|
The Malaysian Government has decided to encourage
the use of Open Source Software in the Malaysian Public Sector.
While the idea is a good one, the whole implementation of it is wrong. Not to
mention the people which they've chosen to execute this plan the Open Source
Competency Center, doesn't seem to be competent at all. As a developer
who uses Microsoft based technologies (which is known by these people as
proprietary technology) I decided to dive into their
Benefits of Implementing Open Source Software Solutions document to see
what they have to say. What I saw just shocked me beyond disbelief.... THIS is
the work of the people who are going to lead the government to the new age?
Let's take a look at the points they choose to make in their document.
The points provided on the site are in blue, mine in grey.
Vendor Lock-in
Avoid Vendor Lock-In. With the advent of Open Source, the Government (through
its agencies) now has the opportunity to relinquish any such scenarios.
However, it is envisaged that it may well be sometime before this freedom is
achieved, particularly for agencies who have special applications and there may
not be an equivalent open source solution.
|
| The person who wrote this forgot that someone still has to
create the system which the Government needs, the system might comprise of OS
based components like encryption engines, network stacks, etc. etc. BUT....
someone still has to write it. And that someone will still be the one to
maintain the system, there is still the effect of vendor lock in, just on a
different level. Yeah, it's open sourced but in a standard project deal source
code is turned over. The question is, how easy would it be for another vendor
to take over maintenance of the system. Or more to the point how willing
would the other party be. You can give someone all the source code and
documentation to a system, but that doesn't make doing changes any easier or
pleasant.
In situations like this, more often than not said vendor would just recommend a
total complete rebuilt of the system... based on OS technologies of
course!
|
Licensing
New Paradigm. There are generally no licensing and/or maintenance fees for open
source. Some licensing fees can be very complicated and calculate based on
number of users, partitions etc. This adds onto the complexity of implementing
a proprietary solution. Further, the licensing fees changes over time and this
also affects the organisation having to budget for this. This is a significant
benefit accruing to organisations wanting to adopt open source. |
| Note the word generally and not a definite there
are no licensing fee/maintenance fees . Yes, I'd say certain
licensing fees can have very complicated terms. But it's not going to be
something exclusive to so called proprietary solutions. As for licensing
fees that change over time, also true for some vendors but the change doesn't
effect solutions that are already deployed and running (At least that's
what I see from the MS point of view). But once again it doesn't mean
you're free from this if you use OS based stuff. On that note if you're
looking to get a MS based solution please check on your licensing
schemes properly, you really don't have to buy 10 RETAIL boxes of
Windows XP for your 10 office machines. |
Version Control
Total Control. With the source code, for the first time, organisations now have
the capability of having complete control over the entire development cycle.
There is no vendor equation in this and therefore eliminates the potential of
accepting vendors' optimistic delivery dates. |
| This point just had me laughing out loud, for the first time,
organisations now have the capability of having complete control over the
entire development cycle, an organisation does have complete
control over the entire developement cycle. Heck what do us ISVs slave over our
computers hours after normal working hours, if NOT to satisfy our client's want
for quick delivery. No matter what technology an organisation chooses to use OS
based or not, they are ALWAYS at the mercy of accepting the optimistic
delivery dates of the people responsible for making the system. Just because
you have all the source code to the bits that would make up your system doesn't
mean you HAVE the system that you need and therefore is like a magic
bullet which you don't have to depend on someone else to build it for you.
