Luis VillaRamblings on software, law, and the spaces in between.

I’m not a huge fan of our trademark policy, though I believe it is better than not having one (just barely) and I don’t have a better one to offer right now. I’ve been meaning to write an essay to condense and explain what features I find seriously problematic in our current policy, and highlight potential alternatives, but especially with the new job looming I may not get time to finish the essay. In the mean time, here is a (slightly edited) sketch of the major topic of the essay that I sent to a private list which is currently discussing the problem.

‘you’ here is generally other free software groups who might be considering seeking legal advice on a trademark policy.

I’m writing excessively on this topic because I do want people on this list who are considering talking to their lawyers about trademark to understand some of the assumptions that drive traditional trademark policies, so that they can take them into account when talking to their lawyers. Sketchy outlines of the key ones, scavenged from the bones of an unfinished essay, scavenged from the bones of a bloated and dead research paper: [IANAL, etc., etc.]

* TM law is completely based on the assumption that the ‘source’ of a product to which a mark refers is a cathedral which exercises control over quality, not a bazaar which disclaims many forms of control (though not all- the right to fork and fold back in forks are extremely powerful forms of control). Sadly, as far as I’ve been able to find US trademark case law has no notion of a bazaar-like source, though a good trademark lawyer should be able to discuss the case law of remanufactured golfballs and spark plugs with you, and whether or not your organization might be well positioned to boldly forge exciting case law where none has been forged before :) [If one thinks that cathedrals are a feature and bazaars are a bug, stop reading me now and go copy Moz's trademark policy verbatim; it is most excellent for a cathedral.]

* TM law is based partially on the notion that high barriers to entry protect brand coherence and hence protect customers, and so they are good, usually the higher the barrier the better. This directly contradicts our collective experience in copyleft, where extremely low barriers to entry create all kinds of useful contributions that would not have happened with high barriers to entry. Mind you, there isn’t necessarily much the lawyer can do to craft a trademark policy with a low barrier to entry, because of the consumer focus of TM law, though you should push for that as much as possible, and might enquire about collective marks or certification marks as options with potentially lower barriers to entry for your communities.

* TM law and lawyers tend to assume that all creativity and activity around a mark should be centralized; i.e., that if someone is modifying or redistributing your mark without your very explicit permission and control, it is detrimental to you and more importantly to your customers. Again, this is a difficult problem to resolve because our entire legal framework treats unsupervised modifications of a mark as a sign that the mark owner has lost control, instead of a sign that the mark ‘owner’ is a vibrant, thriving, creative community creating more value around the brand and hence around the product. Within that constraint, any policy you construct should seek to allow easy remixing and rebroadcast of your community’s brand by your community as much as humanly and legally possible.

* related to the previous point, the law assumes that there is one entity that ‘owns’ the mark and is in charge. In some cases, of course, this is true- eclipse and moz, for example, are completely constructs of the driving forces behind their foundations, and would not exist otherwise. For many of us, though, the foundations are something tacked onto existing, thriving communities after the fact. The communities, in this case, are the true moral owners of the mark (as implied by their collective ownership of the code and their control of the means of production of the code which makes the community interesting), but by necessity, the foundation presents to the PTO a legal fiction of ownership and control, and then turns around to the same community and says ‘by the way, to say you are part of us, you now have to ask the foundation’s permission.’ Again, this is in many ways required by the legal superstructure we’re under, but probably worth asking about ways to mitigate the impact of this as much as possible, and giving the community lots and lots of explanation about why you’re doing it and as much background as possible as to when and how you will or won’t turn a blind eye.

Now, unfortunately, I don’t have good, explicit things to tell your lawyers to do to resolve these issues in ways that work for us- so far GNOME has not found the magic recipe. It is my hope that by sharing some of my observations, the next wave of you will go out to your lawyers, discuss these issues, and maybe one of them will be the one that breaks the impasse and frames the question in a way that gives us a useful tool to wield against these limitations.

Sort of rambles, but you should see the essay and the research paper, and they weren’t written at 2am. Anyway, g’night…

Brain dump, clearing a ‘misc stuff to blog about’ tomboy note before my free time vanishes:

Life imitates art. Sadly, I really do like my Mach 3 enough that I’ll at least try this beast once, as will a lot of other guys I know.

