Editorials, Encryption/Data Security, Townsend Security

Open Software is a Great Resource

by Ben Taylor

Open Software is a Great Resource
Many have written in with examples of how Open Source software has been essential to their business solutions. Today, as I close out this topic, I am including comments from David. They pretty much encapsulate the comments as a whole.

David Writes:
Putting on my developer hat, open source software is a great boon. The standard libraries of many programming languages don’t provide much beyond basic abstractions, even with respect to Java and .NET, but open source libraries can be found for just about any problem. And since they are open source, I can dig into the library and see if it meets the quality needed for my project, greatly speeding up my own development cycle.


If they are MIT, BSD, Apache, or LGPL licensed, it’s easy to use these libraries even in proprietary software, where MIT, BSD, and Apache licensed code can be incorporated directly into your own code and you only need to add a notice to your EULA that portions were MIT, BSD or Apache licensed (and list the copyright owners), nothing more. For LGPL, you can use the library without issue if you do not modify the library; any modifications must be given back to the copyright holder, but you again can use it in proprietary software if you meet those requirements.


GPL code generally cannot be used with proprietary software. One exception with GPLv2 is if you keep the modified GPL code on your own server and never distribute the program, then you can keep it proprietary, which GPLv3 eliminates. However, all GPL code can be used in conjunction with proprietary code if they employ some sort of message-passing mechanism (no code sharing, only data), so open source databases like PostgreSQL or MongoDB can be used by proprietary software as their database back-end without needing to pay attention to whatever license it uses.


This is also useful for developers of new proprietary software, because if the open source databases, search engines, and other "full" middleware applications can meet the needs of your application, you can undercut competitors by using them instead of licensed, proprietary applications.


Some developers view this as a slippery slope — who’s to say your own proprietary application won’t be undercut by a future open source application? That’s completely true, but the advantage proprietary developers have is that they are being paid directly for their work, so they can customize it specifically for their customers needs.


Therefore, open source solves the general problem, you are paid for the specific problem (and there will always be specific problems). Also, because the GPL only requires source be distributed to those who receive the binary executable, you could always just take the open source solution, even if its GPLv3, add your changes, and sell the changes+executable to the client.


In that situation, large companies are actually funding a large portion of your own development costs.

With my database hat on, the advantages of open source software are more limited, but there are still some:

  1. Most successful open source software has a large company backing it (Red Hat [RHEL], Canonical [Ubuntu], 10gen [MongoDB], Joyent [Node.js], etc). These companies get developers "hooked" on their tools by giving them away for free, and then if it becomes mission-critical for the company, they sell support contracts just like proprietary vendors, so the really "professional" open source software that db admins would use is essentially just like proprietary software, but they give up the "shrink-wrap" sale for the "advertisement" to devs.
  2. Databases are very complex applications, and complex databases are more prone to hitting bugs. Open source databases have the advantage that you can look at the code itself and find out what’s gone wrong, or more likely, that you can hire one of the database devs directly as a consultant to solve your problem ASAP; much faster than a support contract would give, and with the fix more tailored to the particular problem you are experiencing.
  3. Open Source can never die because of that. If support is dwindling, you can hire someone to maintain the software until you can transition to something newer and better supported, which leads to my last point.
  4. Open Source can never "lock-in" your data and hold it ransom. You can always export your data and re-import into another application. (This doesn’t apply to open source-based cloud computing, like Google’s AppEngine, because only Google runs the service, so there is again a proprietor to deal with, even if the vast majority of what you’re using is open source.)

Proprietary software vendors mostly seem to rely on lock-in (can’t get your data back out of their system in an easy fashion), network effects (even if LibreOffice can do everything Microsoft Office can do, because they have different native file formats, you can’t easily share that LibreOffice document [unless you only share by print-outs or PDF]), and marketing (open source markets to devs by promising an easier development time, proprietary software markets to business managers by promising easier lifecycle management [they dictate it for you, but you don’t have to do your homework on licenses like with open source, for instance]).


So, I see proprietary software will always have a role in "Enterprise" (where "enterprise" refers to any company where developers have little say in the direction of the company), while proprietary software has been dead in the "start-up" space since the Dotcom boom (where "start-up" just refers to companies where technology and the developers steer the company), because the target audience has diverged. I wonder if Microsoft understands this?


I hope this short journey has proven helpful. Next week we will be moving on to another topic. Please send your comments to btaylor@sswug.org.

Cheers,

Ben

$$SWYNK$$

Featured Article(s)
Four Non-Technical Steps To Data Security
As you work to protect your data in this day and age of data breaches and regulatory compliance, technology and software solutions to data and database security spring to the front of most people’s minds. This is to be expected because, after all, most of our data is stored on computers, so technology and software are required to protect this data from unauthorized access. This is a good thing; technology is a crucial component of protecting your valuable business data. However, it is not the only thing.

Featured White Paper(s)
Encryption & Key Management for Microsoft SQL Server 2008
Written by Townsend Security

Simplify encryption and key management on … (read more)

Tags: , ,
Author: Ben TaylorBen is a Relational Database veteran starting in the early eighties on DEC Vax database systems such as Bloom and Harvest. He has specialized in SQL engines for more than two decades, with a primary focus on Microsoft SQL Server. Ben has worked with small and large databases for both OLAP and OLTP working on systems for many industries such as Medical (Medical Claims and Eligibility Warehouse, HMO Provider Management, Enrollment), Financial (credit card processing, mortgage, stock portfolio management), Manufacturing (Assembly Line and Product Assemblies), Sales, Auto Auctions and more.