ISSN 1746-8752 - depo.osn.ro
ISSN 1746-8752 - depo.osn.ro
ISSN 1746-8752 - depo.osn.ro
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<st<strong>ro</strong>ng>ISSN</st<strong>ro</strong>ng> <st<strong>ro</strong>ng>1746</st<strong>ro</strong>ng>-<st<strong>ro</strong>ng>8752</st<strong>ro</strong>ng><br />
9 77<st<strong>ro</strong>ng>1746</st<strong>ro</strong>ng> 875009<br />
0 9
Contents Issue 9, November/December 2005<br />
EDITORIAL<br />
Patents Kill 7<br />
POWER UP<br />
Interview with Patrick Luby 8<br />
by Tony Mobily<br />
Tony interviews Patrick Luby, the person behind OpenOffice<br />
for Macintosh<br />
USER SPACE<br />
I read the news today, oh boy 11<br />
by John Locke<br />
Reading RSS<br />
HACKER’S CODE<br />
Mozilla: a development platform under<br />
the hood of your b<strong>ro</strong>wser 16<br />
by Davide Carboni<br />
Should Java p<strong>ro</strong>grammers migrate to it?<br />
Code signing systems 24<br />
by Saqib Ali<br />
How to manage digital certificates, Software Publishing<br />
Certificates and private keys for code signing<br />
Int<strong>ro</strong>duction to Zope 27<br />
by Kirk Strauser<br />
Part 1: Python<br />
4 Free Software Magazine Issue 9, November/December 2005<br />
MIND SET<br />
How to get people to work for free 32<br />
by David Horton<br />
Attracting volunteers to your free software p<strong>ro</strong>ject<br />
Does free software make sense for<br />
your enterprise? 35<br />
by Tom Jackiewicz<br />
Finding free software at your office is like finding a<br />
Republican in San Francisco<br />
Free, open or p<strong>ro</strong>prietary? 40<br />
by Tom Chance<br />
Philosophical differences in software licensing<br />
The will to code 47<br />
by David M. Berry, Lee Evans<br />
Nietzsche and free software<br />
What is code? 52<br />
by David M. Berry, Jo Pawlik<br />
A conversation with Deleuze, Guattari and code<br />
Towards a free matter economy (Part<br />
3) 59<br />
by Terry Hancock<br />
Designing the Narya Bazaar
Patents Kill<br />
EDITORIAL<br />
O<br />
n the third of September 2005, I was diagnosed with cancer—testicular cancer. The pain started during a party (Dave<br />
Guard, our Senior Editor, was there as well). In just one night, I went th<strong>ro</strong>ugh a sudden and unexpected change: f<strong>ro</strong>m<br />
being a young healthy person, full of life, and enjoying hanging out with his friends, to the ER of Fremantle Hospital<br />
being told that I may have cancer and I needed to be operated on immediately.<br />
I am fine now. I’ve just been told that the tumour seems to have gone. On the 14 of November I will have the final answer which will<br />
determine whether I will need to go th<strong>ro</strong>ugh the ill-famed chemotherapy. In any case, my p<strong>ro</strong>gnosis is encouraging; I p<strong>ro</strong>mise you won’t<br />
get rid of your favourite Editor In Chief that easily!<br />
People say that cancer is a life changing disease, regardless of what its outcome is. I can confirm it, without a shadow of a doubt. Cancer<br />
changes you deeply, it makes you realise that we are here, in this world, only for a short ride—a ride that might stop any moment and<br />
without warning.<br />
For people with cancer, CT scans are a life-saver. They tell you if your lymph nodes are too big or if they are changing, and make<br />
accurate diagnosis possible. The same applies to the PET scanning technique, which p<strong>ro</strong>mises to be the new generation of full body<br />
scanning.<br />
At the moment, there is only one PET scanner in Western Australia (a rather rich state). The cost of such a machine is insane (I have no<br />
other word for it); at the hospital, they are already thinking about upgrading it because only three years after the purchase, it’s already<br />
obsolete.<br />
Apart f<strong>ro</strong>m injecting radioactive material in my body, a PET scan would confirm for sure whether the lymph node near my kidney (the<br />
big suspect in my case) has been attacked by the tumour, or if it’s just simply large.<br />
The p<strong>ro</strong>blem is that there are 20 people every day who need a PET scan, while the hospital can only complete 13 scans a day. The<br />
government is saying that they cannot afford another PET scanner, and I am not considered a high-risk patient. For the diagnosis, I will<br />
have to trust the good old tumour markers and CT scans.<br />
Why?<br />
Because software and medical patents make PET scanners ridiculously expensive (and also because Philip Davies, f<strong>ro</strong>m the Department<br />
of Health and Ageing in Australia, has decided that Australia needs to take its time (http://www.mja.com.au/public/<br />
issues/180 12 210604/dav10271 fm.html) before adopting PET scans. Fortunately though, there have been some interesting<br />
responses (http://www.mja.com.au/public/issues/181 09 011104/letters 011104-4.html) to his decision,<br />
which might speed up this p<strong>ro</strong>cess).<br />
First of all, I have to admit that my research wasn’t very tho<strong>ro</strong>ugh. In fact, I stopped researching half way th<strong>ro</strong>ugh, because I started to<br />
feel sick f<strong>ro</strong>m what I was finding out (and because right now, for me, avoiding stress is an absolute priority). Also, please beware that I<br />
am biased: I am very wary of medical patents, and I consider software patents to be a ridiculous idea. So, I find software patents applied<br />
to medical equipment particularly disturbing.<br />
Searching for “PET AND SCAN AND ALGORYTHM” f<strong>ro</strong>m the patents office in the US returns 869 (yes, eight hundred and sixty-nine)<br />
patents released. A skilled body imaging technician I interviewed confirmed that when a new imaging technique comes out, a new gold<br />
rush starts—where gold is represented by patents. He also confirmed that these new machines become affordable only after a few years<br />
(normally, a<strong>ro</strong>und seven), when the patents related to those machines start expiring. Apparently, the same thing happened with the MRI.<br />
In ten years, when the PET gold rush is over, PET scans will be as common as CT scans are today.<br />
To me, it’s absurd that governments allow pharmaceutical patents that last more than 7 years—especially if the same governments find<br />
themselves, because of those patents, in the position of not being able to afford the medical equipment used to keep their citizens healthy.<br />
It’s absurd that a scanning technique turns into a gold rush, rather than an attempt to help people with illnesses to imp<strong>ro</strong>ve their health.<br />
It’s absurd that one third of patents a<strong>ro</strong>und PET are on software-techniques which imp<strong>ro</strong>ve the representation of the information collected<br />
by the scanner.<br />
If the world made sense, the world’s governments wouldn’t allow medical patents which last more than two years, and would only allow<br />
pharmaceutical companies to charge very reasonable rates to other companies willing to use patented methods. They wouldn’t allow the<br />
enforcement of patents against third world countries (which is, incidentally, exactly what the United States government is allowing right<br />
now with their “Free” Trade Agreements, which are a nice way to rip off all those third world countries. They wouldn’t allow software<br />
patents, which often look like bad jokes (one click shopping, anyone?).<br />
Why not?<br />
Because patents—especially patents related to medical research—can kill. They turn legitimate life-saving research into another way to<br />
make a quick buck; they make this world—the only one we have—less liveable, especially for those people who aren’t lucky enough to<br />
be rich and healthy. I<strong>ro</strong>nically, patents were invented for the opposite goal: to guarantee that everybody could make use of everybody<br />
else’s inventions, paying a little share to the original inventor. Because software patents turn f<strong>ro</strong>m financially expensive jokes into a life<br />
threatening stranglehold, when they relate to medical equipment.<br />
If I sound too radical, imagine yourself (or a person you love) not having access to a vital technology because a pharmaceutical company<br />
director’s wife “needs” to go shopping in a more expensive four wheel drive, or “needs” to go on holiday in a bigger boat. It’s a disturbing<br />
thought, unfortunately it’s reality.<br />
We must say “no” to software patents, and (even more importantly) set definite limits to current patent systems; this is especially true<br />
for medical research, because in some cases patents can kill, and we, the smartest species on the planet, ought to know better.<br />
Copyright information<br />
c○ 2005 Tony Mobily<br />
Verbatim copying and distribution of this entire article is permitted in any medium without <strong>ro</strong>yalty p<strong>ro</strong>vided this notice is preserved.<br />
Tony Mobily is the Editor In Chief of Free Software Magazine (http://www.freesoftwaremagazine.com).<br />
Free Software Magazine Issue 9, November/December 2005<br />
Free Software Magazine is a magazine<br />
by The Open Company Partners Inc,<br />
90 Main St. Road Town, Tortola BVI<br />
EDITOR IN CHIEF<br />
Tony Mobily (t.mobily@)<br />
SENIOR EDITOR<br />
Dave Guard (d.guard@)<br />
SALES AND ADVERTISING<br />
Bridget Kulakauskas (b.kulakauskas@)<br />
Stephen Wetzel (s.wetzel@)<br />
LAYOUT AND COMPOSITION<br />
Gianluca Pignalberi (g.pignalberi@)<br />
GRAPHIC DESIGN<br />
Alan Sprecacenere (a.sprecacenere@)<br />
CONTRIBUTORS<br />
Saqib Ali, David M. Berry, Davide Carboni,<br />
Tom Chance, Lee Evans, Terry<br />
Hancock, David Horton, Tom Jackiewicz,<br />
John Locke, Tony Mobily, Jo<br />
Pawlik, Kirk Strauser.<br />
THIS PROJECT EXISTS THANKS TO<br />
Donald E. Knuth, Leslie Lamport,<br />
People at TEX Users G<strong>ro</strong>up TUG<br />
(http://www.tug.org)<br />
Every listed person is contactable<br />
by email. Please just add<br />
freesoftwaremagazine.com to the person’s<br />
username in parentheses.<br />
For copyright information about the contents<br />
of Free Software Magazine, please see the<br />
section “Copyright information” at the end<br />
of each article.
Interview with Patrick Luby<br />
Tony interviews Patrick Luby, the person behind OpenOffice for<br />
Macintosh<br />
Tony Mobily<br />
TM: Patrick, first of all: please tell us a little<br />
bit about yourself. What do you do? What’s<br />
your p<strong>ro</strong>gramming backg<strong>ro</strong>und?<br />
PL: I run my own software development consulting<br />
company called Planamesa Software. I have spent<br />
nearly a decade working as a software developer in a variety<br />
of commercial and open source p<strong>ro</strong>jects including OpenOffice.org<br />
and Apache Tomcat using the C, C ++ and Java p<strong>ro</strong>gramming<br />
languages on a variety of operating systems such<br />
as Linux, Mac OS X, Solaris and Windows.<br />
TM: When did you first decide to get involved with<br />
OpenOffice?<br />
PL: Back in 2000 and 2001, I worked at Sun in the OpenOffice.org<br />
g<strong>ro</strong>up. I was the lead engineer of a small team that<br />
was trying to port OOo to Mac OS X. Although we made<br />
significant p<strong>ro</strong>gress, Mac OS X was still in the developer<br />
preview stage so p<strong>ro</strong>gress was extremely slow and difficult.<br />
It wasn’t until late 2003 when I had been working in Sun’s<br />
J2EE g<strong>ro</strong>up that I began to have renewed interest in porting<br />
OOo to Mac OS X. By that time, Mac OS X was much<br />
more stable and Ed Peterlin and Dan Williams had successfully<br />
implemented a working version of OOo 1.0.x using<br />
X11.<br />
TM: At the beginning, the plan was to have NeoOffice/C<br />
and NeoOffice/J (with the interface written in C and in<br />
Java respectively). Now, NeoOffice/C seems to be dead.<br />
Can you clarify this for us?<br />
8 Free Software Magazine Issue 9, November/December 2005<br />
PL: Well, actually, at the beginning Ed Peterlin and<br />
Dan Williams were working on a Cocoa-based version of<br />
OpenOffice.org that had native Aqua widgets which they<br />
called NeoOffice. While Ed and Dan were able to put<br />
together some amazing code, they found that Cocoa and<br />
OpenOffice.org were just not meshing well and they were<br />
spending most of their type tracking down crashes in the<br />
Cocoa APIs.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
I have spent nearly a decade working as<br />
a software developer in a variety of<br />
commercial and open source p<strong>ro</strong>jects<br />
including OpenOffice.org and Apache<br />
Tomcat using the C, C ++ and Java<br />
p<strong>ro</strong>gramming languages on a variety of<br />
operating systems such as Linux, Mac<br />
OS X, Solaris and Windows<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
A<strong>ro</strong>und this time, I had been dabbling with using Java as<br />
a shorter path to getting a stable native version of OpenOffice.org.<br />
I was impressed with the work that Ed and Dan<br />
were doing and I thought that maybe using Java might make<br />
a nice interim version that would keep users’ interest in<br />
OpenOffice.org alive while they worked on NeoOffice.<br />
So Ed and Dan invited me to join the NeoOffice.org p<strong>ro</strong>ject<br />
and we came up with the name NeoOffice/J for my code.<br />
While this name worked well, many people refer to NeoOffice/J<br />
as NeoOffice so, to avoid confusion, we now refer to
the old NeoOffice p<strong>ro</strong>duct as NeoOffice/C.<br />
While no work is being done on NeoOffice/C, the work was<br />
extremely valuable as it served as the p<strong>ro</strong>ving g<strong>ro</strong>und for<br />
Ed and Dan’s integration of native widgets into OpenOffice.org.<br />
Their work, which was the basis for the native<br />
widget support in Red Hat and Ximian’s custom versions of<br />
OpenOffice.org, will definitely help us when we add Aqua<br />
widgets to NeoOffice/J.<br />
TM: Right now, NeoOffice/J on Mac is an amazing<br />
achievement, but its interface is still not quite there yet.<br />
For example the widgets and the file dialog box are still<br />
non-native. Do you think OS X users will eventually<br />
have, thanks to your efforts, a version of OpenOffice that<br />
uses Apple’s widgets? And. . . well, I have to ask you<br />
this: when do you think it will happen?<br />
PL: Now that a stable release of Neo/J is out, implementing<br />
Aqua widgets and dialogs is getting much closer. We need<br />
to upgrade to Java 1.4 first since Apple will not support Java<br />
1.3.1 on the new Intel machines. However, after we move to<br />
Java 1.4, our goal is to add native Aqua widgets and dialogs.<br />
TM: What’s your relationship with the OpenOffice developers<br />
like? Are you on good terms? Did your p<strong>ro</strong>ject<br />
take a while to gain acceptance?<br />
PL: I think that we have a good relationship. I am regularly<br />
talking with OOo staff at Sun and Collab.net. While I<br />
have heard rumors that Neo/J is separate f<strong>ro</strong>m OOo due to<br />
some conflict, this is far f<strong>ro</strong>m the truth. The primary reason<br />
that Neo/J is separate is that it benefits both OOo and us.<br />
Since we are always several months behind OOo’s official<br />
releases, doing our development outside of the OOo development<br />
p<strong>ro</strong>cess allows us to make changes without breaking<br />
the officially supported OOo platforms. Then, once our<br />
changes are stable, we donate back any changes that are<br />
common to the X11 version of OpenOffice.org.<br />
TM: What do you think about the fact that most of<br />
OpenOffice’s developers are Sun employees? Do you<br />
think this was behind the decision of d<strong>ro</strong>pping the “official”<br />
Aqua port?<br />
PL: This does not bother me at all. An application the size<br />
of OpenOffice.org requires a lot of highly skilled developers<br />
and my belief is that if Sun or some other company didn’t<br />
fund all of those developers, OpenOffice.org development<br />
would be extremely slow.<br />
POWER UP<br />
TM: Do you think the NeoOffice/J team should get a<br />
good sponsorship f<strong>ro</strong>m a company (Sun?) so that the<br />
development can be sped up?<br />
PL: We are always open to that and I am constantly pursuing<br />
outside funding. While a few companies have always been<br />
supportive of our efforts, funding has not materialized. So,<br />
instead of spending too much energy on looking for a big<br />
sponsor, we have worked on building our community. This,<br />
in turn, has led to a continual stream of small donations.<br />
These donations, while miniscule to a company the size of<br />
Sun or Apple, have had a huge impact on NeoOffice/J as I<br />
now am able to use these donations to reduce the amount of<br />
consulting work that I must do and use that time to work on<br />
NeoOffice/J.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
It really has amazed me how much of an<br />
impact small donations can make<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
It really has amazed me how much of an impact small donations<br />
can make. I would guess that many donors may wonder<br />
where their $10 donation goes. But collectively, these<br />
donations have translated into real imp<strong>ro</strong>vements to NeoOffice/J.<br />
TM: If you were to rewrite OpenOffice f<strong>ro</strong>m scratch,<br />
what would you change? Would you write something<br />
that is completely interface- and OS-independent? Do<br />
you think this is what the OpenOffice team should have<br />
done in the first place?<br />
PL: I can’t really p<strong>ro</strong>vide an answer to this question. In my<br />
opinion, rewriting OOo f<strong>ro</strong>m scratch is such a huge task and<br />
would require many people over several years to get a first<br />
working release out. This would be very costly so I don’t<br />
really consider it an option for anyone other than a large<br />
company with tens of millions of dollars to burn.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
In my opinion, rewriting OOo f<strong>ro</strong>m<br />
scratch is such a huge task and would<br />
require many people over several years<br />
to get a first working release out<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
TM: I have an iBook 900 MHz, and I just can’t run<br />
NeoOffice/J on my laptop. It takes about 30 seconds to<br />
Free Software Magazine Issue 9, November/December 2005 9
start, and it’s quite sluggish after that. Do you think this<br />
is just a matter of waiting for faster CPUs? Or do you<br />
think that something can be done to imp<strong>ro</strong>ve the performances?<br />
PL: The latest Neo/J 1.1 release patch imp<strong>ro</strong>ves the p<strong>ro</strong>gram’s<br />
performance a lot. In general, what we have found<br />
is that memory, not CPU speed, is what makes the big difference<br />
in NeoOffice/J performance. Unfortunately, since we<br />
are running Java and the huge amount of OpenOffice.org<br />
code at the same time, I can’t deny that NeoOffice/J is definitely<br />
a memory hog and adding more memory to a machine<br />
will make a sizable difference in speed. NeoOffice/J<br />
will work with 256 MB of memory, but 512 MB is closer to<br />
optimal.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
What we have found is that memory, not<br />
CPU speed, is what makes the big<br />
difference in NeoOffice/J performance<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
While part of the slow startup time is due to OpenOffice.org,<br />
POWER UP<br />
part of it is caused by the NeoOffice/J code. I have noticed<br />
that Sun’s engineers have made OpenOffice.org 2.0<br />
start much faster than OpenOffice.org 1.1. Hopefully, when<br />
we eventually move NeoOffice/J to the OpenOffice.org 2.0<br />
codebase, we will see imp<strong>ro</strong>vement in overall performance.<br />
Thanks for talking with us!<br />
Copyright information<br />
c○ 2005 Tony Mobily<br />
Verbatim copying and distribution of this entire article is<br />
permitted in any medium without <strong>ro</strong>yalty p<strong>ro</strong>vided this notice<br />
is preserved.<br />
About the author<br />
Tony Mobily is the Editor In Chief of Free Software<br />
Magazine
I read the news today, oh boy<br />
Reading RSS<br />
John Locke<br />
Ispent several years of my childhood in a remote<br />
corner of bush Alaska. When thinking about<br />
those times, I remember one village in particular:<br />
Point Lay (http://maps.google.com/<br />
maps?q=point+lay,+alaska\&ll=69.754601,<br />
-163.020287\&spn=0.101109,0.149217\&t=<br />
k\&hl=en), mid-way between Point Hope (http:<br />
//maps.google.com/maps?q=point+hope,<br />
+alaska\&ll=68.341484,-166.733322\&spn=<br />
0.193411,0.298433\&t=k\&hl=en) and Bar<strong>ro</strong>w<br />
(http://maps.google.com/maps?q=bar<strong>ro</strong>w,<br />
+alaska\&ll=71.286163,-156.738510\&spn=<br />
0.386822,0.596867\&t=k\&hl=en). In Point Lay,<br />
in the late 1970s, we got our news twice a week f<strong>ro</strong>m<br />
people and mail arriving on our regular mail planes. Every<br />
Tuesday and Friday, depending on the weather, news f<strong>ro</strong>m<br />
the outside world would arrive, filtered by the people who<br />
happened to be on the airplane or the magazines we were<br />
subscribed to. We didn’t have television, or good radio<br />
reception. Aside f<strong>ro</strong>m the delivery vehicle, the news we<br />
received was much like living in rural America a hundred<br />
years ago—second or third hand, heavily filtered.<br />
Meanwhile, much of the rest of the country got their news<br />
f<strong>ro</strong>m Walter C<strong>ro</strong>nkite, or their local newspaper. In the newspaper,<br />
a g<strong>ro</strong>wing number of stories came f<strong>ro</strong>m syndication<br />
services: the Associated Press and Reuters being the most<br />
p<strong>ro</strong>minent. Most comics and many other feature stories<br />
come f<strong>ro</strong>m various syndication services, and for freelance<br />
writers, being a syndicated columnist, such as Dave Barry,<br />
is one way to make meager newspaper sales add up to a nice<br />
income. In the print world, newspapers and magazines pay<br />
for every story or comic published.<br />
But becoming a syndicated content p<strong>ro</strong>ducer was still a<br />
challenge—you had to persuade each newspaper to pick up<br />
your content. The newspapers were the publishers, as were<br />
the television networks. All content, all news, was filtered<br />
th<strong>ro</strong>ugh the mass media. And there were only three nationwide<br />
commercial television networks. Instead of hearing<br />
about what the average traveller on a bush airplane thought<br />
was important, most of America would only hear what Walter<br />
C<strong>ro</strong>nkite or the various newspaper publishers thought<br />
was important.<br />
Everyone’s a publisher<br />
Times have changed. Aside f<strong>ro</strong>m making it easy to publish<br />
content, wikis, blogs, and other content management<br />
systems often include an automatic way to syndicate that<br />
content. It’s called Really Simple Syndication, or RSS for<br />
us ac<strong>ro</strong>nym-loving technophiles.<br />
The web made it possible for anybody to be a publisher.<br />
RSS makes it easy to see when there are new stories at your<br />
favorite web sites.<br />
Whether you realize it or not, you p<strong>ro</strong>bably already use RSS<br />
news feeds. If your home page has headlines that update every<br />
day, it’s p<strong>ro</strong>bably using RSS. When you visit a site that<br />
shows snippets of content f<strong>ro</strong>m other web sites, it’s using<br />
RSS to get that content.<br />
Free Software Magazine Issue 9, November/December 2005 11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Because nobody trusts anybody online<br />
automatically, the blogging world has<br />
developed a simple but powerful way of<br />
building credibility: comments and<br />
trackbacks<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
If you use one of the content management systems to publish<br />
content, you too can become a news source. Several<br />
implications here:<br />
• Anyone with a computer and an internet connection<br />
can subscribe to news feeds f<strong>ro</strong>m anywhere in the<br />
world<br />
• There’s a news feed for every interest under the sun<br />
• Anyone with something to say can find a place online<br />
to say it<br />
• Big media companies no longer have a monopoly on<br />
the news.<br />
Blogs have made RSS popular, and along with two other<br />
important features, are creating a new generation of citizen<br />
reporters. These two other features are trackbacks and ping<br />
services.<br />
TrackBacks: C<strong>ro</strong>ss-site comments<br />
If everyone’s a publisher, how do you judge the quality, accuracy,<br />
or fairness of what you read? You obviously can’t<br />
believe everything you read online. We used to be able to<br />
trust mass media to hold to an ethical standard of journalism,<br />
but anybody who believes that’s true today hasn’t compared<br />
Fox cable news assertions with the facts. Now, with<br />
millions of blogs contributing to the content mix, it’s absolutely<br />
certain you’re going to find biased, unfair, poorlythought-out<br />
arguments. Given such a chaotic mix, how can<br />
you trust anything anyone has to say?<br />
The answer is, you can’t, without knowing the back story.<br />
Who is writing the story, and what are their biases? Everyone<br />
has bias. The blogging world was built upon that<br />
assumption, unlike traditional media with its claimed objectivity.<br />
Because nobody trusts anybody online automatically, the<br />
blogging world has developed a simple but powerful way of<br />
building credibility: comments and trackbacks. Built into<br />
USER SPACE<br />
all blogging software is a way for anybody who cares to<br />
leave a comment about each story. While the blog owner<br />
can censor comments (and thanks to various types of spam<br />
that can appear on blogs, it’s necessary), you can make some<br />
judgement about the quality of the content by the quantity<br />
and nature of the comments.<br />
Trackbacks are a form of dialog between blogs. Trackbacks<br />
appear in the comments for a particular story, and link to a<br />
blog entry by another author, on another web site. By using<br />
trackbacks, bloggers can conduct extended dialogs, and you<br />
can trace the entire conversation.<br />
Comments and trackbacks are crucial elements for judging<br />
the quality of content. If a story sparks a long, heated debate,<br />
you can infer that it’s cont<strong>ro</strong>versial. If all of the comments<br />
support the story, perhaps the story is right on target—or<br />
perhaps the blogger has censored comments f<strong>ro</strong>m<br />
people who disagree. If there aren’t many comments, it becomes<br />
much harder to judge.<br />
Pinging update services<br />
12 Free Software Magazine Issue 9, November/December 2005<br />
Another new key feature of the blogging world are ping services.<br />
The word ping originally comes f<strong>ro</strong>m sonar, which<br />
sends out a “ping” sound th<strong>ro</strong>ugh water so that the sonar operators<br />
can detect objects by hearing the sound come back.<br />
In the computer world, you send a ping out to various things<br />
to see if they’re there. In the blogging world, your blog software<br />
sends out a ping to various services to let them know<br />
you’ve written a new entry.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Blogs rank highly on Google results<br />
because they are updated regularly—but<br />
more importantly, because so many of<br />
them link to each other th<strong>ro</strong>ugh the<br />
various ping update services<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
By pinging various aggregator sites, you essentially announce<br />
to the world that you have a new entry. Search engines<br />
find you quicker. Your entry appears in content aggregators.<br />
If you refer to other blogs in your story, they get<br />
notified about your story. This feature alone makes blogging<br />
more powerful than the other content management systems<br />
out there.
