At FOO Camp this weekend, I attended an impromptu gathering convened by Danese Cooper and Michael Tiemann, both of whom are board members of the Open Source Initiative. The topic was the recent attempts by some companies to pass off licenses that do not meet all the requirements of the Open Source Definition as so-called “open source” licenses. Michael first wrote about this here (his post was Slashdotted), and today he followed up with another post.

Three cheers for the OSI, for seeing that there is a real danger of the term “open source” being diluted into meaninglessness here, and doing something about it. And for those who are wondering what the big deal is, let me explain, starting with this clause from the Zimbra Public License (I don’t mean to pick on Zimbra; there are other companies doing the same thing, this was just the nearest example at hand):

However, in addition to the other notice obligations, (1) all copies of the Original Code in Executable and Source Code form must, as a form of attribution of the original author, include on each user interface screen (i) the original Zimbra logo, and once for each user session (ii) the copyright notice as it appears in the Original Code; and (2) all derivative works and copies of derivative works of the Covered Code in Executable and Source Code form must include on each user interface screen (i) the “Zimbra Powered” logo,, and once for each user session (ii) the copyright notice from the version of the Covered Code from which the copy or the derivative work was made. In addition, the original Zimbra logo or the “Zimbra Powered” logo, as appropriate, must be visible to all users, must appear in each user interface screen, and must be in the same position as and at least as large as the Zimbra logo is within the Original Code. When users click on the original Zimbra logo it must direct them to, and when users click on the “Zimbra Powered” logo it must direct them to This obligation shall also apply to any copies or derivative works which are distributed under the alternative terms of Section 3.6 and this obligation must be included in any such license.

That clause makes the license not open source. If you don’t have the right to modify the code in such a way as to not display the logo, then you don’t have true freedom to fork. Perhaps the OSI could have written clause 3 of the Open Source Definition a bit more strongly, to make this utterly clear. Right now it says:

3. Derived Works

The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.

I wish it also said “The license may not restrict the functionality or behavior of derived works.” Then its meaning would be undeniable. But really, the meaning is already undeniable to anyone familiar with the traditions of open source: it means you must have the complete freedom to modify the source code, and to redistribute the modified version. If you don’t have that, you don’t have the freedom to fork, and you don’t have open source.

Anyway, the above in combination with clauses 5 and 6 below should put any doubt to rest:

5. No Discrimination Against Persons or Groups

The license must not discriminate against any person or group of persons.

6. No Discrimination Against Fields of Endeavor

The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

The Zimbra license discriminates against Zimbra’s competitors, because it forces them to do advertising for Zimbra while not forcing Zimbra to advertise for anyone else. In the Zimbra license, Zimbra Inc. is a special party, treated differently from others.


10. License Must Be Technology-Neutral

No provision of the license may be predicated on any individual technology or style of interface.

The incompatibility between that and the Zimbra license is pretty glaring, no further comment needed.

The reason this matters is that open source, as a development methodology and as a culture, depends utterly on the freedom to fork. You can’t have open source practices without open source freedoms: the practices depend on the freedoms.

For example, take the issue of governance in an open source project. Many projects use the benevolent dictator model, in which one designated person gets to make the final call in controversial decisions. “Designated by whom?” the skeptic might ask. The surprising answer is “It doesn’t matter — because if anyone disagrees strongly enough, they can copy the project and take it in another direction.” In other words, benevolent dictatorship isn’t really dictatorship, because it depends completely on the consent of the governed.

Now try to imagine how this scenario would play out in the Zimbra development community. Zimbra (the company) starts out as the benevolent dictator, but eventually there’s some major disagreement between the company and an external developer, a disgreement in which the solution Zimbra decides on simply isn’t bearable to the external developer. (Perhaps it’s a disagreement about the size and placement of the logo on interface screens, cough cough.)

So can that external developer fork? Can she simply walk away, taking a copy of the code with her and striking out anew, in the traditional open source way?

Realistically, no. She can only do a restricted, crippled fork. She’ll never be able to get that Zimbra logo off her interface screens, because the license of the software she forked prevents her from doing so. This is discriminatory, and is an artificial restraint on any fork’s ability to attract its own developers. It’s hard for a fork to compete on its own merits if it must constantly refer back to the place from which it forked. It’s like being forced to wear a sign that says “Don’t take me too seriously, the real stuff is over at Zimbra, Inc.”

