More on SW Ecosystems (long)

In this article, the author presents ecosystems as consisting of the partners that surround and support a software package. In this blog posting, the author presents several different components of open source ecosystems, including ISVs and other downstream firms. In yet another article, Business Week includes customers, stack aggregators such as SpikeSource, and (to some degree) the VCs. In a typically comprehensive fashion, Gartner defines an open source ecosystem explicitly as

the set of policies, processes, individuals and organizations that can influence, support, staff, finance, train, and educate users and developers of a community for the purpose of making it self-sustainable over a period of time that is compatible with the life cycle of technology investments for the user community.

Finally, Forrester Research says that

"An open source ecosystem is emerging that serves the same functions as a traditional software company — but through multiple organizations. In the past, your software supplier would supply the software, support, maintenance, training, and consulting. The new open source ecosystem provides these services through communities, companies, consortia, and other means. As a result, customers have access to the same services they are used to from traditional suppliers, but they have to understand how to make the open source ecosystem work for them." (note: I do not have access to these Forrester reports as they costs $795 which is not in my budget. However, slides corresponding this first link can be found here.)

Forrester also says that

An open source ecosystem is emerging, however. Though this open source ecosystem is made up of many new types of organizations, such as communities and consortia, the organizations deliver the same four functions as closed source vendors: product development, distribution, services, and marketing. This map of open source players will enable firms to follow a practical approach to build their own open source ecosystem to suit their software needs.

All these quotes leave me with the impression that (a) there is something to the concept of an ecosystem in open source and more generally, in software, (b) the ecosystem concept must include a wide range of participants/units/members/etc., and (c) there is a lot of resource flow in a healthy ecosystem but measuring it will be a hot mess. And I'm just the man for the job.

The needs of the Security Profession

CIO magazine published an article on the new required skills for security professionals, including a business acumen (perhaps an MBA) and a basic understanding of psychology. Interesting reading to keep in mind when we begin to build a security curriculum"

Successful Open Source Companies

Yes, the focus of the title of this post is on the companies, but I would argue that much of the discussion is (of course) on the ecosystems surrounding them. Two links here, which I will do my best to summarize a little later (but I did not want to lose the links):

• An Entiva Group Analyst posts his ideas about what makes for a successful commercial open source operation, and it's a pretty good list.


• A principal with venture capital firm Hummer Winblad opines that the three most important letters in open source are CYA. This article confirms much of what we have discussed and/or encountered several times in talking with other folks about the OSS business.

I'm sure there are other posts out there (in particular,look through Matt Asay's interesting and voluminous blog posts), but these will do for now. I'll recap and summarize later.

Last post (for tonight) on the OSS ecosystem

Matt Asay discusses a ZDnet article on the "War of the Ecosystems" that makes several points that I should keep in mind when developing a presentation on this stuff.

Further on the "open source ecosystem" chain

Speaking of the blog by the "Director of Ecosystem Development for the Eclipse Foundation", he posted an entry discussing an interesting study on the success of OSS projects, in which he made the following comment:

To me, success would be a healthy ecosystem with lots of commercial and non-commercial activity. This would be pretty difficult to measure, not only to find publicly available data, but because it's not clear how to measure the "health" of an ecosystem. There is hopefully an opportunity for research in this area moving forward. (emphasis added)

BINGO! I think I have an interested reader here...I DEFINITELY need to give him a shout out when I get close to an answer.

The Open Source Forge trend

BTW: another sign of OSS growth is the tendency toward a 'forge', as used by Ruby, SugarCRM, MuleSource, and others in addition to the original - Sourceforge. From what my 'insiders' are telling me, this is a developing trend.

More on Open Source Ecosystems

There are other sites out there discussing the phrase 'open source ecosystems'. Here are a few interesting ones:

• An interesting post by one of the guys who helped develop Ruby on Rails, which is a great new OSS language for Web 2.0.


• A news article about the importance of third parties such as Pervasive to form an ecosystem around open source projects (in this case around PostgreSQL.


• A 2005 research article by IBM stating (among other things) that an open source project "needs to build an ecosystem" in order to reach a critical mass for viability.


• What looks like a wiki-evolving definition (or is that 'wikivolving'- is that a word yet? should I TM it?) of an open source business ecosystem on ObjectWeb.


• A blog from a guy whose job is Director of Ecosystem Development for the Eclipse Foundation. (I ought to try to ring him up sometime just for a chat)


• A presentation on Collaboratively Evolving Ecosystems in the context of government-sponsored open source projects, essentially laying out the case for moving from "N*build to 1*build + N*improve" (an interesting way to look at the benefits of OSS.

All this to suggest that I am certainly not the originator of the term nor the only one interested in it. Here's hoping I can add to the conversation in a truly meaningful way.

Linux Ecosystem to be worth $40B, per IDG

According to this report by IDG, the Linux ecosystem will be worth $40B by the year 2010. The actual figure is not as interesting as the fact that they used the term 'ecosystem', which is pretty cool.

My favorite Wikipedia page

OK, it is not related to my dissertation (at least not directly), but I like this Wikipedia page very much. Especially the quote from Dr. Frankfurt's book:

It is impossible for someone to lie unless he thinks he knows the truth. Producing bullshit requires no such conviction. A person who lies is thereby responding to the truth, and he is to that extent respectful of it. When an honest man speaks, he says only what he believes to be true; and for the liar, it is correspondingly indispensable that he considers his statements to be false. For the bullshitter, however, all these bets are off: he is neither on the side of the true nor on the side of the false. His eye is not on the facts at all, as the eyes of the honest man and of the liar are, except insofar as they may be pertinent to his interest in getting away with what he says. He does not care whether the things he says describe reality correctly. He just picks them out, or makes them up, to suit his purpose.

