Mike Linksvayer

Autonomo.us and the Franklin Street Statement on Freedom and Network Services launched today.

I’ve written about the subject of this group and statement a number of times on this blog, starting with Constitutionally Open Services two years ago. I think that post holds up pretty well. Here were my tentative recommendations:

So what can be done to make the web application dominated future open source in spirit, for lack of a better term?

First, web applications should be super easy to manage (install, upgrade, customize, secure, backup) so that running your own is a real option. Applications like WordPress and MediaWiki have made large strides, especially in the installation department, but still require a lot of work and knowledge to run effectively.

There are some applications that centralizaton makes tractable or at least easier and better, e.g., web scale search, social aggregation — which basically come down to high bandwidth, low latency data transfer. Various P2P technologies (much to learn from, field wide open) can help somewhat, but the pull of centralization is very strong.

In cases were one accepts a centralized web application, should one demand that application be somehow constitutionally open? Some possible criteria:

• All source code for the running service should be published under an open source license and developer source control available for public viewing.
• All private data available for on-demand export in standard formats.
• All collaboratively created data available under an open license (e.g., one from Creative Commons), again in standard formats.
• In some cases, I am not sure how rare, the final mission of the organization running the service should be to provide the service rather than to make a financial profit, i.e., beholden to users and volunteers, not investors and employees. Maybe. Would I be less sanguine about the long term prospects of Wikipedia if it were for-profit? I don’t know of evidence for or against this feeling.

Consider all of this ignorant speculation. Yes, I’m just angling for more freedom lunches.

I was honored to participate in a summit called by the Free Software Foundation to discuss these issues March of this year, along with far greater thinkers and doers. Autonomo.us and the Franklin Street Statement (named for the FSF’s office address) are the result of continued work among the summit participants, not yet endorsed by the FSF (nor by any other organization). Essentially everything I conjectured above made it into the statement (not due to me, they are fairly obvious points, at least as of 2008, and others made them long before) with the exception of making deployment easier, which is mundane, and service governance issues, which the group did discuss, but inconclusively.

There’s much more to say about this, but for now (and likely for some time, at the rate I write, though this activity did directly inspire me to propose speaking at an upcoming P2P industry summit, which I will early next month–I’m also speaking tomorrow at BALUG and will mention autonomo.us briefly–see info on both engagements) I wanted to address two immediate and fairly obvious critiques.

Brian Rowe wrote:

“Where it is possible, they should use Free Software equivalents that run on their own computer.” This is near Luddite talk… It is almost always possible to use an app on your own comp, but it is so inefficient. Networked online apps are not inherently evil, should you back up your work
offline, yes. Should you have alternative options and data portability, yes. You should fight to impove them. But you should not avoid them like the plauge.

The statement doesn’t advocate avoiding network services–see “Where it is possible”, and most of the statement concerns how network services can be free. However, it is easy to read the sentence Rowe quoted and see Luddism. I hope that to some it instead serves as a challenge, for:

• Applications that run on your own computer can be networked, i.e., P2P.
• Your own computer does not only include your laptop and home server, but any hardware you control, and I think that should often include virtual hardware.

Wes Felter wrote:

I see a lot about software licensing and not much about identity and privacy. I guess when all you have is the AGPL everything looks like a licensing problem.

True enough, but lots of people are working on identity and privacy. If the FSF doesn’t work on addressing the threats to freedom as in free software posed by network services, it isn’t clear who would. And I’d suggest that any success free software has in the network services world will have beneficial effects on identity and privacy for users–unless you think these are best served by identity silos and security through obscurity.

Finally, the FSF is an explicitly ideological organization (I believe mostly for the greater good), so the statement (although not yet endorsed by the FSF, I believe all participants are probably FSF members, staff, or directors) language reflect that. However, I suspect by far the most important work to be done to maintain software freedom is technical and pragmatic, for example writing P2P applications, making sharing modified source of network applications a natural part of deployment (greatly eased by the rise of distributed version control), and convincing users and service providers that it is in their interest to expect and provide free/open network services.

I suggest going on to read Evan Prodromou (the doer above) on autonomo.us and the Franklin Street Statement and Rufus Pollock on the Open Software Service Definition, which more or less says the same thing as the FSS in the language of a definition (and using the word open), coordinated to launch at the same time.

See Evan Prodromou’s post on launching identi.ca, good background reading on open services.

I love the name of Prodromou’s company, Control Yourself. Presumably it is a reference to discussions of user autonomy as a better frame than freedom or openness … for discussions of concerns addressed by free/open source software and its ilk.

You can follow Evan’s microblogging at identi.ca/evan.

I’ve only used Twitter for an ongoing joke that probably nobody gets, but for now I’ll be trying to honestly microblog at identi.ca/mlinksva.