Now walk back the cat: since there can be no credible threat of a fork in the Zimbra development community, there is no pressure on Zimbra, Inc. to be a good benevolent dictator. Maybe they will be good stewards of the software anyway, or maybe they won’t, but the point is that the open source method depends on that pressure — the threat of a fork is an integral and necessary part of true open source development. Zimbra has eliminated that threat, and therefore is not doing open source. (And this is not just about the benevolent dictatorship model; it would be equally true with any other system of governance. In all open source projects, no matter how decisions are made, the threat of a fork is the ultimate guarantor of every developer’s right to empowered disagreement.)

Note that the OSI’s objection is not to the Zimbra license per se. The objection is just to Zimbra’s calling that license “open source”. They can use any license they want, but they shouldn’t call it open source unless it actually is. Freedom is freedom, and no amount of spin will change that.

So what should we do about this?

The term “open source” isn’t trademarked. Years ago, the OSI tried to register it, but it was apparently too generic. There may still be some legal angle available — perhaps false advertising, based on the generally-understood meaning of “open source”. I don’t know, I am not a lawyer, and the OSI has its own lawyers to advise it on legal strategies.

But there is public opinion. What Danese and Michael are proposing doing is organizing a lot of open source developers (and I mean “open source” according to the traditional definition, the one the OSI and I and most other open source developers I know adhere to) to stand up and, basically, say “All of us agree on what the definition of ‘open source’ is, and we reject as non-open source any license that does not comply with the letter and spirit of the Open Source Definition.” Their hope is that the threat of widespread bad publicity from the developer community may be enough of an incentive to get these companies to either stop calling their licenses open source, or change the licenses to actually be open source. I think this could actually work. Getting the open source blogosphere angry at you is bad for business and worse for recruiting; even just on business grounds it might be enough to persuade the companies to change their tactics.

Sign me up.

Blue Cross Blue Shield Horizon of New Jersey has contributed an interesting new proposal to the national health care debate: Embarrassment-Based Care™.

A few weeks ago, my friend Biella posted an account on her blog of how BCBS Horizon of New Jersey (hereinafter “BCBS”) was denying a claim of hers on the basis that it was a pre-existing condition. She was staying with me at the time, and we talked about the so-called condition in detail then. Now, I’m just a simple caveman, not a health care lawyer, but BCBS’s rejection sure sounded bogus to me, as it did to Biella. (There’s an appeals process by which such disagreements can be settled, and if the parties fail to reach agreement then the case can eventually wind up in court, a prospect Biella was prepared for, though dreading.) Her interactions with BCBS had been pretty bad up till the point of that first blog post: not only were they continuing to reject her claim, they were doing so in an especially opaque and inconvenient manner — you know, shunting her from one service rep to another, demanding new documentation apparently just for the sake of stalling, that sort of thing. She later called it “some of the worst customer service I have ever received”.

Well, within two hours of making that first blog post, she got a call from the Director of Public Relations for Blue Cross Blue Shield of NJ. He “came across her blog posting” and wanted to see what he could do to assist. This is all described in her second blog post.

Doesn’t it seem a little odd that the Director of Public Relations would get involved in what is essentially a medical determination? I mean, if BCBS really, sincerely believes Biella’s condition was pre-existing under the applicable definition of the term, there’s nothing the PR department could do to change that. On the other hand, if it’s not clearly pre-existing — that is to say, if BCBS has been exercising their discretion all along in a hard-to-call edge case — then you’d think it would make much more sense for them to just change their decision and pay out the claim, without ever telling Biella why, and certainly without the PR Director calling her. Finally, if BCBS itself doesn’t even believe the condition was pre-existing, then naturally they should have paid the claim in the first place and never put her through this.

So I’m not sure where in all this it makes sense for the PR department to get involved… except, of course, that from BCBS’s point of view, her original blog post was a potential embarrassment, and protecting the company from embarrassment is part of PR’s job.

Maybe they ought to consider the possibility that protecting the company from embarrassment is also the claims department’s job… I’m just sayin’.

