So open it hurts

So open it hurts

Bernice Yeung’s character piece (“So Open it Hurts“) about my relationship with Tara is now available online (feels somewhat awkward using her full name, as she used mine in her post on the story, so I’ll take liberties and presume some familiarity on the part of you, my dear reader).

On the one hand, I feel a bit embarrassed and reluctant having had the entrails of our relationship splayed out over 15 digital pages or 13 print pages starting on page 57 of this month’s San Francisco Magazine (which I recommend, given modern reading habits).

On the other, it’s quite an honor that someone as talented as Bernice would take an interest in us and our work and spend over eight months gathering information, anecdotes and ideas through the tumult of our two-plus-year relationship. It is worth noting that the story began modestly about the germination of the coworking movement, but after several other media outlets beat her to the scoop, Bernice decided to bring the backstory of our relationship to the forefront. In other words, when Bernice started talking to us, our conversations were about coworking, not our relationship. I can’t even imagine how many times Bernice had to rewrite the piece, especially since, months into her research, as you know, Tara and I broke up. But in the end, that’s what Bernice decided to focus on and write about.

In trying to piece together what to make of this story and how to feel about it, in some ways I’ve been more interested in other people’s varied reactions to it — not quite in the same way that Tara described as “vulnerability” leading to defensiveness (though I recognize that effect in myself occasionally), but more from the perspective of a bystander witnessing other people thinking out loud about other people leading more public lives.

Some people seem to really support the choice (or ability) to live openly. Others question it, or even lambast the choice, calling it “egocentric” or “juvenile” or “self-important navel-gazing“. That’s cool. Some people are apparently able to devote more of their cognitive surplus ogling and critiquing the lives of others. Whatevs.

That our relationship was something of a spectacle is not beyond my grasp. I do see it — even if throughout the relationship I kind of held that idea in the abstract, like, “well, people know this internet concoction that is ‘The Tara & Chris Show’, but I’m still the same regular dude I’ve always been…” I don’t think it was ever the intention — or at least something that I put any conscious effort in to — to become known for being a publicish couple. It just kind of happened. I mean, hell, Tara says as much when she points out that it took her pushing me out a window to get me to show some gumption on the projects that I stoked and then ran away from leading! I guess to put this in perspective, the story is interesting, and it’s interesting to me, because as it is for most people who end up featured in articles, a lot of it is about being in the right place at the right time, surrounded by the right people. No amount of self-aggrandizement can do this for you. It happens to you. Oftentimes in spite of what you might have otherwise preferred.

I also think that we were something of an anomaly, especially in our pathetically male-dominated industry. Ayn Rand talks about it the Fountainhead. And in our case, you had it two-fold: two passionate and dedicated individuals coming together romantically, professionally and productively — even if only for a relatively short amount of time — able to produce results… And that we did it using new and unknown social tools, well, that’s kind of interesting. And says something about the period we’re living in. I mean, it is interesting to think that the design of Flickr and Twitter actually shaped the contours of our relationship: by facilitating openness as the default, our relationship was simply more open and exposed. And long after lonelygirl15 was proven to be a farce, the result was that we ended up with this amazing network of friends and contacts, made up of people who got to know us as individuals and as a couple, and to know that we are just your regular folks, and that we use the same internet as everyone else, and that we stumble humiliatingly and earnestly along just as everyone else, seeking the approval and attention of our peers, while giving away the source code to our ideas and our experiences all along the way.

Really, so what?

Really: so what?

. . .

Tara said to me that we’re at the end of an era. And that, in some ways, this story, now published, serves as a transition point. I was reluctant at first, but now I agree. I told Bernice that I felt like I’d aged six years in six months when she last interviewed me this spring, and that’s true; even though I’m still pretty naive and more ignorant than I care to admit, I’m older now than I was in my relationship with Tara. Tara forced me to grow up a lot and to take a lot more responsibility for my feelings, for my actions and for my thoughts. And so, as we (I) transition from the awkward adolescence of the social web, I take with me lessons about . . . the natural and effective constant exercise of free will.

. . .

. . .

Y’know, I didn’t say very much at all during the months following our breakup. Oftentimes I thought to myself, “you should write something about what’s going on… in case someone else is ever in this situation. Or to defend yourself.” But I always stopped myself.