Which is what this point seems to be trying to say. |
| In Escrow. The traditional market practice has been to place
the source code of proprietary systems in safe custody by way of an escrow, in
case the company ceases to do business. Imagine the freedom that's now
available, there is no need for all these negotiations and arrangements, simply
because the source code is available for free and forever. |
| I can't say much about this practice (guess that means I've
never been in a big enough project to warrant the need for such a deal)
but what I can say is that, in all the systems that I have been involved in
developement as an ISV for the past 3 years, we've always gave the source code
to the client! It was always part of the deal. |
| Thorough Testing. The typical scenario in any open source
community when it comes to testing of any beta versions is that the whole
community can get involve in the testing. This is a fantastic characteristic
that exists in open source environment. Imagine the speed of testing as well as
the depth of testing in view of the ever so large (and growing) numbers of open
source practitioners. Final releases of software will only take place after
having passed through this open and vigorous process. This in turn provides a
level of comfort sufficient for organisations to make informed judgment on
deployment of any open source solution(s). |
| Public beta testing is nothing new to the software industry,
commercial games, applications and operating systems (all proprietary under the
notion of these people) all have examples where the whole community get
involve in testing and molding of the final product. Final releases of (the)
software will only take place after having passed through this open and
vigorous process. I just find this statement funny cause on one hand we
have people who agree not to release software until it has passed testing and
is bug free, on the other hand we have people (clients, bosses, customers)
who pressure us constantly to just push something out as fast as possible. For
a good example just look at the current Windows XP SP2 testing, MS
is pushing the release date back cause the testers have reported bugs in the
system, and yet they are criticized for not releasing it sooner! |
Security
Tested. This is perhaps one of the most popular subjects of concern for
organisations pursuing into the realm of open source. The common questions
posed is that "How can a open source system be secure?", "Since the source code
is available, it will be vulnerable to attacks". However the scenario is quite
the contrary. In open source environment, source codes are available for
scrutiny by all. The possibility of the existence of viruses, worms, Trojan
horses and the like is practically eliminated. One cannot have the same level
of confirm with proprietary software. In addition to this, there exist no
system "lock-outs' situations which are quite common for proprietary systems
when the license fees are not paid on time. Whilst the proprietary software
vendor may claim high security standards, the truth is that no one can say with
certainty the veracity of this statement. It could simply just mean that a bad
line of code by a not so experienced programmer could cause security breach. |
| TESTED. What a way to put it... As I heard from
someone once before.. security is a PROCESS not a PRODUCT you
can't just claim you're secure because you're an Open Source System the same
way you can't claim you're secure just because you're a proprietary system.
When talking about the existence of viruses, worms, Trojan horses, once again
they use practically not completely. A bad line of
code in an OS component might be caught by the community, but a bad line of
code in your system that's consuming the OS component will not! Unless of
course you plan to release the code to your nuclear missile control system (which
runs on OS components of course) to the world so that you can be sure
that it's secure. |
| The Gartner Group had published an article "Nimda Worm shows
you can't always patch fast enough". Please refer to Annex 3. (see Gartner
report - Nimda Worm shows you can't always patch fast enough dated 19/9/01 by
John Pescatore). |
| Correct, you can't patch fast enough! You need to teach
people about computer security the same way you teach people not to leave their
credit card receipts all over the place. I've seen far too many so called viruses
that don't rely on any OS flaw but rather the user's non understanding of
proper computer security procedures, take a look at the Beagle virus it doesn't exploit any security flaw in
Windows, it doesn't rely on the Outlook object model to do it's mass mailing,
it just cons the user into executing the payload and then it'll just go happily
on it's way on a little data mining expedition. I'm sure everyone has been told
more than once by their friends or system admins, don't EVER open any
attachments that you never asked for! EVEN if it is from someone you
know! |
Software Configuration
Operating System. There is no need to follow the foray to follow the rest in
having to upgrade, say, the operating system, as is usually experienced in a
proprietary solution. Since the source code is available,
enhancements/refinements can be implemented selectively over period of time at
the sole discretion of the users. This dilemma is evident especially when, for
example, proprietary software companies declares that they no longer are going
to support previous versions. With Open Source, this dilemma no longer exists.
