From: Todd Ellner (tellner@private)
Date: Tue Jul 15 2003 - 00:06:27 PDT

  • Next message: John McHugh: "Re: CRIME Security Training for Managers/Executives"

    On Mon, 2003-07-14 at 23:08, Andrew Plato wrote:
    > I think any legislation that "directs" or "demands" the state to use open
    > source without equally considering commercial, is a bad idea. 
    Oh, I dunno. With all the inertia and monied intere$t$ pushing hard for
    proprietary commercial software it would probably take more than a 
    "direction" for the state to even LOOK at OSS. Come to think of it that
    is exactly what is happening in the agency my wife works for. She is 
    only allowed to even experiment with OSS (mysql instead of Access, Linux
    instead of Win98, OO instead of Office, g++ or PERL instead of VC++ and
    so on) if she buys her own machine, does it on her own time and so on.
    On the other hand, an acquaintance in academia saved the State a metric
    truckload of money by kicking a bunch of software off the end of the
    pier and replacing it with open source and free software. But he had the
    advantage of being subject to a law which encouraged employees to reduce
    recurring costs like license fees. Absent something like that - a
    directive or demand which covered his butt - he would probably have lost
    his job for implementing the alternatives.
    > Public
    > entities should weigh both commercial and open products together. And
    > whatever solution works best should be used. If that means commercial, then
    > commercial it should be. Just because something is "free" doesn't mean it
    > better. Furthermore, many things that are "free" aren't really free. There
    > are hidden costs, like support, administration, documentation, etc. 
    I've seen a few studies. The ones not actually paid for by the
    commercial vendors seem to indicate that OSS is at least no more 
    expensive and often less. Fixes and patches tend to come out much
    The problem is that without some leadership at the top the technical
    "best" will not be used. It will almost always be the familiar and the
    safe. "Nobody ever got fired for buying IBM" as the saying used to go.
    The leadership required to shift directions towards open and fair
    appraisals in a large organization must often be very strong. State
    governments are very large organizations.
    A stroll through the archives of, say, slashdot will show you what
    happens when governments consider open source. Certain large commercial
    vendors lobby the legislatures to squash it. Or they engage in dumping
    to stave off honest price comparisons. Here in Portland Microsoft
    came within a whisker of doing an extremely punitive audit of every
    single computer in the public schools when the school system put
    GNU/Linux into labs on an experimental basis.
    > As for quality and security, my feeling is that everything (open source or
    > commercial) has its positives and negatives. You're basically choosing which
    > positives and negatives you find most appealing. 
    Why yes, that is exactly true. People who make decisions need to make
    them based on the totality of their experience, their best judgement,
    and informed opinions. 
    >The best solution is to let the free-market decide. Public
    > should have options, just like any other consumer. They shouldn't be forced
    > into using any technology.
    I've sketched a few of the more prominent distortions to the Blessed And
    Infallible Free Market (all hail the Market! all hail the Market!) which
    are already in place. A number of prerequisites for a "free market" are
    not in place and may not, in fact, be possible. First, the consumers -
    agencies, departments, individuals, what have you - can not freely
    choose the solutions that they most want. That's not how large scale
    procurement works. Certain actors can distort the market dynamic itself
    so that a purely technical choice based on the merits of the products is
    impossible. There are significant barriers to entry for competitors. And
    so on. I won't bore you with rehashed Econ 300.
    > Furthermore, from my experience, many government agencies DO consider and
    > use open source technologies. I don't see why legislation is necessary. It
    > would just create more paperwork and administrative overhead?  
    And many government agencies that try to are squashed when the
    commercial vendors approach legislators. Consider the history of
    As for the volume of paperwork and administrative overhead, it works
    both ways. Without a requirement to consider alternatives and protection
    for those who are brave enough to try them people will tend to go with
    what has always been done no matter if it costs more or required
    significant overhead of its own; another version of "costs more" when
    you come right down to it. 
    Just as a for-instance consider the costs of keeping every copy of
    software associated with every machine at OHSU immediately available at
    the machine for a BSA audit. I am assuming that you wish to stay in
    compliance with all laws and commercial licenses. Compare that to the
    cost of giving alternatives a fair shake or making sure that nobody
    violates the GPL, Perl Artistic or Copyleft licenses. I don't know what
    the final number at the bottom is. And I doubt that you do either.
    Absent some good data we are arguing in a vacuum.

    This archive was generated by hypermail 2b30 : Wed Jul 16 2003 - 13:28:08 PDT