Sunday, March 29, 2009

Introducing pointy-haired bosses to FOSS

Mike Dailey tries to convince us gave me the impression that moving to Linux is an all-or-nothing proposal. That's plain ridiculous. An undertaking of that scale is a gigantic project, which no CIO will endorse. What you can do is introduce FOSS technology in the enterprise, step by step. Once it has proven itself you may take the next step. Since mixing Microsoft and FOSS is a viable scenario you have a multitude of options at your disposal.

Warranty and support
The plain truth is that although most managers may have heard of Open Source, they don't have a clue what it is or how it works. Most of them think it is something like public domain software, stuff you can get for free, without warranty and without support. So the first thing you have to do is to tell them you can get support from reputable parties like Oracle, IBM, Novell and RedHat. If you're not happy with their support, you can change with more ease than you could with closed source software.

Some CIOs are completely unaware that these parties provide updates. They think you have to monitor a multitude of websites or CVSes, search for the newest versions, download a tarball and recompile it. I always tell them jokingly: "Well, I don't know what I've been getting all these months, but it seemed like patches".

Note that very few CIOs know that Microsofts warranty is rather limited. In fact, it is limited to the smallest extent that law will allow.

Code quality
Most CIOs think that Open Source is produced by amateurs, hacking away in their attics and garages, so they have concerns about the code quality. Of course, you can tell them that reputable companies produce a vast amount of FOSS as well, but that doesn't make them any happier. May be this will help. Okay Mike, I got the message: anybody can come up with some stray links. So especially for your reading pleasure I have delved a little deeper into this subject.

According to Carnegie Mellon University's CyLab Sustainable Computing Consortium closed source software contains 20 to 30 defects per thousand lines of code (KLOC). According to Steve McConnell, the best a software company could achieve is 0.1 defect/KLOC. That is, if you apply the highest standards known to man to the software engineering process, which is equivalent to CMMI level 5. And how many companies have achieved this walhalla of software engineering? 21. Yes, you're reading it correctly: 21. Over 99% of the software companies in the world are still in what SEI calls "the anarchy and folklore" stage.

But let's focus on this 0.1 defect/KLOC figure. It is very hard to find how well Microsoft is doing. I've spent hours trying to find any figures and I finally found them: it's between 0.5 and 1.8 defects/KLOC, depending on the methods used.

During a training at SEI, Microsoft engineers managed to get their defects rate down from (hold on to your hats) 25 defects/KLOC to 7 defects/KLOC. At the end of the training, they brought their defects rate down to an incredible 0.06 defects/KLOC. But that was during a training. Not a death march.

But for arguments sake, let's hold on to this incredibly low 0.06 defects/KLOC figure, which even baffles the most sophisticated software companies in the world and turn to FOSS. Coverity, a company specialized in software integrity products, has been evaluating FOSS projects for several years. Here you can see their figures. All Rung 2 projects surpass this 0.06 defects/KLOC standard easily and about 40% of the Rung 1 projects match or surpass the 0.06 defects/KLOC mark. The highest defect rate still matches a CMMI level 3, a standard which 99% of the closed source software companies have not been able to achieve.

So yes, I'm fairly confident about the quality of FOSS software.

Vendor lock-in
Closed source companies have a commercial interest in limiting your choices. They will only allow interoperability if it doesn't affect their sales. Consequently, applying their solutions often results in silos, repositories that function very well in their own right, but don't communicate very well with the outside world.

Mike Dailey can't know this, because it is not his line of expertise, but the information architecture of most companies is abysmal. Too much information is locked up in documents and spreadsheets, information that would better be served by being stored in repositories. The truth is that it requires expertise and a vision that most CIOs simply do not have. It requires an Enterprise Architecture, something I have rarely found in the companies I worked for.

Since the dependence of office suites is so great, replacing them is no walk in the park. Entire applications are built on top of office suites, applications that enterprises are depending on. This gives you very little leverage when negotiating your next deal with Microsoft. You're stuck. And the more software you buy to relieve your problems, the harder it gets to turn around and get away.

Another disadvantage may not be so evident, but I've seen it happen. Some of these applications depend on a certain version of Microsoft Office. They were written by some employee at some moment in time and badly documented, so modifying it is not a viable option. However, if you want to have the next version of Sharepoint you need the newest version of that very same office suite. It's a nightmare: you cannot upgrade and you cannot downgrade. What are you going to do?

Even in a scenario like this FOSS offers a solution. You can always compile an application for your current platform and run it along with your new version. Sure, you may not have any support for it, but your business will continue. The same applies if a FOSS company goes belly-up. With closed source software you need complex escrow procedures to accomplish the same feat.

Finally, FOSS is open by definition. If you want to achieve interoperability, you can do just that, since there is nothing going to stop you. Most closed source software prohibits you to even read the repository. No more silos!

When you choose Windows, you have the choice of Intel, AMD and.. that's it! When you choose Linux you have a clear upgrade and downgrade path, from the tiniest netbook and cellphone up to the mightiest mainframe and supercomputer. Just name any platform, Linux runs on it.