Sometimes things are too personal to share, and sometimes experiences cannot, or should not, be generalized. Sometimes what’s there to be learned is in the going through, not in the seeing it done. I also think that it’s perfectly valid that each person make up their own mind about how open they want to be about their life, for better or for worse, to whatever extent fits their needs. I typically try to be as open as I’m comfortable with, and then a little more, but it doesn’t always work out that way. While I hope that I can provide one kind of example that might be useful in some cases, I certainly don’t imagine that my example is one that would work for everyone, or even necessarily anyone else.

Yes, we were open about our relationship to an extent that many people would probably prefer not to be; that was a choice we made, and that I think made sense at the time. I’m now in a new relationship, and a very different relationship, and I will treat it according to its own unique nature and internal logic. How “open” we will be, I can’t say. But that I am more open, in a much transformed, deeper, way, is unarguable. That much I know to be true.


The Open Web Foundation

Open Web Foundation logoDuring this morning’s keynote at OSCON, David Recordon announced the formation of the Open Web Foundation (his slides), an initiative with which I am involved, aimed at becoming something akin to a “Creative Commons for patents”, with the intention of lowering the costs and barriers to the development and adoption of open and free specifications like OpenID and OAuth.

As I expected, there’s been some healthy skepticism that usually starts with “Another foundation? Really?” or “Wait, doesn’t [insert other organization name] do this?

And the answers are “Yes, exactly” and “No, not exactly” (respectively).

I’ll let John McCrae explain:

…every grass roots effort, whether OpenID, OAuth, or something yet to be dreamt up, needs to work through a whole lot of issues to go from great idea to finalized spec that companies large and small feel comfortable implementing. In particular, large companies want to make sure that they can adopt these building blocks without fear of being sued for infringing on somebody’s intellectual property rights. Absent the creation of this new organization, we were likely to see each new effort potentially creating yet-another-foundation to tackle what is essentially a common set of requirements.

And this is essentially where we were in the OAuth process, following in the footsteps of the OpenID Foundation before us, trying to figure out for ourselves the legal and intellectual property issues that stood in the way of [a few] larger companies being able to adopt the protocol.

Now, I should point out that OAuth and OpenID are the result of somewhat unique and recent phenomena, where, due to the low cost of networked collaboration and the high value of commoditizing common protocols between web services, the OAuth protocol came together in just under a year, written by a small number of highly motivated individuals. The problem is that it’s taken nearly the same amount of time trying to developer our approach to intellectual property, despite the collective desire of the authors to let anyone freely use it! This system is clearly broken, and not just for us, but for every group that wants to provide untethered building blocks for use on the open web — especially those groups who don’t have qualified legal counsel at their disposal.

That other groups exist to remedy this issue is something that we realized and considered very seriously before embarking on our own effort. After all, we really don’t want to have to do this kind of work — indeed it often feels more like a distraction than something that actually adds value to the technology — but the reality is that clarity and understanding is actually critical once you get outside the small circle of original creators, and in that space is where our opportunity lies.

In particular, for small, independent groups to work on open specifications (n.b. not standards!) that may eventually be adopted industry-wide, there needs to be a lightweight and well-articulated path for doing the right thing™ when it comes to intellectual property that does not burden the creative process with defining scope prematurely (a process that is costly and usually takes months, greatly inhibiting community momentum!) and that also doesn’t impose high monetary fees on participation, especially when outcomes may be initially uncertain.

At the same time, the final output of these kinds of efforts should ultimately be free to be implemented by all the participants and the community at large. And rather than forcing the assignment of all related patents owned by all participants to a central foundation (as in the case of the XMPP Foundation) or getting every participant to license their patents to others (something most companies seem loathe to do without some fiscal upside), we’ve seen a trend over the past several years towards patent non-assert agreements which allow companies to maintain their IP, to not have to disclose it, and yet to allow for the free, unencumbered use of the specification.

If this sounds complicated, it’s because it is, and is a significant stumbling block for many community-driven open source and open specification projects that aim for, or have the potential for, widespread adoption. And this is where we hope the Open Web Foundation can provide specific value in creating templates for these kinds of situations and guiding folks through effective use of them, ultimately in support of a more robust, more interoperable and open web.

We do have much work ahead of us, but hopefully, if we are successful, we will reduce the overall cost to the industry of repeating this kind of work, again, in much the same way Creative Commons has done in providing license alternatives to copyright and making salient the notion that the way things are aren’t the only way they have to be.

The Community Ampflier

Twitter / O'Reilly OSCON: Chris Messina receiving "Be...

os-awardI am honored to be a recipient of this year’s Google O’Reilly Open Source Award for being the “best community amplifier” for my work with the microformats, Spread Firefox and BarCamp communities! (See the original call for nominations).