Spectacular article on Suck.com- really good read for those who were regular Suck readers back in the day, and interesting read for those who are curious about the first place to do the ‘one column layout with snarky commentary to obscure links’ thing that is now so de rigeur. So, yes, it was sort of like a blog, except with way cooler artwork.

I read Charles Stross’s Iron Sunrise a couple weekends ago. It was great fun. You know the author is a geek because a chapter about an assasination attempt committed with a bomb is titled ‘Set Us Up The Bomb.’

Enjoyed this Seth Godin piece on organizational paralysis a great deal.

This site purports to have a methodology for measuring relevant metrics of free/open software. I have no idea if it is ever going to be relevant, but it is an interesting idea.

And I think that wraps up my blogorhea for the day. Thank you very much.

[NTS: need to update to blogging software that allows 'below the fold' type posts :)

And a follow up from a small chat at the Berkman Center with Dr. Eslambolchi and Jonathan Zittrain (attending from Oxford.)[1] The chat was moderated by David Weinberger.

Q: What does E. mean by end-to-end?

A: in the 80s, investment was all in the core, because that is where the brains was, and where you needed to invest if you wanted high reliability. In the 90s, lots of push to invest in the edges, which neglected the core. Thinks now we need to invest in both, and they don’t work separately. Voice at edges without QoS in the core doesn’t work- doesn’t scale cost-wise or operationally. Interjection: but the core internet scaled. Response: security- can’t be handled at the edges. Cisco by themselves has 17K different IOSes deployed. Too much diversity to protect at edges.

Zittrain jumps in- agrees that security is the core problem; thinks basically we’ve been lucky that we haven’t had massive destruction caused by viruses. Wants to know how the network can improve the situation.

Eslambolchi- network has global view of entire internet. Have the network have ‘sensors’ that can check on how well the ‘net is functioning. Z: does this mean, say, agreements among Tier 1 ISPs to share data? E: yes, Tier 1 is the level to do things at. AT&T extracts terabytes of data a day at this level, and does analysis. They can see patterns which edges cannot. Thinks also that the network has to be ‘cloaked’. Thinks that BGP routing is broken, because all routing is knowable to the entire world. So if you do routing that is more sophisticated, the network can’t be mapped/pinged. Z points out that this does not violate end-to-end, necessarily, since packets go in at one end and come out the other as directed. Thinks also that there needs to be HW virus-checking (paraphrase, not sure I understood that correctly?)- hardwired to actually cut you off from the internet if you get a virus, until the network says it is OK again. Z asks- if this is all at the Tier 1 level, does this help Tier >1? E answers ‘probably not, at least not directly.’

Weinberger and Z pounced, sort of, on the implications of this hardware- basically gives a backdoor to shut down all edges by governments. Eslambolchi strongly agrees that regulation is bad, but doesn’t necessarily seem to grok (or at least want to admit to grokking) that such a tool could be used to restrict ‘viruses’ like blogging about freedom, etc.

Objectives of original chipset design was purely for the business customers. Not really working on it at the consumer level at all.

E protests that he is not a privacy or legal expert, which feels bothersome- basically takes the approach that ‘I’m just doing what my customers tell me’. Z wants a whitepaper ;)

Z asks a (hypothetical) Q: what if someone wanted to start a global wifi sharing network? What are the implications? A from E: sharing the network is illegal, because the ISPs say so.

And that’s that… maybe some commentary thinking later today :)

[1] I remember having a crazy, expensive setup to have one ill speaker speak remotely at GUADEC- it’s cool that by next year’s GUADEC it should be pretty trivial to do that with a cheap web cam like iSight and gnomemeeting.

I thought I’d try liveblogging from hossein eslambolchi’s talk today at Harvard. Maybe it’ll force me to take good notes, or maybe it’ll be a mess. :) Attendance is good; apparently they are giving away five Shuffles at the end. At least one audience member running Ubuntu.

Mr. Eslambolchi is the AT&T CTO and CIO, and appears to have responsibility for the AT&T Labs, which is still pretty cool even if they are sort of a shadow of their former greatness. He is writing a book on what he thinks the tech world will look like in 2020.

Apparently his talk today will touch on (among other things) the end-to-end nature of the internet, and whether or not that is still a good idea, many years in. [That didn't really come up much, at least until Q&A. Probably more on that this afternoon.]