Did your boss know that 85% of the worlds supercomputers run on Linux? Did he know that she runs on Linux? Did he know his TomTom (still) runs on Linux? Did he know even his Android cellphone is in fact running Linux?

Steve Ballmer has done a good job. Microsoft has always been good when it comes to marketing and spreading FUD. Most managers are afraid to use FOSS, because they fear their custom applications will automatically have to be released under an Open Source license. Of course, this is not true, but you may have to deal with this issue.

It hasn't been done
Most CIOs are unaware that they already use FOSS. The IBM HTTP server for instance is a direct descendant of Apache. There are various successful projects in Europe you can refer to. Recently, French police switched from Windows to Linux. Several German cities have switched from Windows to Linux.

It's just as expensive
Even if that were true, there are various advantages to FOSS which make a perfect business case. Like better interoperability, scalability, no vendor lock-in, which will make FOSS an attractive option. And next time your local Microsoft representative comes along, your position in the negotiations has significantly improved.

Most companies pay too much for their closed source applications, because their Configuration Management is not up to par and collecting data on actual installations is expensive and cumbersome. FOSS licensing is usually much more transparent. And you don't have to be afraid of the BSA anymore.

FOSS in a Windows world
Don't try to transform your Microsoft shop all at once. You won't succeed. A new project utilizing PHP (which is also supported by Microsoft) may be a good start. Some SQL-Server sites can easily be replaced with MySQL. Replacing IIS with Apache and Windows with Linux becomes much easier after that.

Another scenario is replacing Microsoft Office with StarOffice or OpenOffice, without resorting to a completely FOSS workstation. Visio and MS-Project are notoriously expensive applications, but Dia and OpenProj will do just as well. You can easily exchange data by using SVG or XML formats. Again, when most closed source applications have been replaced with FOSS equivalents, moving to a full fledged FOSS platform becomes much easier.

There may remain pockets of closed source and frankly, I don't think you will be able to remove those very easily. The point is, do you really need to. SAP for instance, is an application that runs very well in a FOSS environment, and so does Oracle. The point is you have given the enterprise more choices and tipped the balance in favor of FOSS.

So what do you think, Mike, is the Linux debate really dead? I don't think so. Thank you for proving this.

Update: The rumours of the death of the debate have been greatly exaggerated: a new article has been published by John Buswell, giving an entirely new view on the subject.

Update: Mike Dailey has truly given a worthy closing to this debate. Although I cannot undo my previous post, I cannot honestly maintain that Mike Dailey fits this profile.


Mike Dailey said...

Good rebuttal, Hans, and thank you for digressing from the personal attacks as it does little more than make one or both of us look foolish. Neither you nor I have all the answers, but I honestly believe that when differing opinions come together the right technical direction most always results. We’re both speaking our opinions based on our experience, as this is all we have.

You are correct, I do not have the background as a software developer, but in-house development of the software isn't the core debate here (that is, before the debate died {grin}). Most enterprises--and again, I'm talking about enterprise computing (i.e. big deployments)—have, in my experience, shifted from app development to web development. Few true in-house apps are developed anymore, with more organizations going the route of canned apps or highly customized canned apps (where folks like you are brought in to do the customization for the organization).

The entire basis of my argument is the flawed or biased view that you can recommend to management that the enterprise can be easily migrated to Linux. Many Linux proponents, like the author of the post I rebutted, paint the picture that Linux is ready and capable of completely replacing the enterprise, and make it sound easy. From your post you agree that this is a losing argument to make. Alas, common ground we have found.

You misspoke in your latest post, as it is not my opinion that the migration of the enterprise is an “all or nothing” approach. It is my opinion that there are not enough capable and functionally equivalent applications in the market to make the switch viable; this is a rebuttal of the “just deploy all these open source apps that can do everything Microsoft can do” argument. It is my opinion that the migration of the enterprise is impossible at this time, given the current state of Linux/open source, as we can not offer the same level of functionality, usability, support, etc. that businesses expect. I’m not saying we are incapable of delivering this, I am saying that we are currently not delivering this. This is why the rush to migrate to Linux/open source is not happening, in my opinion.

Given the current global economic state, businesses are digging deep to cut costs. If Linux and open source can truly deliver everything an enterprise needs, including matching functionality, support, and user experience, why then are the migrations not happening? We can go with your view that the entire issue is based on code quality and lack of knowledge on the part of the IT decision makers. We can go with my view that the entire issue is based on a lack of enterprise quality apps or support. Either way, the Linux/open source communities are not doing the job of supplying what is needed to make this happen.

So I again state, and will continue to state, that the Linux/open source communities need to stop wasting time trying to bash Microsoft and get to work achieving the goals required to meet the needs of enterprise computing. Whether due to coding, lack of apps, lack of support, poor PR, or any other number of reasons the enterprise is not adopting these solutions for a reason.

