Re: bettering open source involvement

Dave Taht <> Tue, 02 August 2016 09:09 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id ECBD612D185 for <>; Tue, 2 Aug 2016 02:09:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id n3eUDUnfwlxz for <>; Tue, 2 Aug 2016 02:09:11 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D82A612D181 for <>; Tue, 2 Aug 2016 02:09:10 -0700 (PDT)
Received: by with SMTP id j124so197208385ith.1 for <>; Tue, 02 Aug 2016 02:09:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=2kmrhpD5JhE1+ANqyJV6ANKz3nPyJol2+C/buzjdDu0=; b=GAZbMpBROpLr0p9/y3SZytB/dPtdJ+k8LrNz6JTRNFXLl4QUQ9irqRn2c5V9yql+5F iYLvQ167h22ss3K67rzM2QkU90+22VIQhX/v4JywjCFoeDt4j+UMTvDDD1kKFUptBomt cLTtFNaeFq92+jt1S2TVVIeGHEM6gdutgt/J7FM4FIfctGS4AEjEF0AbxF9JYGGVOvBb mZjo7D/qur5JnnZuO5NNhO0yEaEdnODNUpAoGaIGs9bXAJLsp3Zg36SLbdBmhVMqxvtP s7GTrPQpgCkvksEhuerQ38mNQTjVM8Icb5cW9aQ0DZKgVdetzcwneTwvb2pl6N/ObaMX N5Pg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=2kmrhpD5JhE1+ANqyJV6ANKz3nPyJol2+C/buzjdDu0=; b=guSh5MGDm7z+h3yXupTtu+jQCUpCUk4uo/lR2Kyn1ioU8+UFbrkCUQSwV9t/OfBDFg uanGCHVkWnOtg61OwUgPHgGEWigbH2yUMFnHwXfAxdnZpiMzpZ7ExpmL3CcLMmagHf7e RHkDzP2WlUgaz12rKPdWUjFsPmPtY/qKKdh+m5CC9SOGPJmEn7HdRJlqVNJbuqH3a1mM p9n90btBsl/c2tShRf/pNlUCtb3pGrREcOhw2qedAvDXbMzkA7S/O683A5l42JrhmeM9 NeaAxrSP5MFD+Tg6uGI961smQeR/yGxWenVCVtxPyd2mqH1fXmVMFDkhnkW7rdgQgFnl MK5Q==
X-Gm-Message-State: AEkoouuXo0bDy7trTzrYqvrIaiDHJvWIMOuOUaHcNpuETuH3bcLlS4GCzpnRTRxrZhbTlRFVgjGOiyupiLzG/w==
X-Received: by with SMTP id p68mr47070284ite.50.1470128949478; Tue, 02 Aug 2016 02:09:09 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Tue, 2 Aug 2016 02:09:08 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <>
From: Dave Taht <>
Date: Tue, 2 Aug 2016 02:09:08 -0700
Message-ID: <>
Subject: Re: bettering open source involvement
To: "Eggert, Lars" <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Cc: IETF Discussion Mailing List <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Aug 2016 09:09:13 -0000

On Tue, Aug 2, 2016 at 1:12 AM, Eggert, Lars <> wrote:
> Hi,
> On 2016-08-02, at 9:10, Dave Taht <> wrote:
>> On Mon, Aug 1, 2016 at 4:36 PM, Eggert, Lars <> wrote:
>>> On 2016-08-01, at 15:44, Livingood, Jason <> wrote:
>>>> What if, in some future state, a given working group had a code repository and the working group was chartered not just with developing the standards but maintaining implementations of the code?
>>> as an addition to developing specs, that might be useful, if the spec remains the canonical standards output.
>>> "Go read the code" is not a useful answer if the code comes under a license (such as GPL) that taints the developer. (This is a major reason what we are doing IETF specs for DCTCP and CUBIC - so that they can be implemented without needing to read Linux kernel code.)
>> Only 10 (?) years after full support for cubic entered the linux
>> kernel, and 3 after dctcp.
> The Linux community had chosen to actively ignore the IETF for about ten years. This only changed relatively recently.

As one of the people that have "led" that invasion, I did it in part
because I felt that over the past 16 years many standards processes
had become equivalent to GIGO, and I still believed in running code
and rough consensus, and had nowhere else to go. Finding more ways for
all to work together to bring spaceship earth in for a safe landing
has always been a goal of mine.

> And, FWIW, Hagen & friends' DCTCP implementation for Linux is based on the initial versions of our DCTCP I-D, and arguably wouldn't have happened without it.
> CUBIC has of course existed in independent implementations before, but it is unclear if the BSD licensed ones were actually only done based on Injong's paper.

And cubic as it exists today in linux has continually evolved. I am
very grateful to google in particular for working within the ietf
standards process to make sure that many improvements to TCP in
general have been made public.