His introduction is pretty funny, inasmuch as he clearly finds (or wants to convey the impression) that Harvard is a peer to AT&T- a huge, globally influential institution of the highest rank. The humor I found in this is just that Harvard is (in theory) not at all in the same business as AT&T is.

state of the telcom industry and AT&T: in 2001: overcapacity- too much investment; fraudulent players (worldcom, global crossing, enron) leading to competitive pressures to keep up with fake numbers; regulatory uncertainty after telcom act of 1996. Impacts: pricing pressure was very high- not something AT&T was used to. Bankruptcies- lots of companies stopped paying bills after the bubble. Competitive Technologies also a problem- AT&T perceived as stodgy Ma Bell company, and was, to a certain extent. had to change technological approach to compete. All these factors created perfect storm in AT&T and telcom in late 2001.

top ten tech trends he sees:

• 10. home LANs will proliferate- everyone will have ethernet/802.11 everywhere. Bandwidth demands will never diminish- only trend there is up. 3Mbit current average of pipe to home; will go to 40Mbit by 2010 and 1 Gbit by 2020. Thinks ethernet will be the connector for home stereos/TV/etc.
• 9. knowledge mining will transform the way we do business. distinguishes data or information mining from knowledge mining- thinks this will be the trend by the end of the decade. sees the mining happening in realtime- round trip to the warehouse is too long.
• 8. Wired and wireless will converge, ‘accelerating virtualization’. 2.1B cellphones by 2008. Thinks wired communication will be basically dead by 2020.
• 7. broadband will be common- causing the death of locality. broadband growth is exponential, basically- 1/2B people will be on broadband by 2015. Once everything is IP-based, won’t matter where in the hell you are (unlike area code on phones)
• 6. e-collaboration will dominate the workplace- next generation speech recognition. Universal remote control is not something that works for many of our tools- we can’t glue together email/IM/etc. the way we glue together our TV/VCR/DVD/etc. Thinks biometric security and voice recognition will move that forward. (claims voice recognition is improving 5x faster than moore’s law, which frankly sounds like bullshit.)
• 5. Sensor networks will be everywhere, esp. RFID. Of course this means IPV6. hehe- VIN (vehicle id number that is unique for every car) should be an IP address.
• 4. wireless internet will be big, which will drive mobility (yes, this is as redundant to other points as it sounds)
• 3. ‘network will be the computer’- communications and applications will converge. [This reminds me that I'd kill to have a way to fund some next-gen experimentation in conversation-centric tools/UI.]
• 2. security is critical- security is a global problem; no one takes it seriously. More madeup-sounding numbers: last year $13.5B in loss to data theft; $17B predicted this year. All students must be trained in security; must be industry-wide, not just dealt with by cisco/ms/whoever.
• 1. IP (internet protocol, not intellectual property) will eat everything. [It pretty much already has, no?][later he said 'yes, it already has, this is not really news.']

So, what is coming?

today in 2005:

• IP: collaboration, storage, grid networks
• Devices: flexible display, ‘perpendicular’ storage
• Wireless: mobile video, over-the-air programming, location-aware services, interactive video, wireless VOIP, seamless mobility
• Context: semantic web, ‘composite’ applications, video search, biometrics

by 2010:

• IP: self healing networks
• devices: 3-d printing, fuel cells, huge but mobile storage
• context: ad-hoc sensory mesh networks, speech-to-speech translation
• wireless: smart radio

by 2015:

• ip: wearable networks, intelligent network optical chips, private on-demand bandwidth
• devices: nanocomputers

by 2020:

• wireless: land-lines all retired
• devices: holographic storage
• context: holographic teleconferencing, tele-immersion

what is coming in the network:

• yesterday: pipes and ports; IP future: rich application-centric services. Changes business model- won’t be enough to sell bandwidth
• yesterday: individual networks; IP future: converged collaborative network and device/protocol agnostic
• y: fixed capacity- buy as much bandwidth as you might need, ever; future: on-demand utility (both for bandwidth and computing)
• y: IPv4; future: IPv6, multicast, unilink, VPLS (US military already demanding v6). says current techs are limited by IPv4 and current routing
• y: heterogeneity required; future: heterogenous by choice. means this in regard to networks.
• y: person-to-person communication; future: community-centric communication

AT&T clearly thinking about the totally converged ‘use whichever communication tech is most convenient’, up to and including the group collaboration ends of it- not just talking to each other, but scribbling on the same document, etc. None of this is new, exactly, but interesting that AT&T sees it in the same