If we simply tell a CIO, “Hey, Linux and open source have it all! Let’s migrate tomorrow!”, as j00p34 appears to be suggesting, the collective Linux/open source communities are going to have enough egg on their face to solve the issue of world hunger, and Microsoft will be laughing all the way to the bank. So, we can follow the lead of some in the community and pretend we’re 100% ready for it and we have the enterprise-quality apps and support to deliver on the promise. If we’re wrong, however, and it goes bad, there won’t be a second chance as one publicized failure will scare everyone away, and Microsoft will ensure it is well publicized.

Thanks for the opportunity to debate the issue in a professional manner.

-Mike Dailey

Anonymous said...

@Mike Dalley

You should compare RedHat or another commercial Linux offering to that of Micosoft's.

You are using the word "community" as some deflection?

What exactly are you looking for, a Linux base device or a Linux Enterprise solution. If the later, see IBM, HP, RedhHat, Novell or Canonical.

You are not making your case very well.

I won't go into how many Windows shops are running Samba server uknown by the CIO.

j00p34 said...

Maybe Mike should not base his articles on assumptions, and read more careful.
Where did he find this tone:

If we simply tell a CIO, “Hey, Linux and open source have it all! Let’s migrate tomorrow!”, as j00p34 appears to be suggesting.

In my article which was no more than a list of reasons for Linux adoption.

Where did the article say "the 11 only things you have to consider before Linux migration"?

There are viable reasons for Linux adoption, there are also a lot of things to consider before you change anything in IT.

Mike oversimplifies and assumes a lot about an article, just to give himself a change to express his opinion about something, not related to the subject.

Anonymous said...

I put together some thoughts on this whole debate, have a look at

Elder Geek said...

It is not fair to say that it may be difficult, costly, and not all features will be available if you switch from Closed Source to Open Source.

The opposite is true as well. If you had a large business and ran everything on open source. Then decided to switch to closed source applications you would find the same issues.

Not all the features you are used to in your apps will be implemented in the closed source solution. There will be issues trying to migrate and those issues will cost money. They can all be worked around if you are willing to change the way that you do things.

What I don't see is the argument that you would save money by moving to closed source. Moving from closed source to open source will result in savings in the long run. You will not be buying the same software over again at a later point.

I have several Microsoft based products in my enterprise. Let me tell you they are a pain in the proverbial rear end. They seemed designed to do one thing. Make Microsoft 3rd party ISV's lots of money.

I keep running into the "you can't get there from here" syndrome. We gave our requirements to an ISV. We showed them the working system we needed to move from because it did not scale well.

Any sufficiently advanced technology is indistinguishable from a rigged demo. The demo looked good. They were only able to show us the program with 3 of the 7 add ons needed to do what we wanted to do. They assured us all the add-ons would work. That they had experience integrating all the add-ons. When everything was said and done we spent huge amounts of money on a system that did not work as well as what it was to replace. It turns out that our ISV had never integrated all the 3rd party add-ons in the combination we required. It turns on that add-on D breaks add-ons A and B. Add-on E won't work with A and C. If we used add-ons B and F together we lost the scalability we needed in the first place.

At least at the end of the day, with open source if I end up with a system that does not work I was not taken by a 3rd party for $10,000 or $20,000 in consulting fees.

Also if we wanted to have someone code a solution around the shortcomings we could do that with Open Source. It is minimum of $1,200.00 to become our own ISV just to gain access to Microsoft's out of date documentation.

If you want to see the "you can't get to there from here" world people live in. Go to Google groups and look on the Microsoft forums for Solomon and RMS.

Anonymous said...

O3 has some valuable things in his response. To bad if you want to give feedback you get to some forum.

Anonymous said...

Here is the thing, the line of thought that threads throughout the multiple levels of IT management the idea must transverse.

"Free = Worthless"
"FOSS doesn't give me someone to sue"

You can, possibly, convince someone that using RedHat's enterprise offering does give you someone to sue but... the first point... not so much.

I'm not saying Linux can't do the damn job required, it can but as it has zero value it has zero use in the minds of a lot of IT management and beancounters.

ris said...

@Neither you nor I have all the answers, but....

Mike, We do have the answers. Ping us when you need assistance with your migration and we'll lend you a hand.

sims said...

"I have several Microsoft based products in my enterprise. Let me tell you they are a pain in the proverbial rear end. They seemed designed to do one thing. Make Microsoft 3rd party ISV's lots of money." - Elder Geek

You know what? Can anyone argue with that? Anybody? I challenge anyone?

You have to look at it from a business POV instead of your teacher's POV. So many grads are happy for vendor lock-in. I think I have an idea why. I think it might be related to insecurity. I will continue to think about this one. Sheep? Ah yes, sheep. Lamb and wool for the big vendor... erm... shepherd.

kenholmz said...


Kudos to you, Mike Dailey, and j00p34.
Great passion not tempered by serious thought and civility is folly at best.
It seems you have each made the effort to hear the other as well as to be heard.