Doug Cutting on Cloud: commodity or proprietary?:

As we shift applications to the cloud, do we want our code to remain vendor-neutral? Or would we rather work in silos, where some folks build things to run in the Google cloud, some for the Amazon cloud, and others for the Microsoft cloud? Once an application becomes sufficiently complex, moving it from one cloud to another becomes difficult, placing folks at the mercy of their cloud provider.

I think most would prefer not to be locked-in, that cloud providers instead sold commodity services. But how can we ensure that?

If we develop standard, non-proprietary cloud APIs with open-source implementations, then cloud providers can deploy these and compete on price, availability, performance, etc., giving developers usable alternatives.

That’s exactly right. Cloud providers (selling virtualized cpu and storage) are analogous to hardware vendors. We’re in the pre-PC era, when a developer must write to a proprietary platform, and if one wants to switch vendors, one must port the application.

But such APIs won’t be developed by the cloud providers. They have every incentive to develop proprietary APIs in order to lock folks into their services. Good open-source implementations will only come about if the community makes them a priority and builds them.

I think this is a little too pessimistic. Early leaders may have plenty of incentive to create lockin, but commoditization is another viable business model, one that could even be driven by a heretofore leading proprietary vendor, e.g., the IBM PC, or Microsoft-Yahoo!

Of course the community should care and build the necessary infrastructure so that it is available to enable a potential large cloud provider to pursue the commoditization route and to provide an alternative so long as no such entity steps forward.

Cutting has been working on key parts of the necessary infrastructure; read the rest of his post for more.

I imagine thousands of bloggers have commented on gOS, a Linux distribution featuring shortcuts to Google web application on the desktop and preloaded on a PC sold (out) for $200 at Wal-Mart. Someone asked me to blog about it and I do find plenty interesting about it, so thus this post.

I started predicting that Linux would take over the desktop in 1994 and stopped predicting that a couple years later. The increasing dominance of web-based applications may have me making that prediction again in a couple more years, and gOS is a harbinger of that. Obviously web apps make users care less about what desktop operating system they’re running — the web browser is the desktop platform of interest, not the OS.

gOS also points to a new and better (safer) take on a PC industry business model — payment for placement of shortcuts to web applications on the desktop (as opposed to preloading a PC with crapware) — although as far as I know Google isn’t currently paying anything to the gOS developers or Everex, which makes the aforementioned cheap PC.

This is highly analogous to the Mozilla business model with a significant difference: distribution is controlled largely by hardware distributors, not the Mozilla/Firefox site, and one would expect end distributors to be the ones in a position to make deals with web application companies. However, this difference could become muted if lots of hardware vendors started shipping Firefox. This model will make the relationship of hardware vendors to software development, and particularly open source, very interesting over the next years.

One irony (long recognized by many) is that while web applications pose a threat to user freedoms gained through desktop free and open source software, they’ve also greatly lowered the barriers to desktop adoption.

By the way, the most interesting recent development in web application technology: Caja, or Capability Javascript.

I’ve been meaning to comment again (see constitutionally open services from last July) on free services as in free software, discussion of which has picked up noticably in the past few months (see Luis Villa’s evaluating a free/open service definition rough draft and comments on that post for one entry into that discussion).

I may get to it eventually, but a big part of my commentary would be on the pragmatic “open source” argument for open services, which I think has hardly been made in that context. Matthew Gertner makes the case in Facebook and the Case for Open Source:

From my perspective, the most interesting thing about the recent leak of Facebook source code is what a non-event it was. As such it’s one of the strongest arguments for open source that I’ve seen in a while.

Gertner goes on to explain how of the possible downsides from the leak could be seen as benefits. Of course open source isn’t magic and a source code leak isn’t going to help any more than a source code dump with no process. But for at least some sites willing to invest in that process, there is almost all upside to opening the code that runs the site.

I’ve been wanting to blog that phrase since reading the Communities as the new IPR? thread on the Free Software Business list. That thread lost coherence and died quickly but I think the most important idea is hinted at by Susan Wu:

There are two elements of discussion here - a singular community, which is a unique entity; and the community constructs (procedure, policy, infrastructure, governance), which are more readily replicated.

Not said but obvious: a singular community is not easily copied.

Now Tim Lee writes about GooTube (emphasis added):

YouTube is an innovative company that secured several millions of dollars in venture capital and used it to create a billion-dollar company in less than a year. Yet as far as I know, strong IP rights have not been an important part of YouTube’s strategy. They don’t appear to have received any patents, and their software interface has been widely copied. Indeed, Google has been in the video-download business longer than YouTube, and their engineers could easily have replicated any YouTube functionality they felt was superior to Google’s own product.
…
Like all businesses, most of the value in technology startups lies in strong relationships among people, not from technology, as such. Technological change renders new technologies obsolete very quickly. But a brilliant team of engineers, visionary management, and a loyal base of users are assets that will pay dividends for years to come. That’s why Google was willing to pay a billion bucks for YouTube.