Inexplicably I was absent when they handed out the award, hanging out with folks at a Python/Django/jQuery drinkup down the street, but I’m humbled all the same… especially since I work on a day to day basis with such high caliber and incredible people without whom none of these projects would exist, would not have found success, and most importantly, would never have ever mattered in the first place.

Also thanks to @bmevans, @TheRazorBlade, @kveton, @anandiyer, @donpdonp, @dylanjfield, @bytebot, @mtrichardson, @galoppini for your tweets of congratulations!

And our work continues. So lucky we are, to have such good work, and such good people to work with.

Feature request: OAuth in WordPress

Twitter / photomatt: @factoryjoe I would like OA...

In the past couple days, there’s been a bit of a dust-up about some changes coming to WordPress in 2.6 — namely disabling ATOM and XML-RPC APIs by default.

The argument is that this will make WordPress more secure out of the box — but the question is at what cost? And, is there a better solution to this problem rather than disabling features and functionality (even if only a small subset of users currently make use of these APIs) if the changes end up being short-sighted?

This topic hit the wp-xmlrpc mailing list where the conversation quickly devolved into spattering about SSL and other security related topics.

Allan Odgaard (creator TextMate, as far as I can tell!) even proposed inventing another authorization protocol.


There are a number of reasons why WordPress should adopt OAuth — and not just because we’re going to require it for DiSo.

Heck, Stephen Paul Weber already got OAuth + AtomPub working for WordPress, and has completed a basic OAuth plugin for WordPress. The pieces are nearly in place, not to mention the fact that OAuth will pretty much be essential if WordPress is going to adopt OpenID at some point down the road. It’s also going to be quite useful if folks want to post from, say, a Google Gadget or OpenSocial application (or similar) to a WordPress blog if the XML-RPC APIs are going to be off by default (given Google’s wholesale embrace of OAuth).

Now, fortunately, folks within Automattic are supportive of OAuth, including Matt and Lloyd.

There are plenty of benefits to going down this path, not to mention the ability to scope third party applications to certain permissions — like letting Facebook see your private posts but not edit or create new ones — or authorizing desktop applications to post new entries or upload photos or videos without having to remember your username and password (instead you’d type in your blog address — and it would discover the authorization endpoints using XRDS-SimpleEran has more on discovery: Magic, People vs. Machines).

Anyway, WordPress and OAuth are natural complements, and with popular support and momentum behind the protocol, it’s tragic to see needless reinvention when so many modern applications have the same problem of delegated authorization.

I see this is a tremendous opportunity for both WordPress and OAuth and am looking forward to discussing this opportunity — at least consideration for WordPress 2.7 — and tonight’s meetup — for which I’m now late! Doh!

A conversation about social network interop and activity stream relevance

Brian Oberkirch captured some video today of a conversation between him, David Recordon and myself at GSP East about social network interop, among other things.

Hot on the heals on my last post, this conversation is rather timely!

Parsing the “open” in Facebook’s “fbOpen” platform

fbOpenYesterday, as expected, Facebook revealed the code behind their F8 platform, a little over a year after its launch, offering it under the Common Public Attribution License.

I can’t help but notice the glaring addition of Section 15: Network Use and Exhibits A and B to the CPAL license. But I’ll dive into those issues in a moment.

For now it is worth reviewing Facebook’s release in the context of the OSI’s definition of open source; of particular interest are the first three sections: Free Redistribution, Source Code, and Derived Works. Arguably Facebook’s use of the CPAL so far fits the OSI’s definition. It’s when we get to the ninth attribute (License Must Not Restrict Other Software) where it becomes less clear whether Facebook is actually offering “open source” code, or is simply diluting the term for its own gain, given the attribution requirement imposed in Exhibit B:

Each time an Executable, Source Code or Larger Work is launched or initially run (including over a network), a display of the Attribution Information must occur on the graphic user interface employed by the end user to access such Covered Code (which may include a splash screen).

In other words, any derivative work cleft from the rib of Facebook must visibly bear the mark of the “Initial Developer”, namely, Facebook, Inc., and include the following:

Attribution Copyright Notice: Copyright © 2006-2008 Facebook, Inc.
Attribution Phrase (not exceeding 10 words): Based on Facebook Open Platform
Attribution URL:
Graphic Image as provided in the Covered Code:

Most curious of all is how Facebook addressed a long-held concern of Tim O’Reilly that open source licenses are obsolete in the era of network computing and Web 2.0 (emphasis original):

…it’s clear to me at least that the open source activist community needs to come to grips with the change in the way a great deal of software is deployed today.

