One of the curses, I suppose, of knowing one’s high-tech history is that way too many news items cause me to go: "Here we go again!" The proximate tidbit this time is, of course, the news that HP has acquired services giant EDS for $13.9 billion. Various news organizations had previously pegged the deal value between $12 and $13 billion. The New York Times described it at a $12.6 billion cash transaction.

When last we saw this play, it was with Carly Fiorina in the role of HP CEO looking to spend a reported $17 to $18 billion on Pricewaterhouse Coopers Consulting (PwCC) in 2000. A lousy set of quarterly results turned in by HP helped to scotch that deal. Nor did it help that a lot of observers thought that HP was offering way too much for an organization with $6.7 billion in annual revenues (2001) and about 33,000 employees. IBM seemingly provided evidence of this view when it bough PwCC in 2002 for only about $3.5 billion. (A bit of an unfair comparison given the economic and other events of 2001, but still…) Carly went on to get her acquisition kicks by gobbling up Compaq instead.

So what, if anything, is different this time around?

The money. I’ll leave the detailed financial modeling to the appropriate specialists, but here are some back of the envelope numbers. In 2000, HP was looking to pay something over 2x annual revenues for PwCC, which IBM ended up getting for about 0.6x instead. In this case, HP spent less money ($13.9 billion) for a larger ($22.1 billion annual revenues) organization. At least by this measure, HP’s expenditure is therefore much more in line with what IBM eventually spent for PwCC that it is what HP had initially proposed.

HP management capabilities. Especially after this acquisition, something that’s really striking is just how closely HP has maintained the course that Carly laid out. There’s a slight difference of course. If one does back a few years, the boat may have been on a sensible bearing but it was springing leaks in just about every compartment. Carly has argued that post-Compaq financial problems just needed more time to work themselves out. Perhaps—but I’m skeptical. In any case, Mark Hurd has made remarkably few changes to HP’s strategic direction since he took over. The benefits of scale promised from the Compaq buy have indeed proven out. EDS represents growth of scale along another axis—services—that puts HP that much more in the mold of IBM. The difference from times past is that Mark has a track record for keeping things ship-shape.

HP has made services acquisitions before but they’ve been targeted and specialized. The most recent was EYP Mission Critical Facilities, datacenter design experts that give HP some legitimate differentiation in the power and cooling game. EDS is broader and bigger than even PwCC would have been. On the one hand, this means a lot of headcount and fixed costs of the sort that have been no small issue for IBM—the company that HP is attempting to mirror in important ways. On the other hand, if you believe—as I do—that companies (especially in SMB) are increasingly going to move their computing off their premises and into datacenters run by specialists, then acquiring the sort of large-scale hosted services business that EDS includes among its many operations isn’t a bad direction for a system supplier at all.

Six months back, I criticized OpenOffice.org as having execrable release notes and project description pages (”possibly the worst you will see, on any development project, anywhere”). This is fairly important, because one of the issues of creating and nurturing a community is communicating with, and motivating, that community. That’s hard to do when your missives read like a Bugzilla dump.

Well, credit where it’s due. It seems to be a problem no longer. I noticed the OpenOffice.org pages started getting better earlier this year, with the advent of the current (2.4) release. And now, as the discussion of the forthcoming version 3.0 ramps up and early releases become available, the “we do mean to communicate, after all” aspect continues to shine through. So, good job folks!

(The 3.0 early release also looks like a pretty nice update, FWIW.)

I’m out at JavaOne in San Francisco this week and one discussion that I’ve heard popping up with some regularity is "Do we need to do something to protect Open Source in a Cloud Computing world?" I’ve written about aspects of this topic at length previously. However, given that this is an area that is buzzing up a bit, I thought it would be useful to boil down the key issues and give my personal take.

The Nub. Copyleft licenses, such as the GPL used for the Linux kernel and the majority of other Open Source projects, require that the source code for enhancements and other modifications to GPL’d code be made available to the commons if the modified software is distributed. Distribution is the key here. If the modified code is only used within a company, that’s not distribution. Especially germane here, neither is access to services provided by that code over a network. In other words, offer access to a CRM or content management system built from a GPL foundation solely in the form of a hosted service and you can make any proprietary changes or extensions you like, and there’s no requirement that you make the source code for those available.

