The Credibility Issues of MS's CodePlex Foundation

alphadogg writes 'Microsoft's new CodePlex Foundation has serious flaws to correct if it wants to become a credible force in the open source industry, and attract a diverse collection of developers and participants, according to an expert in forming consortia and foundations. Andy Updegrove, a lawyer and founder of ConsortiumInfo.org, says Microsoft has created with CodePlex a rigid foundation that has almost no wiggle room and a poorly crafted governance structure that concentrates authority at the top and leaves little power to others who might join the foundation.' Here is Andy's detailed analysis of CodePlex's structure: "Over the past 22 years, I've helped structure scores of open, consensus based consortia and foundations, and represented over 100 in all... In this blog entry, I'll show where I think the legal and governance structure of CodePlex has wandered off the open path, and offer specific recommendations for how the structure could be changed to give people (other than Microsoft business partners) confidence that CodePlex will be an organization worth joining."

Hrmm

[acehole]

Needs more lawyer.

Re:Hrmm

[miffo.swe]

I think it needs less Microsoft or better, none at all. It blatantly obvious this is a mere publicity stunt. The bylaws arent accidentally about giving all control to Microsoft.

The only good thing at all is that it puts Miguel de Icaza on Microsofts side so that people easier understand where his loyalty really lies. The discussions about Mono and abolishing it from distributions should get easier now.

Re:Hrmm

[MightyMartian]

There is the little matter of potential patent time bombs. I won't use Mono for that reason alone. I have absolutely no faith in Microsoft's largesse, or in the moles like Icaza who seem hell bent on selling everyone up the river.

Re:Hrmm

[HitoGuy]

"There is the little matter of potential patent time bombs. I won't use Mono for that reason alone. I have absolutely no faith in Microsoft's largesse, or in the moles like Icaza who seem hell bent on selling everyone up the river."

Amen. I always like to say when someone defends Mono for being an ECMA standard: "Standardization does not mean indemnification." The worst a standards organization could do to Microsoft for patent trolling .NET through Mono would be to abolish the standard, something I imagine wouldn't even remotely bother Microsoft at that point.

As for de Icaza, it should have been blatantly obvious that he was a traitor when he:

- Applied for a job at Microsoft. I don't know how he responded to being rejected, assuming he actually was rejected.

- Actually wanted to bring .NET to Linux despite the fact that very few developers saw real value in it. Notice how few big projects outside of his umbrella actually use Mono or even want to use Mono. Note also that the only Mono-using apps I've seen on Linux are aimed directly at GNOME, de Icaza's little "love child."

- I think a real red flag should have been raised when he started calling OOXML "superb" and blindly thinking it was being "FUD'd." I doubt he ever actually read the standard.

To me, CodePlex is just abother ploy on MS's part to try to control code. That's also why I think they were so unusually interested in proliferating Mono with de Icaza.

Re:Hrmm

[tibman]

Microsoft's promise not to sue: http://www.microsoft.com/interop/cp/default.mspx

The promise covers several specifications, most importantly this:
C# Language Specification - Ecma-334, 4th Edition and ISO/IEC 23270:2006
Common Language Infrastructure (CLI) - Ecma-335, 4th Edition and ISO/IEC 23271:2006

I won't use Mono for that reason alone.
Guess what? You can use Mono now. yay!

I personally, don't care who wrote what and why. It works and it's available for use. To not use code because you think the programmer is immoral? That's awfully pious.

Re:Hrmm

[MightyMartian]

It's nothing to do with moral or immoral, but with not trusting Microsoft (and is there any reason to trust Microsoft) and not wanting to become beholden anywhere along the development to them directly or indirectly. There are enough other ways to achieve platform independence that Mono does not need to enter the equation.

If you have faith in Microsoft's promises, then go to it. But until Microsoft releases the .Net technologies fully through legitimate open source licenses so that there is neither potential encumbrance and the technology truly becomes platform-independent, count me out. Microsoft has enough leverage in the development business without my silly little projects adding to it.

and attract a diverse collection of developers

[miknix]

Because I'm sure my Linux on [insert device here] port will look just fine on CodePlex.

Re:and attract a diverse collection of developers

[Just+Some+Guy]

Because I'm sure my Linux on [insert device here] port will look just fine on CodePlex.

