From: Kuo, Jimmy (Jimmy_Kuo@private)
Date: Tue Jul 15 2003 - 12:56:56 PDT

  • Next message: Crispin Cowan: "Re: CRIME GNU Help"

    re: the MS punitive audit.  It is the same as the economic premise of
    dumping.  The user is being given an opportunity to use the software at a
    lower price.  Therefore, it is a form of the free market system.  Though
    it's much better for everything to be laid out in the contract so it doesn't
    become a blackmail situation later.
    In AntiVirus, we have the experience of the DISA contract (many millions of
    DoD machines for a couple dollars each, far below any other contracts).
    This situation is borne of competition, national pride, marketing, and a
    whole host of factors.  And it was so successful, the OMB essentially
    decided that the whole Federal government should use this model for
    purchasing.  But all these factors essentially incorporate "the free
    Also, in AV, I don't have to worry about how I look in this debate, because
    there is no open source alternative.  Aside from the laughable (and illegal;
    technology and string information stolen from a Russian AV company) effort
    passing as Open Source AV, we are a service offerring, not just products.
    And this is true in much of the security arena.
    The circumstance where Open Source is good at providing "patches" quicker
    than the proprietary arena involves the "emergency" scenarios.  And though
    this is true even for security products, what the "companies" are good at
    are the regular, mundane updates.  That's the service aspect that you can't
    buy with Open Source, and that's what's more true in our ("Security") area
    of expertise.
    As for playing it safe and avoiding Open Source.  Isn't that just another
    form of politics?  And isn't that what "government" is all about?  I have a
    little problem with paying the government employees less, and therefore
    drawing an average capability that's less, to ask them to do more.  Because
    I don't see anyone saying that Open Source is less work.
    The issue of owning the source code for the service that you contract out.
    There has got to be an escrow aspect to the contract where the government
    can get that source.  That is in every contract that I've seen in a service
    contract.  The issue then is in how much someone is not doing their job
    according to the contract.  So, it boils back to the contract.  So, it's not
    really an Open Source issue.
    -----Original Message-----
    From: Todd Ellner
    To: Andrew Plato; crime@private
    Sent: 7/15/03 12:06 AM
    Subject: RE: CRIME GNU Help
    On Mon, 2003-07-14 at 23:08, Andrew Plato wrote:
    > I think any legislation that "directs" or "demands" the state to use
    > source without equally considering commercial, is a bad idea. 
    Oh, I dunno. With all the inertia and monied intere$t$ pushing hard for
    proprietary commercial software it would probably take more than a 
    "direction" for the state to even LOOK at OSS. Come to think of it that
    is exactly what is happening in the agency my wife works for. She is 
    only allowed to even experiment with OSS (mysql instead of Access, Linux
    instead of Win98, OO instead of Office, g++ or PERL instead of VC++ and
    so on) if she buys her own machine, does it on her own time and so on.
    On the other hand, an acquaintance in academia saved the State a metric
    truckload of money by kicking a bunch of software off the end of the
    pier and replacing it with open source and free software. But he had the
    advantage of being subject to a law which encouraged employees to reduce
    recurring costs like license fees. Absent something like that - a
    directive or demand which covered his butt - he would probably have lost
    his job for implementing the alternatives.
    > Public
    > entities should weigh both commercial and open products together. And
    > whatever solution works best should be used. If that means commercial,
    > commercial it should be. Just because something is "free" doesn't mean
    > better. Furthermore, many things that are "free" aren't really free.
    > are hidden costs, like support, administration, documentation, etc. 
    I've seen a few studies. The ones not actually paid for by the
    commercial vendors seem to indicate that OSS is at least no more 
    expensive and often less. Fixes and patches tend to come out much
    The problem is that without some leadership at the top the technical
    "best" will not be used. It will almost always be the familiar and the
    safe. "Nobody ever got fired for buying IBM" as the saying used to go.
    The leadership required to shift directions towards open and fair
    appraisals in a large organization must often be very strong. State
    governments are very large organizations.
    A stroll through the archives of, say, slashdot will show you what
    happens when governments consider open source. Certain large commercial
    vendors lobby the legislatures to squash it. Or they engage in dumping
    to stave off honest price comparisons. Here in Portland Microsoft
    came within a whisker of doing an extremely punitive audit of every
    single computer in the public schools when the school system put
    GNU/Linux into labs on an experimental basis.
    > As for quality and security, my feeling is that everything (open
    source or
    > commercial) has its positives and negatives. You're basically choosing
    > positives and negatives you find most appealing. 
    Why yes, that is exactly true. People who make decisions need to make
    them based on the totality of their experience, their best judgement,
    and informed opinions. 
    >The best solution is to let the free-market decide. Public
    > should have options, just like any other consumer. They shouldn't be
    > into using any technology.
    I've sketched a few of the more prominent distortions to the Blessed And
    Infallible Free Market (all hail the Market! all hail the Market!) which
    are already in place. A number of prerequisites for a "free market" are
    not in place and may not, in fact, be possible. First, the consumers -
    agencies, departments, individuals, what have you - can not freely
    choose the solutions that they most want. That's not how large scale
    procurement works. Certain actors can distort the market dynamic itself
    so that a purely technical choice based on the merits of the products is
    impossible. There are significant barriers to entry for competitors. And
    so on. I won't bore you with rehashed Econ 300.
    > Furthermore, from my experience, many government agencies DO consider
    > use open source technologies. I don't see why legislation is
    necessary. It
    > would just create more paperwork and administrative overhead?  
    And many government agencies that try to are squashed when the
    commercial vendors approach legislators. Consider the history of
    As for the volume of paperwork and administrative overhead, it works
    both ways. Without a requirement to consider alternatives and protection
    for those who are brave enough to try them people will tend to go with
    what has always been done no matter if it costs more or required
    significant overhead of its own; another version of "costs more" when
    you come right down to it. 
    Just as a for-instance consider the costs of keeping every copy of
    software associated with every machine at OHSU immediately available at
    the machine for a BSA audit. I am assuming that you wish to stay in
    compliance with all laws and commercial licenses. Compare that to the
    cost of giving alternatives a fair shake or making sure that nobody
    violates the GPL, Perl Artistic or Copyleft licenses. I don't know what
    the final number at the bottom is. And I doubt that you do either.
    Absent some good data we are arguing in a vacuum.

    This archive was generated by hypermail 2b30 : Tue Jul 15 2003 - 16:56:02 PDT