FLOSS Foundations

Hundreds of millions of people rely on the accuracy of voting machines and the polling process to form our government. New voting machines are being developed, moving from paper-based ballots to electronic voting.

How accurate are those digital voting machines? How unbiased? Do they count every vote? Do they count every vote accurately and completely? How do they work? How tamper-proof are they? Is there a way to audit results? How good is the audit process? How would we know?

Right now it’s hard to tell. It turns out that how digital voting machines work is a secret. Voters are not allowed to know, to see or to test those machines or how they work. (I’ll speak of California here, as a result of talking to the California Secretary of State, but this is only an example of the problem.) We’re asked to “trust.”

The OSDV Foundation exists to change this. OSDV is a non-profit organization building open source voting machinery. This is important for several reasons:

• This allows voters to verify what our voting machines are doing. Like other open source projects, those of us with enough technical expertise can serve as consumer advocates and validate that our voting machines operate as they should.
• In voting, 1 or 2 percent is a giant amount. Many elections — at least in the US where I’m most familiar — are very, very close. A 1% to 2% margin of error may be acceptable in many business settings, but it is not acceptable in a critical election where it can change results. With open source products we can see and test and improve the quality, rather than simply trust that all is well.
• Casting and counting votes should not be a for-profit enterprise; it is the foundation of elected governments.
• Proprietary ownership of the means of voting IS a conflict of interest. According to the OSDV Foundation, right now something like 88% of the US voting infrastructure is owned by two companies, which will soon be one company.
• Good open source alternatives are likely to cause an improvement in the quality of the dominant (close to 90% market share) product offering.

OSDV is just reaching the point where its first products are just about ready for use. Having a viable alternative in the market is critical. Having a viable alternative that is open source and public-benefit is even better. OSDV is building a system that citizens can actually verify — a system we trust based on that ability to verify what is actually happening.

You can find out more about OSDV Foundation’s Trust the Vote project at trustthevote.org/background

This is from the analog report on the Apache access logs for the drumbeat.org staging server. It leaves me wondering whether there were actually any genuine searches done at all...

Listing the top 30 query words by the number of requests, sorted by the number of requests.

reqs	search term
2459	'
2094	0
1745	delay'0:0:20'
1396	waitfor
714	and
703	or
698	1=1
698	1=2
349	'waitfor
349	%27
349	%00'
51	drumbeat.stage.mozilla.com/
34	drumbeat.stage.mozilla.com/events
16	2=2
5	1=3
3	drumbeat
3	73541692'
3	73919112'
3	27417321'
3	38822036'
3	19286078'
2	72884114'
2	20580310'
2	73307134'
2	17959598'
2	17674419'
2	14638227'
2	16063538'
2	miro
2	83234186'
1045	[not listed: 704 search terms]

MySQL, the open source database product that puts the "M" in LAMP, was created by MySQL AB, a company founded in 1995 in Sweden. In 2008, MySQL AB announced that it had agreed to be acquired by Sun Microsystems for approximately $1 billion.

The story of MySQL AB is pretty amazing, so I unleashed my "inner academic", did some research and compiled a timeline of MySQL AB's history. This timeline is assembled based on different resources online, such as MySQL press releases (example 1) and interviews with MySQL AB executives (example 2, example 3), etc.

Things to add? Let me know in the comments and I'll update the post.

1995

• MySQL AB founded by Michael Widenius (Monty), David Axmark and Allan Larsson in Sweden.

2000

• MySQL goes Open Source and releases software under the terms of the GPL. Revenues dropped 80% as a result, and it took a year to make up for it.

2001

• Mårten Mickos elected CEO at age 38. Mårten was the CEO of a number of Nordic companies before joining MySQL, and comes with a sales and marketing background.
• 2 million active installations.
• Raised series A with undisclosed amount from Scandinavian venture capitalists. Estimated to be around $1 to $2 million.

2002

• MySQL launched US headquarters in addition to Swedish headquarters.
• 3 million active users.
• Ended the year with $6.5 million in revenue with 1,000 paying customers.

2003

• Raised a $19.5 million series B from Benchmark Capital and Index Ventures.
• 4 million active installations and over 30,000 downloads per day.
• Ended the year with $12 million in revenue.

