Marauderz Stuff

The temporary version!
Front Page
Articles
Programs

Marauderz Rants.. For Real Now.

The Malaysian Government has decided to encourage the use of Open Source Software in the Malaysian Public Sector. While the idea is a good one, the whole implementation of it is wrong. Not to mention the people which they've chosen to execute this plan the Open Source Competency Center, doesn't seem to be competent at all. As a developer who uses Microsoft based technologies (which is known by these people as proprietary technology) I decided to dive into their Benefits of Implementing Open Source Software Solutions document to see what they have to say. What I saw just shocked me beyond disbelief.... THIS is the work of the people who are going to lead the government to the new age? Let's take a look at the points they choose to make in their document.

The points provided on the site are in blue, mine in grey.

Vendor Lock-in

Avoid Vendor Lock-In. With the advent of Open Source, the Government (through its agencies) now has the opportunity to relinquish any such scenarios. However, it is envisaged that it may well be sometime before this freedom is achieved, particularly for agencies who have special applications and there may not be an equivalent open source solution.
The person who wrote this forgot that someone still has to create the system which the Government needs, the system might comprise of OS based components like encryption engines, network stacks, etc. etc. BUT.... someone still has to write it. And that someone will still be the one to maintain the system, there is still the effect of vendor lock in, just on a different level. Yeah, it's open sourced but in a standard project deal source code is turned over. The question is, how easy would it be for another vendor to take over maintenance of the system. Or more to the point how willing would the other party be. You can give someone all the source code and documentation to a system, but that doesn't make doing changes any easier or pleasant.

In situations like this, more often than not said vendor would just recommend a total complete rebuilt of the system... based on OS technologies of course!


Licensing

New Paradigm. There are generally no licensing and/or maintenance fees for open source. Some licensing fees can be very complicated and calculate based on number of users, partitions etc. This adds onto the complexity of implementing a proprietary solution. Further, the licensing fees changes over time and this also affects the organisation having to budget for this. This is a significant benefit accruing to organisations wanting to adopt open source.
Note the word generally and not a definite there are no licensing fee/maintenance fees . Yes, I'd say certain licensing fees can have very complicated terms. But it's not going to be something exclusive to so called proprietary solutions. As for licensing fees that change over time, also true for some vendors but the change doesn't effect solutions that are already deployed and running (At least that's what I see from the MS point of view). But once again it doesn't mean you're free from this if you use OS based stuff. On that note if you're looking to get a MS based solution please check on your licensing schemes properly, you really don't have to buy 10 RETAIL boxes of Windows XP for your 10 office machines.

Version Control

Total Control. With the source code, for the first time, organisations now have the capability of having complete control over the entire development cycle. There is no vendor equation in this and therefore eliminates the potential of accepting vendors' optimistic delivery dates.
This point just had me laughing out loud, for the first time, organisations now have the capability of having complete control over the entire development cycle, an organisation does have complete control over the entire developement cycle. Heck what do us ISVs slave over our computers hours after normal working hours, if NOT to satisfy our client's want for quick delivery. No matter what technology an organisation chooses to use OS based or not, they are ALWAYS at the mercy of accepting the optimistic delivery dates of the people responsible for making the system. Just because you have all the source code to the bits that would make up your system doesn't mean you HAVE the system that you need and therefore is like a magic bullet which you don't have to depend on someone else to build it for you. Which is what this point seems to be trying to say.
In Escrow. The traditional market practice has been to place the source code of proprietary systems in safe custody by way of an escrow, in case the company ceases to do business. Imagine the freedom that's now available, there is no need for all these negotiations and arrangements, simply because the source code is available for free and forever.
I can't say much about this practice (guess that means I've never been in a big enough project to warrant the need for such a deal) but what I can say is that, in all the systems that I have been involved in developement as an ISV for the past 3 years, we've always gave the source code to the client! It was always part of the deal.
Thorough Testing. The typical scenario in any open source community when it comes to testing of any beta versions is that the whole community can get involve in the testing. This is a fantastic characteristic that exists in open source environment. Imagine the speed of testing as well as the depth of testing in view of the ever so large (and growing) numbers of open source practitioners. Final releases of software will only take place after having passed through this open and vigorous process. This in turn provides a level of comfort sufficient for organisations to make informed judgment on deployment of any open source solution(s).
Public beta testing is nothing new to the software industry, commercial games, applications and operating systems (all proprietary under the notion of these people) all have examples where the whole community get involve in testing and molding of the final product. Final releases of (the) software will only take place after having passed through this open and vigorous process. I just find this statement funny cause on one hand we have people who agree not to release software until it has passed testing and is bug free, on the other hand we have people (clients, bosses, customers) who pressure us constantly to just push something out as fast as possible. For a good example just look at the current Windows XP SP2 testing, MS is pushing the release date back cause the testers have reported bugs in the system, and yet they are criticized for not releasing it sooner!

