9 Features of FOSS: 9.1 Performance

Performance
9 Features of FOSS
This chapter examines the features of Free/Open--Source Software. Various aspects
of FOSS are examined including the adequacy of FOSS performance and its po-
tential for reducing costs. The nature of
vendor lock--in and the use of FOSS as a (9) Feature of FOSS
way to avoid vendor lock--in is examined.
Performance Security
Other subjects explored include the actual How is performance of

FOSS products?
Is the security of FOSS
product high or low?
security of FOSS products and the educa- Cost Educational benefits

Is it possible to reduce What is educational
tional benefits of FOSS. Later sections ex- cost by FOSS? efficiency from FOSS?
amine the importance of sustainable soft- Vendor lock-in

What is vendor lock-in?
Sustainability
Importance of
sustainable software
ware development and the positive impact How to avoid vendor
lock-in by adopting development
FOSS?
of FOSS on sustainable software develop-

ment. An Introduction to Free/Open-Source Software
Copyright © 2005,2006, Center of the International Cooperation for Computerization (CICC) All Rights Reserved.
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 237
Copyright © 2008, University of Puerto Rico at Mayaguez. All Rights Reserved.
9.1 Performance
FOSS is noted for innovative and rapid development, among its other features.
FOSS also has a general reputation for being suited to innovative development. Ac-
tual development of active FOSS projects
occurs at an extremely rapid pace. This Performance
section also examines the results of perfor-
Innovative and fast development
mance tests carried out in 2004 in Japan, FOSS is suited for innovative development
Developing speed of active FOSS project is amazingly
in which the actual performance of FOSS high
FOSS performance testing in Japan

products was evaluated. As a matter of fact, how is the performance of FOSS?
A series of performance evaluations on FOSS products

were conducted by a work group of Japan FOSS
promotion forum
An Introduction to Free/Open-Source Software Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved. 238
188
Features of FOSS
9.1.1 Innovative and Fast Development

FOSS has a reputation for enabling innovative development. A large part of this
can be traced to the strong motivation of developers that support FOSS develop-
ment. The primary motivation of FOSS
development is a desire by developers to Innovative and Rapid Development
create software that they want, or to create

Reasons for innovative development
software unlike any other. Unlike many oc- Motivation of FOSS developers
Create software that developers want
cupational programmers, FOSS developers Create software unlike any other
Localization tends to be more easily implemented
are involved in development out of person- Localization undertaken by actual users that desire
localization
al desire, which is likely to produce inno- Rapid pace of development

Projects fundamentally driven by enthusiasm of
vative software. developers
Although development sometimes takes place through

business
Localization also tends to be easier to im- Desire to quickly develop software that developers want
Large projects involve worldwide developer base
plement with FOSS, because it is under- Round-the-clock development

An Introduction to Free/Open-Source Software
taken by the actual users that desire to

get localized software. It is important to
note that this is possible only because of FOSS.
Although FOSS development is sometimes implemented through business, projects
are fundamentally driven by the enthusiasm of developers, which leads to fast de-
velopment. This enthusiasm drives developers to rapidly develop the software that
they want. Major FOSS projects involve the participation of a worldwide developer
base, which can increase the pace of development through round--the--clock develop-
ment. This type of development is one reason why security patches to fix software
vulnerabilities are rapidly released under FOSS.
9.1.2 FOSS Performance Testing in Japan

The Japan OSS Promotion Forum’s Development Infrastructure Working Group
has tested the performance of select FOSS products. The products tested include
DBMS, PostgreSQL, JBoss and the Linux
kernel. FOSS Performance Testing in Japan
Benchmark performance of DBMS was test-

Performance evaluations implemented by working
ed using OSDL Database Test 1 (DBT-- group of Japan FOSS Promotion Forum
Results of Development Infrastructure Working Group
1), a Web--based transaction performance DBMS benchmark evaluation using OSDL DBT-1
Benefits of tuning confirmed
test that simulates the activities of Web PostgreSQL evaluation using OSDL DBT-3
JBFOSS performance and reliability evaluation using

SPECjAppServer2004
users browsing and buying items online. Performance of WebLogic surpasses JBFOSS
Evaluation and bottleneck analysis of Linux kernel using LKST
PostgreSQL was evaluated using the OS- Development of crash analysis tools and evaluation of FOSS
performance and reliability
Evaluation of Java application layer
DL DBT--3 suite for decision support work- Evaluation of database and OS layers
Members of Development Infrastructure Working Group
load. DBT--3 consists of business oriented Hitachi, SRA, NTT Data, NS Solutions, Sumisho Computer Systems, NRI,
Miracle Linux, Uniadex, NTT Comware, Nihon Unisys

ad--hoc queries and concurrent data modi-

fications. The reliability and performance
189
Cost
of JBoss was evaluated using the SPECjAppServer2004 benchmark for J2EE servers.
SPECjAppServer2004 is supplied by Standard Performance Evaluation Corporation.
Evaluation and bottleneck analysis of the Linux kernel was conducted using Linux
Kernel State Tracer (LKST).
The tests found that tuning could be used to draw higher levels of performance from
FOSS products. The Working Group is also developing crash analysis tools and
evaluating FOSS performance and reliability, in order to assess Java application,
database and operating system layers. The Development Infrastructure Working
Group is made up of a consortium of 11 companies, centering on Japanese system
integrators such as Hitachi, SRA and NTT Data.
9.2 Cost
FOSS deployment is associated with the myth of low cost. At the present time, FOSS
does not always ensure cost reductions. Although it is essential to evaluate the to-
tal cost of ownership (TCO) when deploy-
ing a system, it should be kept in mind Cost
that cost evaluations can be tailored to the
Myth of low cost
standpoint of evaluation. Cost evaluations FOSS is not almighty to reduce costs
must be performed based on a thorough Evaluating total cost of ownership (TCO)