Hmm. MS's recommended migration path from Visual FoxPro is to .NET and SQL Server. I wrote a tool to simplify migration of VFP databases to PostgreSQL instead. Wonder if they'd like to host it for me?

Re:and attract a diverse collection of developers

[shutdown+-p+now]

Hmm. MS's recommended migration path from Visual FoxPro is to .NET and SQL Server. I wrote a tool to simplify migration of VFP databases to PostgreSQL instead. Wonder if they'd like to host it for me?

Sure, why not? They host a RedHat-based Linux distro on CodePlex, I don't know how you could possibly go beyond that.

In general, all you need to know is written in EULA (and this specific sentence is also quoted on CodePlex front page):

"Microsoft does not control, review, revise, endorse or distribute third-party Submissions. Microsoft is hosting the CodePlex site solely as a web storage site as a service to the developer community."

And regarding the licenses, from the FAQ:

"Project coordinators can select from a list of the following OSI licenses: Apache License 2.0, Common Development and Distribution License (CDDL), Eclipse Public License (EPL), GNU General Public License (GPL) v2, GNU Library General Public License (LGPL), Microsoft Public License (Ms-PL), Microsoft Reciprocal License (Ms-RL), Mozilla Public License 1.1 (MPL), New BSD License, and The MIT License."

So long as your project is under one of those, it doesn't matter what it does - you can host it.

Re:and attract a diverse collection of developers

[ConceptJunkie]

I can't help but look at the term "Microsoft Reciprocal License" and think:

Under the MSRL, Microsoft screws you, and you, in turn, are screwed by Microsoft.

Re:and attract a diverse collection of developers

[shutdown+-p+now]

Actually, my project's under GPLv3 so they won't host it. I guess MS doesn't like the extra patent protections.

I doubt it, since Ms-PL itself includes a patent clause:

Patent Grant- Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free license under its licensed patents to make, have made, use, sell, offer for sale, import, and/or otherwise dispose of its contribution in the software or derivative works of the contribution in the software.

And a patent nuke clause:

If you bring a patent claim against any contributor over patents that you claim are infringed by the software, your patent license from such contributor to the software ends automatically.

Re:Really Open Source?

[MathFox]

Doesn't look like it captures the OSS development spirit, to me...

But it almost perfectly captures Microsoft's view on the software market.

Re:Isn't there enough OPEN SOURCE already?

[Jurily]

This looks like a poor attempt at Google Code, but with a lot more politics, beaurocracy and legal problems involved.

Re:Really Open Source?

[dkleinsc]

Doesn't look like it captures the OSS development spirit, to me...

That's probably because it isn't supposed to. It's supposed to allow Microsoft and any other companies who sign on to support it the ability to say "We like open source. We're spending eleventy-billion dollars on supporting an independent open source foundation." By calling it "open source" even if it's not, it succeeds at its PR purpose.

Remember the Halloween Documents? I don't think we have any reason to think that Microsoft has suddenly decided that they should become the next Red Hat.

Re:Isn't there enough OPEN SOURCE already?

[happy_place]

Not only that, but why put what appears to be a boardroom discussion on your blog unless Microsoft's made it clear they won't play ball. Sounds like "It's a Trap!" which now has a big glowing neon sign over the top of it.

What a shock!

[SirLoadALot]

Why, the article might lead one to think that Codeplex was set up as an entirely self-serving initiative under Microsoft's firm control! Who could imagine such a thing?!

Control, Control, Control, and Chairs

[rwv]

From FTA:

Q: Is that good or bad?

A: In my view, itâ(TM)s bad, because it means that the Board of Directors not only has complete control, but the Board is also self-perpetuating (i.e., the directors elect their own successors). Moreover, there are no term limits on how long a Board member can serve. In this kind of organization, the Board is not answerable to the participants, and the participants have no say or control at all over how the organization is managed or evolves.

The author of the article points out that Microsoft has created a self-controlling organization without industry partners and given it complete control of itself. The implication is that CodePlex will fail because participants will be backed into a corner if they want to do anything that the Board of Directors opposes. It seems like the term "Microsoft Open Source" is still an oxymoron.

Stacked board, stacked panel -- same thing

[SgtChaireBourne]

"...a poorly crafted governance structure that concentrates authority at the top and leaves little power to others who might join the foundation." Doesn't look like it captures the OSS development spirit, to me...