I’m a big fan of Google’s Summer of Code program — it’s brought a lot of new developers to the Subversion project, and this also seems to be true for many other open source projects.

Summer of Code encourages college students to participate in open source projects over the summer, by funding both the student (for the time spent coding and learning open source processes) and the project (for time spent mentoring). The students earn enough for it to be their main summer job, but they also often stay involved in their projects after the summer is over, which is a sure sign that the program is working. In some cases, a Summer of Code project has led directly to a full-time job offer for a graduating student, too.

This year, Google decided to send every student a signed copy of my book, Producing Open Source Software. Now, the team that runs Summer of Code is the same team I worked in when I was at Google: the Open Source Program Office. But I’m sure they chose the book on its merits, and that there’s no favoritism going on here (so stop muttering under your breath like that, please. No, really, I can still hear you… there, that’s better, thanks.)

Thus it came to pass that a couple of days this spring, I drove down to the Google offices in Mountain View, visited with my old teammates for a while, then went to a cubicle and signed books. Nearly a thousand of them — it took a lot longer than I expected, and my wrist hurt, but on the other hand it was interesting to have a way to physically feel how big the Summer of Code program is. Next time I ask a computer database to iterate over a thousand entries, I’ll do so with some sympathy.

If you received a book, here’s your evidence that the signature is real:

Signing copies of “Producing Open Source Software” at Google.

(Notice the pad of paper under the elbow of the signing hand. I’ll bet real authors travel with a special cushion, but that, uh, hasn’t been necessary so far in my case.)

About halfway through the second session, I took a break. The books stacked neatly on the floor in front of the cubicle are done, the ones on the desk are still unsigned:

More copies of “Producing Open Source Software” than I have ever seen before.

Someone asked me if I signed every book exactly the same way. The answer is yes, except for one: there’s an Easter Egg book with a special message. If you got it, you’ll know it.

No doubt this was just an accidental slip by a photo caption editor on autopilot, but still it’s disheartening to see the New York Times broadcast Administration talking points so unthinkingly.

This photograph on page A9 of yesterday’s New York Times shows a lone demonstrator (apparently one who supports the Administration’s policies) standing across from a group of anti-war demonstrators on the opposite street corner:

Photo and caption from top left of page A9, Monday, 28 May 2007 New York Times

The caption reads:

“Jeff Broderick, foreground, standing alone last week in support of United States troops as demonstrators for peace occupy an opposite corner.”

So if he supports the troops, I guess that must mean the people on the other side of the street uh… don’t support the troops? Right.

Please. NYT, you can do better :-).

To be fair, one could also say — by a bit more of a stretch — that the second half of the caption buys into the anti-Iraq-war message machine, when it claims that the demonstrators on the opposite corner are “for peace”. After all, a supporter of the invasion might argue that the invasion and occupation are the route to peace, and that opposing the war now will not lead to peace. I don’t agree with that reasoning, but in any case the caption needn’t have gotten into the debate at all. It could have said:

“Jeff Broderick, foreground, standing alone last week in support of administration policy in Iraq, as demonstrators against occupy the opposite corner.”

That would have been both more precise and less controversial.

Microsoft recently claimed that open source code (in particular the Linux kernel) violates 235 of Microsoft’s patents. It’s not clear they actually intend to sue anyone for infringement, it may instead be some kind of bizarre publicity ploy. But there’s a great quote from Microsoft’s licensing chief, Horacio Gutierrez:

This is not a case of some accidental, unknowing infringement… There is an overwhelming number of patents being infringed.”

Get the implication? There are so many patents being infringed here, those open source developers couldn’t possibly have done it by accident! It’s just too many!

Which is the opposite of the truth. It’s far more likely that, if there are any infringements, they’re all accidental. Independent reinvention is the norm in software, especially given that the Patent Office frequently grants software patents for techniques which are either obvious or for which there is prior art available. (The Patent Office doesn’t do this intentionally, it’s just that it’s hard for a patent examiner to be skilled enough in all the varieties of programming to know what’s obvious in a given subfield, and also hard to find the right examples of prior art when there’s such an ocean of code out there to wade through.)

