A Kinder, Gentler IBM – At Least It Sounds Good

Two weeks ago I had the pleasure of meeting Bob Sutor of IBM and sitting on a panel with him at the Open Source Business Conference. Bob strikes me as a very intelligent man, and given the constant level of quality in his blog postings, he is someone who spends time thinking about the industry in which he works rather than just speaking for the sake of it.

Yet, I fear that Bob and I may take opposing views of the same situation at times. Bob's latest posting on "transparency, community, and certainty" is a good example of this. This posting is a good representation of the IBM stump speech and it is highly polished, yet flawed in many ways.

In order to get ahead of many of the comments that will certainly come from this posting - Microsoft is not the "right" and IBM the "wrong." We have our faults and our business model results in realities that may be difficult for some customers. No white hats on either side of this discussion. The real discussion is not about the high ideals of openness, transparency, freedom from evil vendors. The real discussion is one of vendor business models and how any organization will choose to work with vendors to address their computing needs. For now, let's assume that Microsoft represents that archetype of the software business model and IBM the archetype of the consulting business model. [Both companies provide a range of offerings and generate streams of revenue from hardware, software, and services.]

All of the inset quotes below are from Bob's blog entry.

"People are sick of not knowing. Not knowing if code contains security problems because they can’t see it."

There are two assertions here. The first is that transparency of source code increases trust. I completely agree with that and that is why >13,000 organizations in >60 countries are eligible to look at Windows source code. Unfortunately, very few organizations care about source, nor have the expertise to understand what they are looking at even if they care to look. The second assertion is that source code licensed under an OSS license is more secure because of the openness. That has proven to be completely untrue and is damaging to all OSS-based businesses to continue to make. If there was ever an issue where the entire industry should get together and sing kumbayah together, it is security.

1) Source code availability has been shown in both academic studies and in practical issue tracking to have no impact on the rate of generation for new issues nor the identification of vulnerabilities. The quality of the engineering team (people) doing the work, the tools applied, testing rigor, training of the testers, threat models, etc. etc. make all of the difference. Never mind the realities of vendor response rates, tested solutions, automated patch/update systems, or other post-ship concerns. And no amount of source availability matters a bit when it comes to binary implementation, solution integration, process, people training, audit etc.

2) Security also boils down to an issue of confidence in computing. This affects everyone. Every time there is any high-profile vulnerability (I can find headlines about Microsoft, SUN, IBM, Apple...) it erodes confidence. Cracking is all about the quality of the target - not about the technology, and about proving that "I'm smarter than you." The more mission-critical data put on LAMP stack solutions, the more damage someone can do by going after those platforms, the more attractive the hit becomes. Cracking is vandalism or worse - it affects all of us and I have never liked the idea of using it as a marketing measuring stick. Microsoft has improved dramatically over the past 5 years and it is still not enough - the moment we think we have "made it" on security, that means we are no longer doing our job of thinking about what is best for our customers.

"Not knowing what goes on behind the closed doors of certain standards organizations."

Standards bodies are built upon the ideal of consensus-based interaction in order to achieve a result that may be used by anyone under non-discriminatory terms. What most people don't understand is that there is an entire class of "standards" known as Special Interest Groups that are not as "open" because they are essentially made up of a limited (meaning exclusive) group of companies seeking to achieve a particular business goal. They are not obligated to share their toys with anyone they do not wish. This is in start contrast with the more highly formalized industry consortia or even more rigorous national and international standards bodies. Essentially all of them have explicit rules to make sure that access is granted on a uniform and reasonable basis. The fact that a significant minority of the software industry, never mind the cumulative community of those that consume standardized technologies, participate or even read the publicly posted minutes and documents, does not make the standards bodies closed.

"Not knowing if vendors are trying to use trade secrets instead of openness to achieve software interoperability."