Security

Tested. This is perhaps one of the most popular subjects of concern for organisations pursuing into the realm of open source. The common questions posed is that "How can a open source system be secure?", "Since the source code is available, it will be vulnerable to attacks". However the scenario is quite the contrary. In open source environment, source codes are available for scrutiny by all. The possibility of the existence of viruses, worms, Trojan horses and the like is practically eliminated. One cannot have the same level of confirm with proprietary software. In addition to this, there exist no system "lock-outs' situations which are quite common for proprietary systems when the license fees are not paid on time. Whilst the proprietary software vendor may claim high security standards, the truth is that no one can say with certainty the veracity of this statement. It could simply just mean that a bad line of code by a not so experienced programmer could cause security breach.
TESTED. What a way to put it... As I heard from someone once before.. security is a PROCESS not a PRODUCT you can't just claim you're secure because you're an Open Source System the same way you can't claim you're secure just because you're a proprietary system. When talking about the existence of viruses, worms, Trojan horses, once again they use practically not completely. A bad line of code in an OS component might be caught by the community, but a bad line of code in your system that's consuming the OS component will not! Unless of course you plan to release the code to your nuclear missile control system (which runs on OS components of course) to the world so that you can be sure that it's secure.
The Gartner Group had published an article "Nimda Worm shows you can't always patch fast enough". Please refer to Annex 3. (see Gartner report - Nimda Worm shows you can't always patch fast enough dated 19/9/01 by John Pescatore).
Correct, you can't patch fast enough! You need to teach people about computer security the same way you teach people not to leave their credit card receipts all over the place. I've seen far too many so called viruses that don't rely on any OS flaw but rather the user's non understanding of proper computer security procedures, take a look at the Beagle virus it doesn't exploit any security flaw in Windows, it doesn't rely on the Outlook object model to do it's mass mailing, it just cons the user into executing the payload and then it'll just go happily on it's way on a little data mining expedition. I'm sure everyone has been told more than once by their friends or system admins, don't EVER open any attachments that you never asked for! EVEN if it is from someone you know!

Software Configuration

Operating System. There is no need to follow the foray to follow the rest in having to upgrade, say, the operating system, as is usually experienced in a proprietary solution. Since the source code is available, enhancements/refinements can be implemented selectively over period of time at the sole discretion of the users. This dilemma is evident especially when, for example, proprietary software companies declares that they no longer are going to support previous versions. With Open Source, this dilemma no longer exists.

No one ever put a gun to your head and forced you to upgrade to the latest version of a software if you didn't want to. A lot of enhancement/refinements have been made to proprietary systems even without the source code to their inner workings provided. It's about proper systems design, not just about having the source code. Do you really want to tell your mother to add a couple of lines of code to the kernel and recompile it so her TV Tuner card can work? As for not supporting previous versions, that's economics, no organization can support something indefinetly, sooner or later it'd be time to move on. With Open Source this dilemma wouldn't exist, just like there wasn't a problem fixing up the Cobol systems during Y2k since they have all the source code with them.
Platform Neutral. In view of the philosophy of open source, there is no preference to any single or limited set platform(s). Rather, the desire behind open source is to run on any platform. In short, open source provides freedom of choice over proprietary vendors.
Platform Neutral? Why do I keep hearing about wheter KDE or GNOME is better then? Isn't the desire of Open Source is to share knowledge? As I stated in the first point Open Source wouldn't provide freedom of choice over proprietary vendors you'd just get locked in by other people.
Porting. Since the source code is available, organizations can do the porting themselves, especially if there is a specific platform peculiar to that organisation, to ascertain its compatibility. Organisations now have the freedom to dictate preferred platforms and not to be dictated by vendors.
Sure.. organizations can do porting themselves... but do they WANT TO? Would they have the people to DO SO? Anyone who has done it before will tell you that it's not easy to port code from one platfrom to another even if the source code is provided!
Compiler. The flexibility of having the option to choose the compiler of choice. This freedom of choice provides the benefit of having the capability to create development environment with a compiler that supports many platforms. Most proprietary products has the effect of a "lock-in" situation by way of a single complier which is most often than not is aligned to a preferred hardware platform. Most Open source software(s) support multiple compilers. This provides users with the freedom of choice in selecting complier(s).
Compiler? Now... call me stupid... but I really don't see why this matters. From what I know, the language is supposed to be standardized, ISO C, C#, etc. etc. Then the compiler will work on the source. Therefore if I had a code chunk that's ISO C compliant, it'll probably compile with a suitable compiler such as for x86, ARM, MIPS, etc. etc.  I really don't get why this is here. (Just for the heck of it, a Java compiler compiles to bytecode which runs on a Java Virtual Machine and no where else.... so isn't that lock in to a prefered platform?)

