Slashdot Mirror

← Back to Stories (view on slashdot.org)

Opening Up for Open Source

Posted by ScuttleMonkey on from the if-we-build-it-they-will-come dept.

jondaw writes "Businesses want to save money and boost IT efficiency. Can open-source software do the trick? Cnet attempts to answer this open ended question and provides a number of good case studies and examples."

32 of 101 comments (clear)

  1. Of course it can't. by Anonymous Coward · · Score: 2, Funny

    Geez. Do they even need to ask? Noobs.

    1. Re:Of course it can't. by Billly+Gates · · Score: 2, Interesting

      Sadlt yes

      Most in IT today agree that Linux is great on a server in some circumstances but the Microsoft Salesmen come into the picture to our bosses with glossy brochures about TCO studies of costs being lower in Windows.

      They also count in retraining costs and the fact that an MCSE is cheaper than a unix admin.

      Many in IT are convinced that Windows is cheaper as well since its an integrated platform with VS and all the windows desktops.

      Its a tough sell these days and now the MS salesmen are trained to scare CIO's about liability and lawsuits and lvoe to cite SCO.

      --
      http://saveie6.com/
  2. Yes, but... by Anonymous Coward · · Score: 2, Insightful

    Only if it gets the issue of security right. The thing is, the whole claim that OSS has inherently better security has been exposed as hype for a long time now.

    Some OSS projects have excellent security, because the project leaders place sufficient emphasis on it, and the coders code with that emphasis in mind.

    Other OSS projects do not have good security, sometimes not even as good as Microsoft and co.

    Consider this: I have downloaded patches for more security flaws in Firefox than for IE in recent weeks. Moreover, the IE patches were offered to me via automatic updates within minutes of being available on Windows Update, while the Firefox patches did not show up as automatic updates for several days after they were available from the project web site in some cases. They even had a whole version missed out of the automatic updates, because somehow a release was made that contained serious bugs of its own, and had to be withdrawn.

    This is not intended to be a slam against Firefox; it's great software and the project seems to be run well, the vast majority of the time. Rather, this is intended to demonstrate that nothing's perfect.

    1. Re:Yes, but... by MightyMartian · · Score: 3, Insightful

      You are aware, I trust, that Microsoft frequently sits on vulnerabilities for some time before offering patches. Your metric for security appears to have nothing at all to do with security.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:Yes, but... by rbarreira · · Score: 4, Insightful

      Consider this: I have downloaded patches for more security flaws in Firefox than for IE in recent weeks.

      You say that as if you wanted to imply that Firefox has more security holes, but that's not a certain conclusion! Couldn't it be the case that Firefox just gets more attention from its developers?

      Signed,
      Captain Obvious

      --

      The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
    3. Re:Yes, but... by Michalson · · Score: 3, Informative

      You are aware, I trust, that the Mozilla foundation frequently sits on vulnerabilities for some time before offering patches.

      As an example, rather then just making an unsubstantiated allegation, the most recent patch, 1.0.5, fixed a critical vulnerability ("Code execution through shared function objects") that Mozilla had been sitting on for 2 months, and a high vulnerability ("Content-generated event vulnerabilities") that Mozilla had been sitting on for 3 months.

      There where also additional vulnerabilities ranging from High to Low patched in that update that had been known to Mozilla for 2 or more months.

      And this is only recent. Before FireFox 1.1, Mozilla was far less forth coming about vulnerabities, often patching them at their leisure and then silently introducing them into builds without any advisory to let people protect themselves; go look at the disclosure list - you'll find pages of dangerous vulnerabilities you where never told existed and for which you remained unprotected against unless you where downloading builds on a nightly basis (and reading the list wouldn't help you - Mozilla used to intentionally keep it 2 major versions behind).

      Mozilla built its reputation for security (a reputation that is dimishing as each new FireFox vulnerability is announced) by hiding its flaws and promoting fanboys (like the parent). Now that it has broken into the mainstream, it has to play like everyone else, without the special treatment and fanboy reality distortion fields to protect it.

    4. Re:Yes, but... by Master+of+Transhuman · · Score: 3, Insightful

      "Moreover, the IE patches were offered to me via automatic updates within minutes of being available on Windows Update"

      Uhm, that's WHY they call it "Windows Update".

      Moron. Microsoft takes longer to patch, their patches break more things, and the vulnerabilities they patch are more serious than OSS ones in most cases. Just because Firefox, and indeed, other OSS products such as Apache or Sendmail, have had a number of security issues doesn't justify tarring the entire OSS field for bad security in comparison to Microsoft.