The article is well-thought and well written. Though Andy uses longer, politer phrases to beat around the bush, M$ Code Pox, is a scam and misrepresentation. Even though we're not surprised by that behavior from M$ and its minions, we shouldn't put up with it. After all, ten years ago tech people laughed at M$, M$ products, M$ users and M$ boosters. however, they did nothing to stop the spread and now look at the big cleanup job before us.

There are just too many barriers to it ever becoming credible. Look at any of the required changes Andy mentions. This one in particular stands out:

"Provide that no company and its affiliates (including Microsoft) can have more than one representative on the Board of Directors or Board of Advisors."

No way that one can be overcome. M$ has long been using it's tactic of panel stacking to carry out its jihad. M$ representatives include those by proxy, such as those from sock-puppets and political action groups like Black Dork Software, Novell and others.

Then you have all the activists M$ has placed inside other companies. Juniper Networks, NComputing, Yahoo (especially via the board), Xensource are now saddled with M$ moles. That is just a sample, and each of those companies turned and started to toe the M$ party line after taking on one or more moles.

Now, you may ask, how is all this getting financed and who is underwriting it? The answer: each and every bastard who in any way is helping build or maintain M$ marketshare, that's who.

If Microsoft wants to get more respect

[MikeRT]

It should just give the Mono group carte blanche to reimplement all of their .NET APIs under any OSS license. A full, iron clad legal agreement with them would do more than enough.

Re:If Microsoft wants to get more respect

[Norsefire]

People will look for loopholes and ways that Microsoft are trying to rip them off. Most will refuse to believe that Microsoft is doing *anything* to benefit the common good.

Wether these views are unfounded or not is a different matter ...

Why bother?

[Deathlizard]

You know, I really wonder why MS even bothers getting into open source.

If Microsoft tries to get into open source, it's seen as a move to stranglehold OSS Development and software.

If Microsoft closes the door and goes completely proprietary, it's seen as a move to stranglehold OSS Development and software.

Ballmer should say screw it and just go back to the 90's and steamroll all over the competition. If the government gets involved, split all the divisions into separate companies, get them all to join some consortium group, and keep on steamrolling away.

At least the M$ moniker would have meaning again.

Re:Why bother?

[miffo.swe]

"Ballmer should say screw it and just go back to the 90's and steamroll all over the competition."

Hi there, where have you been since the 90's ? Rest assured you have missed much much steamrolling while you were gone. The whole OOXML debacle is something you really should catch up on, with all the bribes, stacking of panels and other fun stuff. Also take a look at how Microsofts totally dumped the price on Windows for netbooks to kill off any continued linux adoption. Why not look into how an ASUS representive excused himself for having the balls to show an own product with *gasp* Linux on it? The gall! And just recently when they tried to sell off OpenGL patents from SGI to patent trolls under the premise that they would be excellent for going after Linux companies (Hey Novell, looking at you and your patent indemnification, not that useful ey?).

"At least the M$ moniker would have meaning again."

When didnt it have a meaning? They are getting better att hiding their activities but they never stopped.

Re:Why bother?

[Virak]

Shockingly, if you time and time again fuck people over, they stop putting so much trust in you.

Microsoft releases a driver for Linux under the GPL and spins it as them working towards accepting open source more. Except it doesn't really help anyone but them. And later it turns out that they were only doing so because they were breaking the GPL. And then later that the code was shit and has taken a bunch of effort to get into decent shape and they've been completely ignoring emails on the subject.

Microsoft puts C# and the CLI under the "Microsoft Community Promise" and trumpets as it being a win for interoperability and open source. Except it only covers the core standardized parts. All the libraries specific to Microsoft's implementation that are widely used aren't included. As a result it basically only makes it easier to move from other implementations to theirs, and not the other way around, and the only one who wins is Microsoft.

Microsoft works towards standardizing the new format for the new version of Office, and yet again plays up the interoperability aspects. Except the standard is a bloated mess, poorly defines things, in many cases says "just do it like that other program did" and doesn't specify what that means, and is in general just shit. It's nigh-impossible for anyone but them to properly implement. It replicates an existing standard, a better one, for no purpose beyond continued lock-in. Even Office doesn't properly support it and won't until the next version. It has myriad serious problems with its standardization process.

