Sunday, March 29, 2009

Introducing pointy-haired bosses to FOSS

Mike Dailey tries to convince us gave me the impression that moving to Linux is an all-or-nothing proposal. That's plain ridiculous. An undertaking of that scale is a gigantic project, which no CIO will endorse. What you can do is introduce FOSS technology in the enterprise, step by step. Once it has proven itself you may take the next step. Since mixing Microsoft and FOSS is a viable scenario you have a multitude of options at your disposal.

Warranty and support
The plain truth is that although most managers may have heard of Open Source, they don't have a clue what it is or how it works. Most of them think it is something like public domain software, stuff you can get for free, without warranty and without support. So the first thing you have to do is to tell them you can get support from reputable parties like Oracle, IBM, Novell and RedHat. If you're not happy with their support, you can change with more ease than you could with closed source software.

Some CIOs are completely unaware that these parties provide updates. They think you have to monitor a multitude of websites or CVSes, search for the newest versions, download a tarball and recompile it. I always tell them jokingly: "Well, I don't know what I've been getting all these months, but it seemed like patches".

Note that very few CIOs know that Microsofts warranty is rather limited. In fact, it is limited to the smallest extent that law will allow.

Code quality
Most CIOs think that Open Source is produced by amateurs, hacking away in their attics and garages, so they have concerns about the code quality. Of course, you can tell them that reputable companies produce a vast amount of FOSS as well, but that doesn't make them any happier. May be this will help. Okay Mike, I got the message: anybody can come up with some stray links. So especially for your reading pleasure I have delved a little deeper into this subject.

According to Carnegie Mellon University's CyLab Sustainable Computing Consortium closed source software contains 20 to 30 defects per thousand lines of code (KLOC). According to Steve McConnell, the best a software company could achieve is 0.1 defect/KLOC. That is, if you apply the highest standards known to man to the software engineering process, which is equivalent to CMMI level 5. And how many companies have achieved this walhalla of software engineering? 21. Yes, you're reading it correctly: 21. Over 99% of the software companies in the world are still in what SEI calls "the anarchy and folklore" stage.

But let's focus on this 0.1 defect/KLOC figure. It is very hard to find how well Microsoft is doing. I've spent hours trying to find any figures and I finally found them: it's between 0.5 and 1.8 defects/KLOC, depending on the methods used.

During a training at SEI, Microsoft engineers managed to get their defects rate down from (hold on to your hats) 25 defects/KLOC to 7 defects/KLOC. At the end of the training, they brought their defects rate down to an incredible 0.06 defects/KLOC. But that was during a training. Not a death march.

But for arguments sake, let's hold on to this incredibly low 0.06 defects/KLOC figure, which even baffles the most sophisticated software companies in the world and turn to FOSS. Coverity, a company specialized in software integrity products, has been evaluating FOSS projects for several years. Here you can see their figures. All Rung 2 projects surpass this 0.06 defects/KLOC standard easily and about 40% of the Rung 1 projects match or surpass the 0.06 defects/KLOC mark. The highest defect rate still matches a CMMI level 3, a standard which 99% of the closed source software companies have not been able to achieve.

So yes, I'm fairly confident about the quality of FOSS software.

Vendor lock-in
Closed source companies have a commercial interest in limiting your choices. They will only allow interoperability if it doesn't affect their sales. Consequently, applying their solutions often results in silos, repositories that function very well in their own right, but don't communicate very well with the outside world.

Mike Dailey can't know this, because it is not his line of expertise, but the information architecture of most companies is abysmal. Too much information is locked up in documents and spreadsheets, information that would better be served by being stored in repositories. The truth is that it requires expertise and a vision that most CIOs simply do not have. It requires an Enterprise Architecture, something I have rarely found in the companies I worked for.

Since the dependence of office suites is so great, replacing them is no walk in the park. Entire applications are built on top of office suites, applications that enterprises are depending on. This gives you very little leverage when negotiating your next deal with Microsoft. You're stuck. And the more software you buy to relieve your problems, the harder it gets to turn around and get away.

