October 19, 2004

'Does Open Source Deserve a Place in Your IT Portfolio?'

Author: Robin 'Roblimo' Miller

ORLANDO, FLA --Gartner holds a yearly conference here called Symposium/ITxpo, one of four similar annual events it holds around the world. Yesterday I attended a Symposium/ITxpo presentation titled Does Open Source Deserve a Place in Your IT Portfolio? given by Gartner vice president Mark Driver. Most of the information he put out was correct, which was good.You personally may not care what Gartner analysts say, but plenty of people who make IT purchasing and hiring decisions for large companies and government agencies do. In recent years IT industry analysts' power influence has grown. Events like Gartner's week-long Symposium/ITxpo attract thousands of attendees, most of whom are IT managers or business people whose responsibilities include IT.

Approximately 250 of these managers listened attentively as Driver spoke. Many took notes. One of his most-noted statements was:

You'd be stupid not to use open source as part of your application management strategy.

Driver told his audience that their programmers and systems administrators were already using open source whether they knew it or not. He pointed out that GNU tools, Perl, and Python were loaded on almost every programmer's workstation; that at least 30% of all Java development tools -- including some of the most widely used ones -- were open source; and that a growing number of key tools for .Net development were open source.

He said the major change in attitude toward open source over the past few years was recognition that it is an important and recognized part of the software landscape. He said many open source applications are reaching "technical maturity" and that a growing number of people are accumulating experience with open source software, so finding qualified support is no longer a problem. In general, he said, open source "is becoming more institutionalized today."

Another key Driver quote:

Most of us aren't going to Linux from Microsoft or Sun because of ideological concerns. We're doing it because it's cheap.

He said that when it comes to TCO studies, "You can jumble the numbers. You can show many directions." He refused to provide one-size-fits-all Linux vs. Windows TCO numbers. Instead, he said, you should start looking at Linux where it make the most sense. And in Gartner's world, the place where Linux makes the most desktop sense is for single-application terminals.

Driver pointed out -- and he is far from the first to say this -- that if you're only running a single application all day or accessing a limited group of applications or using remote applications through a browser, there is no reason for your terminal to have much of an operating system on it; that it should become a zero-maintenance piece of equipment.

"If it breaks, you just throw it away," he said.

Driver said the companies and government agencies that seem to do best with Linux and open source deployments are those that are in the habit of doing their own integration. He specifically mentioned R&D as a "sweet spot" for open source, not only because researchers need the flexibility of open source more than most users, but because they tend to have the expertise needed to take advantage of that flexibility.

Of course, he added, Linux is already "the" server choice for many, especially Internet-only businesses.

Setting open source policies

Driver had a slide that displayed a range of options for developing corporate policies about how to deal with open source. At one extreme was "Total Ban," a policy he did not recommend. At the other extreme was "Participation and Advocacy," a course he said should only be taken with great caution.

He pointed out that while the idea of opening the source to some of your company's applications and hoping that thousands of eager developers would help you improve your software was attractive, creating a successful open source project takes more than just posting code and hoping. He said it takes a considerable amount of time, money, and nurturing to create an open source project that is worth sponsoring. Sure, it's nice to "be an open source hero," he said, but in reality you'd better be willing to commit to the task of building a developer community.

Driver said one of the best reasons to sponsor an open source project was if you had software -- and data formats -- you wanted to share with suppliers or customers or both that would make everyone's IT tasks easier. Not only would that create definable returns, but since suppliers and possibly customers would be involved, there would be a built-in initial developer community.

He also warned that with a true open source project, you risked losing control. If the development community decided to take the project in a direction you did not like, there would be little you could do about it. And then he started talking about the dangers of the GPL.

That pesky GPL

Driver use a hypothetical situation where a developer working on a piece of proprietary software for you incorporated seven lines of GPL code he'd found somewhere on the Internet and suddenly your competitor called and demanded access to the whole program because it was now totally licensed under the GPL. Those few lines of code had virally infected the whole program! Eww!

We can't have that, can we?

So even though Driver was advocating at least limited Linux use, and the Linux kernel and the GNU tools that surround it are all GPL, he was warning against the GPL. I had a little trouble with some of this. Maybe I've spent too much time delving into the minutia of open source and free software licensing, but Driver's scenario seemed implausible, especially if it applied to code developed for in-house use rather than for redistribution. Perhaps he has not done much research in this area. But he was busily putting out information about the GPL that I found puzzling -- and this was coming from a man who admitted that he uses and likes MySQL, which is absolutely available under the GPL.

Driver also seemed to have some incorrect ideas about the limits that can and can't be placed on commercial code distribution under the GPL and other free and open source software licenses, which I found sad considering that he's an influential man to whom many IT decision-makers turn for correct answers to their questions about open source adoption.

But I am but a lowly reporter for an ad-supported Web site, not a big-time analyst for a company that charges thousands of dollars for access to its reports, so I'm sure Driver is right and I am wrong. Or maybe I just heard him wrong. I'm sure I couldn't have heard him say there was no way to prevent others from commercializing code you had released under an open source license. Perhaps my ears need cleaning.

SCO's ugly head is reared

Driver spoke about the possibility of open source users getting sued by the likes of SCO. He seems to think a number of companies have paid SCO licensing fees to use Linux, although this lowly reporter can't think of any "real" licensing deals between SCO and Linux users that haven't been repudiated or otherwise killed. Driver specifically cited Daimler-Chrysler as a company that signed a licensing agreement with SCO because of a lawsuit threat, although Daimler-Chrysler (and others) seem to believe SCO's case was dismissed.

To combat this sort of problem, Driver said you should only use open source software that comes from a reliable source, preferably one that offers indemnification against suits by companies like SCO. He mentioned HP, Sun, Red Hat, and Novell as legitimate sources of Linux, and said you should get Linux from them "rather than from a college sophomore's dorm room server."

Driver said other anti-open source suits are likely, if only because the code is open so anyone who wants can read it and possibly claim ownership. He also mentioned that we're starting to see insurance against lawsuits based on IP claims against open source software -- and ended up concluding that despite these problems, and despite the fact that he's seen several companies delay open source adoption because they're scared of SCO-like suits, open source will keep growing.

The open source future is bright in Gartner-land

Gartner seems to issue caveats about open source and make some factual blunders now and then, but on the whole the company seems to waver somewhere between "open-minded" and "positive" on the "open source friendship" scale.

This seems to be most larger analyst firms' open source attitude these days, at least when they're writing general research instead of producing "custom reports" financed by proprietary software companies.

Almost all IT analyst firms now report on open source in one way or another. Only a few years ago analysts tended to ignore open source entirely unless they were getting paid to knock it. Now they track open source the same way they track any other segments of the industry. This is a significant advance in the general march toward broad open source acceptance.

As Mark Driver pointed out several times in his presentation, the news is not that companies are suddenly starting to use open source, but that they are now doing so formally -- and in many cases starting to contribute to open source projects and thinking about releasing their own software under open source licenses not just so they can feel good about what they're doing but because -- at least in some cases -- an open source release makes good business sense.

Click Here!