A Loophole? Some view this as a simple loophole to be plugged. The GPL was originally written very much within the context of Unix programmatic and operating system interfaces. Therefore, the reasoning goes, the only reason the GPL didn’t encompass access via Web services is that there were no Web services—at least there weren’t any in anything like their current form—when the GPL was created. That the new GPLv3 specifically doesn’t address this "loophole" either was more a matter of practicality than principle by this view.

And, in fact, one approach to eliminating this loophole is a straightforward enough approach. The Affero GPL is a straightforward extension to the GPLv3 license that essentially expands the definition of distribution to encompass the delivery of services over the network.

Questionable Assumptions. My take is that the "Cloud Computing as loophole" school of thought rests on some questionable assumptions.

The big implicit assumption is that, without adequate license protections, corporations will strip-mine Open Source, and the entire communal development process will just wither away over time. A favorite proof point in favor of this argument is how Linux (which uses the copyleft GPL license) largely triumphed over BSD Unix (which predates Linux and was more capable early on, but which uses a far more permissive license that doesn’t place any restrictions on proprietary extensions or use).

However, BSD has a lot of problems as an exemplar. Early BSD development was mired in all manner of fractious arguments between distributions (before they were called that) and, certainly not least, a prolonged legal battle with AT&T, who owned the Unix copyrights at the time. It is, therefore, an open historical question whether the GPL was the magic ingredient that led Linux to success or whether all manner of legal, community, and timing matters weren’t ultimately much more important. In support of the contrary view, I’d note that, Linux aside, some of the most important Open Source projects—such as Apache—do use BSD-like licenses.

Even more fundamentally, I see more than a little contradiction when some of the strongest Open Source advocates argue that Open Source needs licenses that protect it thoroughly. After all, if Open Source truly is a superior model for development and adoption, aren’t companies who go down the proprietary path only hurting themselves?

Practical Problems. Finally, I see extending the concept of distribution to cover Web services as problematic from a practical perspective. Distribution in the GPLv2 and GPLv3 licenses draws (mostly) a hard-edged line. If you’re an enterprise using software internally, anything goes. If you’re using GPL code in software you’re selling to the public—whether downloaded, on a CD, or in embedded firmware—you must make the relevant sources available. However, as more and more companies of every stripe make parts of their computing infrastructure available to their customers—think online banking, for example—where does it end? The boundaries become very fuzzy—which would inject lots of uncertainty into just about any use of Open Source in an enterprise environment.

Ultimately, as folks such as Tim O’Reilly and Simon Phipps have discussed, there are many other issues of "freedom" in a Cloud Computing world. Matters of data portability and privacy for example. For my part, I’d argue that Open Source has demonstrated that it can stand on its own without heroic measures to prop it up. Sure, continue to evangelize the benefits of Open Source and maybe even take a stick to any gross violators. But the more interesting, and important, questions lie elsewhere.

On April 29, I gave a Webinar for Jupitermedia entitled “Five Virtualization Trends to Watch.” The topics I highlighted were those that represent “the next phase” of server virtualization. That is, they go beyond basic server consolidation and local, limited uses of migration technologies like VMotion.

Virtualization is shifting from point products to solution portfolios, delivering applications to the desktop, moving beyond server consolidation to enable more dynamic datacenters, and serving as the foundation for some forms of “Cloud Computing.” And it’s increasingly just built-in. These trends may not be immediately relevant to every IT shop—but they represent where virtualization is going.

I’ve been characterizing Sun Microsystems as “finding a floor, then building on-ramps.” The “on ramps” here are the means to bring new users, developers, and customers into the fold. The MySQL acquisition is the most potent recent example, but moving Solaris, Java, OpenOffice.org, and other software assets to Open Source isn’t far behind. But before you invite a lot of new folks to your party, you need to offer them someplace at least relatively safe and stable to stand when they get there. Thus the “floor” is a co-requisite, and often a pre-requisite.