2004

• With the main revenue coming from the OEM dual-licensing model, MySQL decides to move more into the enterprise market and to focus more on recurring revenue from end users rather than one-time licensing fees from their OEM partners.
• Ended the year with $20 million in revenue.

2005

• MySQL launched the MySQL Network modeled after the RedHat Network. The MySQL Network is a subscription service targeted at end users that provides updates, alerts, notifications, and product-level support designed to make it easier for companies to manage hundreds of MySQL servers.
• MySQL 5 ships and includes many new features to go after enterprise users (e.g. stored procedures, triggers, views, cursors, distributed transactions, federated storage engines, etc.)
• Oracle buys Innobase, the 4-person Finnish company behind MySQL's InnoDB storage backend.
• Ended the year with $34 million in revenue based on 3400 customers.

2006

• Mårten Mickos confirms that Oracle tried to buy MySQL. Oracle' CEO Larry Ellison commented: "We've spoken to them, in fact we've spoken to almost everyone. Are we interested? It's a tiny company. I think the revenues from MySQL are between $30 million and $40 million. Oracle's revenue next year is $15 billion."
• Oracle buys Sleepycat, the company that provides MySQL with the Berkeley DB transactional storage engine.
• Mårten Mickos announces that they are making MySQL ready for an IPO in 2008 on an projected $100 million in revenues.
• 8 million active installations.
• MySQL has 320 employees in 25 countries, 70 percent of whom work from home.
• Raised a $18 million Series C based on a rumored valuation north of $300 million.
• MySQL is estimated to have a 33% market share measured in install base and 0.2% market share measured in revenue (the database market was a $15 billion market in 2006).
• Ended the year with $50 million in revenue.

2007

• Ended the year with $75 million in revenue.

2008

• Sun Microsystems acquired MySQL AB for approximately $1 billion.
• Michael Widenius (Monty) and David Axmark, two of MySQL AB's co-founders, begin to criticize Sun publicly and leave Sun shortly after.

2009

• Mårten Mickos leaves Sun and becomes entrepreneur-in-residence at Benchmark Capital. Sun has now lost the business and spiritual leaders that turned MySQL into a success.
• Sun Microsystems and Oracle announced that they have entered into a definitive agreement under which Oracle will acquire Sun common stock for $9.50 per share in cash. The transaction is valued at approximately $7.4 billion.

The Squeak community are working with ESUG to submit a joint entry to this year’s Google Summer of Code but need your help at once!

Squeak participated in GSoC  in 2007 and 2008 but in 2009 Google started to focus on bigger communities, so Squeak developers are working with ESUG this year to put together a joint submission with other groups including open-source projects from all Smalltalk dialects, including Pharo, Smalltalk/X, GNU Smalltalk and Cuis as well as commercial distributions such as VisualWorks, VisualAge, Dolphin and Gemstone. Entries from cross-platform projects like Seaside, AidaWeb, Magma, etc. will also be welcome.

Mariano Martinez Peck will administrate the joint application supported by Janko Mivšek. They need to supply Google with information about ESUG as a mentoring organisation and a list of ideas/projects,  each with a description and a nominated mentor. If their submission get selected by Google they will be told how many projects Google will sponsor — the mentor receives $500 and the student who volunteers to work on the projects will receive $4500.

Due to a late start, they are very near to the first deadline! They have until 12th March 2010 to submit all the information of the mentor organisation and give the list of projects with mentors. So as a matter of urgency they need your projects. They’ve put together a webpage to hold details, so if you have project suggestions, send them a short title and a paragraph (for the moment) explaining the idea. You can also reply to Mariano’s email on most of the key developer mailing lists including the squeak-dev mailing list.

Good mentors are often as hard to come by as good ideas, but often being helpful, being aware of the dates, answering emails, etc. can be more important than the Smalltalk knowledge, so if you’re able to act as a mentor or a back-up, let them know at once!

For some inspiration, you can see the ideas proposed in previous years:
2007: http://wiki.squeak.org/squeak/5936
2008: http://wiki.squeak.org/squeak/6031
2009: http://wiki.squeak.org/squeak/6120

Here's my status report for this week. Lots of projects inching towards the finishing line (or the starting line, in one particular large case).

In honour of the recent discussions on foundation-list, I would like to resend everyone to this piece by Dan Spalding, which I’ve mentioned previously. It had a huge influence on me, and hopefully will on others too.

