The Benefits of 'Vendor-Free' Open Source IT 111
mjasay writes "IDC has released a report looking into industry adoption of open software. In the study, analyst Matt Lawton stumbles across an intriguing trend: IT departments do most of the services around open source, rather than third-party consulting companies. While IDC believes this is a bad thing, the data in the report suggests otherwise. 70% of the enterprises surveyed did their own implementations, while roughly 90% supported their own open-source deployments. This might be a cause for alarm if the projects weren't so successful: 70% of the projects were deemed to be of "Critical" or "High Importance" compared to other IT projects and 90% plan to maintain or increase their investment in open source projects. Could it be that open source is liberating enterprises from an unhealthy dependence on vendors, and that early results suggest that this will be a Very Good Thing for the success of IT projects, many of which have failed historically."
Open Source != Free (Score:3, Interesting)
Now, this may not necessarily be a bad thing, but I don't see how this is markedly different from, say, paying Microsoft.
You're still paying for support and stability -- just that you have a little more flexibility and control over your software, which usually does not matter all that much in enterprise production applications. I mean, just often do you recompile your kernel or add a new feature on your platform handling millions of transactions a day for a critical client? I didn't think so.
I mean, yay for Open Source and all that, but so what? At least from a customer perspective, you may not be paying for licenses anymore, but you are still paying for support -- and that is usually where the bulk of the expenses lie.
Re:Open Source != Free (Score:4, Interesting)
That probably isn't as much of an issue for home users, but in a corporate environment the cost of lock in can be huge.
And that's the case whether the software is paid for or not, as long as you've got the code, you have the option to overcome the lock in most cases.
Which is why I generally use products like moneydance that can export as xml or products that use common standards like mp3 or even rtf. Looking forward to ODF though, that'll hopefully be much better than the rtfs have been.
Yup (Score:5, Interesting)
I develop software for electronic toll collection systems. In 1997, that stuff all ran on things like UnixWare 2.1 with VenturCom real-time extensions. It worked fine when it worked, but if you ever uncovered a bug that was difficult to solve, forget it. We once encountered a problem with the UnixWare 2.03 C library that caused a memory leak every time a file handle was written to. The fix? Upgrade to UW 2.1. Except, the realtime extensions package we had would only run on 2.03. What we needed was a patch to that version of the OS. SCO's answer? Well, that isn't our problem now is it? VenturCom's answer? Buy a new version of our extensions.
After experiences like that, I decided to switch our projects to Linux. In 1997, support for the near-realtime features I needed (memory locking, adjustable priorities, POSIX signals) was pretty poor under Linux, but it was worth working around it to get away from the corporate OSes.
The sad part is, my bosses initially refused to allow me to do that. The reason? There was no official means of support, we would have to maintain the software ourselves! To them, the concept of "support" was just a check box you ticked off somewhere, not something they actually ever had to use. And they had no idea that it was simply easier to go out and find a fix, or fix problems yourself, than to rely on some multilevel telephone hell that usually doesn't know anything in depth about the products it is supposed to help with.
Ironically, today, practically every embedded system in the toll and intelligent transportation industry runs on Linux; it has become the industry standard.
Open Source (Score:3, Interesting)
Most information about how to tweak these are found quickly by using Google, while many commercial packages are cumbersome and also sometimes requires configuration in many places/modules using a variety of user interfaces to be both safe and stable.
What often happens is that when a support issue actually occurs it can cost a lot of time to straighten out while trying to contact a vendor but it is likely already fixed in an open source package one way or another. What many analysts fails to see is that each support case can create a downtime that has an impact on both support personnel and a lot of people depending on the service.
"The time to fix" factor is seldom seen in an analysis like this.
There are of course also open source packages that doesn't work as well, but the author is often aware of that and has probably inserted a huge disclaimer stating the limitations. And how many times have you seen a limitation declaration in a commercial package? (Unless of course it's a liability limitation).