>> If you define the efforts of this standards body as one to produce BSD
>> licensed code (which is basically the case), it will continue to lag
>> behind the bleeding edge and continue to become more and more
>> irrelevant.
> I guess we're getting on our soap boxes at this point? :-)

Believe it or not I am deeply ambivalent about all the "open source"
license schemes. For code critical to public safety and privacy in
particular I have called for "public source", and standards for well
maintained code,  available for inspection by as many as need to look,
under any license, including "kill yourself after reading".

We'd discussed this point in a public videoconference (against the
backdrop of the vw emissions scandal and the fight with the fcc over
the wifi router lockdown) at length, here:

We can always keep doing stuff like that, engaging more sides in the
debates, in the hope that more light than heat emerges. Increasingly
governments and regulators want a say.

> But I don't define "the efforts of this standard body" in this way. I remain convinced that textual specs are required.

Given the complexity collapse and explosion in text size in
translating code to spec, and the slow progress by which an rfc can be
evolved, updated, or discarded, I am less and less convinced.

>Code is a nice addition, but really  only useful if it can be rather freely used - which GPL code can't.

The LGPL is also out? (I am not being sarcastic, I would merely like
the ietf to list their approved licensing schemes)

The effort to develop code that fits certain vendors' IP regime is
significant. I would support changes to the wg formation process that
were less vague than polling the room for "is there enough interest in
the room to do this". I would also like that all experiments' code at
least, that lead up to a standard's acceptance, be published. I have
lost endless months to dissecting papers and bad experiments - or
experiments where I merely wanted to change a few control variables
and re-run with my own data and tools.

For the record, flent is a GPLv3 *wrapper* around a multiple other
tools. It's GPLv3'd, in part, because we'd hoped to make sure that
experiments published with it, did not game the results in any way.
Using it does not "taint" anyone. Modifying the tests, does.

>> It's not just the deployed code in kernels that is a problem, it is
>> also that the best of the tools available to prototype new network
>> code are GPL'd. NS3, for example, is gpl.  The routing protocols
>> incorporated in bird and quagga are GPL. Bind is BSD, but nominum is
>> proprietary and dnsmasq, GPLd.
>> There is increasingly no place to design, develop, and test new stuff
>> without starting from a gpl base.
> I agree that this is a problem. But we can't all start to use GPL for everything.

Just as Apple found it necessary to invest in a BSD licensed compiler,
orgs that wish to have BSD licensed "open source" code that can
compete with GPL'd versions, need to invest in tools, tests, and

>> Worse, what happens here at ietf without use of these tools, is that
>> we end up with non-open-source code's experiments and results being
>> presented, without any means for an independent experimenter to
>> verify, reproduce, or extend.
> That's a stretch. The alternative to GPL is not closed source. There are other, friendlier OSS licenses around.

And insufficient developers.

>> I think it would do a lot of semantic good if the ietf would stop
>> referring to "open source"[1] and always refer directly to the
>> licenses under which the code it works on that are allowed. There are
>> certainly new areas of interest like npv, etc, that are proceeding
>> with more vendor-friendly code licensing schemes, although I am
>> dubious about the performance benefits of moving all this stuff into
>> userspace, particularly when a seeming, primary, goal is to avoid
>> making free software, rather than engineering a good, clean, correct
>> engineering solution.
>> It has been my hope that since the alice decision re patents (80% of
>> disputed software patents being invalidated), the rise of
>> organizations offering patent pool protections like the open
>> inventions network, and I think (IANAL), that apis cannot be
>> copyrighted in google vs oracle - ends up meaning that a developer can
>> not longer be polluted merely by looking at GPL'd code once in a
>> while. Because we do.
> As much as I want to agree, if you work for a commercial entity, the risk is just too great (cf. the GPL clause regarding implicit licenses to patents).

What can be done to reduce that risk? I already pointed to oin (both
google and cisco are part of it - there is now quite a large number of
members, actually:

>> The actual implementations of anything for anything else will tend to
>> vary so much due to API differences, and the expressible logic in the
>> algorithms themselves generally simple, that, particularly when the
>> authors of the code have presented it for standardization, under any
>> license, that the exposure to further risk is minimized.
> Sure. But the risk is incorporating code that may be GPL-tainted into non GPL'ed code bases. In other words, it's not the code itself that is a risk, it is a risk for the codebase it is used from.

You gotta rewrite it, so what? Copy/paste is a problem for all licenses.

>> There are powerful advantages to the GPL (and LGPL[2]) over
>> "standardization". Notably there is an implicit patent grant, and
>> ongoing maintenance is enforced by an equal spirit of co-operation.
>> It's a better starting point than to hang with a sword of Damocles
>> over your head wondering if someone will patent something out from
>> under you.
> That's certainly one viewpoint.


> Lars
>> I wish we could just get on with making the internet a better place.
> Sorry, but I really don't understand how this discussion is not trying to help with just that?
> Lars

Dave Täht
Let's go make home routers and wifi faster! With better software!