As a teaser, here’s an extract of the target audience:

Consensus decision making is a model of the society we want to live in, and a tool we use to get there. Men often dominate consensus at the expense of everyone else. Think about the man who…

• Speaks for a long, loud, first and often
• Offers his opinion immediately whenever someone makes a proposal, asks a question, or if there’s a lull in discussion
• Speaks with too much authority: “Actually, it’s like this…”
• Can’t amend a proposal or idea he disagrees with, but trashes it instead
• Makes faces every time someone says something he disagrees with
• Rephrases everything a woman says, as in, “I think what Mary was trying to say is…”
• Makes a proposal, then responds to each and every question and criticism of it – thus speaking as often as everyone else put together (Note: This man often ends up being the facilitator)

It’s rarely just one man who exhibits every problem trait. Instead it’s two or three competing to do all the above. But the result is the same: everyone who can’t (or won’t) compete on these terms – talking long, loud, first and often – gets drowned out.

This is a result of society’s programming. Almost no men can actually live up to our culture’s fucked up standards of masculinity. And our society has standards for women that are equally ridiculous. In one way, we both suffer equally. That’s why we all yearn and strive for a world where these standards – which serve to divide us and reduce us and prop up those in control – are destroyed.

In another way these standards serve those who come closest to living up to them. Sure, we all lose when a few men dominate a meeting. But it’s those men who get to make decisions, take credit for the work everyone does, and come out feeling more inspired and confident.

Like I said, Dan’s piece opened my eyes to my own bad behaviour, and also enabled me to improve as a meeting/round-table/discussion facilitator. Hopefully a reasoned reflective analysis of their behaviour by the most disruptive elements of foundation-list will also have a similar effect on them. I certainly hope so.

bugzilla.mozilla.org now has a new "feedback" flag for attachments (bug). Use this like "review", but for where you want to get someone's input on a patch, and that input does not amount to a formal review. This is useful if the patch is a work in progress, or if the person you are asking for feedback is learning to do reviews in your component.

This new flag was Marco Bonardo's idea and was endorsed by mconnor.

You can request feedback from specific people (obviously) and from multiple people at once. It's available in all products and components.

Every other week or so, someone asks me the following question: How are Mollom CAPTCHAs better than those created by CAPTCHA module?. This is an important question, and understanding it is central to understanding our philosophy with Mollom.

First, when using Mollom in "text analysis" mode, a CAPTCHA is only displayed when Mollom is uncertain about whether a message could be spam. Mollom analyzes the text of comments and combines that analysis with what it knows about the internal reputation of the posters, to determine whether a message is "spammy". Non-spam submissions are accepted without a CAPTCHA, and posts that are certainly spam are rejected automatically. By only presenting a CAPTCHA when necessary, we avoid penalizing normal (non-spamming) users with CAPTCHA challenges. The CAPTCHA module is different in that it does not perform text analysis and therefore must always display a CAPTCHA challenge.

Second, the Mollom module for Drupal has a "CAPTCHA only" mode, which is useful when clients would prefer not to use text analysis, or for when the forms have almost no text to analyze (like Drupal's user registration form). In "CAPTCHA only" mode, the user experience of the Mollom module is very similar to that of the CAPTCHA module -- the user is always prompted to complete a CAPTCHA in order to perform a certain operation. The similarity ends here, however. While the user experience is the same, the actual CAPTCHA generation is not. Mollom CAPTCHAs are "intelligent", in the sense that Mollom tracks the behavior and reputation of IP addresses from all sites using Mollom. A known spammer, operating from a known IP with a poor reputation, won't be able to complete a Mollom CAPTCHA no matter how hard he tries. And, as more users install Mollom, its performance increases as it learns from the additional data. A stand-alone module like CAPTCHA doesn't learn from user behavior, as it simply generates CAPTCHAs without regard to their context and delivery.

This second difference between the Mollom and other CAPTCHA modules is, in fact, huge. When we analyze our server logs, we see that 20% of all correctly completed CAPTCHAs are submitted by known spammers. Spammers don't seem to solve CAPTCHAs algorithmically; instead, they persuade humans to solve CAPTCHAs for them by using botnet infected machines. Two blog posts that detail this process are How to defeat Koobface and Breaking Koobface's CAPTCHA solving process. As spammers evolve and their arsenal of tools become increasingly powerful, CAPTCHA solutions must keep up to remain effective. We believe Mollom's "intelligent CAPTCHA" processing represents a significant benefit from traditional CAPTCHA generation and is one way we'll continue to stay a step ahead in our goal to eliminate posting spam.