Another disadvantage may not be so evident, but I've seen it happen. Some of these applications depend on a certain version of Microsoft Office. They were written by some employee at some moment in time and badly documented, so modifying it is not a viable option. However, if you want to have the next version of Sharepoint you need the newest version of that very same office suite. It's a nightmare: you cannot upgrade and you cannot downgrade. What are you going to do?

Even in a scenario like this FOSS offers a solution. You can always compile an application for your current platform and run it along with your new version. Sure, you may not have any support for it, but your business will continue. The same applies if a FOSS company goes belly-up. With closed source software you need complex escrow procedures to accomplish the same feat.

Finally, FOSS is open by definition. If you want to achieve interoperability, you can do just that, since there is nothing going to stop you. Most closed source software prohibits you to even read the repository. No more silos!

Scalability
When you choose Windows, you have the choice of Intel, AMD and.. that's it! When you choose Linux you have a clear upgrade and downgrade path, from the tiniest netbook and cellphone up to the mightiest mainframe and supercomputer. Just name any platform, Linux runs on it.

Did your boss know that 85% of the worlds supercomputers run on Linux? Did he know that she runs on Linux? Did he know his TomTom (still) runs on Linux? Did he know even his Android cellphone is in fact running Linux?

Licensing
Steve Ballmer has done a good job. Microsoft has always been good when it comes to marketing and spreading FUD. Most managers are afraid to use FOSS, because they fear their custom applications will automatically have to be released under an Open Source license. Of course, this is not true, but you may have to deal with this issue.

It hasn't been done
Most CIOs are unaware that they already use FOSS. The IBM HTTP server for instance is a direct descendant of Apache. There are various successful projects in Europe you can refer to. Recently, French police switched from Windows to Linux. Several German cities have switched from Windows to Linux.

It's just as expensive
Even if that were true, there are various advantages to FOSS which make a perfect business case. Like better interoperability, scalability, no vendor lock-in, which will make FOSS an attractive option. And next time your local Microsoft representative comes along, your position in the negotiations has significantly improved.

Most companies pay too much for their closed source applications, because their Configuration Management is not up to par and collecting data on actual installations is expensive and cumbersome. FOSS licensing is usually much more transparent. And you don't have to be afraid of the BSA anymore.

FOSS in a Windows world
Don't try to transform your Microsoft shop all at once. You won't succeed. A new project utilizing PHP (which is also supported by Microsoft) may be a good start. Some SQL-Server sites can easily be replaced with MySQL. Replacing IIS with Apache and Windows with Linux becomes much easier after that.

Another scenario is replacing Microsoft Office with StarOffice or OpenOffice, without resorting to a completely FOSS workstation. Visio and MS-Project are notoriously expensive applications, but Dia and OpenProj will do just as well. You can easily exchange data by using SVG or XML formats. Again, when most closed source applications have been replaced with FOSS equivalents, moving to a full fledged FOSS platform becomes much easier.

There may remain pockets of closed source and frankly, I don't think you will be able to remove those very easily. The point is, do you really need to. SAP for instance, is an application that runs very well in a FOSS environment, and so does Oracle. The point is you have given the enterprise more choices and tipped the balance in favor of FOSS.

So what do you think, Mike, is the Linux debate really dead? I don't think so. Thank you for proving this.

Update: The rumours of the death of the debate have been greatly exaggerated: a new article has been published by John Buswell, giving an entirely new view on the subject.

Update: Mike Dailey has truly given a worthy closing to this debate. Although I cannot undo my previous post, I cannot honestly maintain that Mike Dailey fits this profile.

Saturday, March 28, 2009

Beware of so-called Linux proponents

Every now and then you stumble across a blog that is run by a so-called Linux enthusiast. Some of them claim to have been using both Linux and Windows for years, so they have balanced and objective view on the advantages and disadvantages of both systems. But when you start to look a little closer, you will see that they spread the SOFUD. Some have a real gift for writing and are so credible that you see no need to investigate their claims.