|
| No one ever put a gun to your head and forced you to upgrade
to the latest version of a software if you didn't want to. A lot of
enhancement/refinements have been made to proprietary systems even without the
source code to their inner workings provided. It's about proper systems design,
not just about having the source code. Do you really want to tell your mother
to add a couple of lines of code to the kernel and recompile it so her TV Tuner
card can work? As for not supporting previous versions, that's economics, no
organization can support something indefinetly, sooner or later it'd be time to
move on. With Open Source this dilemma wouldn't exist, just like there wasn't a
problem fixing up the Cobol systems during Y2k since they have all the source
code with them. |
| Platform Neutral. In view of the philosophy of open source,
there is no preference to any single or limited set platform(s). Rather, the
desire behind open source is to run on any platform. In short, open source
provides freedom of choice over proprietary vendors. |
| Platform Neutral? Why do I keep hearing about wheter KDE or
GNOME is better then? Isn't the desire of Open Source is to share knowledge? As
I stated in the first point Open Source wouldn't provide freedom of choice over
proprietary vendors you'd just get locked in by other people. |
| Porting. Since the source code is available, organizations
can do the porting themselves, especially if there is a specific platform
peculiar to that organisation, to ascertain its compatibility. Organisations
now have the freedom to dictate preferred platforms and not to be dictated by
vendors. |
| Sure.. organizations can do porting themselves... but do they WANT
TO? Would they have the people to DO SO? Anyone who has done it
before will tell you that it's not easy to port code from one platfrom to
another even if the source code is provided! |
| Compiler. The flexibility of having the option to choose the
compiler of choice. This freedom of choice provides the benefit of having the
capability to create development environment with a compiler that supports many
platforms. Most proprietary products has the effect of a "lock-in" situation by
way of a single complier which is most often than not is aligned to a preferred
hardware platform. Most Open source software(s) support multiple compilers.
This provides users with the freedom of choice in selecting complier(s). |
| Compiler? Now... call me stupid... but I really don't see why
this matters. From what I know, the language is supposed to be standardized,
ISO C, C#, etc. etc. Then the compiler will work on the source. Therefore if I
had a code chunk that's ISO C compliant, it'll probably compile with a suitable
compiler such as for x86, ARM, MIPS, etc. etc. I really don't get why
this is here. (Just for the heck of it, a Java compiler compiles to bytecode
which runs on a Java Virtual Machine and no where else.... so isn't that lock
in to a prefered platform?) |
Software Modifications/Enhancements and Testing
Independence. If there is a need to add features for example in a proprietary
system, an organisation will have to engage the vendors to add the required
feature. This has two (2) implications. First being that there is
over-dependence on a vendor and the second being that it will be both time
consuming as well as incur costs. However, in a open source environment, with
the available source code, organisations can proceed to add features. |
| Once again... not all organizations have their own software
departments, so most likely even if they had the source code to their system
they WILL engage a vendor to do additions to their systems. And
developing a system..is time consuming and incurs costs... you have to PAY
your programmers right? |
Documentation
Adequate and Available. Whilst this is not the mainstream focus of open source
community, nevertheless adequate documentation is made available together with
the source code. There are no major concerns here.
|
| I don't agree that documentation is not a mainstream focus of
the open source community, in fact I feel that's the essence of open source,
teaching people how things can be done. Sharing knowledge on solving problems. (Not
just copy and pasting a system together from Open Source code chunks!) I
feel really peeved by this point because it tries to pretend that documentation
doesn't exists or isn't deemed important by proprietary vendors. These
people obviously never used
MSDN,
TechNet or the
Microsoft Knowledge Base to run a search before. |
Software Evaluations
Easier. If compared to a typical proprietary system evaluation, the evaluation
of open source is much simpler. For one, there is no legal/contractual
activity, as we all have experienced, this is time consuming and fraught with
challenges. In open source environment on the other hand, its straightforward
and valuable time can be spent to perform through evaluation |
What? Evaluating software is a legal/contractual activity?
Gheeezzz... if MS made me sign a contract to test their software
I'd be pissed at them too! (The usual EULA not withstanding since I'm sure OS
developers also have to protect themselves from crazy people who'd sue you for
frightening their offspring with the colors you choose for your user
interface!) But is it really that time consuming and fraught with
challenges to evaluate the EVIL proprietary software? Let me
see...