I am not sure I understand the assertions made in this quote. I welcome some clarification. The reality of software is that until 1992 there was no such thing as a software patent. Thus, any sort of direct means of protecting your intellectual property was limited to copyright and trade secret. What is odd about the quote above is the idea of using trade secrets to achieve interop. Publishing APIs, supplying other developers with SDKs and DDKs, documenting your product, designing your product to be easily extended or added on to... these are all ways to enable interop (at a technical level) without sharing source code. In fact, the most commonly noted concern about OSS technology is the lack of all of these higher-level functions to enable rapid application development above and beyond the base level functions. So whether or not source code (read "openness") is available, has little to do with achieving interop with other developers. 

"Not knowing why governments would possibly decide to use proprietary or vendor-dictated specifications when they are clearly against the long-term best interests of the citizens, especially those who are now young and will have to deal with decisions made now once they reach adulthood."

I hope the irony of this statement coming from IBM is not lost on my readers. This one is all about the ODF / Open XML File Format debate but before I comment on that specific issue I think there is a higher-level concern. Governments should be evaluating all solutions (in-house, commercial-off-the-shelf, freeware, shareware, open source, public domain) based on the technical merits and value-for-money they receive from the solution. I wonder if IBM would suggest that governments should no longer consider purchasing proprietary IBM software (approx. $15B revenue stream resulting in more than 30% of IBMs profits) because it may be built upon vendor-dictated specifications and may result in their taxation data, military secrets, etc. be "locked-in" to DB2/Websphere/Notes solutions?

The place where this debate is raging them most is around document formats. There have been numerous standardized formats as well as proprietary formats. Governments have had the ability to save their documents as ANSI (American National Standards Institute) standard text, or even W3C specified HTML in any one of the many Word process products available such from Microsoft, Corel, Adobe, IBM and others. Yet, the overwhelming majority of documents were saved in the proprietary formats because they offered the most compelling feature sets (value). Due to market pressures (customer needs), Office suites offer backwards compatibility, "save as" functionality, and various types of format converters.

Now, it takes little for anyone to see from the PDF, ODF, and Open XML File Format discussions that the market is demanding an even greater commitment to standardization of file formats. Thus, vendors are reacting. Yet, it is a mistake to assume that standardization will be the end-all of interoperability. It is a good starting point, but customers will continue to value the capability of the software that produces the formats. Witness the differences between OpenOffice and IBM's Workplace. Look at the request of OpenOffice users for significant improvements in spreadsheet functionality. Look at the constant improvements in the MS Office products that reach well beyond a format. Also, vendors will need to work with each other outside of the standards fora. Microsoft and Adobe have worked out the details due to customer concerns enabling PDF to be included in O12. There is more on this, but this blog entry is too long already.

I hope this blog entry is the start of a good conversation. IBM is basing their business strategy on the need to grow their consulting business. It represents >50% of their revenue stream and their CEO has spoken at length as to its importance. If your business is consulting, you need to have problems to solve. You need long-term engagements and to make sure that an ever-increasing amount of your customers' knowledge of their business is transferred to you in order to make you more valuable to them and to all other businesses in the same vertical industry. You structure your consulting contracts to retain as much (if not all) of the IP generated in the consulting engagement so that you can turn it over on the next customer for a higher margin. This is not nefarious behavior nor is it immoral. It is simply a business model and one that IBM is the absolute best at.

Microsoft's business strategy is also about earning revenue on its core business. Our model is one of selling software that represents high R&D expense up front that is monetized through the licensing of that software's use over time. Our model depends on a constant cycle of improvement of the software to justify the value of upgrading and remaining with our solution set. The biggest advantage I see in our model is the value proposed to the customer. Well made software should reduce your dependence on expensive consulting engagements by transferring more of the business processes to the shoulders of the technology rather than of the more expensive people resources. Your consulting expenses should be able to be redirected to higher-level value-add solutions rather than core infrastructure work. Again, nothing nefarious in the intent of this model, and many would argue that Microsoft has been pretty good at it.

So, this comes down to a discussion of models. I welcome all feedback and you can be sure I'll continue to blog on the themes touched on above.

Comments (21)

  1. DeepICE2 says:

    Oh – does this mean they are open sourcing WebSphere?

