2.5 Approaching the Open Source Community

The following section illustrates several practical aspects of open source software and involved parties.

2.5.1 Economy

Many people claim that open source software does not fit in our economical system because of its distribution terms. Although making profits might be more difficult today with open source software than with proprietary software, recent times have shown that you can earn your living with open source software. A good example is the Free Software Foundation that has existed for quite a while. Besides, there is no proof that the situation will remain in the future the way it is now as a lot of money has been invested in open source software and a certain 'hype' can be observed these days, too.

For a better understanding of the economical background I will present some ideas in this section on how to take direct or indirect economical advantage on open source software.

2.5.1.1 Total Cost of Ownership

In order to understand the creation of selling prices for software we have to look at related costs as well.

Before a business managers decides to introduce new software for his company he would like to know how much money this decision would cost in total. This amount is called 'total cost of ownership' (TCO) and covers not only the selling price of the software, but any cost that is caused by this decision. In particular, when there are several alternatives to choose from this sum is an important aspect to compare the different options.

I want to give some examples of what has to be considered to calculate the TCO:

System Preparation

Several additional components are usually required in order to get the new software running, e.g. hardware devices, infrastructure or other software.

Operation Efficiency

All the different phases²⁴ of usage of a software component requires costly additional resources like time of human actors or hardware devices. When the operation process has a low efficiency for some reason total costs rise tremendously. This could be caused by a none-intuitive or too complex user interface, standard incompatibility of used data formats or bugs in the software.

Failures

Since software operates in an environment failures could cause damages to entities not being part of the regular process. For example a robot could smash a window or data could be erased to mention light incidents.

Training

As in the business area the users are paid employees with certain skills, introducing new software normally means to spend extra money on improving the skills of your clerks, e.g. books or courses.

Service

Sometimes even the best training cannot transform a secretary into a computer expert in a fortnight and additional services are required for certain situations like a system crash.

Updates

Although proprietary software is sold as a 'working product' it normally contains a lot of bugs. Additionally, related software components or data formats change frequently in the proprietary software world. Therefore frequent software updates are required in order to have a (better) 'working product'. They are relevant for costs as you usually pay extra for them.

Purchase

Finally, you have to pay the selling price to get permission to use a copy of a software product in the proprietary software world.

2.5.1.2 Giving Away Software for Free

It is a common business strategy to bill expenses for provided products on related goods instead. Therefore the consumer does not have to pay directly for corresponding products and these companies still make profits. For instance, you do not have to pay for watching commercials, but the advertising company has to pay for producing and transmitting them. They are free for consumers and companies do not stop producing and paying them because they have another advantage than direct profits, e.g. popularity of their products.

In the information technology business proprietary software is still sold, but related costs are much more important for the mentioned TCO. Therefore a good company could easily give their software away as long as they make enough profits with related services and products. Their business is then based on the knowledge they gained producing the software and their popularity as the original creator. Nobody has a better knowledge about software than its creator, at least at the beginning. As software business changes very fast, this knowledge lead gives a company an enormous advantage in comparison to its competitors. Therefore open source software production might be even profitable using similar business models as proprietary software producers.

R. A. Ghosh goes even further and presents a new model for an Internet economy [Ghosh98].

However, the question is whether (open source) software development really is a business case. Considering it as ``a special case of academic research'' might be a more suitable approach [Bezroukov99] and gives another alternative to integrate open source software development in our society.

2.5.1.3 Making Money with Open Source Software

Nevertheless even software developers have to eat. Therefore I will give some examples of how present companies profit from the development of open source software:

Software Distributions

Distributors simply sell copies of open source software. This business is based on the idea that the regular user of open source software is willing to pay a small amount for comfortable access to the software.

Service

There are many different services in the software field as described in the section about TCO above. Examples are support, training or simply paid bug-fixing.

Hardware

As hardware devices cannot be used without the appropriate software, vendors usually spend a remarkable amount of financial resources on the production of driver software. It is the usual procedure to make this software available for free, but without source code. However, more and more companies also start to participate in open source projects to assure the compatibility and support for their products.

Information

Books, magazines and news services provide required information about open source software for a reasonable price, e.g. nicely printed manuals.

2.5.2 Software Engineering

Ian Sommerville describes software engineering as follows:

``The specification, development, management and evolution of [...] software systems make up the discipline of software engineering'' [Sommerville96, Preface]

There are several thousand open source projects (OSPs), they are more or less independent and nobody can force them to use a certain method to develop their software. Therefore, some projects use sophisticated strategies of software engineering while others just start working without any planning at all.

Although there is no general method of producing software in OSPs, their special open distribution policy raises several interesting questions.

Since it is no problem to write a long book on the software engineering aspect of open source, I will only face the prejudice that OSS lacks certain features in comparison to proprietary software.

