Free and Open Source Software

8/16/2012

Pretty trendy at the moment, but I’m ambivalent. I hear a number of arguments in favour of open source and oddly, never any in raging support of proprietary software. The arguments in favour of free and open source software usually focus on standards, security, and cost (it’s free).

Standards

Standardisation is the process of developing and implementing technical standards. Technical standardisation promotes commoditisation by reducing dependencies on single suppliers. Standardisation also increases compatibility and interoperability.

The argument is that proprietary software uses proprietary file formats, network protocols, and so forth. This claim is true in some cases, and not absolutely so. Many vendors of proprietary software conform to the same standards that open source software does. There are often conflicting standards (identity federation is a great example, where the WS-Federation protocol competes with the SAML protocol – and while both protocols are open, neither is officially recognised as a standard).

Standards matter, but not always. In software, openness is, in my opinion, far more important than standards. I don’t care what protocol a message uses when it travels over the wire – I care about being able to send and receive that message.

Security

Open source proponents talk about the benefits of the auditable nature of open source software. Closed-source (proprietary) software forces its users to trust the vendor when claims of security and freedom from back doors are made.

Open source software, by publishing the source code, makes it possible for anyone to inspect that source code, and thereby uncover security or other issues in the software.

This may sound like a pretty sweet deal for users of open source software, but it often isn’t. The problem is that unless it's a mainstream distribution of, for example, Linux (where contributions to the source code are peer reviewed before they're comitted), publishing source code only provides the possibility that the open source software will be inspected or audited. It’s virtually impossible to find reliable audit information for an arbitrary piece of open source software.

That leaves the user to trust that the software was reviewed, that the reviewer possessed the skills required to conduct the audit, and that the reviewer’s audit was rigorous and complete.

A final thought on the security of open- and closed-source software - Ken Thompson's talk on trusting trust.

Cost

Proprietary software costs money - vendors charge users for each installation. Free and open source software, on the other hand, is free. And that’s usually the extent of the argument.

It isn’t always that that simple, however. Consider the scenario in which an organisation uses Microsoft’s Active Directory. Virtually all systems within the organisation use it to authenticate users and authorise access. Attempting to displace Active Directory with an open source LDAP alternative can be prohibitively expensive, because it would mean replacing or re-configuring all the systems that rely on Active Directory.

Think about that for a minute. Assume a medium-sized business with maybe 1,000 AD domain-joined desktops. How would you justify the cost of re-imaging those desktops to Linux? Or the cost of training 1,000 employees in LibreOffice?

Another approach is to run an LDAP server concurrently, alongside the Active Directory. This also comes at a cost – the organisation suddenly needs to maintain two directories, and provision users into both. Auditors must also, for example, reconcile users from both directories into a single audit trail.

There are other interesting perspectives on cost in this dicussion on Hacker News.

Conclusion

The obvious factor is whether your choice does what you expect. The battle between Direct3D and OpenGL is a good examle of F/OSS simply not delivering (besides being a compelling read).

My next test for technology selection is that the people who provide it should be in a similar situation to me - they need to rely on it to run their business. As such, free and open source software has its place (I've benefited from it immensely), but so does proprietary software. One negative aspect of the open-source community not often spoken about is the the arrogance[1] of the developer community. I've experienced this behaviour first-hand, after agreeing to publish the source code for an RS232 component that contained a bug.

That notwithstanding -

As an independent developer you might rely on closed source software to pay the rent and feed your son. As an organisation you might find value in the freedom to run a piece of software for any purpose; to study how it works, and change it according to your needs; and lastly, the freedom to distribute copies of the original software, or the version including your changes, to your business partners.

Personally? My preference is proprietary software, but I’m open to either. And wary of anyone that pushes one to the absolute exclusion of the other.

[1] The LosTechies site has been returning HTTP 500 (internal server error). The Google Cache version is available here.


Home | Blog | Photos | Contact | About

Wittenburg.co.uk and all content copyright 1995-2018 by Michael Wittenburg, unless otherwise stated.
All content on this site is licensed under the Creative Commons license, unless otherwise stated.

Wittenburg.co.uk uses a single session cookie because it's required by the tech underlying the site (Microsoft ASP.NET). The cookie stores no information and seves no functional purpose.