Microsoft's CodePlex Foundation leader soaks in stinging critique

After a stinging critique from a noted expert in establishing consortia, the leader of Microsoft's new CodePlex Foundation says such frank evaluation is welcome because the open source group's structure is a work in progress. The CodePlex Foundation's aim is to get open source and proprietary software companies working together. Sam Ramji, who is interim president of the CodePlex Foundation, was responding to last week's blog by Andy Updegrove, who said the group has a poorly crafted governance structure and looks like a sort of "alternative universe" of open source development. Updegrove, a lawyer, noted expert on standards, and founder of ConsortiumInfo.org, laid out in a blog post five things Microsoft must change if it wants CodePlex to succeed: create a board with no fewer than 11 members; allow companies to have no more than one representative on the Board of Directors or Board of Advisors; organize board seats by category; establish membership classes with rights to nominate and elect directors; and commit to an open membership policy.

He added, however, "There are some best practices [for running the boards of non-profits] that we are not as familiar with as we would want to be." Slideshow: Top 10 open source apps for Windows  Stephanie Davies Boesch, the foundation's secretary and treasurer, is the only board member with experience sitting on a non-profit's board. Despite the stinging tone in Updegrove's assessment, Ramji says he is thankful for the feedback. "Andy's been incredibly generous with his expertise and recommendations," Ramji says. "It is the kind of input and participation we were hoping to get by doing what is probably non-traditional for Microsoft but not necessarily non-traditional for non-profit foundations, which is to basically launch as a beta." For instance, Ramji says that the decision to go with only five people on the board came from Microsoft's experience that larger groups often have difficulty with decision making. Ramji says Updegrove's suggestion to have academic representation on the board was "outstanding. And basically it is re-writable. We did not think of that." And to Updegrove's point on becoming an open membership organization, Ramji says, "our goal is to become a membership organization and Andy has some excellent recommendations for that."He says the fact that Updegrove took the time to respond "in the format that he did is more proof that there is something worth doing here." Ramji, compares the Foundation's formation to the early days of a software development project. "We have said in these first 100 days we are looking at everything as a beta.

Obviously, there are some areas like contributions and licensing agreements we put a lot of time into but even those can be modified." Microsoft announced the foundation Sept. 10 with a stated goal "to enable the exchange of code and understanding among software companies and open source communities." The company seeded the group with $1 million and Microsoft employees dominated the interim board of directors and board of advisors. One is a call for a broad independent organization that can bridge cultural and licensing gaps in order to help commercial developers participate in open source. Ramji says the foundation has spent the past couple of weeks listening to feedback in "Twitter messages, email, and phone calls in order to understand what people hope this can be." Within that feedback two patterns have emerged, Ramji says. The other focuses on creating a place where open source .Net developers can gain strong backing. "Look at projects related to Mono, you also can look at NUnit, NHibernate, we really feel optimistic that the Foundation could help them gain a higher level of credibility in the open source community. Miguel de Icaza, the founder of the Mono project and the creator of the Gnome desktop, is a member of the Foundation's interim board of directors. They feel they have been lacking that strong moral support," Ramji says.

From a high level, Ramji says the Foundation stands as a sort of enabler that helps independent developers, companies and developers working for those companies navigate the nuances and practices of open source development so they can either contribute source code to projects or open source their own technologies. "One suggestion has been that the Foundation should house all the best practices we have seen software companies and open source communities use," said Ramji. "We want to have a place where everyone interested in how to participate can come and read and if they choose they can use our license agreements or can use the legal structure of the Foundation to grant patent licenses and copyrights for developers and derivative works." Those licensing agreements have a distinct focus, Ramji said, on the rights that are related to code that is being contributed and on how to contribute the patent rights on that code. Ramji says the goal is to service multiple projects, multiple technologies and multiple platforms rather than having one specific technology base, which is how most current open source foundations are structured. "It's early days and we have received a lot of good ideas from experts in a variety of fields from law to code to policy that is what we had hoped for," says Ramji. "Someone wrote it is nice to see Microsoft engaging early on without all the answers and to have the community solve what they would like to see. Once those issues are settled, code would be submitted using existing open source licenses. That is satisfying for me and refreshing to others. This is the right way to proceed." Follow John on Twitter