Tristan recently blogged about privacy as a currency. His point:

Privacy is a currency for which we don't know the [ex]change rate. It's something we're giving to online services without knowing what it's worth.

I started to apply basic economics to that idea. It seems to me that a key point is that the exchange rate of the currency is not only unknown, but it is also different for different people. You may value your privacy much more highly than I do. By contrast, for people in the same socio-economic group, the value of the information to the company is (approximately) the same. For most of the readers of this blog, it's worth about the same to (e.g.) Google to know X amount about you as it is to know X amount about me.

A mutually beneficial exchange is one in which both parties receive something of greater value than what they lost. Is our loss of privacy mutually beneficial? It depends. I may decide to put a $50 value on the privacy of my list of friends. If that list is worth $100 to Google or Facebook, and they will provide me with $70 worth of services in return for it, then clearly the exchange is a beneficial one. However, if you value your list of friends at $500, then it would not be a good exchange for you, if all else was the same.

Another important economic attribute of exchanges is that they should be 'fair'. A fair exchange is one which is uncoerced, and in which both parties understand what they are giving away and receiving. Do people understand what they are giving away when they give away their privacy? Perhaps not. Or it could be just that they put a low value on it. In which case, it's entirely reasonable for them to make the trade.

Conclusion: privacy advocacy is not about persuading people not to use particular privacy-reducing services, it's about persuading people to understand the value they personally put on their privacy and perhaps, secondarily, to increase that number. But if people, once they understand, choose not to increase that number and to make privacy-reducing deals, we should respect their free choice.

In a couple of weeks, I'll participate in a panel discussion on The Future of Open Source in Business. In preparation for that discussion, I figured I'd write down my current thoughts and solicit some feedback. I'll talk about two important trends relevant for the future of Open Source, but there are certainly more.

First, Open Source adoption in the enterprise is trending at an incredible rate -- Drupal adoption has grown a lot in 2009 but we saw by far the biggest relative growth in the enterprise. Fueling this movement is the notion that Open Source options present an innovative, economically friendly and more secure alternative to their costly proprietary counterparts. Second, Cloud Computing is a transformational movement in that it enables continual innovation and updating - not to mention a highly expandable infrastructure that will reduce the burden on your IT team.

Two years ago, when starting Acquia, we predicted this would happen so it is no surprise that Acquia's strategy is closely aligned with those two trends: Drupal Gardens, Acquia Hosting and Acquia Search are all built on Open Source tools and delivered as Software as a Service in the cloud. Combining Open Source tools and Cloud Computing makes for the perfect storm for success. It provides real value to end-users and it enables companies to monetize Open Source. It creates a win-win situation.

At the same time, I think we have an opportunity to go beyond that, and to redefine the Software as a Service model based on Open Source values, almost exactly like we started doing 10+ years ago with off-the-shelf software. Almost all Software as a Service providers employ a proprietary model -- they might allow you to export your data, but they usually don't allow you to export their underlying code. While a lot of these services might be built on Open Source components, they have a lot more in common with proprietary software vendors than Open Source projects or companies.

There is room for Open Source companies to disrupt this model, and it is probably not something that can be done without the help of Open Source companies. Drupal Gardens provides a good example of this model.

For example, users of Drupal Gardens can help improve Drupal Gardens, simply by contributing to Drupal. By staying close to the Open Source project, everyone can help shape the service. Along the same lines, we want people to be able to export their Drupal Gardens site -- the code, the theme and data -- and move of the platform to any Drupal hosting environment. By doing so, we provide people an easy on-ramp but we allow them to grow beyond the capabilities of Drupal Gardens without locking them in.

It is Software as a Service done right -- it will offer enterprises a much more secure and low-cost alternative to proprietary counterparts and provides many Open Source projects the opportunity to have a much bigger reach. It creates a triple win scenario -- for the customer, for the Open Source project and the Open Source company -- in a way that wasn't really apparent five years ago. At least not to me.

Have you taken the 2010 Future of Open Source Survey yet? If not, please take a few moments to share your thoughts on where you think Open Source is headed.