Straight f<strong>ro</strong>m the source<br />
So why read what amounts, at best, to a whole bunch of<br />
amateur journalism? Generally because you’re bypassing<br />
the “p<strong>ro</strong>fessional” journalists and sometimes getting stories<br />
directly f<strong>ro</strong>m the people making the news. Several CEOs of<br />
companies are now blogging. Activists blog. Politicians are<br />
starting to blog. And people in extraordinary circumstances<br />
blog every day.<br />
The prisoner abuses at Abu Ghraib reached the main stream<br />
media because a soldier posted pictures on his web site.<br />
Would we have ever heard about these abuses, without the<br />
internet? Perhaps not. Executives at major technology companies<br />
are starting to blog—companies like HP, Sun, and<br />
Mic<strong>ro</strong>soft. Mark Cuban, the owner of the Dallas Mavericks<br />
basketball team, has a blog. Porn stars and Washington<br />
interns have blogs. Darth Vader (http://darthside.<br />
blogspot.com/) even has a blog—or had one, until his<br />
fateful meeting with Luke.<br />
If you want to find out what’s going on in any area, a Google<br />
search will likely return a lot of results written on various<br />
blogs. Blogs rank highly on Google results because they are<br />
updated regularly—but more importantly, because so many<br />
of them link to each other th<strong>ro</strong>ugh the various ping update<br />
services. If you want to search just blog entries for a topic,<br />
try Technorati (http://www.technorati.com/).<br />
How to read RSS<br />
RSS reading is being built into more and more applications,<br />
web sites, and systems. As I already mentioned, you’re<br />
p<strong>ro</strong>bably already using RSS, whether you know it or not.<br />
But I find reading news feeds in the Firefox b<strong>ro</strong>wser to be<br />
a great way to dip your finger into the virtual information<br />
torrent that is the modern media.<br />
Firefox has a built-in feature for accessing RSS feeds, called<br />
Live Bookmarks. I don’t use Live Bookmarks myself—I<br />
think it takes more than a headline to determine if I’m interested<br />
in reading a story. There are several bookmark extensions<br />
you can install to read news feeds. My favorite is<br />
Sage.<br />
To install Sage:<br />
1. Open Firefox.<br />
2. On the Tools menu, click Extensions.<br />
USER SPACE<br />
Figure 1. The Sage extension in Firefox p<strong>ro</strong>vides an easy way to<br />
read news feeds.<br />
3. Click the Get More Extensions link.<br />
4. Follow the News Reading category link.<br />
5. Find the Sage extension. At this writing, it’s on page 2<br />
of the category listing. Click the Install icon.<br />
6. A pop-up window should appear, asking whether you<br />
want to install this extension. If it does not, Firefox<br />
may be configured to block software installations—you<br />
should see a light-yellow strip at the top of<br />
the b<strong>ro</strong>wser window, where you can click and change<br />
the settings to allow software installations f<strong>ro</strong>m this<br />
site.<br />
7. Click the Install Now button when it becomes available,<br />
and restart Firefox.<br />
You now have the Sage extension installed. Using it is<br />
easy—you’ll find it on the Tools menu at Tools -> Sage.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Thanks to the internet, traditional mass<br />
media no longer holds a monopoly on<br />
information channels<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Sage uses a folder of bookmarks to track its RSS feeds.<br />
You can designate any bookmark folder as the Sage folder<br />
by clicking the little Options button and choosing Settings.<br />
You’ll see the BBC f<strong>ro</strong>nt page and Yahoo! Sports as news<br />
feeds to get you started.<br />
Free Software Magazine Issue 9, November/December 2005 13
Figure 2. Customize the Firefox toolbar to make Sage easier to<br />
open.<br />
Hints using Sage<br />
Here are some tips and tricks when using Sage:<br />
Use the refresh icon to highlight feeds with new items<br />
In the Sage window, click the refresh icon. This checks each<br />
RSS feed to see if it has changed. If it has, the news feed<br />
title changes to bold text.<br />
Make the Sage sidebar available on your toolbar<br />
Right-click in the Firefox window, somewhere near the very<br />
top menu. Then you’ll be able to click the Customize item<br />
as shown in Figure 2. Not all that many people are aware<br />
that you can do this, but it can make a big difference. Drag<br />
the Sage icon up to the toolbar somewhere for easy access.<br />
While you’re here, you may want to drag the printer icon up<br />
there too.<br />
Open individual stories in tabs<br />
Tabbed b<strong>ro</strong>wsing is one of the best features in Firefox, and<br />
makes reading news feeds a two step p<strong>ro</strong>cess: first scan the<br />
news items for stories you want to read in depth, opening<br />
them in backg<strong>ro</strong>und tabs. Then read the stories. If you have<br />
a wheel mouse, click on the headline with the wheel to open<br />
it in a backg<strong>ro</strong>und tab. If you don’t have a wheel mouse or<br />
a middle button, you have to right-click the link to open it<br />
in a new tab.<br />
Add feeds f<strong>ro</strong>m the page you are b<strong>ro</strong>wsing<br />
When you visit a web site with an RSS feed, sometimes<br />
you’ll see a little orange icon in the b<strong>ro</strong>wser status bar. But<br />
not always. Some RSS feeds appear as various icons on the<br />
page, with labels such as XML, RSS, Atom, or Feed. Sometimes<br />
they’re just links. Sage can find all of the feeds linked<br />
on whatever page you’re viewing, by clicking the Discover<br />
Feeds button as shown in Figure 3.<br />
USER SPACE<br />
Figure 3. Use the Discover Feeds button to find the RSS feeds on a<br />
web page.<br />
Choosing news feeds<br />
14 Free Software Magazine Issue 9, November/December 2005<br />
As mentioned earlier, you can find news, opinions, and insights<br />
for all sorts of topics th<strong>ro</strong>ugh RSS news feeds. So,<br />
where do you start? I suggest starting with the periodicals<br />
that you already read. Most newspapers publish RSS feeds<br />
of their headlines, and often different feeds for different sections<br />
of their paper. Many magazines publish news feeds,<br />
too. But these are just the start.<br />
Thanks to the internet, traditional mass media no longer<br />
holds a monopoly on information channels. You can go<br />
straight to the source of news for your interests. Or choose<br />
any other channel or filter to get your information. As journalistic<br />
standards have evaporated, we all must learn to be<br />
more critical and discerning about where we learn what we<br />
know—this is a prime lesson the internet has to teach. But<br />
it also gives us the tools to easily find contrasting points of<br />
view, hear all sides of an argument before coming to a conclusion.<br />
I have quite a mix of news feeds in Sage, a mix of traditional<br />
news media, other organizations, and individual blogs<br />
which I’ve come to respect. Here’s a sampling:<br />
• New York Times (http://www.nytimes.<br />
com/)Technology section (and several other sections).<br />
• Christian Science Monitor (http://csmonitor.<br />
com/)Work/Money section (and other sections).<br />
• Wired News (http://wired.com/), news about<br />
technology and culture.
• Slashdot (http://slashdot.org/), “News for<br />
Nerds, stuff that matters”. Slashdot is basically a big<br />
conversation board with topics that point to stories all<br />
over the internet.<br />
• Linux Today (http://linuxtoday.com/), another<br />
news aggregator that points to stories published<br />
elsewhere about Linux and free software.<br />
• Seth Godin’s blog (http://sethgodin.<br />
typepad.com/seths blog/). Seth is an<br />
author of a marketing book who has lots of ideas about<br />
how the internet impacts on traditional marketing.<br />
• Joi Ito’s blog (http://joi.ito.com/). Joi is an<br />
investor in Japan who travels all over the world, participates<br />
in various standards bodies such as ICANN, and<br />
has been involved in many internet startups and ideas.<br />
• The Long Tail blog (http://longtail.<br />
typepad.com/the long tail/), by Chris<br />
Anderson. Anderson is the editor of Wired Magazine,<br />
and he writes about how the sheer availability of<br />
online shelf space is leading to entirely different<br />
market behavior.<br />
• Freakonomics blog (http://www.<br />
freakonomics.com/blog.php), by the authors<br />
of the new economic book called, what else,<br />
Freakonomics.<br />
Copyright information<br />
c○ 2005 John Locke<br />
This article is made available under the “Attribution-<br />
Share-alike” Creative Commons License 2.0 available f<strong>ro</strong>m<br />
http://creativecommons.org/licenses/by-sa/2.0/.<br />
About the author<br />
John Locke is the author of the book Open Source Solutions<br />
for Small Business P<strong>ro</strong>blems. He p<strong>ro</strong>vides technology<br />
strategy and free software implementations for<br />
small and g<strong>ro</strong>wing businesses in the Pacific Northwest<br />
th<strong>ro</strong>ugh his business, Freelock Computing (http://<br />
freelock.com).
Mozilla: a development<br />
platform under the hood of<br />
your b<strong>ro</strong>wser<br />
Should Java p<strong>ro</strong>grammers migrate to it?<br />
Davide Carboni<br />
This article compares two development platforms:<br />
Java and Mozilla. The object of this<br />
comparison is not to establish which one is best,<br />
but rather to measure the maturity, the advantages,<br />
and the disadvantages of Mozilla as a platform f<strong>ro</strong>m<br />
the point of view of a Java p<strong>ro</strong>grammer (as I am). Such a<br />
comparison is not a speculative exercise but it is the result<br />
of a p<strong>ro</strong>cess of technology scouting that I have performed<br />
during the last months with the objective being to find more<br />
effective tools, languages, and patterns for the development<br />
of distributed, pervasive, and location-aware internet applications.<br />
The article briefly int<strong>ro</strong>duces Java and Mozilla, and<br />
then points to similarities and differences. A detailed analysis<br />
of some important p<strong>ro</strong>gramming domains such as GUI,<br />
multitasking, remote applications, community p<strong>ro</strong>cess, and<br />
development tools are presented together with a comparison<br />
of functionalities p<strong>ro</strong>vided by the respective API.<br />
A short int<strong>ro</strong>duction to Java<br />
Java is a multi-platform object-oriented language. In other<br />
words, you can use constructs and patterns of objectoriented<br />
world to write p<strong>ro</strong>grams deployable in different operating<br />
systems without changing a line of code and without<br />
“recompiling”. Although this is quite common for interpreted<br />
languages, the Java code is not interpreted. Java compilers<br />
build binary code called bytecode, which is loaded<br />
and executed by a virtual machine, independently upon<br />
which the operating system is running in the “real” ma-<br />
16 Free Software Magazine Issue 9, November/December 2005<br />
chine. Thus, a bytecode compiled under Windows can be<br />
loaded and executed by a virtual machine running on Unix.<br />
The Java virtual machine hides underlying system-related<br />
details and it is p<strong>ro</strong>vided with a unified API, common to<br />
all platforms. This implies that only the functionalities that<br />
are common to all platforms can be exploited by Java p<strong>ro</strong>grams.<br />
The idea of “virtual machines” is not a new one;<br />
older languages such as Smalltalk int<strong>ro</strong>duced this solution<br />
years before Java, but as often occurs, the best and the first<br />
are not automatically the most successful.<br />
If the portability of bytecode is one of the key features of<br />
Java, another important feature is that at the beginning of its<br />
life Java was considered the “language for the web”. This<br />
was due to Applets—p<strong>ro</strong>grams that can be downloaded and<br />
executed inside a web page. Since its birth, both of these<br />
features of Java have revealed their limits. On one hand,<br />
bytecode portability assumes that the footprint of different<br />
machines is equivalent: loading bytecode compiled for a<br />
desktop PC in a PDA or to a cellular phone is in general not<br />
possible. On the other hand, Java Applets have gained less<br />
success and diffusion than other competitor technologies<br />
such as Mac<strong>ro</strong>media Flash. Nevertheless, Java has gained a<br />
huge popularity among research teams and also for p<strong>ro</strong>prietary<br />
software. Among the most noticeable applications are<br />
the tools for Java p<strong>ro</strong>gramming written in Java. Moreover,<br />
to extend the adoption of Java in small footprint devices,<br />
different “editions” of the Java platform were created: J2SE<br />
is the Java 2 standard edition virtual machine for the desktop<br />
computing and personal system applications; J2EE is
the enterprise edition which comprises server side components<br />
such as Servlet and Enterprise Javabeans. The J2ME<br />
p<strong>ro</strong>file aims at small devices such as mobile phones and embedded<br />
systems. For a complete classification of Java virtual<br />
machines and API please refer to Java’s web site [1]. In<br />
the domain of web applications, even though Java applets<br />
lost the war against Flash on the client side, things evolved<br />
favourably to Java technology on server-side. The J2EE<br />
p<strong>ro</strong>vides a <strong>ro</strong>bust framework for secure and scalable applications<br />
competing with the ASP and PHP technologies.<br />
One of the success points of Java is its technology pervasiveness.<br />
Java p<strong>ro</strong>grammers “make themselves at home” in<br />
a vast range of domains: they can write stand-alone p<strong>ro</strong>grams,<br />
application plug-ins, applets for web pages, web applications<br />
either in the form of servlets (Java code which<br />
embeds HTML tags) or Java Server Pages (HTML which<br />
embeds Java expressions), and Enterprise JavaBeans which<br />
build the application logic in multi-tiered architectures. Furthermore,<br />
Java scales the OOP paradigm to distributed systems<br />
by means of RMI (Remote Method Interface) and Jini<br />
(a framework which makes a deep use of code mobility to<br />
build dynamic collection of distributed services). In the domain<br />
of “small footprint” devices, Java has its JVM tailored<br />
for cell phones, PDAs, and smart cards.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
One of the success points of Java is its<br />
technology pervasiveness. Java<br />
p<strong>ro</strong>grammers “make themselves at<br />
home” in a vast range of domains<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
A short int<strong>ro</strong>duction to Mozilla<br />
Mozilla is not a language. It is a known free software suite<br />
of internet clients. However, looking under the hood, you<br />
can discover that Mozilla is not only a b<strong>ro</strong>wser and a messenger,<br />
but it is a platform with a complete componentbased<br />
architecture. You can develop new stand-alone p<strong>ro</strong>grams,<br />
add-ons for the b<strong>ro</strong>wser, and code that can be loaded<br />
f<strong>ro</strong>m remote hosts.<br />
The Mozilla p<strong>ro</strong>ject has quietly become a key<br />
building block in the open source infrastructure.<br />
(Tim O’Reilly)<br />
HACKER’S CODE<br />
The most remarkable elements of the Mozilla platform are<br />
its component architecture called XPCOM (which recalls<br />
Mic<strong>ro</strong>soft COM) and the Gecko layout engine, which can<br />
render both HTML and the XUL mark-up language—an<br />
XML language for the definition of rich (as opposed to poor<br />
HTML forms) graphical user interfaces. The entire GUI of<br />
Mozilla is written in XUL and rendered by the HTML/XUL<br />
Gecko rendering engine.<br />
The XUL app<strong>ro</strong>ach has p<strong>ro</strong>duced two main results: Firefox<br />
and Thunderbird. Aside f<strong>ro</strong>m these two software masterpieces<br />
there are hundreds of small third-party add-ons,<br />
which cover any possible requirement of final users.<br />
Firefox nudged IE below the 90 percent mark for<br />
the first time since the height of the b<strong>ro</strong>wser wars<br />
in the 1990s. (Ina Fried and Paul Festa [3])<br />
It is worth noting that Mic<strong>ro</strong>soft is likely to adopt a XULlike<br />
solution for its Longhorn operating system. The Mic<strong>ro</strong>soft<br />
solution consists of an XML language called XAML<br />
for the definition of graphical user interfaces integrated by<br />
C# scripting [4].<br />
Differently f<strong>ro</strong>m Java, Mozilla does not define a unique p<strong>ro</strong>gramming<br />
language. According to its philosophy, Mozilla<br />
exploits the best (or the worst, depending on the point of<br />
view) of existing languages and adds its own dialects. XUL<br />
is not a p<strong>ro</strong>gramming language but rather a GUI description<br />
language; events in the GUI are handled by Javascript<br />
scripts which can connect to the XPCOM architecture using<br />
the XPConnect bridge. New XPCOM components can<br />
be developed in both C ++ and Javascript and their interfaces<br />
are defined by means of XPIDL which is the Mozilla dialect<br />
for IDL (Interface Description Language). Data sources<br />
and configuration files are written in RDF. Finally, although<br />
XUL is used to define the structure of user interface, the<br />
final visual appearance is defined using CSS.<br />
Mozilla implements W3C standards and its architecture reflects<br />
this acquaintance giving a running envi<strong>ro</strong>nment and a<br />
framework in which p<strong>ro</strong>cessing HTML, RDF, CSS and connecting<br />
to HTTP servers is almost a “primitive” functionality.<br />
On the other hand, Mozilla is mainly an internet-client<br />
platform and it does not pervade other domains. So the only<br />
possible comparison is with the Java Standard Edition in the<br />
domain of desktop applications.<br />
Free Software Magazine Issue 9, November/December 2005 17
Similarities<br />
Classes are a central concept in Java. Any Java p<strong>ro</strong>ject is a<br />
set of classes (and other files like p<strong>ro</strong>perties and resources),<br />
and even the entry point of a standalone p<strong>ro</strong>gram is a class<br />
containing a method called main().<br />
>java -cp $(CLASSPATH) bar.foo.MyClass<br />
where MyClass “must” implement a method called main().<br />
Similarly Mozilla can be launched and instructed to load<br />
a special kind of XML document using a p<strong>ro</strong>tocol called<br />
“ch<strong>ro</strong>me”. The usage is:<br />
>mozilla \<br />
-ch<strong>ro</strong>me ch<strong>ro</strong>me://chatzilla/content/chatzilla.xul<br />
The result is the opening of an application called ChatZilla<br />
without opening the Navigator window.<br />
One of the characteristics of Java is the portability and the<br />
mobility of bytecode. This allows the deployment of Java<br />
applications in the form of applets. In other words, applications<br />
that are downloaded in the context of a web page<br />
and that can run using a portion of the web page as display.<br />
The receiving b<strong>ro</strong>wser must be powered with an internal or<br />
external JVM to execute the bytecode.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Differently f<strong>ro</strong>m Java, Mozilla does not<br />
define a unique p<strong>ro</strong>gramming language.<br />
According to its philosophy, Mozilla<br />
exploits the best (or the worst,<br />
depending on the point of view) of<br />
existing languages and adds its own<br />
dialects<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
In a similar way, you can write a XUL application for<br />
Mozilla, and publish it on a web server. A Mozilla b<strong>ro</strong>wser<br />
can download the XUL file f<strong>ro</strong>m the network and execute its<br />
code. A remarkable example of remote XUL is the Mozilla<br />
Amazon B<strong>ro</strong>wser [5] and some on line games [6].<br />
The community<br />
The community of Java p<strong>ro</strong>grammers is huge: there are<br />
hundreds of web sites, forums, newsg<strong>ro</strong>ups and mailing<br />
HACKER’S CODE<br />
18 Free Software Magazine Issue 9, November/December 2005<br />
lists. Java is a successful p<strong>ro</strong>gramming language and Java<br />
technologies are governed by the Java Community P<strong>ro</strong>cess<br />
which is open to experts outside Sun. Nevertheless, a large<br />
number of hackers and p<strong>ro</strong>grammers see the FLOSS (Free<br />
Libre Open Source Software) as the ultimate model for an<br />
open, dynamic, fair, and effective software development and<br />
distribution p<strong>ro</strong>cess. This g<strong>ro</strong>up — the Open Source Initiative<br />
— claim that Sun holds the cont<strong>ro</strong>l of Java, and OSI’s<br />
popular founder, Eric Raymond asked Sun to “let Java go”<br />
[7].<br />
Sun’s terms are so restrictive that Linux distributions<br />
cannot even include Java binaries for use as<br />
a b<strong>ro</strong>wser plugin, let alone as a standalone development<br />
tool. (Eric Raymond [7])<br />
F<strong>ro</strong>m its side, Sun advocates its “Sun Community Source<br />
License” [8] and claims that the pure OS model has some<br />
disadvantages:<br />
• There is no clear cont<strong>ro</strong>l over compatibility issues and<br />
there may, therefore, be fragmentation.<br />
• There may be no responsible organization. Bugs int<strong>ro</strong>duced<br />
by one organization may be too difficult for<br />
another organization using it to fix and of too low a<br />
priority for the author to fix in a timely manner.<br />
• P<strong>ro</strong>gress can be chaotic and have no direction.<br />
• There are limited financial incentives for imp<strong>ro</strong>vements<br />
and innovations, leading commercial developers<br />
to use the p<strong>ro</strong>prietary model.<br />
The reaction of the FLOSS community to the strict cont<strong>ro</strong>l<br />
of Java is the development of new and free software Java<br />
platforms such as Kaffe and GNU/Classpath.<br />
Mozilla is the result of opening Netscape to the public giving<br />
free access to the source code in the 1998. The first<br />
attempt to write a license for the free software community<br />
was a failure: the first draft of such a license was published<br />
to usenet and received a lot of negative feedback:<br />
One section of the license acted as a lightening<br />
<strong>ro</strong>d, catching most of the flames: the portion of<br />
the NPL that granted Netscape special rights to<br />
use code covered by the NPL in other Netscape<br />
p<strong>ro</strong>ducts without those p<strong>ro</strong>ducts falling under the<br />
NPL (Jim Hamerly and Tom Paquin and Susan<br />
Walton [9]).
Currently, Mozilla is distributed under MPL/GPL/LGPL<br />
triple license, allowing use of the files under the terms of<br />
any one of the Mozilla Public License, version 1.1 (MPL),<br />
the GNU General Public License, version 2 or later (GPL),<br />
or the GNU Lesser General Public License, version 2.1 or<br />
later (LGPL). The community was born and raised a<strong>ro</strong>und<br />
the site mozilla.org.<br />
Graphical user interfaces<br />
Java has basically two different GUI toolkits: AWT and<br />
Swing. The first one is a bridge between native widgets of<br />
the underlying operating system and the Java library. The<br />
advantage of AWT is in good performance while the shortcoming<br />
is mainly poverty in terms of features and native<br />
components. Swing, on the other hand, doesn’t rely upon<br />
native components, but instead every widget is rendered by<br />
the JVM inside a canvas in the screen. The Swing API is far<br />
larger than AWT, and it p<strong>ro</strong>vides a full object oriented and<br />
model-view-cont<strong>ro</strong>l oriented architecture but, compared to<br />
AWT, performances are poor.<br />
In the middle between AWT and Swing, there is the SWT<br />
library. It p<strong>ro</strong>vides a rich set of functionalities, and cont<strong>ro</strong>ls<br />
with good performance because low-level rendering is<br />
performed via C/C ++ libraries.<br />
The Mozilla app<strong>ro</strong>ach is completely different: instead of<br />
defining widgets as components of a library in an objectoriented<br />
p<strong>ro</strong>gramming language, Mozilla p<strong>ro</strong>grammers can<br />
define a GUI as an XML document.<br />
Mozilla’s philosophy of using “the right tool for<br />
the right job” is manifested most p<strong>ro</strong>minently in<br />
the design of the user interface [10].<br />
So, GUI’s are represented by a tree, and the DOM interface<br />
can be used to manage the item in the tree. The XML<br />
language used is called XUL and it goes beyond the simple<br />
HTML forms giving to the developer a full set of rich<br />
graphical components.<br />
Under the hood of Mozilla there is a remarkable piece of<br />
software called Gecko which can perform both the rendering<br />
of HTML pages and the rendering of the XUL user interfaces.<br />
Javascript, considered by many to be the best<br />
scripting language ever designed is ideal for specifying<br />
the behavior of your Interface widgets.<br />
HACKER’S CODE<br />
The figure shows how the gecko HTML engine is also able to render<br />
XUL. The XUL resource loaded into the Mozilla window is another<br />
instance of the Mozilla Navigator<br />
Where speed is the foremost consideration, we<br />
p<strong>ro</strong>vide C ++ libraries with multi-language interfaces<br />
for comprehensive, performant access to<br />
networking, filesystem, content, rendering, and<br />
much more [10].<br />
In fact, there are many b<strong>ro</strong>wsers based on Gecko, some of<br />
them like Mozilla Navigator and Firefox use Gecko to render<br />
both GUIs and web pages, while others like Camino<br />
uses Gecko only for web pages while the GUI is rendered<br />
with Cocoa GUI toolkit.<br />
Thus, the Mozilla Navigator is a XUL document that can be<br />
loaded in the b<strong>ro</strong>wser. In fact, if one tries to open the URL<br />
with Mozilla:<br />
ch<strong>ro</strong>me://navigator/content<br />
the result is quite amazing: an instance of a b<strong>ro</strong>wser rendered<br />
inside another b<strong>ro</strong>wser (figure 1).<br />
Multithreading<br />
Another interesting characteristic of Java is the support to<br />
concurrent p<strong>ro</strong>gramming. As Java p<strong>ro</strong>grams are executed<br />
in a virtual machine, multi-p<strong>ro</strong>gramming is in theory possible<br />
even in those systems where multi-tasking and multithreading<br />
is not supported by the kernel. In practice, today’s<br />
Free Software Magazine Issue 9, November/December 2005 19
operating systems are all p<strong>ro</strong>vided with a kernel able to<br />
schedule multiple threads and multiple p<strong>ro</strong>cesses. Another<br />
remarkable feature is that Java p<strong>ro</strong>vides a single API for<br />
all platforms and thus a single construct for the concurrent<br />
p<strong>ro</strong>gramming which makes use of the object primitive functions<br />
wait, notify, and of the keyword synch<strong>ro</strong>nized. This<br />
construct is available f<strong>ro</strong>m Java 1.0 to Java 1.4 and can be<br />
considered as a simplified form of the “monitor” construct.<br />
The model for concurrent p<strong>ro</strong>gramming has been imp<strong>ro</strong>ved<br />
since Java 1.5 to address some issues that are explained in<br />
[11].<br />
Also Mozilla allows concurrent p<strong>ro</strong>gramming, but only by<br />
writing C/C ++ code can you exploit the multi-threading API.<br />
In fact, an application written exclusively using XUL and<br />
Javascript is executed in a single threaded running envi<strong>ro</strong>nment,<br />
thus a blocking operation performed by our code<br />
cause the GUI to block. Javascript p<strong>ro</strong>vides alternative tools<br />
like timers which are pieces of code executed at a given time<br />
with a given period, but in my opinion these are not as expressive<br />
as monitors and synch<strong>ro</strong>nized code in Java.<br />
Portability<br />
Portability is one of the key factors in both platforms. Java<br />
ensures the portability of the bytecode because the JVM<br />
p<strong>ro</strong>vides a layer which isolates the code f<strong>ro</strong>m the underlying<br />
machine. On the other hand, Mozilla applications<br />
are not homogeneous: they can contain XUL, Javascript,<br />
HTML, CSS, C/C ++. The main issue is about the portability<br />
of C/C ++ components. While binary portability is<br />
not ensured Mozilla, nevertheless, p<strong>ro</strong>vides an API called<br />
Netscape Portable Runtime, which builds an abstraction<br />
layer between the C/C ++ code and the underlying machine.<br />
Using this layer, the source code can be easily compiled in<br />
different operating systems.<br />
Portability is an important value but it prevents the full exploitation<br />
of the underlying system, as code is portable only<br />
if it exploits those physical features which are common to<br />
all platforms. This is also a p<strong>ro</strong>blem in mobile computing<br />
where Java p<strong>ro</strong>vided API for Bluetooth and “mobile<br />
messaging” only when these features became “common” to<br />
many devices, causing the release of Java applications to<br />
be late in comparison with their C/C ++ counterparts. The<br />
limited integration with the hosting system also affects the<br />
HACKER’S CODE<br />
full exploitation of Desktop Managers like Windows and<br />
Gnome/KDE.<br />
Java API and XPCOM<br />
Both platforms p<strong>ro</strong>vide a rich set of API. The Java Development<br />
Kit p<strong>ro</strong>vides the following categories of functionalities:<br />
• GUI<br />
• Images<br />
• Input/Output on file/network/device<br />
• Language Reflection<br />
• Multithreading<br />
• Network Datagram, Socket and ServerSocket<br />
• Remote Method Interface<br />
• Security<br />
• Text manipulation<br />
• Sound<br />
• XML parsing<br />
• Abstract database connections<br />
20 Free Software Magazine Issue 9, November/December 2005<br />
On the other hand Mozilla p<strong>ro</strong>vides a language neutral API.<br />
Components can be written and accessed in different languages<br />
while interfaces are defined with a common Interface<br />
Description Language called XPIDL (see figure 2).<br />
The XPCOM API p<strong>ro</strong>vides the following categories of functionality:<br />
• Access to web platform components like address book,<br />
bookmarks, etc<br />
• Multithreading<br />
• Collections, Sets, Dictionaries<br />
• LDAP<br />
• Mail<br />
• Network<br />
• RDF and XML<br />
• SOAP, XML-RPC and WSDL.<br />
SOAP and web services are directly supported in the<br />
Mozilla API, while in Java Standard Edition they can be<br />
used loading some additional libraries, or are alternatively<br />
bundled with the J2EE. On the other hand, Java p<strong>ro</strong>vides<br />
the Remote Method Interface (RMI) which allows the building<br />
of distributed systems with object mobility and remote<br />
classloading.
