Iceland: Haven of Openness?

One of the recurrent themes on this blog is the painfully slow progress in terms of getting open source deployed by the UK government. That's despite the fact that there have been multiple statements that it really wants to use more of the stuff, and definitely will - probably, at some point in the future, if the wind is the right direction....

On Open Enterprise blog.

Microsoft's Open Standards Fairy Tale

Regular readers of this column will know that I often write about the issues of open standards and FRAND vs. RF licensing. One particular column that explored this area appeared back in October 2010.

On Open Enterprise blog.

Do The Differences Between Software Piracy And Media Piracy Matter?

Danah Boyd (or danah boyd as she prefers to be called) is widely recognized as an authority on privacy, identity and social networks. A couple of weeks ago, in the context of the fight against SOPA, she wrote a blog post where she made an interesting distinction between different kinds of piracy: 

On Techdirt.

Computing in Schools: The Great Ctrl-Alt-Del

After years of unforgivable inaction, the education world is finally addressing the continuing disgrace that is computer teaching in this country. A couple of weeks ago I wrote about the UK Education Secretary Michael Gove's comments on this area, and now we have the Royal Society's report on computing in schools.

On Open Enterprise blog.

Is Microsoft Blocking Linux Booting on ARM Hardware?

Back in September last year, there was a bit of a to-do about Microsoft's UEFI Secure Boot technology in Windows 8, when a Red Hat engineer posted the following:

On Open Enterprise blog.

UK Government Betrayal of Open Standards Confirmed

Just before Christmas I wrote a fairly strongly-worded condemnation of what I saw as the imminent betrayal of open standards by the UK Cabinet Office. This was based on reading between the lines of a new Procurement Policy Note, plus my thirty years' experience of dealing with Microsoft. At the time, I didn't have any specific proof that Microsoft was behind this shameful U-turn, but Mark Ballard has, it seems:

On Open Enterprise blog.

Of Open Source and the European Commission

At the end of last year I reported on the worrying signs of vacillation from the UK government over its support for truly open standards. At least it's relatively straightforward to keep tabs on what's happening in Blighty; Europe is another matter - I find the labyrinthine bureaucracy and its digital shadow pretty hard to navigate. So I was pleased to come across the following page, entitled "Strategy for internal use of OSS at the EC".

On Open Enterprise blog.

People in Glasshouses (With Windows) Shouldn't Throw Stones

It's no secret that Windows Phone is struggling desperately in the battle against the smartphone leaders, iPhone and Android. And desperate times demand desperate measures; but even so, this move by Microsoft is pretty extraordinary:

On Open Enterprise blog.

Open Source Total Cost of Ownership 2.0

Back in 2006, I wrote a piece for LXer called "A Brief History of Microsoft FUD". This ran through successive attempts by Microsoft to dismiss GNU/Linux in various ways. One of the better-known was a series of "Total Cost of Ownership" (TCO) studies. By an amazing coincidence, these all showed that Microsoft Windows was cheaper than that supposedly cheap GNU/Linux.

On Open Enterprise blog.

Why Barnes & Noble is an Open Source Superstar

As I've noted many times, one of the biggest threats hanging over open source is patents, because of the way trivial but indispensable software techniques have been patented in some jurisdictions (mostly the US). Things are made worse by the fact that vague threats can be made in this area, for example this famous assertion in 2007:

On Open Enterprise blog.

What Microsoft's Patent FUD Reveals About Its R&D

Microsoft is currently engaging in some incredible rewriting of history. Here's Horacio Gutiérrez, deputy general counsel at the company, trying to defend Microsoft's evolution into a patent troll that is unable to make a smartphone that anyone wants, and thus seeks to tax those who can:

On Open Enterprise blog.

Mozilla's Brendan Eich on JavaScript - and Microsoft Buying Netscape

It seems so long ago now, but for those of us lucky enough (and old enough) to have been there, the launch of Netscape's 0.9 version of its Netscape Navigator browser in October 1994 was clearly the beginning of a new era. For a few years, Netscape was the centre of the Internet universe - it's home page was the first you checked each morning for news about what was happening on this strange new Web thing that the company was doing so much to define.

