Originally Published: Monday, 28 February 2000 Author: Chuck Mead
Published to: featured_articles/Featured Articles Page: 1/1 - [Printable]

Why Use Open Source?

Open Source Software (OSS) should be the solution of choice for business today but it isn't. Why? We think the reason is FUD (Fear, Uncertainty and Doubt). Though many would say that FUD concerning OSS is being spread by traditional software development firms we're not entirely sure that that's the case. We believe that many companies requiring IT solutions today don't understand how OSS can benefit their technology programs and this needs to change.

   Page 1 of 1  

This article was provided to Linux.com by Chuck Mead, CTO of MoonGroup Consulting, Inc.

Introduction

Open Source Software (OSS) should be the solution of choice for business today but it isn't. Why? We think the reason is FUD (Fear, Uncertainty and Doubt). Though many would say that FUD concerning OSS is being spread by traditional software development firms we're not entirely sure that that's the case. We believe that many companies requiring IT solutions today don't understand how OSS can benefit their technology programs and this needs to change. Let's take a simplistic look at how software acquisition decisions are made.

When an enterprise has a problem requiring software the next step usually involves an investigation of potential solutions. These investigations usually examine a wide variety of offerings, all of which could solve the problem and may include some testing. A final decision will be made based upon a combination of considerations: will it do what's needed, how much does it cost, and is it supported? If an OSS product is considered, this, invariably, is where the FUD factor begins to arise.

For the corporate IT executive, selection and implementation of an OSS product can seem like a huge risk, particularly since OSS documentation can be hard to find and the developer pool for the product may well span the globe. This makes OSS "seem" like a poor selection in spite of the fact that it may provide a better solution, is invariably less expensive, and is also infinitely more customizable to enterprise needs than commercial software. Simply put, OSS often loses out due to two "FUD" issues: lack of information about the product, and a perceived lack of support. This is the fertile ground on which the OSS Business Case is built.

The Business Case for Open Source

What is Open Source?

Perhaps, initially, it might be useful to understand what Open Source Software really is. The link we've provided leads to the Open Source Definition. As it says, "Open source doesn't just mean access to the source code. The distribution terms of an open-source program must comply with the following criteria" and it goes on to list the criteria which define the open source model of distribution. One of the keys to really understanding open source is that there is a broad distinction between software which is open source and software which is free.

The fact is that just because a software package is open source, doesn't mean it has to be free. One of the most well known cases in point is Red Hat Software's Red Hat Package Manager (RPM) which can be used to build, install, query, verify, update, and uninstall individual software packages. A package consists of an archive of files, and package information, including name, version, and description. RPM is Open Source but it's sold daily as a part of the Red Hat Linux distribution. Paradoxically it can also be downloaded on the Internet for free. The RPM product so simplifies administration of a Linux server or workstation that it's been a huge contributor to the popularity that Linux enjoys today. Doubtless, there are those who would disagree with us on this point and that's okay, but it's our opinion, formed via experience with numerous Linux and Unix distributions. How popular is RPM? Well, Caldera Systems and SuSE (two major Linux distributors) have both adopted it as their standard package manager and there are other, smaller, distributors using it as well. RPM is simply a shining example of what Open Source can and should be!

Beyond its cost, how will running OSS benefit my organization?

One of the most significant parts of the OSS phenomenon is that when a product's source code is available it's immediately subject to almost continuous improvement, modification, and extensive testing. This ultimately benefits everyone who uses it! The improved source code may become a permanent part of the source code tree, the product's version number is iterated and suddenly there's a new version available for everyone. The beautiful part is that due to the sheer numbers of people involved with open source the process I've just described could happen in a matter of hours, as opposed to days, weeks, or months. If you're an IT manager you can't buy support this good and if you have developers on your staff they'll be very happy with your choice because suddenly they're not fenced in by license restrictions and can find and fix bugs and customize the product themselves rather than wait for the software's creators to do it. If your organization does not have staff developers you will still reap the benefits provided by developers in the OSS community.

What about Security?

There are a number of ways that security gets handled in the open source arena. At MoonGroup we monitor security issues quite closely. The way we do it is quite simple. There are several security related email listservs which we have subscribed to and we check them daily, watching for reports of potential problems with any of the operating systems or software packages we use and support. These listservs are provided as a free service by the distribution vendors. Another security listserv is BugTraq, a free service which (as of this writing) has over 28,000 subscribers from around the world. You can also subscribe to the CERT/CC mailing list (Computer Emergency Response Team/ Coordination Center) which is yet another free service. CERT has been in operation since December 1988 when they were formed by the Defense Advanced Research Projects Agency (DARPA) after the Morris Worm incident crippled approximately 10% of all computers connected to the Internet.