Loyal base of users does not do justice to the YouTube community. I was not aware of YouTube’s social features nor how critical they are until I read the NYT story on electric guitar performances of Pachelbel’s Canon being posted to YouTube (I commented on the story at the Creative Commons weblog). Some of these videos have been rated by tens of thousands of users and commented on by thousands. “Video responses” are a means for YouTube users to have a conversation solely through posting videos.

Google Video could have duplicated these social features trivially. I’m surprised but not stunned that Google thinks the YouTube community is worth in excess of $1.65 billion.

On a much smaller scale the acquisition of Wikitravel and World66 earlier this year is an example of the value of hard to duplicate communities. The entire contents of these sites could be legally duplicated for commercial use, yet Internet Brands paid (unfortunately an undisclosed amount) to acquire them, presumably because copies on new sites with zero community would be worthless.

There’s lots more to say about community as a business strategy for less obvious cases than websites, but I don’t have the ability, time, and links to say it right now. The FSB thread above hints at this in the context of software development communities.

And of course community participants may want to consider what allowances they require from a community owner, e.g., open licenses, data, and formats so that at a minimum a participant can retrieve and republish elsewhere her contributions if the owner does a bad job.

In lieu of attending maybe the hottest conference ever I did a bit of wiki twiddling this weekend. I submitted a tiny patch (well that was almost two weeks ago — time flies), upgraded a private MediaWiki installation from 1.2.4 to 1.6.8 and a public installation from 1.5.6 to 1.6.8 and worked on a small private extension, adding to some documentation before running into a problem.

1.2.4->1.6.8 was tedious (basically four successive major version upgrades) but trouble-free, as that installation has almost no customization. The 1.5.6->1.6.8 upgrade, although only a single upgrade, took a little fiddling make a custom skin and permissions account for small changes in MediaWiki code (example). I’m not complaining — clean upgrades are hard and the MediaWiki developers have done a great job of making them relatively painless.

Saturday I attended part of WordCamp, a one day unconference for WordPress users. Up until the day before the tentative schedule looked pretty interesting but it seems lots of lusers signed up so the final schedule didn’t have much meat for developers. Matt Mullenweg’s “State of the Word” and Q&A hit on clean upgrade of highly customized sites from several angles. Some ideas include better and better documented plugin and skin APIs with more metadata and less coupling (e.g., widgets should help many common cases that previously required throwing junk in templates).

Beyond the purely practical, ease of customization and upgrade is important for openness.

Now listening to the Wikimania Wikipedia and the Semantic Web panel…

Tim Bray has a very nice summary of open data:

I think any online service can call itself “Open” if it makes, and lives up to, this commitment: Any data that you give us, we’ll let you take away again, without withholding anything, or encoding it in a proprietary format, or claiming any intellectual-property rights whatsoever.

…

For extra credit, a service could also say: We acknowledge your interest in any value-added information we distill from what you give us, and will share it back with you to the extent we can do so while preserving the privacy of others.

So, do we need some sort of Open Service analogue of the Open Source Definition? It couldn’t hurt.

I don’t know if this goes far enough for “open services” — certainly not far enough for the service equivalent of free software. However, it might be nice if “open” meant something substantially different than “free” or “libre” for services, c.f. open source software and free software.

Tim also says:

I suspect that if we can get the basic idea across, then we’re in old-fashioned consumer-advocacy territory; and I suspect that it will only take a small number of painful experiences for consumers to understand the issue at a pretty deep level.

I have noticed, just in the past six months I think, lots of people with no obvious predisposition (e.g., proprietary software background or just regular users) suddenly “getting” the importance of open formats. Promising and pleasantly surprising.

Luis Villa on my constitutionally open services post:

It needs a catchier name, but his thinking is dead on- we almost definitely need a server/service-oriented list of freedoms which complement and extend the traditional FSF Four Freedoms and help us think more clearly about what services are and aren’t good to use.

I wasn’t attempting to invent a name, but Villa is right about my aim — I decided to not mention the four freedoms because I felt my thinking too muddled to dignified with such a mention.

Kragen Sitaker doesn’t bother with catchy names in his just posted draft essay The equivalent of free software for online services. I highly recommend reading the entire essay, which is as incisive as it is historically informed, but I’ve pulled out the problem:

So far, all this echoes the “open standards” and “open formats” discussion from the days when we had to take proprietary software for granted. In those days, we spent enormous amounts of effort trying to make sure our software kept our data in well-documented formats that were supported by other programs, and choosing proprietary software that conformed to well-documented interfaces (POSIX, SQL, SMTP, whatever) rather than the proprietary software that worked best for our purposes.