On Open Enterprise blog.

Of Open Source, Microsoft, India and Paraguay

One of the recurrent recent themes of IT in the UK has been how moves to open source by local and central government have been stymied by Microsoft - the most famous example being the Newham Council saga. Of course, that's not a problem unique to the UK: it's a pattern repeated around the world, as some recent stories highlight.

On Open Enterprise blog.

Microsoft's Subtle Knife Through the Heart of EU Software Industry

One of the striking changes at Microsoft over the last twenty years is how savvy it has become in terms of lobbying and influencing political opinion. There was a time when, like most serious tech companies, it regarded this kind of sneaky activity as beneath it - something that only tobacco companies would stoop to. No more; today, it bombards everyone and anyone with a constant stream of carefully-crafted policy papers and posts designed to achieve its goals.

On Open Enterprise blog.

Microsoft's $844 Million Software Giveaway To Nonprofits: Pure Charity Or Cheap Marketing?

Microsoft has just released its 2011 Annual Financial Report. But alongside that document's dry facts about its $69.9 billion turnover, and the operating income of $27.2 billion, Dj Walker-Morgan pointed us to a more interesting publication, Microsoft's 2011 Citizenship Report: 

On Techdirt.

Microsoft-Samsung Licensing Deal Tells Us Nothing About The Facts, Just About The FUD

As Bessen and Meurer's book "Patent Failure" points out, one of the biggest problems with software patents is their lack of well-defined boundaries. This makes it very hard to tell whether newly-written code is infringing on existing patents or not. The threat of treble damages for wilful infringement removes any incentive to try to find out. 

On Techdirt.

What Does Motoroogle Mean?

I am really quite relieved Google is trying to acquire Motorola Mobility. Not because I think it will solve all the problems of Android - it's far too early to say anything like it; but simply because, at last, Google has done something that might begin to address them.

On Open Enterprise blog.

Solving Microsoft's Hard Problem

Microsoft has a problem to solve. On the one hand, open source is not going away – its distributed, modular and iterative approach clearly has many advantages compared to traditional top-down development techniques when it comes to writing and maintaining complex code. On the other hand, Microsoft has spent over a decade propagating variegated FUD against it (although it's true that it has adopted a more accommodating stance in recent years, what with the release of odd bits of code under open source licences, and various attempts to snuggle up to some open source projects).

Still, Microsoft's basic stance remains the same: free software is OK for certain, limited situations, but for serious, enterprise-y stuff you need honest-to-goodness closed source. Given that, how can it begin to tap into the power of open source for its major projects without seeming to admit it got it all wrong, and that open source is actually a better approach?

On The H Open.

One Thing We Know about the Shady Rats

The news about "Operation Shady Rat" has naturally provoked much interest (as it was intended to....) After all, who could not fail to be impressed by claims like this?

I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact. In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.

Ouch.

You can read the rest of the McAfee post for more details - but not for an answer to the key question: who is doing this? You don't have to be a genius to work out that it's probably one of two large, countries situated in Asia, and personally I'd guess it's the one with lots of people in it, FWIW.

But that's not really what interests me here. Instead, I'd like to focus on this final part of the post:

Although Shady RAT’s scope and duration may shock those who have not been as intimately involved in the investigations into these targeted espionage operations as we have been, I would like to caution you that what I have described here has been one specific operation conducted by a single actor/group. We know of many other successful targeted intrusions (not counting cybercrime-related ones) that we are called in to investigate almost weekly, which impact other companies and industries. This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing.

It's a nice ending to a fascinating piece, but in one respect it's almost certainly not true.

