THIS PRESENTATION BROUGHT TO YOU BY

GLOBAL TECHNICAL SYSTEMSHarley Garrett

9 Industrial Park DrOxford, MS 38655

hgarrett@gtsms.comwww.gtshq.com

Copyright (C) Harley Garrett. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license can be found at:http://www.gnu.org/licenses/fdl.html entitled "GNU Free Documentation License".

Disclaimer: Any observations or points of view (POV) are the sole opinions of the author and not attributable to GTS.

Topics and Their Impact on OAHow Can SB’s Avoid or Leverage?

• Copyright & Patents• Interface Standards and Associations• Licenses & Information Assurance • Role of OA & OSS in IT Advances

Are Patents & Copyright Laws Obstacles to Open Interfaces?

• 1887 Marconi monopoly - Shore-to-Ship Comm– Refused to communicate with non-Marconi equipped ships

• 1969 IBM announces separately prices SW– U.S. vs IBM Anti-Trust Suit – 13 yrs & dismissed

• 1975 Bill Gate’s Open Letter to Hobbyists– “As majority of hobbyists must be aware, most of you steal

your SW..Is this fair?..You prevent good SW from being written..the thing you do is theft”

• 1981 IBM PCs ship with Microsoft Proprietary DOS• 1998 Digital Millennium Copyright Act (DMCA)

– Copyright Infringement Criminal & Civil Penalties for the Digital Age

Impact of DMCA on Open Interfaces• 2005 Sun Micro makes 1600 patents OSS• 2007 – Microsoft: Claims Linux & OSS violate 235

Microsoft Patents; files DMCA notices [pay royalties or face patent infringement law suits]

• 2009 Oracle buys Sun Micro – Discontinues OpenOffice, MySQL (and now OpenSolaris)– Employees quit; start Maria DB, LibreOffice, Illumos.

• 2011 Oracle sues Google $2.6B: Android’s use of Java – Microsoft issues DMCA notices to OSS Apps developers who

want to interoperate with Skype.– Now pushing HW OEMs to include their Unified Extensible

Firmware Interface [UEFI] [BIOS replacement] in HW for security purposes. But then the HW won’t boot other OS’s

• sad

Alliances Associations & Standard Makers

• HW Stds: Engineering Specs, processes• SW Stds: Protocols, NW Architectures, Code • Members are Economic & Business Centric

– Standards sometimes benefit a single firm under the guise of “openness” & ‘interoperability”

• OSS Stds: Evolve from OSS Foundations – Members focus on Quality; Peer Relationships– Standards evolve via general acceptance & use– Always benefit everyone – LAMP [Linux, Apache, MySQL, PHP], Android

SERVER STACK Software

Points of View (SBR) & Small Business Recommendation (SBR)

• POV #1 Copyright law now used by large firms as a weapon against each other -- and to coerce OSS developers and users. – SBR: DoD contracts process should offer some

some safe-harbor. Observe & Monitor • POV #2 Large Firms dominate standards

through industry associations & alliances– SBR: Compete with your own subject matter

expertise and/or join Open Alliances/Foundations

SW License Impact • Commercial Proprietary (Closed)

– (Microsoft, Oracle, IBM, NetApp, VMWare..– No source code, reverse engineering prohibited

• Open/Closed Hybrid – Normally for enterprise & business processes– User can modify source code but under strong

restrictions; Licensor owns derivative works• Open Source (GNU, BSD, CDDI, Apache …)

– Various requirements but none restricting mods, distribution; GNU GPLs & Compatibles majority

Open/Closed Hybrid License Example

Licensee may make modifications to the Soft-Ware [however]. …All modifications and rights associated

therewithshall be the exclusive property of (the company). Company retains right to develop enhancements.Licensee agrees not to take any action that would limit (Company’s) sale, assignment, licensing, or use of its ownSW modifications or enhancements thereto.

DoD ERP/MAIS Experience with Closed & Open/Closed Hybrid Licenses

• Army General Fund Enterprise Business Sys (GFEBS) – One Army/Contractor “Team”– “We are being ordered to modify Army processes

to fit the SAP SW”– Now Two years behind schedule & over cost

• Defense Integrated Military Human Resource System (DIMHRS)– $1B and 12 years – canceled in 2010.– 100% PeopleSoft proprietary code & tools– Peoplesoft now owned by Oracle

Experience with Open/Closed Hybrid Licenses• Navy ERP - 2000-2004 pilot programs

– GAO 2005“Efforts failures; $1B largely wasted” – New Program $800m to complete 2011– 2011 Personnel & Pay System – 12 yrs behind

$576M over cost (Oct 2011)• Navy PMO Website:

– “The Navy ERP Program uses a product from SAP Corporation, the largest provider of ERP solutions in the world.”

