Standards Bodies and Free Software: We get by with a little help from our friends
Paw Prints: Writings of the maddog
I have a friend who needs a little help...he needs access to four of the twelve volumes of the ISO/IEC documents describing ISO SQL and SQL/PSM. These documents (ISO/IEC 9075:X:2011 where “X” equals 1-4) describe the implementation standards which he needs for the general compiler suite that he is writing. These documents cost about 500 US dollars each, and as a university student he does not have that type of money. He reached out to me in hopes I knew of someone who would have these documents. I tried one or two companies and came up with nothing, now I am reaching out to you.
Normally these documents would be used by large companies, for which the purchasing money would be considered the “cost of doing business”, and would be deducted from their taxes. Or they would be available in University libraries, perhaps at a reduced cost because of their university status, but for a volunteer to put out (in the case of my friend) 2000 US dollars so he can build code that supports an a real ISO/IEC standard as opposed to a “pseudo standard” such as Oracle's PL/SQL or Microsoft's Transact-SQL is hard to swallow.
Some people might point out that my friend could go to a university to read the standards, but finding these documents in universities outside of your own (and not every university holds these documents) is both time consuming (particularly when university staff is on strike), and can require travel to the university, which may be far away.
So if any of my readers know where these documents can be accessed by my friend (who lives in Brazil), please send me email at “firstname.lastname@example.org” with the Subject: line of “You can find the documents here”.
My friend wondered why, in this day and age of the Internet, these documents are not on line for everyone to read, and now we have “the rest of the story”.
It was in the early days of Linux that I became aware of a standards group called “I2O”, which stood for “Intelligent Input/Output”. Alan Cox was trying to get a copy of their standard, but found he could not unless he joined their special interest group, signed a non-disclosure, and paid a lot of money. This meant, of course that Linux would not support the I2O standard.
Alan complained about this to me, and I said I would look into it. Fortunately for me the I2O group had their offices in San Francisco, and one of the early LinuxWorlds was being held in the San Francisco area, so I made a point of visiting their office. I met with the chairman of the SIG, a Mr. LoBue, and explained to him what Linux was, how the community worked, and why we needed the specification.
Mr. LoBue was a good man, understood the issues, and explained to me that the SIG needed money to run, and therefore charged a membership fee for companies to join and have input into the specification and voting rights on the specification. They were keeping the specification “secret” both to hold down the volume of input to their standards committee, and to give the membership a feeling of “getting something for their money. In a couple of weeks from the time I met him, I was told that the specification would be finalized, made “open”, and the revenue stream to keep the SIG alive would come through certification fees rather than totally through membership fees. At that time all Alan would have to do is register at their site and he would be given free of charge a copy of the specification. The only reason that the SIG wanted Alan to register as a “Registered Developer” in order to make sure that when the specification was updated, Alan would get an updated copy.
After we talked I took Mr. LoBue to LinuxWorld and he was amazed at the size of the event and the number of companies (some of whom were already in his SIG), and he agreed to put top priority on making sure Alan got a copy of the standard when it was released.
I have heard these complaints about standards groups many times from the Free Software community. They point to the prices put on printed standards (or even electronic ones) and grouse about how much they cost. They point to the charges for attending conferences and wonder how a “volunteer” can attend such a conference.
This is one of the “benefits” of a Linux developer working for a company. These companies have the deep pockets (or at least some pockets) to be able to pay for these committee memberships, documents and even some travel money for trips to the committee meetings.
In the minds of a lot of committees, the large fees also show a level of commitment and support. Larger companies that can afford greater membership fees might feel more strongly about a standard because they stand to lose more money if the standard comes in late or is incorrect.
We of the Free Software space know how important standards are, and why it is necessary to see them succeed. Unfortunately a lot of us either work for companies that do not immediately see the value of a particular standard we are interested in, or we work as individual consultants and can not afford those type of costs, or literally are volunteering our time and can not afford to pay for expensive documents or trips.
Of course some of this is the fault of the standards groups themselves, for not recognizing the changing landscape of people who could and would contribute to standards if they had a chance, and then change the standard group's policies to reflect this changing landscape.
For example, making the evolving specification visible to the community in a read-only wiki and forum for non-members, but having one person on the standards committee who might represent “the community”, and whose responsibility would be to gather together the inputs of the community and bring them back to the rest of the standards committee. This would help to keep down the “signal to noise” ratio, but also give the “many eyes” to the specification as it evolves.
Electronic printing makes more sense today for formal standards. Paper copies should be by demand printing, allowing the people that want them to pay for them, and all copies should be under a Creative Commons license with “no derivations”.
Communications over the Internet reduces the amount of physical “face to face” that standards bodies used to rely on, but every once in a while some “face to face” is needed. Companies can fund their employees to go, assuming the standard is important to them, but for the contributing volunteers the Debian distribution of GNU/Linux has a reasonable approach. They ask their volunteers that have sponsoring companies or employers to try and pay their way to meetings, and they offer scholarships to people who do not. The scholarships can come from sponsors, donations or other means.
Standards groups can also be (and often are) sensitive to the ever decreasing age of people knowledgeable about computers. Long gone are the days where a someone interested in computers needed access to a two million dollar piece of hardware to be able to contribute to computer science. Often a thirty-five dollar Raspberry Pi is enough for someone to follow along and contribute to concepts being defined in the standard. Therefore student and educational discounts on memberships are key.
Of course there are few things in life that are truly gratis. Even the most frugal of organizations has overhead in the form of Internet hosting, servers, legal fees (even “pro bona” legal help still has fees for many clerical items), registration fees, etc. Therefore “Free Software” people can be a little sensitive to this, and understand that sometimes there are things in life that are not completely “free as in beer”.
For those of you who read this far, I ask you to remember my friend who needs access to the ISO standards. If your company or university has access to them, perhaps you can figure out a way to get him access for his needs. If you do, just send email to 'email@example.com” and I will put the two of you in touch.
Carpe Diem!comments powered by Disqus
HP's annual Cyber Risk report offers a bleak look at the state of IT.
But what do the big numbers really mean?
.NET Core execution engine is the basis for cross-platform .NET implementations.
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
Spammers go low-volume, and 90% of IE browsers are unpatched.
Adobe scrambles to release patches for vulnerable Flash Player.
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
New statute would require companies to report break-ins to consumers.
Weird data transfer technique avoids all standard security measures.
FIDO alliance declares the beginning of the end for old-style login authentication.