Sees the telcom battles coming up around access- who can give you the best access from the most places, etc. Sees access in general- WiMax in specific- as a way for them to bypass LECs and other local folks and go directly to the customer. Cheaper to deploy than 3G phones and designed around IP from day one. Expects wimax to offer 100Mb/s in the next 5-10 years. Doesn’t say it explicitly, but seems to expect that it’ll kill the current cell phone networks.

transformations in the future: (ran out of time and started getting fast here :) AT&T passes 2.6PB data/day; everything is growing exponentially. Expects the network to become intelligent to deal with security threats, because it will be easier to put it centrally instead of at the leaves. They were able to predict slammer because of peaks in UDP traffic a few days before, because they mine the data so quickly. They are building an Internet Security News Channel- 24/7 streamed video for customers- shows, talks, tutorials, breaking news.

Impressive demo of customer interaction with a computer, answering a billing question. They have taken it live for customers- toys’r'us, for example. See it as a product more than tool for internal use, which is interesting.

Sweet demo video of real-time voice recognition, including on-the-fly learning of proper nouns. Demo was clearly ‘filmed’ in metacity- labs researcher is using GNOME, I guess. Cool :) [Eslambolchi is using Windows, of course :)

Control v. Freedom- believes industry should move towards freedom. yay :)

• control: passive reception of information and entertainment; freedom: active participation; choose when/where/how
• control: limited news providers with fixed newscasts; freedom: blogs, personal video studios- the impact of billions of webcams.
• control: proprietary solutions; freedom: standards bodies
• control: proprietary software; freedom: open source (specifically cited bugs as a driving force)
• c: licensed spectrum; f: smart radio over unlicensed spectrum- bits/hz will increase, so needs more hz
• c: regulated access; f: open access
• c: proprietary networks, vendor dependency; f: open networks, architecture, and API. Smart companies should become dynamic software companies instead of implementing things in hardware- become MS instead of IBM implied.
• c: sync; f: async

Q&A:

Is a holder of 700 patents, but thinks frivolous patents are a problem. Implies competition needs to be on actual innovation embodied in code. Totally sidetracks to P2P stuff; thinks there will continue to be battles for ages about cloaked 'illegal' software v. law/legal forces.

end-to-end question; thinks that it will be hard to wean tech consumers from edge-centric security, but that it is necessary because the edges can't be as reliable/up-to-date as things in the middle, because the middle can do data collection+mining, which the edges cannot. Thinks it'll be a decade or two before the next-gen internet will solve some issues to make the next 'net capable of being secure while not getting in anyone's way very much. Focus is of course on corporate networks. [I used to think Yochai Benkler's argument that wireless will save us from corporate-commercial-regulated network monitoring was insane, but with WiMax, that might not be completely insane anymore.]

Data mining is purely on the packet headers, not on the packet contents generally because of privacy concerns.

Got many, many wishes of luck yesterday with the new job (which is still not 100%-super-duper set in stone, but basically is, I guess). Thanks to everyone who wrote.

Good day. Took a practice LSAT all morning. The games section broke me, but otherwise did very, very well. So at least I know what I have to focus on for the next couple weeks.

Have started a new workout routine (still purely based on stuff I can do at home, no weights or machines) and am sore all over. I’m doing fewer repetitions, but feel like I’m accomplishing more. If it really does continue to feel successful in, say, a month, I’ll post a link to the website I got the new exercises from with a hearty endorsement.

Attended a lunch talk given by Glorianna Davenport of the Media Fabrics group at MIT. Was pretty interesting, though I wish she’d been able to give some demos. The payoff for me was the random thought that gallery shouldn’t have slideshows in the old-fashioned linear sense, but rather should be like dasher (which I see is advertising for a job- free software job writing cool software job for brits- go to it!). Maybe with fewer funky colors :) But yeah, instead of a linear slideshow with a simple ‘next’, I’d like gallery to present options to my viewers- try to predict five or so pictures that will be interesting to them, based on what they are looking at now, what they’ve looked at previously (no repetition, most likely), available keywords, other metadata. Throw those up in one margin with thumbnails, and let people click on any of them instead of just ‘next’. Probably make the one that I’ve designated as next bigger/more central, but give them other options. Maybe make one of them random. Anyway, thinking out loud.

