http://newsforge.com/newsforge/02/05/13/1857235.shtml?tid=19 by Tina Gasperson Tuesday May 14, 2002 Carnegie Mellon University is expected to formally announce its "Sustainable Computing Consortium" on May 16th. In order to make some measurable gains in software quality and security, CMU is hooking up with big players in IT and software development, and NASA, to look at new techniques for measuring sustainability. And ironically, all these different companies are going to put their heads together to brainstorm and collaborate and share ideas on some, get ready for this, good old proprietary software and intellectual property that they'll have to pay a licensing fee to use outside their own companies. Carnegie is the school that brings us CERT/CC, the reporting center for Internet security problems. So any Carnegie-created consortium dedicated to driving "order of magnitude improvements in software quality, dependability, and security" has got to be all good. And it probably is. But people who are used to developing in the open environment fostered by major universities like Carnegie, MIT, and Berkeley, cringe when they visit the front page of the SCC Web site and see a quote from Bill Gates prominently displayed there: "It's time for developers to think and act differently" along with a plug for an InformationWeek article talking about Gates' now famous, but as of yet not acted upon memo about focusing on security. And it forces the question: what is this consortium really all about? According to the group's authors, "Consortium members support the creation of standards and specifications that allow for the measurement and enhancement of software quality, dependability, and security. Sustainable software encompasses technology, measurement, policy, economic and market dimensions of software. The work of the Consortium includes technical efforts to measure and reduce software-associated risks as well as economic, legal and policy efforts to manage risk within organizations, the broader markets, and the national economy." With recent efforts like the Carrier Grade Linux Working Group having demonstrated that an Open Source project like Linux can be hardened sufficiently for mission critical use by the telecommunications industry, coupled with the overall good record for security that the operating system already enjoys, it is natural that OSS and Free Software models should be a driving force behind the Consortium. Yet, leading Open Source companies who want to get involved have discovered that the Sustainable Computing Consortium will operate in a proprietary environment. The "benefits of membership" listed by the Consortium in its FAQ lays it out: "Members are entitled to a non-exclusive, internal-use license for the intellectual property created by the SCC." So what benefit would it be for a Free Software company to get involved in an environment that prevents them from using the innovations created in that environment, since the very nature of Open Source software is that the source code must be offered to those who purchase software? And it appears that so far, only closed-source companies like Microsoft, Oracle, and others have been recruited by the SCC. NASA is a big part of the Sustainable Computing Consortium, having granted Carnegie's computing science department at least $23 million to look into the whole topic of high-dependability software, hoping to reap the benefits of the creative effort. NASA has called it a "unique opportunity to develop an empirically-based science for software dependability," and one that "could have a major impact on NASA's ability to rely on complex software for advanced mission capability." But what of projects like FlightLinux, where rocket scientist Pat Stakem is developing a special distribution of Linux just for use on spacecrafts? The FlightLinux project was originally funded through July 2002 and probably will not continue if NASA decides to focus more on closed-source models. "The licensing questions at stake for the university are, I hope, still open," says Eben Moglen, general counsel for the Free Software Foundation, "and I look forward to CMU's reconsideration of a policy that makes no sense and will render stillborn an otherwise very important and productive venture of great importance." Brad Kuhn, v.p. of the Free Software Foundation agrees. "It's a travesty to have proprietary development happening in an academic environment," since the whole point of a University is to make knowledge available. Bill Guttman, the former co-CEO of PrintCafe, is the director of the SCC. PrintCafe, successful by most measures, makes software specifically for the printing industry. Guttman grew the company to 500 employees and 4000 customers. He's also the director of Carnegie's Software Center which, among other things, focuses on identifying new software development methodologies and business models. But when he took on that role, the Pittsburgh, PA Post-Gazette labeled him a "geek by accident." Guttman has a PhD in international business, the article says, but ended up running software companies because he saw the money in it. He's typical CEO material: a visionary who is always seeking a way to do things better. And since the Software Center has been working on finding new development methodologies, it appears the Open Source/Free Software method of development didn't come in at first place in Guttman's book. If it had, he'd certainly select it as the foundation for the Sustainable Computing Consortium. In fact, a position paper entitled "High Quality and Open Source Software Practices" and written by T.J. Halloran of CMU and Bill Scherlis, who is the co-director of the SCC, expresses reservations about the suitability of the Open Source software development model in "quality-related technology." In the conclusion of the paper, they state, "...any technique or tool is not feasibly adoptable if it requires a major (client-visible) overhaul of a project web portal, collaboration tools, development tools, or source code base." Guttman has told potential Consortium members that the SCC would very much like to see the Free Software/Open Source community participate in the project, and he says the group is considering a dual-licensing strategy. Moglen sees the inclusion of Free Software as vital. "The Consortium cannot succeed without the participation of the free software community," he says, "because ours is the development model that will produce high-quality code in the twenty-first century." Moglen says that in fact, it is the closed method of software development which has contributed heavily to the "radical deterioration in average software quality over the past twenty years, causing hundreds of billions of dollars of lost time every year from work that disappears when personal computers crash, fail to exchange data successfully because of incompatible closed formats, or are disrupted by well-known unfixed security exposures." Not only that, but "to attempt construction of an infrastructure that does what we do without us, in an attempt to bolster the system of proprietary ownership of software, would be literally foolish," he says, "and I don't expect it to happen among people as smart and capable as those presently forming the Consortium." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu May 16 2002 - 03:42:06 PDT