      And comparing all of OSS to Windows in comparing security is just braindead. A more appropriate comparison would be either Linux/BSD vrs any version of Windows OS, or ALL Windows apps against ALL OS apps.

      As quality of OSS code has been demonstrated to be better than commercial code in several studies, it is likely that security would be at least equal, if not better. As security-concious coding practices are relatively new, both OSS and commercial code obviously need more work.

      And finally, nobody ever said OSS software is perfect.

      They said it was as good and cheaper than commercial software in many cases. And it is.

      --
      Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
    5. Re:Yes, but... by Master+of+Transhuman · · Score: 2, Informative

      Check http://eeye.com/html/research/upcoming/index.html site for a short list of overdue fixes.

      And that's just the vulnerabilities THEY reported.

      --
      Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
    6. Re:Yes, but... by Master+of+Transhuman · · Score: 2

      And here's a quote from another article on the subject back in 2004:

      http://www.techweb.com/wire/26803909

      "The vulnerability in question is one of two noted as "critical" by Microsoft on Tuesday, when it released February's monthly fixes. Hackers could exploit flaws in Windows's usage of Abstract Syntax Notation (ASN), a language for defining the syntax of data messages shared between applications and computers. If attackers successfully created exploits, they could clandestinely destroy data, steal information, or compromise network security.

      The bug has been characterized as one of the most serious ever due to its widespread use in many of the Windows operating system's security subsystems, including Kerberos and NTLM authentication, and in numerous server and desktop programs, such as Exchange and Internet Explorer.

      The ANS vulnerability was first identified on July 25, 2003, by eEye Digital Security, but not fixed until more than seven months later.

      And there's the rub.

      'Microsoft had 200 days to fix this,' Mark Maiffret said in a teleconference. Maiffret is the chief hacking officer and a co-founder of eEye Digital Security, and the discoverer of the ANS vulnerability. "That's a ridiculous amount of time.'

      To his credit, Maiffret kept quiet about the vulnerability while Microsoft worked on and tested a patch. Currently, there are no exploits circulating or pending.

      In its defense, Microsoft said that the company needed the time to assemble,but more importantly, test, the fix. "This investigation required us to evaluate several aspects and instances of this pervasive functionality in order for our engineers to create a comprehensive and high quality fix," a company spokesperson said. 'This was an instance in which due diligence required us to very carefully evaluate the broadest possible implications of the anomaly.'

      But that's no excuse, another analyst said Thursday.

      'I recognize that Microsoft has thrown an incredible amount of money and resources at security issues,' said Laura DiDio, a senior analyst for the Yankee Group who has been tracking security for over 17 years. 'The company is under siege, no question. They're the number one target, like a policeman in Baghdad.

      'Where I fault them -- even if you give them the benefit of the doubt -- is that you can't take seven months to patch a problem of this magnitude.'"

      Did you catch that last? LAURA DIDIO, Microsoft shill par excellence, can't even justify that!

      --
      Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
  3. Just what are they asking? by Anonymous Coward · · Score: 3, Funny


    > Can open-source software do the trick?

    For money, or for candy?

  4. Free software pays for better support by mpoli · · Score: 5, Interesting

    I am an IT consultant and I get a lot of clients who ask about the real cost of free software. Most business here are very cautious to choose switching for open source mostly because support for this solution is still somewhat more expensive than for the old paid solutions.

    In the few companies I consult that are currently switching or have switched in the past, the Total Cost of Ownership of their computer infrastructured has lowered significantly, even though the cost of the support staff is truly higher.

    But, anyway, support here is somewhat cheap, as I am in a developing country that pays a lot more for software than for the people running then in a number of times.

    1. Re:Free software pays for better support by Glonoinha · · Score: 5, Informative

      You have pretty much hit on the key metric that is most often overlooked - the cost of the people running it.

      Honestly most of the time the cost of the actual package (database engine, operating system, office suite) is inconsequential when compared to the cost of the IT staff required to support it. The minute you need to hire a new guy (or worse yet, a $160 / hour consultant or contractor) to support the environment - you can throw the cost of the package ($100 - $1,000 - even $25,000) right out the window because compared to $100k ~ $300k per year for an additional single person to keep it all running, the cost of the warez is inconsequential.

      In the long run you save the most money by standardizing on a single platform - not for cost savings at the software license level, but because a single IT staffer can support it and support even more of them (by himself) down the road. Same thing applies to hardware - shave $100 per machine by going with home-built hardware, a different configuration for every single machine, and the minute you need to add a $50k / year (fully burdened salary) to the payroll all of your savings are not only gone, but blown completely out of the water.