Development tools<br />
The luxuriant choice of tools for Java is p<strong>ro</strong>bably the reason<br />
why Java p<strong>ro</strong>grammers don’t migrate to other development<br />
platforms.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Portability is an important value but it<br />
prevents the full exploitation of the<br />
underlying system, as code is only<br />
portable if it exploits those physical<br />
features which are common to all<br />
platforms<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
The quantity and quality of tools is impressive: code completion,<br />
refactoring tools, automatic generation of code portions,<br />
hyperlinking in source files, GUI visual editors, debuggers,<br />
test suites, build management, and automatic documentation.<br />
Moreover, integrated envi<strong>ro</strong>nments such as IntelliJ<br />
Idea, Eclipse, and others p<strong>ro</strong>vide a single access point<br />
to all of the mentioned tools (figure 3) with quick access to<br />
CVS repositories.<br />
The access to low-level functionalities is p<strong>ro</strong>vided by a special element<br />
of the architecture called XPConnect which acts as the “glue”<br />
between XUL/Javascript in the f<strong>ro</strong>nt-end and the implementation of<br />
components. The interface is defined in XPIDL<br />
HACKER’S CODE<br />
Eclipse is a powerful IDE with a lot of tools integrated in a single<br />
envi<strong>ro</strong>nment<br />
So, the first p<strong>ro</strong>blem for a Java p<strong>ro</strong>grammer willing to experiment<br />
coding with Mozilla tools is “where is the IDE?”.<br />
P<strong>ro</strong>bably the main obstacle in having an IDE for Mozilla is<br />
the very hete<strong>ro</strong>geneous nature of its languages, but in my<br />
opinion the Mozilla Foundation should focus in this direction<br />
to attract more developers.<br />
Although an IDE for Mozilla is still missing, there are some<br />
interesting tools. Among others there are:<br />
xpcshell: xpcshell is a command-line Javascript shell. It allows<br />
the testing of simple Javascript code snippets and also<br />
to load and test any kind of XPCOM. Unfortunately, the<br />
running envi<strong>ro</strong>nment of the xpcshell is not the same as a<br />
script in a XUL document, thus scripts that are expected to<br />
run in a GUI cannot be tested in the xpcshell.<br />
jsshell [12]: jsshell is an interesting service which runs as a<br />
socket server in the Mozilla b<strong>ro</strong>wser. It allows a TCP client<br />
to connect to the b<strong>ro</strong>wser and p<strong>ro</strong>mpts for Javascript commands.<br />
Differently f<strong>ro</strong>m xpcshell, jsshell has the b<strong>ro</strong>wser as<br />
the envi<strong>ro</strong>nment and it is very useful for testing extensions.<br />
venkman [13]: venkman is a debugger for Javascript. It is<br />
installed as a tool in Mozilla and it is widely considered the<br />
best debugger for Javascript code.<br />
Free Software Magazine Issue 9, November/December 2005 21
Comparison between Java and Mozilla<br />
Mozilla Java<br />
Desktop Good Good<br />
Mobile Poor Excellent<br />
Server Absent Good<br />
Web Excellent Good<br />
License Excellent Poor<br />
Community Good Good<br />
Tools Good Excellent<br />
Documentation Good Excellent<br />
Portability Good Good<br />
Multithreading Poor Good<br />
Conclusion<br />
The following table summarizes the comparison:<br />
Assigning the scores: 0 to Absent, 1 to Poor, 2 to Good, 3<br />
to Excellent, Java beats Mozilla 22 - 18. Nevertheless, the<br />
choice depends on the features you consider “really important”<br />
for your application.<br />
Java is a language and on its platform you can build complete<br />
systems using Java for mobile client, desktop client,<br />
and server side components. Certainly, this is great for p<strong>ro</strong>grammers,<br />
who can use a single development envi<strong>ro</strong>nment<br />
to code, test, debug, and deploy their application with an<br />
impressive p<strong>ro</strong>ductivity. Nevertheless, one characteristic of<br />
the internet is the “hete<strong>ro</strong>geneity” and even if Java p<strong>ro</strong>vides<br />
code mobility, this feature seems to have gained scarce popularity<br />
in the internet and it is limited in some niche of market<br />
and academia. So the Java bytecode has not become<br />
the lingua-franca; instead this <strong>ro</strong>le is p<strong>ro</strong>bably assigned to<br />
XML.<br />
Mozilla is open to inter-operability and is a language neutral<br />
platform as components can be written in any language<br />
(but to be honest they are consistently written in C ++ and<br />
Javascript). Mozilla applications are often the integration<br />
of elements written in XUL, Javascript, RDF, HTML, CSS,<br />
and C ++.<br />
Maybe, the right question is “when should a p<strong>ro</strong>grammer<br />
use Mozilla instead of Java?”. The ability to handle web<br />
content, GUIs, and multi-media inside Gecko is of course<br />
very interesting. Attempts to build an HTML layout en-<br />
HACKER’S CODE<br />
gine in Java have never yielded good results (Sun HotJava<br />
has been discontinued, also the Netscape attempt to port<br />
the Navigator in Java failed. Currently, there is the Jazilla<br />
p<strong>ro</strong>ject which has the objective to build a Java version of<br />
Mozilla, but at the moment the result is quite poor).<br />
As a last resort, it is possible to integrate Java and Mozilla:<br />
either embedding Gecko in a Java application or embedding<br />
Java applets in XUL documents. There is an on going<br />
p<strong>ro</strong>ject called blackconnect [14] which aims at the development<br />
of XPCOM in Java, but at the moment the p<strong>ro</strong>ject<br />
doesn’t seem very active.<br />
In perspective, the internet is evolving f<strong>ro</strong>m a web of documents<br />
to a web of services and the traditional HTML will<br />
become just one of the many ways to access the net. In any<br />
case Mozilla is ready to p<strong>ro</strong>vide rich user interfaces for a<br />
satisfactory interaction with web services.<br />
Bibliography<br />
[1] Java’s web site (http://java.sun.com) Last visited<br />
10/04/2005<br />
[2] Tim O’Reilly. Mozilla.org Unleashes Mozilla<br />
1.0 (http://www.internetnews.com/xSP/<br />
article.php/1299381) Last visited 15/04/2005<br />
[3] Ina Fried and Paul Festa. Reversal: Next IE divorced<br />
f<strong>ro</strong>m new Windows (www.news.com) February 15, 2005.<br />
[4] Inside XAML (http://www.ondotnet.com/<br />
pub/a/dotnet/2004/01/19/longhorn.html)<br />
Last visited 15/04/2005.<br />
[5] MAB Mozilla Amazon B<strong>ro</strong>wser (http://mab.<br />
mozdev.org) Last visited 15/04/2005.<br />
[6] mozdev.org - games (http://games.mozdev.<br />
org/) Last visited 15/04/2005.<br />
[7] Eric Raymond. Let Java go: an open letter to<br />
Scott McNealy, CEO of Sun (http://www.catb.org/<br />
∼ esr/writings/let-java-go.html) Last visited<br />
15/04/2005.<br />
22 Free Software Magazine Issue 9, November/December 2005<br />
[8] Richard P. Gabriel and William N. Joy. Sun Community<br />
Source License Principles (http://www.sun.<br />
com/981208/scsl/principles.html) Last visited<br />
15/04/2005.
[9] Jim Hamerly and Tom Paquin and Susan Walton. “Freeing<br />
the Source: The Story of Mozilla Open Sources”.<br />
Published in “Voices f<strong>ro</strong>m the Open Source Revolution”.<br />
O’Reilly. ISBN 1-56592-582-3.<br />
[10] The Mozilla Application Framework in<br />
Detail (http://www.mozilla.org/why/<br />
framework-details.html) Last visited 15/04/2005.<br />
[11] Qusay H. Mahmoud. Concurrent p<strong>ro</strong>gramming with<br />
J2SE 5.0 (http://java.sun.com/developer/<br />
technicalArticles/J2SE/concurrency/) Last<br />
visited 15/04/2005.<br />
[12] C<strong>ro</strong>czilla.com (http://www.c<strong>ro</strong>czilla.com/<br />
jssh) Last visited 15/04/2005.<br />
[13] Venkman Javascript Debugger (http://www.<br />
hacksrus.com/ ∼ ginda/venkman/) Last visited<br />
15/04/2005.<br />
[14] Java-to-XPCOM Bridge (http://java.mozdev.<br />
org/blackconnect/) Last visited 15/04/2005.<br />
Copyright information<br />
c○ 2005 Davide Carboni<br />
(The following license is effective immediately)<br />
Permission is granted to copy, distribute and/or modify this<br />
document under the terms of the GNU Free Documentation<br />
License, Version 1.2 or any later version published by the<br />
Free Software Foundation; with no Invariant Sections, no<br />
F<strong>ro</strong>nt-Cover Texts, and no Back-Cover Texts. A copy of the<br />
license is available at http://www.gnu.org/copyleft/fdl.html<br />
About the author<br />
Davide Carboni holds a PhD in Computer Science. He<br />
is currently employed as “expert software engineer” at<br />
the Center for Advanced Studies, Research and Development<br />
in Sardinia (CRS4). His research interests are<br />
in the field of peer-to-peer systems, distributed computing,<br />
web applications, and agile software engineering.
Code signing systems<br />
How to manage digital certificates, Software Publishing<br />
Certificates and private keys for code signing<br />
Saqib Ali<br />
This article looks at the management of the private<br />
key for the Software Publishing Certificate<br />
(SPC). SPCs are used to digitally sign binaries<br />
that are p<strong>ro</strong>duced by software development<br />
vendors. Digitally signing executables p<strong>ro</strong>ves the identity<br />
of the software vendor and guarantees that the code has not<br />
been altered or corrupted since it was created and signed.<br />
Signing the code requires access to the SPC and the Private<br />
Key (PVK) associated with the SPC.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Digitally signing executables p<strong>ro</strong>ves the<br />
identity of the software vendor and<br />
guarantees that the code has not been<br />
altered or corrupted since it was created<br />
and signed<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Backg<strong>ro</strong>und<br />
In cryptography, key management includes secure generation,<br />
distribution, and storage of keys. App<strong>ro</strong>priate and successful<br />
key management is critical to the secure use of every<br />
crypto-system without exception. Secure methods of<br />
key management are extremely important. Once a key is<br />
randomly generated, it must remain secret to avoid misuse<br />
(such as impersonation). It is, in actual practice, the most<br />
difficult aspect of cryptography, for it involves system policy,<br />
user training, organizational and departmental interactions<br />
in many cases, and coordination between end users,<br />
24 Free Software Magazine Issue 9, November/December 2005<br />
Windows XP SP2 will p<strong>ro</strong>duce this warning message for unsigned<br />
binaries. The user can NOT verify the authenticity of the code<br />
etc. Most attacks on public-key systems will p<strong>ro</strong>bably be<br />
aimed at the key management level, rather than at the cryptographic<br />
algorithm itself.<br />
Many of these concerns are not limited to cryptographic engineering<br />
and are outside a strictly cryptographic domain.<br />
The responsibility of the p<strong>ro</strong>per key management falls on<br />
the upper management in an organization of any size.<br />
Users must be able to store their private keys securely, so<br />
no intruder can obtain them, yet the keys must be readily<br />
accessible for legitimate use.<br />
There are many solutions available for p<strong>ro</strong>per key management<br />
of private keys owned by single individuals. Verisign,<br />
Entrust, RSA, and Mic<strong>ro</strong>soft’s Active Directory all p<strong>ro</strong>vide<br />
a good mechanism for managing keys owned by individuals.
For signed binaries the source (vendor name) is displayed. The user<br />
knows that the code is authentic, and has not been tampered with<br />
during the transmission<br />
However, the management of private keys owned by g<strong>ro</strong>ups<br />
or organizations is an issue that lacks p<strong>ro</strong>per tools and<br />
guidelines. Examples of these types of private keys include:<br />
• The private key for the SSL certificates owned by<br />
g<strong>ro</strong>ups or organizations<br />
• The private key for SPC owned by a software development<br />
vendor<br />
• The private key for the <strong>ro</strong>ot CA (certification authority)<br />
This article looks at the management of the private key for<br />
the SPC.<br />
A digital signature informs the user:<br />
1. Of the true identity of the publisher.<br />
2. Of a place to find out more about the binaries.<br />
Code signing digital certificates can be purchased<br />
f<strong>ro</strong>m Verisign (http://www.verisign.com/<br />
p<strong>ro</strong>ducts-services/security-services/<br />
code-signing/index.html)<br />
So what’s the p<strong>ro</strong>blem?<br />
In any software development firm more than one person<br />
needs to be able to sign the latest build, and release for<br />
download. However, allowing multiple developer access to<br />
the private key kills the security of the key. Every time a<br />
secret key is shared, the confidentiality p<strong>ro</strong>vided by that key<br />
gets halved. Some questions that come to mind:<br />
1. What are the best practices for managing Code Signing<br />
Digital IDs and private keys?<br />
HACKER’S CODE<br />
2. What can be done to secure the private key for code<br />
signing?<br />
3. Who should have the possession of the private key?<br />
Multiple people or just the p<strong>ro</strong>ject manager?<br />
4. What key esc<strong>ro</strong>w (recovery) techniques can be used, if<br />
the private key holder is not available?<br />
5. Who should be allowed to digitally sign the build?<br />
If one person is responsible for signing all binaries, that<br />
person becomes the single point-of-failure. So it is recommended<br />
to give several people the ability to sign builds.<br />
However, this needs to be done in a way that several developers<br />
DO NOT end up with the private key for the SPC.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
A secret sharing scheme allows you to<br />
distribute a secret (such as a private<br />
key) over some number of people such<br />
that a specified number of people (the<br />
threshold) must work together to recover<br />
the secret<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Code signing system: option one<br />
One option is to use a code signing system (let’s call<br />
it CSS1), which uses a shared secret scheme (Shamir,<br />
Blakeley or Trivial). A secret sharing scheme allows you<br />
to distribute a secret (such as a private key) over some<br />
number of people such that a specified number of people<br />
(the threshold) must work together to recover the secret.<br />
For more information on secret sharing, have a look at<br />
this Wikipedia entry (http://en.wikipedia.org/<br />
wiki/Secret sharing). In its simplest form, this option<br />
would involve giving out “parts” of keys to each developer,<br />
and the CSS1 would have the knowledge on how to<br />
reconstruct the private key. If at least three developers are<br />
able to p<strong>ro</strong>vide parts of the whole key, the CSS1 would go<br />
ahead reconstruct the key and sign the binary. The developers<br />
will never get to see the whole private key. This way,<br />
you can avoid a single person being able to sign, while at<br />
the same time making sure that no single person is critical<br />
for the signing. To further secure the system Shamir’s or<br />
Blakeley’s scheme can be used.<br />
Secret sharing is a good start, but it doesn’t get you all the<br />
way there. Suppose its time to sign a new build: then some<br />
Free Software Magazine Issue 9, November/December 2005 25
parties reconstruct the secret key, and poof all of a sudden<br />
CSS1 knows the secret key, and you are back to a single<br />
point (or even multiple points) of (security) failure. Now<br />
you are dependent on the security implemented in the CSS1<br />
to safe guard the privacy of the key. An attacker might be<br />
able to make use of the window in time between the key<br />
being reconstructed and the key being dest<strong>ro</strong>yed, to retrieve<br />
the key f<strong>ro</strong>m the CSS1.<br />
Code signing system: option two<br />
Another low-tech option is to use an isolated computer dedicated<br />
for code signing. Let’s call this system CSS2. CSS2<br />
should have no hard drive or network connection of any<br />
type. The operating system and the code signing tools,<br />
including the PVK and SPC, should reside on a read-only<br />
DVD. The following are security considerations:<br />
1. The operating system contained on the DVD should be<br />
very minimal. It should restrict any file copying or displaying<br />
functionality. It should also restrict any access<br />
to the console. This way an attacker cannot copy the<br />
PVK and the SPC f<strong>ro</strong>m the DVD.<br />
2. The DVD should be encrypted, and the decryption key<br />
should be embedded into CSS2. This way any copies<br />
of the DVD will be useless, outside CSS2.<br />
3. The DVD should be placed in a safe box, which requires<br />
three more or keys to open it.<br />
At the time of signing, at least 3 developers must get together<br />
to perform the code signing. They must use their<br />
keys to open the safe box, retrieve the DVD, boot the computer<br />
using the DVD, sign their code, and place the DVD<br />
back into the safe.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Inevitably, there is still the potential for<br />
collusion, i.e. three or more developers<br />
with malicious intent can work together<br />
to create and sign malicious software<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
This system will prevent any attacker f<strong>ro</strong>m gaining access<br />
to the PVK file. Even if an attacker gets hold of a copy<br />
of the DVD, it will be useless since it is encrypted. Also,<br />
since there is no file copy or display mechanism on CSS2,<br />
HACKER’S CODE<br />
the PVK file can not copied. Inevitably, there is still the<br />
potential for collusion, i.e. three or more developers with<br />
malicious intent can work together to create and sign malicious<br />
software.<br />
Conclusion<br />
Code signing can p<strong>ro</strong>vide a very good security tool for verifying<br />
the authenticity of a released binary, and also guarantee<br />
that the code was not tampered with during transmission.<br />
However, management of the certificate and private key for<br />
code signing is very critical. If these private keys and certificates<br />
are misused, both the customer and software vendor<br />
can be adversely affected. The customer might end up with<br />
malicious software on their computer, while the vendor may<br />
lose money and reputation. If p<strong>ro</strong>per key management techniques<br />
are utilized, any misuse can be avoided.<br />
Copyright information<br />
c○ 2005 Saqib Ali<br />
Permission is granted to copy, distribute and/or modify this<br />
document under the terms of the GNU Free Documentation<br />
License, Version 1.2 or any later version published by the<br />
Free Software Foundation; with no Invariant Sections, no<br />
F<strong>ro</strong>nt-Cover Texts, and no Back-Cover Texts. A copy of the<br />
license is available at http://www.gnu.org/copyleft/fdl.html<br />
About the author<br />
26 Free Software Magazine Issue 9, November/December 2005<br />
Saqib Ali is Senior Systems Engineer at Seagate Technology.<br />
He also manages the free software XML Validator<br />
and Transformer available at http://validate.sf.net<br />
(http://validate.sf.net)
Int<strong>ro</strong>duction to Zope<br />
Part 1: Python<br />
Kirk Strauser<br />
Zope is a web application server, similar in concept<br />
to p<strong>ro</strong>prietary p<strong>ro</strong>ducts like Cold Fusion.<br />
However, it is free software that is available under<br />
the GPL-compatible Zope Public License,<br />
which is very similar to the BSD License. Zope was designed<br />
with the specific goals of creating a powerful, secure<br />
framework for the development of <strong>ro</strong>bust web-based<br />
services with a minimum of effort.<br />
However, Zope’s biggest distinguishing characteristic is<br />
how closely it models the language it is written in: Python.<br />
In fact, many of its features are directly derived f<strong>ro</strong>m its underlying<br />
Python structure. Because of that, it’s difficult to<br />
truly understand or appreciate Zope without having a basic<br />
knowledge of Python. This article, the first in a two part series,<br />
is intended as a high-level int<strong>ro</strong>duction to the language.<br />
Next month’s instalment will build upon this by demonstrating<br />
practical examples of Zope code.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Zope’s biggest distinguishing<br />
characteristic is how closely it models<br />
the language it is written in: Python<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Language features<br />
Although Python has been in use since the early 1990’s, it’s<br />
only become relatively popular in the last few years. Many<br />
p<strong>ro</strong>grammers view it as the spiritual successor to Perl. That<br />
is, it’s an expressive, interpreted language that’s equally at<br />
home in small system scripts or much larger applications.<br />
However, it has the deserved reputation of usually being<br />
easier to read and maintain than the equivalent Perl code.<br />
Python also sports an excellent object oriented app<strong>ro</strong>ach<br />
that’s much cleaner and more integral to the overall design<br />
than is Perl’s. Perhaps most important, though, is a belief<br />
by the core development team in doing things the right way.<br />
It was designed f<strong>ro</strong>m the beginning with an emphasis on<br />
practical elegance—Python strives to allow p<strong>ro</strong>grammers to<br />
easily express their ideas in intuitive ways.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
It was designed f<strong>ro</strong>m the beginning with<br />
an emphasis on practical<br />
elegance—Python strives to allow<br />
p<strong>ro</strong>grammers to easily express their<br />
ideas in intuitive ways<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Significant whitespace<br />
The first thing that everyone notices about Python is its use<br />
of significant whitespace. Rather than marking blocks of<br />
code with keywords such as “begin” and “end”, or curly<br />
brackets a la C, Python sets them apart with indentation.<br />
Frankly, a lot of p<strong>ro</strong>grammers hate the idea when they first<br />
see it. If you’re one of them, don’t be discouraged; the feeling<br />
passes quickly. It enforces the style guidelines that most<br />
good p<strong>ro</strong>grammers would be following anyway, and soon<br />
becomes quite natural. Python is flexible regarding the use<br />
Free Software Magazine Issue 9, November/December 2005 27
of spaces versus tabs, as long as you consistently use the<br />
same kind and amount of whitespace to indent. Furthermore,<br />
almost all p<strong>ro</strong>gramming editors have Python modes<br />
that handle the details for you.<br />
The standard comparison of formatting between C and<br />
Python is the “factorial” function. In C, that could be written<br />
as:<br />
int factorial(int i) {<br />
if(i == 1) {<br />
return 1;<br />
}<br />
else {<br />
return i * factorial(i - 1);<br />
}<br />
}<br />
(or in one of many other common styles). A Python p<strong>ro</strong>grammer<br />
would p<strong>ro</strong>bably write something extremely similar<br />
to:<br />
def factorial(i):<br />
if i == 1:<br />
return i<br />
else:<br />
return i * factorial(i - 1)<br />
Except for the missing curly brackets, the formatting is almost<br />
identical between the two.<br />
Interactive development<br />
Python includes an interactive shell where you can experiment<br />
and test new code. Running the python command<br />
without any arguments will result in something like:<br />
Python 2.3.5 (#1, Apr 27 2005, 08:55:40)<br />
>>><br />
At this point, you can enter Python commands directly to<br />
see their effect. If you’re working on a large p<strong>ro</strong>ject, you can<br />
load specific parts of it for manual testing without affecting<br />
other modules. It’s equally handy for verifying that short<br />
functions will work as expected before embedding them into<br />
a larger body of code. It’s difficult to convey exactly how<br />
convenient this is, and how efficient the code-experimentcode<br />
cycle can be.<br />
Finally, the interactive p<strong>ro</strong>mpt is an excellent place to explore<br />
objects, and the data and functions inside them. Typing<br />
dir(someobject) will return the list of objects referenced<br />
by someobject, and most of the functions in Python’s core<br />
libraries contain a doc attribute with usage information:<br />
HACKER’S CODE<br />
Python keywords<br />
The whole language is built upon a short list of words:<br />
and, del, for, is, raise, assert, elif, f<strong>ro</strong>m, lambda, return,<br />
break, else, global, not, try, class, except, if, or, while,<br />
continue, exec, import, pass, yield, def, finally, in, and<br />
print. If you’ve ever written a p<strong>ro</strong>gram, you p<strong>ro</strong>bably<br />
already have an accurate idea of what most of them do.<br />
>>> dir(str)<br />
[lots of stuff, ..., ’translate’, ’upper’, ’zfill’]<br />
>>> print str.upper.__doc__<br />
S.upper() -> string<br />
Return a copy of the string S converted to uppercase.<br />
Tiny core language<br />
Python 2.3.5, the version recommended for use with the latest<br />
p<strong>ro</strong>duction release of Zope, has just 29 reserved words.<br />
Perl has quite a few more: 206 as of version 5.6.8. PHP<br />
tips the scales with up to an incredible 3972 commands and<br />
functions in the base language (although many can be added<br />
and removed at compilation time). The practical upshot is<br />
that any experienced p<strong>ro</strong>grammer should be able to memorize<br />
the entire language in an evening. This simplicity does<br />
not reflect a lack of power though. Although most of the<br />
familiar commands are similar to their counterparts in other<br />
languages, several are significantly more flexible. The for<br />
command, as an example, will cheerfully iterate ac<strong>ro</strong>ss a<br />
set of numbers, a list of strings, or the keys of a dictionary<br />
object.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Any experienced p<strong>ro</strong>grammer should be<br />
able to memorize the entire language in<br />
an evening<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
St<strong>ro</strong>ng dynamic typing<br />
28 Free Software Magazine Issue 9, November/December 2005<br />
Python is dynamically typed, which means that it executes<br />
its type checks during p<strong>ro</strong>gram execution (as opposed to C).<br />
It is also st<strong>ro</strong>ngly typed, meaning that it won’t convert data<br />
f<strong>ro</strong>m one type to another unless you explicitly ask it to (as
opposed to Perl). The language makes great use of this flexibility<br />
by passing parameters to functions as reference instead<br />
of by value. The net effect is that you can pass almost<br />
any object to a function, and if the operations in the function<br />
make sense for that type of object, then the function will<br />
work as expected. For example, the following code defines<br />
a function that will add any two compatible values together:<br />
>>> def add(a, b):<br />
... return a + b<br />
...<br />
>>> add(1, 2) # Two integers<br />
3<br />
>>> add([1,2,3], [4,5,6]) # Two lists<br />
[1, 2, 3, 4, 5, 6]<br />
>>> add(’1’, 2) # A string and an integer<br />
TypeEr<strong>ro</strong>r: cannot concatenate ’str’ and ’int’ objects<br />
In practice, this allows you to write generic code that can operate<br />
on any number of data types without additional modification.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Python is dynamically typed, which<br />
means that it executes its type checks<br />
during p<strong>ro</strong>gram execution (as opposed<br />
to C)<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Garbage collection<br />
Never alloc() or free() memory again. Python automatically<br />
allocates space to store your data structures and frees<br />
it when you’re finished with them. This has nume<strong>ro</strong>us large<br />
advantages. First, it frees p<strong>ro</strong>grammers f<strong>ro</strong>m the low-level<br />
details that waste their time. By allowing you to concentrate<br />
on algorithms and design instead of pedantic record<br />
keeping, it gives you the freedom to spend your time where<br />
it’s most useful. Second, it eliminates an entire class of efficiency<br />
and security er<strong>ro</strong>rs. You don’t have to worry about<br />
the buffer overruns or memory leaks that C p<strong>ro</strong>grammers<br />
must carefully avoid. Finally, it’s fast. While experts could<br />
possibly write optimized memory management <strong>ro</strong>utines for<br />
themselves, Python is much better at the task than the vast<br />
majority of average users.<br />
Garbage collected memory management has quite a few<br />
other non-obvious benefits, with complex datatypes being<br />
near the top of the list. To compose a list of various types<br />
HACKER’S CODE<br />
objects, you simply create them and put them together into<br />
such a list:<br />
>>> a = ’a short string’;<br />
>>> b = [1, 2, 3]<br />
>>> c = [a, b]<br />
>>> c<br />
[’a short string’, [1, 2, 3]]<br />
Whenever the p<strong>ro</strong>gram’s execution moves past the scope<br />
where these objects are defined, they simply vanish. Compare<br />
this with other languages that would require you to<br />
track an objects existence by hand and decide whether (a)<br />
you’re truly finished using that object, or (b) another object<br />
still references them. This isn’t the same as saying that<br />
p<strong>ro</strong>grammers never have to consider memory usage—bad<br />
design is still bad design—but the penalties for not doing so<br />
are far smaller.<br />
Object oriented and functional p<strong>ro</strong>gramming<br />
In Python, almost everything is an object. A module is an<br />
object that contains definitions of other objects. Classes<br />
are objects that contain functions and variables. Functions<br />
themselves are objects. Since values are passed to functions<br />
by reference, this means that you can pass functions just as<br />
easily as integers, strings, or any other objects. In the example<br />
below, I define three simple functions that perform<br />
an operation on a number and return the result. Then, I define<br />
another function, which takes a number and a function<br />
to call with that number, and execute it with some sample<br />
values:<br />
>>> def plusone(a): return a + 1<br />
...<br />
>>> def plustwo(a): return a + 2<br />
...<br />
>>> def timesthree(a): return a * 3<br />
...<br />
>>> def math(number, operation):<br />
... return operation(number)<br />
...<br />
>>> math(1, plusone)<br />
2<br />
>>> math(2, plustwo)<br />
4<br />
>>> math(3, timesthree)<br />
9<br />
Free Software Magazine Issue 9, November/December 2005 29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
You don’t have to worry about the buffer<br />
overruns or memory leaks that C<br />
p<strong>ro</strong>grammers must carefully avoid<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
This simple pattern is used widely in Python. For example,<br />
the list.sort function can use an optional function to compare<br />
two values in a list and order them app<strong>ro</strong>priately. Various<br />
GUI toolkits work by passing functions to event handlers<br />
so that they’re executed when the respective events occur.<br />
Functions can even be stored in other data structures, such<br />
as dictionaries, and retrieved as needed.<br />
Pervasive namespaces<br />
As mentioned above, imported modules are just another<br />
kind of object. This means that rather than bringing the<br />
functions and variables f<strong>ro</strong>m a module into the current<br />
namespace (as C does), they remain within their named object:<br />
>>> import time<br />
>>> dir(time)<br />
[a lot of stuff, ..., ’asctime’, ’clock’, ...]<br />
>>> clockName<br />
Er<strong>ro</strong>r: name ’clock’ is not defined<br />
Thanks to this feature, you don’t have to worry about conflicting<br />
names f<strong>ro</strong>m unrelated modules. Experienced p<strong>ro</strong>grammers<br />
should immediately appreciate the organizational<br />
advantages this brings. Novices will like the fact that they’re<br />
not immediately faced with an overwhelming number of<br />
functions.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Python is one of a new generation of<br />
c<strong>ro</strong>ss-platform p<strong>ro</strong>gramming languages.<br />
It’s simple enough that new<br />
p<strong>ro</strong>grammers can immediately start<br />
using it immediately, but it’s equipped<br />
with the tools that make experts rejoice<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Conclusion<br />
Python is one of a new generation of c<strong>ro</strong>ss-platform p<strong>ro</strong>gramming<br />
languages. It’s simple enough that new p<strong>ro</strong>grammers<br />
can immediately start using it, but equipped with the<br />
HACKER’S CODE<br />
tools that make experts rejoice. It freely mixes imperative,<br />
object oriented, and functional p<strong>ro</strong>gramming so that you can<br />
choose the app<strong>ro</strong>ach most app<strong>ro</strong>priate for the task at hand.<br />
It’s used by companies such as Google and websites like<br />
Wikipedia, and is quickly becoming a common choice for<br />
new application development.<br />
I haven’t forgotten about Zope. However, the features that<br />
have made it a powerful and popular application server originate<br />
in Python, and to truly “get” Zope, you must have a<br />
passing understanding of Python. In next month’s column,<br />
I’ll explore the ties between the two and demonstrate Zope’s<br />
power by implementing several practical web application<br />
components.<br />
Bibliography<br />
Python Keywords (http://www.python.org/doc/<br />
2.3.5/ref/keywords.html)<br />
Perl Functions (http://perldoc.perl.org/<br />
index-functions-by-cat.html)<br />
PHP Quick Reference (http://www.php.net/<br />
quickref.php)<br />
PHP ’Reserved’ Words (http://us2.php.net/<br />
manual/en/reserved.php)<br />
Copyright information<br />
c○ 2005 Kirk Strauser<br />
(The following license is effective immediately)<br />
This article is made available under the “Attribution-<br />
Share-alike” Creative Commons License 2.0 available f<strong>ro</strong>m<br />
http://creativecommons.org/licenses/by-sa/2.0/.<br />
About the author<br />
30 Free Software Magazine Issue 9, November/December 2005<br />
Kirk Strauser has a BSc in Computer Science f<strong>ro</strong>m<br />
Southwest Missouri State University. He works as a<br />
network application developer for The Day Companies,<br />
and runs a small consulting firm (http://www.<br />
strauserg<strong>ro</strong>up.com/) that specializes in network<br />
monitoring and email filtering for a wide array of<br />
clients. He has released several p<strong>ro</strong>grams under free<br />
software licenses, and is active on several free software<br />
support mailing lists and community websites.