  2. …does it make a sound? That’s the question I’m pondering right now, in light of Jason’s once-a-year posting to his blog. We miss you, Jason. Don’t forget to write! This time, perhaps to make up for the years of silence,…

  3. Nat from O’Reilly has an interesting piece on the difficulty of attracting community to open source projects. As Jason Matusow points out here and various other places, open code doesn’t matter to most people. But open process – and, as…

  4. wnstb says:

    BTW.. IBM has open sourced a light version of websphere… called bobcat.. or Community Edition


  5. WSD says:

      Mr. Matusow, have the guts to adhere to internationally agreed standards (i.e. without MS-proprietary "extensions") and to use open, publicly available data formats. You daren’t? Of course not! Your masters at Redmond would never got for it, because they (and you) know that that would be the end of MS.

  6. Damjan says:

    "The first is that transparency of source code increases trust. I completely agree with that … Unfortunately, very few organizations care about source, nor have the expertise to understand what they are looking at even if they care to look."

    A lot of people don’t care about science either, or are even against science, and a lot of people can’t understand a lot of science. But still all of them (all of us!) benefit from the open scientific methods.

  7. Dave Lane says:

    Hi Jason,

    You assert above that the "Shared Source" initiative allows transparent access to Microsoft’s source code.  This is quite misleading.  Perhaps you could outline a) the eligibility requirements for being able to see the code – I believe I would have to work for one of Microsoft’s "preferred" customers to even be eligible, and b) what personal sacrifices would I have to make to see the code – I believe I’d have to sign a non-disclosure agreement at least (thereby making me unemployable as a developer from that point onward by anyone but Microsoft for fear that my future code would be tainted by Microsoft IP and, therefore, lawsuits), and c) what incentive would I have, were I eligible, to "see" any of Microsoft’s source code.  It is my understanding that I could not alter any of it, nor could I build components of it with suitable hooks to allow me to test the code rigorously.  Nor could anyone but Microsoft benefit from those improvements I might make, were I allowed to make them.  Wow, where do I sign up?!  

    Simply put, I would assert that Microsoft’s Shared Source program is one of the most disingenuous offerings from a company who is one of the world’s biggest innovators in the field of disingenuity.  It’s only purpose is to stem the ineffable tide of defection to the more desirable world of open source, which, in my considered opinion, has vastly more appeal.  Luckily for Microsoft, most of your biggest customers are not guided by their hackers but rather by their golf-playing chardonnay swilling account manager influenced execs who can barely turn their computers on, much less figure out why anyone in their right mind might want to look at some of that mysterious "source code".

    You make another comment with which I take issue:

    "Microsoft has improved dramatically over the past 5 years and it is still not enough – the moment we think we have "made it" on security, that means we are no longer doing our job of thinking about what is best for our customers."

    My first question is: when did Microsoft *ever* deliberately do what was best for its customers?  I mean, where is its incentive to do so?  

    To shed some light on this, I bring in some basic economics.   Microsoft is a public company, whose first priority must be to maximise its returns to its shareholders.  Microsoft is also a (criminal) monopoly.  Therefore, its customers are also its biggest competitors for ongoing business.  By that I mean that for Microsoft to continue to grow, it either has to find a significant new market (which it hasn’t done) OR it has to convince its customers that its new product is demonstrably better than its previous ones.  That means that Microsoft either has to admit that its older products are rubbish, or they have to convince the market that they’re innovators.  

    It must be hard to do that when you only release a major update to your monopoly software products every 5 years or so.  And when you do, they tout all sorts of "new" features that your "fringe" and "grassroots" "communist" competitors (Mac OS X and Linux) have had for years.  

    No, the way that Microsoft succeeds in maximising shareholder value is by using not-very subtle underhanded business practices and marketing spin to draw attention away from its anti-competitive and generally illegal practices to put its existing customers at a disadvantage.  Microsoft routinely uses tactics like strategic non-compliance with open industry standards (without technical merit justification), lock-in with proprietary formats, annoying incompatibilities between older and newer software versions of your own software in conjunction with the forceful withdrawl of older versions of Microsoft software from the marketplace.  All this leaves poor hapless customers with no alternative but to upgrade.  They only upgrade because they think they have no other choice.  

