FOSS A General Introduction/Why FOSS?

Andrew Leonard, “An Alternative Voice: How the Tech-Poor Can Still Be Software Rich”

''Open-source software has been called many things: a movement, a fad, a virus, a Communist conspiracy, even the heart and soul of the Internet. But one point is often overlooked: Open-source software is also a highly effective vehicle for the transfer of wealth from the industrialized world to developing countries.”''

Is FOSS Free?
The popular myth surrounding Free/Open Source Software is that it is always “free”—that is, “free of charge.” To a certain degree this is true. No true FOSS application charges a licensing fee for usage. Most FOSS Linux distributions (Red Hat, SuSE, Debian, etc.) can be obtained at no charge off the Internet. On a licensing cost basis, FOSS applications are almost always cheaper than proprietary software.

However, licensing costs are not the only costs of a software package or infrastructure. It is also necessary to consider personnel costs, hardware requirements, opportunity costs and training costs. Often referred to as the Total Cost of Ownership (TCO), these costs give the clearest picture of the savings from using FOSS.

How large are the savings from FOSS?
There have been recent reports about the tremendous savings from FOSS, most noticeably from giant corporations that have migrated their internal systems to GNU/Linux. Intel reportedly saved US$200 million from a move to GNU/Linux from Unix, and Amazon reported a savings of US$17 million from switching their servers to GNU/Linux. Major financial institutions such as Credit Suisse First Boston, Morgan Stanley, Goldman Sachs and Charles Schwab are moving a significant portion of their infrastructure to FOSS systems to reap these cost savings.

There are a few TCO studies showing the total cost of running FOSS systems versus proprietary systems. These studies analyze multiple cost factors other than software licensing costs, including maintenance, personnel and opportunity costs from service disruptions. Several have been very positive towards FOSS:


 * 1) A TCO study performed by the Robert Frances Group showed that GNU/Linux costs roughly 40 percent of Microsoft Windows and as low as 14 percent of Sun Microsystem’s Solaris
 * 2) NetProject reported that the TCO of GNU/Linux was 35 percent of Microsoft Window’s TCO. Even more interesting was that the savings was due not just to licensing costs but also to various other costs, including reduction in the number of support staff and software updates that results from using GNU/Linux.
 * 3) Gartner reported that using GNU/Linux in a “locked” configuration resulted in a roughly 15 percent lower TCO compared to Windows XP.

Merrill Lynch, a major financial management company, recently reported that using GNU/Linux could reduce costs dramatically. The unusual part of their TCO study was that the largest costs savings was not from software licensing costs but from personnel and hardware costs.

Direct Cost Savings – An Example
Cybersource of Australia has done an analysis of FOSS savings based on a comparison between Microsoft products and FOSS-based software that provide similar functionalities. The study, “Linux vs. Windows: The Bottom Line”, looked at potential savings for three hypothetical companies (A: 50 users; B: 100 users; and C: 250 users). All numbers are in US dollars:

The Cybersource study is straightforward, comparing nothing more than the costs of software packages. The following two tables list the prices of two software solutions, Microsoft and FOSS, for a company of 50 users.

Public sector organizations often have far more users, which means even more dramatic savings. For example, the government of Sweden has identified savings of $1 billion a year while the government of Denmark has identified savings of between $480 million to $730 million.

What are the benefits of using FOSS?
Besides the low cost of FOSS, there are many other reasons why public/private organizations are aggressively adopting FOSS. These include:


 * 1) Security
 * 2) Reliability/Stability
 * 3) Open standards and vendor independence
 * 4) Reduced reliance on imports
 * 5) Developing local software capacity
 * 6) Piracy, IPR, and WTO
 * 7) Localization

Of particular importance to governments are the last four points as they are government-specific. Corporations and end users usually do not deal with these issues.

Security
While there is no perfectly secure operating system or platform, factors such as development method, program architecture and target market can greatly affect the security of a system and consequently make it easier or more difficult to breach. There are some indications that FOSS systems are superior to proprietary systems in this respect:


 * The Gartner Group recommends that businesses switch from Microsoft Internet Information Server (IIS) to Apache or another web server, due to IIS’s poor security track record. The Gartner Group noted that by July 2001 US enterprises had spent US$1.2 billion simply fixing Code Red (IIS-related) vulnerabilities.
 * “Hacker Insurance” issued by J.S. Wurzler Underwriting Managers costs five to 15 percent more if Windows is used instead of GNU/Linux or Unix systems. Walter Kopf, senior vice president of underwriting at J.S. Wurzler Underwriting Managers, says, “We have found out that the possibility for loss is greater using the NT system.”

The security aspect has already encouraged many public organizations to switch or to consider switching to FOSS solutions. The French Customs and Indirect Taxation authority migrated to Red Hat Linux 6.2 largely because of security concerns.

