MS should open-source Windows

CIOL Bureau
Updated On
New Update

As the Community Development Manager of and chair of the Community Council, as well as the senior manager for community development at CollabNet, Dr Louis is currently working on an in-depth examination of the difference corporate-sponsored open source projects have made to the logic and practice of open source.


We caught up with him on his recent visit to India for Asia's premier open-source conference Linux Asia 2006, and spoke with him on the concept of corporate sponsored open-source projects, future of FOSS, security and

localisation issues with open-source solutions and more.


Excerpts from the same.

What is your role as Community Development Manager at

It is a flexible role and the easiest way to think of it is that I represent the community (however defined). In effect, I represent it to developers, businesses, governments, corporations, as well as to the sponsoring companies, especially the primary one, Sun, and hosting company, CollabNet, which employs me. It goes without saying that I also do a lot of writing, project management, admin, and ombudsmanship.

Independent of my role as community manager, I'm also on the governing council, the Community Council, and the lead or co- lead of several projects.

What difference have corporate-sponsored open source projects made to the concept of open source?

A huge difference. Free and open source software (FOSS) projects often begin small and organically, with the code forming the nucleus of progressively expanding activity, as developers submit patches and enlarge upon the codebase. Of course, I'm generalizing and idealizing: it's actually much more complicated than that and the progression is seldom linear; rhizomatic systems are always complex. But the idea of such organic growth is that it is predicated on a distributed "community" of interested developers, and this community expands more or less in synchrony with the development of the code. The project's boundaries thus more or less map to the interest in code.

In contrast, a sponsored project will often start with a gift of code to the "open source community" (whatever that means) and then form a community around the gifted code. This is what happened with, and the strategy presents some challenges to the formation of an interested community. But: I tend to think that few projects, sponsored or not--indeed, few companies, sponsored, or not--have been quite as successful as Think of it: we have tens and tens of millions of users representing a significant chunk of the office suite user base. Why do they use OOo? Without question it's because the product is so good and because it is free, as in gratis, as well as in speech. But it's also because it has been translated to languages like Hindi, Tamil, and many others used in India and elsewhere. And it is also because despite starting from code already written, we have formed a "community" or communities concerned with the making and propagating of the application and ancillary material, such as help files.


Community members include not only employees of Sun, Novell, Intel, Propylon, and associates of Debian, Mandriva, and so on, but also thousands who are not paid or employed by small and focused companies. Regardless, all have devoted enormous chunks of their daily lives to making and propagating This is remarkable.

Why have people so committed themselves to the project?

The reasons vary. For some, their work will ultimately benefit them. For others, the reason is more altruistic or communal: they wish to give back to the project some of the benefit they have received from it. They see quite clearly that represents an opening to the future--a future that will include them, as active participants, in a way that proprietary commodities never can. Proprietary products make you, the consumer, at best a user, seldom a producer.

Can you tell us about some corporate-sponsored projects that are under execution?

CollabNet hosts several, ranging from Intel's Tiano Core to the P2P protocols project JXTA.

But there are numerous others, and if one wish to think about corporations sponsoring open-source development, one should also think of course of IBM's sponsorship not only of Linux development but also of Eclipse; of Dresdner Kleinwort Wasserstei's OpenAdaptor also hosted by CollabNet, of Subversion sponsored substantially by CollabNet, and so on.

Think of this as a management revolution on par with the introduction of the assembly line: open source gives companies a way of moving ahead quickly, expanding their user and developer base, and all with minimal managerial overhead.

What is the future of open source? Do you think it has the potential of replacing proprietary SW at the enterprise and government level?

The future? FOSS is maturing but is by no means mature. Arguably, it can never and should never be deemed mature: it is a constantly evolving, unscripted practice, not a theory finding an ideal praxis.

On the development side, I envision more and more enterprises and also smaller companies, as well as public sector and NGOs, employing FOSS techniques to create and distribute software (recall: FOSS includes as a provision the idea of free distribution, that is unencumbered distribution). They will do this because it is both a cheaper and better way of getting things done.


But do I think it will replace proprietary software (SW)? Nope; not at all. FOSS is a strategy, not a political movement. It promotes a narrow kind of freedom but is not the answer either to a politics of freedom nor to all software making and distribution. Proprietary software is perfectly reasonable for many, especially, one might think, for those companies whose revenues are dependent on the software. Sure, a strategy might be to open source *some* of it, so as to promote the code and its development. But that may not always be a feasible option. Think too of the places where open source has barely had an impact: games and other aesthetic works. For all these, there is a certain relation to the consumer that makes it difficult to conceive of open source as the solution. I'm not saying it's impossible; hardly, and there are numerous aesthetic works that are in fact open; as well, one could envision that the content of a game stays closed but the code producing the movement and effects is open. But in the case of content, the nature of our relation to the work has to be calculated and understood: participation as a producer is not always desired. Further, one has to think through the implications of freeing works which are, by Kant's definition of art, non-utile.