    Your employer is very clever.  It is, however, also entirely unworthy of trust.  To many professionals in the business of software development, such as myself, as well as many of your more intelligent customers it is worthy only of utter disdain.  

    Microsoft is an unethical company.  They have been found guilty of legal breaches in almost every jurisdiction in which they do business – need I enumerate the anti-competition and IP/Patent cases you’ve rightly lost this past year despite having what is probably the biggest, best paid fleet of lawyers in the world?  Microsoft is obviously happy to break the law if doing so yields a suitably rewarding return on investment (relative to the potential cost of fines and the marketing spin required to brush up its oft tarnished image).

    It’s quite clear to me that Microsoft has shown the market that it cares for no one but Microsoft – its profound arrogance and it’s almost complete lack of good will in the marketplace will ultimately spell its demise.

    Sadly, the collapse of Microsoft, which I personally believe is already well advanced (the accelerating sequence of bungles and mis-steps over the past few years have been a pleasure to watch), will not be visible to the mainstream for quite some time, thanks in part to Microsoft’s substantial marketing budget, market inertia, and the general lack of sophistication of the computer using public.  But, Jason, the truth always gets out eventually.  My advice to you is to cash in those stock options asap.  

  8. jasonmatusow says:

    Wow Mr. Lane – I am sorry that I managed to put such a kink in your day. I do thank you though for the feedback as it is always instructive.

    You should go take a look at http://www.microsoft.com/sharedsource to understand the breadth of offering there around source code. We have everything from open source projects (meaning under an OSI-approved license on SourceForge), to collabdev (BSD-like licensed and reciprocal-licensed MS-based projects posted on a variety of different sites, all the way though to the more restrictive offerings on our core products.

    There is a reason we use the term "Shared Source." You seem to be very hot on the idea of our being unethical and/or purposely misleading. Yet, of all of the major software companies with source releases, and OSS projects, we are the only one not marketing ourselves as "open source" because it seemed disingenuous. Do you hold IBM in the same regard as us because they choose to keep their core software assets private yet market themselves as a leader in OSS? Does SUN marketing "give it all away" yet holding back Java core IP bother you? Or how about Red Hat with a services contract that says you can’t modify the source code for a GPL-based product?

    I personally have no problems with how they choose to represent themselves – I will call them on it to bring clarity to the larger picture but I certainly don’t think those individuals are in some way immoral.

    To address your question about Windows source code more directly. Customers, partners, competitors, and governments worldwide are eligible for Windows source access, yet they may not modify the code. (I’m not going to get into it in this comment, check out earlier blog entries), but this is no different then the reasons for Red Hat, IBM, Novell, HP et al for restricting the ability to mod source on supported products. (Think through why SpikeSource is so important for ISVs – that may help clarify this a bit.)

    I’m sorry that your impression of Microsoft is so negative. I’ve been with the company for >10 years and find the people I work with to be highly moral people who thrive on competition and spend an innordinate amount of time listening to customers and partners.  

    Thanks again for the comment.


  9. Martin Paulo says:

    Under the "Shared Source" program am I able to compile and distribute Windows myself? If not, how do you guarantee that the code I have examined is actually used to create the binary that is distributed?  

  10. jasonmatusow says:

    This is Jason – I am inserting a comment from Dave Lane due to technical problem. I think his comments may have been too long, so I wm going to cut it into parts. Here is PART 1:

    Thank you, Jason, for posting (and taking the time to reply to) my vitriolic comment.  Your level and reasoned response is a tribute to your employer – I must say, I’m honoured and impressed.

    To respond to your points:

    1.  Regarding the "Shared Source" site – I cannot make any sense of the vapid, insipid market-speak.  I was hoping that you as an eloquent proponent of that system and also familiar with open source, could present the relevant high-points in context.  I would assert that, in fact, that with it’s "shared source" program, Microsoft does not in fact "share" anything.  It might "show" something, but that’s not the same thing as sharing it.  Is "look but don’t touch" the same as sharing?  I’d say it’s not.  Again, an example of disingenuity from Microsoft.  Is "shared source" an attempt to appear just as good as open source?  Trying to jump on the band wagon with a cut rate version of the real thing, in the hopes that the market doesn’t look at it too carefully?  Similar to Microsoft’s "<a href="http://www.microsoft.com/licensing/programs/open/default.mspx">Open License Program</a>"… could it be that Microsoft was trying to muddy the waters on the meaning of the world "Open"?  Pretty slick.  But not admirable.