• [Don’t worry, AF & Army are in the same boat]

OPEN SOURCE LICENSES• DoD CIO 16Oct2009 Memo “Clarifying

guidance regarding OSS”– did not make any distinction among Open License

types• White Paper 1Oct2011 “The GNU GPL is

compatible with the DFARs”– most closely resembles unlimited rights licensing.

• Majority of OS licenses are GPL or GPL Compatible

Points of View (SBR) & Small Business Recommendation (SBR)

• POV #3 Proprietary and Hybrid Licensed COTS SW are major obstacles to DoD in achieving OA in it systems. – SBR: Invest in-house OSS expertise. Offer Gov’t

alternative OA/OSS solutions. Help create a more/larger SB set-aside customer environment.

• POV #4 Hybrid licensed SW is not “open”, may “force fit” existing processes. Costly to deploy– SBR: Look for OSS niches to offer ERP primes. Build

on this to create a SB “middle systems integrator class” for major procurements.

IA Compliance – Pro OA or an Obstacle?• NIST & NSA: Common Criteria (CCEVS 7 Levels)

& FIPS 140-2 CMVP (4 Levels) – Typical Costs: $100k + & 18-24 Months– Lab Fees+“Extended Costs”Paid by SW Owner– Process Assumes All COTS SW is Proprietary – 1628 Total Certs: Two OSS (RHEL & OpenSSL)– “And most importantly, encouraging competition

and collaboration through development of alternative solutions and sources.” (CNO Memo to ASN (RDA) 28Aug06)

• Where are the OSS IA alternative solutions?

Points of View (SBR) & Small Business Recommendation (SBR)

• POV #5 DoD has a competitive proprietary environment among CMVP/Common Criteria IA compliant SW (and HW) modules but not among OSS modules. – SBR: Look for Primes [or other SBs] willing to help

fund and collaborate on an Open Source CMVP project as part of a mutually beneficial teaming strategy to target upcoming procurements.

Role of OA & OSS in IT Advances • F/O Networks & Greater bandwidth,

– WWW IPv4 migration to IPv6• 3G moving through LTE to 4G

– Explosion of Wireless Devices• Clouds: Public, Private, Community, Hybrid

– SaaS, PaaS, IaaS (computers, storage, networks)– HW Virtualization

• OSS Contributions: Android, Linux, XEN, ZFS, KVM, OpenStack, Illumos, OpenSSL

Points of View (SBR) & Small Business Recommendation (SBR)

• POV #6 Rapid advances in IT computing infrastructure enabling integration of voice, data, and video to meet end-user commercial market demands is driven more by OSS innovations and OA interfaces than by proprietary SW and HW innovations. – SBR: Develop in-house OSS VM and Cloud

management capabilities; Offer this to primes participating in ERP or smaller cloud procurements

Summary• Small Business can help the Navy and DoD

expand OA into and across their missions– OA and OSS are two sides of the same coin– The key is pervasive integration into Navy Systems– Successful SBs will remain cognizant of obstacles

and innovations in COTS IT environments and how they affect DoD

• Use this knowledge in developing SB growth strategies – and help DoD create a “middle class” of SB System Integrators

BACK Up Slides

DoDD 8500.1 & DoDI 8500.2 Information Assurance

National Security Telecommunications & Information Security Policy No. 11 (NSTISSP #11 – January 2000)

The acquisition of all GOTS IA and IA-enabled products to be used onsystems entering, processing, storing, displaying, or transmitting nationalsecurity information shall be limited to products which have been evaluated bythe NSA, or in accordance with NSA-approved processes.

Atch 6 Encl 4 (DoDI 8500.2) CONFIDENTIALITY CONTROLS FOR DOD INFORMATION SYSTEMS PROCESSING PUBLICLY RELEASED INFORMATION

The acquisition of all IA and IA-enabled GOTS IT products is limited to products that have been evaluated by the NSA or in accordance with NSA approved processes. The acquisition of all IA- and IA-enabled COTS IT products is limited to products that have been evaluated or validated through one of the following sources - the International [Common Criteria (CC] for Information Security Technology Evaluation Mutual Recognition Arrangement, the NIAP Evaluation and Validation Program, or the FIPS validation program [CMVP]

“Closed” PROPRIETARY License No Source Code

(Company) is the…sole owner of all intellectual property rights… must not be altered, deleted or obliterated in any manner. ..License Agreement does not grant you the right to sublicense, rent, assign or lease the software, in whole or in part, and you may not decompile, disassemble, modify, decrypt, extract or otherwise reverse engineer, or make further copies of the software ….