And that, after all, was my message: not that open source licenses are unnecessary, but that because their conditions are all triggered by the act of software distribution, they fail to apply to many of the most important types of software today, namely Web 2.0 applications and other forms of software as a service.

And in the Facebook announcement, Ami Vora states:

The CPAL is community-friendly and reflects how software works today by recognizing web services as a major way of distributing software.

Thus Facebook neatly skirts this previous limitation in most open source licenses by amending Section 15 to the CPAL, explicitly covering “Network Use”:

The term ‘External Deployment’ means the use, distribution, or communication of the Original Code or Modifications in any way such that the Original Code or Modifications may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of license hereunder, You must treat any External Deployment by You of the Original Code or Modifications as a distribution under section 3.1 and make Source Code available under Section 3.2.

I read this as referring to network deployments of the Facebook platform on other servers (or available as a web service) and forces both the release of code modifications that hit the public wire as well as imposing the display of the “Attribution Information” (as noted above).

. . .

So okay, first of all, we’re not really dealing with the true historic definition of open source here, but we can mince words later. The code is available, is free to be tinkered with, reviewed, built on top of, redistributed (with that attribution restriction) and there’s even a mechanism for providing feedback and logging bugs. Best of all, if you submit a patch that is accepted, they’ll send you a Facebook T-shirt! (Wha-how! Where do I sign up?!)

Not ironically, Facebook’s approach with smells an awful lot like Microsoft’s Shared Source Initiative (some background). Consider the purpose of one of Microsoft’s three Shared Source licenses, the so-called “Reference License”:

The Microsoft Reference License is a reference-only license that allows licensees to view source code in order to gain a deeper understanding of the inner workings of a given technology. It does not allow for modification or redistribution. Microsoft uses this license primarily for technologies such as its development libraries.

Now compare that with the language of Facebook’s announcement:

The goal of this release is to help you as developers better understand Facebook Platform as a whole and more easily build applications, whether it’s by running your own test servers, building tools, or optimizing your applications on this technology. We’ve built in extensibility points, so you can add functionality to Facebook Open Platform like your own tags and API methods.

While it’s certainly conceivable that there may be intrepid entrepreneurs that decide to extend the platform and release their own implementations (which, arguably would require a considerable amount of effort and infrastructure to duplicate the still-proprietary innards of Facebook proper — remember that the fbOpen platform IS NOT Facebook), they’d still need to attach the Facebook brand to their derivative work and open source their modifications, under a CPAL-compatible license (read: not GPL).

In spite of all this — and whether Facebook is really offering a “true” open source product or not — is really not the important thing. I’m raising issues simply to put this move into a broader context, highlighting some important decision points where Facebook zagged where others might have otherwise zigged, based on their own priorities and aspirations with the move. Put simply: Facebook’s approach to open source is nothing like Google’s, and it’s critical that people considering building on either the fbOpen platform or OpenSocial do themselves a favor and familiarize themselves with the many essential differences.

Furthermore, in light of my recent posts, it occurs to me that the nature of open source is changing (or being changed) by the accelerating move to cloud computing architectures (where the source code is no longer necessarily a strategic asset, but where durable and ongoing access to data is the primary concern (harkening to Tim O’Reilly’s frequent “Data is the Intel Inside” quip) and how Facebook is the first of a new class of enterprises that’s growing up after open source.

I hope to expand on this line of thinking, but I’m starting to wonder — with regards to open source becoming essentially passé nowadays — did we win? Are we on top? Hurray? Or, did we bet on the wrong horse? Or, did the goalposts just move on us (again)? Or, is this just the next stage in an ongoing, ever-volatile struggle to balance the needs of business models that tend towards centralization against those more free-form and freedom seeking and expanding models where information and knowledge must diffuse, and must seek out growth and new hosts in order to continue to become more valuable. Again, pointing to Tim’s contention that Web 2.0 is also at least partly about harnessing collective intelligence, and that data sources that grow richer as more people use them is a facet of the landscape, what does openness mean now? What barriers do we need to dissemble next? If it’s no longer the propriety of software code, then is it time that we began, in earnest, to scale the walls of the proprietary data horders and collectors and take back (or re-federate) what might be rightfully ours? Or that we should at least be given permanent access to? Hmm?