Classic. Reminds me of what most scholars do (whether they know it or not) when they write.

Oops...perhaps that's bullshit.

Marc Fleury has left the building

Its official - Marc no longer works for Red Hat. After selling his company for $420M in 2006, what else was there for him to do? He has long despised the role of middle manager, which in many respects he would have become - albeit a very high position in that middle. He would no longer really be 'the man', but only 'the man sitting next to the man'. I could not see Marc going out like that.

Besides, some reports have him personally getting as much as $150M out of the deal, which is pretty darn good after he started the company in 1999. I would love to be so lucky, but I cannot think on that scale. Kudos to Marc, but I can't wait to see what he comes up with next - in addition to his techno DJ career, that is.

Security Breaches and compensation

The University of Georgia had a security breach recently, which was very lightly covered by the media. In response to the breach, you get the standard fare of apologies and news releases (just like we saw in the Ohio University breach last year...but no remuneration for credit report freezes or any other incurred expense by the people whose information was compromised. Why not?

Help! We're under attack!

Posted on CNN and elsewhere, 3 of the 13 'key Internet computers' were were under attack by a massive hack attack. According to the CERT center,

At approximately 0001 GMT on 6 Feb 2007, several root-level DNS servers began receiving a large volume of malformed DNS queries. This initial attack appears to have been a warm-up for a much larger attack that began at 1000 GMT.

DNS servers G (U.S. DOD Network Information Center), L (Internet Corporation for Assigned Names and Numbers), and M (WIDE Project) appear to have been the most severely impacted although none were ever unreachable. The servers were operational and reachable even with the high volume of traffic.

Fortunately, we internet users did not know what was hitting us. Unfortunately, this is becoming more and more likely. Buckle up.

Successful OSS firms

Interesting read from Information Week on How To Tell The Open Source Winners From The Losers. Don't miss the sidebars.

You gotta be kidding me...8 seconds???

How long would it take for a newly internet-attached PC to be attacked by the silent army of hackers around the world? Sadly, the answer according to
this BBC article from 2005 is "eight seconds". Think about it: "1-Mississippi, 2-Mississippi, 3-Mississippi, 4-Mississippi, 5-Mississippi, 6-Mississippi, 7-Mississippi, 8-Mississippi" - and you're hacked. Sobering thought, especially for those who hate anti-virus software packages (and I am one of them).

In some ways, this is an old story - even for the BBC, but the results are still alarming.

What I would study if I were not in MIS...

Contrary to the central notion of this blog, which is to keep track of opportunities for practical, relevant research in MIS for future usage and study, I am absolutely in love with the philosophy of science. It appeals to the egghead inside me that wants to leave a scholarly mark on the world. And yet, there is something so distant and archane about the way these things are approached. For instance, one of the "open problems in Philosophy", is the Demarcation Problem, which essentially is an attempt to find the line between science and non-science (and yes, there is much more to the story than that). As an application of this notion to MIS, I wonder if we can really call most of what is done in business schools a 'scientific' endeavor. Note that I am not questioning the value or relevance, only whether or not we can really call it 'science'. (Note to self: look at this book by Curd and Cover later.

Of course, I can still study this as a MIS professor, but it sure isn't going to help much in the way of publishing things for tenure - which is the first goal.

Microsoft Office 'Zero-Day' Attack

Slashdot reports that the new version of Microsoft Office is already under attack. No surprise there -- and I am not blaming Microsoft. Why attack Open Office when there are so few users? Why not attack MSFT Office and its legion of well-placed (meaning Corporate) users?

Usable Security

Interesting report on how Bank of America's Sitekey doesn't work as well as it should. This and other reports can be found at this conference which is formed around different aspects of 'usable security'. In some respects, this deals with similar earlier work (ACM membership required - mirror copy here) by Mary Ellen Zurko on User-Centered Security - which she has apparently updated recently.

No more whining

In response to the previous post entitled "Coding Sucks", this blog has officially become a "No Whining Zone".

On second thought, isn't that one of the purposes of having a blog...to whine???

Coding Sucks!!

Given my current coding framework, I will need to come up with codes for a metaschema that will need to fit the following basic format:


{unit} {predicate} {resource1 [, resource2]}


Where there are (at least) 5 units not including the individuals themselves, 5 predicates (including contributes, accumulates, uses, exchanges, and transforms; the latter two require the second resource), and over 10 resources (more like 18-20) of three types (capital, goods, and services).


This level of 'micro-analysis' cannot be necessary. Unfortunately, my advisor (who I respect highly, mind you) says that it is absolutely necessary for the next round of analysis. Bummer... Looks like it's time for another quote by Ovid:

Endure and persist; this pain will turn to good by and by.

What a good week...so far

What a difference a week makes! I can now see clearly to what I have to do to get out of here.

• No, I do not have a good coding template yet, but I am well on the way to having one. The new, new one has a lot of good points going for it, but I will have to go back over it again, which sorta stinks but is better than the previous one.
• The interviews since 1/24 (four, with 2 more for this week and one to reschedule) have been outstanding! I can honestly say that I have learned a lot about the cases that I have been studying and also about the software industry in general. Lots of good info on all fronts!
• Received official invitation to a think-tank that will cover the area that I am doing for my dissertation and my writing for the next 4-5 years. Should be an excellent way to get some great contacts. I can even see how this could lead to some personal equity-building activities.
• Wrote a brief which should set up my dissertation writeup, which my advisors think would be ok. Additionally, they want to work on a separate case, which should satisfy the aspirations of the CEO of the case firm.
• Worked on two other non-dissertation related projects, both of which should lead to publications.

A great, great week indeed! Now for the next week, I need to work very, very hard on coding and data analysis to see if I will be able to produce some meaningful insights...