Jason Matusow, Microsoft Shared Source Initiative

Jason Matusow

Windows is to Linux as Shared is to Open, right? If you’re Jason Matusow, the director of Microsoft’s Shared Source initiative, it’s much more than complicated that.

And becoming even more so.

In April of 2004, Microsoft’s “change from within” began when it released the Windows Installer XML (WiX) toolset to SourceForge, the largest repository of open source applications.

Then came Windows
Template Library (WTL)
. By July of 2004, the two contributions were listed in the top 5 percent of the more than 80,000 active projects on the site. Things were looking up.

The next contribution to SourceForge was FlexWiki,
which is an ASP.NET implementation of a wiki . And all on top of Microsoft’s Shared Source initiative, too.

The Shared Source Initiative was established in 2001 in order to address broader customer interest and build on Microsoft’s 1991 efforts to share Windows source code with academics.

Matusow recently sat down with internetnews.com to discuss the concepts and strategies of open source and Shared Source, as well as their respective roles in software development and business strategy.

Q: One of the things you talk about in your blog is the concept of open. You say that it means different things to different people. Do you think the OSI (Open Source
) has the credibility to certify what is open and what isn’t?

There’s a great deal of discussion within the open source community on semantics, about what is open, what is free and what is shared. For me, within the concept of Shared Source, our motivation has primarily been to provide source code for technologies that address customer concerns.

Take the idea of a reference grant. Is that open source? No. That’s why we call it Shared Source. I didn’t want to get into a conversation of whether or not we were trying to be open or not.

Are we being more transparent? The answer is yes. At this point there are 450 organizations, representing a little over 1,000 engineers, that are actively looking at Windows source code through the Shared Source programs that focus on Windows. But they can’t modify that code.

At the next level of licensing is permissive licensing. Of the 17 Shared Source programs we have offered today, I think seven or eight of them are in the family of permissive licensing.

In offering those programs, what you’re doing is giving them the ability to see the source code, modify the source code, redistribute the source code, and even resell that code and build businesses around that code if they see fit.

The third category is the reciprocal licenses; the one that we have made use of is the common public license . That is the only OSI-approved license we have made use of within Shared Source.

The community of people we wanted to work with were Windows-based developers interested in collaborative development.

And frankly, for those three projects, known as WiX, Flexwiki, and WTL, we chose to put those up on SourceForge.

If you’re going to put those up on SourceForge, it has to be an OSI-compliant license. Just to give you a sense of scope: There are about 1.5 million developers who have pulled source code through the program at this time. We’re expecting Shared Source to continue to grow. It certainly has over the past four years. We started out with an announcement of six programs, and there’s been a steady increase in the spectrum of technologies that are included, as well as the type of licensing that’s included, based on the needs of customers, partners, governments, academics and individuals.

Q: What is Microsoft’s overall vision for the Shared Source program?

We think of Shared Source along four key lines: supporting existing customers; encouraging new development; enabling academic and research usage; and creating business opportunities for our partners.

And source code can be pivotal in each of these categories. But it’s going to be pivotal in a different way.

Q: For example?

How many people do you think modify Linux source code? [Today, not many.] But how many developers who are writing applications that are going to run on Linux might want to use that source code as a reference mechanism?

We share the source code of Windows 2000, XP, Windows Server 2003. In understanding the needs of the customer, it wasn’t that they needed to modify source code. But they want that platform to behave in a consistent fashion.

If you go and read SAP’s Web site, [the section] about running on Linux says you can only run on these versions of the distributions, and they give specific numbers. And it actually specifies the C libraries that can be used. And they say that if you deviate from these version numbers, your support contract with us is null and void.

Red Hat, IBM, HP, SuSE and Novell say if you modify the source code, our support contract with you is null and void. It has nothing to do with the source code license. It has to do with the normal commercial reality of running a production system.

If you want a service level agreement, and you want someone who’s going to be there in X number of hours notice to help you — and they’re going to have any prayer of helping you — then they have to know what source code’s running in that environment.

It’s not a religious decision. It’s not because they’re for or against open source. It’s because as open source has become more commercialized, there are certain implications of that commercialization, and there are just realities of doing business.

Next page: The SourceForge experience, and addressing rumors of a Microsoft distribution of Linux

Continued from page 1

Q: You say you expect Shared Source to grow. Can you give us some insight on that?

Besides WiX, Flexwiki and WTL, we also announced the release of the Office Source Base to Government security program. A few months before, we announced the expansion of the Windows Source Licensing program for MVPs [most valuable professionals].

Q: In your view, has something that has reached commodity status make it a candidate for open source?

And I would challenge you a little bit to say, is source sharing only for the commodity space? Is Windows code commodity code? Absolutely not. There’s a great deal of value built into it, we put an enormous amount of R&D into it on an ongoing basis.

Are we going to share that source code with anybody in the world and let anybody see it and take it and create commercial derivatives of it? The answer’s no. But usage [leads to] transparency, which increases trust. Customers are going to be able to do better custom application development, they’re going to be able to do security audits on that code.
They’re going to be able to improve self-support by having access to that code base. Those are very, very legitimate goals for the customers.

Today we limit [the program] to 27 countries. There are enterprise customers that are eligible, OEMs, system integrators, academics and governments, as well the MVPs.