By “finding a floor” I mean getting Sun’s business house in order, especially in the basic sense that revenues consistently exceed expenses, so that discussions of the company are always about “is it doing well enough?” or “what should it do next?” rather than “is it failing?” or “will it make a profit or a loss this time ’round?” If a company makes at least small profits, even if they’re nominal, both the tone and the topics of the discussion are so, so different than when “will they lose again this quarter?” or “how many will they fire this time?” are on the menu. Ideally, not only are the numbers at least break-even, they’re rational and predictable. The numbers are being hit in some planful, measured way, not just because the company happened to get lucky in this quarter or that geo.

Sun’s executives have appeared to get these things, and to be executing on them the past several years. At the most recent Sun Analyst Summit in February, I sensed much greater comfort and confidence among Sun execs, especially operational folks like CFO Michael Lehman and Executive VP of Sales Don Grantham. In 2007, Lehman answered financial analysts’ obvious skepticism with a reassurance that, if the current strategy didn’t produce results, a “Plan B” would be rolled out; this year, no such disaster scenario in evidence, and much greater comfort with the current plan. Grantham, the nuts-and-bolts coordinator of sales, described a disciplined weekly review process, and boasted how accurately the sales-planning system had performed in recent quarters.

So, what happened?! What are we to make of the 3FQ08 fiasco, in which Sun loses $34M, admits a few thousand more layoffs are coming, and says the rest of the year will kind of suck too? Two thoughts:

Brutal’s the word. There’s no question, a loss is a disaster, especially when coupled with a retreat from optimism about near-term prospects. It’s Bad with a capital “B” if only for the change in tone, topic, and attitudes of everyone involved. Employees go back to spending time wondering if they are the ones to be axed, rather than looking ahead and working to get there. Investors go back to wondering if these bozos know what they’re doing. While customers and partners don’t usually take just one small quarterly loss that hard, they have to wonder a bit too if this will become a pattern. Prospects spend time worrying about the vendor, rather than the goods or services on offer. Competitors make hay of Sun’s misfortune, for however long it lasts. Et cetera. You’ve seen this movie before, and it’s violent. And if we’re teetering on or just over the brink of economic recession, times are going to get harder for everyone.

Keep a little perspective. Yes, it’s bad for Sun and its loved ones. Yet another setback on an already-troubled project puts the wisdom of the project—and its managers, natch—back into question and debate. On the other hand, the rhetoric and the tone will make this setback seem a lot worse and a lot more systemic than it is. In fact, the overall project has steadily improved. Competitors may enjoy their gloats, but they’d better not forget that Sun has rushed up the x86 server sales charts in a few short years, from a very disadvantaged start. With the Chip Multi-Threading (CMT) line, SPARC is back. Sun’s relevant again in high performance computing (HPC), in the Web, in the OS/platform wars, in development, and in other areas where a few years ago it was slip, slip, sliding down the slope. So while Sun remains a rebuilding work in progress, especially in areas like storage and large systems—not coincidentally, areas where key competitors are surging—the work is moving steadily along. And Sun’s returns to relevance, on multiple fronts, have come from a much darker, much more dismal place, today’s quasi-recession notwithstanding.

So yes, CEO Jonathan Schwartz may have some ’splaining to do. Lehman may be more nervously fielding the hostile questions again. And, unless executives have been silently chewing antacids for weeks on end, Grantham may have to eat a bit of crow about his planning accuracy before he gets back to his next weekly review session. They all have to show that they can put together consistent, predictable profits and growth based on their reworking of Sun. The 3FQ08 “downside surprise” is ugly, no doubt. But the overall project still seems, from this vantage, to be on an upward track.

Soon it will seem like every storage vendor with a name will have a clustered storage box. Why? In a word: Web 2.0. It would appear that your father’s RAID array just doesn’t cut it anymore with the purveyors of Facebooks, YouTubes, and SmugMugs. Your father’s RAID can’t scale, it’s too slow, and it’s decidedly not sexy anymore, even after a vial of Viagra and a trip to The Hair Club for Men.

