(9) Feature of FOSS

Performance Security
How is performance of Is the security of FOSS
FOSS products? product high or low?

Cost Educational benefits

Is it possible to reduce What is educational
cost by FOSS? efficiency from FOSS?

Vendor lock-in Sustainability

What is vendor lock-in? Importance of
How to avoid vendor sustainable software
lock-in by adopting development
FOSS?

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 237
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Performance
Innovative and fast development
FOSS is suited for innovative development
Developing speed of active FOSS project is amazingly
high

FOSS performance testing in Japan

As a matter of fact, how is the performance of FOSS?
A series of performance evaluations on FOSS products
were conducted by a work group of Japan FOSS
promotion forum

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 238
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Innovative and Rapid Development

Reasons for innovative development

Motivation of FOSS developers
Create software that developers want
Create software unlike any other
Localization tends to be more easily implemented
Localization undertaken by actual users that desire
localization

Rapid pace of development

Projects fundamentally driven by enthusiasm of
developers
Although development sometimes takes place through
business
Desire to quickly develop software that developers want
Large projects involve worldwide developer base
Round-the-clock development
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 239
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 FOSS Performance Testing in Japan

Performance evaluations implemented by working

group of Japan FOSS Promotion Forum
Results of Development Infrastructure Working Group
DBMS benchmark evaluation using OSDL DBT-1
Benefits of tuning confirmed
PostgreSQL evaluation using OSDL DBT-3
JBFOSS performance and reliability evaluation using
SPECjAppServer2004
Performance of WebLogic surpasses JBFOSS
Evaluation and bottleneck analysis of Linux kernel using LKST
Development of crash analysis tools and evaluation of FOSS
performance and reliability
Evaluation of Java application layer
Evaluation of database and OS layers
Members of Development Infrastructure Working Group
Hitachi, SRA, NTT Data, NS Solutions, Sumisho Computer Systems, NRI,
Miracle Linux, Uniadex, NTT Comware, Nihon Unisys
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 240
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Cost
Myth of low cost
FOSS is not almighty to reduce costs

Evaluating total cost of ownership (TCO)

Cost evaluation strongly depends on assessor's idea

Cost reduction factors

What items can be candidate for cost reduction factors
by FOSS adoption?

Cost disadvantage of FOSS

What are disadvantage points in FOSS adoption?

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 241
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Myth of Low Cost
Presumed to be chief advantage of GNU/Linux
deployment
Nearly always true when replacing Unix
Tsutaya Online: 1/4 to 1/5 cost reduction
Amazon.com: Saved $17 million
TCO gap with Windows is small and debatable
Inadequate experience and lack of thorough discussion
for meaningful comparison of desktops costs
Focus ends up being on maintenance costs
Maintenance of middleware and applications
Cost of administrative engineers
Once technology is created to easily manage multiple
desktops
Desktop tug-of-war between Windows and GNU/Linux

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 242
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Evaluating Total Cost of Ownership

TCO (Total Cost of Ownership)

Total of all costs required to maintain, administer, and
adequately operate systems

Elements contributing to TCO

Deployment costs, operating costs, training costs, etc.

Room to calculate TCO as desired, by changing

standpoint of evaluation
Microsoft’s Get the Facts campaign: How are the facts
represented?

Various assumptions are suspect

Proper evaluation of TCO requires concrete
assumptions about how system will be used
Results will depend on the assumptions made
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 243
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Cost Reduction Factors
Initial deployment costs
Cost of acquiring distribution (only one copy needed)
Licensing costs
If proprietary software is required, only license for that
software must be purchased

Upgrade costs
Usually very low
Frequently expensive for proprietary software

Hardware costs
Runs adequately on older hardware for certain
applications
Systems can be tuned to adequately run on low spec
PCs

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 244
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Cost Disadvantages of FOSS
Frequently identified cost disadvantages
Training costs
Users are generally conservative and resist migrating from
a familiar environment to a new environment
Lack of textbooks and reference material for mastering
FOSS
Support costs
High cost of support due to limited supply of FOSS
engineers
Costs are going to decrease as FOSS becomes more common
Systems modification costs
Servers may need to be modified
Some systems only designed to work with specific clients
FOSS clients may not work within such systems
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 245
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Vendor Lock-In
What is vendor lock-in
An environment or situation that locks in users to
products from a specific vendor
What are the problems with vendor lock-in?