How to get people to work for<br />
free<br />
Attracting volunteers to your free software p<strong>ro</strong>ject<br />
David Horton<br />
As time marches on and our lives become more<br />
complicated, it seems we have less and less<br />
time to devote to that free software p<strong>ro</strong>ject<br />
we started back in our idealistic youth. Rather<br />
than abandoning a good p<strong>ro</strong>ject due to lack of time, consider<br />
seeking out the assistance of other members of the free software<br />
community. With a few simple steps you can make it<br />
easy to find volunteers to help you complete your p<strong>ro</strong>ject.<br />
A <strong>ro</strong>admap to finding volunteers<br />
You need to start with a solid understanding of your own<br />
p<strong>ro</strong>ject before you can expect other people to help you with<br />
it. Have you thought about where you want your p<strong>ro</strong>ject to<br />
be one year f<strong>ro</strong>m now? Think about it. Now write it down.<br />
Once you know the direction you want your p<strong>ro</strong>ject to go,<br />
you can start communicating the big picture to other people.<br />
As more people begin to understand your p<strong>ro</strong>ject’s ultimate<br />
destination it’s easier for some of them to become interested<br />
in helping you get it there. You may start receiving emails<br />
asking, “How can I help?” and when people offer to help<br />
you need to come up with a better response than, “I don’t<br />
know, what can you do?” Be prepared to reply with specific<br />
tasks that can be worked on and completed in a reasonable<br />
amount of time. You should also make sure you communicate<br />
the benefits the volunteers can expect to get f<strong>ro</strong>m contributing<br />
to your p<strong>ro</strong>ject. It’s p<strong>ro</strong>bably not money, but there<br />
are things of value that people can gain as free software volunteers.<br />
If this seems like a lot of information to digest, don’t worry,<br />
this article will cover each of these topics in greater detail.<br />
By the time you finish reading you should have some pretty<br />
good ideas of how you can make your free software p<strong>ro</strong>ject<br />
more attractive to all of that untapped volunteer talent out<br />
there.<br />
Communicating your p<strong>ro</strong>ject’s vision<br />
32 Free Software Magazine Issue 9, November/December 2005<br />
You p<strong>ro</strong>bably understand your p<strong>ro</strong>ject’s vision better than<br />
anyone else, after all it’s your p<strong>ro</strong>ject and you designed it.<br />
But what about everyone else? Can the average free software<br />
user look at your p<strong>ro</strong>ject and think, “I know what this<br />
p<strong>ro</strong>ject is about and where it wants to be a year f<strong>ro</strong>m now”?<br />
Chances are you’ve gotten so wrapped up in writing code<br />
and releasing patches that you forgot about communicating<br />
your p<strong>ro</strong>ject’s big picture view. If people don’t know where<br />
the p<strong>ro</strong>ject is going they won’t know how to help it get there.<br />
Your p<strong>ro</strong>ject needs a vision.<br />
Now, if you are saying to yourself “I’m a coder, not a management<br />
guru”, and wondering how to tackle this vision<br />
stuff, don’t worry. Start by looking at some of the popular<br />
free software p<strong>ro</strong>jects on the internet to get some ideas.<br />
Most of them will have an “about” section on their web site<br />
that communicates the big picture view in a mission statement.<br />
Take OpenOffice.org as an example. Their mission is<br />
“To create, as a community, the leading international office<br />
suite that will run on all major platforms and p<strong>ro</strong>vide access<br />
to all functionality and data th<strong>ro</strong>ugh open-component based
APIs and an XML-based file format”. That one sentence<br />
sums up the goals of the entire p<strong>ro</strong>ject.<br />
Your p<strong>ro</strong>ject may not be as monumental as OpenOffice.org,<br />
but you can still have a mission statement. Keep it short<br />
and to the point and remember that you’re not describing<br />
the state of your p<strong>ro</strong>ject as it is today, but rather where it is<br />
going to be when all the work is finished.<br />
Say, for example, that you are working on a killer freesoftware<br />
recipe management system. Your p<strong>ro</strong>ject already<br />
has a nice looking web b<strong>ro</strong>wser interface and a really powerful<br />
database back-end. But, it would be a lot better if it could<br />
read recipe files f<strong>ro</strong>m other, p<strong>ro</strong>prietary recipe management<br />
software packages. The vision for this p<strong>ro</strong>ject might be<br />
summed up as “To build a powerful, free, web-based recipe<br />
management system that is able to import files f<strong>ro</strong>m the popular<br />
p<strong>ro</strong>prietary recipe management p<strong>ro</strong>grams”. Now that<br />
wasn’t too difficult was it?<br />
Identifying goals and tasks<br />
Creating a vision for your p<strong>ro</strong>ject is similar to deciding<br />
where to go on vacation. You might know that you want<br />
to end up on a sunny beach with a cool drink in your hand,<br />
but you still have to figure out how you’re going to get there.<br />
Do you fly or drive? If you drive, where will you stop for<br />
lunch? Do you need to book a hotel? Free software p<strong>ro</strong>jects<br />
have similar questions that need to be addressed. To answer<br />
these questions you need to set some goals.<br />
Start by breaking your p<strong>ro</strong>ject into its major components.<br />
For example, if your p<strong>ro</strong>ject’s vision is “to build a free,<br />
web-based recipe management system that is able to import<br />
files f<strong>ro</strong>m the popular p<strong>ro</strong>prietary recipe management<br />
p<strong>ro</strong>grams”, you could set goals as follows:<br />
• Create an easy to understand user interface with<br />
HTML/PHP<br />
• Build an efficient database back-end<br />
• Write code to import recipe files f<strong>ro</strong>m other p<strong>ro</strong>grams<br />
If you’ve already put some work into the p<strong>ro</strong>ject there may<br />
only be a few items that need attention. These items can be<br />
identified and recorded as specific tasks. Suppose that you<br />
are happy with the look and feel of the b<strong>ro</strong>wser interface<br />
for your recipe manager, but it’s marked up with HTML 3.2<br />
and really should be updated to XHTML. So the only thing<br />
MIND SET<br />
preventing you f<strong>ro</strong>m completing the goal of creating an easy<br />
to understand user interface is the fact that your HTML is<br />
outdated. Congratulations, you have just identified a task.<br />
Record this task and continue looking at the other goals to<br />
identify more tasks. Another goal you’ve stated is to be<br />
able to import recipe files f<strong>ro</strong>m other p<strong>ro</strong>grams. This can<br />
comprise several tasks such as the following:<br />
• Write code to convert Meal Master file format into native<br />
file format<br />
• Write code to convert AccuChef file format into native<br />
file format<br />
• Write code to convert RecipeBook-XML into native<br />
file format<br />
Continue the p<strong>ro</strong>cess of examining goals and picking out<br />
tasks until you have identified all of the significant tasks for<br />
the p<strong>ro</strong>ject.<br />
Creating job descriptions<br />
Now that you have identified a number of tasks that need to<br />
be completed it’s time to find someone to help you work on<br />
them. Think about each task for a moment. Is it a one-time<br />
thing or is it on-going? How long will it take to complete<br />
the task? Can it be accomplished by one person or will it<br />
take several? Answering these questions will help form the<br />
basis of the job description for a person who would perform<br />
the task. Posting these job descriptions on your p<strong>ro</strong>ject’s<br />
web site will help you recruit the right people to get the task<br />
finished.<br />
Several major free software p<strong>ro</strong>jects have a “tasks” or “todo”<br />
section on their web site that can be used to get an idea<br />
of how to structure a job description. The format is largely<br />
a matter of preference, but be sure to include basic who,<br />
what, where, when, why and how information in the job<br />
description. Who is the type of person to successfully complete<br />
this task? What exactly are they working on? Where<br />
do they submit the finished work? When does it need to<br />
be finished? How should they go about working on this?<br />
Including this information ensures that the volunteer working<br />
on your p<strong>ro</strong>ject knows what is expected to get the task<br />
finished.<br />
Take the example of updating the HTML 3.2 mark-up to<br />
XHTML. You could do this yourself, because you consider<br />
Free Software Magazine Issue 9, November/December 2005 33
yourself to be an HTML guru, but unfortunately you just<br />
don’t have the time. So you need to find another HTML<br />
guru to help you. Congratulations you’ve just identified<br />
the “who” portion of your job description. You need “an<br />
XHTML Guru”. Continuing on with the what, where, and<br />
how you might end up with the following simple job description:<br />
XHTML Guru needed to update HTML 3.2 mark-up for<br />
a web-based recipe management system. App<strong>ro</strong>ximately<br />
300 lines of mark-up need updating. Use of vi editor is a<br />
must. Please contact admin@free-recipe-p<strong>ro</strong>ject.com if interested.<br />
Now if you are paying attention you may have noticed that<br />
the question of “why?” was skipped. That’s because “why?”<br />
is often the hardest question to answer. There are only<br />
twenty-four hours in a day and most people seem to need<br />
about twenty-five. If time is so scarce why should people<br />
give it to you for free? Think about that when you answer<br />
the “why?” question.<br />
Enticing others to join your vision<br />
There are many reasons that people volunteer to work on<br />
free software p<strong>ro</strong>jects. Some people like the challenge or<br />
want to build their skills, others feel obligated to give something<br />
back to the community and some simply want to see<br />
their name associated with a great free software p<strong>ro</strong>ject.<br />
When asking people to volunteer their time to your p<strong>ro</strong>ject,<br />
make sure they know that they will get something back in<br />
return for their efforts. It is easier to describe concrete benefits<br />
so concentrate on them rather than the abstract ideas,<br />
like giving something back to the community. Make the<br />
benefits of volunteering part of the job descriptions.<br />
Take another look at the job description that was created<br />
for XHTML Guru and think about the “why?” question.<br />
Why would someone want to volunteer to update HTML<br />
3.2 to XHTML? It doesn’t sound particularly glamo<strong>ro</strong>us.<br />
But, what about someone who is a student en<strong>ro</strong>lled in a<br />
web development class? This type of volunteer job might<br />
sound like a good opportunity for a class p<strong>ro</strong>ject or as a resume<br />
builder. Thinking about things f<strong>ro</strong>m the volunteer’s<br />
perspective can help you make your job descriptions more<br />
attractive. Take a look at the XHTML Guru job description<br />
with this new information added.<br />
MIND SET<br />
Looking to gain some experience as a web designer? The<br />
Free Recipe P<strong>ro</strong>ject is looking for an XHTML Guru to update<br />
HTML 3.2 mark-up for a web-based recipe management<br />
system. App<strong>ro</strong>ximately 300 lines of mark-up need<br />
updating. Use of vi editor is a must. Please contact<br />
admin@free-recipe-p<strong>ro</strong>ject.com if interested.<br />
Putting it into practice<br />
Now that you’ve had a crash course in recruiting volunteers<br />
take some time to apply this information to your own free<br />
software p<strong>ro</strong>ject. Take a break f<strong>ro</strong>m coding and think about<br />
the big picture for a while. Where do you want your p<strong>ro</strong>ject<br />
to be in a year f<strong>ro</strong>m now? What are the major pieces of<br />
the p<strong>ro</strong>ject. What specific tasks need to be addressed so<br />
these major pieces can be completed. Who has the skills<br />
that are required to get these tasks done? How will you<br />
show appreciation to the people who help you? Now record<br />
this information where everyone can see it. If your p<strong>ro</strong>ject<br />
has a web site use it as a volunteer recruiting and recognition<br />
tool. Add your p<strong>ro</strong>ject’s vision to the top of the main web<br />
page. Create a “help wanted” page to list job descriptions<br />
for tasks that need to be finished. And make sure you create<br />
a “thank you” page recognizing all of the people who have<br />
volunteered their time to help you advance the p<strong>ro</strong>ject.<br />
Copyright information<br />
c○ 2005 David Horton<br />
This article is made available under the “Attribution-<br />
Share-alike” Creative Commons License 2.0 available f<strong>ro</strong>m<br />
http://creativecommons.org/licenses/by-sa/2.0/.<br />
About the author<br />
34 Free Software Magazine Issue 9, November/December 2005<br />
David Horton got started with GNU/Linux in 1996<br />
when he needed a way to share a single dial-up internet<br />
connection with his college <strong>ro</strong>om-mates. He found the<br />
solution he needed with an early version of Slackware<br />
and a copy of the PPP-HOWTO f<strong>ro</strong>m The Linux Documentation<br />
P<strong>ro</strong>ject. Almost ten years later he is older<br />
and wiser and still hooked on GNU/Linux. He is also<br />
the author of The Pocket Linux Guide available f<strong>ro</strong>m<br />
The Linux Documentation P<strong>ro</strong>ject and his own website<br />
(www.happy-monkey.net).
Does free software make sense<br />
for your enterprise?<br />
Finding free software at your office is like finding a Republican<br />
in San Francisco<br />
Tom Jackiewicz<br />
“D<br />
ude, I can, like, totally do that way<br />
cheaper with Linux and stuff.”<br />
These were the words of a bearded<br />
geek running Linux on his digital<br />
watch. As he p<strong>ro</strong>ceeded to cut and patch alpha code into<br />
the Linux kernel running on the p<strong>ro</strong>duction database system,<br />
the manager watched on in admiration. Six months<br />
later, long after the young hacker decided to move into a<br />
commune in the Santa Cruz hills, something b<strong>ro</strong>ke. Was it<br />
really “way” cheaper?<br />
Nostalgia and first impressions<br />
I remember the first time I actually opened up a Sun server<br />
after years of using them remotely. Coming f<strong>ro</strong>m a backg<strong>ro</strong>und<br />
of PC-based hardware (that were somehow deemed<br />
servers), it was a memorable moment. Some obsessivecompulsive<br />
engineer with an eye for detail had obviously<br />
spent countless hours making sure that the 2-inch gap between<br />
a hard drive and an interface port was filled with<br />
(gasp!) a 2-inch cable. Each wire was color-coded, the app<strong>ro</strong>priate<br />
length, and carefully held down with ties and widgets<br />
to ensure that they never got in the way. Each server I<br />
opened was configured the exact same way, and each component<br />
matched—down to the screws (which were custom<br />
fitted and just right). This was a far cry f<strong>ro</strong>m 9 foot 2-device<br />
IDE cable I got out of the junk drawer that was used to add<br />
a random hard drive held in place by duct tape. As the halo<br />
above the server lit up the <strong>ro</strong>om, I was suddenly struck with<br />
The SPARCstation 20, as beautiful as a <strong>ro</strong>se<br />
a justification for the hefty price tag for these magical machines.<br />
Quality.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
As the halo above the server lit up the<br />
<strong>ro</strong>om, I was suddenly struck with a<br />
justification for the hefty price tag for<br />
these magical machines<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
The same quality cont<strong>ro</strong>l that went into the server packing<br />
went into the hardware. Sure, I couldn’t connect my Colorado<br />
tape drive, digital camera, or latest toy to the back<br />
of these servers as I could to the PC, or use a really cheap<br />
hard drive created by some no-name vendor, but all the supported<br />
hardware that I actually did connect was cont<strong>ro</strong>lled<br />
by a perfect driver and was carefully integrated into the operating<br />
system. It all just worked. Magically. If it was on<br />
the support list, you knew that some team of detail-oriented<br />
engineers took care to make sure that there were no flaws.<br />
Someone had to pay for all of this, hence the hefty price<br />
tags, but I knew that most of the servers that I was running<br />
Free Software Magazine Issue 9, November/December 2005 35
my mission critical applications on were deployed when I<br />
was in diapers. Baby diapers, not the diapers that people<br />
who remember this type of quality are wearing today—or<br />
the ones I’ll be wearing when these servers finally crash.<br />
The alternatives to Sun Mic<strong>ro</strong>systems, IBM, Solaris, AIX,<br />
HP, HP/UX and all of the other commercial software running<br />
on p<strong>ro</strong>prietary hardware were untested. Linux was in<br />
its infancy and focused on desktops and attempted to support<br />
everything you plugged into it. It was a time of instant<br />
gratification and first to market that was necessary for it to<br />
gain acceptance in the desktop world. If a digital camera<br />
worked in Windows, the Linux community had better jump<br />
on p<strong>ro</strong>viding support for it in their world. This led to terrible<br />
drives, kernels with goto statements and functions with<br />
the comments “Uhm, we’ll get to this later. Return 0 for<br />
now”. This led to instability when these systems were used<br />
as servers. The BSD community, while p<strong>ro</strong>viding more stable<br />
software, wasn’t seen as sexy and didn’t gain as much<br />
acceptance. FreeBSD, NetBSD and OpenBSD were “theoretical”<br />
operating systems that were coded well but weren’t<br />
supported enough to p<strong>ro</strong>vide integration with some of the<br />
more common components in use in current infrastructures.<br />
Additionally, more focus within the BSD community was<br />
spent on ensuring software was functional (and up to standards)<br />
than pretty—which led to a lack of usable interfaces.<br />
This gap seemed to p<strong>ro</strong>pel commercial software more and<br />
more. They were well p<strong>ro</strong>grammed and the vendors had<br />
enough resources to cover usability and stability.<br />
When the engineers, system administrators, p<strong>ro</strong>grammers,<br />
and jack-of-all-trades geeks move and finally become managers<br />
(or are forced into the <strong>ro</strong>le), they remember these<br />
days. And they associate Sun Mic<strong>ro</strong>systems, IBM, and<br />
other giants with this type of quality. To them, the quality<br />
they first saw and admired is still a<strong>ro</strong>und today. Decisions<br />
on what to use is made by these new managers.<br />
Who runs this thing?<br />
Use of free software and alternatives to expensive p<strong>ro</strong>prietary<br />
hardware went crazy during the early days of the new<br />
AOL—err internet. Instead of the goal being stability and<br />
an infinite life, new companies were satisfied with getting<br />
something out quickly and, upon gaining venture capital or<br />
selling out, they could “move up”. The investment required<br />
for the commercial side was just too much for a fledgling<br />
MIND SET<br />
36 Free Software Magazine Issue 9, November/December 2005<br />
company. But as we all know, a temporary solution usually<br />
becomes a permanent part of your infrastructure. Even<br />
worse, a temporary solution in place until more funding is<br />
available will outlast the company CEO.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
But as we all know, a temporary solution<br />
usually becomes a permanent part of<br />
your infrastructure. Even worse, a<br />
temporary solution in place until more<br />
funding is available will outlast the<br />
company CEO<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Adding to the equation, the open source and the free software<br />
movements were g<strong>ro</strong>wing and the quality of the software<br />
was definitely increasing, p<strong>ro</strong>viding a reasonable solution<br />
that wouldn’t instantly crash.<br />
Unfortunately, the p<strong>ro</strong>blem facing management was responsibility<br />
and support. If there was a p<strong>ro</strong>blem with software<br />
written by a 16 year old kid in Finland, who was responsible.<br />
If an administrator walked in and deployed a quick<br />
solution to fix your immediate needs, who would support<br />
his undocumented idea when he left? As employees leave<br />
and are no longer expect to g<strong>ro</strong>w up with the company (especially<br />
during the years of high school age CEOs) as they<br />
once have been. A need for a redundant array of inexpensive<br />
administrators is created. The prerequisites for this need are<br />
an infrastructure that is supportable by many.<br />
Your free software based system running alpha drivers for<br />
that new array to save you 500 bucks? Gone, you’re the<br />
only one who can run it. Your sendmail infrastructure optimized<br />
to take advantage of inferior hardware using custom<br />
interfaces for account management? Gone, welcome the appliances.<br />
The need to have software and hardware maintainable by<br />
anyone with a base level of experience has replaced making<br />
the most of the hardware and software in your infrastructure.<br />
If the configurations aren’t default, the performance<br />
imp<strong>ro</strong>vement that you might be giving them with<br />
your take on things just won’t be cost effective. Look at<br />
it like blackmail or extortion. You walk into a company,<br />
“save” them hundreds of thousands of dollars on software,<br />
get them locked into your infrastructure, and then demand<br />
a huge raise just to keep it going because no one else can.<br />
By the time they’ve moved their operations towards your in-
frastructure, they can’t easily go back. I<strong>ro</strong>nically, the same<br />
came be said for commercial software—even those based on<br />
open standards. That one extra little feature that Mic<strong>ro</strong>soft<br />
has in their implementation of a p<strong>ro</strong>duct over the free software<br />
version will lock your company into using Mic<strong>ro</strong>soft<br />
p<strong>ro</strong>ducts for all eternity. At the same time, your company<br />
will feel that they could easily move away and use any vendor<br />
before, hey, it’s an open standard!<br />
Consistency in p<strong>ro</strong>ject life cycles<br />
Ok, so I used a buzzword, but my head isn’t standing up<br />
into point. This matters. There are p<strong>ro</strong>cesses in place for<br />
development of software, quality assurance testing, and validation<br />
that happen before software reaches the customer.<br />
In the commercial realm, there are people paid to do some<br />
of the most boring tasks just to make sure they get it right.<br />
While 30 QA engineers aren’t necessarily going to be as<br />
good as a public user community, they are consistent in their<br />
operations and try to make sure that nothing slips th<strong>ro</strong>ugh<br />
the cracks. The user community will often test a few things<br />
here and there but won’t go th<strong>ro</strong>ugh the tedious tasks of<br />
making sure some of the most basic operations work with<br />
each subminor revision of code. If something is missed, the<br />
assumption is that someone else will find it and any potential<br />
p<strong>ro</strong>blems will be taken care of.<br />
These things are boring. But someone has to do it. F<strong>ro</strong>m the<br />
p<strong>ro</strong>gramming, QA, and other areas of software, each has a<br />
defined p<strong>ro</strong>cess that needs to be followed. The same is true<br />
for deployment within your infrastructure. What would you<br />
do to bring Postfix, which is amazing software, into the mix<br />
within your envi<strong>ro</strong>nment? Most people would take some<br />
of the old email infrastructure, validate a few things here<br />
and there (to make sure no users requiring the delivery of<br />
mail are missed). An old legacy host doesn’t speak well<br />
with your email gateways? Uh oh, you overlooked that. Important<br />
emails being inapp<strong>ro</strong>priately tagged as spam? My<br />
bad, sorry. These mistakes happen, and because these little<br />
things were overlooked in your haste to show off Postfix,<br />
someone is going to look bad.<br />
Try deploying any commercial package (especially with a<br />
support contract). All of the little caveats you run into will<br />
surely be documented by the vendor. A list of supported<br />
p<strong>ro</strong>ducts will also be given so you know which integration<br />
MIND SET<br />
Have a p<strong>ro</strong>blem? Blame sendmail.com, the commercial side<br />
efforts will require a bit of extra work or should remain<br />
pointed to an interim solution. And if all else fails. . .<br />
Who’s to blame?<br />
We’re a society of lawsuits and passing the buck. Slip and<br />
fall while running the w<strong>ro</strong>ng way on an escalator drunk?<br />
First thing someone will say is that there wasn’t a sign<br />
telling you not to do that. Sue someone for your own stupidity.<br />
Fall behind on a p<strong>ro</strong>ject and lose your bongus because<br />
of a bug in software f<strong>ro</strong>m a vendor? The threat of tarnishing<br />
their reputation lets you st<strong>ro</strong>ng arm them into giving you<br />
anything you want. Big or small, there’s someone on the<br />
other end of the software with a livelihood.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
The threat of tarnishing their reputation<br />
lets you st<strong>ro</strong>ng arm them into giving you<br />
anything you want. Big or small, there’s<br />
someone on the other end of the<br />
software with a livelihood<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
The only person to blame when free software fails is the person<br />
who deployed the software. But the person in charge of<br />
your organization can’t just say “Oh, that crazy Ted! He did<br />
it again!” and get away with it. Heads <strong>ro</strong>ll when something<br />
bad happens. If the bad thing is free software, the heads are<br />
internal. If the bad thing can be blamed on a vendor then<br />
more people within your organization are safe f<strong>ro</strong>m the axe.<br />
Companies all like it when there’s someone outside of the<br />
organization that can be blamed for a failure.<br />
Sun and other large vendors have teams of highly trained engineers<br />
ready to parachute into your company at a moment’s<br />
notice. All are trained consistently, all read f<strong>ro</strong>m the same<br />
handbook, and all can come in and give you 2080 hours of<br />
Free Software Magazine Issue 9, November/December 2005 37
work in a weekend just to get you up and running. Try doing<br />
that by bringing in the same people “trained” on free<br />
software. Each has their own idea on how to do things, no<br />
consistent sets of manuals, and, for the most part, all f<strong>ro</strong>m<br />
different companies. There isn’t a single source of gurus<br />
who know the same Linux implementation who can run out<br />
to help you when you’re in a bind.<br />
At the same time, a list of truly supported packages will<br />
be there. If you try to integrate a commercial package<br />
with something that isn’t supported, there are no guarantees.<br />
There’s no “It should work” here. These certifications by<br />
the vendor are often done after extensive testing f<strong>ro</strong>m both<br />
sides—the package being deployed and the package being<br />
integrated. These often leave you with an all-commercial<br />
envi<strong>ro</strong>nment as no one is going to have the time or money<br />
to make sure that something is going to work with the latest<br />
free software version of something. These things leave free<br />
software back a bit but make your management rest a little<br />
easier at night. After all, if Mic<strong>ro</strong>soft certifies something<br />
will work, it will, right?<br />
If you can’t beat ’em. . .<br />
The open source and the free software communities saw<br />
some of the same issues that I just ranted about on my p<strong>ro</strong>prietary<br />
soap box. Their response? Sendmail, so established<br />
a software that is has been the victim of a love-to-hate mentality,<br />
never had much competition in the commercial realm<br />
for much of its life. Eric Allman (father of sendmail) could<br />
have chosen to sit quiet and not do anything to further sendmail.<br />
Instead, he chose to create a commercial version of the<br />
software, offer support, and create an alternative to commercial<br />
email packages that were up and coming but not yet a<br />
threat. The end result was the same sendmail everyone was<br />
already running with the added aspect of accountability and<br />
MIND SET<br />
Check out sendmail.org, the original free version of the software<br />
a helping hand. This ended up being a good move because<br />
when the dot com boom happened, the former telemarketer<br />
turned “engineer” didn’t understand the new set of simpler<br />
m4 configuration mac<strong>ro</strong>s used within sendmail, let alone the<br />
ability to understand anything required more than 3 mouse<br />
clicks and a “Duh!”<br />
Apache, like Sendmail, has always had a stable following.<br />
It lived th<strong>ro</strong>ugh commercial pressure (though one can always<br />
question the legitimacy) of Netscape Commerce and<br />
Enterprise Servers, iPlanet, IIS, and a slew of poor quality<br />
commercial versions of their software. A foundation was<br />
started and an entire community grew to support each other<br />
and their relevant p<strong>ro</strong>jects. While there wasn’t necessarily<br />
someone on the other end of a phone line, there was an established<br />
g<strong>ro</strong>up, which your managers would have a hard<br />
time convincing you, would magically disappear.<br />
Sendmail and Apache moved away f<strong>ro</strong>m the unorganized<br />
efforts seen by the free software community when it was<br />
smaller and less significant. This gave them credibility and<br />
made some of their software a viable replacement for commercial<br />
p<strong>ro</strong>ducts.<br />
What can be done?<br />
38 Free Software Magazine Issue 9, November/December 2005<br />
What can you do about all of this, if anything? Don’t be the<br />
bearded geek I mentioned at the beginning of the article and<br />
put in some extra effort to make sure that what you deploy is<br />
supportable. Baby steps. You won’t win anyone over right<br />
away but when you deploy a free replacement for software,<br />
document the p<strong>ro</strong>cess, live by standards, and make sure that<br />
the life cycle of your p<strong>ro</strong>ject involves a significant amount<br />
of quality assurance, integration and inte<strong>ro</strong>perability testing.<br />
Put in the extra time to see what sorts of p<strong>ro</strong>cesses<br />
exist within your company and what will make everyone<br />
comfortable. Take the extra effort required to follow these
Check out apache.org, home of quality p<strong>ro</strong>jects near you<br />
p<strong>ro</strong>cedures. Not only will you earn respect, you might learn<br />
something, come up with a bug, and let management view<br />
your free software deployment in a better light. Don’t just<br />
“do it” and expect everything to work magically with your<br />
3am software install.<br />
The community as a whole should also spend time making<br />
sure that their software meets the requirements set by<br />
other vendors for inte<strong>ro</strong>perability. Software f<strong>ro</strong>m Sun and<br />
Mic<strong>ro</strong>soft have a strict set of guidelines before they’ll list a<br />
