Open source comes of age?

Say “open source software” to most people and they'll conjure up an image of an alpha geek hunched over a keyboard, doing complicated things with command line interfaces. 'All very well for the geeks,' they think, 'but not for ordinary mortals, and certainly too risky for my business.'

In fact, open source software (OSS) is already ubiquitous in all sorts of places. For one thing, it runs most of the world's Web servers, probably including yours. Apache has around 55% of the total world market share for Web servers, rising to 66% for the million busiest sites, compared to just 17% for its nearest rival, Microsoft. And it's held that leading position since 1996.

The word 'free' is a problem. People just think it's about not paying. It's not that kind of freedom.

Sven Lesicnik, MD, Linux System Dynamics

OSS is also increasingly in use in some of SA's largest enterprises.

“All our major banks except one are using open source software in mission-critical environments, and have been doing so for years,” says Muggie van Staden, MD of OSS specialist Obsidian Systems. “Other customers in sectors like retail, mining and insurance are already three to five years down the line. We're seeing very steady growth in the adoption of OSS.”

“More than ever, OSS is now ready for the enterprise,” confirms Sven Lesicnik, MD of Linux System Dynamics. “At FirstRand, for example, its group policy is now to deploy open source everywhere it can. It's already migrated over 10 000 desktops to Linux.”

Jaroslav Cerny, CEO of RDB Consulting, says he's seen a sea change in attitudes to OSS over the past two years. “We've crossed a watershed,” he says. “Where customers used to be cagey, they're now much more open to OSS solutions.”

One of Obsidian Systems' most high profile OSS implementations has been for Strate, SA's licensed Central Securities Depository for the electronic settlement of financial instruments. Strate's core purpose includes mitigating risk and bringing efficiencies to SA's financial markets; like the banks, it can by no stretch of the imagination be thought of as a risk-seeking organisation.

So, if profoundly risk-averse financial institutions are happily running mission-critical systems on OSS, what accounts for the widespread belief that open source means makeshift, unreliable, difficult and risky?

The answer lies in properly understanding what OSS actually is, and crucially, the difference between free or community open source and commercial open source.

Fundamentally, say both Van Staden and Lesicnik, OSS describes a software development methodology, a way of doing things rather than any final product.

James Dixon, CTO of open source business intelligence company Pentaho, writes in his influential online book, The Beekeeper, that the core principles of open source development are openness, transparency and “early and often”.

Transparency is about making design documents and source code freely available to a self-selected community of developers and users. Openness takes it further by inviting that community to contribute to further development in a variety of different ways, from reporting bugs to writing their own code.

“Release early, release often” is about making information available in its earliest drafts, and updating it often. The idea is that rather than waiting until you have something polished and ready to use, opening your rough and imperfect early efforts to a community means it will evolve and improve much faster.

Crucially, writes Dixon: “The tendency of the open source model to resolve design defects early in the software development cycle only occurs if all three principles are applied.”

It's all or nothing, in other words, but if you do develop software according to these three principles, the results are likely to be outstanding.

“The way open source is developed is fundamentally better” than a closed, proprietary development model, says Van Staden. “Proprietary vendors are driven by what features they think they can sell. OSS development is driven by people who see needs and meet them. Linux, for example, runs on just about any processor in the world. That only happens when you have a community - somebody, somewhere once saw the need to build Linux for a wristwatch and now that is available to everyone.”

“The Linux kernel is a good example of how it works,” confirms Lesicnik. “Say somebody in the development community gets hold of a new or rare network card that isn't supported; they can access the code for other drivers, change what needs to be changed, and submit it back to the person who is responsible for the network drivers. If it meets the standards, it gets merged into the kernel so it's available for the next release.”

Proprietary software vendors, by contrast, “can get very careless about their R&D,” adds Cerny. “With OSS, instead of a small team working on the product, you have thousands of people all over the world developing and discussing it, all of them real experts who are happy to share their knowledge.”

The advantages of open source development are so compelling, says Lesicnik, many proprietary software companies are starting to explore it.

“They are starting to understand that they can't keep up with the community; they just don't have the resources,” he says. “Without more people thinking about their problems and making their software better, they can't compete. If you open up some of your code and attract a community of developers, you can benefit from the efforts of many thousands of people. Development happens faster, and problems are fixed more quickly.”

