Open Source Software

Rick Buongiovanni

Introduction

The Open Source Movement Free Software Foundation

Richard Stallman

Open Source Initiative Bruce Perens Eric Raymond

Linus Torvalds also widely credited Internet has fueled Open Source communities

Buying Software vs. Open Source

Paying for the right to use binary code Do not “own” the code10011001 00100000 11101000 01100101 00011100 10010011 11101000 01100011 01110001 01000100 00001011 01110101 00111110 11111101 11111111 01111100 01011100 10000111 01001011 11101101 00010100 00011111 11101110 10000110 01010110 11011011 00010010 01000010 01000001 10111000 10000000 01001101 10110101 11001000 01010101 01011000 00100101 10100000 10001111 01010101 01111101 10100111 10101101 10001010 01011110 10001001 10101001 11100110 00100101 10100010 10110011 00100000 00001111 01100101 11111010 00010101 10100011 11111100 10001101 01111110 01000111 10110101 11001001 11001110 10111010 11001100 01111110 10001110 11111000 01100001 11100101 10000011 01111101 00100101 11101101 10101110 00111000 00110011 11111010 11111111 10100011 11011101 01110010 01011010 11001001 00001001 10110010 10001000 11010010 00111110 10100010 00011001 11100111 01011100 01010110 10000111 11000100 01011011 10110110 00110010 10110110 10010011 11100010 10101111 11111010 11011000 01001011 11010010 10001000 10100110 00011100 10001000 11100100 01101011 01110101 00110000 10101001 01011100 00011010 01011001 10100111 01100110 01100001 01000101 00101010 01100011 11000010 01001010 00011000 11110101 11101000 11011100 01010100 00000111 10011000 11001011 01110001 11000001 11001111 10111111 11001111 01100011 00101110 11011000 11010001 11001010 00110001 11011010 01010111 01010111 00100001 11011001 10010010 00011010 10111010 10011011 10000010 11000000 01111111 10010000 10001001 01000101 10000100 01100101 01111000 10100111 00011100 11000010 00011101 11111001 00101000 01001000 10011011 10101110 00111011 11100101 10000011 01100001 01010111 00011111 10000101 01110111 01100100 00000111 01010011 11111001 01110110 11101010 00101010

Buying Software vs. Open Source

Open source typically does not require purchase

Ability to access/modify source code Can be re-distributed

Licensing and Copyright

Licensing and Copyright

Two main Open Source licenses: BSD (Unix, OSI endorsed)

“Make as many copies as you want.” More permissive (comes from Berkeley…)

GNU GPL ("copyleft"/viral/reciprocal license) Gives every person who receives a copy permission to

reproduce, adapt or distribute the work as long as any resulting copies or adaptations are also bound by the same licensing scheme.

More restrictive

BSD code can't include GPL code GPL code can include BSD code

Licensing and Copyright

Many OSS projects involve multiple contributors/developersEach file or section of a single application can

be copyrighted by that section’s authorCan be difficult to gain consensus from all

copyright holders Some projects have hundreds or thousands of

contributors

Open Source vs. Proprietary

What are the tradeoffs?

The “Pros” of Proprietary Software

Typically includes some degree of support

Usually feature-rich User friendly Sometimes easier to

deploy “One Size Fits All”

Some organizations don’t have time to experiment with or staff to implement OSS

Others?

The “Cons” of Proprietary Software

Source code unavailable Desired features not

included, must wait Bug fixes depend on

company Cannot share/distribute

software One size fits all

Bloatware

Security audits more difficult to perform

Companies go out of business, products are discontinued/abandoned, etc.

Others?

The “Pros” of Open Source

Cost Wide selection of

applications Access to the

developer(s) Typically supported by

the “community” Reliable/Robust

Server Apps vs. Desktop

Peer review “Given enough eyeballs, all

bugs are shallow.” – Eric Raymond

Developer’s reputation on the line

Features can be added by others

Typically do not need to install all features

Others?

The “Cons” of Open Source

Cost/Revenue pressures on software companies

Some project communities go dormant

Some communities hostile toward end users “Ever hear of Google?”

Documentation (or lack thereof)

Easier to discover security flaws

More fun to add new features than fix old bugs High security issues

typically addressed More mundane bugs

overlooked Features usually derived

from commercially available software

Others?

Open Source and Major Software Vendors February 2008

Microsoft announces desire to work more closely with open source communities

Open up API and protocols for Windows Client and SQL Server

More open standards Won’t sue open source developers for “non-

commercial implementations of interoperable products”

Open Source and Major Software Vendors February 2008

Met with healthy dose of skepticism “They're not relinquishing patents, nor open-

sourcing code.” - Dominic Sartorio, president of the Open Solutions Alliance

"We've heard similar announcements before, almost always strategically timed for other effect. Red Hat regards this most recent announcement with a healthy dose of skepticism." – Michael Cunningham, Red Hat Software

To summarize the OSS community’s perspective…

To summarize…

Companies Using OSS

Google Amazon.com Financial Services Sector U.S. Government Pixar Animation Regal Entertainment Sony's

Internet/multimedia devices

Non-profits

All deploying OSS: Merrill Lynch Morgan Stanley Credit Suisse Goldman Sachs

Amazon.com saved $17 million in one quarter, due in part to their migration to Red Hat Linux.

Open Source in Government

2006 study by DHS/Stanford/Coverity Scanned for security bugs in 180 OSS

applications widely used in government All the software scrutinized was found to have

significant numbers of security flaws Uncovered an average of one security glitch per

1,000 lines of code Project helped fix 7,826 open source flaws

Open Source in Government

Also found 400 security issues in proprietary software "[Private companies] don't tend to disclose information about

bugs found in their products." Projects advancing to "Rung 2": Amanda, NTP,

OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL

236 flaws were uncovered in 450,000 lines of Samba code, of which 228 have been corrected.

Projects still on Rung 1 or Rung 0: Apache, the Linux kernel and Firefox

Case Example: Non-Profit

Developed a new Web site using Drupal Based on a solid & tested infrastructure Ability to plug in pre-written modules but completely

customize them

“You won't get that from any vendor's products.” “Cost was not a driving factor.” One year from concept to finished product – now

migrating all web services to Drupal

Case Example: Non-Profit

How was the decision made? Strong Drupal developer community It was seen as a viable alternative to purchasing a

product. Already had in-house expertise/well-trained

development staff “We have always been a ‘build your own’ shop” “Drupal brought a ton of pre-built but customizable

code so it was a huge step forward for us.”

Case Example: Non-Profit

Did you use Drupal “as is” or modify the source code? “Definite system modifications were necessary, but with consciousness

that any custom code would have to be re-worked with any upgrades to the core or modules.”

Is your organization active in the developer forums/community? Absolutely. We are planning to make an organizational investment in

packaging our custom modules for redistribution in the next year. Any surprises found along the way?

Development team found a few bugs “It’s marvelous to be able to fix those bugs yourself instead of waiting for

a vendor to decide that the issue is important enough for them to fix.” Currently on LAMP but moving to WIMP for easier compatibility with

other Windows infrastructure

Case Example: Non-Profit

Any words of advice? “Open source can be an extremely viable solution. I

think we will continue to expand our use of it.” “If you don't have in-house support, then you are

much better off working with a vendor who can support you.”

“It definitely requires a commitment of time and resources, which cost money, so open source is hardly free.”

Examples LAMP

Linux Apache MySQL PHP

Joomla Drupal WordPress Audacity

Questions?

Comments?

Horror stories?