p<strong>ro</strong>duct as fully supported. While expensive, going th<strong>ro</strong>ugh<br />
the p<strong>ro</strong>cess of certifying free software as fully operable with<br />
commercial packages will give a big boost to the movement.<br />
One p<strong>ro</strong>blem area that people fall into is the latest and greatest<br />
upgrade cycle. The stability of a system goes down if<br />
you keep upgrading your kernel, libraries, and applications<br />
to the latest and greatest revision. There’s really no reason<br />
to fix something that isn’t b<strong>ro</strong>ken. In many envi<strong>ro</strong>nments,<br />
constantly upgrading libraries will cause components to fail.<br />
It will also cause custom code written by p<strong>ro</strong>grammers in<br />
your company to act different. The lack of backwards compatibility<br />
in some packages just doesn’t work in a p<strong>ro</strong>duction<br />
envi<strong>ro</strong>nment. Sure, these p<strong>ro</strong>blems exist in the commercial<br />
realm as well (and the hiccups are even worse) but<br />
those systems aren’t upgraded as often. A patch upgrade<br />
every 6 months or a year (with minor security updates in between)<br />
aren’t going to create as big a p<strong>ro</strong>blem as a weekly<br />
kernel upgrade just for the sake of a kernel upgrade. It might<br />
be boring to sit a<strong>ro</strong>und and wait while your office servers<br />
fall a few revisions back f<strong>ro</strong>m your desktop at home, but it’s<br />
worth it. Schedule significant system upgrades after testing<br />
in development envi<strong>ro</strong>nments (you know what those are,<br />
right?) for a while. Create integration envi<strong>ro</strong>nments so that<br />
MIND SET<br />
developers and application g<strong>ro</strong>ups can make sure their code<br />
is going to work with your p<strong>ro</strong>posed update. Stay behind<br />
the curve a little bit and let others find out bugs in the new<br />
code before you’re running it on a system that must be up<br />
99.9999% of the time.<br />
Discipline, p<strong>ro</strong>cess, and doing a few extra tedious tasks will<br />
give everyone a better impression of some of the solutions<br />
you’re p<strong>ro</strong>posing. Maybe, just maybe, quality software will<br />
catch up with the vendors. Maybe the smiles on their faces<br />
won’t be so big and their thinning bank accounts will make<br />
them realize that we should all work together to create better<br />
code and worry more about things that matter—not just the<br />
bottom line.<br />
Bibliography<br />
Jackiewicz, Tom “Deploying OpenLDAP”, Apress:2004<br />
Copyright information<br />
c○ 2004 Tom Jackiewicz<br />
Verbatim copying and distribution of this entire article is<br />
permitted in any medium without <strong>ro</strong>yalty p<strong>ro</strong>vided this notice<br />
is preserved.<br />
About the author<br />
Tom Jackiewicz is currently responsible for global<br />
LDAP and email architecture at a Fortune 100 company.<br />
Over the past 12 years, he worked on the email<br />
and LDAP capabilities of the Palm VII, helped architect<br />
many large scale ISPs servicing millions of active email<br />
users, and audited security for many Fortune 500 companies.<br />
Jackiewicz has held management, engineering,<br />
and consulting positions at Applied Materials, Moto<strong>ro</strong>la,<br />
and Winstar GoodNet. Jackiewicz has also published<br />
articles on network security and monitoring, IT<br />
infrastructure, Solaris, Linux, DNS, LDAP, and LDAP<br />
security. He lives in San Francisco’s Mission neighborhood,<br />
where he relies on public transportation and<br />
a bicycle to get himself to the office-fashionably late.<br />
He is the author of Deploying OpenLDAP, published<br />
by Apress in November 2004.<br />
Free Software Magazine Issue 9, November/December 2005 39
Free, open or p<strong>ro</strong>prietary?<br />
Philosophical differences in software licensing<br />
Tom Chance<br />
Software is a tool, a compilation of code that directs<br />
computer hardware, a p<strong>ro</strong>gram that empowers<br />
people to work more p<strong>ro</strong>ductively. Before<br />
Richard Stallman founded the GNU P<strong>ro</strong>ject,<br />
many outside of hacker communities would have reasonably<br />
asked: why on earth is the ethics of software distribution<br />
philosophically interesting? But by formalising hacker<br />
conventions, Stallman kickstarted a revolution in the industry<br />
that now raises p<strong>ro</strong>found questions about areas of<br />
philosophical interest, most notably p<strong>ro</strong>perty. However, the<br />
precise differences between Stallman’s conception of “free<br />
software”, the term “open source” and the alternative: “p<strong>ro</strong>prietary”<br />
are often confused. This article seeks to disentangle<br />
the issues and present a clear analysis of each app<strong>ro</strong>ach<br />
to software licensing.<br />
Before I jump in, I ought to make clear a few g<strong>ro</strong>und rules.<br />
First, by “philosophy” I mean more than “thinking about<br />
something”. By my use of the word, it would be nonsense<br />
to talk of “a philosophy of software engineering” when you<br />
really mean “an app<strong>ro</strong>ach to software engineering”. I want<br />
to go beyond the general beliefs and attitudes of each app<strong>ro</strong>ach,<br />
beyond their techniques. It is true that, in terms of<br />
their techniques, free software and open source mean the<br />
same thing, and so identical philosophical issues will arise<br />
f<strong>ro</strong>m their techniques. But the development methodologies<br />
(open sharing of code, many eyeballs finding and fixing<br />
bugs, etc.) were never an important part of Stallman’s free<br />
software philosophy. So instead of looking at their techniques,<br />
I will analyse their orientation (or goal), their logic<br />
(why they adopt their particular orientation and techniques)<br />
and the limits of the space in which they apply.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Free and open source app<strong>ro</strong>aches to<br />
software development may be identical,<br />
but their philosophies are radically<br />
different<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
P<strong>ro</strong>prietary software<br />
40 Free Software Magazine Issue 9, November/December 2005<br />
The orientation of p<strong>ro</strong>prietary software is to create good<br />
software. It’s that simple. Its techniques, f<strong>ro</strong>m a philosophical<br />
point of view, are similarly banal, involving various development<br />
methodologies and the application of copyright<br />
to both p<strong>ro</strong>tect the software f<strong>ro</strong>m outside interference and to<br />
p<strong>ro</strong>tect the financial interests of the authors.<br />
The logic behind this technique is, its p<strong>ro</strong>ponents tell us, in<br />
the spirit of copyright: to reward the authors, and to p<strong>ro</strong>mote<br />
future creativity. However, since p<strong>ro</strong>pietary software<br />
may be released for free (freeware), the reward isn’t necessary.<br />
Given that both the free and open source app<strong>ro</strong>aches<br />
also allow for rewards, we have to discount this as being<br />
philosophically distinct to the p<strong>ro</strong>prietary app<strong>ro</strong>ach (though<br />
it is an open question for economists). Rather, the distinctive<br />
quality of p<strong>ro</strong>prietary software is that the source code<br />
is closed, making creation and modification the exclusive<br />
preserve of those to whom the owner gives access.
“data cloud”, by Campbell Orme. Released under the Creative<br />
Commons Attribution license<br />
This is closely related to the logic of copyright, which isn’t<br />
so clear. Traditionally p<strong>ro</strong>perty—including physical p<strong>ro</strong>perty—is<br />
defended in one of two ways: by reference to the<br />
inalienable right of the owner, or by reference to the benefits<br />
to society. In both cases, the crux of the argument is the<br />
justification of exclusion, such that the owner can exclude<br />
the public f<strong>ro</strong>m using the p<strong>ro</strong>perty as he or she chooses.<br />
For example, the English philosopher John Locke suggested<br />
that we have an inalienable right to own that which we have<br />
worked on. His argument was “not that the existence of private<br />
p<strong>ro</strong>perty serves the public good, but rather that rights<br />
of private p<strong>ro</strong>perty are among the rights that men bring with<br />
them into political society and for whose p<strong>ro</strong>tection political<br />
society is set-up” (Waldon, 1998: 137). Locke went on<br />
to explain how we can come to own physical objects such<br />
as land that were previously in the commons. By mixing<br />
our labour with that which nobody owns, we come to own<br />
that part of commons (Locke, 2003). In the context of soft-<br />
MIND SET<br />
ware, by mixing my work with ideas that I discover, I come<br />
to own the result; the commons can be thought of as containing<br />
undiscovered ideas, and ideas that are given by their<br />
creators to the commons, such as p<strong>ro</strong>gramming languages<br />
and techniques.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Locke suggested that we owned<br />
ourselves, and so we could own those<br />
objects that we mix our labour<br />
(ourselves) with<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Of course in this context, Locke’s argument faces a p<strong>ro</strong>blem:<br />
in mixing my own ideas with those of others’, I am not<br />
taking their ideas away in the same way that I might remove<br />
land f<strong>ro</strong>m the commons by cultivating it and consequently<br />
claiming it as my own. This is because ideas aren’t rival<strong>ro</strong>us<br />
or scarce, meaning that an infinite number of people<br />
could use the idea without reducing its utility. So there is<br />
no need for me to extend ownership over an idea if I can<br />
gain the same utility f<strong>ro</strong>m it in the commons. Furthermore,<br />
because software builds upon the commons and upon ideas<br />
f<strong>ro</strong>m other software, it is difficult to say in what sense you<br />
created a piece of software. If I write a classic “hello world”<br />
script in Python, should I be able to own that nugget of information<br />
held on my hard drive and exclude others f<strong>ro</strong>m<br />
it? Should I be able to own the idea itself, excluding others<br />
f<strong>ro</strong>m writing “hello world” scripts in Python? With large<br />
p<strong>ro</strong>grams like OpenOffice.org it is slightly more clear that<br />
there is a significant amount of innovation and labour in the<br />
code, but the p<strong>ro</strong>blem remains.<br />
The impracticality of this technique suggests the necessity<br />
for a different logic, that of copyright as a bargain for the<br />
public good. According to this argument, the public benefits<br />
f<strong>ro</strong>m the creation of software, but authors can develop<br />
software better if they can cont<strong>ro</strong>l access to the source code,<br />
whether for financial reasons or some other, and they can<br />
dictate the terms upon which the software is used and distributed.<br />
The latter point, however, doesn’t apply to freeware, where<br />
the author employs the techniques of p<strong>ro</strong>prietary software<br />
without seeking financial reward and without restricting the<br />
public’s rights of redistribution. To explain this, one must<br />
explore one other aspect of the logic of p<strong>ro</strong>prietary software,<br />
that of p<strong>ro</strong>ducer and consumer.<br />
Free Software Magazine Issue 9, November/December 2005 41
The user passively consumes the software, and though it<br />
may well enable creativity, the software itself is an unchangeable<br />
commodity. This isn’t true of any other kind of<br />
p<strong>ro</strong>perty; all physical objects are only limited in their mutability<br />
by the technical expertise of the owner. Therefore,<br />
uniquely the relationship between p<strong>ro</strong>ducer and consumer<br />
in this context allows no opportunities for p<strong>ro</strong>ductive community,<br />
be it hobbyist’s clubs or businesses that will modify<br />
the software, except where the author steps outside of the<br />
p<strong>ro</strong>prietary norm and gives special access to the source code<br />
to particular individuals or g<strong>ro</strong>ups.<br />
Open source software<br />
The orientation of open source software is described by the<br />
Open Source Initiative as p<strong>ro</strong>ducing good software. The<br />
definition of open source software is given in relation to<br />
p<strong>ro</strong>prietary software, comparing the techniques in terms of<br />
development methodologies and copyright licensing terms.<br />
It is the techniques that set the two app<strong>ro</strong>aches apart, not<br />
least because open source software rejects the main premise<br />
of p<strong>ro</strong>prietary software licensing—that it is better to restrict<br />
access to the source code. The logic for this difference, according<br />
to the OSI, is that “when p<strong>ro</strong>grammers can read,<br />
redistribute, and modify the source code for a piece of software,<br />
the software evolves. People imp<strong>ro</strong>ve it, people adapt<br />
it, people fix bugs. And this can happen at a speed that, if<br />
one is used to the slow pace of conventional software development,<br />
seems astonishing.” (OSI, 2004a)<br />
This is achieved by subverting the traditional licensing of<br />
copyrighted works, specifically granting the right to use,<br />
modify and distribute the software to all who would take<br />
the opportunity. The logic behind this subversion is that it<br />
should result in better software. The open source app<strong>ro</strong>ach<br />
therefore subscribes to the same philosophical justification<br />
of p<strong>ro</strong>perty in the software context as the p<strong>ro</strong>prietary app<strong>ro</strong>ach,<br />
namely that being able to own the software serves<br />
the public good. If this seems paradoxical—that society’s<br />
ability to modify the software depends upon the author(s)<br />
owning the software—it is because an author could release<br />
software into the public domain without the source code,<br />
and be under no compulsion to do so upon request, in effect<br />
releasing p<strong>ro</strong>prietary software. The technique of open<br />
source is subversive because it abuses the technique of p<strong>ro</strong>prietary<br />
software to renounce its logic.<br />
MIND SET<br />
42 Free Software Magazine Issue 9, November/December 2005<br />
Open source advocates rely on “economic self-interest arguments”<br />
without recourse to “moral crusades” and “ideological<br />
tub-thumping” (OSI, 2004d). In other words, open<br />
source as an app<strong>ro</strong>ach explicitly avoids making itself philosophically<br />
distinct f<strong>ro</strong>m p<strong>ro</strong>prietary software and any other<br />
intellectual p<strong>ro</strong>perty regime. Eric Raymond, a leading open<br />
source advocate, even tries to fit open source into Locke’s<br />
app<strong>ro</strong>ach to p<strong>ro</strong>perty. Locke suggested that p<strong>ro</strong>perty rights,<br />
based upon mixing one’s labour with some part of the commons,<br />
only hold if the object of ownership is plentiful and<br />
p<strong>ro</strong>motes the public good. So Raymond says that, if we<br />
open the source code and forbid restrictions upon use, modification<br />
and distribution, we will increase the yield of useful<br />
work p<strong>ro</strong>duced, and thus further the public good better than<br />
if we followed the p<strong>ro</strong>prietary app<strong>ro</strong>ach. Restricting access<br />
to the p<strong>ro</strong>gram and its source code unreasonably abridges<br />
our access to a potentially infinite resource.<br />
On these limited terms there can be no philosophical difference<br />
between the two app<strong>ro</strong>aches; both are based upon<br />
a particular application of copyright being the best way to<br />
p<strong>ro</strong>duce good software. Even in the Open Source Definition,<br />
logic such as “no discrimination against persons or<br />
g<strong>ro</strong>ups”, which seems at odds with the logic and orientation<br />
of p<strong>ro</strong>prietary software, are explained in relation to their capacity<br />
to “to get the maximum benefit f<strong>ro</strong>m the p<strong>ro</strong>cess”,<br />
where a benefit is defined as the p<strong>ro</strong>duction of more good<br />
software (OSI, 2004b).<br />
On community verses the p<strong>ro</strong>ducer-consumer model, open<br />
source advocates are a little more confusing. On the one<br />
hand, they claim that they are “p<strong>ro</strong>moting the Open Source<br />
Definition for the good of the community” (OSI, 2004a)<br />
and on the other hand they claim to p<strong>ro</strong>mote the definition<br />
on “pragmatic, business-case g<strong>ro</strong>unds” (OSI, 2004c). As<br />
with the open source app<strong>ro</strong>ach to p<strong>ro</strong>perty, this is because<br />
the community is recognised as the basis of the app<strong>ro</strong>ach’s<br />
pragmatic advantage over the p<strong>ro</strong>prietary app<strong>ro</strong>ach. This<br />
has the interesting consequence that communities are only<br />
important if they contribute to the software, meaning that<br />
end-users who p<strong>ro</strong>vide no input (whether it be code, documentation,<br />
money, etc.) are unimportant.<br />
The Open Source Initiative maintains three central advocacy<br />
documents: one for hackers, one for customers, and one for<br />
businesses (both those p<strong>ro</strong>ducing and consuming software)<br />
(OSI 2004e; OSI 2004f; OSI 2004g). Their app<strong>ro</strong>ach maintains<br />
the p<strong>ro</strong>ducer-consumer relationship, because the limits
data cloud 002, by Campbell Orme. Released under the Creative<br />
Commons Attribution license<br />
of its space encompass only those that can contribute to the<br />
development p<strong>ro</strong>cess. Non-paying customers aren’t stopped<br />
f<strong>ro</strong>m moving into the “p<strong>ro</strong>ducer space” in the same way that<br />
p<strong>ro</strong>prietary licenses do, and they’re not restricted in their use<br />
of the p<strong>ro</strong>duct, but neither are they afforded any more importance<br />
than customers of p<strong>ro</strong>prietary software.<br />
To summarise, the open source “philosophy” is philosophically<br />
similar to the p<strong>ro</strong>prietary app<strong>ro</strong>ach, because they both<br />
emphasise techniques that p<strong>ro</strong>duce more high quality software.<br />
Their logic is subtlely different, their techniques radically<br />
so, and the limits of the space in which the open source<br />
app<strong>ro</strong>ach operates are slightly wider. But their orientations,<br />
and therefore their overall app<strong>ro</strong>ach to questions of p<strong>ro</strong>perty<br />
and community, are identical.<br />
MIND SET<br />
Free software<br />
The orientation of free software is to create good software<br />
that p<strong>ro</strong>vides certain socially useful freedoms. It is defined<br />
in terms of “liberty not price”, a frame of reference<br />
entirely absent f<strong>ro</strong>m both the p<strong>ro</strong>prietary and open source<br />
app<strong>ro</strong>aches. And crucially it is defined as an ethical orientation,<br />
not a pragmatic orientation (Stallman, 1992, 1994).<br />
According to the Free Software Foundation, the orientation<br />
is related to four kinds of freedom (FSF, 2004a):<br />
• The freedom to run the p<strong>ro</strong>gram, for any purpose (freedom<br />
0).<br />
• The freedom to study how the p<strong>ro</strong>gram works, and<br />
adapt it to your needs (freedom 1). Access to the<br />
source code is a precondition for this.<br />
• The freedom to redistribute copies so you can help<br />
your neighbour (freedom 2).<br />
• The freedom to imp<strong>ro</strong>ve the p<strong>ro</strong>gram, and release your<br />
imp<strong>ro</strong>vements to the public, so that the whole community<br />
benefits (freedom 3). Access to the source code is<br />
a precondition for this.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Free software advocates reject the<br />
orientation and logic of both p<strong>ro</strong>prietary<br />
and open source app<strong>ro</strong>aches<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
The free software app<strong>ro</strong>ach achieves this with exactly the<br />
same techniques as the open source app<strong>ro</strong>ach: a range of<br />
software development methodologies based upon the free<br />
redistribution of the source code, made possible by the subversion<br />
of copyright th<strong>ro</strong>ugh licensing. As Eric Raymond<br />
says, “the software, the technology, the developers, and<br />
even the licenses are essentially the same. The only thing<br />
that differs is the attitude” (Engel, 2004).<br />
But the logic that connects these techniques to the “freedom<br />
orientation” is quite different to the open source app<strong>ro</strong>ach.<br />
To begin with, the free software app<strong>ro</strong>ach renounces the<br />
concept of software ownership. Software ownership is unethical,<br />
the leading figure of the free software movement<br />
Richard Stallman often declares. In contrast to Raymond’s<br />
omission of natural p<strong>ro</strong>perty rights in his attempt to lend a<br />
Lockean justification to p<strong>ro</strong>perty, Stallman explicitly rejects<br />
Free Software Magazine Issue 9, November/December 2005 43
this notion, though without reference to Locke or any other<br />
natural right theorists. Rather, in typical American style,<br />
he uses the position of the US constitution, which describes<br />
the copyright bargain, as precedent for his position. P<strong>ro</strong>perty<br />
rights, he asserts, require a social justification and in the<br />
case of software there can be no such justification, therefore<br />
ownership of p<strong>ro</strong>perty is unethical (Stallman, 1992).<br />
Though, as with open source, this logic concerns itself with<br />
socially justified p<strong>ro</strong>perty rights, Stallman judges the social<br />
justification upon g<strong>ro</strong>unds of the impact on the freedom of<br />
society rather than on the quality or quantity of software<br />
p<strong>ro</strong>duced. He p<strong>ro</strong>ceeds on a basis of comparative harm,<br />
asking if the harms resulting f<strong>ro</strong>m the restrictions advocated<br />
by the p<strong>ro</strong>prietary app<strong>ro</strong>ach outweigh the harms resulting<br />
f<strong>ro</strong>m the freedoms advocated by the free software<br />
app<strong>ro</strong>ach (Stallman, 1992), and advocates a kind of rule<br />
utilitarianism—a philosophical doctrine that creates ethical<br />
rules based upon maximising utility—that says: the (social)<br />
utility of always sharing software under a free license outweighs<br />
any harms, thus it is an ethical duty to always do<br />
so.<br />
This ethical bias is also present in the free app<strong>ro</strong>ach to the<br />
p<strong>ro</strong>ducer-consumer conflict. Stallman says that you “deserve<br />
to be able to cooperate openly and freely with other<br />
people who use software”, and he encourages “the spirit<br />
of voluntary cooperation” (Stallman, 1994). One can apply<br />
these and other related ideas to any information-based<br />
work, where the hacker mantra that “information should be<br />
free” can overcome unethical restrictions. Quite how far this<br />
goes is unclear. One could advocate a limited form of the<br />
free app<strong>ro</strong>ach and say that the limits of the space in which<br />
it holds only extend to the community of p<strong>ro</strong>ducers, as with<br />
the open source app<strong>ro</strong>ach. Or one could extend the “spirit<br />
of cooperation” to empower consumers to engage with the<br />
p<strong>ro</strong>ducers in a way that can’t be characterised as consuming.<br />
Communities who customise or localise their software like<br />
KDE-Farsi and GNOME-Bengali are good examples of how<br />
this might take place, as are communities and cooperatives<br />
that are set-up to manage the spread of free software, such<br />
as in Venezuela and Brazil (Chance, 2004). Users, who with<br />
p<strong>ro</strong>prietary software would have simply consumed the software,<br />
are able to use it in a community context, and in so doing<br />
develop new communties and strengthen existing ones<br />
not based a<strong>ro</strong>und software development, nor even necessarily<br />
software use (it may be an ancillary concern for the com-<br />
MIND SET<br />
44 Free Software Magazine Issue 9, November/December 2005<br />
“fields and fields” by Campbell Orme. Released under the Creative<br />
Commons Attribution license<br />
munity). These activities are distinctive f<strong>ro</strong>m the normal<br />
p<strong>ro</strong>ductive cycle that the open source app<strong>ro</strong>ach endorses<br />
because they may often only benefit communities that are<br />
seperate f<strong>ro</strong>m the wider ”open source community”; to put it<br />
crudely, the free software app<strong>ro</strong>ach advocates universal empowerment<br />
and liberation, whilst the open source app<strong>ro</strong>ach<br />
endorses the good of the community in terms of software<br />
p<strong>ro</strong>duction.<br />
In conclusion then, the free software app<strong>ro</strong>ach is philosophically<br />
distinctive because, in contrast to both the p<strong>ro</strong>prietary<br />
and open source app<strong>ro</strong>aches, it is based on an ethical claim<br />
about the absolute importance of social utility, and about<br />
the relative social utility of different legal and development<br />
techniques. The app<strong>ro</strong>ach rejects both natural rights and social<br />
bargain arguments for p<strong>ro</strong>perty in the software context,
and subverts copyright law to create a global commons of<br />
software. Notions of community and cooperation are also<br />
central to the app<strong>ro</strong>ach, both within the development community,<br />
amongst users, and between the two.<br />
The two faces of the same animal?<br />
Both the open source and free software app<strong>ro</strong>aches share<br />
the same techniques. Raymond was quite right when he<br />
said that the difference lay in their attitudes. The fact that<br />
most p<strong>ro</strong>jects share contributors who hold either the free<br />
software or open source “philosophy” lends weight to the<br />
idea that the two app<strong>ro</strong>aches are just different faces on the<br />
same beast.<br />
Whether or not you accept that conclusion depends on<br />
where your interests lie. Looking at it f<strong>ro</strong>m the framework<br />
of either app<strong>ro</strong>ach, it would seem that the important thing<br />
is to develop more software and, if you’re a freedom person,<br />
to do so in a way that doesn’t abridge our freedoms.<br />
F<strong>ro</strong>m either perspective, their shared techniques achieve the<br />
goal admirably; the installation of GNU/Linux I’m using to<br />
write this article demonstrates as much. However, both app<strong>ro</strong>aches<br />
have attracted the attention of many a thinker f<strong>ro</strong>m<br />
philosophy to economics, politics and law. For Marxists,<br />
the free software app<strong>ro</strong>ach represents a critical challenge<br />
to p<strong>ro</strong>perty regimes; for some economists both app<strong>ro</strong>aches<br />
represent an experiment in gift economies; for many a political<br />
theorist they both present opportunities for democracy,<br />
freedom, you name it.<br />
It’s safe to say that because the term “open source” was<br />
coined to capitalise on free software’s techniques in the<br />
business world, any thinker that leans upon the open source<br />
app<strong>ro</strong>ach will be fairly content with less radical changes<br />
within the space they study. Management theorists, for example,<br />
can be content with applying the open development<br />
methodologies to their own previously heirarchical theories.<br />
Despite differences in orientation, many free software advocates<br />
are just as reformist. But some advance more radical<br />
critiques of contemporary app<strong>ro</strong>aches to p<strong>ro</strong>perty, community<br />
and the p<strong>ro</strong>ducer-consumer relationship, bouyed by the<br />
ethical basis of Stallman’s position.<br />
At the start of this article I admonished people for talking<br />
about their “software philosophy” when they actually meant<br />
their non-philosophical thinking about software. It should<br />
now be clear what the difference is, and why people con-<br />
MIND SET<br />
fuse the two when looking at software p<strong>ro</strong>duction and licensing.<br />
Both app<strong>ro</strong>aches want to differentiate themselves<br />
f<strong>ro</strong>m the p<strong>ro</strong>prietary app<strong>ro</strong>ach; open source advocates refer<br />
to the set of techniques they advocate as the open source<br />
“philosophy” and free software advocates refer to the ethical<br />
orientation and logic they advocate as their “philosophy”.<br />
The word “philosophy” is being used in a different<br />
sense each time, masking their actual philosophical similarities<br />
and differences. This is harmless semantics, a quibble<br />
f<strong>ro</strong>m a philosopher, but underlying it are a range of questions<br />
that have been the bread and butter of philosophy for<br />
millennia. Long may they continue to plague our minds.<br />
Bibliography<br />
T. Chance (2004). In defense of free software, community,<br />
and cooperation (http://tom.acrewoods.<br />
net/writing/free-sw-community)<br />
Creative Commons (Date unknown). Frequently Asked<br />
Questions (http://creativecommons.org/faq)<br />
A. Engel (2004). Free as in Freedom - Part Two: New<br />
Linux (http://www.pressaction.com/news/<br />
weblog/full article/engel12122004), Press<br />
Action Web Site<br />
FSF (2004a). The Free Software Definition (http://<br />
www.fsf.org/philosophy/free-sw.html)<br />
J. Locke (2003). “Second Treatise of Government, in Locke:<br />
Two Treatise of Government”, ed. P. Laslett<br />
OSI (2004a). Open Source Initiative, Web Site (http://<br />
www.opensource.org)<br />
OSI (2004b). The Open Source Definition (http://www.<br />
opensource.org/docs/definition.php)<br />
OSI (2004c). History of the OSI (http://www.<br />
opensource.org/docs/history.php)<br />
OSI (2004d). Frequently Asked Questions (http://<br />
www.opensource.org/advocacy/faq.php)<br />
OSI (2004e). Open Source Case for Business<br />
(http://www.opensource.org/advocacy/<br />
case for business.php)<br />
Free Software Magazine Issue 9, November/December 2005 45
OSI (2004f). The Open Source Case for Customers<br />
(http://www.opensource.org/advocacy/<br />
case for customers.php)<br />
OSI (2004g). The Open Source Case for Hackers<br />
(http://www.opensource.org/advocacy/<br />
case for hackers.php)<br />
E. Raymond (1999). “The Cathedral & The Bazaar: Musings<br />
On Linux and Open Source by an Accidental Revolutionary”<br />
R. Stallman (2001). Free software: Freedom and<br />
Cooperation (http://www.fsf.org/events/<br />
rms-nyu-2001-transcript.txt)<br />
R. Stallman (1992). Why Software Should Be<br />
Free (http://www.fsf.org/philosophy/<br />
shouldbefree.html)<br />
R. Stallman (1994). Why Software Should Not Have<br />
Owners (http://www.fsf.org/philosophy/<br />
why-free.html)<br />
MIND SET<br />
J. Waldon (1988). “The Right to Private P<strong>ro</strong>perty”<br />
Copyright information<br />
c○ 2005 Tom Chance<br />
This article is made available under the “Attribution-<br />
NonCommercial” Creative Commons License 2.0 available<br />
f<strong>ro</strong>m http://creativecommons.org/licenses/by-nc/2.0/.<br />
About the author<br />
Tom Chance is a philosophy student, free software advocate<br />
and writer. He is the P<strong>ro</strong>ject Lead of Remix<br />
Reading (http://www.remixreading.org), the<br />
UK’s first localised Creative Commons p<strong>ro</strong>ject, and is<br />
involved with a range of activist g<strong>ro</strong>ups concerned with<br />
free culture. You can contact him via his web site<br />
(http://tom.acrewoods.net).