    2.  Regarding Microsoft’s participation in open source with its "poster children" efforts on Source Forge – these are, no doubt, designed to demonstrate Microsoft’s reform after those embarrassing and politically costly remarks from Mr. Ballmer ("<a href="http://www.theregister.co.uk/2001/06/02/ballmer_linux_is_a_cancer/">Linux is a cancer</a>") and Mr. Gate’s likening of open source advocates to "<a href="http://news.com.com/Gates+taking+a+seat+in+your+den/2008-1041_3-5514121-4.html?tag=st.num">communists</a>&quot;.  Would you disagree?  (Bill’s assertion, in addition to harkening back to McCarthyism, demonstrates one of two things: that he understands neither communism or capitalism, or that he’s willing to make misleading, groundless, and emotive statements to protect his interests.  Impressive.)  Is it possible that Microsoft has a few token open source projects in hopes that some of the good will and innovative spirit associated with the open source community will some how rub off onto Microsoft (who currently are pretty close to the bottom of the "hip technology" scale in my neck of the woods), helping to counteract its public perception as a callous bully?

    END PART 1

  11. jasonmatusow says:

    This is Jason again, more from Dave Lane, here is PART 2 of his comments:

    3.  Regarding the behaviour of IBM, Sun and Red Hat – frankly, I expected more from you.  First, I think you misunderstand my motives in the first post – I wasn’t playing the part of "open source zealot".  I have no problem with businesses maintaining closed source.  That’s their decision, albeit in many cases not a good one.  I don’t hold it against Microsoft that they distribute proprietary software.  What I DO hold against Microsoft is that they abuse their monopoly, sabotage their competitors unfairly (remember the UK <a href="http://www.csamuel.org/index.php?p=73">advertising campaign</a> that got pulled by their commerce commission?? It’s just one of many) and actively disadvantage their customers.  They do this by the calculated breakage of open standards, refusing to allow application interoperability by releasing file formats, getting hardware suppliers to enter into confidential exclusivity contracts to gain discount pricing, and by attempting to get legislation passed in countries to disadvantage its competitors and open source software (surely you’re aware of the Massachussets ODF situation).  This just demonstrates a company that’s scared to compete on a level playing field.  What offends me is the fact that Microsoft actively uses its current market position (which I also think is undeserved, but that’s another discussion) to ensure that the field is decidedly tipped in its favour so that it doesn’t need to compete on its merits.

    As for your assertion that Red Hat and the rest aren’t any better – I don’t work for any of them, but I can say this: a lot of other people watch their every move like hawks.  One thing they have ALL done is to a) contribute real, valuable code to open source projects (and not just BSD or MIT licensed ones they can later usurp) and b) recognise the value of developing real relationships with the open source community.  For instance – I don’t remember Microsoft publically stating that it will guarantee free use of many of its patents <a href="http://www.internetnews.com/dev-news/article.php/3458551">like IBM has</a>, or open sourcing its main operating system <a href="http://www.sun.com/software/solaris/freeware/">like Sun has</a>, or provide excellent support and contributions to a community version of its product (<a href="http://fedora.redhat.com/">Fedora</a&gt;) while simultaneously adhering to the requirements of the GPL for its enterprise product like Red Hat.

    If anything, I’d say that Microsoft trumpeting its "open source" contributions is the height of disingenuity…  This is especially the case given the company’s significant efforts to ban Linux and open source software (remember "<a href="http://en.wikipedia.org/wiki/Palladium_operating_system">Palladium</a>&quot;?), by helping to develop and promote (I wouldn’t accuse Microsoft of lining politicians "war chests" directly – they’re not that dumb) legislation like <a href="http://en.wikipedia.org/wiki/Digital_rights_management#DRM_advocates">DRM</a&gt; and <a href="http://www.gseis.ucla.edu/iclp/dmca1.htm">DMCA</a&gt; to mention a few.

