Understanding what it is to be open source.
Yesterday afternoon I was speaking with a local administrator of one of the companies that I work for and in the past we had discussed topics such as GNU/Linux among other technical things but certain “concerns” always seem to come back up, not only with him but also other Microsoft using technical individuals that assume open source is bad, against Microsoft and anything good, and/or insecure (”a result of the source being available to everyone”). Where have these false ideas sprouted from? Was it Microsoft’s initial and blatant attack on open source with their misinforming “Get the Facts” campaign? These are intelligent individuals that I speak of and this post is not intended to attack them in any way but instead help as an educational guide of what it means to be open source. Also, the posting is not meant to convert individuals to using open source application. That rests solely on that individual’s comfort with the environment(s) that they are accustomed to.
First and foremost, I think it is best to understand that open source does not mean anti-Microsoft. It also does not mean Linux. Although the latter is licensed under an open source license (GPLv2). If you pay careful attention there are numerous open source projects such as Mozilla Firefox, MySQL, Apache Server, GIMP, etc. that are available on a wide range of operating platforms including Microsoft Windows. In fact Microsoft hosts a site for open source projects called CodePlex. I have not read too much about it but I also believe that the developer(s) have the right to adopt Microsoft’s open source licenses. Microsoft understands the advantages of open source, even if it still results in them not adopting it as their main business model. Just recently Microsoft had donated $100K to the open source Apache project, admitting it to be superior than their IIS server.
Second, open source does not mean free. Free software is another category and depending on the licenses used can determine how free an open source application is. When it comes to free software there is a saying: “Free as in speech, not as in free beer.” I would delve more deeply into this topic but it is one meant for another posting.
Going back to open source, open source development can be introduced into an environment with design or strategic goals in mind. What I mean by this is that open source can involve a community which can grow and aid in the development of that project. With this same community, the project’s development can also accelerate at a rapid rate. Now there are different approaches to open source development and instead of taking all the words out of his mouth, I will refer you to Eric S. Raymond’s The Cathedral and the Bazaar. Raymond details the advantages and disadvantages to two different styles of open source development, i.e. the Cathedral method and the Bazaar method. To highlight some of his comments on the Bazaar method which is the most traditional and widely used method, Eric states:
Or, less formally, “Given enough eyeballs, all bugs are shallow.” I dub this: “Linus’s Law”. {…}
It’s one thing to observe in the large that the bazaar style greatly accelerates debugging and code evolution. It’s another to understand exactly how and why it does so at the micro-level of day-to-day developer and tester behavior. {…}
One key to understanding is to realize exactly why it is that the kind of bug report non–source-aware users normally turn in tends not to be very useful. Non–source-aware users tend to report only surface symptoms; they take their environment for granted, so they (a) omit critical background data, and (b) seldom include a reliable recipe for reproducing the bug.
The underlying problem here is a mismatch between the tester’s and the developer’s mental models of the program; the tester, on the outside looking in, and the developer on the inside looking out. In closed-source development they’re both stuck in these roles, and tend to talk past each other and find each other deeply frustrating. {…}
What does some of this mean: “given enough eyeballs, all bugs are shallow“? What better strategy than to have not only testers and end-users reporting the bugs but also developers who traverse through the code and understand where a problem may surface even as far as the core of the application itself. This is feedback that is returned from a global basis as opposed to an isolated and closed environment. As Eric had mentioned in his paper, in closed environments most bugs are reported from what is visually seen and not physically coded. Therefore, it is not a fair comparison when stating that an open source version of an application had xxxxxx amount of bugs at release or currently while a closed version had xxx. Most likely xxxxx amount is being overlooked and never known until something in the near future forces it to be seen. This will in turn increase cost and time. Instead of tackling the problem earlier on, resources must be pulled from other location to put out the current fire.
Does this saying mean that because so many eyes view the code that so many individuals can then write malware and or attack the systems that these applications run on? Not even close! All project owners/facilitators control what gets officially placed into the stable builds of a project. So when the project is tested and compiled and/or built into binary form the appropriate facilitators manage what features and functionality get built right in. In the end, chances are that if an individual(s) with negative intentions spots a bug, another good percentage of individuals with the same access to the source code would have spotted at around the same time or possibly sooner. The more popular projects also have frequent release cycles or updates. Through the open source model, a lot of times when a bug is exposed it is almost immediately resolved.
Also, where is the logic that because open source is available to the public, it is insecure? Look at the closed source Microsoft Windows operating system. It is plagued with attacks and nobody except for Microsoft has the source. We see how secure it is. The evidence speaks for itself. It is a result of open source methodology that projects like the Linux kernel can develop new features, have them tested and released as stable long before NT kernel developers finish their planning process.
A third attack toward open source is quality. Most attacks seem to focus on a lack of quality when the case is just the opposite. I guess this would also depend on the reader’s definition of quality. Is this quality measured by stability, usability and/or graphical appeal? While it is true that early on in a good number of open source projects more focus and emphasis had been placed on stability (which includes security) rather than usability or graphical appeal but as of the past 5-8 years or so I find that the other categories have caught up significantly. But I guess I will let you be the judge. Use Open Office instead of Microsoft Office. Use GIMP instead of Photoshop. Mozilla Firefox instead of Internet Explorer. Or run under an entirely different operating environment such as a GNU/Linux or BSD-based distribution instead of Microsoft Windows. Give it a trial run and then return with your feedback on quality. A great portion of these distributions have gotten great in terms of usability and graphical appeal. In fact, some of these projects have gotten far advanced from their closed competitors. This could be a result of involvement from quality filled contributors with rich development and test backgrounds.
A fourth concern is support. The general assumption is that by utilizing open source applications you will either be offered poor to no support for those applications. Again, the fact is the exact opposite. Sun Microsystems offers support subscriptions for MySQL, Red Hat, Novell and Canonical offer support subscriptions for their operating platforms and the supported applications that they offer with them (which range in the thousands). If you do not wish to spend money, then free support is available around every corner from general forums to even the project’s forum (if one exists).
Additional advantages to open source include early exposure to proper coding etiquette. This is extremely important to a developer such as myself. This is something that is rarely taught and maintained in closed environments. During my history of employment and consultation development I have had the opportunity to see what closed and sloppy coding can do. This in fact results in buggier builds which can take a long time to troubleshoot and resolve. Most resolutions in these environments result in hacking quick fixes on top of other quick fixes which in turn produce additional problems and bugs. I can honestly say that I am grateful for the open source community in more ways than one on this issue.
So, if open source was so evil, then why are large and small companies which include IBM, Sun Microsystems and Novell pooring millions of dollars into it a year? Companies such as Red Hat, Canonical, and Mozilla would have never built their business model around it. If open source was so terrible, would Microsoft donate money to the Apache project? If open source was so bad, would the usage of web browsers such as Mozilla Firefox gain such popularity and over time be a contributor to the decline in usage of Microsoft’s Internet Explorer? According to recent Network Application number IE usage has dropped to 67.44% while Firefox has climbed to 21.77% (as of February 2009). Can 21.77% users be wrong in utilizing open source applications?
Believe it or not but open source is a culture and not a virus. It attempts to offer everything good that is possible and runs entire industries to even countries. Its communities have grown and they will not disappear. At least anytime soon.
BTW, in response to a comment made by an Aronzak from a previous post, I made sure to answer most if not all of my questions in my post. 