Assuming Gutierrez meant his statement sincerely, it reveals a lack of knowledge hard to believe in a high executive at a software company. Can he really be ignorant of the most basic realities of software development? I mean, it’s not like programmers sit around reading patents all day; in fact most programmers go out of their way to avoid looking at patents. Thus, infringements are almost always accidental. At the very least, a tally of 235 (alleged) violations would in no way imply that a single one of those violations were deliberate.

In fact, there may be far fewer violations than that, possibly even zero. For one thing, Microsoft has so far refused to name the specific patents or the infringing code, so the whole charge is FUD for now. For another, even if they do name a specific patent, and it matches (“reads on”, in patent jargon) the program code in question, the patent may still be re-examined in response to a challenge, or invalidated in court.

Anyway, my point isn’t about the degree of danger to free software (though fortunately that appears to be small). It’s about the fact that a Microsoft executive would assert, apparently with a straight face, that some of the infringements must be intentional simply because 235 patents are alleged to be violated. That is laughable.

(By the way, I found Gutierrez’s quote here, but you can probably find it many other places too, just do search://microsoft linux patent gutierrez/.)

I’ve written elsewhere about how software patents harm software development. This article is about how there’s very little corresponding benefit to justify that harm.

Ostensibly, our patent system is supposed to stimulate innovation and progress, by granting those who come up with a genuinely new and useful invention a temporary monopoly on that invention, as long as the inventor describes it by publishing a description in the government’s public registry of patents. (Already we’re on shaky ground, because this isn’t actually how the modern patent system came to be, but let’s leave aside the history for a moment — interesting and unexpected as it may be — and concentrate just on the present-day realities of software patents.)

The first sign that there’s something wrong with software patents is that (as any patent attorney working in software can tell you) they are overwhelmingly collected as a defense against incoming patent infringment suits. Most companies don’t intend to collect royalties on their software patents, they just keep the patents around in case some other company decides to bring a patent infringement suit, at which point the target of the suit goes digging in their patent portfolio and comes out with some patents that the plaintiff is probably violating — at which point the two sides sit down, work out a cross-licensing deal whereby each gets the rights to the others’ patents, and neither has to worry about it again. It’s a classic arms race situation: in a world where everyone is armed to the teeth, everyone must be armed to the teeth. Except, of course, that small players can’t afford the overhead of filing patents and keeping patent attorneys on staff, and are therefore vulnerable to infringement suits that they cannot defend against, regardless of the suits’ merits.

Another sign the system is broken is that filing software patents is almost always a byproduct of normal software development work, rather than the intended goal of research projects. In other words, programmers are solving problems in new and useful ways just in the normal course of their work. Typically, their employers instruct them to say if they’ve done anything that might be patentable, so the company can file for the patent. (I’ve received such instructions myself, as have most programmers I know.) So the innovation precedes the intent to patent, and would have happened anyway without the patent, since it was needed to do whatever the programmer was trying to do in the first place.

“Ah”, some would say, “but that’s missing the point. The patent still does society some good, because it forces the programmers to publicly describe their solution, so we can all benefit from it. Without the requirement to publish, the secret trick would remain hidden in their private source code, where others cannot learn from it.”

That argument would make sense if programmers ever used the patent office as a research aid, but in fact, they don’t. I’ve never heard of a programmer turning to filed patents to get help solving a technical problem. (I once made this assertion in the company of another programmer, who said he had heard of someone doing this, but when pressed, he thought about it more and realized the person was actually just examining patents for competitive analysis: he was trying to get news on what his competition was up to, not looking for information on solving technical problems.)

Even if filed patents did contain interesting technical information, which for the most part they don’t, they’d still be a pretty cumbersome way to find out that information, because patents are written in a special language designed for making claims that are defendable in court, not for communicating technical details clearly. Companies naturally want their claims to be as broad as possible, while still being defensible. But these goals are orthogonal to, and often opposed to, the simplification and reduction that are the heart of technical clarity. Learning a programming technique by reading a patent would be like learning to cook by reading municipal health inspection regulations: boring, painful, and in all likelihood unsuccessful.