Microsoft's CodePlex Foundation leader soaks in stinging critique

After a stinging critique from a noted expert in establishing consortia, the leader of Microsoft's new CodePlex Foundation says such frank evaluation is welcome because the open source group's structure is a work in progress. The CodePlex Foundation's aim is to get open source and proprietary software companies working together. Sam Ramji, who is interim president of the CodePlex Foundation, was responding to last week's blog by Andy Updegrove, who said the group has a poorly crafted governance structure and looks like a sort of "alternative universe" of open source development. Updegrove, a lawyer, noted expert on standards, and founder of ConsortiumInfo.org, laid out in a blog post five things Microsoft must change if it wants CodePlex to succeed: create a board with no fewer than 11 members; allow companies to have no more than one representative on the Board of Directors or Board of Advisors; organize board seats by category; establish membership classes with rights to nominate and elect directors; and commit to an open membership policy.

He added, however, "There are some best practices [for running the boards of non-profits] that we are not as familiar with as we would want to be." Slideshow: Top 10 open source apps for Windows  Stephanie Davies Boesch, the foundation's secretary and treasurer, is the only board member with experience sitting on a non-profit's board. Despite the stinging tone in Updegrove's assessment, Ramji says he is thankful for the feedback. "Andy's been incredibly generous with his expertise and recommendations," Ramji says. "It is the kind of input and participation we were hoping to get by doing what is probably non-traditional for Microsoft but not necessarily non-traditional for non-profit foundations, which is to basically launch as a beta." For instance, Ramji says that the decision to go with only five people on the board came from Microsoft's experience that larger groups often have difficulty with decision making. Ramji says Updegrove's suggestion to have academic representation on the board was "outstanding. And basically it is re-writable. We did not think of that." And to Updegrove's point on becoming an open membership organization, Ramji says, "our goal is to become a membership organization and Andy has some excellent recommendations for that."He says the fact that Updegrove took the time to respond "in the format that he did is more proof that there is something worth doing here." Ramji, compares the Foundation's formation to the early days of a software development project. "We have said in these first 100 days we are looking at everything as a beta. Obviously, there are some areas like contributions and licensing agreements we put a lot of time into but even those can be modified." Microsoft announced the foundation Sept. 10 with a stated goal "to enable the exchange of code and understanding among software companies and open source communities." The company seeded the group with $1 million and Microsoft employees dominated the interim board of directors and board of advisors.

One is a call for a broad independent organization that can bridge cultural and licensing gaps in order to help commercial developers participate in open source. Ramji says the foundation has spent the past couple of weeks listening to feedback in "Twitter messages, email, and phone calls in order to understand what people hope this can be." Within that feedback two patterns have emerged, Ramji says. The other focuses on creating a place where open source .Net developers can gain strong backing. "Look at projects related to Mono, you also can look at NUnit, NHibernate, we really feel optimistic that the Foundation could help them gain a higher level of credibility in the open source community. Miguel de Icaza, the founder of the Mono project and the creator of the Gnome desktop, is a member of the Foundation's interim board of directors. They feel they have been lacking that strong moral support," Ramji says. From a high level, Ramji says the Foundation stands as a sort of enabler that helps independent developers, companies and developers working for those companies navigate the nuances and practices of open source development so they can either contribute source code to projects or open source their own technologies. "One suggestion has been that the Foundation should house all the best practices we have seen software companies and open source communities use," said Ramji. "We want to have a place where everyone interested in how to participate can come and read and if they choose they can use our license agreements or can use the legal structure of the Foundation to grant patent licenses and copyrights for developers and derivative works." Those licensing agreements have a distinct focus, Ramji said, on the rights that are related to code that is being contributed and on how to contribute the patent rights on that code.

