompany code is used as an integration/data transport engine in another open source project that does data profiling (data quality). WhizbangAppCompany consists of approximately 5% of the code of that project. According to the LICENSE it matters NOT anything about intentions (which are tough to put into a license anyway; consider long debate on derivative work). This project now has to SLAP WhizbangAppCompany on every UI on every screen. Now this data quality project must use WhizbangAppCompany trademark and has no use to the trademark.

Consider the implications: No matter what proportion of code you use, whether or not you even USE the projects UI code (perhaps you used one of their libraries), you are now OBLIGED to place their “Powered by WhizbangAppCompany” on every UI screen in your application. You may not have to release your source (GPL) but now every product/project/mashup/integration/etc must have on EACH UI SCREEN the attribution.

Right or wrong, this doesn’t even close the ASP Loophole.
The ASP loophole has long been discussed; smart web 2.0 and web companies use open source and benefit immensely, but don’t trigger GPL and force them to contribute back. Ok, fine. It’s ramifications are, I believe still being determined as part of GPLv3 (fact check, can someone add clarity to this?).

Developers have long opined about how they want the Googles and Yahoos and Web 2.0 companies using and modifying their code to contribute that code back. Exhibit B forces those companies to place a trademark on their screen but STILL DOESN’T FORCE THEM TO RELEASE THE CODE. These companies are taking a dig at ASPs to get the code but don’t actually “write something” to get the code; just money for trademark licensing.

Customers don’t have freedoms to make the code their own. In a good old fashioned, behind the firewall, building an intranet, and mashing up 5 open source projects to build an internal “Asset Tracking System” or a “Conference Room Scheduling” system.

Again, a scenario outlined on the original blog:

Joe just implemented the “community” version of WhizbangAppCompany. His managers invested 6 months of his time to build out this project, and he’s ready to go roll it into the corporate intranet. The corporate intranet, which this product will be embedded has it’s own UI. Joe has to remove the trademarks to “deploy” his application but…. Joe can’t deploy to his portal/intranet without getting code under a commercial license.

Exhibit B doesn’t “trigger” on some sort of distribution clause; it’s ALWAYS there. Is everyone listening? Customers: end using, not making any money off selling any services/products, good ole fashioned support yourself community customers, are violating the license if they do not place the Attribution on EACH UI screen in their application.

The pragmatist in me knows these companies wouldn’t enforce this; communities are their lifeblood. I’m just saying that according to the LICENSE, if Joe doesn’t put Powered by WhizbangAppCompany on every UI screen on his portal application he’s violated the LICENSE.

Common enterprise intranets, portals, and applications are aggregations of several 10s if not 100s of open source projects. XML Parsers, security implementations, regex libraries, jsp libraries, etc etc. It’s part of how we work; do something defined, do it well, and place nicely with others. Where would open source be if all these companies and individuals believed they were special enough to get attribution on the UI? This is a little dramatic but it makes the point:

(speaking of attribution, this is a Web 2.0 logos image not FOSS logos done by stablio-boss. View more of his work here)

If all those that came *before* (apache, xerces, hibernate, jboss, etc etc) these companies believed they needed UI attribution OR if OSI allows this UI attribution this screen COULD ACTUALLY BE REQUIRED. What happens when you allow people to dictate the use of this so called “free software?” You lose some of that magic “freedom ingredient,” yes?

Calling it Mozilla causes a HUGE credibility gap. Learning the many open source licenses is tough; the reason we reuse licenses is so that we can quickly understand implications. There’s a big difference of projects selected (and companies with services supporting those projects) based on their license. GPL, Apache, BSD, LGPL, Mozilla. All known quantities, vetted by pundits, attorneys, industry. Claiming to be this, when you’re not is dressing a wolf in a lambs clothing.

Customers don’t know the actual bits arrive with Exhibit B when the advertisements at Sourceforge explictly say Mozilla Public License 1.1 (NOTE: there is an option for “Custom License” so it’s not because they couldn’t pick another license type they CHOSE To say they are Mozilla.).

Work within the open source framework instead of “protecting your IP” with a cleverly disguised license. Apache, Eclipse, IBM, HP, Redhat, Oracle, JBoss, Sun have much varied stakes in Open Source; they’ve found licenses that meet the definition of open source.

Remember the vision and value you sell to customers: it’s not about the software license, the bits. It’s about the value, innovation, and service that comes from it. Protect your brand, not your IP or code. Each of these companies is a clear leader in the space they’re building; embrace that. You can be the Redhat of whatever. Redhat does just fine, even with CentOS and WhiteBox and all the other variants.