But as I said, programmers rarely read software patents to learn from them anyway. The vast majority of the time, when they’re reading software patents, they’re doing it to determine whether they or someone else might be infringing. Don’t take my word for it — go ask a programmer about their actual experiences with software patents. You’ll find they’re either filing patents on work they were doing anyway, or spending time analyzing patents (solely to determine infringement, not to learn something new in their art), time they would almost certainly rather spend doing just about anything else.

Are you ready for the final irony?

Most programmers are instructed to consciously avoid looking at patents at all. This is because when you knowingly infringe on a patent, you are liable for triple damages as compared to accidental infringement. I don’t know what legislators came up with that doctrine, but what on earth were they thinking? We now have the paradox of a system whose supposed purpose is to spread knowledge, yet which those capable of using take pains to avoid, for fear of increased legal liability.

To summarize:

  • Software patents are mainly used as a defense against other software patents — a zero-sum arms race.
  • Filing software patents is generally a byproduct of work the programmers would do anyway, that is, the acquisition of the patent is not a motivating factor in the development of the new technique, it is merely a result.
  • Programmers do not use the patent office as a research tool, even though that was supposed to be part of the point.
  • Patents are written in a special style which is antagonistic to communicating software techniques clearly anyway.
  • Due to the triple-damages rule, programmers must consciously avoid looking at other software patents whenever possible.

I’m mostly leaving aside the issue of patent duration here. While it’s true that the length of time a software patent lasts is ridiculous (20 years from the earliest claimed filing date, in the U.S., for all patents, not just software), the term length is not in itself a philosophical objection. Although the harm of software patents would be greatly reduced if the term length were only, say, 3 years instead of 20, that would still do nothing to address the other concerns. No matter what the term length, we just don’t need software patents. If the purpose of patents is to stimulate innovation (a debatable goal in the first place), they are having the opposite effect in software: programmers are forced to avoid using the best tool for the job, for fear of infringing on a patent, and are forced to avoid building on each others’ work, for fear of triple damages. And even granting that innovation were a goal worth sacrificing freedom for, there would be no need to artificially stimulate innovation in software, because tremendous innovation already happens in the natural course of things.

How often do you find yourself writing an email in which you tell someone to do an Internet search? If you do it often enough, you’re probably familiar with the following cycle, the one that starts with you saying:

Just Google for “there will also be corn served”.

Then you realize it’s unclear whether or not you meant a phrase search — that is, whether the double quotes are part of the search string, or just there to separate the search words from the rest of your email. So you add:

Make sure to include the double quotes!

Then you remember that your friend works at Yahoo and always gets annoyed when people equate searching on the Internet with Google, as though there were no other search engines in the world. With a sigh, you go back and edit the text to be service-neutral, turning it into one sentence while you’re at it:

Type “there will also be corn served” into your favorite search engine, and make sure to include the double quotes.

Gosh, what a lot of work just to tell someone to search for a six-word phrase. And the recipient still has to manually cut and paste the phrase into a search engine, aiming the mouse carefully so as to catch the double quotes. There’s got to be an easier way!

Introducing search://

Most people, if they saw the following in an email, would know what to do:

search://"there will also be corn served"/

It means “Go to your preferred Internet search engine and enter the string of text between the second and third forward slash, exactly as written here.” It works for non-phrase searches too:

search://thumbnail image dimensions standard/

And for combinations of word- and phrase-searches

search://tommy's tequila "san francisco"/

Note that it’s not actually a URI, so it need not obey the URI syntax rules (which involve, among other things, special sequences to represent spaces and double quotes). You can just write the search string exactly as it would be entered in the search engine’s text box. The search:// syntax takes advantage of two convenient facts:

  • All the major search engines support the same basic search string syntax, e.g., using double quotes for phrase searches.
  • “/” isn’t normally used in search strings anyway (the search engines don’t track forward slashes, although they do remember that there’s a word boundary there), so we’re free to use “/” for the delimiters around the search string.

This syntax is both human-readable and machine-parseable. The former property is crucial, because you want people to know what you’re telling them to search for before they do the search. The latter property is also crucial, because it means software can automatically recognize a search description and Do The Right Thing when you click on it (namely, take you to whatever search engine you’ve configured as your preference, enter the search string into the input box, and submit the form). “Software” means web browsers, of course, but also mailreaders and all other text-reading environments.