[Is IBM] open sourcing Websphere? Notes? Tivoli? DB2? That’s a $14 billion revenue stream. So why is it that they’re stepping into the open source space? You’re going to have strategic requirements as businesses. Sometimes you want to create indirect commercialization, [such as] with Eclipse, and generate a market of people interested in creating WebSphere-aligned applications. So you’re going to do an indirect approach over here in order to achieve a business goal on the other side.

We also have some of the less talked-about elements of the open source strategy. Linux commoditizes the Solaris space. Where else do they have the potential for IBM’s competitors to make money? In the Java layer, so you commoditize with Eclipse. The name Eclipse is the total blotting out of the Sun, right? What they’re doing is a pincer move. They want to understand how those elements hook together. So that’s a strategic conversation.

How about something like MySQL? MySQL releases an open source version of the product in order to create opportunity for their commercial version.
They employ all MySQL developers. They are 100 percent copyright owners of MySQL so they have a commercial and a non-commercial version. And in doing so, they can drop the cost of goods sold and do all sorts of interesting things about marketing and sales channels development.

As for Microsoft, we continue to be a company that believes very strongly that you produce high-value software, and you sell that software directly.
That’s the business model we pursue. That doesn’t mean source licensing is anathema to that model. It just means it has to fit and make sense.

Q: What has your experience been of SourceForge with the three projects you have there?

Our choice of SourceForge was very simple. Thirty-five percent of SourceForge projects are Windows-based projects. And we wanted to learn what it means to have community-based projects in that type of a space.

WiX is a developer tool. WTL is a set of libraries interesting to hard-core C programmers who are doing GUI-based work but are not doing .NET GUI-based work. This is an older set of technologies. And then the third one, FlexWiki, is an application layer function. So, for us to learn what it means to participate in these types of communities, to see how those communities form around these technologies, SourceForge seemed like a logical place to take that step. And we certainly had a very positive experience working with the SourceForge staff.

Q: Are there any plans to include security firms as part of that Shared Source ecosystem, so we don’t get exploits after the fact?

Not specifically. But what has happened is that the MVP community has a specialized subsection of security specialists, and those were among the first group to be granted access to the source base. You could call it a pilot release to certain subset of MVPs to understand what the relationship was gonna look like and how they were going to work with the code.

But we’ve now extended that offer to any MVP who is eligible, which means they have to be in a country that we’re willing to show the Windows source base [of those 27 countries involved] and they do have to be over 18 years old.

But other than that, it’s about 2,100 or 2,200 MVPs who are eligible and about 207, on last count, who have chosen to license it. Certainly the security sub-group of the MVPs is most eager to look into that code base.

Q: WiX is one of the most popular projects on SourceForge. Are you surprised?

We’re certainly very surprised about the growth and popularity of all three projects. All three have remained in the 90 percent of the most active projects and WiX in particular is in the top 3 percent, on a week-over-week basis over a 10-month period. To see all three of them take off the way they have, where you’ve got 120,000 that pulled down WiX, and about 35,000 that pulled down WTL and I think it’s about 13,000 that pulled down FlexWiki, that’s great. That’s beyond our expectations. And it’s good that the technologies are compelling to a large enough community.

Q: Firefox and OpenOffice.org sit on a Windows desktop. Because of their licensing schemes, if you wanted to, you could probably license them or issue them inside your program. Is that something you might consider under your Shared Source banner?

Well, Shared Source at this time has been limited to Microsoft release technologies. I don’t see it necessarily reaching beyond that. I would certainly encourage other commercial providers to consider what it means to share their source code.

Q: We’ve heard rumors that certain elements inside Microsoft use various open source applications, whether it’s Mozilla or whatever, just for testing.
Is there any truth to the rumor that Microsoft is developing its own version of Linux?

We have no plans to distribute Linux or to build a Microsoft distribution of Linux.

It is important to understand that there are Microsoft products that do ship open source technologies. And I want to be sure I’m not being disingenuous in my answer here.

Services for Unix ships with over 200 open source tools in it. I think 23 or 22 of them are GPL tools. We’ve modified GCC and submitted those modifications back to the Free Software Foundation and assigned copyright to those [modifications] as per their policy to do that work.

Hotmail still has FreeBSD Unix systems that run their DNS boxes, because they were so highly customized to do that specific function. Before we acquired Hotmail, it didn’t make sense to do it, even though the rest of that infrastructure moved to Windows.

There are different groups that make use of open source in different ways. Heck, our first TCP/IP stack was BSD licensed. We’ve since rewritten it with our own stack. But that’s just one part of the picture.

The other part of the picture is that Microsoft Research works with universities all over the world. We’ve provided millions of dollars of grants all over the world to help move the state of the art forward.

Q: What are the terms of those grants?

That’s something we believe very strongly in. Ninety percent of those grants are unrestricted grants, which means that they can release that source code in any form that they see fit. We advocate public domain, because we believe that, from the university perspective, this is the optimal choice for releasing that code. People can then use it as they see fit, with no restrictions. Our second fallback is that we advocate use of the BSD license.

But there are people who are taking the research and doing it under other licenses. That’s their choice. We do not limit that, so I think there’s a broader element to this discussion in terms of our relationship to open source that has a much longer history than in just the past couple of years.

Erin Joyce contributed to this article

News Around the Web