Open Source - FAQ

OR Beware of Sophistry

This section provides some simple answers to common questions and misunderstandings regarding Open Source. They are presented in FAQ format for simplicity.

Q1. Open Source - is only for Linux or *nix's - I use Windows

Q2. Open Source - is just like Freeware - right?

Q3. Open Source - there is no support and no documentation.

Q4. Open Source - I'm in business I want professional support.

Q5. Open Source - can't be any good if it costs nothing.

Q6. Open Source - just used by a few cheap skates.

Q7. Open Source - means I can get sued by SCO.

Q8. Open Source - so how do they they pay for it.

Q9. Open Source - so I get hooked and everything stops - I'm stuck.

Q10. Open Source - its open to hackers and security compromises.

Q11. Open Source - what do you mean its licensed! (BSD vs GPL)

Answers

Q1. Open Source is only for Linux or Unix - I use Window

This is maybe the most common misunderstanding. While the majority of Open Source software is available for the Linux and *nix platforms there is now a growing volume of high quality software available for Windows - actually most of this software is 'cross-platform' it runs on both #nix and windows platforms. Notable examples are Open Office a full suite of Office productivity applications and the Mozilla Browser and Mail client. Have a look at this list of Closed vs Open software for windows some of the comments are a little out of date but - is this a choice or what?

Q2. Open Source is just like Freeware - right?

Not at all. The reason its called 'Open Source' quite simply is because the source code is available. You can modify anything you want. Not all Freeware is released with the source and in some cases Freeware is simply used to lead you into a purchase of the 'Professional' version.

Remember, however, depending on the Open Source license that covers the software you may be obligated to make any changes public (Open) if you supply it to others.

Q3. Open Source - there is no support and no documentation?

One of the surprising characteristics of the Open Source world is that support is 'generally' very good. You may have to do a little work to get the support but most Open Source applications have mailing lists, discussions forums and IRC channels to provide the support you need. The folks who provide this support are volunteers, read or search the mail-list archives before you post the 20th request for the same information - you may get a gentle reminder that this topic has been covered fairly frequently.

Documentation is generally surprisingly good and in some case just plain excellent. PHP, Python and OpenOffice are especially notable for the quality of their documentation - these are not exceptions.

Q4. Open Source - I'm in business I want professional support.

Many of the larger packages especially those with commercial appeal have attracted organisations which will provide a range of support, training and consultancy services - you will however pay for these services. Most of the applications or systems web sites will have a list of such organisations.

Q5. Open Source - can't be any good if it costs nothing.

This classic shibboleth is normally heard just after someone has paid the bill for their latest software upgrade and is frequently muttered through clenched teeth.

One of the most disturbing things for many of us is that Open source has irrevocably broken the cost = quality equation. THERE IS NO LONGER A RELATIONSHIP BETWEEN SOFTWARE COST AND QUALITY. NONE.

Unfortunately Open Source takes away the easy option - choices have to be evaluated on their functional merits. When users boast of web server run-times of 6 - 12 months without problems and everything is free - the OS, the web server software, the firewall, the web programming languages and the database - well you gotta evaluate, how else you gonna justify spending money when 30m (see below) others are not. Mmmmmm.

Q6. Open Source - just used by a few cheap skates.

Mmmmm... The most popular web server is called Apache and it is Open Source software. The August 2003 Netcraft Web Server survey shows over 60% of some 48m web sites running Apache. We make that 30m'ish. Not too shabby.

Maybe this statement should now read 'Closed Source - just used by a few guys who like to give away dollar bills'!

Seriously these numbers show that the Open Source model is used by many, many organisations large and small. We read years ago that the Queen of England's web site was hosted by Apache (that may or may not be a recommendation).

If you are impressed by big numbers here are some other examples e.g. PHP used by over 14m web sites, the mozilla 1.4 release alone was downloaded 500,000 times. Open Office has now been downloaded over 20m times. And it goes on. This is not a marginal phenomena, this is pervasive and growing rapidly.

Q7. Open Source - means I can get sued by SCO.

We are not lawyers and we are not going to try to give you legal advice. You will have to make up your own mind about the risks involved. We have provided a couple of links on the right to allow you to get some 'deep background' and not just swallow everything you read from either the pro or con side of the issue.

The SCO vs IBM suit does involve Linux.

It does not involve any other Open Source project.

This just leaves you with the choice of any the BSD family (FreeBSD, OpenBSD or NetBSD) or the couple of thousand Open Source applications that run on either Windows or any of the Open source OS's.

Q8. Open Source - so how do they they pay for it.

We are going to generalise wildly and divide the Open source community into two groups.

1. Amateurs - we use this term not disparagingly but in the original Olympic sense where standards are incredibly high there is simply no renumeration. Folks who enjoy creating high quality software and simply get a kick out of seeing others use it - software development is a very creative, potentially addictive process!

   Many of these projects use Open Source 'incubators' which provide all kinds of resources to help smaller projects get going. SourceForge is probably the best known.