I’ve already starting using this syntax in email messages, and in one case even on a poster. So far everyone seems to understand it right away; that is, no one has asked me what it means, and several people seem to have done the suggested searches. Once this syntax is widespread, I expect software support to emerge organically, as happened with email addresses, with http:// syntax, and many others. When something useful is machine-parseable, software is usually quickly adjusted to recognize it.

Confidential to J. Random Hacker:

You’re probably thinking “But this isn’t even compatible with URI generic syntax as defined in RFC 3986.” That is correct. It’s not a URI. In addition to the tolerance of double quotes (which can never appear unencoded in a URI), the spaces need to remain unencoded anyway, because the string has to be comprehensible to humans. It may seem counterintuitive to use a syntax so similar to URI syntax, but there are good reasons for doing so. Nothing else would have the immediate comprehensibility of search://, because many people are now accustomed to the general format foo://bar/, and will intuitively grok what this new syntax means. I spent a fair amount of time trying come up with something better, and couldn’t. If you can, let me know… But it’s probably already too late: I’ve set the meme loose, and no one can control it now. Mu-wa-ha-ha-ha-haaaaah.

Brief background for those who haven’t been following this particular bit of theater: The radio commentator Don Imus, while watching a college women’s basketball game, called one of the teams “nappy-headed hos”. This was going too far, even for a shock jock like Imus. Advertisers started pulling their ads, and eventually Imus’s employer cancelled his show entirely, despite his going around and apologizing to everyone in sight.

Now, I’m totally in favor of Don Imus getting fired. In fact, I’m in favor of him not having been hired in the first place — who needs talk shows like that anyway?

But I was bemused, and disturbed, to hear Imus on NPR quoted saying that while he regretted his comments, he’s not a racist, and if he’d really been guilty of racist hate speech, he ought to be thrown in jail. (I wish I had the exact quote here, but I was just listening to the radio in the kitchen and not taking notes. I tried to find a transcript on the Internet, but couldn’t, even at

It’s obvious what Imus was trying to convey. “I’m not one of the bad guys! I’m a good guy! I’m not really a racist! It was all for show! Racists are bad people who spew hateful speech and deserve jail; I’m not one of them.”

Still, how can someone whose entire career has been utterly dependent on freedom of speech — by which I mean, freedom from government-enforced penalties for speech — turn around and stab the principle in the back like that? Sure, people lose their jobs for speech all the time, and that’s fine. Freedom of speech doesn’t mean that there’s no such thing as bad, harmful speech: there certainly is such a thing, and there are times when it should cost you your job. (Universities are a special case, and the tenure system is in part a formal protection for controversial speech by academics.) But jail? Or other state-mandated penalties? Those should be completely off the table, because otherwise people wouldn’t feel free to disagree with the government.

Thanks for nothing, Don Imus. If you want to make it up to the rest of us, send a big check to the ACLU. They’ll still defend your right to free speech, even if you won’t.

The debate about lesbian/gay marriage has reached a stage of pure symbolism: many people are now comfortable with the idea of “civil union” laws, which grant all the privileges of marriage without calling it “marriage”. Some state governments have even passed such laws, and more will undoubtedly follow.

Understandably, not everyone is happy with this. It’s clearly a deliberate slap in the face for people who want to marry partners of the same sex — a slap that stings all the more because it is legitimized by democratically-elected legislatures. We’ll give you everything you want, except the right to call it marriage, because that’s sacred, you see. You will always be a second-class citizen, because we’ve passed a law that contains a clause whose only purpose is to make you feel second-class.

There’s a solution, though.

Let’s treat marriage as though it’s really sacred. Let’s get the government out of the marriage business entirely, and do only civil unions, leaving marriage for religious institutions. Effectively, that’s what we already do anyway. The secular, state-supported side of marriage is represented by the marriage license; the government doesn’t care about the religious details (if any) of the ceremony, even though that’s the part everyone thinks of as the “real” wedding.

So we’d all get civil unions, and those who want to also be married (and can find a priest willing to perform what is essentially a religious ceremony) are free to do so. If a lesbian couple wants to be married, that’s between them and their church. There’s no reason for the government to get involved in the matter, and no reason for a secular democracy to try to define the spiritual meaning of marriage, as opposed to its legal meaning.