Examples of lock-in business strategies

Vendor lock-in is found not only in IT market

Separation of Interface and Implementation

Promoting fair competition among implementations
from each vendor, in conformity with standard
interfaces

FOSS and open standards

Reasons why fair competition requires more than
specification standards
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 246
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 What is Vendor Lock-In
Vendor lock-in
Locks in user environment to specific vendor’s
products
Type of customer retention strategy
Can lead to endless vicious circle of biased
procurement
Forces users into regular version upgrades
Monopoly can invite lower quality and higher costs
Need to maintain compatibility with archival assets
Eliminates participation by other vendors through use of
closed specifications

Used to be an excellent business model

Users: Buy long-term support and peace of mind
Vendors: Stable revenue and growth of market share

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 247
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Examples of Lock-In Business
Strategies
Rewards programs
Leading examples
Credit card companies
Frequent flier programs
Mail order companies and
mass merchandisers
Everyday examples
Frequent buyer cards
from retailers
Restaurant coupons
Car dealers
Preferential trade-in
programs for car brands
from same manufacturer
Frequent model changes
An Introduction to Free/Open-Source Software
Mobile phone carriers and ISPs
Frequently introduce new
models and services
Users do not wish to change
mobile numbers and e-mail
addresses
Introduction of mobile number
portability may reduce lock-in
advantage
MNP: Mobile Number Portability
Worst case of vendor lock-in
“One yen bid”
Bid on first year at low cost
Gain highly profitable private
contracts in after the second
year
Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 248
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Separation of Interface and
Implementation
Separate from implementation to achieve
competition
1. Derive necessary functions and separate into modules.
2. For each module, separate the interface and implementation.
3. Define the interface and establish it as a standard.
Separation of implementation ideally results in fair
competition

From de facto standards to open standards

Conventional de facto standards
Implementation also treated as part of standard
Open standards
Standards formulation process also handled openly
Implementation left to each vendor
Interface is specified to a standard, and implementation
is interchangeable
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 249
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Free/Open-Source Software and Open
Standards
Avoid vendor lock-in
Make specifications open to maintain competition
Open specifications alone are insufficient
→ Also need to release source code
Enables other vendors to participate in system upgrades
User has upper hand for price negotiations
Why open standards alone are inadequate
Vendors will always emerge to seek differentiation through
proprietary means
Example of HTML
Standard specifications decided by W3C
Browser war: Browser incompatibilities due to proprietary tag
extensions
Example of tying applications into OS
Proprietary performance enhancements using unpublished APIs
Vendor gave itself unique advantage as OS developer
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 250
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Security
Security of Software
What is secure software? From whom do we have to
protect our software?

Is FOSS really more secure?

Opinions from two sides: “More Secure” vs “Less
Secure”

“Many eyes” of developers

The reason why FOSS is more secure

Naked implementation
The reason why FOSS is less secure

FOSS Security Tools

There are many security tools released as FOSS
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 251
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Security of Software
Security is the ability to keep software operating as
expected
Obstacles to security
Outside factors
Unauthorized access: Unexpected manipulation by third party
Interception and falsification: Incidents relating to transmission
path for privileged data
Interception: Unexpected leakage of data
Falsification: Transmission of insidiously modified data
Internal factors
Software defect: Unexpected operation due to fault in software
Vulnerability: Fault or specification issue that could be used by
third party to take over system or leak data, etc.

Raises the issue

Can FOSS improve security against these threats?
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 252
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Is FOSS Really More Secure?
Widely divergent views
FOSS is more secure due to transparency and active
developer base
Proprietary software from major vendors affords
greater chance of ensuring security

Reality of the situation

Servers
Unauthorized access and security accidents occur on all
platforms including Unix, GNU/Linux and Windows
Desktops
Viruses and worms targeted at FOSS are extremely rare
Low probability due to small number of FOSS desktops to begin
with?
Depends on system design principles; operating systems
designed for convenience are comparatively more vulnerable

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 253
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 “Many Eyes” of Developers
Possible reasons for greater security of FOSS
Rapid response to defects
Continuous round-the-clock development by worldwide
developer base
Relatively fast response when critical vulnerabilities or
security holes are identified
Applies to actively developed FOSS projects
“Trojan horse” measures
Difficult to slip unauthorized code into source code
circulated as FOSS