Related coverage:

Facebook, the USSR, communism, and train tracks

Low hills closed in on either side as the train eventually crawled on to high, tabletop grasslands creased with snow. Birds flew at window level. I could see lakes of an unreal cobalt blue to the north. The train pulled into a sprawling rail yard: the Kazakh side of the Kazakhstan-China border.

Workers unhitched the cars, lifted them, one by one, ten feet high with giant jacks, and replaced the wide-gauge Russian undercarriages with narrower ones for the Chinese tracks. Russian gauges, still in use throughout the former Soviet Union, are wider than the world standard. The idea was to the prevent invaders from entering Russia by train. The changeover took hours.

— Robert D. Kaplan, The Ends of the Earth

I read this passage today while sunning myself at Hope Springs Resort near Palm Springs. Tough life, I know.

The passage above immediately made me think of Facebook, and I had visions of the old Facebook logo with a washed out Stalin face next to the wordmark (I’m a visual person). But the thought came from some specific recent developments, and fit into a broader framework that I talked about loosely to Steve Gillmor about on his podcast. I also wrote about it last week, essentially calling for Facebook and Google to come together to co-develop standards for the social web, but, having been reading up on Chinese, Russian, Turkish and Central Asian history, and being a benefactor of the American enterprise system, I’m coming over to Eran and others‘ point that 1) it’s too early to standardize and 2) it probably isn’t necessary anyway. Go ahead, let a thousand flowers bloom.

If I’ve learned anything from Spread Firefox, BarCamp, coworking and the like, it’s that propaganda needs to be free to be effective. In other words, you’re not going to convince people of your way of thinking if you lock down what you have, especially if what you have is culture, a mindset or some other philosophical approach that helps people narrow down what constitutes right and wrong.

Look, if Martin Luther had nailed his Ninety-five Theses to the door but had ensconced them in DRM, he would not have been as effective at bringing about the Reformation.

Likewise, the future of the social web will not be built on proprietary, closed-source protocols and standards. Therefore, it should come as no surprise that Google wants OpenSocial to be an “open standard” and Facebook wants to be the openemest of them all!

The problem is not about being open here. Everyone gets that there’s little marginal competitive advantage to keeping your code closed anymore. Keeping your IP cards close to your chest makes you a worse card player, not better. The problem is with adoption, gaining and maintaining [developer] interest and in stoking distribution. And, that brings me to the fall of the Communism and the USSR, back where I started.

I wasn’t alive back when the Cold War was in its heyday. Maybe I missed something, but let’s just go on the assumption that things are better off now. From what I’m reading in Kaplan’s book, I’d say that the Soviets left not just social, but environmental disaster in their wake. The whole region of Central Asia, at least in the late 90s, was fucked. And while there are many causes, more complex than I can probably comprehend, a lot of it seems to have to do with a lack of cultural identity and a lack of individual agency in the areas affected by, or left behind by, Communist rule.

Now, when we talk about social networks, I mean, c’mon, I realize that these things aren’t exactly nations, nation-states or even tribal groups warring for control of natural resources, food, potable water, and so forth. BUT, the members of social networks number in the millions in some cases, and it would be foolish not to appreciate that the borders — the meticulously crafted hardline boundaries between digital nation-states — are going to be redrawn when the battle for cultural dominance between Google (et al) and Facebook is done. It’s not the same caliber of détente that we saw during the Cold War but it’s certainly a situation where two sides with very different ideological bents are competing to determine the nature of the future of the [world]. On the one hand, we have a nanny state who thinks that it knows best and needs to protect its users from themselves, and on the other, a lassé-faire-trusting band of bros who are looking to the free market to inform the design of the Social Web writ large. On the one hand, there’s uncertainty about how to build a “national identity”-slash-business on top of lots of user data (that, oh yeah, I thought was supposed to be “owned” by the creators), and on the other, a model of the web, that embraces all its failings, nuances and spaghetti code, but that, more than likely, will stand the test of time as a durable provider of the kind of liberty and agency and free choice that wins out time and again throughout history.

That Facebook is attempting to open source its platform, to me, sounds like offering the world a different rail gauge specification for building train tracks. It may be better, it may be slicker, but the flip side is that the Russians used the same tactic to try to keep people from having any kind of competitive advantage over their people or influence over how they did business. You can do the math, but look where it got’em.

S’all I’m sayin’.