2.5.2.1 Security²⁵

Many people claim that open source software is not secure. Normally, this opinion is based on the theory that the availability of source code makes software less secure in any case. I cannot follow this argumentation as nobody could provide me any reasonable proof for this theory. Additionally, there are some issues that should be considered discussing this question:

1. Software does not work more secure because of the fact that the producing team is the only party who knows how it works. The source code could only reveal already integrated weaknesses of the algorithm which should be fixed anyway.
2. Trusting the creating party without appropriate observation of the result requires a large amount of trust in each single person and party that has access to the (secret) source code. Only one black sheep would destroy the protection provided by secrecy. Besides, you might not even know that you have already lost your protection.
3. The already mentioned parallels to academic research raises another interesting question: What is about science? Does a scientist use formulas that are based on unavailable secret information that was not challenged by comprehensive peer review? E.g. for constructing a nuclear power station? I do not think so.

I want to finish this point with a quotation from Jim Livermore²⁶:

``It may seem a paradox, but one of the vital elements of security is the absence of secrecy. By this I mean that open access to algorithms, and to the source code that implement those algorithms, is essential if anyone is to rely on the Internet to be a safe forum for business'' [Livermore00]

2.5.2.2 Reliability

I could not find any reasonable relation between provision of the source code and bad reliability of the corresponding software, but I found a study of the University of Wisconsin about the ``Reliability of UNIX Utilities and Services'':

``[T]he reliability of the freely­distributed GNU and Linux software was surprisingly good, and noticeably better than the commercially produced software.'' [Miller00, Conclusion]

This examination does not mean that OSS is more reliable in general, but proves that at least sometimes OSS is more reliable than its commercial competitors.

2.5.2.3 Reusability

The evolutionary process that is made possible by the permissive licenses helps to shape reusable software components. Therefore it is more reasonable to consider the distribution of the source code and the granted right to modify the software as a stimulating factor for the reusability of software components.

2.5.2.4 Compatibility and Standards

Why should developers use provided standards? The members of OSPs tend to choose the most effective option they can find without much effort in advance. Standards are very handy for this strategy as they contain a lot of theoretical work and developers can concentrate on the actual task instead of spending most of their time thinking about theoretical frameworks and a fundament to provide consistency and compatibility to other parts of the related software system.

Well designed standards are shortcuts for open source developers and there is no reason for them to protect their developments by making it incompatible to other software as they do not want to sell their software anyway. Actually, they want as many people to use their developments as possible. Therefore standard compliance is a natural choice for OSPs.

The other question is: Who is willing to spend the required amount of resources to create standards for open source software (OSS)? First of all, many suitable standards are not made for OSS in particular, but can be used for it as well. Secondly, since many companies have come into being during the last decade which are based on OSS and many traditional software companies have joined the open source community more or less, there are a lot of financial resources available today for such undertakings.

Finally, I want to give some examples for concrete standard efforts. Most of them are somehow affiliated and not concurrent:

Free Standards Group

- FSG²⁷: ``[They] are a non-profit corporation organized to accelerate the use and acceptance of open source technologies through the application, development and promotion of standards.''

Linux Standard Base

- LSB²⁸: ``The goal of the Linux Standard Base is to develop and promote a set of standards that will increase compatibility among Linux distributions and enable software applications to run on any compliant Linux system. In addition, the LSB will help coordinate efforts to recruit software vendors to port and write products for Linux.''
The LSB is a member of the FSG. Current members of this project are Caldera Inc., Corel Corporation, Debian Project, delix Computer GmbH, Enhanced Software Technologies Inc., IBM, LinuxCare, Linux for PowerPC, Mandrake Soft, Metro Link Inc., Turbolinux Inc., Red Hat Software, Software in the Public Interest Inc., SuSE GmbH, VA Linux, WGS Inc., SGI.

Linux Internationalization Initiative

- LI18NUX²⁹: ``Li18nux is a voluntary working group, consisting of Linux and Open Source related contributors who are working on Globalization, a combination of Internationalization and Localization. The organization was formed in August 1999. The ultimate goal of the organization is to achieve software/application portability and interoperability in the International context for Linux and other open source projects. Its activities are focused on the internationalization of a core set of APIs³⁰ and components of Linux distributions to achieve a common Linux environment. This will allow an internationalized Linux application to be executed regardless of different flavor of distributions are used. The results of the working group will be open to everyone, and be proposed for adoption to the Free Standards Group''

X Desktop Group

- Freedesktop.org³¹: ``The X Desktop Group is a free software project to work on interoperability and shared technology among desktop environments for the X Window System. The most famous X desktops are GNOME and KDE.''

Filesystem Hierarchy Standard

- FHS³²: ``FHS defines a common arrangement of the many files and directories in Unix-like systems (the filesystem hierarchy) that many different developers and groups have agreed to use. [...]
The FHS specification is used by the implementors of Linux distributions and other Unix-like operating systems, application developers, and open-source writers. In addition, many system administrators and users have found it to be a useful resource.
FHS [...] is currently implemented by most major Linux distributions, including Debian, Red Hat, Caldera, SuSE, and more.''