Based on notion of improved security through

vigilance of many developers

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 254
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Naked Implementation
Reasons FOSS is thought to reduce security
Releasing source code provides crackers with enough
information to do harm
Easier to find errors or security holes in
implementation
Counter-argument: Release of source code enables
immediate response if security holes are discovered

Concern about structure for security measures

by software provider
Major vendors are putting resources into security
measures
Lack of trust in volunteer development of FOSS
projects
Risk is higher for less active FOSS projects

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 255
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 FOSS Security Tools
GNU Privacy Guard (GPG)
PGP encryption tool from GNU
Many MUAs work with GPG
Snort, CodeSeeker
FOSS Intrusion Detection Systems (IDS)
OpenSSH
FOSS implementation of Secure Shell (SSH) protocol
Commonly used today in place of Telnet and remote
shell (rsh)
OpenSSL, GNU TLS
FOSS implementations of SSL (Secure Socket Layer)
protocol
Other tools: OpenVPN, Tripwire (system integrity
check tool), etc.
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 256
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Educational Benefits
Source code as an example
Learn from the precedence of released source code
Leading source code is equivalent to an excellent text
book

Using a debugger to verify that source code runs

Important issue is that the source code is really
runnable

Low cost of development environments and

resources
Low entry levels to start learning

Educational benefits of communities

We have much from communities

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 257
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Source Code as an Example
Study concrete examples
Software design methodologies
Programming techniques

Actual programming samples

Learn step-by-step how a program runs
Look up similar code

Source code as a textbook

Publications relating to FOSS such as Code Reading
and Lions' Commentary on UNIX 6th Edition with
Source Code are published

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 258
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Using a Debugger to Verify that
Source Code Runs
FOSS makes it possible to:
Obtain source code
Modify source code
Check source code
Source code that actually
runs
Important to verify using
debugger
Verify operating logic
Learn through practical
experience
Enables study using real
code
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 259
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Low Cost Development Environment
and Development Resources
Proprietary software involves tall barriers to
participation
Purchase of development tools
Purchase of development information
Fee-based training
Development resources comparatively lower
cost for FOSS
Distributions include development tools
Information available online
Training largely fee-based
Risks for software technology acquisition under
FOSS
Time and effort
Ability to control risks yourself is where FOSS excels in
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 260
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Educational Benefits of Communities

Approach that users can learn how to use

software from the community without learning
by users themselves
User communities as cooperative organizations
Ask questions through mailing lists and message
boards

Rules of communities
Give-and-take of information
Observe netiquette
Prevent flame wars from occurring

Development communities must also make an

effort to provide accessible information
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 261
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Sustainability
Necessity of sustainable software development
Why sustainability of software development is so
important?
The key is adaptation to various kind of platforms

Realizing sustainable software development

Why FOSS enables us to realize sustainable software
development?

Scientific progress and advancement of software

Similarities between scientific progress and
advancement of software

For the advancement of software

To produce better software products

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 262
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Necessity of Sustainable Software
Development
Sustainable software development is necessary as long
as users wish to use software
Defects in software discovered on daily basis
Security holes cause problems for others
OK to end development of tried-and-tested software*?
*Tried-and-tested software: Software in which almost all bugs
have been worked out
Are there any issues with suspending software
development?
→ Yes, there are
Reasons
Changes in surrounding environment including OS, dependent
libraries, etc.
Software must be adapted to support to these changes

FOSS capable of being adapted to diverse platforms

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 263
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Realizing Sustainable Software
Development
For proprietary software
Risk of software development ending for some reason

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 264
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 Scientific Progress and Advancement
of Software
Advancement of software and scientific progress
fundamentally similar
Compare the following points

Advancement of software (under FOSS)

Implementation shared and extended through release
of source code
Source code must run properly. Avoid reinventing the
wheel

Scientific progress
Knowledge shared and expanded through publication
of papers
Test theory through use of corroborative experiments
Pointless to conduct the same research afterwards

An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 265
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
 For the Advancement of Software

Freedom of FOSS
The freedom to run the program, for any purpose
The freedom to study how the program works, and adapt it
to your needs
The freedom to redistribute copies so you can help your
neighbor
The freedom to improve the program, and release your
improvements to the public, so that the whole community
benefits
Above four kinds of freedoms prescribed by FSF’s The Free
Software Definition
Copyleft is abstract expression of four kinds of freedom
GPL expresses four kinds of freedom as concrete license

Leads to implementation of sustainable software

development
Should lead to advancement of software
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 266
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.