Three reasons are often cited for FOSS’s better security record:


 * Availability of source code:
 * The availability of the source code for FOSS systems has made it easier for developers and users to discover and fix vulnerabilities, often before a flaw can be exploited. Many of the vulnerabilities of FOSS listed in Bugtraq were errors discovered during periodic audits and fixed without any known exploits. FOSS systems normally employ proactive rather than reactive audits.


 * Security focus, instead of user-friendliness:
 * FOSS can be said to run a large part of the Internet and is therefore more focused on robustness and functionality, rather than ease of use. Before features are added to any major FOSS application, its security considerations are considered and the feature is added only if it is determined not to compromise system security.


 * Roots:
 * FOSS systems are mostly based on the multi-user, network-ready Unix model. Because of this, they come with a strong security and permission structure. Such models were critical when multiple users shared a single powerful server—that is, if security was weak, a single user could crash the server, steal private data from other users or deprive other users of computing resources. Consequently, vulnerabilities in most applications result in only a limited security breach.

Reliability/Stability
FOSS systems are well known for their stability and reliability. There are many anecdotal stories of FOSS servers functioning for years without requiring maintenance. However, quantitative studies are more difficult to come by. Here are two of the studies conducted to date:


 * 1) In 1999 Zdnet ran a 10-month reliability test between Red Hat Linux, Caldera Systems OpenLinux and Microsoft’s Windows NT Server 4.0 with Service Pack 3. All three ran on identical hardware systems and performed printing, web serving and file serving functions. The result was that NT crashed once every six weeks but none of the FOSS systems crashed at all during the entire 10 months.
 * 2) A stress test using random testing stressed seven commercial systems and the GNU/Linux system in 1995. Random characters were fed to these systems, to simulate garbage from bad data or users. The result was that the commercial systems had an average failure rate of 23 percent while Linux as a whole failed nine percent of the time. GNU utilities (software produced by the FSF under the GNU project) failed only six percent of the time. A follow-up study years later found that the flaws identified by the study were all fixed in the FOSS system, but were generally untouched in proprietary software.

Open standards and vendor independence
Open standards give users, whether individuals or governments, flexibility and the freedom to change between different software packages, platforms and vendors. Proprietary, secret standards lock users into using software only from one vendor and leave them at the mercy of the vendor at a later stage, when all their data is in the vendor’s proprietary format and the costs of converting them to an open standard is prohibitive.

The authors of the paper “Free/Libre and Open Source Software: Survey and Study” produced by the International Institute of Infonomics in the Netherlands also argue against use of proprietary software in government. They say:

International Institute of Infonomics

Consequently one major argument against the implementation of proprietary software in the public sector is the subsequent dependency on proprietary software vendors. Whenever the proprietary standards are established the necessity to follow them is given. Even in an open tender acquisition system, this requirement for compatibility with proprietary standards makes the system biased towards specific software vendors, perpetuating a dependency.

Another advantage of FOSS is that they almost always use open standards. This is due to two primary reasons:


 * 1) Availability of the source code: With the source code, it is always possible to reverse-engineer and document the standard used by an application. All possible variations are plainly visible in the source code, making hiding a proprietary standard in FOSS systems impossible. Proprietary software, however, are much harder to reverse-engineer and in some cases are deliberately obfuscated.
 * 2) Active standards compliance: When established standards exist, such as HyperText Markup Language (HTML), which controls how web pages are displayed, FOSS projects actively work to follow the standards faithfully. The Mozilla web browser, a FOSS effort, is fully compliant with many standards from the World Wide Web Consortium (W3C). Webstandards.org notes that Mozilla is one of the most compliant browsers available today. Compliance with standards is due to the FOSS development culture, where sharing and working together with other applications are the norm. It is also much easier to work with a globally dispersed group of developers when there is a published standard to adhere to.

Using FOSS systems as a means of gaining vendor independence has been raised in several areas. A report to the UK Government concludes that “the existence of an OSS reference implementation of a data standard has often accelerated the adoption of such standards, and recommends that the Government consider selective sponsorship of OSS reference implementations.”

Reduced reliance on imports
A major incentive for developing countries to adopt FOSS systems is the enormous cost of proprietary software licenses. Because virtually all proprietary software in developing countries is imported, their purchase consumes precious hard currency and foreign reserves. These reserves could be better spent on other development goals.

The European study, “Free/Libre and Open Source Software: Survey and Study”, also notes that, “The costs of this more service-oriented model of open source are then also normally spent within the economy of the governmental organization, and not necessary to large multinational companies. This has a positive feedback regarding employment, local investment base, tax revenue, etc.”