Austin Common Standards Revision Group

- CSRG³³: ``The Austin Common Standards Revision Group (CSRG) is a joint technical working group established to consider the matter of a common revision of ISO/IEC 9945-1, ISO/IEC 9945-2, IEEE Std 1003.1, IEEE Std 1003.2 and the appropriate parts of the Single UNIX Specification.
The approach to specification development is 'write once, adopt everywhere', with the deliverables being a set of specifications that will carry both the IEEE POSIX designation and The Open Group's Technical Standard designation, and if adopted an ISO/IEC designation. The new set of specifications will form the core of the Single UNIX Specification Version 3, with delivery in [the second quarter] 2001''

Debian Policy Manual

- Policies of the Debian Distribution³⁴: ``This manual describes the policy requirements for the Debian GNU/Linux distribution. This includes the structure and contents of the Debian archive, several design issues of the operating system, as well as technical requirements that each package must satisfy to be included in the distribution.''

Linux Based Open Standards for Embedded Development

- EL/IX³⁵: ``The EL/IX pages are dedicated to the development and standardization of Linux for embedded devices.''

2.5.3 Power, Trust and Observation

Software is not only another new technology, but has a deep impact on our society.

The virtual space that computer systems are forming is often called cyberspace³⁶. Software is something special as it controls everything that is happening in cyberspace. This was true from the very beginning of software, but the virtual computer world used to be very limited. First, it was only mathematics and calculations then text entered the cyberspace and other things followed.

Today, this development reaches a new dimension with the Internet. So many things that used to take place in the real world are now 'moving' into cyberspace. People are trading, communicating, arguing, and electing via the Internet and this just seems to be the beginning.

Software contains the law of nature of cyberspace that is governing these activities. Therefore giving someone the power to control software in the real world gives him omnipotent power in the virtual world of cyberspace, e.g. it is easy to 'kill' the virtual appearance of a user by closing his connection to the rest of the world.

2.5.3.1 Observation

Since software controls a lot of valuable goods, it is essential that it works correctly. Therefore it is important to observe the used software as well as possible. When choosing proprietary software a user has to trust the producing software company that they do their best to provide him with a high quality product as he cannot really check it because the source code is secret and software is too complex to observe it only by empirical testing.

I will give some aspects about software people might want to check:

1. if the software does exactly what it should do
2. if the software only does what it should do and nothing else what the user does not like
3. if all appropriate precautions are included for the control of potentially dangerous processes
4. if data and resources are sufficiently protected against undesired actions of 'hostile' attackers

The source code of open source software is available per definition and anyone can control what he wants or pay someone else to observe the software for him.

2.5.3.2 Independence

Whether we like it or not, software is becoming more and more important in our life. This is true for the business world in particular. As long as there are many different compatible software systems we can choose from, this is not a threat to our independence, but compatibility of software systems has turned out to be a very difficult undertaking. Therefore even today, the replacement of installed software systems is difficult and in the future maybe impossible without consumption of enormous financial resources. So, choosing a proprietary software system is a far-reaching decision and means to lose a large part of your sovereignty as you further on depend on the producing software company and its future products. It should be a really trustworthy company as you may find yourself bankrupt otherwise because of technical difficulties.

Although many members of the open source community claim it, open source projects and companies do not naturally provide the better technology. However, you can leave your service provider at any time and keep using the same software as it is open source. Then, you can look for someone else to do a better job.

Iceland and other nations with too few inhabitants for a profitable software market have already experienced such problems when they were looking for native language support, though, they were willing to pay for the translation effort. Companies will not have it easier in the future to satisfy their needs.

Many countries and companies do not like to depend that much on private companies and therefore look for alternatives. Open source software might turn out to be the best choice.

  Contents

Footnotes

... phases²⁴

See section for more details about the use phases of software components.

...Security²⁵

security (noun): ``the state of being free from danger or threat'' [Oxford98, security]

... Livermore²⁶

Jim Livermore is the corporate president of Freemont Avenue Software, Inc. They sell firewalls (a security tool for the Internet) and related services. The software is distributed under the QPL. See http://www.opensourcefirewall.com for details.

... FSG²⁷

See http://www.freestandards.org/ for details about the Free Standards Groups.

... LSB²⁸

See http://www.linuxbase.org/ for details about the Linux Standard Base.

... LI18NUX²⁹

See http://www.li18nux.net/ for details about the Linux Internationalization Initiative.

... APIs³⁰

API stands for 'Application Programming Interface'

... Freedesktop.org³¹

See http://www.freedesktop.org/ for details about the X Desktop Group.

... FHS³²

See http://www.pathname.com/fhs/ for details about the Filesystem Hierarchy Standard.

... CSRG³³

See http://www.opengroup.org/austin/ for details about the Austin Common Standards Revision Group.

... Distribution³⁴

See http://www.debian.org/doc/debian-policy/ for details about the Debian Policy Manual.

... EL/IX³⁵

See http://sourceware.cygnus.com/elix/ for details about the EL/IX standard effort.

... cyberspace³⁶

cyberspace (noun): ``the notional environment in which communication over computer networks occurs.'' [Oxford98, cyberspace] I use this term in an extended meaning as I also include the virtual space on a local computer with or without any connection to other ones.