    END PART 2

  12. jasonmatusow says:

    Jason again…more from Mr. Lane.   PART 3:

    5.  Regarding your experiences at Microsoft from > 10 years:  I lived in Seattle for about 5 years, was close to a number of Microserfs, and believe I know a fair amount about how Microsoft works (I won’t even go into the "contractor" arrangement).  I developed my deep distrust and dislike of the company based on 12 years of daily observation of its practices through the media and from people working there, all the while using open source software.  For the last 7 years I’ve been running a business supporting open source systems in a Microsoft contorted marketplace.  I appreciate your view of your company and admire your loyalty.  I also, however, believe it’s very easy to believe your own hype.  As an expat American, I know what the US looks like from outside the US, and I can tell you it’s a very different picture from what most Americans have – and not a pretty one.  That doesn’t mean I dislike my fellow Americans by any means, but I do believe many are sorely mistaken about what they represent to the rest of the world.  I don’t doubt for a second that a great many good, intelligent, talented, nice people work at Microsoft (by the way, if you know my friends there, Jonathan Garrigues and John Neuharth, say g’day from me), but that doesn’t make it an admirable company.  I have little doubt that there were some very friendly, ethical, hard-working individuals in the Nazi army, yet few people would praise the Third Reich for its contributions to the historical record…  You get my point.  I’m not faulting you, but I am suggesting that you might be a bit close to the situation to have a balanced view of your employer.

    Now, to get back to the program, Jason, perhaps to test your support of your company you’d be willing consider the following questions related to the above and my previous posting:

    1.  How is open source software in any more communist than Microsoft software as Bill Gates has implied?

    2.  How can Microsoft claim to be innovators and yet release a brand spankin’ new browser, IE7, that <a href="http://blogs.msdn.com/ie/archive/2005/07/29/445242.aspx">won‘t support</a> widely accepted <a href="http://w3c.org">W3C open web standards</a> which are well supported by browsers developed by tiny developer teams (many of them volunteers) like these: Mozilla <a href="">Seahorse</a> and Firefox (based on Gecko – open source), Safari and Konqueror (based on KHTML – open source), and Opera (proprietary)?   As a result, Microsoft will continue its record of being a poor Internet citizen and continue to cost web developers (and their customers!) untold hours of needless frustration.  Is it because Microsoft developers aren’t good enough?  Or is <a href="http://dean.edwards.name/weblog/2005/03/the-reason/">this guy</a> on the money?  If there’s another reason, maybe you can explain it.  Why don’t Microsoft put their money where their mouth is (regarding open source support) and simply replace IE7’s Trident engine with one of the superior open source rendering engines: Gecko or KHTML?  

    3.  Why did Microsoft try to hire the core developers of the Samba development team (most based at ANU in Australia)?  Isn’t it true that they developed a better implementation of Microsoft’s own SMB than Microsoft developers (reverse engineering the proprietary protocol with a packet sniffer)?  I seem to recall that all the Samba developers refused – on principle – to work for Microsoft…  ouch.

    4.  How does Microsoft justify selling its monopoly products, Microsoft Windows and Office, with a 95% profit margin (while, coincidently, making signficant losses in nearly all its other product lines)?  Given that the only other time in history that the world has seen similar sustained profit margins was during the period when colonial powers were actively pillaging other civilisations, doesn’t it seem hard to justify those returns, while also asserting that Microsoft is competing on anything other than an extremely skewed playing field?

    END PART 3

  13. jasonmatusow says:

    Jason again with more from Mr. Lane. I’d like to say, this is exactly why I like blogging so much. I don’t think Dave and I share many opinions, but the freedom to say this stuff and getting it out in the open makes me want to get up every day and keep working in this industry.  So, for the final part: PART 5

    5.  How do you, as a Microsoft employee, feel about the fact that most of Microsoft’s "charity" activity (normally referred to in Microsoft press releases by a dollar value) doesn’t actually involve donations of currency, but is in the form of proprietary Microsoft software for which Microsoft (apparently for tax purposes) claims the full retail value?

