Thoughts on the Symbian Foundation

June 27, 2008

You may have seen the news that Nokia is buying the parts of Symbian that it did not own, to create a non-for-profit foundation that will offer the OS royalty-free and will open-source it later, unifying the multiple UIs that exist today. I read the announcement and some of the analysis online, which led me to a few observations:

          I find it very respectable that Nokia recognized the fragmentation in the Symbian ecosystem and took bold steps to unify the platform. Obviously, the fragmentation across UIQ, Series 60, Series 80 and MOAP(S). Still, I am not sure there is a smooth transition plan, especially for the Japanese market, to go to S60.


          It is very interesting that all current shareholders are committed to making the sale except for Samsung. According to the press release “Nokia also expects Samsung Electronics Co. Ltd. to accept the offer “.  Did they not have time to talk to Samsung about this, or was Samsung not very happy about it and they are being forced to sell?


          UIQ will disappear: the foundation promises backward compatibility to Series 60 only, which means developers should stop any UIQ development and start porting their stuff to S60. UIQ just announced they are laying-off half of the staff. This is sad because UIQ was probably the best UI for Symbian.  I am sure Sony Ericsson and Motorola are not very happy to see the multi-million dollar investment they have made over the years in UIQ technology evaporating into thin air. People who invested in UIQ 3 must be frustrated it may never see the light of day.


          As a consequence, Nokia is forcing Nokia and Sony Ericsson to make a decision about their 24-month Symbian roadmap. Their options are:

a)      Launch phones with end-of-life technology (UIQ), or

b)      Wait until the foundation produces the first release, which could be 2-3 years or more (until a phone is in market), or

c)       Switch to another mobile platform. Not really a switch because both already have Windows Mobile and Motorola has significant experience with Linux


          I understand the move to consolidate. But why make Symbian royalty free and why make it open source?  I believe many software companies donate their technologies to Open Source as an exit strategy whey they don’t see a profitable business opportunity in them. I made a controversial post on my old blog about this not too long ago.Nokia may be doing it to demonstrate openness for a technology they own but which they want partners and competitors to adopt.


          The new foundation will have a board of directors and a number of councils to drive architectural, UI and platform decisions. How this works in practice will be critical for the success of the platform. Nokia could (or could be perceived to) have too much control over the platform which will obviously not be taken well by competing device manufacturers. The alternative could be worse: technologies driven by a committee usually go nowhere. The best example is J2ME. The Java Community process has been incredibly ineffective. To illustrate: back in 2001 I was very close to the launch of MIDP 2.0. Fast forward to 2008, the latest version of the MIDP specification is still 2.0.  I was very close to the Java Community Process and I saw major vendors trying to push their agendas in most JSRs. As a consequence, the committee had to compromise, approving specs based on lowest-common denominators. Getting any JSR approved took years in some cases, even for simple things like the vibration API for games.


          Another key question will be the business model behind Symbian. On one side, the business model behind Linux is clear: there is none, most contributions are voluntary, companies usually make money on services (i.e. support). On the other side, commercial operating systems like Windows Mobile have a clear business model as well: there is a license per phone sold. The Symbian Foundation will have a hybrid model where there is no license revenue but Symbian will be the sole provider of funding for engineering, support, marketing, etc.  How much will Nokia continue investing over time?


          Royalty Free does not equal cost-free. I expect some pressure for Windows Mobile, but the cost of the OS license is not as significant as people believe. The engineering cost to create a device is in the millions and millions of dollars. Android device manufacturers are experiencing this first-hand.  In this hyper-competitive market OEMs will question why they would continue investing in a technology owned by their biggest competitor.


          While the move by Nokia consolidates the Symbian operating system, it further fragments the royalty-free and open-source mobile OS industry. Now you will have Symbian, LiMo, Open Moko, Android,and other more obscure Linux-based Operating Systems. I don’t think there is room for so many. Is this UNIX all over again?


          For developers, open-sourcing will be attractive, mostly from a perception perspective as most won’t have the skills or the time to analyze and understand a subset of the 7 million lines of code that Nokia will open-source. While SDK will be free, the tools might not: the Carbide C++ Professional Edition development tools are being sold for 1299 Euros.


          One possibility could be the move represents Nokia bailing out the other major Symbian partners that jumped into the business with them through this $400 million buyout.  Iam sure there were interesting executive conversations in Espoo about spending $400 million to buy a technology that will be free and which will require continued investment. The $400 million investment should be roughly the equivalent of two years of license payments at the current rate Nokia was paying Symbian. Still, Nokia still must invest significant resources to the foundation ad-infinitum. Foundation membership is only $1,500.

A couple lst thoughts notes:

Symbian is a very mature and powerful operating system. I remember when we launched CodeWarrior for Symbian (before it was sold to Nokia and renamed carbide) in early 2002 and later helped Sony Ericsson build a developer community around the P800. It is a good OS. Architecturally, it is very solid – years ahead of the Blackberry OS 4.5 and other new operating systems. From a technology perspective, it is a very viable OS today.