Mike Dailey, a Cisco engineer, is one of these bloggers. Although he has been blogging for only three months, you will find some very interesting articles here, like "Why Enterprise Adoption of Linux Is Slow", "Why You Shouldn’t Use Linux" and "The Need for Linux, Microsoft and Open Source".

His love for Linux is well known. He tells us over and over again he is a real Linux proponent and wishes Linux and FOSS all the best in the future, which he has well drawn out.
We need Microsoft leading the way because of their market share in so many software technologies, but we need them to stop trying to take over the world and begin to show technical leadership of the industry. Microsoft could easily take Linux and Open Source under their wing, to help this alternative mature and to help guide them down an avenue that is best for everyone.

After j00p34 published his "10+1 things to tell your boss why you should migrate to Linux" he could help himself and had to give poor j00p34 some advise.
Here the author supports the well-known “Linux is more secure” argument. There is no real basis for the opinionated argument as stated by the author, with no quantifiable facts or data to support the notion that Linux is superior in terms of security.

I was eager to find any links in his blog substantiating this, but unfortunately I found none. He continues with:
Any Linux distro, given to an inept admin with lacking security skills, will be far less secure than an out-of-the-box Windows server platform.

Again, I expected him to come up with any significant figures. Nothing. Now have read quite some German magazines and I happen to remember several articles on the subject when Vista came out. Verdict: OS/X was best out of the box, Linux came next and both Vista and XP were last.

His argument "the user is to blame" is a well known piece of SOFUD. It goes like this: even if your house is a fortress, it won't do you any good if you leave the door open. So since people tend to leave the door open, it won't matter whether you use paper or steel doors. Thus, paper doors are sufficient.

Another piece of SOFUD is that there are no figures on this subject. Wrong again. You just have to know where to look. This report from IBM shows that Apache is far more secure than IIS. This report from Google confirms it. It seems to be a common characteristic of FOSS, since this shows that Firefox users are less at risk than IE users. You say this isn't about Linux, Mike? What about this one. Couldn't you come up with something, Mike, or are you just too lazy to research your story properly? Sorry, Mike, please continue..
If you present the “stability” argument to management you must be prepared to present uptime reports and outage root-cause analysis data to back up your argument. If you are experiencing severe outages in Windows servers in the data center your cause likely resides with the skills of your administrative staff, not your server operating system.

Mikey, Mikey, Mikey.. Don't keep on using the same old tricks. First, don't blame it on the admin, and second, don't tell me the data is not available. The whole internet is monitored by Netcraft, showing that your blog is run by Apache and Linux. Fortunately, Nicholas Petreley did the analysis for me, so I don't have to waste any more time debunking your unfounded post:
The average uptime of the Windows web servers that run Microsoft’s own web site (www.microsoft.com) is roughly 59 days. The maximum uptime for Windows Server 2003 at the same site is 111 days, and the minimum is 5 days. Compare this to www.linux.com (a sample site that runs on Linux), which has had both an average and maximum uptime of 348 days.

Ok, I could go on and waste some more time on TCO or code quality - and if you're not nice to me, I might even do that - but I think, I will leave it at this and just refer to a professional that put up the following testimonial on his site:
Migrated a multitude of Windows NT/2000 systems to Red Hat Linux to lower TCO and enhance system stability and performance. Oracle 9i RAC, Checkpoint firewall, IBM Websphere Commerce are examples of systems migrated to Red Hat Linux.

But hey, this is the resume of Mike Dailey himself! Surprise, surprise. I know, Mike, you didn't like me finding that out. That's why you deleted my comments. Next time, be more careful, will you.

Update: Mike Dailey has written a followup on his article called "The Death of the Linux Debate: A Eulogy". He makes some good points there, which I have addressed in my own followup. I have a good idea of what the concerns of management are involving the application of Open Source, since I have to deal with them professionally in what may be the most FOSS unfriendly country in the world: The Netherlands.

Update: Mike and me might be closer to each other than we thought. Please read his excellent comment here.

Update: I had to change this article slightly, because some so-called FOSS supporters don't seem to know when enough is enough.

Update: Mike Dailey has truly given a worthy closing to this debate. Although I cannot undo this post, I cannot honestly maintain that Mike Dailey fits this profile.