Open/Closed Hybrid License Example *• You cannot reverse engineer or decompile the

RPT format.• You cannot use the software to develop a

product that converts the RPT file to another format.

• You cannot use the software to build a product that is competitive with other SAP offerings.

• You cannot use unauthorized keycodes or redistribute keycodes.

* http://www.sap.com/solutions/sap-crystal-solutions/query-reporting-analysis/sapcrystalreports/licensing/index.epx

Open Source Cloud & Virtualization Management

• EC2 (Amazon Web Services – AWS)• QEMU Processor Emulator & Virtual Machine

Monitor– Integrates on VirtualBox, XEN, KVM, Win4Lin Pro

Desktop, Modified + KVM can run on MAC OSx• OpenStack, Eucalyptus, CloudStack • Joyent SmartDataCenter (SmartOS)• Nebula (OpenStack)• AXSH Wakame (Linux & openindiana)

World Wide Web Site Oct 2011

Web Server Market Share Oct 2011

Apache(Open) 315,605,335 65.05% 326,008,432 64.67% -0.38

MicrosoftProprietary 76,323,018 15.73% 78,937,065 15.66% -0.07

Nginx(Open) 38,970,683 8.03% 43,037,079 8.54% 0.51

Google(Open) 17,265,308 3.56% 17,487,924 3.47% -0.09

(more...)

Open Source SW Examples• GNU Compiler Collection • FFTW - Fastest Fournier Transform in the West • Linux (Debian, Fedora, Ubuntu,..) • SmartOS & OpenIndiana (OpenSolaris Forks)• ZFS (OpenSolaris Default File Server)• XEN (Virtual Machine Monitor-Hypervisor)• KVM Kernel-Based VM for Linux, BSD, Windows • Node.js (I/0 Side Java Script Environment) • LAMP Web Server Stack (Linux, Apache, MySQL,

PHP)

System Interface Standards Driven by Technology

• Telephony & Telegraphy (wire)– 1836-1861 Telegraphy– 1876 Telephone “Mr. Watson, Come here..”

• 1884 American Institute of Electrical Engineers (AIEE)

• Wireless (Radio) Telegraphy (1887-1920)– The Wireless Institute (TWI)& Society of Wireless

and Telegraphy Engineers (SWTE)• 1963 TWI & SWTE Form IEEE

Interfaces Go Digital (Think SW)• 1947 – First Transistor (Bell Labs)• 1948 First Stored Program (SW) Computer • 1951 Transistor Production• 1954 IBM 704 SW Hand Coded Asby Language• 1954 First High Level Language (FORTRAN)• 1958 First Integrated Circuit (IC) & IBM SAGE• 1959 First Business Language (COBOL)• 1963 Beginners All-Purpose Symbolic Instruction Code

(BASIC)• 1964 First Mini-Computer DEC PDP-8• 1975 First Micro-Computer ALTAIR 8800• 1981 IBM XT & AT

Source Code in Language:C, C++, Perl, etc

COMPILER Intermediate

Language

Executable in Binary (0,1)

Machine Language

Compact Disc

(Binary 0, 1)

Your Computer

Basic SW Development Process

Display

This is referred to as the “executable” that you purchase

OPERATING SYSTEM (Win 7, Apple OSX, Linux)

APPLICATION

APPLICATION

Proprietary OS’s wed Applications to the Computer HW (Platform) Linux is the exception

“Closed” SW License Specifying HW

Licensee agrees to install this Software only on Hard-ware …that has previously been approved by (company) in writing…Any individuals that use the Software including employees, agents, subsidiaries, and business partners must be identified as “Named Users”.

Closed License Clause Restricting Web Access to Applicatons

“Business Partners may have screen access to the Software solely with Licensee’s Use and may not use the Software to run any of their business applications”

License providing source code …HOWEVER…

Licensee may make modifications to the Soft-ware. …All modifications and rights associated therewithshall be the exclusive property of (the company). Company retains right to develop enhancements.Licensee agrees not to take any action that would limit (Company’s) sale, assignment, licensing, or use of its ownSW modifications or enhancements thereto.