Personally, I’ve encountered some who can look at a storage grid straight in the eye and pronounce it “clustered.” Ditto with some new arrays that blend-in a heavy dose of parallel processing.

Clustered storage is decidedly in vogue. Even storage that isn’t clustered wants to be. And that’s the issue. You may think you know what it is, and then you’ll see another “clustered storage” product that is decidedly different from what you thought it would be.

Before you look at another “clustered” storage box, I suggest taking a big time out. First, fix in your own mind what you think it is. I began to see the word “clustered” used in the context of NAS a few years ago when the industry was looking for ways to address the “you’ll love your first one but you’ll hate your tenth one” problem. Back then, clustered storage was contiguous to the global namespace. Now it’s invaded every major storage category–file-based, block-based, object-based–you name it. The SNIA’s online dictionary is of no help here.

Next, once you think you know what it is, decide whether or not it is in fact what you really want. If for example you primarily want raw performance for your Web 2.0 or video surveillance application, clustered storage may or may not fit the bill. A heavy dose of parallelism might be more like what you’re after.

I enjoy historical inflection points like the one we’re living in right now. For me, the truth is that my father’s RAID array needs to accept its rightful place in the history of computing. What follows will be a parade of new storage approaches and architectures, and that’s exciting. But please, don’t try to hail them all as clustered.

Howard Wen of LinuxWorld.com interviews Linden Labs about Second Life’s transition toward Open Source (in particular, he talks with Joe Miller, Vice President of Platform Technology and Development). My key takeaways:

1. Linden Labs is "all-in" for Open Source, but the job is at best a work in progress.
2. Some of the “we’re fully for Open Source, but we need to do it the Right Way” attitude and approach mirrors the evolution Sun Microsystems has gone through regarding Solaris, Java, and OpenOffice.
3. The core value (for Linden Labs, and by extension other companies) isn’t in their proprietary code, but in the service they provide.
4. "the biggest challenge for the Open Source community was the time required to get into the code—really understand how it functions."

Back in "the day"—in this case, the second half of the 1990s—enterprise management was king. Companies like BMC Software, CA, Compuware, HP, and Tivoli were the royals. Issues like monitoring, asset discovery, software delivery, anti-virus, backup-and-restore, and frameworks drove the day.

These days, it’s all about systems oriented architecture (SOA), Web Services, IT governance, ITIL and best practices, virtualization, datacenter automation, open source, eco-friendliness, and brutal efficiency.

So I’m here on Long Island trying to figure out how CA can be relevant in this very different world. I’ll be micro-blogging the event. See it here:

http://twitter.com/jonathaneunice

—

[Update 11:32am] Well, so much for that! CA wants to pre-vet each entry…so that’s not going to work very well. Better to end it now.

[Update 1:55pm] Strong discussions continued through lunch. Clients of our Infrastructure Management practice, feel free to open an inquiry or request a 1:1 post-event. (As the event continues, I’ll get clarificaitons on what’s really NDA, and what’s not.)

Microsoft has taken credit for crushing the Storm botnet with its Malicious Software Removal Tool (MSRT). Storm may not be the biggest threat any more, but 85K systems capable of spitting out 3 billion spam messages a day—yes, I’m very glad to see it taken down and out. And it was a much bigger, more insidious threat—an estimated 275K infected systems in late September 2007—right before MSRT began to target it. That would make it the #2 botnet and botthreat today, had Microsoft not so aggressively gone after it. Other estimates peg it as much, much bigger still—upwards of 1M systems.

We have often chided Microsoft’s security efforts. It’s not that the company is willfully anti-security. These days, it’s actually very security-forward. But there’s no getting around the fact that it designed many of its high-volume, in-the-field products in ways that didn’t take security nearly seriously enough to be ubiquitously operated a dangerous, everything-connected world.

But credit where it’s due: Here they did take on a broad, pernicious threat, and took it on consistently enough that it made it uneconomic for the Bad Guys(tm) to continue their Evil Ways(sm). Good one, guys!

Now, on to Bobax, NuCrypt, Srizbi, and all the other malbots.