Ramji says the goal is to service multiple projects, multiple technologies and multiple platforms rather than having one specific technology base, which is how most current open source foundations are structured. "It's early days and we have received a lot of good ideas from experts in a variety of fields from law to code to policy that is what we had hoped for," says Ramji. "Someone wrote it is nice to see Microsoft engaging early on without all the answers and to have the community solve what they would like to see. Once those issues are settled, code would be submitted using existing open source licenses. That is satisfying for me and refreshing to others. This is the right way to proceed." Follow John on Twitter

Users Want Answers on Oracle-Sun Future

When Oracle Corp. Analysts said the arrival of the jointly built package shows that engineers at Oracle and Sun Microsystems Inc. have started working together in advance of the closing of Oracle's $7.4 billion acquisition of Sun , now expected in January. CEO Larry Ellison hosted a webcast last week to unveil the next generation of his company's Exadata appliance , a label reading "Oracle-Sun" was prominently displayed on the high-end database and storage system. But Ellison and webcast co-host John Fowler, executive vice president of Sun's systems business, only touted the joint engineering effort that created the Exadata Database Machine Version 2. They said nothing about the postmerger plans for the products of either company, keeping users mostly in the dark about the future of Oracle and Sun offerings.

Oracle did take an unusual step two weeks ago by running advertisements promising to spend more on Solaris software and UltraSparc hardware development than Sun does now. Oracle had hoped the deal would be closed by now, but it was held up earlier this month when the European Commission opened an in-depth investigation in response to what it called "serious concerns" that Oracle's ownership of Sun's MySQL database could blunt competition in the database market. The ads came in the midst of aggressive efforts by Hewlett-Packard Co. and IBM to court Sun's customers. He also acknowledged that he has concerns about Oracle's plans for Sun's open-source offerings. "In the open-source community, Oracle doesn't have a particularly friendly reputation," he said. The ads somewhat reassured Richard Newman, president of Reliant Security Inc., which uses Solaris-based systems to deliver data security products and services to retail industry customers. "We're crossing our fingers that what [Oracle] stated in print is in fact going to happen," he said.

Nathan Brookwood, an analyst at Insight64 in Saratoga, Calif., called Oracle's ad "a very unequivocal statement of support for the Sun hardware." However, Brookwood added that he doesn't expect the move to placate Sun's customers. "It's not time to stop biting your nails," he said. Richard Toeniskoetter, technology director at the W.A. Franke College of Business at Northern Arizona University in Flagstaff, said he wants to know Oracle's plans for Sun's Virtual Desktop Infrastructure software and its Sun Ray thin clients. "We are already running a fairly mature VDI model, and we just want to see Oracle recognize that it's a viable platform," Toeniskoetter said, adding that NAU is also interested in Oracle's plans for MySQL. This version of this story originally ran in Computerworld 's print edition. Among the Sun customers most in need of quick answers are resellers, such as PetroSys Solutions Inc., which sells repackaged systems for the government and education markets. "A lot of our clients are nervous," said Irene Griffith, who owns PetroSys. "They want to know what's going to happen." Sun's sales representatives have been mum on the subject. "They're not talking to us, they're not reaching out to us," Griffith said. It's an edited version of an article that first appeared on Computerworld.com.

Skype Founders Sue eBay: What's Going On?

The founders of Skype are suing eBay for copyright infringement, a move that could block eBay's deal to sell a majority stake in Skype to a group of private investors for $1.9 billion. The sale was seen as a big failure because the company was not able to further monetize the potential of the VoIP service in the years to come. eBay purchased Skype back in 2005 for $2.6 billion, but failed to acquire Joltid, the company supplying the core technology behind Skype, also owned by the founders of the VoIP software.

So eBay sold a 65 percent stake in Skype two weeks ago to an investment group for $1.9 billion, managing to get back some of the money it invested initially. At the core of the suit is a peer-to-peer technology called "global index", which is used by Skype's software to route calls over the Internet instead of traditional phones lines. But it's not all good for Skype, as Skype's original founders are now suing eBay, seeking damages for copyright infringement. This technology is owned by Joltid, which is still owned by the founders of Skype. Now moving to the U.S. courts, Joltid is seeking an injunction against Skype, which could affect Skype's operation.

As if it wasn't complicated enough, eBay licensed "global index" from Joltid for continued use in Skype, but Joltid terminated the license in March and have been battling eBay in U.K. courts ever since. The trial could jeopardise the closing of the Skype sale to the private investors, who are also named as defendants by Joltid. What's even more ironic is that that the money Joltid is using to sue eBay is probably the money they got from eBay when they sold Skype. While eBay is working on its own technology to replace Joltid's, Skype could be forced to close down its operation if Joltid wins the trial.

Microsoft greasing Windows 7 skids with early release of desktop tools

With the hope of sparking Windows 7 upgrades, Microsoft is planning an early release of its suite of desktop deployment tools.  The tools were originally slated to ship in early 2010, but Microsoft hopes to give customers the software in late October for use in rollouts of Windows 7 across corporate desktops. The news of the early release was announced by Ran Oelgiesser, senior product manager for MED-V, on the MDOP blog. The catch is that the Microsoft Desktop Optimization Pack (MDOP) R2 2009 is only available to volume licensing customers with Software Assurance contracts.

Slideshow: Snow Leopard vs. All the tools in MDOP R2 2009 will include support for Windows 7 except MED-V. Support for the new OS in MED-V 1.0 SP1 will come early in 2010, wrote Oelgiesser. Windows 7 Windows 7 is slated to ship to commercial customers on Oct. 22, but corporate users with volume licensing contracts have had access to Windows 7 since last month. MED-V runs multiple versions of Windows or applications concurrently without having to open multiple virtual machine sessions. The suite is a major part of Microsoft 's Optimized Desktop strategy, which addresses centralized management and deployment of physical and virtual resources.

The software complements another MDOP tool called App-V, which is used for managing and deploying virtual PCs. The MDOP lineup also includes Asset Inventory Service; System Center Desktop Error Monitoring; Advanced Group Policy Management (AGPM) for change management via group policy objects; and the Diagnostics and Recovery Toolset, which helps in recovering a crashed PC. MDOP is composed of software from Microsoft's purchases of Softricity, Kidaro, AssetMetrix, Winternals Software and DesktopStandard. According to Oelgiesser, App-V 4.5 SP1 will have various integration points with 32-bit versions of Windows 7, including with the AppLocker, Branch Cache and BitLocker ToGo features. The 64-bit version, App-V 4.6 will be available in the first half of 2010. Advanced Group Policy Management 4.0 features two new capabilities targeted at Windows 7. One allows users to manage group policies across different domains, and the other provides new search and filtering to ease tracking of group policy objects. In addition, the software will support 32-bit version of XP, Vista and Windows Server. Follow John Fontana on Twitter 

China's Alibaba expects India joint venture this year

Top Chinese e-commerce site Alibaba.com aims to announce an Indian joint venture this year as the company expands its global footprint, it said Friday. A deal in India, where Alibaba.com recently surpassed 1 million registered members, would be the latest in the site's efforts to grow abroad. "I've got a lot of confidence in India," said Jack Ma, CEO of Alibaba Group, the parent company of Alibaba.com. Alibaba.com is in talks with an Indian reseller about forming a joint venture, CEO David Wei told reporters at a briefing. Alibaba.com is a platform for small and medium businesses to trade everything from lumber and clothes to iPods and PC components.

Alibaba.com already works with Indian publishing company Infomedia 18, its likely joint venture partner, to promote its platform in the country. Its main member base is in China, but the site also has 9.5 million registered users in other countries and facilitates many cross-border trades. The site also has a joint venture in Japan and recently launched a major U.S. advertising campaign to attract more users there. Ma said Alibaba knows it needs to "do something" in Latin America as well. Ma and other top Alibaba executives visited the U.S. early this year for meetings with potential partners including Amazon.com, eBay and Google.

