Friday, January 27, 2006

No GPL3 Here

On January 19th, 2006, the FSF released a first draft of the GPL, version 3. By now everyone's had a chance to look at it, including a slew of lawyers.

My concern is about the DRM provisions in the license. According to the GPL, (Section 3):
As a free software license, this License intrinsically disfavors technical attempts to restrict users' freedom to copy, modify, and share copyrighted works.
The problem I have with this is that the license attempts to go beyond what you can do with this copyrighted work (i.e., the Program) and other copyrighted works (i.e. content manipulated or processed by the Program). Frankly, it's none of my business what you do with content... the content isn't mine to control. If you want to restrict access to it, more power to you, just so long as you don't violate the freedoms associated with the Program itself. I see Section 3 as being similar to a shovel-maker telling you where, when, and whether you can dig a hole. It's silly and inappropriate.

The second bone of contention is this excerpt from Section 1:
Complete Corresponding Source Code also includes any encryption or authorization codes necessary to install and/or execute the source code of the work, perhaps modified by you, in the recommended or principal context of use, such that its functioning in all circumstances is identical to that of the work, except as altered by your modifications. It also includes any decryption codes necessary to access or unseal the work's output [my italics -- Dave]. Notwithstanding this, a code need not be included in cases where use of the work normally implies the user already has it.
In order to comply with this clause (functioning is identical to that of the work), it may be necessary to include digital signing keys that are used to authenticate the compiled source code. Also note the phrase I italicized... this poorly-considered phrase could be interpreted to mean that users who redistribute encryption software like GNU Privacy Guard would have to provide their private keys to "unseal the work's output", effectively rendering all encryption useless, even if encryption's the primary purpose of the program! It's simply a stupid provision, and no competent lawyer would let it stand.

Wednesday, Linus Torvalds weighed in, saying the GPL3 would not be applied to the Linux kernel:
I think it's insane to require people to make their private signing keys available, for example. I wouldn't do it. So I don't think the GPL v3 conversion is going to happen for the kernel, since I personally don't want to convert any of my code.
-- LKML: Linus Torvalds: Re: GPL V3 and Linux - Dead Copyright Holders
I couldn't agree more. Stallman either has no concept of how private keys are supposed to be handled (unlikely) or he's really "jumped the shark" here.

I have no intention of using the GPL3 with these provisions. As Cratchit.org TimeTool and any other GPL'ed code I've created does not include the optional "any later version" clause, they will remain under the GPL, version 2.

Tuesday, January 17, 2006

Microsoft Pushes Domino

CNet reports this morning that Microsoft aims to topple Lotus Domino. It's an interesting thought, but I'm not at all sure that Microsoft has thought this through.

I'd like to look at a few items in the story and comment.
"The only mystery here is what took them so long," Gartner analyst Matt Cain said. "They've had a bunch of migration tools out there for a long time and they haven't been revised in ages."
I couldn't agree more. As I see it, the reason for Microsoft's tardiness in this regard is that they really and truly don't "get" collaboration. They think they do. They have tools that they believe are collaborative, and they certainly think they make it easy to create workflow enabled applications. But it's all Martian cake. As of today there's still nothing on the market that touches Lotus Notes for sheer flexibility and ease of development of collaborative applications.

This next exerpt illustrates nicely how Redmond misses the point:
An application analyzer, due out later this quarter, will let companies see which of their programs are actually being used, Microsoft said. A data migration tool, expected next quarter, promises to transfer data from applications that use the popular templates that ship with Lotus Notes.
The application analyzer is a good idea, really. Companies should use them, and it's not a big deal at all to slap one together in Notes. All you have to do is examine the server logs. You just need to be careful with your analysis. Criticality and its frequency aren't a 1-to-1 correlation. (Just think of the tasks you perform. Filing taxes is a critical business task, but it happens infrequently.)