Saturday, March 14, 2009

Fear and loathing in Holland

With "Linux's dirty little secret: Uninstall" professional journalism has reached another, unprecedented low. Frequent readers of my blog know I've exposed and criticized IT journalists and editors for years. I'm a customer and I expect nothing less than high quality articles of knowledgeable professionals.

For this, I've always liked German magazines, which I consider to be the best in the world. Nothing simply compares to "iX", "c't" or "Linux Magazine". It's sound stuff of people who know their thing and are not afraid to research it. I've learned a lot of neat things reading their work. Most of the articles are signed with the initials of the writer. These guys take pride in their work and are not out to become pop stars.

That is in sharp contrast with David Ramel, who considers himself to be the new Hunter S. Thompson, the man who invented "troll journalism". Mr. Ramel admits he's a newbie where Linux is concerned, but is not afraid at all to write about it in order to educate us idiots.

Mr. Ramel, let me remind you that there is something like ethics. Yes, you have a B.A. in journalism, so you ought to know all about it. I know, you hardly got your degree at Harvard or Yale, but even in Montana the concept must have crept in by now. Mr. Ramel has no degree in computer science, but in 1995 he was even able to start up Wordstar on his CP/M system.

It is clear that Mr. 'newbie' Ramel has a Windows-centric view on the world. To him, the only way to set up a home network is to use SMB/CIFS, you know that proprietary Microsoft framework that kept Samba developers busy for years until a billion dollar fine from the European Union forced Microsoft to open up. Next time, try NFS and CUPS for a change. BTW, Mr. Ramel hates Apple computers as well (and loved them a few months later). You really have to read his interesting article with all those compelling arguments. His love for Windows XP is.. well, touching.

But that is not the only thing. Mr. Ramel proves he is also unable to cope with the greatest invention since sliced bread: the Internet. "Uninstall Linux" (with quotes) gives me 16,700 hits. "Uninstall Ubuntu" gives me even 24,600 hits. That's a lot of hits for a "dirty little secret". Still, Mr. Ramel cannot uninstall Linux.

If Mr. Ramel claims to be a professional journalist, I'm afraid. Very afraid. Although Mr. Ramel admits in his latest article that he is still a Linux newbie, that doesn't stop him to produce SOFUD - a year ago:
"As for Linux, I've been hearing it's "ready for the desktop" for years now. Well, it's not ready. (..) It might be fine if you're the type of person who used to type "debug" in the DOS command line to make hexadecimal changes to standard operating system messages just for fun, like I did long ago."

Sounds familiar? The sad thing is that Mr. Ramels resume is quite short. He knows nothing but "Computerworld", which has so generously provided an income for Mr. Ramel and his family for so many years. Hopefully, the current crisis isn't a reason for "Computerworld" to reconsider its staffing. I'm afraid, that the current quality of his ramblings could be a reason for "Computerworld" to let him go. Let's hope it won't come that far.

Update: It's even worse than I thought. Currently the first sentence of this blog post contains a link labeled "Fedora Project Wiki" but when clicked you are actually taken to Ubuntu's documentation site. Perhaps this is why searching for "uninstall Fedora" and "remove Fedora" returns nothing? I've had it. Just fire the guy.

Update: "Journalism can be truthful without striving for objectivity" Mr. Ramel must have thought when he added this note to his article:
A page titled "How to uninstall Fedora" was added to the project Wiki after this blog was published.

Like magic, the error of the previous update has disappeared as well. Adding an entry to the Fedora Wiki is perfectionism. Covering up a blatant error without admitting it is just sneaky.

Update: David Ramel posted a reaction to the previous update:
If the "blatant error" you accuse me of "covering up" is the incorrect URL for the Fedora project in the original post, you can see in the comments that I replied to the person who informed of the error: "Thanks for pointing out that URL mistake. I fixed it."

It would have suited him if he had added the correction to his post. Comments are easily overlooked. I have posted the same text to his blog.

Update: My promise to Mr. Bernard Swiss has been fulfilled: I added the "I love Macs" link. Twice.