      The only way OSS is going to save a company money is if it lets fewer people do the same stuff, or lets the same number of people do more stuff - regardless of licensing costs. Most companies spend more money each year on executive perks and bonuses than software licensing, so you are pretty much on the money when you say focus on TCO.

      --
      Glonoinha the MebiByte Slayer
    2. Re:Free software pays for better support by mretallack · · Score: 2

      You have hit the nail on the head. In most medium to large companies, the cost of equipment and tools is nothing compared to the cost of wages. I remember seeing a graph of a generic company and at least 40% of the money through-put was wages. This means that if you can cut the complexity of using a tool, you can save more money then the cost of the high end tool. You only need to hire someone who is not a specialist. Not to sound like flame bait but this is the only difference between Linux and Windows when it comes to TCO. Reduce the level of experience required to support the IT infrastructure and you save a fortune. The only problem is that if a real problem occurs, no one knows how to fix it if there is no button on the GUI that says "fix problem".

    3. Re:Free software pays for better support by Daniel+Dvorkin · · Score: 4, Interesting

      You have pretty much hit on the key metric that is most often overlooked - the cost of the people running it.

      Are you kidding? This is never overlooked, because the anti-F/OSS crowd keeps harping on it. "Sure, you'll save $x,000 on software," they wail, "but what about the cost of wages? That will go way up, because open source is haaaard!"

      Which, of course, is bullshit. The fact is, F/OSS IT solutions cost no more to administer than comparable proprietary ones do, and often cost less, because Oracle DBA's and the like make businesses pay through the nose. I fought a long and mostly successful battle to move my employer away from proprietary to F/OSS for our IT needs, and I built the infrastructure mostly from scratch, myself. Wages for proprietary software: one employee. Wages for F/OSS: one employee, who was a hell of a lot happier working with his choice of tools than with whatever crap a "solutions vendor" wanted to foist on us.

      The upshot? We have a stable, working IT infrastructure, and because of the money we saved, the department was able to grow in recent years from one employee (me) to four, keeping pace with the company's growth from a four-person shop in a single office to a $30 million / year multinational. Granted, this may not be all that impressive by MegaConglomerCo standards, but we make a good product and a lot of people, including me, are pretty damn happy about how things worked out.

      --
      The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
  5. Yes by Ckwop · · Score: 5, Interesting

    Absolutely. Two cases in point:

    Case One: We were looking for a bug tracking solution and we had short-listed the contenders to a choice between Bugzilla, BugTracker and FogBugz. Although FogBugz was a superior product BugTracker won because we could modify it to suit our needs. We didn't like Bugzilla because of it's clumsy interface and the fact we'd need an extra machine to run it.

    We saved money on the licenses and we got something we could modify and maintain ourselves. Free software at it's best.

    Case Two: We were paying through the nose for anti-virus subscription and software. We all know that anti-virus software takes a lot of real estate. Most have *HORRIBLE* splash screens that no-one is interested in seeing and they tend to slow the machine considerably.

    Our solution to the problem to the anti-virus problem was the Windows version of ClamAV. It has a nice outlook plugin that protects from e-mail based virus and we set a schedule to scan the disk every night. There is no "resident shield" in ClamAV but to be honest they rarely do any good anyway.

    My former boss works at a much larger company (we're still good friends) and he's deployed the strategy across a company with around thirty machines and saved a fortune.

    So yes, companies can save money using Open source. The hard part is convincing them that a not-for-profit organisation can deliver quality products. I find ten minutes with Firefox usually does the trick.

    Simon

    1. Re:Yes by bburton · · Score: 4, Insightful

      Well, it's not always just about saving money. There's a lot of open source projects out there that are much less painful to work with.

      Not having to worry about CD keys, crazy EULAs, spy/adware, and vendor lock-in are big pluses of most FOSS.

      --
      Slashdot = ((Technology + Politics) / Trolls) % Grammar Nazis
  6. Do we really even have to ask? by yfkar · · Score: 3, Insightful

    If commercial closed software can do it, why couldn't open source software?

    1. Re:Do we really even have to ask? by CyricZ · · Score: 4, Interesting

      The main limiting factor is, like usual, time and resources. A product like Oracle, for instance, has had years upon years of time and millions upon millions of dollars poured into it. While the open source community can produce the mighty fine PostgreSQL, they just don't have the time nor resources to produce a product equivalent to Oracle.

      Like it or not, open source projects are constrained by the same factors of production that any other good is constrained by. They can't be avoided, be it an open source project or a commercial, closed-source project.