So, open source development produces great code. But when companies buy software, they're not just looking for code. They're also looking for user support, predictability and assurance that whatever they install won't break anything else. And this is where relying on freely available community open source software - “some piece of code you get off the Internet,” as Lesicnik puts it - often isn't good enough.

There are six primary barriers to wider adoption of open source software, writes Dixon: lack of formal support and services, the speed of change, the lack of a roadmap, uncertainty over licence types, lack of endorsements by independent software vendors and feature gaps.

“These barriers are real, rational, and with the exception of feature gaps, they are all risk-related,” he writes.

So we're back to risk, which is precisely the problem that commercial open source software is designed to address.

“We're not great proponents of free community open source,” says Van Staden bluntly. “It's not right for the enterprise. It builds fantastic software, the best in the world, but it doesn't address enterprise needs for support, certification and so on.”

We've seen a real sea change in acceptance of open source over the past two years. It's no longer an unknown quantity.

Jaroslav Cerny, CEO, RDB Consulting

By contrast, he says, commercial open source vendors like Red Hat, SUSE, Pentaho and South Africa's own KnowledgeTree “give customers the warm and fuzzy feeling that there are lots of other IT vendors out there agreeing to support the product. Enterprise clients need to know that their software is SAP- or Oracle-certified, for example, and that's what commercial open source can deliver.”

You can choose to go direct to the community, says Van Staden, “but then you have to do all your support, provide your own roadmap, maintain the software and so on. But that makes you a software vendor in your own right, and most people don't want to be software vendors; they just want to be software users.”

It's worth noting here that the “open source is a methodology” line is by no means universally accepted. Advocates like Richard Stallman argue that reducing the notion of “free as in freedom” software to “open source” misses the point.

The ideological battles have raged for years and will no doubt continue to do so for years more, but they're of marginal relevance to people who just want reliable, cost-effective software to use. And in theory, that's exactly what commercial open source vendors provide: all the benefits of open source development, combined with the advantages of commercial support.

Is commercial open source a sustainable business model? Those who've invested in it certainly believe so. In fact, argues Lesicnik, open source vendors are even less risky for customers than their proprietary counterparts.

“Business owners often feel safer with proprietary software vendors, but actually it works the other way around,” says Lesicnik. “In a recession like the one we're seeing, all sorts of companies go under. If you've made a big investment in proprietary software and the company goes under, you're stuck in a dead end. That's one of the reasons code needs to be open - you might not be able to continue development yourself, but at least you can hand it over to someone else.”

Lesicnik cites the example of an unnamed large organisation Linux System Dynamics has worked for, which commissioned an expensive and important piece of software they didn't get the source code for.

“The company that developed it no longer exists, the application is pretty much useless to them, they can't change it and yet they're stuck with it.”

So where is OSS working best? Typically, but by no means exclusively, it's in places your average office suite user rarely sees: Web servers, monitoring systems, databases and specialist applications of all kinds, from customer relationship management and business intelligence through to financial fulfilment systems.

Where it's been less successful is on the ordinary user's desktop.

“When you use OSS on the back end, ordinary users don't necessarily realise anything has changed - it's an easy win,” says Lesicnik. “But anytime you change the end-user experience, it gets hard.”

“When it comes to OSS on the desktop, we've sold no more than a handful,” adds Van Staden. “You need a lot of in-depth technical ability to run a Linux desktop successfully. For the average user, it works fine for a while, but the moment they try to do something like play an MP3 that uses a proprietary codex, it all falls apart. If you're going to deploy Linux on the desktop it needs to be in a very tightly controlled environment. FNB, for example, has deployed it on the desktop only in very specific areas, and it's fantastic in that kind of environment.”

A lot depends on what's running in the rest of your organisation. Both Van Staden and Lesicnik stress the importance of open standards.

“A proprietary back end ties you down,” says Van Staden. “Whenever people buy technology, they should make sure what they're buying supports open standards and runs across multiple operating systems. If it doesn't do that, it's bad software.

“That's the problem of vendor lock-in,” says Lesicnik. “You buy software from one vendor that doesn't co-operate with anything else, and you end up being forced down a particular path. The bigger your initial investment, the more easily you can be held to ransom.”

“We're not against proprietary software as such,” concludes Van Staden. “But you should never let one piece of technology dictate what happens in the rest of your environment. Oracle is proprietary, for example, but it's cross-platform and supports open standards. Nobody should settle for anything less.”