The will to code<br />
Nietzsche and free software<br />
David M. Berry Lee Evans<br />
“To refrain f<strong>ro</strong>m injury, f<strong>ro</strong>m violence, f<strong>ro</strong>m exploitation,<br />
and put one’s will on a par with that of others: this may<br />
result in a certain <strong>ro</strong>ugh sense in good conduct among individuals<br />
when the necessary conditions are given (namely,<br />
the actual similarity of the individuals in amount of force<br />
and degree of worth, and their co-relation within one organisation).<br />
As soon, however, as one wished to take this<br />
principle more generally, and if possible even as the fundamental<br />
principle of society, it would immediately disclose<br />
what it really is—namely, a Will to the denial of life, a principle<br />
of dissolution and decay”—Nietzsche, Beyond Good<br />
and Evil, §259<br />
Free software has been described by theorists<br />
such as Benkler (2002) as commons-based peerp<strong>ro</strong>duction.<br />
It is hailed for the revolutionary<br />
potentials inherent in its oft-described decentred,<br />
non-hierarchical and egalitarian (dis)organisation (e.g.<br />
Moglen 1999; Hardt & Negri 2004). However, in this paper<br />
we intend to see whether reading Nietzsche offers an alternative<br />
insight into the workings of free software p<strong>ro</strong>jects.<br />
In particular, an insight that starts f<strong>ro</strong>m a different point to<br />
that of an egalitarian theory and points, instead, to explanations<br />
that may cohere a<strong>ro</strong>und a coding aristocracy. Does an<br />
analysis that focuses on the will to power (or perhaps more<br />
accurately the will to code) p<strong>ro</strong>vide any explanatory value<br />
in understanding the extremely complex interactions and<br />
p<strong>ro</strong>cesses involved in software development within copyleft<br />
g<strong>ro</strong>ups? How might reading Nietzsche help us to question<br />
the morality instantiated in such software and associ-<br />
ated cultural p<strong>ro</strong>jects? This short article is a preliminary<br />
sketch of how we feel a reading of the practices of the free<br />
software movements could be usefully understood th<strong>ro</strong>ugh<br />
Nietzsche.<br />
In Beyond Good and Evil, On the Genealogy of Morals<br />
and elsewhere, Nietzsche examines the origins of “conventional”<br />
morality, claiming that prevailing ascriptions of the<br />
labels “good” and “evil” are the secularised legacy of Judeo-<br />
Christian “resentiment”. Ideals of compassion and neighbourliness,<br />
originating in the “slave” mentality of the oppressed<br />
and marginalised Jewry of antiquity have, th<strong>ro</strong>ugh<br />
the rise of Christianity, come to exert a pernicious sway over<br />
Eu<strong>ro</strong>pean morality and politics. Reflecting upon the 19th<br />
century Eu<strong>ro</strong>pean milieu, he argued that the democraticegalitarian<br />
impulse is not intrinsically “good” at all, but<br />
rather the p<strong>ro</strong>duct of an extended historical p<strong>ro</strong>cess of contest<br />
between aristocracy and slaves, rulers and ruled.<br />
But this genealogical analysis was not the endpoint of Nietzsche’s<br />
investigation. His work can be understood as an<br />
extended commentary upon, and dialogue with, this democratic<br />
impulse in which its core premise—that of the possibility<br />
and desirability of the drawing of moral and political<br />
equivalences between human beings—is subjected to normative<br />
(re)evaluation. Possibility, because in the concept of<br />
“will to power” he claimed that humans were fundamentally<br />
competitive rather than compassionate; desirability, because<br />
he forcefully claimed the implications for the health of the<br />
community of a moral complex which elevates facility to its<br />
central ethical core, was fundamentally deleterious.<br />
Free Software Magazine Issue 9, November/December 2005 47
“Will to Code 1”—art by Trine Bjørkmann Andreassen<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
In the first case it is clear that there is<br />
indeed an argument to be made for the<br />
existence of an upper tier of<br />
p<strong>ro</strong>grammers, self-selected and their<br />
authority legitimated by the claims to<br />
“hacker” status<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
The claim that the democratic egalitarian impulse is immoral<br />
makes for difficult reading, particularly in an age notable<br />
for its p<strong>ro</strong>selytising of choice, freedom and liberty. But<br />
in the spirit of “untimely meditation”—to think outside or<br />
against the times—it raises some pertinent questions about<br />
the form and consequences of morality instantiated in contemporary<br />
contestations over intellectual p<strong>ro</strong>perty regimes.<br />
The aristocratic moment in Nietzsche’s philosophy, where<br />
the majority exist to facilitate the pursuit of Beauty, Truth<br />
and Legacy by a select g<strong>ro</strong>up of ubermensch, is redolent<br />
of a hierarchical social form to which few would subscribe<br />
today. And yet, insofar as he sought to rethink the legitimating<br />
narratives of his day in such a way that the contestation<br />
of authority became p<strong>ro</strong>blematic for the “health”<br />
of the community rather than its salvation, we argue that it<br />
p<strong>ro</strong>vides an important corrective to uncritical, unreflexive<br />
assumptions that the morality inscribed in the free software<br />
moment is “good”. Indeed, reading Nietzsche calls on us<br />
to (re)consider how to understand and evaluate the moral<br />
MIND SET<br />
claims of the free software movement and its contributors<br />
in toto. So, for example, insofar as this movement accentuates<br />
the democratic-egalitarian impulse, do its members not<br />
inadvertently contribute to the ongoing enervation of the res<br />
publica in which they are located? Or, conversely, might<br />
they be understood as a code aristocracy which, in undertaking<br />
a “copyfight”, instantiate a p<strong>ro</strong>cess of self-overcoming<br />
though which the res publica is revitalised? And what moral<br />
judgement might we ourselves pass on them as a result?<br />
The morality of free software—a code<br />
aristocracy?<br />
48 Free Software Magazine Issue 9, November/December 2005<br />
Before passing moral judgement, then, a moral assessment<br />
of the free software p<strong>ro</strong>jects and contributions to them is<br />
required. This assessment has two dimensions: first, does<br />
the free software/open-source movement’s elite g<strong>ro</strong>up of<br />
individuals, such as Richard Stallman, Eric Raymond, Linus<br />
Torvalds, Alan Cox, Bruce Perens, Tim O’Reilly, Brian<br />
Behlendorf, Eben Moglen et al, amount to a Nietzschean<br />
coding aristocracy; and second, does the will to power represented<br />
by Stallman et al signify the refraction of a novel<br />
moral complex th<strong>ro</strong>ugh the social whole in which they are<br />
embedded, or are they merely (re)articulating more widely<br />
held and understood concepts of what counts as good and<br />
evil? What then is the morality instantiated in the free software<br />
movement by its contributors—the desire to “level” or<br />
the desire to lead?<br />
In the first case it is clear that there is indeed an argument to<br />
be made for the existence of an upper tier of p<strong>ro</strong>grammers,<br />
self-selected and their authority legitimated by the claims<br />
to “hacker” status. These hackers are often extremely p<strong>ro</strong>ductive<br />
and active in their coding activities, sometimes even<br />
having the title “benevolent dictator” bestowed upon them<br />
(Linus Torvalds being a notable example). They also feel<br />
free to p<strong>ro</strong>claim the morals and ethics of the communities<br />
they nominally claim to represent and sometimes take extremely<br />
cont<strong>ro</strong>versial positions and actions (e.g. the Torvalds<br />
bitkeeper debacle). Much research is underway in a<br />
number of disciplines to understand the free software and<br />
open-source movements but the empirical studies undertaken<br />
so far seem to point towards a large number of developers<br />
in these p<strong>ro</strong>jects but with a much smaller core<br />
cadre of p<strong>ro</strong>grammers who undertake the majority of the<br />
work. When it comes to discussing difficult issues, de-
cisions and future directions, those that have a “reputational”<br />
weight that can help to carry a particular position (of<br />
course, notwithstanding the dangers of “forking” and the<br />
need therefore to keep some semblance of consensus—or<br />
perhaps, more pessimistically, hegemony).<br />
Additionally, nobody can ignore the p<strong>ro</strong>clamations of individuals<br />
like Richard Stallman and Eric Raymond (whose<br />
cont<strong>ro</strong>versial and widely differing views on the ethics of<br />
these software communities we cannot go into here, see<br />
for example Berry 2004). But suffice to say that the two<br />
movements (i.e. free software and open-source) are important<br />
“nodal points” a<strong>ro</strong>und which discussions are often polarised.<br />
Here we concentrate particularly on the arguments<br />
made by those who support the position of the free software<br />
movement, as we believe that they can and should be<br />
separated f<strong>ro</strong>m the more individualistic and rational choice<br />
theory presented by the open-source community. Additionally,<br />
their explicitly moral and ethical claims allow us to<br />
examine their arguments within the framework we have discussed.<br />
We intend to return to the question of the opensource<br />
counter-claims in a later article.<br />
Secondly, although a Kantian notion of a categorical imperative<br />
seems to underlie the philosophical foundations of the<br />
position advocated by Richard Stallman (i.e. what is ethical<br />
for the individual must be generalisable to the community<br />
of coders), the nature of the language which is utilised by<br />
the Free Software Foundation (FSF), and Stallman in particular,<br />
draws on the benefits and importance to society as<br />
an original reading of the republican values of the US constitution.<br />
Separating a “free as in free speech” (i.e. libre)<br />
f<strong>ro</strong>m a “free as in free beer” (i.e. gratis) he argues forcefully<br />
against the dangers threatened th<strong>ro</strong>ugh the ownership and<br />
cont<strong>ro</strong>l of knowledge. He advocates a voluntaristic p<strong>ro</strong>ject<br />
that can counter the damaging constriction of human knowledge<br />
th<strong>ro</strong>ugh corporate or governmental cont<strong>ro</strong>l (i.e. the<br />
right to access code, tinker, use and reuse ideas and concepts).<br />
He is also remarkably active internationally, giving<br />
Zarathrusta-like warnings of the dangers f<strong>ro</strong>m the coming<br />
intellectual dark ages in presentations to governments, corporations<br />
and “civil society” organisations.<br />
A lone voice in the wilderness for many years, Stallman<br />
has had the last laugh, as all warnings regarding the enclosure<br />
and restrictions placed on knowledge th<strong>ro</strong>ugh intellectual<br />
p<strong>ro</strong>perty law (e.g. patents and copyright) have come to<br />
pass. Yet, during this time, although to a large degree dis-<br />
MIND SET<br />
tanced f<strong>ro</strong>m the wider community, he continued to (almost<br />
single-handedly) develop the most important tools necessary<br />
to build a philosophy and an operating system that remained<br />
outside of the private ownership of individuals (e.g.<br />
GNU). Indeed, it could be argued that the Free Software<br />
Foundation, which cont<strong>ro</strong>ls the development, is more akin<br />
to Res Universitatis than Res Privatae (i.e. it remains outside<br />
of private p<strong>ro</strong>perty as normally understood due to both<br />
its non-p<strong>ro</strong>fit status and the ingenious General Public License).<br />
However, in a cruel twist of fate it was left to a<br />
young Finnish student, Linus Torvalds, to write the essential<br />
core kernel, to name it “Linux”, and thus complete the<br />
system. Perhaps more surprisingly, Torvalds also demonstrated<br />
a political naivety and lack of appreciation of the<br />
underlying ethical and political p<strong>ro</strong>ject that made his work<br />
possible in the first place. It could even be argued that<br />
Torvalds apolitical technocratic mentality has aided Stallman’s<br />
critics and the open-source movement’s p<strong>ro</strong>ject of <st<strong>ro</strong>ng>depo</st<strong>ro</strong>ng>liticisation<br />
of free software rather than confirming Stallman’s<br />
prescient forecasts. Nonetheless, Stallman’s p<strong>ro</strong>ject<br />
of the GNU/Linux system has paid off in a global debate<br />
which has truly unforeseen consequences (witness for example<br />
the spectacle of a music industry finding itself for the<br />
first time on the w<strong>ro</strong>ng side of the argument against “the system”,<br />
appearing less a radical/p<strong>ro</strong>gressive force in tune with<br />
youth culture and more as corporate suits allied with the<br />
conservative hierarchy fighting file-sharing and peer2peer<br />
networks). The consequences of this p<strong>ro</strong>ject gradually revealing<br />
themselves: f<strong>ro</strong>m technical questions over software<br />
to the (always implicit but now increasingly evident) concerns<br />
with morality. . . sharing or p<strong>ro</strong>fit; our “right” to information<br />
against the private ownership of knowledge.<br />
Without regard for persons? Or, the res<br />
publica vs human beings<br />
In turning to Nietzsche we tread a familiar path in contemporary<br />
political thought. Such is the scope of his works that<br />
his texts have p<strong>ro</strong>vided a rich seam for thinkers during the<br />
past four decades or so. In fact, there has been no time since<br />
his death when he has not been a feature of the political<br />
terrain. And yet for all this attention to Nietzsche, the normative<br />
core of his political diagnoses is all too often elided,<br />
particularly where he has been mobilised to refine various<br />
schema—democracy, feminism and socialism—to which he<br />
Free Software Magazine Issue 9, November/December 2005 49
“Will to Code 2”—art by Trine Bjørkmann Andreassen<br />
was implacably opposed. To acknowledge the legitimacy<br />
of the method is one thing—his work is a resource to be<br />
played with. But we argue that to invoke Nietzsche it is necessary<br />
to recognise and engage with his emphatically antidemocratic<br />
injunctions. We are not advocating Nietzsche’s<br />
binary social distinction: our intention is not to recalibrate<br />
the aristocratic moment. But we are intrigued by the possibility<br />
of invoking his untimely challenge to the conviction<br />
that human beings can be the subject of moral evaluation<br />
qua human beings. That we might, in Nietzsche’s words, be<br />
able to undertake some form of “revaluation of values”.<br />
In this vein we suggest that it is not origins on which moral<br />
evaluation should be based, but on consequences. In an<br />
era in which social democracy’s pact with the market demands<br />
that citizen’s rights be balanced by “responsibilities”,<br />
and political philosophy continues its Sisyphian struggle<br />
to resolve the unresolvable—to p<strong>ro</strong>claim the ethos of<br />
community while retaining that lonely figure of the modern<br />
sovereign individual as its real ethical core—we wonder<br />
whether this revaluation might include re-consideration of<br />
the yardstick by which we judge moral agents. And to extend<br />
this line of thought, it might be possible to envisage<br />
a moral schema in which evaluation of a citizen be accomplished<br />
in terms of the service they perform to the community.<br />
In other words, that people be judged in terms of actions,<br />
and that actions be judged in terms not of their service<br />
to human beings qua human beings but to the social whole.<br />
In the free software world that hackers inhabit, participants<br />
MIND SET<br />
50 Free Software Magazine Issue 9, November/December 2005<br />
believe themselves to live in a meritocracy, where only the<br />
best p<strong>ro</strong>grammers rise th<strong>ro</strong>ugh the ranks to decide the rules<br />
of the game for others. But even here there are stark differences<br />
in how the contributions hackers make to a community<br />
might be judged: witness for example the different ethical<br />
standpoints of the free software versus the open-source<br />
movement (e.g. community based ethics against a form of<br />
selfish utility maximisation). It is also instructive to see how<br />
technological tools are developed by the hackers to discuss<br />
technical issues but also inevitably politics, economics and<br />
social issues (see for example slashdot.com for a good example).<br />
Yet key to a Nietzschean assessment of the morality<br />
of the free software movement is the establishment of a<br />
meta-morality that enables us to view its claims not oppositionally<br />
but historically: to p<strong>ro</strong>vide a basis for moving beyond<br />
evaluation of which is the “most good” to think anew<br />
about what is “good” in the first place.<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
How might reading Nietzsche help us to<br />
question the morality instantiated in such<br />
software and associated cultural<br />
p<strong>ro</strong>jects? This short article is a<br />
preliminary sketch of how we feel a<br />
reading of the practices of the free<br />
software movements could be usefully<br />
understood th<strong>ro</strong>ugh Nietzsche<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
If the defeat of old values creates nihilism, the task conf<strong>ro</strong>nting<br />
us is precisely not to place faith in our agency, to<br />
think that we can “build” our way out of the moral impasse<br />
(as might be implied by the moral topology of contemporary<br />
resistance/struggle). The subversion of the old values<br />
by their own call to truth does not mean that we now exist<br />
in a moral vacuum into which we can add our own p<strong>ro</strong>gressive<br />
morality (borne of countering authority, in this case in<br />
the form of IPRs). No, reading Nietzsche compels us to<br />
pause and consider anew the moral topography in which<br />
we are located and to which we all contribute. The task is<br />
not to innovate values th<strong>ro</strong>ugh our agency, but to think how<br />
we may contribute to a revaluation of values th<strong>ro</strong>ugh that<br />
agency—how we may help recalibrate the hierarchy of values.<br />
Not to make new morality but to refashion the existing<br />
one. Nietzsche then, calls upon us to question whether, in
this age of utterly unreflective indulgence of the democratic<br />
impulse, we might not serve ourselves, and our community<br />
better by pausing to think what we are doing.<br />
Bibliography<br />
Benkler, Y. (2002). Coase’s Penguin, or Linux and the Nature<br />
of the Firm. The Yale.<br />
Berry, D. M. (2004). The Contestation of Code: A Preliminary<br />
Investigation into the Discourse of the Free/Libre and<br />
Open Source Movement. Critical Discourse Studies, 1.1.<br />
Bull, M.(2000) Where is the Anti-Nietzsche?, New Left Review,<br />
3.<br />
Hardt, M., & Negri, A. (2004). Multitude : war and democracy<br />
in the age of Empire. New York: The Penguin Press.<br />
Moglen, E. (1999). Anarchism Triumphant: Free Software<br />
and the Death of Copyright. Retrieved 01/03/2003, f<strong>ro</strong>m<br />
http://www.firstmonday.org/issues/issue4 8/moglen/index.html<br />
Nietzsche, F. (1997). Beyond Good and Evil, Mineola:<br />
Dover Publications.<br />
Nietzsche, F. (1998). On the Genealogy of Morals: A<br />
Polemic, Oxford: Oxford University Press.<br />
Copyright information<br />
c○ 2005 David M. Berry, Lee Evans<br />
This article is made available under the “Attribution-<br />
Share-alike” Creative Commons License 2.0 available f<strong>ro</strong>m<br />
http://creativecommons.org/licenses/by-sa/2.0/.<br />
About the author<br />
David Berry is a researcher at the University of Sussex,<br />
UK and a member of the research collective The Libre<br />
Society (http://www.libresociety.org). He<br />
writes on issues sur<strong>ro</strong>unding intellectual p<strong>ro</strong>perty, immaterial<br />
labour, politics, free software and copyleft.<br />
Lee Evans is a doctoral student at the University of Sussex.<br />
He is currently working on theories of civil society<br />
and civic republicanism in International Relations.