Software Modifications/Enhancements and Testing

Independence. If there is a need to add features for example in a proprietary system, an organisation will have to engage the vendors to add the required feature. This has two (2) implications. First being that there is over-dependence on a vendor and the second being that it will be both time consuming as well as incur costs. However, in a open source environment, with the available source code, organisations can proceed to add features.
Once again... not all organizations have their own software departments, so most likely even if they had the source code to their system they WILL engage a vendor to do additions to their systems. And developing a system..is time consuming and incurs costs... you have to PAY your programmers right?

Documentation

Adequate and Available. Whilst this is not the mainstream focus of open source community, nevertheless adequate documentation is made available together with the source code. There are no major concerns here.
I don't agree that documentation is not a mainstream focus of the open source community, in fact I feel that's the essence of open source, teaching people how things can be done. Sharing knowledge on solving problems. (Not just copy and pasting a system together from Open Source code chunks!) I feel really peeved by this point because it tries to pretend that documentation doesn't exists or isn't deemed important by proprietary vendors. These people obviously never used MSDN, TechNet or the Microsoft Knowledge Base to run a search before.

Software Evaluations

Easier. If compared to a typical proprietary system evaluation, the evaluation of open source is much simpler. For one, there is no legal/contractual activity, as we all have experienced, this is time consuming and fraught with challenges. In open source environment on the other hand, its straightforward and valuable time can be spent to perform through evaluation
What? Evaluating software is a legal/contractual activity? Gheeezzz...  if MS made me sign a contract to test their software I'd be pissed at them too! (The usual EULA not withstanding since I'm sure OS developers also have to protect themselves from crazy people who'd sue you for frightening their offspring with the colors you choose for your user interface!) But is it really that time consuming and fraught with challenges to evaluate the EVIL proprietary software? Let me see...
  • Get the Windows 2003 Evaluation Kit...
  • Install...
  • Evaluate for the 180 day period.
  • For help consult documentation in the system, and online.

I must be missing something here cause where's the time consuming and fraught with challenges part? (downloading time not withstanding) Sure it's time based.. but it's 6 MONTHS!!! You can't make a decision whether something is good or not in 6 MONTHS???


Benchmarking

Available Openly. Benchmarking is an important component in evaluating particular software. In the proprietary environment, benchmarking results are often not made available or if made available it's probably made under non-disclosure agreements. There are limited basis for comparison with other products in the market. Generally, in open source environment, benchmarking results are available for the community without any restrictions.
 
Benchmarking... touchy subject but anyway there are a lot of benchmarking results of various proprietary and OS systems out there in the open. (Go ahead, Google some, Java vs .Net, MSSQL vs Oracle, MySQL vs MSSQL) But always the losing party screams bloody murder and also talks about conspiracy plans and others. So can you really say having benchmark results help?

And that's the end of the blow by blow... thanks for making it this far hope you weren't too bored... Wow.. as I scroll back up to look at the top.. this is a LOT of writing... =P

Why did I write this? Is it because cause I'm a Microsoft MVP I'm supposed to come rally at their cause at their every beck and call? No. (But some of you ain't gonna believe that). Did MS offer me some reward for writing this? No. (But some of you ain't gonna believe that)

I'll be truthful (But some of you ain't gonna trust me) My friend at MS Malaysia did ask if I would like to write anything about the government's OSS decision. I told him yes I would, cause I already made the decision when I saw this list of benefits that was posted on the site. I just couldn't believe that these are the benefits of OSS that the consulting body want people to believe, and want the government to believe in.

If you'd notice in the list, on the points the OSS people made, a lot of them go something like organizations can themselves do modifications, organizations can create their own systems, organizations can... Yeah, an organization can do a lot of things, but it doesn't have to be with OSS. But I'll tell you what any organization can't do. Keep a staff of Skilled Programmers on the payroll with a paycheck appropriate for their skill levels. A typical moderately sized company would have an IT Department, which would usually consists of administrators for the various systems such as the network, database and other operational systems, but definitely not a party of skilled veteran programmers. They might have one or two which can handle routine maintainence and bug fix of the system but don't expect a typical organization to have in their payroll one or two Don Boxs or Linus Travolds.

The programmers which the organization keeps around may or may not be able to handle whatever changes that need to be done to their system even with all the source code provided (I did mention a typical ISV here would turn over code once the project is finished), so what would the organization do? Call in external help of course. So ok... the high priced consultants come in, they do their job, make the changes to the system based on the available source code, and then leave the new source code with the organization. Now the NEXT time something needs to be changed with the system what does the organization do??? The logical thing would be to ask the previous consultants to come in and do the changes cause they're familiar with the system (and especially if they done a good job previously!)