[On a slightly related note, gallery 2 is out. They had some pretty nice SoC stuff (inc. a pretty nice DHTML browse mode and an RSS feed, so I'll probably switch whenever they get sqlite support. This whole business of thinking that everything on earth should require setting up a whole sql server is insane.]

Barring spectacularly late-blooming problems, I’m excited to announce that I’ll soon be joining Harvard Law’s Berkman Center for Internet and Society as ‘head geek’ (or something like that). I still very much plan to attend school next fall, but the Berkman folks are happy to have me anyway for some reason :) The job will mean less direct involvement in GNOME in the short term (certainly less IRC and fewer mailing lists) but hopefully long term it will help me learn skills and make connections that will help Free Software in the future. Wish me luck, at any rate :)

Tor is a cool anonymity-providing proxy from the Electronic Frontier Foundation. They’ve decided they want a GUI, and are having a Tor GUI contest to solicit suggestions for one. The contest is being judged by some cool folks like Edward Tufte and Bruce Schneier. Sounds like it might be good fun for someone from our community to sit down and hack out- they don’t even have a cross-platform requirement for the UI, though I’m guessing that would be a big plus. Passing this along to the planet…

I have again started pondering the state of GUADEC and the Foundation in general, and it has again threatened to make my mood dark and stormy. Stayed up too late. Wrote some flames, hopefully some of which will stimulate much-needed discussion. Hopefully even more constructively did a SWOT analysis of GUADEC. I think a lot of that information is already conventional wisdom, but no one is acting on it :) and I’ve never seen it written down. Hopefully this is a good way to get some issues clarified so that we can know where we are and consider where we should go and/or how to patch up the base. The exercise was interesting enough (at least to me ;) that I’m considering doing the same for the Foundation. That one will be fun, let me tell you :)

On the even more plus side, wrote and saved a change of affiliation email, though not going to email that particular chicken until it is 100% hatched, hopefully tomorrow night.

Otherwise, just a nice weekend- pretty good weather, continued liveCD creation by marcus (up to 14 now!), some very nice meals and lazy TV watching with Krissa. I bailed out on mako and software freedom day, but after travel, GMAT, first LSAT practice test, release stress, and other stuff, I just didn’t feel up to it.

I’ve had three people email me and say ‘why isn’t the liveCD available in my language’. The answer is that they did not email marcus bauer with the very small piece of information he requested. Do that and odds are good (though not guaranteed) you’ll get a liveCD up in your language.

Marcus would also love build help from the i18n team- right now, there is no real i18n infrastructure for the liveCDs, just ad-hoc directories and copy/past of things that get emailed around. Would be nice if it were all in the normal infrastructure, so that it was counted as part of the i18n stats. That’s obviously a 2.14 thing, but still, it would rock to have so that we can help spread the word.

Now that 2.12.0 liveCD nuttiness is slightly winding down for me, some random things I’d really love to see in 2.14, all of which should be very doable:

• Officially adopt network-manager, and then aggressively port network-related apps (evo, ephy, and weather-applet for example) to behave intelligently when n-m says there is no network.
• gnome-screensaver and fusa becoming official parts of the desktop, and integrated with gdm.
• An official torrent client.
• LiveCD infrastructure translated as part of the official l10n core, with standard tools. Regular 2.13 liveCD releases, and working with more magazines to get the 2.13.90/91 CDs distributed very widely.
• Integration of the SoC stuff, particularly Lorenzo’s startup time work.

More dreamy:

• If Lorenzo’s work is good enough, kill the gnome-session splash screen.
• Creative Commons integration of some sort.
• Widespread use of LDTP or something similar in ‘make check’.
• Bug-buddy switching to XML-RPC and dropping client-side product/component guessing in favor of intelligence on the server.
• One or two cairo-based gtk themes that aren’t just smoother and shinier, but funkier.

Of course, there is lots of cool stuff already in the GNOME RoadMap that I hope also gets done, particularly in gnomemeeting and evolution.

Am currently inflicting Duke football on myself. It’s just… argh. If they were just smaller and slower and got beat that way, that would be fine. But they just don’t play smart football. 10 minutes into the game, Duke has given Tech two first downs by penalty and turned it over on a penalty on a fourth down trick play. I know we’re improving, though, because at least so far we have no interceptions or fumbles. (It took about two minutes of game time after I wrote that for it to become untrue. Sigh.) Then Duke had a brilliant interception. Which promptly became third and 35. Sigh.