That's because, like just about every similar piece describing massive intrustions of this kind, the McAfee doesn't actually say anything about the platforms that were affected, simply noting:

The compromises themselves were standard procedure for these types of targeted intrusions: a spear-phishing email containing an exploit is sent to an individual with the right level of access at the company, and the exploit when opened on an unpatched system will trigger a download of the implant malware. That malware will execute and initiate a backdoor communication channel to the Command & Control web server and interpret the instructions encoded in the hidden comments embedded in the webpage code. This will be quickly followed by live intruders jumping on to the infected machine and proceeding to quickly escalate privileges and move laterally within the organization to establish new persistent footholds via additional compromised machines running implant malware, as well as targeting for quick exfiltration the key data they came for.

But somebody in the comments asked the obvious question: "Were the initial intrusions all on Microsoft OS machines? Also, was a particular browser targeted?" To which the answer came:

All the malware we’ve seen was Windows-based. There were a variety of vulnerabilities used

Think about that. This massive breach of security, and loss of possibly highly-sensitive information, was all down to two things: the abiding thoughtlessness of people opening attachments, and a range of flaws in Microsoft's software.

So the statement that "the only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing" is not true; another class would be those wise enough not to allow any of their personnel to use Microsoft products. We may not know definitively who the Shady Rats are, but we certainly know what they *really* love.

Follow me @glynmoody on Twitter and identi.ca, or on Google+

Myhrvold Hoist By His Own (Patented) Petard

There's a column doing the rounds at the moment that is generating some interest. It comes from the King of the Patent Trolls, Nathan Myhrvold. I urge you to read it - not so much for what he wants to point out, as for what he inadvertently reveals. Here's the key passage:

Most big tech companies inhabit winner-take-most markets, in which any company that gets out in front can develop an enormous lead. This is how Microsoft came to dominate in software, Intel Corp. in processors, Google Inc. (GOOG) in web search, Oracle Corp. in databases, Amazon.com Inc. in web retail, and so on.

As a result, the tech world has seen a series of mad scrambles by companies wanting to be king of the hill. In the late 1980s, the battle was for dominance of spreadsheet and word-processing software. In the late 1990s, it was about e- commerce on the emerging Internet. The latest whatever-it-takes struggle has been over social networks, with enough drama to script a Hollywood movie.

In each case, the recipe for success was to bring to market, at a furious pace, products that incorporate new features. Along the way, inconvenient intellectual property rights were ignored.

I think he's absolutely spot on. In the 1980s and 1990s, companies successively carved out dominant shares in emerging markets, often becoming vastly profitable in the process. And how did they do that? Well, as Myhrvold says, "the recipe for success was to bring to market, at a furious pace, products that incorporate new features." Their rise and huge success was almost entirely down to the fact that they innovated at a "furious pace", which led to market success.

They did not, that is, innovate in order to gain patents, but in order to succeed. They did not even bother taking out patents, so busy were they innovating and succeeding. Indeed, Myhrvold himself says: "Along the way, inconvenient intellectual property rights were ignored." They were ignored by everyone, and the most innovative companies thrived as a direct result, because only innovation mattered.

Fast forward to today. Now even the most innovative company has to spend millions of dollars fighting lawsuits over alleged patent infringement. Often these come from companies that don't actually innovate in any way - they just happen to own a patent that may or may not read on real products that genuine innovators have produced.

So by Myhrvold's own admission, ignoring "inconvenient intellectual property rights", companies innovated fiercely, created now market segments, and were rewarded for their innovation by market dominance and profits. Why then is he and others extolling the virtue of those same, inconvenient patent rights that did nothing for two decades?

The answer, of course, is obvious: because he and the other patent trolls (and burnt-out companies like Microsoft that are becoming a new kind of patent troll by default) have realised that it is not actual, on-the-ground, expensive innovation that counts, but the piece of paper from the USPTO assigning nominal "ownership" of that innovation.

He and his company have learned how to game the system and thus destroy the conditions that led to over two decades of uninterrupted and unprecedented innovation and wealth creation thanks to a level playing field offered by the absence of distorting intellectual monopolies - not their presence, as his column illogically tries to suggest at one point. This U-turn is doubly ironic given his unexpectedly candid opening analysis describes so well why we do not need patents at all.

Follow me @glynmoody on Twitter or identi.ca.