Isn't this a case of vendor lock-in? The organization is now dependent on the consultants that are maintaining their system, they have all the source code but they know that if they engage other people they wouldn't understand the intricacies of the system well enough to do a good job in a short time frame. (Which is what every client asks of an ISV.. oh.. let's not forget at a cheap price as well!)

Is this going to change if the organization adopts OSS? NO! Cause any programmer can tell you just having source code and documentation doesn't mean you can immediately create miracles. Proprietary technology or not the skill and familiarity of a person towards a system counts and isn't that sort of dependence a lock in? So how does OSS free an organization from dependence on a vendor?

And how does OSS help between communication between organizations and bodies, if we go according to the list of benefits that's presented to us here. I'm guessing if Org A wants to talk to Org B, A would review B's source code for a communications layer which even though it's open sourced...is still proprietary to B, and if A wanted to talk to C as well... once again.. A needs to learn C's method of communication... but it's no problem!!! In the world of OSS, have no fear, the source code is available! But why would A care about how C communicates with external bodies. Instead of creating their own way of communication and then open sourcing it touting it as the best, why not just STANDARDIZE on a method of communication?

Open Source is a great way to promote knowledge exchange, (not to mention a boon to some final year programming students.. but another rant another time) But if everyone works on the assumption that with one's source code you can do anything, there's going to be chaos. Want a good example of how simply telling people how something works doesn't work out? Look at the VHS vs Beta wars. What? Too young to know what  a Beta is? OK.. let's look at the DVD Recordable formats. We have two groups + and -, both have revealed how each other work (think of it as revealing the source code) but both claim to be the better technology. With no one relenting or stepping down, we now have DVD Recorders that write in both formats, but what if we didn't? How long would the consumers have to be locked to the format that they choose to be with? Luckily... there was a STANDARD that both groups could agree to conform to, the DVD-ROM format so that it didn't matter if your disc was recorded by a Plus or Minus drive as long as your drive supported the DVD-ROM format (and you used a good quality burner/media) you can use the disc.

The morale of the story is, instead of just letting loose and telling each other how great our code is, shouldn't we instead put our efforts into coming up with a common STANDARD for getting things done? Instead of worrying about what platform to write our programs on, shouldn't we just agree on how we are going to communicate with each other, either with other systems, networks, countries, etc. etc.? In fact, if everyone started touting their own standard wouldn't they become proprietary?

I have just a few more things to add. In the article at The Star it's mentioned that Under the masterplan, OSS procurement "should be based on merits, value for money, transparency, security and interoperability." But who decides that? Aren't we just opening up another channel where things could get ugly under the table?

And I'd just like to point out one more thing.. are we supposed to trust someone who inserts META Keywords like this to catalog their site?

<meta name="keywords" content="News, news, New, New, Technology, technology, Headlines, headlines, Nuke, nuke, PHP-Nuke, phpnuke, php-nuke, Geek, geek, Geeks, geeks, Hacker, hacker, Hackers, hackers, Linux, linux, Windows, windows, Software, software, Download, download, Downloads, downloads, Free, FREE, free, Community, community, MP3, mp3, Forum, forum, Forums, forums, Bulletin, bulletin, Board, board, Boards, boards, PHP, php, Survey, survey, Kernel, kernel, Comment, comment, Comments, comments, Portal, portal, ODP, odp, Open, open, Open Source, OpenSource, Opensource, opensource, open source, Free Software, FreeSoftware, Freesoftware, free software, GNU, gnu, GPL, gpl, License, license, Unix, UNIX, *nix, unix, MySQL, mysql, SQL, sql, Database, DataBase, database, Mandrake, mandrake, Red Hat, RedHat, red hat, Slackware, slackware, SUSE, SuSE, suse, Debian, debian, Gnome, GNOME, gnome, Kde, KDE, kde, Enlightenment, enlightenment, Intercative, interactive, Programming, programming, Extreme, extreme, Game, game, Games, games, Web Site, web site, Weblog, WebLog, weblog, Guru, GURU, guru" />

Some of it, is of course related to the subject matter... others.... well I'll let you decide. To me putting this in the Benefits page was just a plain despicable move by the creators of the site! (It'd probably be gone soon if this article ever hits the masses :P)

My name is Chan Wei Min, I'm a Professional Software Developer using (sinful, evil) proprietary Microsoft Technologies which supports Open Standards for data exchange. Thank you for your time in reading this cause.. it's a biggie!!! Wow.... *scrolls up* definitely a long one! Good night folks!