☝ A liberating betrayal?

Having suspended disbelief for as long as I could, my ability to take Microsoft at their word over Skype was shattered today by the announcement by Digium, sponsors of the Asterisk project, that they have been told they can no longer sell their Asterisk-Skype interaction module after July 26. In one move, we have illustrated the risk of a hybrid open source model, the danger of dependency on a proprietary system, a proof that Microsoft still can’t be trusted with open source and an impetus to open source innovation.

All in one announcement.  Read all about it on ComputerWorldUK.

☞ Openish and Open

  • I’m delighted to see these plans finally formalised – they have been around ever since Sun as proposals, but the acquisition got in the way. All the same, what matters is not the rules themselves so much as whether Oracle will actually stick to them when faced with a serious competitor or disruptor using them disruptively. Apache Harmony remains the elephant in the room, dismissed as history by apparatchiks but still large as life to the rest of us.
  • Another marketplace to add to your Android phone, alongside the ones from Google and Amazon. This one only offers Free software.
  • Good to see such a diverse and experienced group of people stepping forward.

☆ GagaGate, DRM and How To Cripple The Cloud

I’ve been watching the music marketing stunt that Amazon have pulled today with some interest. The story is that Amazon US are selling the new Lady Gaga album Born This Way in digital-only form for $0.99 today only – the whole album for the price of a track (no luck in the UK where the album is £3.99). As the news has spread, it’s obviously being bought in huge quantities – it’s currently the #1 purchase – and transferred straight to Cloud Drive, Amazon’s new online music locker and player.

Except it’s not. Customers have now been reporting for several hours that it’s not showing up in their accounts – only the digital booklet and in some cases one or two tracks are showing up. Amazon admits there’s a problem – their PR folk are churning out responses (clearly cut and paste from Twitter) to press inquiries saying

We’re experiencing high volume and downloads are delayed. If customers order today, they will get the full @ladygaga album for $0.99. Thanks for your patience.

That text has also replaced the bold claims about being able to listen to the album straight away on the product page. What could possibly be going wrong? After all, it’s very straightforward to add a pointer to a shared file into a directory, and I think that’s all Cloud Drive does with purchased music (which is why storing it there is free – symbolic links are virtually free). Amazon is clearly embarrassed by it – they are busily deleting customer comments from the product if they even mention the outage, regardless of the star rating.

One clue is the product details of the album. They include the text “Record Company Required Metadata: Music file contains unique purchase identifier. Learn more.”  Follow the link and you’ll find:

Embedded in the metadata of each purchased MP3 from this record company are a random number Amazon assigns to your order, the Amazon store name, the purchase date and time, codes that identify the album and song (the UPC and ISRC), Amazon’s digital signature, and an identifier that can be used to determine whether the audio has been modified.  In addition, Amazon inserts the first part of the email address associated with your Amazon.com account

I think that’s the answer. My hunch is that the GagaGate meltdown is all the fault of DRM. Rather than just adding a pointer to a shared file to the Cloud Drive, Amazon are required by the record company to create a unique copy of the file for every customer, watermarked digitally signed to show who bought it. What’s more, the unique copy includes at least one MD5 hash that has to be computed on a per-file basis. So Amazon has both an enormous computing task and potentially an enormous storage bill (assuming it doesn’t just compute the watermark signature on the fly at download, which is possible but doesn’t help with the compute bill).

All for what? Removing the metadata is unlikely to be massively challenging (albeit illegal under the DMCA). This means the record label is crippling their retailer’s business just so it can express its mistrust and low esteem for its paying customers while doing pretty much nothing to actually protect revenues –  that it already knows will be enormous – from serious criminals. Congratulations to the label, you’ve managed to turn a great example of how to compete with “free” into a bad experience for your customers.

One more observation: The Amazon UK digital download does not mention watermarking/signing. I wonder whether it’s because the record label trusts the British, or whether it’s just not disclosed?

[Updated to reflect information I received that the file has a uniquely-computed digital signature added, rather than a watermark. Lower (still significant) compute burden but even easier to remove]

☞ History Already

  • I’d heard Miguel was looking for funding to do this so I’m not surprised, but I still offer him warm congratulations and the best of luck in his new business.
  • I don’t know whether to be excited this exists, depressed that I know so many people on the “Honor Roll” or honoured to be on the Honor Roll myself. Or all of the above.
  • Mark Reinhold, formerly Sun’s and now Oracle’s head of Java engineering, has moved to a non-Oracle-hosted blog. Good move and one to watch.
  • OSI has signed as an organisational signatory. It’s important that the G8 leaders wake up and realise that the era when the only voices they needed to heed were corporate lobbyists has come to an end.

☝ OO.o, TDF and CLAs

Yesterday I read LWN’s (paywalled but accessible from here) interview with Mark Shuttleworth, where he is quoted as saying that the formation of The Document Foundation (TDF) and its launch of LibreOffice “led Oracle to finally decide to stop OpenOffice development and lay off 100 employees.”  Mark says this in the context of his new campaign as an apologist for Contribution Licensing Agreements, about which I have written extensively.

I felt that Mark’s use of OpenOffice.org as an argument in favour of CLAs was jaw-dropping, so I wrote a response on the plane home today. You can read it now behind LWN’s paywall using my special link.

☝ Software freedom and the cloud

Cloud computing is not just disruptive to the software market; it’s also disruptive to software freedom advocacy. Software freedom has been defined as being present when any recipient of a software binary has the freedom to also use the source code for any purpose, study the source code, modify it and distribute it themselves. Cloud applications fail this test at the first hurdle, since no-one is actually receiving a software binary and thus the “four freedoms” analysis to determine the presence of software freedom is inapplicable.

Does this mean no-one should use cloud solutions? While there are some extreme voices that assert abstinence, I think that’s an untenable position. Cloud computing offers so many benefits – many resonant with what people have historically sought from software freedom – that it’s sure to be used. Listening to entrepreneurs and investors here at OSBC, there’s no doubt that the future of software has a substantial dimension in the cloud.

Read the full article over on ComputerWorldUK.

✈ Speaking at OSBC

Golden Gate In CloudIf you’re at the Open Source Business Conference, OSBC, in San Francisco today and tomorrow, you have three opportunities to hear me speak (or three sessions to scrupulously avoid, depending on your taste). They are:

  • Why You Need an Open Cloud Platform to Build a SaaS, Monday 11:40-12:30
    On this large panel, I’ll be commenting on the fact that there’s no way you can guarantee that you’ll not be locked in with a cloud solution today. Just as with other software solutions where your software freedoms are threatened, that doesn’t mean avoid them blindly, but it’s important to look for suppliers who actively protect the four freedoms in addition to promoting data freedom. This is also a context where community sentinels may be useful.
  • Harmony from Chaos: Understanding Project Harmony, Monday 14:00-14:50
    Several participants in Project Harmony will be discussing both the goals of the project (the creation of a set of “standard” contribution licensing agreements for open source projects) and the current beta-quality drafts. I’ll be expressing my doubts about the need for CLAs and encouraging the audience to consider the community impact of having them.
  • A New OSI for a New Decade: Rebooting the Open Source Initiative, Tuesday 15:00-15:50
    I’ll be leading a session, with other OSI Directors, explaining OSI’s plans for restructuring and the timescales and opportunities to get involved.

In all three cases I have a suspicion I may be an isolated voice in a conference that seems to have a lot of sessions about things like software patents, avoiding the “risks” associated with the GPL and other topics that would be amazingly controversial at FOSDEM or FISL. If you’re there, your support would be most welcome!

%d bloggers like this: