aefadsdf

0

dsdf

New tech business NquiringMinds exhibits at House of Commons event for SETsquared

0

 

 

Tech start-up NquiringMinds was proud to be among the exhibitors at a high-profile House of Commons reception for the world’s number one university business incubator, SETsquared.

 

NquiringMinds, based at SETsquared’s centre in Southampton, was part of the special event at which SETsquared announced that its member companies raised over £90m of investment in 2015.

 

NquiringMinds has raised over £3m in its first few years as it builds its SmartCity solutions. At the heart of its innovation the Trusted Data Exchange (TDX) helps a city pull data securely from sensors and databases. This data is turned into actionable, high value information using advanced visualization and machine learning technology. The Secure Internet of Things platform, NquiringMinds has developed, means sensors can be quickly, cost effectively and securely deployed across a city.

 

The platform has been successfully applied to many real world problems (http://nquiringminds.com/case-studies/ ) from GP Pressure, Waste collection, Fleet management, Energy monitoring, to Telecare. Past successes include being elected as the Data Integration Platform for the UK’s Future Cities Program, an Open Data Champion Award from the Cabinet Office, a Parliamentary Nomination for Innovation in Productivity from Innovate UK and being identified by Cisco as a Top 15 IOT company in its Pioneers Program.

 

Nick Allott CEO of NquiringMinds said: “A SmartCity needs secure, real-time connected data. Our platform represents a five year investment in advanced security and analytics technology. We are now starting to see the benefit of applying this to the very real and very hard problems facing Local and Central Government.”

 

Alan Scrase, SETsquared’s Manager in Southampton, said: “We were delighted to celebrate SETsquared’s ranking as the world’s number one university business incubator at the House of Commons today. NquiringMinds epitomise the ambitious and innovative ventures we’re cultivating locally, and demonstrate the valuable impact this incubation process can have on the local economy and entrepreneurial culture.”

 

SETsquared announced the record investment news on 4 February at a reception at the House of Commons, attended by the Minister of State for Universities and Science, Jo Johnson MP, Lords and MPs.

 

Secretary of State for Business, Innovation and Skills, the Rt Hon Sajid Javid MP said: “It’s great to hear of SETsquared’s vital work and the record level of investment raised by the businesses they support. Business incubators, such as this, play a crucial role in helping start-ups innovate, compete and grow and I remain committed to backing entrepreneurs across the country.”

 



ENDS

 

For more information, images or interviews please contact:

Anita at nquiringminds

T: +44 2381 159 585

E: anita@nqminds.com

 

About NquiringMinds

NquiringMinds specialises in IOT (Internet of Things), Security and Data Analytics technologies, with a strong track record in both the SmartCities and Industrial IOT market. Our data analytics capability has won one numerous industry awards. It gives SmartCities and large enterprises a single unified view of their “siloed” data. The NquiringMinds approach to IOT security is leading edge, and considers the end to end problem of managing security: from small low powered sensors, up into the cloud based data sharing across organisations

Website: www.nqminds.com

 

 

About SETsquared

SETsquared is a long-standing Enterprise partnership between the universities of Bath, Bristol, Exeter, Southampton and Surrey which specialises in growing high-tech start-ups through its incubation programme and other business acceleration services. SETsquared provides mentoring, access to investors and corporate innovators and a wide range of industry experts through its network and training programmes.

 

Its business incubation programme is ranked by the University Business Incubator Index as the best in the world and over the last decade it has helped over 1,000 high-tech start-ups to develop and raise more than a £1bn of investment.

 

Independent research carried out by Warwick Economics estimates the economic impact of SETsquared member companies to be £3.8bn over this period, with the creation of 9,000 jobs and that these companies, along with new companies SETsquared will incubate, are set to deliver a further £8.6bn of impact to the UK economy in the decade ahead.

 

 

New tech business NquiringMinds exhibits at House of Commons event for SETsquared

0

 

 

Tech start-up NquiringMinds was proud to be among the exhibitors at a high-profile House of Commons reception for the world’s number one university business incubator, SETsquared.

 

NquiringMinds, based at SETsquared’s centre in Southampton, was part of the special event at which SETsquared announced that its member companies raised over £90m of investment in 2015.

 

NquiringMinds has raised over £3m in its first few years as it builds its SmartCity solutions. At the heart of its innovation the Trusted Data Exchange (TDX) helps a city pull data securely from sensors and databases. This data is turned into actionable, high value information using advanced visualization and machine learning technology. The Secure Internet of Things platform, NquiringMinds has developed, means sensors can be quickly, cost effectively and securely deployed across a city.

 

The platform has been successfully applied to many real world problems (http://nquiringminds.com/case-studies/ ) from GP Pressure, Waste collection, Fleet management, Energy monitoring, to Telecare. Past successes include being elected as the Data Integration Platform for the UK’s Future Cities Program, an Open Data Champion Award from the Cabinet Office, a Parliamentary Nomination for Innovation in Productivity from Innovate UK and being identified by Cisco as a Top 15 IOT company in its Pioneers Program.

 

Nick Allott CEO of NquiringMinds said: “A SmartCity needs secure, real-time connected data. Our platform represents a five year investment in advanced security and analytics technology. We are now starting to see the benefit of applying this to the very real and very hard problems facing Local and Central Government.”

 

Alan Scrase, SETsquared’s Manager in Southampton, said: “We were delighted to celebrate SETsquared’s ranking as the world’s number one university business incubator at the House of Commons today. NquiringMinds epitomise the ambitious and innovative ventures we’re cultivating locally, and demonstrate the valuable impact this incubation process can have on the local economy and entrepreneurial culture.”

 

SETsquared announced the record investment news on 4 February at a reception at the House of Commons, attended by the Minister of State for Universities and Science, Jo Johnson MP, Lords and MPs.

 

Secretary of State for Business, Innovation and Skills, the Rt Hon Sajid Javid MP said: “It’s great to hear of SETsquared’s vital work and the record level of investment raised by the businesses they support. Business incubators, such as this, play a crucial role in helping start-ups innovate, compete and grow and I remain committed to backing entrepreneurs across the country.”

 



ENDS

 

For more information, images or interviews please contact:

Anita at nquiringminds

T: +44 2381 159 585

E: anita@nqminds.com

 

About NquiringMinds

NquiringMinds specialises in IOT (Internet of Things), Security and Data Analytics technologies, with a strong track record in both the SmartCities and Industrial IOT market. Our data analytics capability has won one numerous industry awards. It gives SmartCities and large enterprises a single unified view of their “siloed” data. The NquiringMinds approach to IOT security is leading edge, and considers the end to end problem of managing security: from small low powered sensors, up into the cloud based data sharing across organisations

Website: www.nqminds.com

 

 

About SETsquared

SETsquared is a long-standing Enterprise partnership between the universities of Bath, Bristol, Exeter, Southampton and Surrey which specialises in growing high-tech start-ups through its incubation programme and other business acceleration services. SETsquared provides mentoring, access to investors and corporate innovators and a wide range of industry experts through its network and training programmes.

 

Its business incubation programme is ranked by the University Business Incubator Index as the best in the world and over the last decade it has helped over 1,000 high-tech start-ups to develop and raise more than a £1bn of investment.

 

Independent research carried out by Warwick Economics estimates the economic impact of SETsquared member companies to be £3.8bn over this period, with the creation of 9,000 jobs and that these companies, along with new companies SETsquared will incubate, are set to deliver a further £8.6bn of impact to the UK economy in the decade ahead.

 

 

Putting the Internet back in the “Internet of Things”

The “Internet of Things”: sounds exciting doesn’t it?

And if VC activity, funding grant opportunities and analysts reports are anything to go by, you would not be alone in thinking that this could be the “next big thing”.

But what exactly is it? Wikipedia gives us

The Internet of Things is a collection of technologies that make it possible to connect things like sensors and actuators to the Internet, thereby allowing the physical world to be accessed through software

Technopodia gives us

The Internet of Things (IoT) is a computing concept that describes a future where everyday physical objects will be connected to the Internet and will be able to identify themselves to other devices. The term is closely identified with RFID as the method of communication, although it could also include other sensor technologies, other wireless technologies, QR codes, etc.

But being a long standing subscriber to the Humpty Dumpty theory of semantics I will simply ignore all those and state for practical purposes I take the “Internet of Things” to mean any project where you connect something to the internet you don’t normally connect to the Internet. They are often little gadgets: sensors and actuators (but not always). And in any reasonable interpretation of the term, you can use Machine-to-Machine almost interchangeably when using Internet of Things. (The only real difference is if you use Machine-to-Machine it marks you out as having a Telecoms background, where our IOT guys tend to be more general Internet background)

My primary problem with the IOT community, however, is this:

Most Internet of Things Projects are actually Private Networks of Things

What I mean by this is the Internet (with a capital I) has at its core certain key principles, that are both key to its technical design and have been one of the critical forces behind its success. It is an unfortunate fact that most “internet of things projects” fail to address one or more of these principles.

Addressable

All IOT objects must be addressable. In internet language this is by an URI (Universal Resource Indicator) . Even the language “universal resource” should give you confidence that URI were designed to be pretty general purpose and addressing an IOT object is well in scope.

Open ecosystem

If the universal addressing scheme allows us to find the objects, once we have found it can we get in? How does the access work? This is a complex issue, and obviously there are profound security, policy and privacy issues to be considered, for normal web site as well as internet enabled devices. But it seems clear to me that the technical foundations on which an IOT network is based must at least support an open access schema, even thought this may not be the standard way the networks are deployed

Interoperable

If I have found the object and can access the object, the next question is what can I do with this object? The internet is a massive network of highly interoperable website (with content) and browsers that can access this content. This massive resource, this dynamic ecosystem of suppliers and consumers of information is only possible through rigorous, but flexible protocols and data formats. A compelling IOT ecosystem requires standards.

Openly defined (open governance)

Who owns this standard? Where is it created? If you are connecting to object over the internet, using a standard generated, owned and maintained by a single company, it can in no way shape or form claim to be and IOT project operating on Internet principles. (But of course it’s not easy to do collectively, and it takes time)

Royalty Free

Finally, and in my opinion, most importantly, these standards MUST be royalty free. This feature has been (again this is opinion here) the most significant factors in the success of the internet to date, more so even that the elegance of its technical design.

I’m sure there are more I have missed, but this is a useful start; keep these principles in mind next time you see a project claiming to be an “internet of things project” see how many boxes it ticks.

webinos as a Internet of Things framework

 

Some of you may have read the recent BBC article “Open-source project to get gadgets talking via the net”. This is clearly putting webinos out there as a potential force (hopefully for good!) in the IOT space. But maybe a little more background here will help put things in perspective.

webinos started with a 4-screen objective: as a way of putting applications, using web technology, on to cars, TVs, PCs and mobiles. As well as putting the applications on the devices, we also had in scope the problem of getting these devices talking to each other

However, what rapidly became clear was that many of the problems that we had to tackle, namely security, policy, privacy, local networking, discovery and remote device communication, are equally applicable to smaller devices (classic IOT device) as the more fully featured Cars and TVs. Indeed, going back to the definitions above many existing IOT projects would classify a TV as home networking device and would by their definition have a TV as an Internet of Things Device already.

We made a decision therefore to extend our four screens with “screen zero”, the device without the screen. Or in more classical parlance Internet of Things or Machine-to-Machine devices. Concretely: we have our open source code stacks available as prototypes on Arduino and a number of demo applications, for which we will have some youtube videos uploaded shortly. The important discovery for us here was we could re-use the technical specifications we had created for our original 4-screen use case, and demonstrate its effectiveness in addressing an even wider problems space (IOT) without having to change any of the technical details.

Let us now to dive into some of the technical details, and look at exactly how technically webinos adds value to the Internet of Things Space.

 

Addressable = URIs

Key to webinos is the concept of a Personal Zone. Each personal Zone has a Personal Zone Hub, where the defining characteristic is that the PZH is permanent internet addressable. It is essentially a web server, with a strong identity (see below), through which all requests can be routed. This Personal Zone Hub represents an individual, who may have many devices. Each of these individual devices can be then referenced under the root PZH URI using the friendly name. This essentially give us a URI to address any IOT device, which when combined with the routing mechanisms described below, gives us a way of connecting devices to devices in a very robust way.

Discovery = Widget Feature URI + WebIDL

As you will see in the webinos design we have tried to always refer to pre-existing specifications and technologies wherever possible. This is why we chose the widget application packaging for application distribution (not necessarily because it was the best, but because it was agreed, standardised and royalty free, under w3c terms). Within the widget family of specifications, are mechanisms for describing and requesting access to capabilities, in other words APIs. This is an elegant and simple schema where each API is described by a URI. Again a Universal Resource Indicator, but this time instead of the URI referring to an object, it describes an API. This API is then specified at a greater level or detail using WebIDL, a well-established Interface Description Language for describing JavaScript APIs. Where we take it for granted that of you are programmatically accessing capability on devices over the Internet, you are going to use an Internet friendly programming language: that is JavaScript.

To add remove discovery to webinos we therefore took the pre-existing feature-URI schemas for declaring and requesting access to capabilities, and added some functions for making these requests across devices, as opposed to just calling for the feature on the same device the app is running on.

In the context of IOT this means that an object simply has to respond with the feature-URIs it supports when requested from a permissioned device

Invocation = JSON-RPC

Once discovered, we need scheme for remotely invoking and API and also a way for the object to hand its response back to the client applications. The problem therefore is how to package JavaScript for remote procedure calls. There is existing technology for this JSON-RPC http://json-rpc.org/ which we simply reuse as is.

Identity = Personal Zone Key Infrastructure

At the heart of webinos is the PKI infrastructure. Our internet addressable Hubs and the many devices that may be attached to it need strong identities that can be used as the foundation for our communications. Moreover these identities need to be mutually attestable in the absence of visibility of the sever (hub). In other words my PC and my heart rate monitor need to be able to validate each other, even when there is no internet connection. It is hard to see how a robust IOT network can operate without this capability.

To deliver this within webinos we basically make use of pre-existing PKI technology and specifications, introducing some simple algorithms and processes for the enrolment of devices and the synchronisation and revocation of certificates within and across devices in personal zone hubs. In simple terms when you enrol a device to a PZH, you issue a bespoke certificate to that device that can then be used to bootstrap communications further down the line

Policy = XACML based

In any discussion of Internet of Things, the issue of security and privacy comes up a lot. Within webinos we have piggy-backed on a lot or pre-existing work in this area. The original solution comes from the IBM created XACML based XML policy description language, which has gone through several iterations, BONDI-> WAC->webinos, to generated a specific XACML instantiation that is fit for purpose for web based applications and internet of things deployments. Within the latest webinos versions of the specification we have included the best practice we could find coming out of the PrimeLife and P3P initiatives

The end result is that we have a highly interoperable (therefore synchronisable between devices) mechanism for describe the precise security, policy and privacy rules that a user wishes to apply to their device

Local Connectivity = PKI + Connection Management

How do we allow two devices to connect to each other securely over local networks? We have already covered one component of the solution to this problem that is the PKI infrastructure. We also have in place a connection manager abstraction, which means that a device can look at alternative connection networks, selecting the best one, then connecting to the destination device in the best way possible.

What this means is that when you have two devices that need to communicate whether TV&Phone or PC& EnergyMonitor, they are able to do so obviously when both have full internet connectivity, but also when there only local connectivity (Wifi, Bluetooth, NFC etc) . Whatever the physical connection, and whether it a a local or peer-to-peer connection we can still use the same identity schema (PKI) to connect the devices

Security = TLS

Considering that we are using PKI as the identity model, it will come as no great surprise that we are using TLS as the connection scheme through which we tunnel the application communications.

It is on this aspect where there may be few optimisation tweaks for IOT deployments. TLS is obviously the preferred connection scheme and appropriate for most deployment scenarios, but some IOT devices are very constrained indeed in terms of their computing power and TLS can be computationally very expensive. There are some scenarios therefore were a more lightweight connection scheme is preferable.

Efficient Symmetric communications = TLS+ JSON-RPC

Classic HTTP/HTTPS which has browser s and servers is an asymmetric protocol: the servers are long lasting and presently available, the browsers are temporary, they make connections then disappear. HTTP is technically a “stateless protocol”. This is not ideal for IOT deployments: sometimes the IOT device will request the connection, sometimes the PC or management device. They are peers not client and server. This can be, and sometimes is emulated by having two sets of browser and server, pointing at each other, on the two devices in question. But this is far from ideal. By using TLS as the base protocol and tunnelling JSON-RPC over it, we have a very streamlined connection protocol that is both efficient, and can be used in either direction.

Interoperable = existing standards

The above list maps the challenge to specific protocols (largely pre-existing). The ensemble of these specification defines the base of the interoperable standard that is need to produce a vibrant ecosystem where any device can connect to any device.

Royalty Free = W3C IPR policy

And to address the royalty free issue we raised at the start of the article, these specifications, under the terms of the webinos engagement agreements are delivered on the understanding that these can be put forward to W3C as candidate specifications. Each contributor explicitly recognises this intent and direct references are made to the W3C patent policy.

Ease of Deployment = Apache 2.0 Open Source

webinos is of course more than just a set of specifications, it has a full open source implementation that is made available on a number of different platforms, including the IOT focussed Arduino platform. This code is made available under the Apache 2.0 Open Source license, making it fairly easy to use for commercial adoptions

Embedded Server = node.js

To deliver IOT you need the logical equivalent of a server running on a device: an embedded server. Within webinos we looked to see what projects out there could deliver en efficient but extensible server framework, but would also be readily adaptable to out Internet programming Language of choice: JavaScript. Node.js is the obvious candidate here and specifically within webinos we have taken the node.js core and overlaid a set of applications on the top to make it operate effectively on PC and mid-range devices. To date this strategy has proven remarkably effective giving us not only a server framework ready to go, but an application framework that is highly portable over many operating systems.

In addition to PC, Mac and Linux, we clearly have Android in scope as a target platform. Unfortunately node.js does not run out the box on Android. Certainly not on unrooted Android devices. One of the webinos contributors (Paddy Byers) set about porting node.js for unrooted Android and we now have the anode https://github.com/paddybyers/anode/ project as a result, on which the Android version of webinos is based.

Extra small scale deployments = microPZP

For some IOT deployments this will be enough; for others node.js will be too computationally heavy for deployments. For these scenarios we have developed the notion of a microPZP. A microPZP has all the same functions of a normal Personal Zone Proxy, and is in its entirety an embedded server. The difference is that is has been compiled from raw C (not a virtual JavaScript execution environment) and has been tuned for the particular embedded environment. But as long as it supports the core functions of

  • Mutually authenticated TLS based on pre-shared Certificates, according to the webinos PKI infrastructure (or an optimised implementation with similar behaviour)
  • Responds to Feature-URI capability discovery requests, to tell attached devices what functions it supports
  • Responds to JSON-RPC requests

Then it is possible to create highly interoperable, secure IOT deployments, with will interoperate in large eco-systems.

Open Governance = Free affiliation

Final, point which is non-technical, but no less important because of this. Webinos runs as best as we can manage, along open governance principles. What this mean is the totality of the webinos specifications is far more than the product of a single organisation (to date 30 organisations have been involved in its creation). It also means that anyone out there reading this (whether an individual or company) can also take part and influence its future. All we require is the commitment that allows us to maintain our open source code base and the royalty free status of the specification. There are no webinos joining fees!

 

We hope this article puts a little more meat on the bones, in terms of understanding exactly how and why webinos is relevant for Internet of Things technologies, and if you have any feedback positive, negative or simply more questions you would like answering, feel free to comment publically on this site, email the consortium at hello@webinos.org or myself at nick@ubiapps.com

 

 

 

 

 

 

 

 

 

 

 

FirefoxOS, ChromeOS, WebOS, Tizen: Is WEBINOS a YANWOS?

    

Typical, you wait years for a web-based operating system and 3 come along at once. Which begs the question of course – Is webinos Yet Another Web-based Operating System (a YANWOS!).

The simple answer is no. Not that there’ anything wrong with Web-based Operating Systems (WOS’s ?) quite the contrary. Web-based operating systems we are confident are the future. It’s just important to understand webinos is something different, a complement perhaps to some of the other exciting innovations in this space.

So to clear up some confusions let’s step through, point by point, on how webinos differs from these broader web based operating systems

1 – It’s not an Operating System

Let’ start with the basics: it’s simply not an operating system.

According to http://cplus.about.com/od/introductiontoprogramming/g/opsystemdef.htm:

An Operating System is a computer program that manages the resources of a computer. It accepts keyboard or mouse inputs from users and displays the results of the actions and allows the user to run applications, or communicate with other computers via networked connections.

Webinos does the second bit (allows the user to run applications, or communicate with other computers via networked connections.). But not the first bit(manages the resources of a computer. It accepts keyboard or mouse inputs from users and displays the results of the actions) . You might call it a virtual operating system or an application execution environment. But it would be incorrect to call it an operating system. It is working at a higher level of abstraction

 

There is a very good reason for this: we want webinos to be ubiquitous. The value of webinos comes to the fore when it’s on every device. And we are not going to get on every device/operating system if set yourself up on competition with other operating systems.

This schematic should reinforce the point.

The rows represent application technologies, technologies that a third party application developer must design for and technology which must be there in order for the applications to run. The columns represent underlying operating system, kernels, schedulers, hardware abstraction layers etc.

What you will notice is that our first four rows have only one green cell. Tizen (the development environment), only works on Tizen (the Operating System). FirefoxOS (the development environment) only works on FirefoxOS (the Operating System). For these four platforms, the App developer experience and the Operating System platform are the same thing: which means of course they are mutually exclusive options

Out next three examples are each different. They are all essentially “virtual layers” – virtual abstractions of the underlying hardware (not concrete abstractions) which means they can work on many platforms. It is worth looking at each of these a little closer

  • Chrome Browser: Chrome is double-counted here. Chrome the browser and Chrome the Operating System. Arguably if you collapsed them together you would get more green cells, but it’s important to drive the distinction home. The Chrome browser is a HTML5 execution environment where the core development language (like all WOS’s) is a subset of the HMTL5 technologies, but importantly supplemented with extra APIs for deeper integration, a security layer, and a packaging mechanism for applications. But if you have a version of the Chrome Browser on the lower level OS (e.g. Windows, Mac) then your apps will work
  • WAC is different again. It is primarily a specification not an implementation. It is has some preferred implementations but not a mandatory one. It therefore has the benefit that it can theoretically run on many platforms. Known implementations however only exist for Android, therefore that is the only cell that is green. Other cells where there is theoretical compatibility are coloured Amber
  • Finally webinos. So obviously we have slightly biased perspective, but it is an objective fact that the current Open Source code base, is interoperable with all of the Operating Systems highlighted green in the matrix. iOS as always is the special case: porting a full virtual runtime is explicitly prohibited in the terms and conditions. However, within webinos we do have a version of the runtime that works on rooted iPads and iPhones (as a research project). In addition we are investigating, refactoring core webinos functionality into libraries. For iOS this would mean providing standalone client and server webinos libraries that can be statically bound to individual applications, following the same deployment model as PhoneGap

To summarise: webinos is a virtual layer not a deep OS. It is designed to sit on ANY (ALL?) operating systems, and provide that essential glue that

  1. Allows the web-based application to work on all devices
  2. Allows the web-based application to talk to each other

It has far more in common with Java than it does with a Linux based OS. Indeed there is an emerging notion that Node.js (on which the webinos implementation is based) fills a natural vacuum left by the Java on devices. As a lightweight vehicle for writing platform portable programming logic and applications, it is proving remarkably effective.

This distinction is important primarily in recognition of the current market penetration of the existing OSs and therefore the market uptake challenge that pure new OSs face. Taking figures from http://www.engadget.com/2012/05/24/idc-q1-2012-world-smartphone-share, this challenge is significant

 

 

 

Embedded Server Technology

The second way webinos differs from other technologies is touched in point (b) from above

webinos provides technology to allow applications and devices to discover each other, discover each other’s services and make use of each other’s services from a web programming base (HTML + JavaScript). And to do all of that both across the open internet and across local peer to peer networks

 

How does it do this? For full details on this you’re better of reading the webinos white paper, or the primary webinos specifications. But putting it as simply as possible: webinos serves capability to remote devices by hosing a local embedded server on device

The core principles are not dissimilar to the now defunct Nokia Mobile Web Server. http://betalabs.nokia.com/trials/mobile-web-server . Importantly, however, webinos introduces some vital innovation to address the security, interoperability and network efficiency issues that face basic embedded RESTful servers. Again you are better served referring to the technical documents for full details, but the summary is

  1. Use of co-ordinated, standardised certificate distribution mechanism for anchoring user and device identity
  2. Use of Mutually Authenticated TLS to ensure communications are both symmetric, secure and lightweight
  3. User of JSON-RPC as a friendly JavaScript binding for remote method invocation
  4. Use of multiplexing of JSON-RPC and other network traffic to make over the air connection more efficient
  5. Use of the widget defined feature-URI schema for a lightweight capability query and capability invocation mechanism

The result is a flexible web based architecture that starts to blur the traditional distinctions between a web-server and web-browser.

Open Governance

Webinos has published previously on this issue, but its and important one that again distinguishes it against the other web based app frameworks.

Most of these other web app frameworks are also open source but as our early reports on IPR and Governance models http://webinos.org/blog/2011/11/02/webinos-report-target-platforms-target-requirements-and-platform-iprs/ show, which has been expanded and improved in the excellent VisionMobile report on Open Governance http://www.visionmobile.com/product/open-governance-index/ :

Open Source does not mean Open

The presupposition is that an open source project can only be truly successful if there is fair and equal representation across the ecosystem. Any open source project that does not abide these principles and is dominate by one or more strong industry players, will inevitably create a reaction from its competitors. This reaction will always take the shape of a competing and fragmenting alternative project.

What this means on a day to day basis is a constantly evolving (and hopefully improving) but for now this means: anyone can join webinos and there is no charge. All opinions are taken on board at face value on meritocratic principles.

I think it is important to say that of all the other listed Web app dev environments: Mozilla can also reasonably claim this position. So webinos is not entirely unique in this sense.

Open Ecosystem – No tied AppStore

It may be too early to call the outcome on this one, but in doing cross OS analysis it is important that we comment on the trend for all new Operating Systems to have singular and embedded application stores. Apple, RIM, Android and Microsoft are all guilty of this to a greater or lesser extent. The business of operating systems seems to have turned into the game of establishing a monopoly on application distribution.

This is not the ethos of the web. And is it not something a web-based operating system should do. But the trends are disconcerting:

  • Chrome is bound to Chrome web store
  • FirefoxOS presumably will feature the Mozilla Market place prominently
  • Tizen: too early to say
  • The late webOS was bound to the HP App Catalog
  • WAC is bound to warehouse, but not an appstore

The webinos vision is always that OS/App Environment and AppStore should be loosely coupled and democratic in their bindings. Where preferences in supply, where they exist, should be determined by consumer preference, not software and hardware suppliers. This is what creates truly powerful ecosystems.

You know: the same way the Internet works!

Compatible on top, not Competitive against

Hopefully, this brief post will help clear up some common misunderstandings in webinos positioning and positioning of web based operating systems in general.

webinos is totally open technology, and although it shares some common technical foundations with other web-based operating systems, (HTML5 + JavaScript etc) the scope is quite different.

Our primary focus is getting different devices working with each other using innovative web based primitives. The technology is entirely compatible with Tizen, Firefox, WAC and Chrome, and indeed we starting to look at porting projects to put our node.js based architecture on these platforms Any parties interested in helping please get in touch with hello@webinos.org

Essentially we are a layer on top, not competition with these other worthy projects.

 

 

 

 

 

 

FirefoxOS, ChromeOS, WebOS, Tizen: Is WEBINOS a YANWOS?

    

Typical, you wait years for a web-based operating system and 3 come along at once. Which begs the question of course – Is webinos Yet Another Web-based Operating System (a YANWOS!).

The simple answer is no. Not that there’ anything wrong with Web-based Operating Systems (WOS’s ?) quite the contrary. Web-based operating systems we are confident are the future. It’s just important to understand webinos is something different, a complement perhaps to some of the other exciting innovations in this space.

So to clear ups some confusions let’s step through, point by point, on how webinos differs from these broader web based operating systems

1 – It’s not an Operating System

Let’ start with the basics: it’s simply not an operating system.

According to http://cplus.about.com/od/introductiontoprogramming/g/opsystemdef.htm:

An Operating System is a computer program that manages the resources of a computer. It accepts keyboard or mouse inputs from users and displays the results of the actions and allows the user to run applications, or communicate with other computers via networked connections.

Webinos does the second bit (allows the user to run applications, or communicate with other computers via networked connections.). But not the first bit(manages the resources of a computer. It accepts keyboard or mouse inputs from users and displays the results of the actions) . You might call it a virtual operating system or an application execution environment. But it would be incorrect to call it an operating system. It is working at a higher level of abstraction

 

There is a very good reason for this: we want webinos to be ubiquitous. The value of webinos comes to the fore when it’s on every device. And we are not going to get on every device/operating system if set yourself up on competition with other operating systems.

This schematic should reinforce the point.

The rows represent application technologies, technologies that a third party application developer must design for and technology which must be there in order for the applications to run. The columns represent underlying operating system, kernels, schedulers, hardware abstraction layers etc.

What you will notice is that our first four columns have only one green cell. Tizen (the development environment), only works on Tizen (the Operating System). FirefoxOS (the development environment) only works on FirefoxOS (the Operating System). For these four platforms, the App developer experience and the Operating System platform are the same thing: which means of course they are mutually exclusive options

Out next three examples are each different. They are all essentially “virtual layers” – virtual abstractions of the underlying hardware (not concrete abstractions) which means they can work on many platforms. It is worth looking at each of these a little closer

  • Chrome Browser: Chrome is double counted here. Chrome the browser and Chrome the Operating System. Arguably if you collapsed them together you would get more green cells, but it’s important to drive the distinction home. The Chrome browser is a HTML5 execution environment where the core development language (like all WOS’s) is a subset of the HMTL5 technologies, but importantly supplemented with extra APIs for deeper integration, a security layer, and a packaging mechanism for applications. But if you have a version of the Chrome Browser on the lower level OS (e.g. Windows, Mac) then your apps will work
  • WAC is different again. It is primarily a specification not an implementation. It is has some preferred implementations but not a mandatory one. It therefore has the benefit that it can theoretically run on many platforms. Known implementations however only exist for Android, therefore that is the only cell that is green. Other cells where there is theoretical compatibility are coloured Amber
  • Finally webinos. So obviously we have slightly biased perspective, but it an objective fact that the current Open Source code base, is interoperable with all of the Operating Systems highlighted green in the matrix. iOS as always is the special case: porting a full virtual runtime is explicitly prohibited in the terms and conditions. However, within webinos we do have a version of the runtime that works on rooted iPads and iPhones (as a research project) plus we are currently investigating, sub-setting the webinos functionality and providing standalone client and server webinos libraries that can be statically bound to individual applications, following the same deployment model as PhoneGap

So finally, to summarise webinos is a virtual layer not a deep OS. It is designed to sit on ANY (ALL?) operating systems, and provide that essential glue that

  1. Allows the web-based application to work on all devices
  2. Allows the web-based application to talk to each other

It has far more in common with Java than it does with a Linux based OS. Indeed there is an emerging notion that Node.js (on which the webinos implementation is based) fills a natural vacuum left by the Java on devices. As a lightweight vehicle for writing platform portable programming logic and applications, it is proving remarkably effective.

This distinction is important primarily in recognition of the current market penetration of the existing OSs and therefore the market uptake challenge that pure new OSs face. Taking figures from http://www.engadget.com/2012/05/24/idc-q1-2012-world-smartphone-share, this challenge is significant

 

 

 

Embedded Server Technology

The second way webinos differs from other technologies is touched in point (b) from above

webinos provides technology to allow applications and devices to discover each other, discover each other’s services and make use of each other’s services from a web programming base (HTML + JavaScript). And to do all of that both across the open internet and across local peer to peer networks

 

How does it do this? For full details on this you’re better of reading the webinos white paper, or the primary webinos specifications. But putting it as simply as possible: webinos serves capability to remote devices by hosing a local embedded server on device

The core principles are not dissimilar to the now defunct Nokia Mobile Web Server. http://betalabs.nokia.com/trials/mobile-web-server . Importantly, however, webinos introduces some vital innovation to address the security, interoperability and network efficiency issues that face basic embedded RESTful servers. Again you are better served referring to the technical documents for full details, but the summary is

  1. Use of co-ordinated, standardised certificate distribution mechanism for anchoring user and device identity
  2. Use of Mutually Authenticated TLS to ensure communications are both symmetric, secure and lightweight
  3. User of JSON-RPC as a friendly JavaScript binding for remote method invocation
  4. Use of multiplexing of JSON-RPC and other network traffic to make over the air connection more efficient
  5. Use of the widget defined feature-URI schema for a lightweight capability query and capability invocation mechanism

The result is a flexible web based architecture that starts to blur the traditional distinctions between a web-server and web-browser.

Open Governance

Webinos has published previously on this issue, but its and important one that again distinguishes it against the other web based app frameworks.

Most of these other web app frameworks are also open source but as our early reports on IPR and Governance models http://webinos.org/blog/2011/11/02/webinos-report-target-platforms-target-requirements-and-platform-iprs/ show, which has been expanded and improved in the excellent VisionMobile report on Open Governance http://www.visionmobile.com/product/open-governance-index/ :

Open Source does not mean Open

The presupposition is that an open source project can only be truly successful if there is fair and equal representation across the ecosystem. Any open source project that does not abide these principles and is dominate by one or more strong industry players, will inevitably create a reaction from its competitors. This reaction will always take the shape of a competing and fragmenting alternative project.

What this means on a day to day basis is a constantly evolving (and hopefully improving) but for now this means: anyone can join webinos and there is no charge. All opinions are taken on board at face value on meritocratic principles.

I think it is important to say that of all the other listed Web app dev environments: Mozilla can also reasonably claim this position. So webinos is not entirely unique in this sense.

Open Ecosystem – No tied AppStore

It may be too early to call the outcome on this one, but in doing cross OS analysis it is important that we comment on the trend for all new Operating Systems to have singular and embedded application stores. Apple, RIM, Android and Microsoft are all guilty of this to a greater or lesser extent. The business of operating systems seems to have turned into the game of establishing a monopoly on application distribution.

This is not the ethos of the web. And is it not something a web-based operating system should do. But the trends are disconcerting:

  • Chrome is bound to Chrome web store
  • FirefoxOS presumably will feature the Mozilla Market place prominently
  • Tizen: too early to say
  • The late webOS was bound to the HP App Catalog
  • WAC is bound to warehouse, but not an appstore

The webinos vision is always that OS/App Environment and AppStore should be loosely coupled and democratic in their bindings. Where preferences in supply, where they exist, should be determined by consumer preference, not software and hardware suppliers. This is what creates truly powerful ecosystems.

You know: the same way the Internet works!

Compatible on top, not Competitive against

Hopefully, this brief post will help clear up some common misunderstandings in webinos positioning and positioning of web based operating systems in general.

webinos is totally open technology, and although it shares some common technical foundations with other web-based operating systems, (HTML5 + JavaScript etc) the scope is quite different.

Our primary focus is getting different devices working with each other using innovative web based primitives. The technology is entirely compatible with Tizen, Firefox, WAC and Chrome, and indeed we starting to looks at porting projects to put our node.js based architecture on these platforms Any parties interested in helping please get in touch with hello@webinos.org

Essentially we are a layer on top, not competition with these other worthy projects.

 

 

 

 

 

 

Google takes a stand against the anonymous

Google are taking a strong stand against those who like to be anonymous.(http://news.cnet.com/8301-1023_3-20082874-93/google-vp-why-google-requires-real-names/)

Not the hacking group Anonymous, of course, but the somewhat larger set of people who still cling to the illusion of privacy.

I can’t quite work out whether this is sound business sense, naivite, of full blown stupidity. It is certainly out of touch with social networking trends.

 

Juvenile Psueds

I confess, much to frustration of my real world friends, I have not really entered into the spirit social networking. I think I’ve made 3 tweets so far, and on more than one occasion I have been berated for taking over 6 months to respond to a facebook message. Fortunately, however, two of my children are teenagers. Observing their online behaviours gives my far better insight into genuine trends, than middle age geek introspection.

Facebook, for my elder children, is of course is the dominant form of communication.  But here’s the interesting thing. if you look at my children online contacts, less than 40% of them user their own name.

They have all embraced Psuedonymity. Apparently the current vogue is name mashups. You may keep your first name, but you often take the second or middle name of a friend.

Your friends know who you are – of course they do – they’re your friends. But a casual browser, would find it reasonably difficult to tie your facebook account to your real identity.

When you think about it, this is quite a beautiful thing. The collective is adapting. Its adapting to protect itself – its protecting itself from invasion of privacy yes. But I think there is something else at work here, at some level, even it its subliminal, there is a recognition that there is a financial element to this also.

 

What is Anonymity worth

The “information disruption” does not stop at names mashups. Ages and Marital status are also falsely reported. Children are getting married and divorced all the time. Marital status has become a form of “friend presence”; it is a way of marking up a special relationship. But of course they’re not children, to facebook. They may be 12 one week 35 the next. Getting married, being in a lesbian relationship with you BFF, is really just a bit of laugh.

But this is all hilarious. What is it doing to the “advertising Algorithms”? Do my children really need the services of a divorce lawyer? Would the divorce lawyer be spending his money on advertising be pleased that their very expensive “demographically targeted adverts”, are hitting 12 year old school children?

This is what its all about in the end – Money. Google and Facebook are in the information business. They sell your information (with consent….?), via advertising. If the information is corrupt, their handling damaged goods. And when the buyers of these goods work this out, the price drops…………dramatically.

Translation: lying about your identity, age, marital status – or otherwise pissing about with your information costs Facebook and Google money!!

 

A Prediction: Private Browsers are coming

Here’s what I think: very soon the world of browsing will change. The current handling of private information on the web is not sustainable.

There are a lot of pressures at work here

  • Legislation: the “do not track” meme is in the ascendancy. These things take time US: http://donottrack.us/EU: http://www.zdnet.co.uk/news/security-management/2011/06/22/eu-warns-web-firms-over-do-not-track-timescale-40093187/. But there is implied recognition here that the consent model for data is not working
  • Behaviours: as you can see above people are changing the way they use social networks. I think this is just the thin end of the wedge. The technology is taking time, the laws always time- but there is an immediate  need to protect privacy, so we change the way we use the system. And I suspect at some level people take a mischievous pleasure in devaluing the amount of money an advertising company can make off their back.
  • Technology: finally, I think a new wave of browsers are on the way. The final and most extreme trend, is the emergence of new browsing models where data is truly owned by the user. In webinos we are experimenting with some of these ideas, but this is not an isolated trend.
I think Google needs to wake up and wake up fast. Quotes like this
But he explained that the requirement to use real names is an attempt to set a positive tone, “like when a restaurant doesn’t allow people who aren’t wearing shirts to enter.”Read more: http://news.cnet.com/8301-1023_3-20082874-93/google-vp-why-google-requires-real-names/#ixzz1TEsJtoE4

Demonstrates a a fundamental misunderstanding. People aren’t changing their name as a sign of “disrespect” to the social networking entity. The social network itself is still functioning. My friends still know who I am not matter what my name, and when I change my age its a joke, because my real friends have the context of reality, through which to interpret the information. What is emerging is a new private language is evolving to stop the corporate listening in and making money off the chatter.

 

Watch this space. I’m sure they will be some backtracking –  a bit of face saving on he inevitable backlash, against these naive statements.

But we must recognise that there is a financial imperative here – a driver that will nor change. The motives of Google and the like are clear: the quality of your data effects their advertiser income, they want you to keep it clean for them.

 

Things have to change.

If the services dont adapt, the browsers, behaviours and legislation will.

If the servers don’t treat our data with respect, the browsers will stop releasing it.

One day soon, if things don’t change, we will all want to be anonymous.

 

Open Source – Sustainable Development

 

New software technology, whether PC or mobile, is now dominated by open source.

Android, Chrome, Symbian , Webkit, Apache, Eclipse, Meego, Linux, Limo, Ubuntu, Mozilla, QT, Phonegap collectively and individually are powerful forces that determine not only the future directions of technology, but by implication the future successes of companies involved in any of the industries touched by these projects.

This article has a singular purpose: to explore the optimal  shape and structure of a successful open source.  And by success I mean not only, where is it today, but are the incentives there to sustain interest and development in the platform. For every open source success, there are many stagnating in a source code repository graveyard

In the context of webinos, the project I am currently working on, this is relevant for two reasons

  1. We need to build on top of other open source operating systems. When we make the selection of which platforms to prioritise, we need to be aware of the risks and benefits of different open source project configurations
  2. Webinos will itself be and open source project. When we construct the mechanics of its operations, we want to do so based upon best practice.

The reality of open source projects is that they require significant investment: hundreds of thousands of man hours in many cases. And this investment is in most cases corporately sponsored. Corporates require a return on investment; whether you can see it or not the company investing effort into a collaborative initiative such as an open source project is doing so for financial gain. Moreover, corporates are “compelled” to compete; shareholders expect returns above the market norm.

These considerations are essential if we are to build a sustainable healthy, open source community.

A successful, sustainable open source community requires that multiple competing companies must continue to invest, on an ideally equal basis, into the collaborative activity.

In this article, therefore I am going to cover several points.

  1. Go over some of the theoretical background on and why companies do (and don’t) invest in open source, and also look at the principle dimensions of how they are legally constructed
  2. Business models: an effective collaborations of corporates, more so than individuals, requires that all parties are comfortable with each others motivations. Why am I engaged? Why are you engaged?
  3. Finally, Ill look at some evaluation metrics – can we establish the parameters by which we can evaluate the probable sustainability of an open source project. And to validate this look at how different platforms measure up.

 

Background concepts – Why

First let us just review some baseline theory. Why do we think companies engage in open source? What are the incentives and the disincentives to code collaboration? Let’s look at this at the abstract level before we go into the detail.

Software (source code) is a liability

Software developers don’t like hearing this, but there is a great deal of truth in the statement that Source code is a liability not an asset.

If I’m in sales I like binary code. Binary code I can put on a web site of ship as a CD, and people will pay me for it. To the accountant this is an asset: it something that generates income every month and goes towards the bottom line.

But the salesman and the accountant don’t really care about source code. They often don’t know what it is. All the salesman knows is he can’t sell it. And the accountant knows that source code needs these expensive things called programmers to nurture it, and make it grow. Source code is therefore a liability; it costs money every month for as long as own it. (It also depreciates really fast!).

If this is shocking to you – I apologise. But I think once you understand how the business people see it; you might understand why software departments keep getting “outsourced”. They are taking the liability off the books, but hope (usually erroneously) that they are keeping the asset.

And if that shocked you, the next bit is even worse. If you are part of a company that just “open sourced” their software, as a right-on software developer you might think cool, my company has got it – they finally understand this technology thing! Well I’m sorry to disappoint you, but in my experience from the business perspective you just got outsourced again, but this time to magically sustained community which they didn’t have to pay for. It’s a no brainer.

Ok, so the reality is probably a little more sophisticated than, but you get the point.

Links:

Game Theory, Economic Theroy

Second bit of theory: Game theory.

I’m not going to give you an ABC of Game theory here, but if you ever want to truly understand Open Source dynamics, or any form of standards activity you need to understand it. A lot of the ideas in this article, will make a lot more sense if you have.

Translating one of the key principles, Prisoners dilemma, into the code collaboration space in a few lines is:

Company A and Company B have 20 programmers each they can collaborate on open source (standards) or create a proprietary system
  1. If Company A and B both put all their programmers on open source, they’ll share the rewards and anticipate making $10million each next year
  2. If A and B both create proprietary systems, we will have a fragmented mess, the market won’t grow and they’ll only make $2million each next year
  3. BUT if one company goes open source and the other creates a propriety system, the open will only make $1million but proprietary makes $20 million.

So you’re the CEO of company A: what do you tell your programmers to do?

If your answer is well we pretend to do open source (put one programmer on it), but secretly create a proprietary system (put 19 programmers on it) –then you have the devious type of mind well suited to corporate strategy!

Now add another 20 companies to the scenario above, can create few other sub-options of choices and your starting to approximate to the real-world strategic landscape facing a corporation deciding on whether to join an open source project

The other concept from economics you need to understand is “free riders”. That is benefiting from the efforts of the community, without giving anything back in return.

Translating again:

Company A, B and C all have 20 programmers. To start they all put 60 people on the project. Six month down the track Company C pulls 10 people off. Company still benefits just as much from the collective effort but has now freed up 10 programmers to put on strategic projects that give them ac competitive advantage of Company A and B.

So your CEO of company A and B , what do you do in reaction?

The problem is I get a tangible return for taking someone off the project, but I will not get a proportionate return for adding someone the project. The consequent regress to zero, and the deterioration of the public asset, is reminiscent of the other economic concept to consider: The Tragedy of the Commons.

Links:

 

Value Chains – Value networks

Final bit of theory for background research is another economic/strategic concept; the concept of value chains and value networks.

It gives you a set of theoretical tools for understanding how commercial advantage in a market can have impact on markets upstream and downstream of this market. And when you factor in that your competitors may share suppliers/customers with your or be segmented differently, you will start to see complex ecosystem effects.

In the area of operating systems, devices, application ecosystems and media markets these interdependencies and dynamics can be mind bogglingly complex.

As a simple example

Company O1 and O2 are in the operating system business. Company D1 is a device vendor is a customer of O1, that’s who they buy their operating system from. Company D2, another device vendor buys a cheap operating system and launches it open source in the operating system market. Suddenly O1 and O2 are now in trouble, they can’t make money. D1 also suffers because their supplier is in trouble

 

Perhaps now you can see how Open Source can be used offensively. How it is possible to take out a competitor by open sourcing components that may even be upstream from where you and your competitor currently compete.

Can you think of any real world examples where this has happened :).

 

 

 

This is just one example of how to interpret some of the profound effects of open source projects on complex ecosystems

 

Links:

 

The four critical dimensions of open source

In the context of “corporate adoption” there are four critical legal dimensions that need consideration.

These are the principle variables against which a corporate is going to evaluate the risks and opportunities of engaging in an open source project.

For new open source projects, they are the critical legal design considerations in the construction of the working organisation – and for webinos the problem we are trying to solve is: what combination of these four elements is more likely to result in a well-resourced, well utilised, successfully long term project.

 

Inbound license

Typically an open source project requires a “contributor” to make certain warranties of on their contribution. In other words they promise that the code they contribute to the project satisfies certain criteria. Usually this contribution license stands as a separate document, however sometimes, as in the case of GPL, it is a set of conditions specified in the distribution license, that you must abide to if you change the distributed code (in other words the inbound contribution conditions are tied into the outbound distribution license.)

An inbound license typically expects the contributor to state that:

  1. The contributor has the authority to make the submission
  2. The contributor licenses any essential IPR to users of the code
  3. The contributor licenses the copyright to users of the code
  4. Some limitation of liability of the “fitness” of the code e.g. “You provide Your Contributions on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.

The inbound license is the first thing that a CONTRIBUTOR to the project must think about

Outbound license

The outbound license defines the terms under which the code is made available to 3rd parties.

The outbound license is the first thing that a USER of the open source code must look at. Within this document it will be described what you can and cannot do with the code. If you are a corporate looking to create derivative projects you can exploit commercially, this is a critical issues

Governance model

An open source project, and more specifically the source code assets of that project, is generally maintained by one collective entity somewhere on the internet. (We will for the moment ignore the more complex scenarios where forked projects are created).

This collective may be formal legal with strict rules of behaviours, or be a loose collection of individuals where the rules of engagement are much more fluid. Whatever the formal construct behind these individual contributors the culture and dominant behaviours of this collective, are essential in determining whether a corporate is going to engage in the community.

The question at the back of the mind of the potential collaborator is: if I invest time/money into this initiative:

  • Will my efforts ever see the light of day? Will contributions be expected?
  • Will I be able to influence the future roadmap of this project? Can I ensure that the project will continue to serve my organisational requirements?
  • Is one of my competitors going to be in a position of power over me, and/or can they deliberately/inadvertently do me damage by forcing the project in a direction which is not to my advantage.

Many open source projects will address these questions by stating that all such decisions are taken on a meritocratic basis, where key positions are given to people not companies, based upon their peer accepted valuable contributions. Although this may be true in some instances, we must also be aware when engaging with a corporate entity, they would be doing a disservice to their shareholders, if they did not at least consider the material risks to their company if this meritocratic systems was being “gamed” by one of their competitors.

Trademarks and compliance

The final legal dimension we should consider is the use of compliance processes and trademarks and a further constrain the use of derivative works, which can be essential to controlling the long term direction of an open source code base, and to stop the code asset from forking in the wild

Mozilla and Android both use these techniques, but in subtly different ways, to constrain the real world use, of what would otherwise be highly valuable assets, that are released under notionally permissive licenses.

Diagram outline the legal control points of an open source project.

 

Open Source Business models: simple money making

 

Now we have covered some of the essential theoretical background to open source, let’s turn our attention to what makes it all tick: money and power.

As a quick clarification: there are many, many open source projects out there, which have been created by one or two people in their spare time and have been given away free, gratis to the world at large. This is a worthy goal, and an activity I have been involved in myself from time to time, but this is not the focus of this discussion. The focus of attention for this article is specifically on corporate sponsor open source requiring tens or hundreds of thousands of man hours or more to make work

To build a thriving collaborative community, you need to trust the motives of your collaborators. Therefore a detailed understanding of what theses might be is essential. I shall break this down into two parts

  1. Above the water motives: different ways of making money directly form open source
  2. Below the water motives: indirect ways of making money from open source

Type 1 motives, you can find plenty of examples out there on the internet. I will touch on each briefly, just for the sake of having an easy to find summary. Type 2 motives you will fines less well represented, but not less important for that.

To make money from services

 

 

One of the simples and oldest of Open Source business models. Developer invests in the core OS asset at their own expense, but then generates revenue from users of the Open Source asset that needs some “pain taken away”.

The typical pains is “How do I find out how to do XXXX quickly” – in other words a support contract.

The classic example of this model is canonicals support contracts that is sells to support its Ubuntu distributions http://shop.canonical.com/index.php?cPath=41_38

 

To make money from consultancy

 

A subtle variant on the above model where the company charges users of the of the open source asset consultancy fees to help them get best value from their software

  • Nitobi http://www.nitobi.com/services/ is an excellent example of how this business model can be used effectively. They give away the excellent PhoneGap software for free, then provide consultancy to companies wanting help in using this software
  • IBM arguably, at the much higher and of the market adopts this model. IBM invests heavily in open source projects, through the manpower they make available to them. IBM of course has many business models, but certainly appears to be making adequate return on this investment through bespoke consultancy work it generates. Many customers of which are of course already using the Open Source components that IBM has a substantial stake in.

 

To make money from hosted service

 

 

Cloud computing has opened up new business model opportunities. Many open source projects are very powerful and contain a lot of features, but can be incredibly hard to set up and configure. Some companies taking their primary, open source asset, configuring them out in the cloud, and providing users access to their capabilities, though web services as a cloud based subscription or pay as you go method.

Again Nitobi stands out as an excellent example of how this business model can work. Their newly launched PhoneGap Build https://build.phonegap.com/ service takes their existing service and makes it available on a cloud basis for a subscription fee. This model is particularly appealing for Phonegap users as their core product is a cross platform application build tool, and to run effectively would require an end user to install 4-5 different SDKs on their machine. This model circumvents all of this and provides fully compiled executables over the cloud service.

 

To make money from license

 

So here’s a puzzle: how do you make money from licensing and open source asset?

Answer is you “dual license” it.

What does this mean? Basically, you offer the asset in two variants:

  1. One version is free – genuine open source – but typically there is some limitation to or something undesirable about that license (see below)
  2. One version is paid – and is usually highly permissive, essentially a normal commercial software license

So how do create a license that is limited or undesirable. I am aware of two common variants of this

  1. Academic licenses. ,e.g. http://www.opensource.org/licenses/afl-3.0.php that contain the magic wordsNeither the names of Licensor, nor the names of any contributors to the Original Work, nor any of their trademarks or service marks, may be used to endorse or promote products derived from this Original Work without express prior permission of the Licensor
  2. GPL: for reasons that are explained towards the bottom of this article, there are classes of potential users of open source, that fear GPL like the plague. They will happily buy themselves out of this constraint.

One important caveat to this technique. You need to make sure all contributions are made via an explicit contribution license that gives you (the manager of the open source project) the right to relicense. You cannot rely on the normal LPGL/GPL obligations, as these do not give rights. Without this explicit right, you will not be able to absorb third party fixes into your commercial product

QT is a good example of how this business model works. http://qt.nokia.com/products/licensing/ .

 

To make money from Upsell

 

Upselling complimentary software products is another common business model. The proposition is very simple: OS assets are given away for free, but extras, add-ins or complementary products, which add much needed value to the core asset are charge for.

 

To make money from Hardware

 

One of the more interesting trends in the past few years is companies looking to monetise the end to end product, more specifically the hardware on which the product runs.

Boxee http://www.boxee.tv/ is a great example of how to do this. The source code, which is based on XMBC open source project, is available for free. But if you want a shrink wrapped ready to go box, you can buy the product

There has also been a number of network routers following this model with their hardware products.

 

To make money from Advertising

The final model I shall cover, possibly the most complex: is money from Advertising.

The premise is simple: open source code is released and packaged as product. The organisation behind the project then receives kickbacks from “complimentary” services, the most obvious of which is advertising, or advertising related revenue.

Mozilla is by far the best example of how this can be done. The Mozilla financial statement of 2006 shows that according to Wikipedia http://en.wikipedia.org/wiki/Mozilla_Foundation#cite_note-2006_financial_report-6

In 2006 the Mozilla Foundation received $66.8 million in revenues, of which $61.5 million is attributed to “search royalties”.

http://www.mozilla.org/foundation/documents/mf-2006-audited-financial-statement.pdf

Specifically, when you use the Mozilla search bar, traffic gets pushed to Google, and Mozilla receives a financial kick back.

I believe Mozilla’s income is now distributed over a few other sources (not just Google) now, but when people start comparing Mozilla to Google Chrome, it is worth keeping these facts at the back of you mind: Mozilla is in effect no more than a parasite living of its host, and could be shrugged off quite easily!

But at a general level the critical question is: how are these revenues maintained? What is to stop someone creating a derivative product that removes the advertising hook, and creating their own, diverting the money flow.

I will not pretend that I know the complete answer to this question: but essentially it is a mixture of

  1. Effective use of trademarks
  2. Backed up by loyal existing customer base
  3. Backed up by a strong set of contributors that act as both centre of gravity and gives the product strong inertia that makes the risk/opportunity analysis of forking the code base

 

Open Source Business models: Dark commercial strategic motives

 

In the above section I have covered the motives for a corporate engaging in open source that lead to direct money flow, back to the corporate.

This is interesting but there are fact a whole set of other motives for engaging, that are not “directly” revenue generating.

The motives are listed one by one below. These motives are not mutually exclusive and some of the motives overlap and often many can act in concert to create a compelling reason to engage.

Hopefully, this will be useful in understanding, what is really going on behind the scenes.

Health warning: I will make reference to specific companies below, but please remember we are talking about “presumed” motives here. All is supposition only. Also most examples are going to come from the Operating System or Web browser runtime areas, as these are the technologies I know best.

To grow ecosystem

 

Earlier, I introduced the value chain and value network concepts. For the Operating system example it is clear that the OS exists in an ecosystem where the value of the OS is influenced strongly by

  1. The number of devices that use the operating system
  2. The number of applications that run on top of the ecosystem

The theory is

  1. If the operating system is free (open source), device vendors will be more likely to user is
  2. Application developers are more friendly to open source operating systems than closed systems

Therefore in this context “open sourcing” is a strategy to grow the ecosystem around the open source project. This presumes of course that the backer of the project has other motives for increasing the reach of the project.

Android, I think ticks all of the boxes implied above. In fact the following diagram is taken from their compliance program, underlines this perfectly: http://static.googleusercontent.com/external_content/untrusted_dlcp/source.android.com/en//compatibility/android-cts-manual-r4.pdf

This example relates specifically to the ecosystems surrounding OS, Apps and devices. I believe however the motive and strategy will transpose well onto other tightly coupled ecosystems.

To control ecosystem

 

 

Again, using the Operating System example, it is clear that operating systems are a powerful control point in the ecosystem.

An operating system puts constrains on the physical hardware devices that can run on it, it also determines, controls, enhances the functionality that an application has access to.

Using the Android example again:

  1. Android has a very stringent compliance tests that device vendors must pass if they want access to the premium (non open source) apps – such as market place, maps and search. http://source.android.com/compatibility/cts-intro.html http://source.android.com/compatibility/overview.htmlArchos, for example, claims they were denied the Market for a lack of a camera and compass. http://gdgt.com/discuss/android-market-compliance-6rz/This is a clear example of how Open Source proliferation, backed up with the commercial ratchet points (trademarks, compliance, ecosystem access) can fundamentally effect the hardware devices entering the market
  2. Similarly when the OS project has been legally constructed correctly, the OS adoption grants back to the primary developer the ability to determine the size and shape of all the applications that now pass over the system.

This “Motive” only becomes active if the OS achieves reach (market penetration). But if it does it becomes a very compelling commercial motive indeed. It gives you leverage on the entire ecosystem north and south of your point of intervention.

To Enter Market

Imagine you are working in an industry where there were 4-5 dominant players. Imagine that the products in this space represented 100 of years of man effort and that the ecosystem was tightly coupled, with entrenched long term relationships between suppliers and vendors. Imagine you wanted to enter this market, to accrue some of /all of the benefits outlined elsewhere in the market. How do you do so?

Again this is where the open source strategy can help. Especially in markets dominated by proprietary players, the disruptive influence of a free open source component, can help speed up the adoption process significantly. In retrospect the rapid uptake of Android by the market can be seen to have been helped by this dynamic.

It is important to note that “hypothetically” this strategy can be used to “enter the market” but does not mean that the new entrant stays “open source” permanently. For companies that hold the right to “re-license” the core assets unilaterally, it is possible to enter and disrupt the market, then at a time that they see fit, chance the license back to a propriety model.

Or more gradually, source code can be made available under dual license, where the commercial code is handed out well before the open source branch, and this competitive lead time can be lengthened out over time, until the open source branch becomes almost defunct.

The Foundation model

 

 

The foundation model is an odd one, in that it is not a direct motivation for a company to engage an open source project per se, unlike all of the other strategies listed here. But it is a common tool used to resource administration, as well as having designed in, strategic reasons to engage.

The basic premise is this: there is considerable overhead in running a successfully open source project. This overhead needs resourcing to cover. One way of fulfilling this resource is to charge fees for member of the foundation. But there must be some quid pro-quo. This comes broadly in two forms

 

  1. Privileged influence: a member is granted access to certain committees that allow it to influence the direction of the organisation
  2. Privileged usage rights: coming in the form of advanced information or in extreme cases a different source license that the code is available under.

Of the top of my head I cannot think of a single foundation that generates enough revenue through this mechanism to cover the programming resource required to execute the project, therefore one of the other motivations described in this articles, still has to justify that larger scale investment. But it is worth recording this further dynamic in open source community operations.

 

Links:

http://www.linuxfoundation.org/about/join/corporate

The Benefits of Linux Foundation Membership

  • The ability to participate in Linux Foundation member-only activities like the Linux Foundation Collaboration Summit and Legal Summit to learn, influence and participate with the Linux Foundation workgroups
  • The right to vote and run for Linux Foundation board seats and influence the direction of the organization
     

    To devalue competitions assets (focused)

        Here is one of the more devious applications of an open source strategy. In a previous life I confess to being party to these type of discussions on at least two occasions – so it really does happen! This is the scenario: Company A and Company B compete with each other in the same market. Their product is complex, consisting of many interworking parts. Company A is strong in one area (Component 1) Company B is weak on Component 1 – but strong on component 2. In this scenario , it would be a perfectly rational strategy for Company B to open source its version of Component 1. This has the dual effect of
  1. Completely “de-valuing” Company A’s key strength.
  2. In consequence giving Company B a stronger, more highly differentiated competitive advantage.

Pursued to its extreme, this can lead to counter move by Company B, leading to an eventual Mutually Assure Destruction of the entire market (or at least the proprietary elements of it).

This strategy has been outlined for two directly competing companies. Am sure if you think really hard you can find other examples where companies working outside the typical market (but who have a vested interest in it) have deliberately/inadvertently destroyed the dominant players in that market

 

To remove license costs

 

This model is a little more esoteric, and specific to the way the industry is set up, but in that it represents a significant piece of Symbian history, it is worth recording for prosperity. You never know – it might happen again.

Once upon a time Symbian was a private company, owned by shareholders. The shareholder distribution represented the vested interests of a number of parties that wanted to “collaborate” on the shared asset. Nokia was a shareholder in this company but also, as time went on, its only significant customer. Now because Symbian was a company, customers of Symbian had to pay them a license fee – even if you were are primary shareholder. According to http://www.ccsinsight.com/blog/nokia-squares-up-to-software-rivals-by-buying-symbian-and-moving-to-open-source Nokia at the time of the Nokia-Symbian acquisition, was paying out $250 million a year, in licensing fees, effectively subsidising it competition. The price to buy out Symbian at $410 million, especially when you get a cheap loan http://www.engadget.com/2009/02/19/nokia-signs-500-million-loan-for-symbian-randd/ of €500 million from the European Investment Bank (EIB) is a no brainer.

By putting these assets as open source, Nokia could then utilise the code without paying a license fee, and the open source collaborative nature of the project would allow the costs to be shared, as per motivation described below.

To share costs

The final motivation to be considered, any by far the most common, harks back to our “software is a liability premise” we started with. Simply, code is open sourced to share costs.

Of course to share costs, we need to make sure that the motivations exist for competitors to “lend a hand” to our cause, which now brings us full circle back to:

How do we build a sustainable collaborative open source project?

What would a sustainable open source ecosystem look like

 

Based upon everything we have learned above, what are the key elements that an open source project must possess in order to

  1. Get enough initial active participants to start the project
  2. To sustain the participation, in a balanced way, to keep the project collaborative, and keep key competitors engaged.
  3. Generate enough interest or (generate enough revenue) to deal with the boring administrative issues also.

The key risk factors – what we need to avoid:

  1. Companies refusing to adopt the code, because of competition of IPR risks
  2. Companies refusing to contribute to the code because of IPR risks
  3. Companies dwindling away from contributing , which over the long term will lead to fragmentary competitive initiatives, due to competition concerns.

I’ll start by listing out what I think these qualities are, and as a sanity check on these compare them to some existing open source projects. But as I shall repeat at the end of this article this is work in progress and feedback is very welcome

License – Non GPL outbound license

I stated earlier that many companies (especially hardware companies) fear GPL like the plague. I’m sure there are hundreds of GPL advocates out there, who will be very keen to explain to me that this is complete nonsense. Whatever the real theoretical truth of this statement – I can guaranteed you from the time I spent as CTO of OMTP and WAC negotiating IPR and licensing contracts with member companies – the fear is very real.

This area is really the domain of IPR legal experts, but here is my translation of the perceived risk that companies have.

  1. If I use a piece of GPL code and accidentally combine this with my proprietary (competitive advantage) source code, then I am compelled to release my entire software stack into the public domain. Will I be infected by the viral license?
  2. If I contribute to a GPL project, I am under the terms of the GPL granting a license to any user of this code to any IPR I hold. Whilst this patent license only holds for the code contributed, it then means that a competitor can, by using this code, get free rights to critical parts of my patent portfolio. You must remember that patent disputes between large corporates hit the 100 of millions to billions level, you understand even if the risk is 1%, it is still financially material risk.

There are some companies out there that will require almost board level approval before a single member of their organisation can contribute to an GPL open source project. Such is the fear level

Independent licensee – Incoming license

On the inbound side it is essential that the assignment of licenses is made to an “independent entity”. Ideally the legal entity that represents the Open Source Project. And this must be combined with the clear, balanced governance (next point).

The reason for this is simple, if I want broad industry participation to the project, I cannot give unfair advantage to any single player.

If you contribute code, and assign a license to a competitor (of course depends on the specific contribution license). This competitor can do almost anything they like with this code – including licensing it commercially.

Balanced governance model

To most contributing organisations a balanced governance model will be a critical deciding factor on whether they contribute to the project or not. If I am going to invest my resources into a project, I need to feel that either

  1. Best case: I have a significant chance of influencing the direction of the open source project to my companies advantage
  2. Next best case: there is no undue bias in the project, and open source project will move in a “best for all” direction

The absolute worst case is: my competitor has undue influence on the project. This will ring alarm bells.

Fast governance model

An almost diametrically opposed criteria is: can the organisation make fast decisions.

Between Fair and Fast there is a difficult compromise to make.

Resourced Administration

Is the project sufficiently well organised or sufficiently well-funded to resource all the difficult administration that is required to make the project a success?

Resourced Contributions

And finally, the most difficult question: is there a belief that the project will be sufficiently well resourced to deliver and to continue to deliver on its objectives.

This final criterion is in fact the fundamental test of the “sustainability question”.

Examples

Now it time to test some of the theory outlined above. Several prominent open source projects are listed out below, lets see how they measure up against our current evaluation criteria, and see if it passes the sanity check.

Remember the question we are asking is: does the project possess the qualities to encourage sustainable collaborative development. This means many different companies contributing on a relatively balanced basis

(Contrast this with (a) Will a company use this code base in their products (adoption) (b) Is the project “unilaterally” resourced from a single contributor – these are not the questions we are asking at this stage.)

Symbian

Non GPL Used Symbian Foundation license and Eclipse license – fit for purpose
Independent licensee Symbian foundation was the receiving party. Theoretically independent
Balanced Governance The processes, by design were very fair. Unfortunately the “incumbent” chairs were predominately Nokia, giving a real world operational bias.
Fast Governance Did not run long enough to see how it fared. But was slow in the early setup phases (but that should be expected)
Resourced Administration The foundation was very heavy in terms of administration. I don’t think the funding model would have supported it long term
Resourced Contribution Had the foundation survived, because of the Nokia dependence on the platform, you would have had a relatively high confidence that the contribution would be resourced for some time.

 

The Symbian Foundation is dead, so this analysis is an exercise in post rationalisation. But a useful test none the less. I confess to always having a soft spot for Symbian. I think the core technology was good, and the intentions on the open source side (relatively) pure. I believe it was a victim of lack of trust and bad PR. The deeply entrenched strategic corporate double guessing of intent, such as outlined in some of the discussion above, meant that in reality – no one trusted Nokias intent (or maybe long term support) of the platform. This is all pure speculation – but it’s important to learn lessons from the failures.

QT

Non GPL Dual licensed – so it does not get a red mark. But if you want to escape the constraints – you have to buy yourself out. Not really the spirit of collaboration.
Independent Look at the contribution agreement below. Very few companies will be motivated to sign that
Balanced Governance Historically Nokia was 100% in control http://labs.qt.nokia.com/2010/06/03/qt-and-open-governance/ seems to imply this was to change. But I cant find the results
Fast Governance Actually not sure, but my guess is fast. It will get slower if they do open up!
Resourced Administration Nokia underwritten
Resourced Contribution Nokia underwritten

 

The killer for QT is the contribution license

http://qt.nokia.com/merge_requests/agreement/

THIS CONTRIBUTION AGREEMENT (hereinafter referred to as “Agreement”) is executed by you (either an individual or legal entity) (“Licensor”) in favor of Nokia Corporation

There are a large number of companies that would have real problems signing such an agreement. Therefore it does not seem a contender for balanced cross competitor collaboration.

I have been generous on the assumption of resourcing from Nokia. However, previous supporters of Symbian may have the “once bitten twice shy” philosophy.

With the current confusion surrounding

  1. Nokia and Microsoft relationship
  2. What do Digia control vs Nokia

Clear communication is required, if others are to have confidence in the long term future of the project.

 

Meego

Non GPL Its mostly GPL – but it Linux so there is no choice. It does not get a red mark
Independent As its GPL – there is not licensee, control and future comes down to community gravity, trademark, ecosystem binding to stop fragmentation
Balanced Governance I’m going to leave this blank for now – as I need to more research
Fast Governance Ditto
Resourced Administration Assumption between Intel and Nokia there is enough resource to keep it ticking over – but same caveats as for QT
Resourced Contribution Ditto

 

Again the Microsoft Nokia relationships are creating FUD in this space. Clarity is needed asap to inspire the confidence that will make the project a success.

Second consideration: there aren’t may devices out there, and there does not seem to be many in the funnel

Apache

Non GPL Apache uses the Apache license generally. A wonderfully permissive license.
Independent All rights are licensed to the Apache foundation.
Balanced Governance Devil is in the detail, but unless anyone can provide me with a counter example, it seems the foundation runs a pretty meritocratic, well balanced process
Fast Governance Apache endorses a principle of “lazy consensus”. A highly pragmatic approach to getting the balance between fast and fair
Resourced Administration Apache sponsorship model http://www.apache.org/foundation/sponsorship.html seems to generating enough revenue to keep its lightweight processes above water
Resourced Contribution I think this has to be measured on a project be project basis

 

Webkit

Non GPL Some of its GPL some of its BSD. But low risk from an IPR side of things if webkit stays scoped on HTML rendering as its insulated by the W3C patent policy.
Independent Licensee There is no direct licensee
Balanced Governance Governance is meritocratic, based on contributions. In effect that means that the company investing most in the project has greatest control. Need some hard figures to work out exactly what the status quo is.
Fast Governance Needs research
Resourced Administration Don’t know
Resourced Contribution Don’t know

Mozilla

Non GPL The license is pretty permissive – only thing to consider is the restrictions that the trademark policy will have on real attempts to create derivative works. Needs a little more analysis
Independent Licensee The Mozilla Foundation – an independent legal entity
Balanced Governance But we should not forget where the money is coming from. Any organisation is susceptible to implicitly or explicit pressure of the money flow is constrained.
Fast Governance I assume good.
Resourced Administration Mozilla well funded
Resourced Contribution Mozilla well funded plus healthy external contributions.

 

Recommendations

 

A lot of material has been covered in this article, we have looked at

  • Some of the general background theory on Open Source dynamics
  • The key legal variables to be considered in constructing an Open Source project
  • The direct financial incentives that corporates have for engaging in open source
  • The indirect strategic incentives (and by implication risks) corporates have for engaging in open source
  • A set of hypothetical criteria for evaluating the “sustainability” of an open source project, which implies balance
  • And sanity check of these criteria against existing projects, to see if they make sense

Remember all of this was done with a specific purpose in mind. We have a problem to solve, which is to construct a new open source project – webinos, which has the best chances of success.

Within the webinos project, there is a formal deliverable (2.6) that will make definitive recommendations on these subjects. This article is not that deliverable.

What we need is input. What do other people think about these subjects?

I hope you find this useful. Feel free to give feedback, either publically on this blog, or email to hello@webinos.org or me personally at nick@nquringminds.com

 

 

Go to Top