2. Professionals - full time professionals programmers are paid by their companies to develop software that is made freely available in Open Source format. IBM, SUN, HP, APPLE and AOL are among many companies, large and small who do this. Altruism - no. It makes hard commercial sense for these companies.

Whatever the motivation, and many of the members of the 'professional' groups have strong and long histories in the Open Source world and would be involved even if they weren't being paid - there is a clear sense of purpose and enthusiasm that shines through. Perhaps one of the better facets of mankind for a change.

Q9. Open Source - so I get hooked and everything stops - I'm stuck.

We are not going remind you that this happens frequently in the commercial world. You do not get immunity just because you parted with a few dollars. The situation is very different in Open Source for two distinct reasons:

1. Projects stay active because their participants are enthused - they want to do it. If 1 other person or company uses the software that's OK - it may be slightly less rewarding - but its still OK. The imperative is not commercial. In contrast in the commercial world if you are the only person or company to buy a particular package for sure the package will disappear. Night follows day in the commercial world.

2. Now lets assume your commercial vendor and your Open Source supplier fold their tents and walk away. In the commercial (closed source) world that's it - game over - go find another package while you watch your business collapse. In the Open Source environment you have the source code - you can find someone to support it, develop it yourself or better yet start a new Open Source project and find other folks to share the load.

If your criteria is purely safety and continuity, at a time when companies as big as Enron collapse overnight, to select OTHER THAN OPEN SOURCE is taking a RISK.

Q10. Open Source - its open to hackers and security compromises.

We love this one since it flies in the face of both the last 100 years or so of security practices and plays to the 'conspiracy-theory of history' gallery as well.

Since we expect the sources of this great truth™ have your best interests at heart and are trying to save you from a fate worse than death it implies that the obverse must be true. If we invert the above statement it implies that Closed Source is not open to hackers and has no security problems. Mmmmm. Not a lot of empirical evidence to support that statement! In fact the empirical evidence would tend to suggest the very opposite. Perhaps the source does not have your best interests at heart. My goodness, perhaps there is another motive.

Maybe we had better look a little deeper - rarely do sound-bites contain the known secrets of the universe.

The statement contains two aspersions, first that Open Source is insecure because its Open, second because it's Open it is easy for individuals who wish to destroy civilisation as we know it to insert malicious code:

1. Security: Remember when we were schoolkids we invented all those wonderful secret codes for sending messages to our buddies - point about them all was that it was the algorithm that was the secret - find the algorithm and you can subvert every message. For the last 100 years or so security systems have assumed that the algorithm is know to the attacker and in fact are only proven to be secure when they are attacked by experts with full knowledge (Open Source) of the algorithm(s) involved. Read Diffie & Hellman's Privacy and Authentication, Proceedings of the IEEE, vol 67, No 3 (not available on-line) for excellent deep background.

   The Closed Source security argument is offered by those whose understanding of security got arrested (ouch!) in the gleeful school-kid phase of development.

2. Malicious Code: It is possible for a hacker to submit a malicious patch to Open Source software. It is also possible for a disgruntled employee of a Closed Source company to do the same thing. It is also possible for the Closed Source company as a deliberate policy to do something naughty. We don't have access to the source so we don't KNOW if it's true or not true.

   In the Open Source world the patch is submitted to the project , it undergos peer review and then a 'committer' (only a very small group on each project typically has 'commit' privileges and usually after an serious apprenticeship period with the project) adds the agreed patch to the source tree. One ASSUMES a similar process occurs in the Closed Source project but the process is not Open so we do not KNOW. It could be a new intern whacks a few lines of code into the product with no supervision.

   The Open Source software is tested by Beta Testers, on the projects site or by test suites and then released.

   Finally there are a number of third party organizations which regularly perform security audits on Open Source software.

   Could it happen in the Open Source world? Sure it could if a lot of folks were asleep at the wheel all at the same time.

   Could it happen in the Closed Source world? There is a lot of empirical evidence to suggest that it might have happened already - whether maliciousness or incompetence was the cause we will never KNOW.

If your criteria is security its your choice - an open, verifiable process or - Corporate Press releases protesting honesty, vigilance and integrity - but no peeking.

Q11. Open Source - what do you mean its licensed! (BSD vs GPL)

There are a lot of Open Source licenses. Discussion of Open-ness generates much heated and even vitriolic discussion on mailing lists. We are going to generalise horribly and suggest they fall into two broad categories. The BSD/Mozilla group and the GPL group.

GPL

In general the GNU Public License (GPL) says that you have the right to use and freely distribute the software but you must make available the source code of your changes when you distribute it. The GPL is here and the GNU project's description of their policy.

BSD/Mozilla

The BSD license (and to a lesser extent Mozilla and its variations) simply say that you must continue to acknowledge the original copyright in all your derived works but are free in all other senses to use, modify and distribute the software without any obligation to distribute or make available the source. The BSD license is here and here is one guy's view about why you should use it.

<health-warning> The above notes are not legal advice. Consult an attorney or lawyer before making decisions or selecting a license regime.</health-warning>

---

Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.