Don’t be misled by the numbers touted by Nokia: surely millions and millions of phones ship with Symbian. But are these really smart phones? They are from a capabilities perspective. In my experience, a very large percentage of Symbian-based phone owners are not aware that their phone is “smart”, do not know it runs Symbian and/or do not use it as a smart phone. It’s like Sun claiming victory with over a billion J2ME phones: most of the users will never be aware and will never use a J2ME app. In other words, the fact these phones have J2ME is irrelevant. The same can be said for most Linux phones, which are not smart phones – Linux is merely replacing an RTOS.

Conclusion: This is a very interesting move from Nokia that will have significant implications in the market overall. The key questions are Nokia’s ongoing investment in the foundation without a solid business model behind Symbian and the balance Nokia will have to find between having too much control over Symbian versus a committee-driven process that inhibits innovation.

Fun times. I love this industry.


the iPhone and IT policies

June 22, 2008

The announcement of the 3G iPhone has re-surfaced the tension between users and IT organizations because the iPhone is a cool phone that can connect to Exchange email. For IT, cool does not have a lot of value. Yes, it works with Exchange, but it also has a number of drawbacks: unproven security model, almost no business applications, limited implementation of ActiveSync mobile applications, locked to one carrier and two year contracts. All this with no upside for IT of from a business perspective: there is nothing you can do on an iPhone that you cannot do with a Windows Mobile device. But this is getting into my next post, where I will compare iPhone and Windows Mobile for enterprise mobility.

In many organizations there will be a very volcal group of users that want iPhones (sometimes executives) and an IT organization that does not trust the iPhone as an enterprise device and does not (for the most part) trust Apple as a credible provider of enterprise technology.

The success rate will depend on two main factors: how bad do top executives want to use iPhones and most importantly, how strict or controlling is your IT department.

In my experience, there are a few IT departments that have very loose policies, a practice of trusting users and reactive incident control. On the other side of the spectrum there are organizations that will only allow employees to use company-issued laptops, will not allow any non-approved third-party applications to run on it, will probably require two factor authentication (Secure ID or smart card usually) when accessing any resources remotely and will require encryption of all confidential information at rest. I used to work at Motorola who was like this (for example, all files ont he intranet must be categorized based on their level of confidentiality). Microsoft, on the other hand, was leaning towards the trusting/freedom end of the spectrum.

It organizations will lean towards being protective/controlling either because of parania or because of one of many good reasons: the need to handle highly-sensitive confidential information (i.e. military, law firms, or banks), need to comply with government regulations (like HIPAA or SOX), or because they have had bad incidents in the past.

What is important is that IT organizations:

  1. Define what are the security and information protection policies,
  2. Explain the business reasons behind them,
  3. Get executive-level buy-in for the policies and the authority for enforcing them
  4. Communicates to all employees and enforces the policies regardless of type of device being used

The last point is really important. Not too long ago I was sitting with a group of people from the IT department of a Fortune 500 company who were asking if a mobile platform provided for encryption of data at rest. Before answering the question directly, I asked what was the company policy for enforcing encryption on laptops and other devices. The answer: there was none.

I contiued to explain that it made no sense to have a different policy based ont he type of device. First, the line between mobile devices and laptops is blurring: compare the Macbook Air and other mini PCs with an HTC Advantage or a Windows Mobile device with a Celio Redfly.

Second, at any given point in time there were probably dozens if not hundreds of company laptops in rental cars, hotels and other public places where they could be stolen. Most people with medium-level technical skills know how to take a hard drive from a laptop and connect it to a desktop computer where they would get access to gigabytes of information.  My phone is protected with a pin password, which combined with the wipe policies (local, self or remote) make it very hard for a would-be information thief: they would have to immediatelly turn the unit off to avoid a wipe, disassemble the phone, separate the memory fromt he surface-mount board (which is almost impossible), download the content to a PC using EPROM reader or electronic oscilator, figure out the file system and access the information. McGyver maybe could have done it in his good days.

For most spies or information thieves, it would be so much easier to go to the garbage dump in the back of the building to get access to the information they want. Which brings me to my last point: Users are the weakest link. Two stories to illustrate:

A government official in Europe was sitting next to a colleague. He was reading a lot of emails – in hard-copy, paper. The government person explained his organization had very strict IT rules which prevented them from using any mobile device, so he printed his emails to read them on planes. Imagine if he lost a page or two, or if  any of these government employees were to forget his emails on a place (people forget books, glasses, laptops and may items tht could be considered more important). There is no security to protect paper. At least not yet. Well, at Microsoft they use so many acronyms that people would have a hard–time understanding any MS-speak.

The second story iread in eWeek I believe. A security consulting firm was challenged by an IT director who believed his systems were absolutely secure. Using social engineering, the very next day they appeared at the fron desk claiming to be on a very important project and requesting temporary badges. They were supposed to work for someone the agency had learned was on vacation, so the front-desk could not confirm their claims. After a few minutes, they proceeded to provide them a badge. During the process, the security offer asked casually if they would be needing access to the company data center. Once they were in the server room, they had full access to all the information in the company. A visit to the CEO’s administrative office during the weekend provided the CEO’s password – on a post-it note under the keyboard, and the key to the CEO’s office in the main drawer. Unfortunately, this scenario could happen in most companies today.

The bottom line: if there is a good reason to enforce security policies in the company and the organization values the confidentiality of their information as well as customer data, a cool gadget is not a good reason to bend or ignore those rules. In fact, it may be against the law.