      --
      Cyric Zndovzny at your service.
    2. Re:Do we really even have to ask? by Master+of+Transhuman · · Score: 3, Insightful

      "A product like Oracle, for instance, has had years upon years of time and millions upon millions of dollars poured into it."

      While PostgreSQL hasn't had scores of millions of dollars poured into it, they also haven't had the "years upon years" - although they ARE one of the older OSS products around.

      Nonetheless, their achievements are impressive.

      Most of Oracle's "features" beyond PostgreSQL are stuff involving applications development, tuning, and other stuff that most smaller companies don't particularly need or which are so complicated to use that most DBA's probably don't even understand them. Oracle is one hellaciously complicated product.

      Oracle has more "feature-itis" than even Microsoft.

      A better comparison would be MySQL which is younger and doesn't have all the features a good database should have - but it's getting them over time.

      Given that most open source is less than ten years old, and open source project methods vary across the board from one-man projects to corporate-sponsored projects with hundreds of people, I think this form of comparison to closed-source software as to end results is a bit premature.

      Open source is division of labor at its best.
      As the open source methodology matures, I think we'll see no real limits on what it can achieve - short of putting a man on the moon in ten years.

      --
      Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
    3. Re:Do we really even have to ask? by Master+of+Transhuman · · Score: 2, Informative


      MySQL is still younger than PostgreSQL.

      And being funded better by providing a double license is why MySQL is improving quickly. The more OSS programmers that can afford to work on a project, the better the project is, usually.

      But PostgreSQL is older and had more time to develop, so it's still the more fully developed product.

      If PostgreSQL had the kind of money MySQL has, let alone Oracle, it probably would be better than Oracle by now. But it's pointless to discuss it, because that doesn't happen in OSS.

      It doesn't mean PostgreSQL isn't a perfectly good database for the people that can use it. There's no need to have every "feature" - including the most obscure ones - of Oracle to be a completely adequare replacement for Oracle for those users who don't need Oracle's extra features.

      All the trade journal articles have pointed out that up to now, you had to pay Oracle's price for Oracle's features - including the ones you'll never need. Now you can get MySQL and PostgreSQL and Firebird and others and get all the features you WANT for no or less money.

      This is one place where direct comparison between OSS and commercial software breaks down. Commercial software HAS to be all things to all people. OSS doesn't. It can fork, be customized, do anything it needs to be useful to varied groups of people without being a bloated POS like Oracle or Microsoft Office.

      The net effect, however, on commercial software is bad for them - people stop paying for stuff they don't need. Which means the commercial company can't charge the same anymore. Which means their profitability goes down. Which also means their customers save money. So in that sense OSS software reduces the TCO of even closed-source software!

      Look at how many times recently Microsoft had to reduce its license fees for various governments that were considering open source.

      Did Microsoft take that reduction into account when comparing their TCO against open source?

      I wonder if any of the TCO studies take that into account!

      --
      Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
  7. Re:Open Source and Money? Are you nuts? by DaHat · · Score: 4, Interesting

    Oh yes... because Novell and Red Hat are such great examples of making money hand over fist.

    Let us also not forget VA Software, one of the original poster children for making money through Linux

    --
    Help Brendan pay off his student loans
  8. Not always - of course by Elixon · · Score: 2, Insightful

    > Businesses want to save money and boost IT > efficiency. Can open-source software do the trick? It's clear that it can. But it is of course risky operation (as any other business decision) so the OSS solution must be selected with certain level of knowledge. OSS can boost efficiency but of course not always. So generalizing is not good way to ask this question. What I don't like is the SW business using OSS for faster start up. Simply pretend to be totally FREE - get fast response, fast growing community and then find ways how to generate profit from it. It is really dirty trick. Better to be honest from the very beginning and clearly declare the aims to prevent the community from being surprised.

    --
    Well, I've got to get back to work. When I stop rowing, the slave ship just goes in circles.
  9. For a counter-example by mparaz · · Score: 2, Interesting

    Remember Project David, the WINE ripoff featured last year? They're back.

  10. Case Study Available by Anonymous Coward · · Score: 2, Interesting

    Made in Japan - The Teriyaki Experience - in Oakville, Ontario, is running approximately 100 restaurants, from Newfoundland to British Columbia on a Point of Sale solution which is about 99% free software. They have an IT department which consists of one person. Using rsync, HQ has its central file systems updated from each location every 10 minutes. Nagios alerts HQ of the health of dozens of system critical threshhold variables in real time. The IT staffer can open a remote display on any location from his touchscreen notebook while sailing outside Toronto Harbor, monitor and control just about any aspect of system behavior via open VPN. There's nothing in the Windows world that can come close to this kind of retail automation or information automation cost savings. Free Software is, if you know where to look, providing cost savings that simply aren't possible with the Windows way of doing things, and providing superior solutions at the same time.

