re: the MS punitive audit. It is the same as the economic premise of
dumping. The user is being given an opportunity to use the software at a
lower price. Therefore, it is a form of the free market system. Though
it's much better for everything to be laid out in the contract so it doesn't
become a blackmail situation later.
In AntiVirus, we have the experience of the DISA contract (many millions of
DoD machines for a couple dollars each, far below any other contracts).
This situation is borne of competition, national pride, marketing, and a
whole host of factors. And it was so successful, the OMB essentially
decided that the whole Federal government should use this model for
purchasing. But all these factors essentially incorporate "the free
market."
Also, in AV, I don't have to worry about how I look in this debate, because
there is no open source alternative. Aside from the laughable (and illegal;
technology and string information stolen from a Russian AV company) effort
passing as Open Source AV, we are a service offerring, not just products.
And this is true in much of the security arena.
The circumstance where Open Source is good at providing "patches" quicker
than the proprietary arena involves the "emergency" scenarios. And though
this is true even for security products, what the "companies" are good at
are the regular, mundane updates. That's the service aspect that you can't
buy with Open Source, and that's what's more true in our ("Security") area
of expertise.
As for playing it safe and avoiding Open Source. Isn't that just another
form of politics? And isn't that what "government" is all about? I have a
little problem with paying the government employees less, and therefore
drawing an average capability that's less, to ask them to do more. Because
I don't see anyone saying that Open Source is less work.
The issue of owning the source code for the service that you contract out.
There has got to be an escrow aspect to the contract where the government
can get that source. That is in every contract that I've seen in a service
contract. The issue then is in how much someone is not doing their job
according to the contract. So, it boils back to the contract. So, it's not
really an Open Source issue.
Jimmy
-----Original Message-----
From: Todd Ellner
To: Andrew Plato; crime@private
Sent: 7/15/03 12:06 AM
Subject: RE: CRIME GNU Help
On Mon, 2003-07-14 at 23:08, Andrew Plato wrote:
> I think any legislation that "directs" or "demands" the state to use
open
> source without equally considering commercial, is a bad idea.
Oh, I dunno. With all the inertia and monied intere$t$ pushing hard for
proprietary commercial software it would probably take more than a
"direction" for the state to even LOOK at OSS. Come to think of it that
is exactly what is happening in the agency my wife works for. She is
only allowed to even experiment with OSS (mysql instead of Access, Linux
instead of Win98, OO instead of Office, g++ or PERL instead of VC++ and
so on) if she buys her own machine, does it on her own time and so on.
On the other hand, an acquaintance in academia saved the State a metric
truckload of money by kicking a bunch of software off the end of the
pier and replacing it with open source and free software. But he had the
advantage of being subject to a law which encouraged employees to reduce
recurring costs like license fees. Absent something like that - a
directive or demand which covered his butt - he would probably have lost
his job for implementing the alternatives.
> Public
> entities should weigh both commercial and open products together. And
> whatever solution works best should be used. If that means commercial,
then
> commercial it should be. Just because something is "free" doesn't mean
it
> better. Furthermore, many things that are "free" aren't really free.
There
> are hidden costs, like support, administration, documentation, etc.
I've seen a few studies. The ones not actually paid for by the
commercial vendors seem to indicate that OSS is at least no more
expensive and often less. Fixes and patches tend to come out much
faster.
The problem is that without some leadership at the top the technical
"best" will not be used. It will almost always be the familiar and the
safe. "Nobody ever got fired for buying IBM" as the saying used to go.
The leadership required to shift directions towards open and fair
appraisals in a large organization must often be very strong. State
governments are very large organizations.
A stroll through the archives of, say, slashdot will show you what
happens when governments consider open source. Certain large commercial
vendors lobby the legislatures to squash it. Or they engage in dumping
to stave off honest price comparisons. Here in Portland Microsoft
came within a whisker of doing an extremely punitive audit of every
single computer in the public schools when the school system put
GNU/Linux into labs on an experimental basis.
> As for quality and security, my feeling is that everything (open
source or
> commercial) has its positives and negatives. You're basically choosing
which
> positives and negatives you find most appealing.
Why yes, that is exactly true. People who make decisions need to make
them based on the totality of their experience, their best judgement,
and informed opinions.
>The best solution is to let the free-market decide. Public
organizations
> should have options, just like any other consumer. They shouldn't be
forced
> into using any technology.
I've sketched a few of the more prominent distortions to the Blessed And
Infallible Free Market (all hail the Market! all hail the Market!) which
are already in place. A number of prerequisites for a "free market" are
not in place and may not, in fact, be possible. First, the consumers -
agencies, departments, individuals, what have you - can not freely
choose the solutions that they most want. That's not how large scale
procurement works. Certain actors can distort the market dynamic itself
so that a purely technical choice based on the merits of the products is
impossible. There are significant barriers to entry for competitors. And
so on. I won't bore you with rehashed Econ 300.
>
> Furthermore, from my experience, many government agencies DO consider
and
> use open source technologies. I don't see why legislation is
necessary. It
> would just create more paperwork and administrative overhead?
And many government agencies that try to are squashed when the
commercial vendors approach legislators. Consider the history of
SELinux.
As for the volume of paperwork and administrative overhead, it works
both ways. Without a requirement to consider alternatives and protection
for those who are brave enough to try them people will tend to go with
what has always been done no matter if it costs more or required
significant overhead of its own; another version of "costs more" when
you come right down to it.
Just as a for-instance consider the costs of keeping every copy of
software associated with every machine at OHSU immediately available at
the machine for a BSA audit. I am assuming that you wish to stay in
compliance with all laws and commercial licenses. Compare that to the
cost of giving alternatives a fair shake or making sure that nobody
violates the GPL, Perl Artistic or Copyleft licenses. I don't know what
the final number at the bottom is. And I doubt that you do either.
Absent some good data we are arguing in a vacuum.
Regards,
Todd
This archive was generated by hypermail 2b30 : Tue Jul 15 2003 - 16:56:02 PDT