    So, where to from here?  I think you’ll agree that those who can harness the best brains will prevail. Seems to me that unless Microsoft can somehow hire more than half of the good hackers in the world, it’s not going to be Microsoft.  Heck, Google’s already eaten your lunch in the search arena… and guess what – they use almost exclusively open source software in accordance with the licenses.  The way I figure it, if even 10% of those working on Source Forge projects (about 14,000 developers) are actively collaborating on open source projects that largely work together thanks to standards compliance.  I think it’s clear that there are quite a few more open source developers than Microsofties (what percentage of MS employees actually cut code?  10%?).  Microsoft has always had the reputation of taking nourishment from other sources until it finds a way to either trample them, consume them, or wring them dry.  Looks like Microsoft’s going to need friends, and that’s not the way to make them.

    By the way, you might wonder why I’ve chosen to write this missive for you.  It’s not because I have lots of free time (trust me – or check my website), but because I’m passionate about developing my arguments, looking for people to poke (legitimate) holes in them, and interested (as an Aikido sensei once said) in "helping agressors overcome their agression" by appealing to reason.  

    Kind regards,


  14. Martin Paulo says:

    Missed in the passion of developing arguments would seem to be an answer to my question, so I am going to ask it again:

    Under the "Shared Source" program am I able to compile and distribute Windows myself? If not, how do you guarantee that the code I have examined is actually used to create the binary that is distributed?



  15. Nektar says:

    I strongly believe that Microsoft could certainly place more software under an open source license without harming its intellectual property in any way. Certainly many more programs than the Windows Installer XML package and WTL and Wiki software. For example, are the command-line tools so important in their ip? You could certainly benefit the open source community by placing code under an open source community even though you will not benefit directly but you will not lose either. Why isn’t .NET standardization continuing? Why isn’t XAML standardised? Why isn’t Microsoft working toward a better web interface and more standards in this field? Why haven’t you worked together with ODF instead of competing with it after the fact (after it was standardized)?

    Windows Forms for example which are a rupper around GDI, etc. I think you should start thinking about building more communities around more open source products from Microsoft. And you should do that sooner rather than later.

    Secondly, open source creates trust not only because of code availability but most importantly because of transparency both in the implementation but also in the development process itself. We are still waiting for a bug tracking system of all Microsoft products, a better way to interact with product group instead of the occassional blogs and a better way of getting technical support. Open source projects are mostly better in at least the first two of the above 3 points.

    What do we have: No bug tracking system except Ladybug, no way to submit feedback on MS products and talk to the developers (offer suggestions), except blogs that are not easy to find and we have no way to get proper technical support except through the newsgroups that not many people know how to use and in which not many MS employees participate. The same problems and even worse blague Channel9 where MS employees do not take part in the discussions and we cannot ask direct question to them. What about Gotdotnet and its promise? Why isn’t it thriving as an open source community?

    I think you can do better by being more transparent and learn from the open source community. But you know, the problem with you is that although you understand all these issues you are tooooo slow in reacting. When are we going to see progress? After 5 years?

  16. jasonmatusow says:

    Thank you guys for great comments.

    To Martin Paulo:

    You are absolutely correct, that without the compiler and a range of build tools (never mind private symbols), you are not going to be able to replicate the build exactly. This issue was very important to our government partners in the Government Security Program (>35 governments with source code for security review and trust for national security concerns as well as custom app dev projects etc.)  Due to their concerns, we have a process for them to send engineers to Redmond to sit in a build lab and do the verification and/or code review that they feel is necessary. Due to the size of the code base (true for Linux and any other major software dev project), they are not going to go line-for-line through the code. Rather, they are going to focus on specific code segments that they care the most about. There are >13,000 eligible organizations worldwide who could license Windows source code at no cost. <500 have chosen to do so. During my tenure as the Director of Shared Source, I had hundreds, if not thousands, of conversations with customers and none of them raised this as a critical issue for them. There were many other factors that were of far greater concern to them such as how to find the right piece of code that will help them understand their custom app dev blocker etc.