  11. Re:Open Source and Money? Are you nuts? by Seumas · · Score: 2, Insightful

    So let's see...

    Companies want free software and outsourced labor for $6/hr developers.

    So essentially the new American business plan is this:

    1) Get free stuff
    2) Get free labor
    3) ???
    4) PROFIT!!!

  12. Re:Free software pays for cheaper labour. by mpoli · · Score: 2, Interesting

    India?

    No, Brazil.

  13. Here's another couple of case studies by DSP_Geek · · Score: 5, Informative

    If you run a Windows shop and mess up on a few licences, even by accident, the BSA will come down on you like a ton of bricks.

    http://news.com.com/2008-1082_3-5065859.html

    As a matter of fact, they can screw up your operations by merely conducting an audit during your busiest season:

    http://news.zdnet.com/2100-3513_22-996210.html

    Even if you don't use the big-buck CRM packages mentioned in the article, if you're running a business the logical choice is to avoid the risk of extortion and/or business disruption by choosing open source and telling the BSA to stick it where the moon don't shine.

  14. ERP systems by theid0 · · Score: 2, Interesting

    From the article: "Such a shift toward open-source software for CRM and other business software applications, such as enterprise resource planning, is now beginning at corporations across the globe."

    I've got three questions about this, from my experience in a manufacturing environment.
    1) Where is this open source software that so easily replaces the commercial software?
    2) How can I convince a corporation that has been dealing with a vendor for a particular product for many years that it is worth the pain of switching, even if the end result is good?
    3) At what point is a piece of software "safe" and when is better to be more open? Take for example OpenMFG. They could be considered more "safe" than other solutions because they seem to have everything together in a well-supported way. However, their license is unacceptable for anyone who respects the open source ideology. The product isn't free as in beer and only partially free as in speech.

    There doesn't seem to be a whole lot of choice in ERP/MRP, from what I see. Unless the manufacturers start programming a lot of code themselves and don't mind giving up their work to competitors, there will always be restrictions on what open source solutions are available. I would love to see a completely free MRP that does everything needed without a lot of hassle, and still lets my company customize it to save ourselves time and money.

  15. Re:Why is this on slashdot? by cnerd2025 · · Score: 5, Informative

    Dude, /. was created by OSS proponents. There are no pretenses about the site. It glorifies the penguin and portrays Bill Gates as a borg. It is biased, but it's not pretending to be "fair and balanced" which is more than you can say for most other media.

  16. Re:Open Source and Money? Are you nuts? by Coryoth · · Score: 3, Informative

    So share price is the ultimate measure of profitability? Those charts and data tell you very little beyond the fact that around 2000 there were some suckers who were stupid enough to pay exorbitant prices for shares in... well lets' be honest, any tech company.

    What you might want to look at are Novell and Red Hat, and the statistics like "profit margin" and "gross profit". Are they raking in money hand over fist? No. Are they making a healthy profit, particularly for companies of their respective sizes? Certainly. Contrary to what you seem to want to imply, they are doing quite well.

    VA Software? Yeah, well they're pretty fucked right now.

    Jedidiah.

    --
    Craft Beer Programming T-shirts
  17. Open ended question? by stinky+wizzleteats · · Score: 2, Insightful

    Can open-source software do the trick? Cnet attempts to answer this open ended question

    Yes.

    ...

    (Not an open ended question)

  18. Re:Open Source and Money? Are you nuts? by g2devi · · Score: 2, Insightful

    Novell and Red Hat are bad businesses to own?

    Tell you what. I'll pay for any property or computer equipment they have and assume any debts. (I'll need an equity loan, but there would be no shortage of people ponying up the money.) If what you're implying is true, the owners of Novell and RedHat would gladly accept my offer to get out of their sink hole companies and move onto something that would make them more money. *snicker*

    If you want to make money hand over fist, you more than likely need a monopoly. Competitive markets tend to give more reasonable profits. Novell and RedHat have competitive profit margins for such markets. If I were purchasing a product, I'd likely purchase one from a competitive market rather than a monopoly. Vendor lock-in is not a pretty thing to have to deal with.

    As for VA Software, they failed because Linux got too popular (so it's being preinstalled by several vendors or consultants) and too easy to install (so sysadmins do it themselves). They didn't try to differentiate themselves from the cheaper alternatives, so they got burned. It has nothing to do with open source. It has everything to do with proper business planning.