Re:Open Source != Free (Score:4, Interesting)
You're still paying for support and stability -- just that you have a little more flexibility and control over your software, which usually does not matter all that much in enterprise production applications. I mean, just often do you recompile your kernel or add a new feature on your platform handling millions of transactions a day for a critical client? I didn't think so.
But that's all a bit of a red herring. It's not so important that we can make code changes but that other people can. People who aren't all beholden to the same decision makers. This gives us some leeway with our environment and vendor choices. We currently deploy a lot of RHEL. But if RedHat fails us as a vendor, we can move to Canonical or even Novell with relatively minimal fuss. We've put off major vendor and architecture changes like this before because the shift from one proprietary architecture to another was so dramatic that we were willing to put up with substandard vendor support for years. If that particular example was based on an OSS architecture, the shift would have been far, far simpler (albiet still somewhat involved I'm sure).
To a lesser extent, licensing is still a plus. We have RHEL entitlements for our lab, but never enough to cover all the projects popping up. Most of the time we can simply stand up a CentOS instance and work with that until the point where one "needs" a full RHEL install. We really don't need the full support of RedHat for those projects. And it's nice to not worry about where the licensing is coming from.
Do we still pay for Open Source Software? Sure do.... a fair amount. Of course, at our level, licensing is supposed to be a minor issue. I'd believe that more if we didn't keep running in to issues about where other OS installs are getting licenses or how many CALs a project needs.
Re:Open Source (Score:3, Interesting)
It so happens that Windows Vista isn't fully compatible [freeallegiance.org] with the game -- .net SP3 borks the authentication system [photobucket.com]. Its dev promptly looked for the problem, and of course the problem was found in the third-party obfuscation tool. He submitted a ticket and the community is waiting for a fix.
It's been 40+ days since this issue has been found, targeted and reported, but Nothing Happens(TM). We're still waiting for the fix. The admins do not obviously want to release a non-obfuscated version of the .net authentication tool, nor they want to switch over another obfuscation company (and pay for another license). So people using Vista are currently forced to work around the problem by blocking updates and using .net uninstallers.
Even Microsoft Research has contacted us with details regarding the trouble, but again there is nothing we can do to address it.
Our community is having a 40+ days [partial] downtime, and there's nothing we can do, but wait and publish workarounds for a problem we didn't create.
Not the kind of stuff that makes you all warm and fuzzy on relying on third parties, huh?
Irony? (Score:3, Interesting)
Re:Open Source != Free (Score:4, Interesting)
The perspective that organic resources are inferior to external resources for solving problems can be resolved in HR by hiring capable people. You can start by hiring capable HR people or letting the prospective coworkers interview the applicants. If the attitude of the HR team is that any certified fool will do it should no surprise that certified fools are doing the work and the result will be as expected. If you can't solve this problem your competitors can and I'm not worried about how it works out for you.
You're not just paying for support and stability. If stability were a critical factor you wouldn't be looking at Microsoft solutions at all. Their history on this issue is bad. Integration is a factor too and here Microsoft has the edge because their integration from bottom to top is superb. It's easy to integrate when you have no standard to adhere to. Open source answers are great for servers where one server does one job and you can strip out every other part. Where standards are present there's no reason not to go with open solutions. TCP/IP won, didn't it? On the desktop open source doesn't gain the end-to-end integration advantage until you're dealing with high levels of customization or large numbers of apps that don't work well together. Virtualization and application servers can be very helpful here. If what you need is an end-to-end answer today with the resources you have, the Microsoft answer can be an appealing choice.
Two major problems with the Microsoft solutions are stability and flexibility. On flexibility, when you come to the point where the Microsoft solution just doesn't have the feature you want you'll find you're in a corner where the solution is beyond any answer. On stability they're improving but we're still a long way from "good". Another problem with flexibility is that if you move to a standards based approach you will find that the standards lag the practice and to compete you'll need people who can assess the merits of available technology despite lack of dominant standards. Such people are seldom cheap and often hard to find. It is my belief they are worth both the effort and the money.