When asked if the company would also seek to expand in Eastern Europe, Ma said, "I will be there." Alibaba will not hold a majority stake in joint ventures it forms, instead taking a share similar to the 35 percent it has in its Japan operation. "Our global strategy means partner with local people," Ma said. "We want partners and we want partners to control their business." Users place total orders of more than US$200 million each day on the Alibaba.com international platform, Wei said. About 50 percent of those orders go to Chinese exporters, he said.

Government informant is called kingpin of largest U.S. data breaches

A government informant who helped put away nearly 30 fellow hackers five years ago, is considered by U.S. law enforcement officials to be the kingpin of the biggest data breaches in U.S. history.

Albert Gonzalez, 28, of Miami, Fla., was indicted yesterday for the third time in connection with the separate major data breaches. Gonzalez and two Russian citizens Monday were indicted by a grand jury in New Jersey on charges of running an international scheme to steal more than 130 million credit and debit card numbers, along with personally identifying information from five companies, including Heartland Payment Systems Inc., 7-Eleven Inc. and Hannaford Brothers Co.

Federal investigators and prosecutors are calling yesterday's third indictment of Gonzalez a coup for the government.

The latest indictment is far from the Miami man's first brush with the law.

Gonzalez, who is being held in a detention center in Brooklyn, N.Y., was indicted in the Eastern District of New York on May 12, 2008, and the District of Massachusetts on August 5, 2008, on charges related to separate data breaches at TJX Companies, Dave & Busters, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. Before the Heartland hack was disclosed, the TJX breach had been considered the largest ever, with 45.6 million credit and debit card numbers stolen.

Gonzalez had became an informant for the U.S. Secret Service after his 2003 arrest in New Jersey on on charges of ATM and debit card fraud, according to an official at the U.S. Department of Justice, who asked not to be named.

In 2004, Gonzalez provided information that helped the U.S. Attorney's Office in Newark, N.J. bust up what at the time was one of the largest online centers for stolen identity and credit card information. The online underground marketplace, dubbed the Shadowcrew group was charged with trafficking more than 1.5 million stolen credit and ATM card numbers.

Twenty-eight people were arrested and 27 pled guilty in connection with that incident. One man fled and became a fugitive.

Scott Christie, a former federal prosecutor who now leads the information technology group at law firm McCarter & English LLP, said it is clear that Gonzalez had been a leader of the Shadowcrew ring. Christie, who worked as a prosecutor on the Shadowcrew case, would not comment on any work that Gonzalez may have done for the government or why he was not arrested for his alleged role in the ring.

The DOJ official did confirm that Gonzalez acted as an informant in the case. However, according to this week's indictment, Gonzalez was allegedly continuing to work as a criminal hacker at the same time he was cooperating with the government.

The fact that federal authorities were unable to prevent Gonzales from carrying out the attacks on Heartland, Hannaford and other retailers despite his previous record speaks both to his tenacity and his apparently extensive ring of accomplices, said Avivah Litan, an analyst at Gartner Inc.

"Gonzalez appears unstoppable, and likely has many cronies lined up to help him in his endeavors," she said.

Assistant U.S. Attorney Erez Liebermann, who is prosecuting the case against Gonzalez in New Jersey, said that in addition to his alleged hacking skills, Gonzalez is a great organizer. He noted that Gonzalez is alleged to have worked with a different crew in each of the three incidents he's been indicted for. He is alleged to have worked with one crew to hack into Heartland and Hannaford systems, another in the TJX attack and yet another to illegally access data from Dave & Busters and other New York-based businesses.

"He was a person capable of hacking and then bringing people together to complete the task at hand," said Liebermann.

Christie said that Gonzalez clearly had "his hand in many pies."

"He seems to be the Bernie Madoff of online data theft," said Christie. "If it's all true, he would be one of the most prolific of the online data thieves that we know about. [The indictments] certainly are a big deal for consumers who charge purchases on their debit and credit cards every day. It's definitely good news for people who want to keep their good credit."

Richard Wang, manager of SophosLabs U.S., said that online data theft, especially in cases as massive as Heartland, Hannaford and TJX, take great coordination and that stopping them requires law enforcement to shut down the criminal organizations coordinating hacks.