-
Get the Windows 2003 Evaluation Kit...
-
Install...
-
Evaluate for the 180 day period.
-
For help consult documentation in the system, and online.
I must be missing something here cause where's the time consuming and fraught
with challenges part? (downloading time not withstanding) Sure it's time
based.. but it's 6 MONTHS!!! You can't make a decision whether
something is good or not in 6 MONTHS???
|
Benchmarking
Available Openly. Benchmarking is an important component in evaluating
particular software. In the proprietary environment, benchmarking results are
often not made available or if made available it's probably made under
non-disclosure agreements. There are limited basis for comparison with other
products in the market. Generally, in open source environment, benchmarking
results are available for the community without any restrictions.
|
| Benchmarking... touchy subject but anyway there are a lot of
benchmarking results of various proprietary and OS systems out there in the
open. (Go ahead, Google some, Java vs .Net, MSSQL vs Oracle, MySQL vs MSSQL)
But always the losing party screams bloody murder and also talks about
conspiracy plans and others. So can you really say having benchmark results
help? |
And that's the end of the blow by blow... thanks for making it this far hope you
weren't too bored... Wow.. as I scroll back up to look at the top.. this is a
LOT of writing... =P
Why did I write this? Is it because cause I'm a Microsoft MVP I'm supposed to
come rally at their cause at their every beck and call? No. (But some of you
ain't gonna believe that). Did MS offer me some reward for writing
this? No. (But some of you ain't gonna believe that)
I'll be truthful (But some of you ain't gonna trust me) My friend at MS
Malaysia did ask if I would like to write anything about the government's OSS decision. I told him yes I would, cause I already
made the decision when I saw this list of benefits that was posted on
the site. I just couldn't believe that these are the benefits of OSS that the
consulting body want people to believe, and want the government to believe in.
If you'd notice in the list, on the points the OSS people made, a lot of them go
something like organizations can themselves do modifications, organizations can
create their own systems, organizations can... Yeah, an organization
can do a lot of things, but it doesn't have to be with OSS. But I'll tell you
what any organization can't do. Keep a staff of Skilled Programmers on
the payroll with a paycheck appropriate for their skill levels. A typical
moderately sized company would have an IT Department, which would usually
consists of administrators for the various systems such as the network,
database and other operational systems, but definitely not a party of skilled
veteran programmers. They might have one or two which can handle routine
maintainence and bug fix of the system but don't expect a typical organization
to have in their payroll one or two Don Boxs or Linus Travolds.
The programmers which the organization keeps around may or may not be able to
handle whatever changes that need to be done to their system even with all the
source code provided (I did mention a typical ISV here would turn over code once
the project is finished), so what would the organization do? Call in
external help of course. So ok... the high priced consultants come in, they do
their job, make the changes to the system based on the available source code,
and then leave the new source code with the organization. Now the NEXT time
something needs to be changed with the system what does the organization do???
The logical thing would be to ask the previous consultants to come in and do
the changes cause they're familiar with the system (and especially if they done
a good job previously!)
Isn't this a case of vendor lock-in? The organization is now dependent on
the consultants that are maintaining their system, they have all the source
code but they know that if they engage other people they wouldn't understand
the intricacies of the system well enough to do a good job in a short time
frame. (Which is what every client asks of an ISV.. oh.. let's not forget at a
cheap price as well!)
Is this going to change if the organization adopts OSS? NO! Cause any programmer
can tell you just having source code and documentation doesn't mean you can
immediately create miracles. Proprietary technology or not the skill and
familiarity of a person towards a system counts and isn't that sort of
dependence a lock in? So how does OSS free an organization from dependence on a
vendor?