With its scheduled April 24 release of Ubuntu 8.04, which also goes by the alliterative moniker "Hardy Heron," Canonical will ship its second "long term support" (LTS) version. But the first, really, since the company and distribution became widely popular.

There’s always been a bit of a flavor-of-the-month aspect to Linux distributions other than the big two: Red Hat (along with its Fedora community version) and Novell’s SUSE. Gentoo grabbed headlines one year; Mandrake was supposed to make the Linux desktop a widespread reality another year. It might be tempting to paint Ubuntu’s current popularity in a similarly transient light, but I think that would be unfair. Ubuntu is really a more consumable flavor of Debian—which has long been a popular non-commercial alternative to Red Hat and Novell, but has equally long held a reputation for being geeky (as in “hard to install and configure”) and for having a often-prickly community.

The relationship between Ubuntu and Debian is more fully described here, but in a nutshell, Ubuntu is built on top of a Debian foundation, but has its own community and release process. Ubuntu is also supported by a company, Canonical, whereas Debian is an (aggressively) volunteer effort.

Hardy Heron comes in two builds, one with packages oriented around server use (Ubuntu 8.04 LTS Server Edition) and another around desktop applications (Ubuntu 8.04 LTS Desktop Edition). The two different builds also have different support windows during which Canonical commits to release security fixes and other updates. For the server it’s five years; it’s three for the desktop. Gerry Carr, Canonical’s marketing manager, told me that’s it’s also possible that the server edition could also end up shifting to a longer cycle between releases than the desktop version—although no decision on this has yet been made. The idea is that the balance between stability and having the latest and greatest tends to tilt harder towards stability in the server world than on the desktop.

Gerry also said that Canonical has started putting more focus on the server edition and its associated community than it has over the past couple of years. Today, Ubuntu is generally perceived as an easy-to-install desktop Linux distribution. Outside of some specific areas, such as its (unsupported) port for Sun UltraSPARC hardware, Ubuntu isn’t viewed so much as a server distro. Canonical wants to change that.

Ubuntu’s release schedule is currently configured to have an LTS release about every two years, with non-LTS releases (which have 3 year and 18 month support windows for server and desktop respectively) filling in the gap about every six months. Thus, in 2006, we saw the release of Ubuntu 6.06 LTS followed by Ubuntu 6.10, Ubuntu 7.04, and Ubuntu 7.10. The interval between LTS releases is similar to that for Red Hat’s and Novell’s Enterprise releases. The difference with Canonical’s scheme is that there is no separate stream of community releases. Rather, certain releases are designated LTS to give hardware and software manufacturers longer cycles for their certification process. Both LTS and non-LTS releases can be downloaded and distributed at no charge, with the option for a support subscription also available in both cases.

Canonical says that they have relationships with more than 30 PC manufacturers (many of them regional) as well as dozens of commercial ISVs, Open Source and otherwise (IBM Lotus Notes, Parallels, VMware, Alfresco, Zimbra, etc.). The nature of the relationships vary. Essentially, support in this context means that Canonical guarantees that the package will install smoothly on its distribution. However, whether a given application is supported, by Ubuntu or the ISV, in the sense of "I want someone to fix my application because it’s crashing" will depend on the specific commercial relationship. Thus, not all supported applications are necessarily "certified" in the sense that term is typically used in support contracts for commercial operating systems and applications.

However, at this point in time, I don’t see a lot of call for another Linux distribution in the Red Hat Enterprise Linux or Novell SUSE Linux Enterprise vein anyway. These companies put a lot of effort and resources into getting lots of applications fully-certified for their platforms. At Brainshare last March, Novell’s Linux marketing director Justin Steinman told me that getting even more apps certified, and thereby close the gap with Red Hat, was one of his highest priorities. And you pay for that effort and the peace-of-mind it brings when you purchase a support contract. Canonical’s offer is softer and cheaper—more pitched to those who have been running Debian either unsupported or through a third-party support contract with the likes of HP.

You can read an interview of Canonical CEO Mark Shuttleworth by CNET News.com’s Stephen Shankland here.