  17. jasonmatusow says:

    To Nektar –

    Good comments, and you are right. There are enormous opportunities for us to increase transparency on some fronts. We have heard the feedback on GDN and there are efforts under way to address that. As for the other issues, transparency for the development process has both upsides and downsides to it. Our business model is dependent upon preserving value in the software to sell commercially. That means keeping it unique. Perfect transparency could significanly limit the commercial opportunity of our products. We now have >16,000 bloggers at Microsoft which is an impressive degree of transparency – but that leads to too much information for external parties wanting to learn specifics. MSDN, TechNet, KB articles, blogs, documentation, Channel9, partner communities, MVP program…the list goes on. Each is a way for community and MS to interact. Each has benefits and limitations. Each serves a different sub-community. Thanks for the comments, I will forward them on internally to the dev community relations folks.

    Thanks –


  18. Wesley Parish says:

    I am going to harp on this matter until either I die of old age, Microsoft finally does as I ask, or Microsoft suffers a reality hang or crash.

    For example, Microsoft has a totally ghastly Licensing mixup in the four separate MS WinCE Shared Source Licenses which offers the horror of a licensing shuffle for the graduate student with Academic MS WinCE experience who then goes to work in a company with a MS WinCE Shared Source license.  I have worked out an equitable licensing strategy for Microsoft – in my spare time – that uses the MS Community License to best effect.

    I have also determined that this as applied to Microsoft’s obsolete software such as the MS Win9x brand and the MS WinNT [3|4] brand would allow Microsoft the best opportunity to genuinely break into the Developing World market as a genuine contributor, rather than a supplier to end-user consumers.

    The idea is simply to drop all the stupid licenses and combination of licenses thereof which only serve to confuse the issue and likewise everybody else.

    Offer everybody the option of licensing said "obsolete" "Intellectual Property Rights" under the Microsoft Community License; or if they would prefer another option, of licensing it under AT&T-style annual or perpetual licensing terms together with the corresponding annual payments or the lump-sum payment.

    Hey, it worked for AT&T, as long as they kept a light hand on their licensing powers.  And we’ve got the *BSD, Minix and Linux to remind us of when they didn’t. 😉

  19. David Lane says:

    Hi Jason,

    I can’t help but notice that you haven’t responded to any of the very specific questions in my postings related to Microsoft’s "shared source" initiative and your apparently positive impression of your employer.  Your silence demonstrates one of the following a) you haven’t had time because you’re so busy bailing as the company slowly sinks into disgraced oblivion as it becomes obvious to the marketplace that no matter how much money MS throws at Vista, it’s sinking and will be universally underwhelming if it comes out at all, b) you’re attempting to avoid drawing attention to my postings because you know that your position is indefensible, and any response will make you look like, at best, a naive hypocrit (this is a common Microsoft tactic), or c) you’re a glutton for punishment who enjoys the enormous cognitive dissonance inherent in being a loyal pawn for a criminal corporation that screws its would-be competitors, customers, partners, and employees at every opportunity to provide absurdly (and indefensibly) high "profits", a miniscule proportion of which your CEO and Chairman then (via PR firms) then "gift" (after a fashion) back to those it robbed so the history books will look kindly on them (hint: they won’t) and that the uninformed in the world will think they’re something other than the souless a**holes they demonstrably are.  Ask Paul Allen.

    By the way, I think it’s funny that you’re on the ODF committee.  So little so late, eh.  Why doesn’t Microsoft simply admit the obvious:  you’re refusing to create truly open, documented file formats (without any royalty or patent issues) because you know that Microsoft’s products can’t stand on their own merits on a playing field you haven’t been able to slant in your favour.  If Microsoft *do* in fact meddle with the standards process, I will be only one voice in the din that will heckle you into oblivion.



  20. The OpenDocument Format (ODF) backed by Sun and IBM, among others, has been ratified by the International Organization for Standardization (ISO), a necessary step on the road to formal adoption. Microsoft still intends to pursue ISO status for its own..

Skip to main content