And how does OSS help between communication between organizations and bodies, if
we go according to the list of benefits that's presented to us here. I'm
guessing if Org A wants to talk to Org B, A would review B's
source code for a communications layer which even though it's open sourced...is
still proprietary to B, and if A wanted to talk to C as
well... once again.. A needs to learn C's method of
communication... but it's no problem!!! In the world of OSS, have no fear, the
source code is available! But why would A care about how C communicates
with external bodies. Instead of creating their own way of communication and
then open sourcing it touting it as the best, why not just STANDARDIZE on
a method of communication?
Open Source is a great way to promote knowledge exchange, (not to mention
a boon to some final year programming students.. but another rant another time)
But if everyone works on the assumption that with one's source code you can do
anything, there's going to be chaos. Want a good example of how simply telling
people how something works doesn't work out? Look at the VHS vs Beta wars.
What? Too young to know what a Beta is? OK.. let's look at the DVD
Recordable formats. We have two groups + and -, both have
revealed how each other work (think of it as revealing the source code) but
both claim to be the better technology. With no one relenting or stepping down,
we now have DVD Recorders that write in both formats, but what if we didn't?
How long would the consumers have to be locked to the format that they choose
to be with? Luckily... there was a STANDARD that both groups could agree
to conform to, the DVD-ROM format so that it didn't matter if your disc
was recorded by a Plus or Minus drive as long as your drive
supported the DVD-ROM format (and you used a good quality burner/media) you
can use the disc.
The morale of the story is, instead of just letting loose and telling each other
how great our code is, shouldn't we instead put our efforts into coming up with
a common STANDARD for getting things done? Instead of worrying about
what platform to write our programs on, shouldn't we just agree on how we are
going to communicate with each other, either with other systems, networks,
countries, etc. etc.? In fact, if everyone started touting their own standard
wouldn't they become proprietary?
I have just a few more things to add. In the article at
The Star it's mentioned that Under the masterplan, OSS procurement
"should be based on merits, value for money, transparency, security and
interoperability." But who decides that? Aren't we just opening up
another channel where things could get ugly under the table?
And I'd just like to point out one more thing.. are we supposed to trust
someone who inserts META Keywords like this to catalog their site?
| <meta name="keywords" content="News, news, New, New,
Technology, technology, Headlines, headlines, Nuke, nuke, PHP-Nuke, phpnuke,
php-nuke, Geek, geek, Geeks, geeks, Hacker, hacker, Hackers, hackers, Linux,
linux, Windows, windows, Software, software, Download, download, Downloads,
downloads, Free, FREE, free, Community, community, MP3, mp3, Forum, forum,
Forums, forums, Bulletin, bulletin, Board, board, Boards, boards, PHP, php,
Survey, survey, Kernel, kernel, Comment, comment, Comments, comments, Portal,
portal, ODP, odp, Open, open, Open Source, OpenSource, Opensource, opensource,
open source, Free Software, FreeSoftware, Freesoftware, free software, GNU,
gnu, GPL, gpl, License, license, Unix, UNIX, *nix, unix, MySQL, mysql, SQL,
sql, Database, DataBase, database, Mandrake, mandrake, Red Hat, RedHat, red
hat, Slackware, slackware, SUSE, SuSE, suse, Debian, debian, Gnome, GNOME,
gnome, Kde, KDE, kde, Enlightenment, enlightenment, Intercative, interactive,
Programming, programming, Extreme, extreme, Game, game, Games, games, Web Site,
web site, Weblog, WebLog, weblog, Guru, GURU, guru" /> |
Some of it, is of course related to the subject matter...
others.... well I'll let you decide. To me putting this in the Benefits page
was just a plain despicable move by the creators of the site! (It'd probably be
gone soon if this article ever hits the masses :P)
My name is Chan Wei Min, I'm a Professional Software
Developer using (sinful, evil) proprietary Microsoft
Technologies which supports Open Standards for data exchange.
Thank you for your time in reading this cause.. it's a biggie!!! Wow.... *scrolls
up* definitely a long one! Good night folks!
|