How can a country like India benefit by adopting open source solutions?

The adoption of FOSS confers both economic and social benefit. To begin with, FOSS is both a commodity and a resource: something you use and something you develop; usually free as in beer and always free as in speech.

As a free commodity, it obviously saves money in licensing fees, which would otherwise be sent abroad. And as a free resource it goes well beyond saving money. It produces wealth, and the wealth it produces is local. Investing in FOSS means investing in local talent; it means encouraging the growth of everything from local support companies to local developers to local school curricula to local distributors.


For a country like India--powerful and possessed of vast natural talent--it means taking a lead on the world stage in developing technology, and this will have I believe positive social effects.

FOSS is not a political movement but the narrow freedoms granted by the licenses can promote vigorous growth of participant communities, starting with the technical but not ending there. What FOSS ultimately implies is a way for experts and consumers to communicate, share knowledge, information, interests to produce new things and move beyond, around, through the walls created by the decades long and stultifying intellectual property regime we know so well today.

And besides innovation, why is this important? Because FOSS promises to bridge the so-called "digital divide," or the gulf between the elite who have and use computers and thus benefit from the 21st century service and knowledge economy and everyone else, who are effectively barred from taking advantage of this economy and its wealth and locked into a stagnant past. FOSS gives India the future; large-scale proprietary software guarantees the past.


What about the localisation issues?

Localizing means translating text but also configuring the application so that it conforms to the user's linguistic environment. For Indic languages, that can be challenging, but by no means are the challenges insurmountable.

Although the vast majority of India's economy and political discourse is in English, there are, I know, tens of millions for whom that language is a burden and quite unnecessary for what they might wish to do, such as write a letter home, or a draft a speech for a local farming community. As well, I'd guess that as in Canada, where I live, there are provinces where material must be in more than one language, so that the citizenry can comprehend it.

Localization of an application thus solves the problem of language by making the application available in that person's language. It helps foster communication and brings the user that much closer to participating in the service and knowledge economy which prevail in the so-called developed world; or even to use the tools of IT to make farming more efficient, as was demonstrated to me last year.

Advertisment is a leader in localization. It's easy to do and there is no reason why not. The teams of Bharateeya, which is managing the Hindi localization, or the one lead by S. Muguntharaj, which is doing Tamil, or the Ankur Group doing the Bengali localization, to name but three, are all doing brilliant work and are making available to millions.

There are several other important Indic localizations in progress--to see the latest, go to and they need help and attention. India has at least 18 important languages, I have learned, and we need to make available in them all and then some. There are no technological barriers for accomplishing this, only political. I invite your readers to join the existing projects or start new localizing efforts. The rewards are potentially enormous.

What steps are being taken to ensure secure open source solutions?

Actually, the open-source community has, from the very start, taken the issue of security more seriously than Microsoft has obviously done. Bad security comes often enough from bad code or code that is inscrutable from all except the few who have written it and some others in a "black hat" community who test it--neither of which characterizes open source, which is open to all to view, critique, improve, test.

Open source software is by no means guaranteed to be better written than proprietary but because the *source* is exposed code vulnerabilities are more likely to be spotted and fixed before they are exploited. But of course, the huge exposure of Microsoft means that it is a bigger target, and that there are cadres looking and finding vulnerabilities and then exploiting them.

Would Microsoft products be more secure if they were open sourced?

No: merely because the code is open does not mean one can insert any old patch cum virus or trapdoor and expect it to be accepted and included in the source tree. In all open source projects I am aware of, especially large ones, code submitted by the community undergoes rigorous testing by the relevant committer or project lead and then testing by the wider community before it is released as a stable binary. And if bugs or new vulnerabilities are found after release, as sometimes happens, these are usually fixed very quickly. (On a side note, I have previously recommended to Microsoft that they in fact open source Windows. Why not? And think of all the benefits to accrue!)

Furthermore, as more enterprises and public sector offices use FOSS, I'd expect there to be even more aggressive review of security issues. But the tactic won't be to make the code secret: that does not work, as we have seen. It will be to make the process of finding and fixing vulnerabilities better. And that is only really possible if the code is open.

I like to think that the current state of affairs, where even those of us who do not use Microsoft products nevertheless must deal with the security gaffes of those who do will soon pass. How many hours, how many billions have been lost due to the bad code, in Office, Outlook, in so many other things that knowledge workers daily use?

Yes, the user should always know better but we tend to rely on our tools to do things for us not to us. Blaming the victim is no answer.