The open source community responds to security incidents very quickly. Here at MoonGroup we've seen security patches for OSS products available before we had seen the bug report and many times the bug report and the patch to fix the problem arrive together in the same message! The Linux distribution vendors do a great job dealing with security issues and there are also a number of packages available which can defend your systems against both active and passive attack.

What about Viruses?

Because of the architecture of the Linux kernel the OS is largely immune to the virii which seem to infect Windows based systems with new strains on a daily basis. This is just not an issue with the Linux operating system! MoonGroup recognizes however, that vigilance is the key to protection in the virus arena and that is the second reason that we subscribe to the CERT/CC mailing list because it is the recognized reporting authority for viruses.

What about Reliability?

Many business people believe that open source software could not possibly be as reliable as comparable commercial products. This is a sad situation which illustrates just how poorly the whole concept of OSS is understood. Imagine that your work (all of it) was subject to review by all of your peers. Imagine that until it has withstood that scrutiny it could not be considered a "finished product". How good a job would you do? Then imagine that your peers were benevolent and willing to help you improve your product and work with you daily on its progress. That is a close description of the open source development process!

MoonGroup has been involved with the open source development process for several years now and we've witnessed this process first hand... it works! At the bottom of each and every one of our web pages appears the line, "We support Open Source!", please understand that we mean it. We found an OSS product about a year ago which was really, really excellent. It is the XFce Desktop Environment combined with the XFwm Window Manager. The Internet domain used to publicize this product is "xfce.org". MoonGroup registered this domain for the software's primary author and copyright holder Olivier Fourdan (at our own expense) and we continue to host the domain at no cost to this day! Why did we do this? Simply put, we believe that OSS is the best development methodology available and we found Olivier's product to suit our needs perfectly. In fact we believe that it's the best product of its kind available in the world today. XFce's development has culminated in the first pre-release of XFce 3.0, aka GTK+XFce. This is the newest available version of XFce and it's built on the GTK+ libraries (GTK+ is the Gimp Tool Kit, an open source library package developed by the creators of The Gimp which is a freely distributed piece of software suitable for such tasks as photo retouching, image composition and image authoring). Interestingly The Gimp was used to render all of the custom artwork on the MoonGroup web site!

So what does all of this have to do with reliability? Everything. The tools I've mentioned here and many more are used in our work, everyday. This web page is being served to your browser by a piece of open source software -- the Apache Web Server. You were able to find this web site because of an excellent piece of OSS -- it's called BIND and it provides domain name services. If you send us email as a result of reading this it will be handled along the way by various versions of another piece of OSS called sendmail and then read by yet another piece of OSS called mutt.

What about support costs and my TCO?

Total cost of ownership (TCO) is certainly an important variable to consider when evaluating software products. At MoonGroup we're running a business too and our experiences using OSS have been very positive. There have been many commentaries and studies written on this subject but it's our opinion that it'd be very difficult to do an all encompassing evaluation. Each organization will have to examine the issue within the scope of its own environment but we believe that OSS products can stand this test in a very positive light. When examining support costs as an element of TCO it's important to realize that support is a desired variable and its associated costs are unavoidable no matter which software your organization selects! Another important point to consider is the savings beyond cost that occur when using open source. Using commercial software normally involves adhering to comparatively strict licensing agreements which require that you track software copies and usage. This can create a quagmire of legal risks and force you to hire additional staff to maintain the records and even this may not be sufficient to prevent your organization from running afoul of a license and suffering through litigation, fines or even arrest. Most, if not all, open source software can be freely copied and used where you need it. There are no licenses to track and no legal ramifications to suffer as a consequence.

A Final Word

The opensource.org web site defines open source very simply in its FAQ: "Open source promotes software reliability and quality by supporting independent peer review and rapid evolution of source code." MoonGroup believes that this statement is right on the mark and right on the money!

Chuck Mead is co-founder and the CTO of MoonGroup Consulting, Inc., which is based near Research Triangle Park in North Carolina. Moongroup is a privately held corporation which focuses on electronic mail and internetworking both with and without Linux. Chuck has been working in the IT field since 1985 and doing technical work since childhood. He's been working with Microsoft NT since the first available Beta of 3.0 and in 1997 he helped engineer the largest installation of Microsoft Exchange which had ever been done. Though he's worked with *nix since the middle 80's he is fascinated with the possibilities which Linux presents and is a strong Linux advocate within his community and to his client base.





   Page 1 of 1