If by some chance you find yourself in an organization where a movement to adopt open source or standards is successfully met with "We can't do that, we're a Microsoft shop" my best guidance is to flee to the competitor that is not so impaired, or if it's a government shop, to lay low and solve the problems you have with the best available technology and let the conflict settle itself out.
Re:Hmmm. (Score:2, Interesting)
Some of those enterprise or government contracts are pretty tightly written.
I just finished taking a course at HP and the instructor said that due to
the large installed base of OpenVMS in the US Armed Forces, HP bowed
to the existing requirement that VMS will NEVER be "sunset".
Re:Model at this point.... (Score:5, Interesting)
Another time I ran into a minor SQLAlchemy bug having to do with Postgres domains column types. I reported it along with some sample code to reproduce the error, and it was fixed in the next release a couple weeks later.
It's that kind of responsiveness that's the reason I'm a FOSS fanatic. I get so frustrated with closed off-the-shelf software! Yes, FOSS is sometimes a little rough around the edges or incomplete, but it's always improving and the authors have always been responsive to my problems -- even if it was a PEBKAC error. Can't say the same for closed source.
Re:Hmmm. (Score:4, Interesting)
But SCO is a different matter. They are about to go under. Once a company goes chap 9 or 11, they are under no legal obligations to uphold these, except ones like the feds. BG is only re-opening this case because Vista is an absolute disaster for them. Otherwise, SCO would now be gone.
Re: No other services required = 20 percent (Score:1, Interesting)
Actually, you're right, it makes a lot of difference, by cutting off attack paths for viruses and ad/spyware. Good point!
> things I miss and/or have not found good free/opensouce solutions for:
> antivirus (never liked AVG)
It wouldn't surprise me if the Open Source antivirus products are weak. It's a question of motivation -- most developers would choose to be improving good software, to make it more virus-proof, rather than creating band-aids for Microsoft's mess.
> book-keeping(small company, products,prices,inventory,payroll normal stuff)...
There is a growing number of small business accounting solutions for Linux:
See: Linux - Accounting Software [aaxnet.com]
The list includes some known names, such as Accpac [sageaccpac.com], and Appgen [appgen.com].
I've also heard good things about the Open Source project SQL-Ledger [sql-ledger.org]. Because it stores its data in an SQL database (such as PostgreSQL), you can create your own reports, using, for example, the OpenOffice Database tool. Or, because it's Open Source, you can get even more adventurous, and customize it for your business.
> software for doing labels and stickers (haven't really looked)
There is support in this area. See Printing Avery labels with Linux [linux.com].
IT support costs go down but auditing goes way up (Score:1, Interesting)
Linux (and some open Unix variants) are the only operating systems with source code availability. IBM z/OS, AIX, HP-UX, Sun Solaris, and Microsoft Windows are all closed, black-box binaries with no source code.
In almost all IT shops with open source operating systems, it is child's play to modify an OS routine and compile it to run innocuously on an IT-managed server. Who is looking for modified OS code on a random web server? This ability to rather freely hide nefarious code is what gives nightmares to IT auditors -- and to the outside auditors and regulators who must under Sarbanes-Oxley certify the IT processes behind financial reporting.
Unfortunately, the visible in-house IT savings in avoiding a support contract with, say, Red Hat, are outweighed in the long run by the costs of fraud and increased audits and controls. But you'll see few IT executives standing up to do something about the problems of open-source-enabled fraud.
Evidence (Score:3, Interesting)
all open source projects are by definition successful. Failure would be if they used closed source, and if they used microsoft it would be a disaster.
Sure, why not? If the free software was not a success it would quickly be replaced by your other options who's costs are known. Most of these companies have been there and done that.
You are witnessing the rise of free software. It has already taken over embedded systems, HPC and other "server" applications. The whole point was to provide a community sharing building blocks that would benefit everyone. User generated software serves users. The other stuff serves it's owners. The trend really is irreversible.
Re:Model at this point.... (Score:3, Interesting)
Some fixes truly are simple, even if the problem is horrible.