What is code?<br />
A conversation with Deleuze, Guattari and code<br />
David M. Berry Jo Pawlik<br />
Code<br />
The two of us w<strong>ro</strong>te this article together. Since<br />
each of us was several, there was already quite<br />
a c<strong>ro</strong>wd. We have made use of everything that<br />
came within range, what was closest as well as<br />
farthest away. We have been aided, inspired multiplied [1].<br />
JP: Code is described as many things: it is a cultural logic,<br />
a machinic operation or a p<strong>ro</strong>cess that is unfolding. It is<br />
becoming, today’s hegemonic metaphor; inspiring quasisemiotic<br />
investigations within cultural and artistic practice<br />
(e.g. The Matrix). No-one leaves before it has set its mark<br />
on them. . .<br />
DB: Yes, it has become a narrative, a genre, a structural<br />
feature of contemporary society, an architecture for<br />
our technologically cont<strong>ro</strong>lled societies (e.g. Lessig) and<br />
a tool of technocracy and of capitalism and law (Ellul/Winner/Feenberg).<br />
It is both metaphor and reality, it<br />
serves as a translation between different discourses and<br />
spheres, DNA code, computer code, code as law, cultural<br />
code, aristocratic code, encrypted code (Latour).<br />
JP: Like the code to nourish you? Have to feed it something<br />
too.<br />
DB: Perhaps. I agree that code appears to be a defining<br />
discourse of our postmodernity. It offers both explanation<br />
and saviour, for example, the state as machine, that runs a<br />
faulty form of code that can be rewritten and re-executed.<br />
The constitution as a mic<strong>ro</strong>code, law as code. Humanity as<br />
objects at the mercy of an inhuman code.<br />
52 Free Software Magazine Issue 9, November/December 2005<br />
Deleuze<br />
JP: True and it gathers together a disturbing discourse of the<br />
elect. Code as intellectual heights, an aristocratic elect who<br />
can free information and have a wisdom to transform society<br />
without the politics, without nations and without politicians.<br />
Code becomes the lived and the desired. Both a black<br />
box and a glass box. Hard and unyielding and simultaneously<br />
soft and malleable.<br />
DB: Code seems to follow information into a displaced subjectivity,<br />
perhaps a new and startling subject of history that<br />
is merely a reflection of the biases, norms and values of<br />
the coding elite. More concerning, perhaps, code as walls<br />
and doors of the prisons and workhouses of the 21st Century.<br />
Condemned to make the amende honorable before the<br />
church of capital.<br />
JP: So, we ask what is code? Not expecting to find answers,
ut rather to raise questions. To survey and map realms that<br />
are yet to come (AO:5). The key for us lies in code’s connectivity,<br />
it is a semiotic-chain, rhizomatic (rather like a nonhierarchical<br />
network of nodes) and hence our map must allow<br />
for it to be interconnected f<strong>ro</strong>m anything to anything. In<br />
this investigation, which we know might sometimes be hard<br />
to follow, our method imitates that outlined by Deleuze &<br />
Guattari in Anti-Oedipus (2004). It will analyse by decentering<br />
it onto other dimensions, and other registers (AO:8).<br />
We hope that you will view this article as a “little machine”<br />
(AO: 4), itself something to be read slowly, or fast, so that<br />
you can take f<strong>ro</strong>m it whatever comes your way. It does not<br />
ask the question of where code stops and the society starts,<br />
rather it forms a tracing of the code-society or the societycode.<br />
DB: Dystopian and utopian, both can cling like Pincher<br />
Martin to code. Code has its own apocalyptic fictions;<br />
crashes and bugs, Y2K and corruption. It is a fiction that<br />
is becoming a literary fiction (Kermode). We wish to stop it<br />
becoming a myth, by questioning code and asking it uncomfortable<br />
questions. But by our questioning we do not wish<br />
to be considered experts or legislators, rather we want to ask<br />
again who are the “Gods” of the information age (Heidegger).<br />
By drawing code out and stretching it out, we hope to<br />
make code less mysterious, less an “unconcealment that is<br />
concealed” (Heidegger).<br />
JP: Perhaps to ask code and coders to think again about the<br />
way in which they see the world, to move f<strong>ro</strong>m objects to<br />
things, and practice code as poetry (poeisis). Rather than<br />
code as ordering the world, fixing and overcoding. Code<br />
as a craft, “bringing-forth” th<strong>ro</strong>ugh a showing or revealing<br />
that is not about turning the world into resources to be assembled,<br />
and reassembled forever.<br />
DB: And let us not forget the debt that code owes to war<br />
and government. It has a bloody history, formed f<strong>ro</strong>m the<br />
special p<strong>ro</strong>jects of the cold war, a technological race, that<br />
got mixed up with the counter-culture but still fights battles<br />
on our behalf. He laid aside his sabre. And with a smile he<br />
took my hand.<br />
Code as concept<br />
DB: A stab in the dark. To start neither at the beginning<br />
or the end, but in the middle: code is pure concept instantiated<br />
into the languages of machines. Coding is the art of<br />
MIND SET<br />
forming, inventing and fabricating structures based on these<br />
languages. Structures that constrain use as well as free. The<br />
coder is the friend of the code, the potentiality of the code,<br />
not merely forming, inventing and fabricating code but also<br />
desiring. The electric hymn book that Happolati invented.<br />
With electric letters that shine in the dark?<br />
JP: And what of those non-coders who use code, or rather<br />
are used by code instead of forming it? Code can enable but<br />
it can also repress. Deleuze believes that we live in a society<br />
of cont<strong>ro</strong>l and that code is part “of the numerical language<br />
of cont<strong>ro</strong>l” requiring of us passwords, user names, and the<br />
completion of form fields to either grant or deny access to<br />
information, goods and services (1992).<br />
DB: Yes, code becomes the unavoidable boundary a<strong>ro</strong>und<br />
which no detour exists in order to participate fully in modern<br />
life. It is ubiquitous. Formatted by code, harmonised<br />
with the language of machines, our life history, tastes, preferences<br />
and personal details become p<strong>ro</strong>files, mailing lists,<br />
data and ultimately markets. Societies of cont<strong>ro</strong>l regulate<br />
their population by ensuring their knowing and unknowing<br />
participation in the marketplace th<strong>ro</strong>ugh enforced compatibility<br />
with code. Watch over this code!. . . Let me see some<br />
code!<br />
JP: But there is no simple code. Code is p<strong>ro</strong>duction and as<br />
such is a machine. Every piece of code has components and<br />
is defined by them. It is a multiplicity although not every<br />
multiplicity is code. No code is a single component because<br />
even the first piece of code draws on others. Neither is there<br />
code possessing all components as this would be chaos. Every<br />
piece of code has a regular contour defined by the sum<br />
of its components. The code is whole because it totalises<br />
the components, but it remains a fragmentary whole.<br />
DB: Code aborescent. Plato’s building agile, objectoriented<br />
and postmodern codes under the spreading chestnut<br />
tree.<br />
JP: But computers are not the only machines that use code.<br />
Deleuze believes that everything is a machine, or to be more<br />
precise every machine is a machine of a machine. By this<br />
he means that every machine is connected to another by a<br />
flow—whether this flow is air, information, water, desire<br />
etc—which it interrupts, uses, converts and then connects<br />
with another machine.<br />
DB: I agree that human beings are nothing more than an<br />
assemblage of several machines linked to other machines,<br />
Free Software Magazine Issue 9, November/December 2005 53
though century’s worth of history have us duped into thinking<br />
otherwise.<br />
JP: But, does every machine have a code built into it which<br />
determines the nature of its relations with other machines<br />
and their outputs? How else would we know whether to<br />
swallow air, suffocate on food or drink sound waves? There<br />
is even a social machine, who’s task it is to code the flows<br />
that circulate within it. To apportion wealth, to organise p<strong>ro</strong>duction<br />
and to record the particular constellation of linked<br />
up flows that define its mode of being.<br />
DB: Up to this point, code is verging towards the deterministic<br />
or the p<strong>ro</strong>grammatic, dependent upon some form<br />
of Ur-coder who might be synonymous with God, with the<br />
Despot, with Nature, depending on to whom you attribute<br />
the first and last words.<br />
JP: But Deleuze delimits a way of scrambling the codes, of<br />
flouting the key, which enables a different kind of de/encoding<br />
to take place and frees us f<strong>ro</strong>m a pre-determined<br />
input-output, a=b matrix. Enter Desire. Enter Creativity.<br />
Enter the Schizo. Enter capitalism? You show them you<br />
have something that is really p<strong>ro</strong>fitable, and then there will<br />
be no limits to the recognition of your ability.<br />
Code as Schizo<br />
DB: Deleuze & Guattari warned us that the Schizo ethic<br />
was not a revolutionary one, but a way of surviving under<br />
capitalism by p<strong>ro</strong>ducing fresh desires within the structural<br />
limits of capitalism. Where will the revolution come f<strong>ro</strong>m?<br />
JP: It will be a decoded flow, a “deterritorialised flow that<br />
runs too far and cuts too sharply”. D & G hold that art and<br />
science have a revolutionary potential. Code, like art and<br />
science, causes increasingly decoded and deterritorialised<br />
flows to circulate in the socius. To become more complicated,<br />
more saturated. A few steps away a policeman is observing<br />
me; he stands in the middle of the street and doesn’t<br />
pay attention to anything else.<br />
DB: But, code is bifurcated between a conceptual and a<br />
functional schema, an “all encompassing wisdom [=code]”.<br />
Concepts and functions appear as two types of multiplicities<br />
or varieties whose natures are different. Using the<br />
Deluezean concept of Demon which indicates, in philosophy<br />
as well as science, not something that exceeds our possibilities<br />
but a common kind of these necessary intercessors<br />
as respective “subjects” of enunciation: the philosophical<br />
MIND SET<br />
Guattari<br />
friend, the rival, the idiot, the overman are no less demons<br />
that Maxwell’s demon or than Einstein’s or Heseinberg’s<br />
observers. (WIP: 129). Our eyes meet as I lift my head;<br />
maybe he had been standing there for quite a while just<br />
watching me.<br />
JP: Do you know what time it is?<br />
HE: Time? Simple Time?. . . Great time, mad time, quite<br />
bedivelled time, in which the fun waxes fast and furious,<br />
with heaven-high leaping and springing—and again,<br />
of course, a bit miserable, very miserable indeed, I not only<br />
admit that, I even emphasise it, with pride, for it is sitting<br />
and fit, such is artist-way and artist-nature.<br />
Code and sense perception<br />
54 Free Software Magazine Issue 9, November/December 2005<br />
DB: In code the <strong>ro</strong>le of the partial coder is to perceive and to<br />
experience, although these perceptions and affections might<br />
not be those of the coder, in the currently accepted sense,<br />
but belong to the code. Does code interpolate the coder, or<br />
only the user? Ideal partial observers are the perceptions or<br />
sensory affections of code itself manifested in functions and<br />
“functives”, the code crystallised affect.<br />
JP: Maybe the function in code determines a state of affairs,<br />
thing or body that actualises the virtual on a plane of reference<br />
and in a system of co-ordinates, a dimensional classification;<br />
the concept in code expresses an event that gives<br />
consistency to the virtual on a plane of immanence and in<br />
an ordered form.<br />
DB: Well, in each case the respective fields of coding find<br />
themselves marked out by very different entities but that<br />
nonetheless exhibit a certain analogy in their task: a p<strong>ro</strong>blem.<br />
Is this a world-directed perspective—code as an action<br />
facing the world?
JP: Does that not consisting in failing to answer a question?<br />
In adapting, in co-adapting, with a higher taste as p<strong>ro</strong>blematic<br />
faculty, are corresponding elements in the p<strong>ro</strong>cess being<br />
determined? Do we not replicate the chains of equivalence,<br />
allowing the code, to code, so to speak, how we might understand<br />
it?<br />
DB: Coders are writers, and every writer is a sellout. But an<br />
honest joy/Does itself dest<strong>ro</strong>y/For a harlot coy.<br />
JP: We might ask ourselves the following question: is the<br />
software coder a scientist? A philosopher? Or an artist? Or<br />
a schizophrenic?<br />
AL: For me the only code is that which places an explosive<br />
device in its package, fabricating a counterfeit currency.<br />
Which in part the knowing children sang to me.<br />
Dr. K: This man is mad. There has been for a long time no<br />
doubt of it, and it is most regrettable that in our circle the<br />
p<strong>ro</strong>fession of alienist is not represented. I, as a numismatist,<br />
feel myself entirely incompetent in this situation.<br />
DB: For Deleuze, the ascription of these titles exceeds determining<br />
whether the tools of the trade in question are mic<strong>ro</strong>scopes<br />
and test-tubes, cafés and cigarettes, or easels and<br />
oil-paints. Rather they identify the kind of thinking that<br />
each g<strong>ro</strong>up practices. Latour claimed that if you gave him a<br />
laboratory he could move the world. Maybe p<strong>ro</strong>sopopoeia<br />
is part of the answer, he should ask code what it thinks.<br />
JP: But not just the kind of thinking, but the kind of p<strong>ro</strong>blems<br />
which this thought presupposes, and the nature of the<br />
solutions that it can p<strong>ro</strong>vide. To ask under which category<br />
the coder clicks her mouse is to question whether she is creating<br />
concepts as opposed to dealing in functives like a scientist,<br />
or generating percepts and affects like an artist.<br />
DB: If you’re actually going to love technology, you have to<br />
give up sentimental slop, novels sprinkled with <strong>ro</strong>se water.<br />
All these stories of efficient, p<strong>ro</strong>fitable, optimal, functional<br />
technologies.<br />
JP: Who said I wanted to love technology?<br />
DB: The philosopher loves the concept. The artist, the affect.<br />
Do the coders love the code?<br />
JP: If we say that code is a concept, summoning into being<br />
or releasing free software as an event, the coder is cast<br />
first and foremost as a philosopher. The coder, as philosopher,<br />
could neither love nor covet her code prior to its arrival.<br />
It must take her by surprise. For the philosopher,<br />
or more specifically the conceptual personae th<strong>ro</strong>ugh whom<br />
MIND SET<br />
concepts come to pass and are given voice, (Deleuze does<br />
not strictly believe in the creativity of an individual ego),<br />
Deleuze reserves a privileged <strong>ro</strong>le in the modern world<br />
which is so woefully lacking in creation and in resistance<br />
to the present. He writes: “The creation of concepts in itself<br />
calls for a future form, for a new earth and people that do<br />
not yet exist” (1994, 108). Deleuze would hope this future<br />
form would be recognizable by virtue of its dislocation f<strong>ro</strong>m<br />
the present.<br />
DB: If the software coder really is a philosopher, what kind<br />
of a future is free software summoning and who are the new<br />
people who might later exist?<br />
JP: Thanks to computers, we now know that there are only<br />
differences of degree between matter and texts. In fact, ever<br />
since a literary happy few started talking about “textual machines”<br />
in connection with novels, it has been perfectly natural<br />
for machines to become texts written by novelists who<br />
are as brilliant as they are anonymous (Latour). But then is<br />
there no longer any difference between humans and nonhumans.<br />
DB: No, but there is no difference between the spirit of machines<br />
and their matter, either; they are souls th<strong>ro</strong>ugh and<br />
th<strong>ro</strong>ugh (Latour).<br />
JP: But don’t the stories tell us that machines are purported<br />
to be pure, separated f<strong>ro</strong>m the messy world of the real?<br />
Their internal world floating in a platonic sphere, eternal<br />
and perfect. Is the basis of their functioning deep within<br />
the casing numbers ticking over numbers, overflowing logic<br />
registers and memory addresses?<br />
DB: I agree. Logic is often considered the base of code.<br />
Logic is reductionist not accidentally but essentially and<br />
necessarily; it wants to turn concepts into functions. In becoming<br />
p<strong>ro</strong>positional, the conceptual idea of code loses all<br />
the characteristics it possessed as a concept: its endoconsistency<br />
and its exoconsistency. This is because of a regime<br />
of independence that has replaced that of inseparability, the<br />
code has enframed the concept.<br />
Code as science<br />
DB: Do you think a real hatred inspires logic’s rivalry with,<br />
or its will to supplant, the concept? Deleuze thought “it kills<br />
the concept twice over”.<br />
JP: The concept is reborn not because it is a scientific function<br />
and not because it is a logical p<strong>ro</strong>position: it does not<br />
Free Software Magazine Issue 9, November/December 2005 55
Code<br />
belong to a discursive system and it does not have a reference.<br />
The concept shows itself and does nothing but show<br />
itself. Concepts are really monsters that are reborn f<strong>ro</strong>m<br />
their fragments.<br />
DB: But how does this relate to the code, and more specifically<br />
to free software and free culture? Can we say that this<br />
is that summoning? Can the code save us?<br />
JP: Free software knows only relations of movement and<br />
rest, of speed and slowness, between unformed, or relatively<br />
unformed, elements, molecules or particles borne away by<br />
fluxes. It knows nothing of subjects but rather singularities<br />
called events or hecceities. Free software is a machine but<br />
a machine that has no beginning and no end. It is always in<br />
the middle, between things. Free software is where things<br />
pick up speed, a transversal movement, that undermines its<br />
banks and accelerates in the middle. But that is not to say<br />
that capital does not attempt to recode it, reterritorialising<br />
its flows within the circuits of capital.<br />
DB: A p<strong>ro</strong>ject or a person is here only definable by movements<br />
and rests, speeds and slowness (longitude) and by affects,<br />
intensities (latitude). There are no more forms, but<br />
cinematic relations between unformed elements; there are<br />
no more subjects but dynamic individuations without subjects,<br />
which constitute collective assemblages. Nothing develops,<br />
but things arrive late or in advance, and enter into<br />
some assemblage according to their compositions of speed.<br />
Nothing becomes subjective but haecceities take shape according<br />
to the compositions of non-subjective powers and<br />
effects. Maps of speeds and intensities (e.g. Sourceforge).<br />
JP: We have all already encountered this business of speeds<br />
and slowness: their common quality is to g<strong>ro</strong>w f<strong>ro</strong>m the<br />
middle, to be always in-between; they have a common<br />
imperceptible, like the vast slowness of massive Japanese<br />
MIND SET<br />
wrestlers, and all of a sudden, a decisive gesture so swift<br />
that we didn’t see it.<br />
DB: Good code, Bad code. Deleuze asks: “For what do private<br />
p<strong>ro</strong>perty, wealth, commodities, and classes signify?”<br />
and answers: “The breakdown of codes” (AO, 218). Capitalism<br />
is a generalized decoding of flows. It has decoded<br />
the worker in favour of abstract labour, it has decoded the<br />
family, as a means of consumption, in favour of interchangeable,<br />
faceless consumers and has decoded wealth in favour<br />
of abstract, speculative, merchant capital. In the face of this,<br />
it is difficult to know if we have too much code or too little<br />
and what the criteria might be by which we could make<br />
qualitative distinctions between one type of code and another,<br />
such as code as concept and code as commodity.<br />
JP: We could suggest that the schizophrenic code (i.e.<br />
the schizophrenic coding as a radical politics of desire)<br />
could seek to de-normalise and de-individualise th<strong>ro</strong>ugh a<br />
multiplicity of new, radical collective arrangements against<br />
power. Perhaps a radical hermeneutics of code, code as locality<br />
and place, a dwelling.<br />
DB: Not all code is a dwelling. Bank systems, facial recognition<br />
packages, military defence equipment and governmental<br />
monitoring software is code but not a dwelling. Even<br />
so, this code is in the domain of dwelling. That domain extends<br />
over this code and yet is not limited to the dwelling<br />
place. The bank clerk is at home on the bank network but<br />
does not have shelter there; the working woman is at home<br />
on the code but does not have a dwelling place there; the<br />
chief engineer is at home in the p<strong>ro</strong>gramming envi<strong>ro</strong>nment<br />
but does not dwell there. This code enframes her. She inhabits<br />
them and yet does not dwell in them.<br />
Code as art<br />
56 Free Software Magazine Issue 9, November/December 2005<br />
JP: You are right to distinguish between code as<br />
“challenging-forth” (Heidegger) and code that is a<br />
“bringing-forth”. The code that is reterritorialised is code<br />
that is p<strong>ro</strong>prietary and instrumental, has itself become a<br />
form of “standing-reserve”.<br />
DB: So how are we to know when code is a “bringingforth”?<br />
How will we know if it is a tool for conviviality.<br />
How will we distinguish between the paranoiac and the<br />
schizophrenic?<br />
JP: We know, that the friend or lover of code, as claimant<br />
does not lack rivals. If each citizen lays claim to something
then we need to judge the validity of claims. The coder lays<br />
claim to the code, and the corporation, and the lawyer, who<br />
all say, “I am the friend of code”. First it was the computer<br />
scientists who exclaimed “This is our concern, we are the<br />
scientists!”. Then it was the turn of the lawyers, the journalists<br />
and the state chanting “Code must be domesticated<br />
and nationalised!” Finally the most shameful moment came<br />
when companies seized cont<strong>ro</strong>l of the code themselves “We<br />
are the friends of code, we put it in our computers, and we<br />
sell it to anyone”. The only code is functional and the only<br />
concepts are p<strong>ro</strong>ducts to be sold. But even now we see the<br />
lawyers agreeing with the corporations, we must cont<strong>ro</strong>l the<br />
code, we must regulate the code, the code must be paranoiac.<br />
DB: This is perhaps the vision offered by William Gibson’s<br />
Neu<strong>ro</strong>mancer, a dystopian realization of the unchecked<br />
power of multinational corporations which, despite the efforts<br />
of outlaw subcultures, monopolize code. Th<strong>ro</strong>ugh their<br />
creation of AI entities code becomes autonomous, it exceeds<br />
human cont<strong>ro</strong>l. If indeed it makes sense to retain the term<br />
human, which Gibson pejoratively substitutes with “meat”.<br />
The new human-machinic interfaces engendered by software<br />
and technological development demand the jettisoning<br />
of received categories of existence as they invent uncanny<br />
new ones.<br />
JP: This is the possibility of code. The code as a war machine.<br />
Nomadic thought. The code as outsider art, the gay<br />
science, code as desiring-p<strong>ro</strong>duction, making connections,<br />
to ever new connections.<br />
DB: Code can be formed into networks of singularities into<br />
machines of struggle. As Capital de-territorializes code<br />
there is the potential th<strong>ro</strong>ugh machines to re-territorialize.<br />
Th<strong>ro</strong>ugh transformative constitutive action and network sociality—in<br />
other words the multitude—code can be deterritorializing,<br />
it is multiplicity and becoming, it is an event.<br />
Code is becoming nomadic.<br />
JP: This nomadic code upsets and exceeds the criteria<br />
of representational transparency. According to Jean Baudrillard,<br />
the omnipresence of code in the West—DNA, binary,<br />
digital—enables the p<strong>ro</strong>duction of copies for which<br />
there are no originals. Unsecured and cut adrift f<strong>ro</strong>m the<br />
“reality” which representation has for centuries prided itself<br />
on mir<strong>ro</strong>ring, we are now in the age of simulation. The<br />
depiction of code presents several difficulties for writers,<br />
who, in seeking to negotiate the new technological land-<br />
MIND SET<br />
scape, must somehow bend the representational medium of<br />
language and the linear p<strong>ro</strong>cess of reading to accommodate<br />
the p<strong>ro</strong>liferating ontological and spatio-temporal relations<br />
that code affords.<br />
DB: This tension is as palpable in Gibson’s efforts to render<br />
cyberspace in p<strong>ro</strong>se (he first coined the term in Neu<strong>ro</strong>mancer)<br />
as it is on the book cover, where the flat 2D picture<br />
struggles to convey the multi-dimensional possibilities of<br />
the matrix. The aesthetics of simulation, the poetics of cyberspace<br />
and of hyperreality are, we might say, still under<br />
construction.<br />
JP: Perhaps code precludes artistic p<strong>ro</strong>duction as we know<br />
it. Until the artist creates code and dispenses with representational<br />
media altogether, is it possible that her work will<br />
contribute only impoverished, obsolete versions of the age<br />
of simulation?<br />
DB: Artists have responded to “code” as both form and content.<br />
As form, we might also think of code as “genre”,<br />
the pa<strong>ro</strong>dying of which has become a staple in the postmodern<br />
canon. Films such as “The Scream” series, “The<br />
Simpsons”, or “Austin Powers”; flaunt and then subvert the<br />
generic codes upon which the p<strong>ro</strong>duction and interpretation<br />
of meaning depends. More drastically, Paul Auster sets<br />
his “New York Trilogy” in an epistemological dystopia in<br />
which the world does not yield to rational comprehension<br />
as the genre of detective fiction traditionally demands. If<br />
clues are totally indistinguishable f<strong>ro</strong>m (co)incidental detail,<br />
how can the detective guarantee a resolution, how can<br />
order be restored? As Auster emphasizes, generic codes and<br />
aesthetic form underwrite ideological assumptions and can<br />
be described as the p<strong>ro</strong>ducts of specific social relations.<br />
JP: And what of code as content? Like the “Matrix”. Here<br />
is a film which has latched onto the concept of code and also<br />
its discussion in contemporary philosophy, almost smugly<br />
displaying its dexterity in handling both.<br />
DB: Or “I ♥ Huckabees” with its unfolding of a kind of existential<br />
code that underlies human reality. Are our interpretations<br />
shifting to an almost instrumental understanding of<br />
code as a form of weak structuralism? Philosophy as mere<br />
code, to be written, edited and imp<strong>ro</strong>ved, turned into myth<br />
so that our societies can run smoothly.<br />
JP: The hacker stands starkly here. If code can be hacked,<br />
then perhaps we should d<strong>ro</strong>p a monkey-wrench in the machine,<br />
or sugar in the pet<strong>ro</strong>l tank of code? Can the philosopher<br />
be a model for the hacker or the hacker for the philoso-<br />
Free Software Magazine Issue 9, November/December 2005 57
pher? Or perhaps the hacker, with the concentrations on the<br />
smooth, efficient hacks, might not be the best model. Perhaps<br />
the cracker is a better model for the philosophy of the<br />
future. Submerged, unpredictable and radically decentred.<br />
Outlaw and outlawed.<br />
DB: Perhaps. But then perhaps we must also be careful<br />
of the fictions that we both read and write. And keep the<br />
radical potentialities of code and philosophy free.<br />
Wet with fever and fatigue we can now look toward the shore<br />
and say goodbye to where the windows shone so brightly.<br />
Notes<br />
[1] We were, in fact, at least four, and we think you can<br />
guess who the others were.<br />
Bibliography<br />
Deleuze, G. (1990). Postscript on the Societies of Cont<strong>ro</strong>l.<br />
L’autre Journal, Nr. 1.<br />
Deleuze, G. (2004). Foucault. London: Continuum.<br />
Deleuze, G., & Guattari, F. (1994). What is Philosophy?<br />
London: Verso.<br />
Deleuze, G., & Guattari, F. (2004). Anti-Oedipus: Capitalism<br />
and Schizophrenia. London: Continuum.<br />
MIND SET<br />
Deleuze, G., & Guattari, F. (2003). A Thousand Plateaus:<br />
Capitalism and Schizophrenia. London: Continuum.<br />
Copyright information<br />
c○ 2005 David M. Berry, Jo Pawlik<br />
This article is made available under the “Attribution-<br />
Share-alike” Creative Commons License 2.0 available f<strong>ro</strong>m<br />
http://creativecommons.org/licenses/by-sa/2.0/.<br />
About the author<br />
David Berry is a researcher at the University of Sussex,<br />
UK and a member of the research collective The Libre<br />
Society (http://www.libresociety.org). He<br />
writes on issues sur<strong>ro</strong>unding intellectual p<strong>ro</strong>perty, immaterial<br />
labour, politics, free software and copyleft.<br />
Jo Pawlik is a doctoral student at the University of Sussex<br />
researching the interaction between the American<br />
counterculture and French poststructuralism, focusing<br />
in particular on the deployment and political purchase<br />
of the concepts of madness and schizophrenia.