Ultimately, it was a losing game, because of the inherent conflict of interest between software author and software user.

And the solution:

I think there is only one solution: build these services as decentralized free-software peer-to-peer applications, pieces of which run on the computers of each user. As long as there’s a single point of failure in the system somewhere outside your control, its owner is in a position to deny service to you; such systems are not trustworthy in the way that free software is.

This is what has excited about decentralized systems long before P2P filesharing.

Luis Villa also briefly mentioned P2P in relation to the services platforms of Amazon, eBay, Google, Microsoft and Yahoo!:

What is free software’s answer to that? Obviously the ’spend billions on centralized servers’ approach won’t work for us; we likely need something P2P and/or semantic-web based.

Wes Felter commented on the control of pointers to data:

I care not just about my data, but the names (URLs) by which my data is known. The only URLs that I control are those that live under a domain name that I control (for some loose value of control as defined by ICANN).

I hesitated to include this point because I hesitate to recommend that most people host services under a domain name they control. What is the half-life of http://blog.john.smith.name vs. http://johnsmith.blogspot.com or js@john.smith.name vs. johnsmith@gmail.com? Wouldn’t it suck to be John Smith if everything in his life pointed at john.smith.name and the domain was hijacked? I think Wes and I discussed exactly this outside CodeCon earlier this year. Certainly it is preferable for a service to allow hosting under one’s own domain (as Blogger and several others do), but I wish I felt a little more certain of the long-term survivability of my own [domain] names.

This post could be titled “freedom needs P2P” but for the heck of it I wanted to mirror “free culture needs free software.”

Luis Villa provokes, in a good way:

Someone who I respect a lot told me at GUADEC ‘open source is doomed’. He believed that the small-ish apps we tend to do pretty well will migrate to the web, increasing the capital costs of delivering good software and giving next-gen proprietary companies like Google even greater advantages than current-gen proprietary companies like MS.

Furthermore:

Seeing so many of us using proprietary software for some of our most treasured possessions (our pictures, in flickr) has bugged me deeply this week.

These things have long bugged me, too.

I think Villa has even understated the advantage of web applications — no mention of security — and overstated the advantage of desktop applications, which amounts to low latency, high bandwidth data transfer — let’s see, video, including video editing, is the hottest thing on the web. Low quality video, but still. The two things client applications still excel at are very high bandwidth, very low latency data input and output, such as rendering web pages as pixels. :)

There are many things that can be done to make client development and deployment easier, more secure, more web-like and client applications more collaboration-enabled. Fortunately they’ve all been tried before (e.g., Java Web Start, JXTA, XUL, others of varying relevance), so there’s much to learn from, yet the field is wide open. Somehow it seems I’d be remiss to not mention XMPP, so there it is. Web applications on the client are also a possibility, though typical web application platforms only address ease of development and not manageability at all.

The ascendancy of web applications does not make the desktop unimportant any more than GUIs made filesystems unimportant. Another layer has been added to the stack, but I am still very happy to see any move of lower layers in the direction of freedom.

My ideal application would be available locally and over the network (usually that means on the web), but I’ll prefer the latter if I have to choose, and I can’t think of many applications that don’t require this choice (fortunately email is one of them, or close enough).

So what can be done to make the web application dominated future open source in spirit, for lack of a better term?

First, web applications should be super easy to manage (install, upgrade, customize, secure, backup) so that running your own is a real option. Applications like WordPress and MediaWiki have made large strides, especially in the installation department, but still require a lot of work and knowledge to run effectively.

There are some applications that centralizaton makes tractable or at least easier and better, e.g., web scale search, social aggregation — which basically come down to high bandwidth, low latency data transfer. Various P2P technologies (much to learn from, field wide open) can help somewhat, but the pull of centralization is very strong.

In cases were one accepts a centralized web application, should one demand that application be somehow constitutionally open? Some possible criteria:

• All source code for the running service should be published under an open source license and developer source control available for public viewing.
• All private data available for on-demand export in standard formats.
• All collaboratively created data available under an open license (e.g., one from Creative Commons), again in standard formats.
• In some cases, I am not sure how rare, the final mission of the organization running the service should be to provide the service rather than to make a financial profit, i.e., beholden to users and volunteers, not investors and employees. Maybe. Would I be less sanguine about the long term prospects of Wikipedia if it were for-profit? I don’t know of evidence for or against this feeling.

Consider all of this ignorant speculation. Yes, I’m just angling for more freedom lunches.