Is it really a surprise that people don't trust them when they're constantly doing things like that? If they made a serious effort, they could win most people over, but they so far haven't. And even if they do eventually do so, it'll be entirely reasonable for people to be cautious at first, because they have an extensive and still growing history of being deceptive with this sort of thing.

Re:Why bother?

[Vexorian]

I think a better question than 'Why bother' would be 'could they at least bother?' .Your theory that FOSS developers may not like MS trying to get more open source with confidence may be true or not, who knows? But we may never know... Since so far MS has not even tried to do so...

I mean seriously, what the hell is this? It looks like some attempt to make OS more patent friendly. Honestly, patents and open source mix just as well as a clown and the pope.

More Than It Appears

[illuminus86]

First, keep in mind, the provisional board of the CodePlex Foundation is only half Microsoft, and they have a mandate to setup a new board within a certain time frame. Second, they've also said the default license will actually be the Modified BSD license, so none of that untrusted MS-PL stuff going on. Thirdly, I've caught word from the inside that one of the effects this could have will be Microsoft employees being allowed to use open-source software internally, along with the ability to contribute to said projects under this CodePlex Foundation. With current issues like Microsoft programmers not being allowed to use superior open-source tools over inferior Microsoft ones (for example, Entity Framework versus NHibernate) - this will definitely result in Microsoft's own position changing for the better.

the whole reason d'atre of The CodePlex Foundation

[viralMeme]

The whole reason d'atre of The CodePlex Foundation is that it isn't the Free Software Foundation or the Open Inventions Network. Microsoft could have just have easily one of these or similar organizations. But then again they wouldn't be so easy to control - which is the whole point of the exercise. Pollute, extend and embrace Microsoft control of 'open source', and by extension Open Standards. And here's what one of the current members of the board of TCF has to say about his time at the FSF.

"I hope that I can last more on this foundation than I lasted at the FSF, where I was removed by RMS after refusing to be an active part of the campaign to rename Linux as GNU/Linux", Miguel de Icaza

Lets see who else is on the 'open source' CodePlex board: Sam Ramji (Microsoft), Bill Staples (Microsoft), Stephanie Davies Boesch (Microsoft), Miguel de Icaza (Novell), D. Britton Johnston (Microsoft), Shaun Bruce Walker (DotNetNuke) ..

This blog sure has it figured out already .. "There's an old game in politics. If some group is giving you trouble, launch a competing group under your control"

So there you have it, what could be more 'open' than that ... :)

Re:Great. Now let's compare this

[SgtChaireBourne]

The "crime", if you want to call it that, is that after years of scuzzball tactics, FUD, lawsuits, smears, and namecalling ("linux is a cancer" ... remember that?), a true blue, died-in-the-wool authoritarian software vendor is posing as a "look-at-me-I'm-hip-now" open source software vendor, likely while trying to find yet another way to screw the real open source community. Judging by the way they structured their "open source" (to use the term veeeerrryy loosely) initiative, they seem to think that open source means "will do what we tell them for free", proving that they still don't get it.

RICO should cover most of M$ business models, past and present.

While you're at it, add up the total damage from the Windows malware per quarter. It's got the late Osama Bin Laden beat, hands down. There may well be a business case for air strikes against Redmond. Obviously that would be preceded by naval bombardment and followed by after-action mop up by ground units.

It's not poorly crafted...

[jfb3]

It's crafted exactly like Microsoft wants it to look and behave.

Re:the whole reason d'atre of The CodePlex Foundat

[HitoGuy]

GNU is just a toolchain. An IMPORTANT toolchain, but a tollchain nonetheless. You don't name your OS or your system distribution after the toolchain, no matter how badly RMS tries to rationalize it.

The operating system layer itself is Linux. Period. Unless there's actual GNU modules or drivers alongside the Linux kernel in kernel-space I don't know about.

And the name of the system distribution is whatever the fuck the maker wants to call it: Ubuntu, RHEL, SuSE, since it's THEIR creation by way of assembling the parts themselves into a distribution.

Stallman wants us to think that by having the GNU toolchain the entire system magically becomes GNU.

It's Linux. It is not GNU/Linux.

Re:Great. Now let's compare this

[SgtChaireBourne]

A little hint: Don't complain about use M$ in our posts or no one will take you seriously, especially when you fail to make a good point.