Towards a free matter economy<br />
(Part 3)<br />
Designing the Narya Bazaar<br />
Terry Hancock<br />
Space is open to us now; and our eagerness to<br />
share its meaning is not governed by the efforts<br />
of others. We go into space because whatever<br />
mankind must undertake, free men must fully<br />
share.—John. F. Kennedy<br />
The beginning of this series presented the motivations<br />
behind creating a p<strong>ro</strong>tocol for creating<br />
a free-licensed design marketplace for material<br />
p<strong>ro</strong>ducts. Now, I hope to detail the design concept<br />
of a specific package: “Narya Bazaar”[1] is to be a web<br />
e-commerce application designed for a free-licensed economy.<br />
It will need to have many features in common with<br />
other e-commerce systems (shopping carts, credit card payments,<br />
and so on), but here I want to explain the unique part<br />
of the design, which is the “Bargain P<strong>ro</strong>tocol” that links our<br />
three principle actors: p<strong>ro</strong>jects, donors and vendors.<br />
Actors<br />
P<strong>ro</strong>jects in the Narya system are more-or-less as they are in<br />
the GForge[2] (or SourceForge) free software p<strong>ro</strong>ject incubator.<br />
They may be run by single individuals or g<strong>ro</strong>ups of<br />
people. G<strong>ro</strong>ups might be affiliated only th<strong>ro</strong>ugh common<br />
interest, or be co-workers funded by a commercial institution,<br />
though the former is much more likely.<br />
There are particular <strong>ro</strong>les within the p<strong>ro</strong>ject that are common<br />
to other p<strong>ro</strong>ject systems, such as the “p<strong>ro</strong>ject leader”,<br />
but Narya Bazaar int<strong>ro</strong>duces another particular <strong>ro</strong>le, which<br />
I call the “quartermaster” (QM). Like a real quartermaster,<br />
the p<strong>ro</strong>ject QM is in charge of the p<strong>ro</strong>ject’s material stores,<br />
and is trusted by p<strong>ro</strong>ject members with this <strong>ro</strong>le. Furthermore,<br />
in order to interact with the Bazaar system, the QM<br />
CMS and design tools<br />
Most p<strong>ro</strong>ject developer needs are not for the funding<br />
system described here, but the content creation and<br />
management systems that will be needed to collaborate<br />
with developers on a global (or even interplanetary)<br />
scale. Fortunately, this is one area where there is much<br />
support f<strong>ro</strong>m the free software world already.<br />
In the simplest case we could simply use the GForge<br />
application (the free branch of the SourceForge web application).<br />
Or we can extend upon any of a wide variety<br />
of CMS systems. For Narya[3] (which is being written<br />
in Python[4]) I have chosen to develop a content system<br />
based on Zope[5], which p<strong>ro</strong>vides very useful structural<br />
abstractions for the job. I’m hedging my bet though, by<br />
p<strong>ro</strong>viding “application views” that allow me to window<br />
other services inside the Narya framework. This would,<br />
for example, allow running GForge at least as a transitional<br />
measure.<br />
Unfortunately, there are some gaping holes in the available<br />
free design tools for serious hardware design. I<br />
hope to cover the most important ones in the next installment<br />
of this series.<br />
Free Software Magazine Issue 9, November/December 2005 59
must have a physical mailing address and account information<br />
on file at the site. Since this represents some loss of<br />
privacy, it’s understandable that p<strong>ro</strong>jects will not want all<br />
of their members to have to agree to these terms, but at<br />
least one member needs to if they want to take advantage<br />
of Bazaar’s p<strong>ro</strong>vision of materials and services.<br />
Donors, are the wonderful people who have money to spend<br />
on seeing that p<strong>ro</strong>jects of interest to them succeed. Without<br />
them, of course, there would be no point in designing<br />
Bazaar at all. We do not treat them as a magic source of<br />
funding here, however, but as customers who expect to see<br />
value for the money they contribute. This value comes in<br />
the form of newly available technologies that they can use,<br />
and in the manufactured incarnations of those technologies<br />
as p<strong>ro</strong>vided by vendors.<br />
Finally, vendors, are the commercial p<strong>ro</strong>viders of the materials<br />
and services that are needed by p<strong>ro</strong>jects to complete<br />
their development work, and who must be paid using funds<br />
that come f<strong>ro</strong>m donors. These are fairly well-understood<br />
commercial entities, although they may take any commercial<br />
form f<strong>ro</strong>m a self-employed consultant to a large contract<br />
manufacturer or commodity supplier. In some cases,<br />
the “vendor” in the Bazaar system will actually be a reseller<br />
of services p<strong>ro</strong>cured by external means.<br />
Vendors sell to donors in essentially two modes: the first<br />
is direct sales in which the “donor” is more-p<strong>ro</strong>perly called<br />
simply the “customer”; and the second is p<strong>ro</strong>viding services<br />
to p<strong>ro</strong>jects that the donor is supporting. In a successful freematter<br />
economy, the former kind of sale will dominate in<br />
sales figures, although the latter will p<strong>ro</strong>bably be the main<br />
form of sale at the beginning, and may always be the largest<br />
in number of unique transactions. However, since the former<br />
case is handled by standard e-commerce solutions, I<br />
will not expand further on it. It is the latter mode that most<br />
needs explanation here.<br />
P<strong>ro</strong>ject needs<br />
In the previous two articles, I have outlined the fears and<br />
needs of the donors and vendors by way of outlining the<br />
requirements of this p<strong>ro</strong>tocol. The one remaining class of<br />
actors is p<strong>ro</strong>bably the most obvious one—the p<strong>ro</strong>ject developers.<br />
Fortunately, the fears and resulting needs that p<strong>ro</strong>ject<br />
developers have f<strong>ro</strong>m the Bazaar system are pretty straightforward:<br />
MIND SET<br />
Funding<br />
• Fears: that p<strong>ro</strong>ject will be impossible to complete because<br />
of materials costs.<br />
• Wants: a fundraising system that allows interested parties<br />
to help them with costs.<br />
This is the whole point of the Bazaar system.<br />
Services<br />
• Fears: p<strong>ro</strong>ject will require work that participants are<br />
unable to do for themselves.<br />
• Wants: way to purchase necessary services.<br />
In short, we need to have vendors available to p<strong>ro</strong>vide the<br />
services. Given the difficulty of sourcing, ordering, and receiving<br />
high-tech components in p<strong>ro</strong>totype quantities and<br />
the difficulty of finding testing services which are normally<br />
only marketed to commercial organizations, this would be a<br />
p<strong>ro</strong>blem even if money were no object.<br />
Commercialization<br />
• Fears: commercial needs will overwhelm p<strong>ro</strong>ject participants<br />
and steal cont<strong>ro</strong>l of p<strong>ro</strong>ject goals.<br />
• Wants: to cont<strong>ro</strong>l p<strong>ro</strong>ject without the threat of<br />
“takeover” by donors or vendors.<br />
P<strong>ro</strong>ject developers have chosen the free-design <strong>ro</strong>ute for a<br />
reason. Any design which tends to dest<strong>ro</strong>y the free-market<br />
of ideas sur<strong>ro</strong>unding free-licensed development must be<br />
avoided. Although Bazaar will undoubtedly include a “tipbarrel”<br />
much as SourceForge now does, the focus will be<br />
on “p<strong>ro</strong>vision” funding rather than “grant” funding for this<br />
reason (p<strong>ro</strong>jects wishing to operate on a direct-payment basis<br />
can always function as vendors in the Bazaar system, of<br />
course).<br />
Combined with the needs outlined in parts 1 and 2, this<br />
gives us the requirements that drive the design of the Narya<br />
Bazaar Bargain P<strong>ro</strong>tocol.<br />
Resolving trust faults<br />
60 Free Software Magazine Issue 9, November/December 2005<br />
Most of the needs outlined for these three actors are types<br />
of assurances that need to be made to resolve the natural<br />
trust faults of the bargain arrangement, as diagrammed in
Figure 1. Note that faults exist not only between the classes<br />
of parties involved in the bargain, but also among the individual<br />
actors within each g<strong>ro</strong>up. Indeed, these include some<br />
of the most serious p<strong>ro</strong>blems to be solved.<br />
The “free-rider” p<strong>ro</strong>blem is the classic “tragedy of the commons”<br />
p<strong>ro</strong>blem, in which donors fear that other donors will<br />
not “ante up” to support p<strong>ro</strong>jects that they do, thus resulting<br />
in wasted funds. On the other hand, if the donor has<br />
some assurance that their contributions will leverage or cont<strong>ro</strong>l<br />
other people’s contributions, they will be more likely to<br />
spend (since there is an amplification of utility involved).<br />
Naturally, of course, such cont<strong>ro</strong>l of others’ funds must<br />
not exceed the willingness of those others to participate.<br />
There are p<strong>ro</strong>ven methods of solving these p<strong>ro</strong>blems, such<br />
as “matching funds” and “spending caps”. In fact, there<br />
is an elect<strong>ro</strong>nic p<strong>ro</strong>tocol called the “Rational Street Performer<br />
P<strong>ro</strong>tocol” (RSPP)[6] which seeks to maximize funding<br />
f<strong>ro</strong>m such sources, using conditional pledges. These<br />
pledges outline the basic facts about a particular contribution:<br />
an amount the donor is willing to spend unconditionally,<br />
a fraction indicating how much leverage they want to<br />
insist on, and finally a cap on how much they can afford to<br />
spend.<br />
The internal p<strong>ro</strong>blems among vendors are the same old<br />
p<strong>ro</strong>blems as with all commercial free-markets. Essentially<br />
the playing field must be kept level enough, and individual<br />
players have to be kept f<strong>ro</strong>m monopolizing the field th<strong>ro</strong>ugh<br />
winner-take-all tactics. Furthermore, there must be penalties<br />
for rule-breaking to keep dishonest businesses out and<br />
to p<strong>ro</strong>tect the honest ones (as well as to keep them honest).<br />
In an elect<strong>ro</strong>nic marketplace, anonymity and distance<br />
heighten the threat of fly-by-night operators, so a means<br />
of automating the word-of-mouth knowledge that p<strong>ro</strong>tects<br />
smaller communities is needed. Fortunately, good examples<br />
of this kind of strategy can be found in pre-existing applications<br />
including moderated forums and E-Bay’s rating<br />
systems[7].<br />
P<strong>ro</strong>jects have similar p<strong>ro</strong>blems to vendors in terms of ensuring<br />
fair competition, even if money is not involved. Fair assessment<br />
of p<strong>ro</strong>jects on an objective basis, and fair sharing<br />
of site resources are necessary to avoid conflict and avoid<br />
losing p<strong>ro</strong>jects f<strong>ro</strong>m the system.<br />
The most complex trust fault in the system, however, arises<br />
f<strong>ro</strong>m the p<strong>ro</strong>blem of paying for goods to be manufactured. It<br />
takes irrecoverable time and energy to manufacture a good<br />
MIND SET<br />
Figure 1: Trust Faults. In order to ensure fair-dealing between<br />
the participants, the Bazaar software must p<strong>ro</strong>vide a solution for the<br />
trust faults between the three principle classes of actors, as well as<br />
among individuals in each g<strong>ro</strong>up.<br />
or p<strong>ro</strong>vide a service. Payment in advance would solve this<br />
p<strong>ro</strong>blem for vendors, but for donors, the p<strong>ro</strong>blem would<br />
then be reliance upon vendors to deliver the requested p<strong>ro</strong>duct<br />
or service at a service-quality level that is app<strong>ro</strong>priate<br />
for the money paid. Market forces will tend to force vendors<br />
to cut corners, and shoddy work may result if no direct<br />
feedback on service quality is p<strong>ro</strong>vided. Again, however,<br />
there is a standard solution to this type of trust fault: an outside<br />
party, trusted by both sides can be chosen to hold the<br />
funds in esc<strong>ro</strong>w while the transaction is being completed.<br />
This p<strong>ro</strong>vides assurance to the vendor that they will get paid<br />
if they deliver, but also assurance to the donor that payment<br />
will not be made if quality standards are not met. This int<strong>ro</strong>duces<br />
a new actor: the “Quality Assurance Authority”<br />
(QA).<br />
Specifications<br />
Relying on quality assurance for payment, however, does<br />
of course increase the burden on the vendor to ensure that<br />
there are objective QA tests that they can pass. This in turn<br />
requires the p<strong>ro</strong>ject to p<strong>ro</strong>vide unambiguous specifications<br />
Free Software Magazine Issue 9, November/December 2005 61
Figure 2: Specifications. P<strong>ro</strong>ject participants will create many design<br />
documents in the p<strong>ro</strong>cess of coming up with a design that needs<br />
to be p<strong>ro</strong>totyped. F<strong>ro</strong>m these, the p<strong>ro</strong>ject quartermaster must construct<br />
a specification that formally defines each of the steps or items<br />
that are to be p<strong>ro</strong>vided to the p<strong>ro</strong>ject by the vendor, as well as defining<br />
rules which will affect the bargaining p<strong>ro</strong>cess and other options.<br />
and tests. Hopefully, developers familiar with “test-driven<br />
development” will find this a tolerable requirement. It also,<br />
of course, makes sense in terms of the p<strong>ro</strong>ject’s own reliability<br />
needs.<br />
In order to clarify the p<strong>ro</strong>cess of creating these specifications,<br />
and to show that it is feasible to p<strong>ro</strong>vide automated<br />
means of doing so, it’s necessary to segment the possible<br />
types of specifications that I anticipate. Naturally, all of<br />
these categories are really “services”, but there are policy<br />
and delivery issues unique to each:<br />
• A general service spec requests a certain service<br />
such as p<strong>ro</strong>fessional (certified) engineering review or<br />
design-to-requirements be done for the p<strong>ro</strong>ject. Other<br />
examples include: simulation, computation services,<br />
and p<strong>ro</strong>gramming or documentation. The p<strong>ro</strong>duct falls<br />
under the p<strong>ro</strong>ject license as a work-for-hire and will be<br />
subsumed into the p<strong>ro</strong>ject.<br />
• A standard service spec requests services which can<br />
be quoted automatically, such as notary services or en-<br />
MIND SET<br />
62 Free Software Magazine Issue 9, November/December 2005<br />
gineering review of standard types of designs. Prices<br />
might be flat-rate or based on easy-to-measure factors<br />
such as “number of plan pages”, etc. Terms are otherwise<br />
the same as for a general service.<br />
• A manufacture to plan spec requests that a p<strong>ro</strong>ject<br />
design be built to the specified plans and tolerances.<br />
The vendor assumes no responsibility for functionality,<br />
only that the manufacturing was done as specified.<br />
Since the design is the p<strong>ro</strong>ject’s, free-licensing is guaranteed<br />
and prior-art precludes patentability (assuming<br />
it was not previously patented).<br />
• A manufacture to requirements spec requests that<br />
a p<strong>ro</strong>duct be made to meet certain functional requirements,<br />
but the implementation is left up to the vendor.<br />
In this case, the licensing is cont<strong>ro</strong>lled by the vendor,<br />
within whatever vendor licensing policy is in effect on<br />
the site.<br />
• A standard manufacture spec, like the standard service<br />
spec can be quoted automatically, but is otherwise<br />
similar to plan or requirements manufacturing. Examples<br />
include electric motors, gears, printed circuit<br />
boards, etc. Vendor warrants performance because design<br />
uses standard practice. Licensing is generally a<br />
non-issue because either the p<strong>ro</strong>duct is too standardized<br />
to be p<strong>ro</strong>prietary (e.g. a spur gear), or p<strong>ro</strong>prietary<br />
aspects of the design are hidden behind standard interfaces<br />
(e.g.electric motor).<br />
• A standard supply spec is for a standardized part that<br />
is p<strong>ro</strong>bably already stocked, such as discrete elect<strong>ro</strong>nics,<br />
standard sized pulleys or belts, or even a whole<br />
personal computer. Note that in later generations of<br />
the Bazaar, a free-licensed design may be offered by<br />
vendors as a standard part in this way.<br />
Each type of specification has particular special behaviors<br />
in the system f<strong>ro</strong>m either the vendor or the p<strong>ro</strong>ject perspective.<br />
For example, prices on supply specs are likely to be<br />
fixed in bulk, and “standard” specs will p<strong>ro</strong>bably allow vendors<br />
to p<strong>ro</strong>vide scripts and standard specification content<br />
objects—the scripts would inspect the content object for the<br />
necessary information and generate a quote automatically.<br />
Finally of course, the higher levels of involvement of general<br />
services allow for involvement as extreme as writing<br />
pieces of software or designing major system components<br />
on a for-pay basis, to be incorporated into a free design.
This is a likely place to find a “p<strong>ro</strong>ject acting as vendor” in<br />
the system—Bazaar will place no restrictions on users playing<br />
multiple <strong>ro</strong>les, although when acting as a vendor one<br />
must follow vendor rules, and so on. In the interest of avoiding<br />
scams, such multiple-<strong>ro</strong>le cases will likely be flagged so<br />
that it is clear to all participants what is happening.<br />
Transactional specification<br />
In addition to p<strong>ro</strong>viding the above segmentation of specification<br />
types, it must also be noted that specifications will<br />
usually be multiple, with bargains requiring all to succeed<br />
in order for any to p<strong>ro</strong>ceed (that is, they are “transactional”).<br />
There are two major use cases for this:<br />
• Build and test—the cases where the QA can verify<br />
delivery by simple visual inspection are p<strong>ro</strong>bably rare.<br />
Fuzzy MRP<br />
Manufacturing resource planning (MRP) is the p<strong>ro</strong>cess<br />
by which companies try to cont<strong>ro</strong>l the costs and<br />
timescales associated with manufacturing parts which<br />
are made of parts which themselves must be manufactured<br />
or purchased, and so on. If p<strong>ro</strong>perly done, MRP<br />
allows for “just in time” manufacturing and very reduced<br />
needs for warehousing space.<br />
MRP for a free-licensed matter economy, however, int<strong>ro</strong>duces<br />
some special challenges, since the agents p<strong>ro</strong>ducing<br />
each component of a p<strong>ro</strong>duct are not internally<br />
cont<strong>ro</strong>lled by any one organization. Instead, the application<br />
of market forces will determine estimated p<strong>ro</strong>duction<br />
timescales and costs. In all p<strong>ro</strong>bability, this will<br />
actually be more efficient than centralized manufacturing<br />
in the average case; but the worst case scenario cannot<br />
be so easily constrained.<br />
Fortunately, the Bazaar’s bargain transaction database<br />
should p<strong>ro</strong>vide some basis for making statistical predictions<br />
about the time to deliver on particular p<strong>ro</strong>ducts<br />
and services, and allow estimates to be made for new<br />
ones based on that data. Since times and costs will be<br />
tracked, it makes sense to think that predictions can be<br />
made in this way. Adapting MRP[8] systems to handle<br />
the intrinsic fuzziness of bazaar-type marketplaces will<br />
p<strong>ro</strong>bably be an interesting challenge.<br />
MIND SET<br />
In order to p<strong>ro</strong>vide a meaningful assurance of quality,<br />
he will need to test data results. So for example, a<br />
critical welding job might need to be sent to a lab for<br />
X-rays, or a less critical one might simply need to be<br />
inspected by a trained welder. The QM must carefully<br />
determine what tests will be done, as they will be the<br />
main assurance of quality.<br />
• Shopping list—for many jobs, there may be a need<br />
to collect a long shopping list of components. Clearly<br />
if they can’t all be purchased, just buying a few is a<br />
waste of resources. So, all of the components for one<br />
job might be combined into one transactional specification.<br />
Placing a specification up for bid will be a task for the<br />
p<strong>ro</strong>ject QM, although she can obviously be assisted by other<br />
members of the p<strong>ro</strong>ject to clarify finer points. The specification<br />
will be created out of existing p<strong>ro</strong>ject content objects,<br />
designed to be adequate to the purpose.<br />
In addition to the individual specifications, the QM will<br />
have additional options available to her. The most important<br />
is p<strong>ro</strong>bably the choice of QA authority to administrate<br />
the bargain. Clearly it must be someone that both potential<br />
vendors and p<strong>ro</strong>ject members trust. Choosing to let the<br />
QM or the p<strong>ro</strong>spective vendors themselves act as QA is also<br />
possible (and p<strong>ro</strong>bably cheaper), but it clearly has certain<br />
risks. Another factor is the length of time to allow the bargain<br />
to continue—all bargains will have a finite time-limit,<br />
and whether the bargain should terminate as soon as a solution<br />
is found, or wait to see if a better deal is offered before<br />
the deadline runs out (is speed or lower price most important?).<br />
Other parameters include how fast delivery is to be<br />
made, what form of shipping is to be allowed, and so on.<br />
Vendor constraints<br />
One objection to this type of system is that it makes price<br />
the only factor in determining who gets a contract. This<br />
could result in poor quality standards, even with QA inspection.<br />
Since a system for rating vendors is envisioned,<br />
however, it seems reasonable to allow p<strong>ro</strong>jects or donors to<br />
apply constraints on whom they are willing to do business<br />
with. Vendors below a certain rating might be rejected due<br />
to questions about their quality of service or sales practices,<br />
allowing a “reputation game” to exist among vendors.<br />
Free Software Magazine Issue 9, November/December 2005 63
Figure 3: Bargain. The bargaining p<strong>ro</strong>cess is essentially just a<br />
matter of weighing the funds that can be raised by donors against<br />
the sum of the minimum bid costs f<strong>ro</strong>m vendors.<br />
There are other reasons for restricting vendors, too, such as<br />
shipping costs or customs p<strong>ro</strong>blems. It may be desireable<br />
to ensure that a p<strong>ro</strong>duct will only have to be shipped within<br />
the QM’s home country, for example, or even that it is available<br />
f<strong>ro</strong>m a supplier close enough for the QM to pick it up<br />
in person. Or, the supplier may have to p<strong>ro</strong>vide particular<br />
shipping options suitable to the QM.<br />
Such a constraint system will need to be used by the QM<br />
when putting the specification up for bid.<br />
Bargaining p<strong>ro</strong>cess<br />
Once the specification has been created to the QM’s satisfaction,<br />
the bargain can p<strong>ro</strong>ceed to bid. The strategy is a<br />
kind of “reverse auction” where vendors p<strong>ro</strong>vide bids on<br />
each sub-specification (and possibly more than one if spec<br />
constraints allow it). As soon as at least one bid exists for<br />
each part of the spec, a “bargain cost” is established. After<br />
that, subsequent bids may lower, but not raise the bargain<br />
cost.<br />
Meanwhile, RSPP pledging is allowed to start as well, so<br />
that donors can pledge support for the bargain. These are<br />
MIND SET<br />
summed following a modified version of the original RSPP<br />
fund-raising algorithm. Pledges, once made, are not withdrawable<br />
until the bargain ends, so the available money to<br />
meet the bargain cost can go up, but not down.<br />
Both bidding and pledging continue at least until the available<br />
funds match the bargain cost. Calculations may<br />
be complicated a bit by constraints placed by donors on<br />
vendor-qualifications, since if a vendor is questionable to<br />
one donor, we have to consider both the solution without<br />
that donor and the solution without that vendor. Essentially,<br />
however, this is a simple comparison of two sums (see Figure<br />
3).<br />
If the QM has opted for “close on solution”, the bargain will<br />
end early if a solution is found. Otherwise, the bargain will<br />
persist until the prescribed deadline, waiting for the possibility<br />
that another vendor will underbid one of the current<br />
vendors in order to capture the contract, possibly reducing<br />
the cost.<br />
Quality assurance and delivery<br />
64 Free Software Magazine Issue 9, November/December 2005<br />
The entire bargain p<strong>ro</strong>tocol is summarized in Figure 4,<br />
which also shows the final steps taken once the bargain succeeds,<br />
as well as the flow of cash th<strong>ro</strong>ugh the system. As<br />
soon as pledges have been made, an estimate of the maximum<br />
pledge amount is locked f<strong>ro</strong>m the donor’s account<br />
to avoid potential overdrafts. If and when the bargain succeeds,<br />
the actual amount for each pledge is computed (using<br />
a modified version of the RSPP algorithm that avoids overshooting<br />
the bargain cost), and moved into a site esc<strong>ro</strong>w<br />
account reserved for this bargain. Any excess “pledged”<br />
money is returned to the donor’s account so they can use it<br />
elsewhere.<br />
At this point, notices are sent to all parties that the money<br />
has been esc<strong>ro</strong>wed to pay for the contracted services. The<br />
vendor is cleared to begin work on delivering the order. As<br />
each vendor completes their work, the QA is notified and the<br />
p<strong>ro</strong>ject p<strong>ro</strong>ceeds to the next vendor (if sequenced p<strong>ro</strong>cessing<br />
is required, otherwise all components can be p<strong>ro</strong>cessed in<br />
parallel), possibly requiring a shipping step. Finally, when<br />
all stages are complete, the QA receives all material and<br />
documentation results. Assuming that QA standards are met<br />
(e.g. tests confirm that the work is acceptable), then the QA<br />
releases the esc<strong>ro</strong>w, allowing all of the vendors to collect
Figure 4: Whole bargaining system. (1) The QM creates a specification<br />
f<strong>ro</strong>m p<strong>ro</strong>ject content objects which are usable for that purpose.<br />
(2) This becomes the Bargain object. (3) Vendors are free<br />
to bid as soon as the bargain object is created. (4) Donors can<br />
transfer funds into their Bazaar account at any time. (5) Once they<br />
have funds to spend, donors can contribute to bargains that interest<br />
them. (6) If and when a solution is found, the bargain succeeds, and<br />
funds are transferred to esc<strong>ro</strong>w (any excess returns to the donors’<br />
accounts). (7) Vendor p<strong>ro</strong>vides p<strong>ro</strong>posed service. (8) QA inspects<br />
the vendor’s p<strong>ro</strong>duct to make sure it meets the specification. If so,<br />
the p<strong>ro</strong>duct is passed on to the p<strong>ro</strong>ject quartermaster, and the funds<br />
are released to the vendors’ accounts. (9) Vendors can collect their<br />
earnings at any time.<br />
their payments. At the same time, the QA ships all p<strong>ro</strong>duct<br />
materials to the QM.<br />
At this point, the QA collects a small transaction fee f<strong>ro</strong>m<br />
the sale to compensate them for their service (this fee is<br />
included in the bargain cost computation and is advertised<br />
by the QA to the QM who chose him). Collection of QA<br />
transaction fees is one means by which a Narya Bazaar site<br />
owner might make revenue.<br />
What if it didn’t work?<br />
One of the other options for the QM is to constrain what<br />
sort of remedies are available if a p<strong>ro</strong>duct or service fails QA<br />
testing. In the worst case, the service is rejected, the bidding<br />
cycle must start again, and the vendor absorbs a loss. This<br />
is bad for the vendor, but is clearly the right behavior for<br />
critical components.<br />
In the most lenient case, the QA may notify the QM of the<br />
p<strong>ro</strong>blem, allowing the QM to accept the p<strong>ro</strong>duct anyway. At<br />
MIND SET<br />
the same time, the vendor would be given the same information,<br />
with the option to rework the p<strong>ro</strong>duct or service to try<br />
to bring it up to spec.<br />
Clearly, there are other possibilities which can be resolved<br />
between the QA, QM, and vendor before giving up completely,<br />
but if all else fails, the bargain is rejected and must<br />
start again. In that case, funds are released f<strong>ro</strong>m esc<strong>ro</strong>w<br />
back into the donors’ accounts. As a special exception, it<br />
might be possible to allow the bargain to revert to “open”<br />
again if its time has not yet expired (but this can only happen<br />
in the “close on solution” case).<br />
A similar situation occurs if no solution is found before the<br />
bargain’s closing date. In that case, funds simply revert to<br />
the donors, and it’s up to the p<strong>ro</strong>ject to revise their specification<br />
to see if they can make it more attractive and try<br />
again.<br />
Expediting the bargaining p<strong>ro</strong>cess<br />
Given that many common classes of specification can be bid<br />
on automatically, it should be possible for the bargaining<br />
system to app<strong>ro</strong>ach the simplicity and speed of a standard<br />
“shopping” or “requisitions” experience for some transactions,<br />
while retaining the flexibility to deal with more complex<br />
manually-quoted contracts. At least this will be so<br />
if adequate suppliers are available, and the investment is<br />
made in automated bidding scripts. Competition would occur<br />
th<strong>ro</strong>ugh the p<strong>ro</strong>xy of the automated agents created by<br />
vendors. Many strategies are possible for maximizing the<br />
utility of this system, and it assures lower overall prices<br />
than can be expected f<strong>ro</strong>m a standard “e-store” system. For<br />
common cases, the risks may be low enough that the reduced<br />
cost and greater convenience of allowing the vendor<br />
or p<strong>ro</strong>ject QM to act as QA will be desired, eliminating QA<br />
costs and double shipping.<br />
The shape of things to come<br />
The future economy will deal with many realities that contrast<br />
with today’s close knit ship-to-anywhere world, especially<br />
as we move out into space. Present models for colonizing<br />
Mars, for example, rely heavily on concepts of In<br />
Situ Resource Utilization (ISRU), or “living off the land” as<br />
Dr. Robert Zubrin called it in The Case for Mars[9] (Figure<br />
5), in order to avoid impossibly high expense. At the same<br />
Free Software Magazine Issue 9, November/December 2005 65
Figure 5: ISRU on Mars. Current plans for colonizing Mars<br />
rely heavily on drawing f<strong>ro</strong>m natural resources on site, like this atmospheric<br />
p<strong>ro</strong>cessing station which, in the Mars-Society-inspired<br />
NASA “Design Reference Mission”[10] would p<strong>ro</strong>duce fuel for the<br />
return journey by extracting gases f<strong>ro</strong>m the Martian atmosphere.<br />
Such techniques are better suited for development by free-licensed<br />
design markets rather than existing p<strong>ro</strong>prietary ones, because they<br />
do not readily p<strong>ro</strong>vide a material “p<strong>ro</strong>duct” to be sold to consumers.<br />
time, there is a rising interest in commercial space development<br />
and dissatisfaction with today’s government subsidized<br />
p<strong>ro</strong>grams, which do seem to be very stagnant. But<br />
how does ISRU work in a free market economy? The very<br />
nature of ISRU requires that p<strong>ro</strong>ducts be manufactured on<br />
site, with manfacturing localized to the end-user (possibly<br />
done by the end-user). This is in stark contrast to our ecommerce<br />
mail-order economy where manufacturing localization<br />
is regarded as irrelevant, and it forces the question,<br />
“what will be sold by free market entrepreneurs in this coming<br />
interplanetary era?”<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Pledges, once made, are not<br />
withdrawable until the bargain ends<br />
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br />
Clearly the delivery will not be p<strong>ro</strong>ducts so much as the<br />
information required to make them, and this puts the matter<br />
economy on par with the information economy. Indeed,<br />
nearly all meaningful trade will be in information,<br />
while true material p<strong>ro</strong>duction is localized to the person who<br />
needs it, external to the trade economy. This places us in the<br />
position of deciding whether we want the hardware design<br />
economy to follow the model of the p<strong>ro</strong>prietary software gi-<br />
MIND SET<br />
ants or of the free-licensed software world. Which rules are<br />
we more willing to live by: those of intellectual p<strong>ro</strong>perty or<br />
of intellectual freedom?<br />
If we choose freedom, we’re going to have to build the tools<br />
to make it work, and create a culture of people who know<br />
how to use those tools.<br />
Bibliography<br />
[1] Narya Bazaar (http://bazaar.narya.net)<br />
[2] GForge (http://gforge.org/p<strong>ro</strong>jects/<br />
gforge/)<br />
[3] Narya P<strong>ro</strong>ject (http://narya.net)<br />
[4] Python (http://www.python.org)<br />
[5] Zope (http://www.zope.org)<br />
[6] Paul Harrison, The Rational Street Performer P<strong>ro</strong>tocol<br />
(http://www.logarithmic.net/pfh/rspp)<br />
[7] e-Bay (http://ebay.com)<br />
[8] ERP5 MRP (http://www.erp5.org/)<br />
[9] Robert Zubrin, The Case for Mars, 1996.<br />
[10] Mars Society ”NASA Design Reference Mission”<br />
(http://www.marssociety.org/interactive/<br />
art/nasa charts.asp)<br />
Copyright information<br />
c○ 2005 Terry Hancock<br />
This article is made available under the “Attribution-<br />
Share-alike” Creative Commons License 2.0 available<br />
f<strong>ro</strong>m http://creativecommons.org/licenses/by-sa/2.0/<br />
(http://creativecommons.org/licenses/<br />
by-sa/2.0/).<br />
About the author<br />
66 Free Software Magazine Issue 9, November/December 2005<br />
Terry Hancock is co-owner and technical officer<br />
of Anansi Spaceworks (http://www.<br />
anansispaceworks.com), dedicated to the<br />
application of free software methods to the development<br />
of space.