It's the migration tool that raised my eyebrows... it's one of those things that sounds really nice on the face of it, but doesn't matter at all. The "popular templates that ship with Lotus Notes" are the tip of the iceberg. In my experience, more often than not these templates are just convenient starting points for custom applications. Microsoft may offer a migration tool for the templates that ship, but this says absolutely nothing about the difficulty of migrating the data that actually exists in your datacenter. And what of migrating commercial apps that use Domino as a platform? I tend to think that the true "migration tool" here is the propaganda value of such a statement when presented to prospective converts. Those who think it through will quite likely see it for what it is.
On the e-mail side, Cain noted that most businesses already have e-mail server software, meaning that IBM and Microsoft are of necessity battling to swipe one another's customers.
E-mail is a fraction of what Domino is all about. In fact, if e-mail is all you're using Domino for, you aren't getting full value from it. It's a bit like buying a four-wheel-drive pickup truck just to get back and forth to church. The Notes/Domino combination allows truly seamless collaboration. Microsoft has no comparable product.

But Domino is also a web-development platform, so its value isn't greatly diminished even if you use it in an otherwise Microsoft-oriented shop. For rapid development of web apps it simply can't be beat, and I say that even comparing it to all of the nifty scripting languages that get all the good press, like PHP. You can deliver JavaScript and Java code to browsers, or use Java or LotusScript on the back end, UI-wise, by default, the Domino pages you create can be delivered to a web browser as well as to a full-featured Notes client.

Relatively recently, Microsoft hired on Ray Ozzie, the fellow responsible for Lotus Notes, and more recently responsible for Groove (also acquired by Microsoft, though tellingly you won't find mention of it on Groove's home page). Ozzie and Groove are setting the new direction for Microsoft's collaboration products. I tried Groove, and with all due respect to Ozzie, it misses the point, too. Where Domino is about "document management", Groove is about "file sharing", and this should tell you a lot about the two approaches.

Domino/Notes allows your choice of fat-client/client-server/thin-client architectures (and even allows you to switch between them or use more than one simultaneously at need!); at the same time, replication to the Domino server ensures that data is centrally accessible and (importantly!) backed up. Furthermore, the documents are stored in a database that makes it easy to track changes and ownership, and it's easy to maintain metadata about the files that are not stored in the files themselves. While the data you need can be replicated locally, allowing you to work off-line, server-side storage .

Groove opts for a loose peer-to-peer "virtual office" in which the files are stored in their native formats. Groove takes the server out of the equation. Files are shared or "synchronized" at need, and to my mind this makes your company easy prey to the "Mack truck scenario." Not to mention the fact that I'm not really thrilled about the "reach into my PC and grab what you want" peer-to-peer model, even when permissions are taken into account. For security purposes, especially when working remotely, all traffic out of your PC should be at your personal direction. I'm careful about setting permissions, but that doesn't mean everyone is, and your security model should protect against the weakest link. All of the other features presented by Groove... synchronization, presence awareness, project management... are long-standing features of Notes/Domino and provide no compelling reason to migrate.

Another example is in the way that Notes/Domino compares to Outlook/Exchange in archiving messages. In working in an all Microsoft shop the answer to archiving messages was, "Oh, that's easy! just drag them into a folder on your desktop!" Except that this loses the relationships between these messages; the ability to thread your messages; important metadata. In Notes/Domino the solution is an archive database, which preserves the messages exactly as you got them, effortlessly. You don't even have to drag. In my own VIC CRM, written for Notes, incoming messages are tagged with metadata fields that let you add commentary... commentary that is not included with the message should you choose to forward the message afterward, but which is maintained within the archive to prevent possibly embarrassing information leaks.

Interestingly, even Microsoft seems to know that their migration strategy is inadequate:
   "What's still missing is a tool or service that can migrate the Domino application logic," Cain said. "Domino still is an awesome rapid application development tool. There frankly is nothing (like it) on the market."
   Graceffo acknowledged that the data migration tool does not address the full range of applications that Domino users have created. She pitched it as an opportunity for Lotus customers to rethink the business processes that they have built around these custom programs.
   Cain suggested Microsoft might come out with some sort of development tool built on Windows Sharepoint Services that would help in migrating those Lotus-based applications.
The question here is why should you do that? Just to say you migrated? Gimme a break... if it ain't broke, don't fix it.