Developing local software capacity
It has been noted that there is a positive correlation between the growth of a FOSS developer base and the innovative capacities (software) of an economy. A report from the International Institute of Infonomics lists three reasons for this:


 * 1) Low barriers to entry: FOSS, which encourages free modification and redistribution, is easy to obtain, use and learn from. Proprietary software tends to be much more restrictive, not just in the limited availability of source code, but due to licensing, patent and copyright limitations. FOSS allows developers to build on existing knowledge and pre-built components, much like basic research.
 * 2) FOSS as an excellent training system: The open and collaborative nature of FOSS allows a student to examine and experiment with software concepts at virtually no direct cost to society. Likewise, a student can tap into the global collaborative FOSS development network that includes massive archives of technical information and interactive discussion tools.
 * 3) FOSS as a source of standards: FOSS often becomes a de facto standard by virtue of its dominance in a particular sector of an industry. By being involved in setting the standards in a particular FOSS application, a region can ensure that the standard produced takes into account regional needs and cultural considerations.

The FOSS developmental approach greatly facilitates not only innovation but also its dissemination. A Microsoft internal memo noted, “Research/teaching projects on top of Linux are easily ‘disseminated’ due to the wide availability of Linux source. In particular, this often means that new research ideas are first implemented and available on Linux before they are available / incorporated into other platforms.

Piracy, IPR, and the WTO
Software piracy is a problem in almost every country around the world. The Business Software Alliance estimates that software piracy in 2002 alone cost US$13.08 billion. Even in developed nations where software is affordable in theory, piracy rates were as high as 24 percent in the United States and 35 percent in Europe. Piracy rates in developing countries, where lower incomes make software far more expensive, are upwards of 90 percent.

Software piracy and lax laws against it can and does hurt a country in many ways. A country with poor protection for Intellectual Property Rights (IPR) is not as attractive to foreign investors. Membership in the World Trade Organization (WTO) and access to its benefits are strongly affected by the level of protection given to IPR in a country. Finally, a culture of software piracy hurts local software development, as there is less incentive for local software developers to create a local product.

Localization
Localisation Industry Standards Association

Localization involves taking a product and making it linguistically and culturally appropriate to the target locale (country/region and language) where it will be used and sold.

Localization is one of the areas where FOSS shines because of its open nature. Users are able to modify FOSS to suit the unique requirements of a particular cultural region, regardless of economic size. All that is necessary is the technical capability within a small number of individuals to create a minimally localized version of any FOSS. While the construction of a completely localized software platform is no small feat, it is at least possible. Microsoft’s decision in 1998 against producing an Icelandic version of Windows 98 would have had serious implications if it were not for the emergence of FOSS alternatives.

Most initial FOSS initiatives in the Asia-Pacific region have dealt with localizing FOSS. More details on localization can be found in the “Localization and Internationalization” section of this primer.

What are the shortcomings of FOSS?
For all the benefits FOSS brings, it is not suitable for every situation. There are areas where FOSS needs improvement.

Lack of business applications
While there are many FOSS projects out there today, there are still many areas that lack a full-featured product, especially in the business world. The recent porting of Enterprise Resource Planning platforms such as SAP and Peoplesoft have helped cover the high-end application market, but the Small and Medium Enterprise (SME) market is still poorly served. Basic, polished accounting applications such as QuickBooks, Peachtree or Great Plains do not have FOSS equivalents at this time.

This problem has come about in part due to the scarcity of people competent in both technical and business subjects. Technical developers who encountered problems and wrote software to “scratch an itch” started most of the existing FOSS projects today. These projects are usually fairly technical in nature, such as the creation of web servers, programming languages/environments and networking tools. It is rare for a software developer to encounter accounting problems, for example, and have the business knowledge to create a technical solution.

Interoperability with proprietary systems
FOSS systems, especially on the desktop, are not completely compatible with proprietary systems. For organizations that have already invested massive amounts of capital into proprietary applications and data storage formats, attempting to integrate FOSS solutions can prove to be prohibitively expensive. Changing proprietary standards, which is often aimed at preventing the integration of alternate solutions, exacerbates this problem.

In time, as organizations shift from proprietary to open standards, this problem should be reduced.

Documentation and “polish”
Established FOSS lacks the extensive documentation and user-friendliness found in commercial software. The primary focus of early FOSS developers was functionality. Creating a program that worked well was far more important than ease of use.

Besides the dearth of high-quality documentation, there are also user interface issues with FOSS Graphical User Interfaces (GUI). Because the GUI element in most FOSS systems is not a single element but a collection of different projects glued together, the behaviour of the GUI elements differ greatly. Command-to-save data differ from one program to another, quite unlike proprietary desktop operating systems such as the Mac OS X or Microsoft Windows. Cutting and pasting between different programs can be wildly inconsistent or even impossible. While there is significant ongoing work to unify the desktop, the desktop is likely to remain inconsistent for some time to come.