Cost evaluation strongly depends on assessor's idea
understanding of where FOSS deployment Cost reduction factors

What items can be candidate for cost reduction factors
can reduce costs. The cost disadvantages by FOSS adoption?
Cost disadvantage of FOSS

of deploying FOSS also need to be under- What are disadvantage points in FOSS adoption?
stood.
190
Features of FOSS
9.2.1 Myth of Low Cost

Cost reduction is considered to be the major advantage of GNU/Linux deploy-
ment. This assumption is nearly always true when GNU/Linux is used to replace
Unix. When migrating from Unix, hard-
ware costs are likely to be driven down by Myth of Low Cost
the deployment of low cost IA (Intel Ar-
Presumed to be chief advantage of GNU/Linux
chitecture) servers. In the case of Tsu- deployment

Nearly always true when replacing Unix
taya Online, system building costs were Tsutaya Online: 1/4 to 1/5 cost reduction
Amazon.com: Saved $17 million
one--quarter to one--fifth lower due to GNU/Linux TCO gap with Windows is small and debatable
Inadequate experience and lack of thorough discussion
deployment. Amazon.com is said to have for meaningful comparison of desktops costs
Focus ends up being on maintenance costs
saved as much as $17 million from deploy- Maintenance of middleware and applications
Cost of administrative engineers
Once technology is created to easily manage multiple

ing GNU/Linux. desktops
Desktop tug-of-war between Windows and GNU/Linux
However, there is only a small gap in TCO An Introduction to Free/Open-Source Software

when comparing GNU/Linux and Windows.

The advantage can be tipped in favor of
either environment by changing the assumptions about how a system is used. Com-
paring costs for desktop deployment is usually meaningless due to inadequate expe-
rience with FOSS. A lack of thorough discussion also hampers any meaningful cost
comparisons involving FOSS desktops.
Cost evaluations frequently end up focusing on maintenance costs. In addition to
the cost of maintaining middleware and applications, it is necessary to factor in
the cost of administrative engineers and user training. FOSS is drawing interest
today as a way to reduce costs for desktop use, which is linked to the desktop tug--
of--war between Windows and GNU/Linux. Once technology is created to simplify
the administration of multiple desktops, maintenance costs for FOSS desktops are
expected to fall dramatically. This development will enable effective cost reduction
through FOSS desktop deployment.
191
Cost
9.2.2 Evaluating Total Cost of Ownership (TCO)

TCO evaluations are normally used as a guidepost for economic evaluations of sys-
tems. The total cost of ownership refers to the total of all costs required to main-
tain, administer, and adequately operate
systems. TCO comprises various elements Evaluating Total Cost of Ownership
such as systems deployment and operat-

TCO (Total Cost of Ownership)
ing costs. Training costs for both users Total of all costs required to maintain, administer, and
adequately operate systems
and system administrators also factor into Elements contributing to TCO

Deployment costs, operating costs, training costs, etc.
TCO. Room to calculate TCO as desired, by changing
It is important to remember that a TCO standpoint of evaluation

Microsofts Get the Facts campaign: How are the facts
evaluation leaves room for the results to be represented?
Various assumptions are suspect

calculated in favor of the evaluator. This is Proper evaluation of TCO requires concrete
assumptions about how system will be used
achieved by changing the standpoint of the Results will depend on the assumptions made
evaluation. Microsoft’s Get the Facts cam-

paign illustrates how facts can be twisted
according to the way they are presented.
In evaluating TCO, it is important to set certain concrete assumptions concerning
how systems will be used. The results of the TCO evaluation will depend on where
these assumptions are placed. Proper evaluation of TCO requires attention to the
assumptions made when calculating the TCO.
9.2.3 Cost Reduction Factors

This section examines how FOSS can reduce costs. To begin with, FOSS can be re-
lied on to drive down initial deployment costs. Since only one copy of a GNU/Linux
distribution is needed, minimal costs are
incurred in obtaining distributions. How- Cost Reduction Factors
ever, enterprise GNU/Linux distributions
Initial deployment costs
sold to users include support costs and the Cost of acquiring distribution (only one copy needed)
Licensing costs
cost of commercial software, which are in- If proprietary software is required, only license for that
software must be purchased
cluded in the distribution. Upgrade costs

Usually very low
Licensing costs are not required for sys- Frequently expensive for proprietary software
tems built entirely using FOSS. If propri- Hardware costs

Runs adequately on older hardware for certain
applications
etary software is required, only the license Systems can be tuned to adequately run on low spec
PCs
for that software needs to be purchased. An Introduction to Free/Open-Source Software

Licensing costs are not anticipated to take

up a significant proportion of overall costs
when deploying FOSS.
FOSS also enables the lowering of upgrade costs. Upgrades costs for GNU/Linux
distributions are typically quite low, while upgrade costs for proprietary software
192
Features of FOSS
are often very high. The ability to lower upgrade costs is a major advantage for
systems that will be operated for an extended period while maintaining software
upgrades.
Hardware costs can also be lowered using FOSS. FOSS can adequately run on older
hardware. This is true for certain applications such as single function servers that
provide simple interaction. There is no need to go to the trouble of deploying new
hardware for these types of applications. FOSS systems can also be tuned to run
adequately on existing low spec PCs.
9.2.4 Cost Disadvantages of FOSS

FOSS also has certain cost disadvantages. These disadvantages are frequently iden-
tified during TCO comparisons with existing proprietary systems. The cost of train-
ing is considered as a major disadvantage
when migrating to a FOSS--based system Cost Disadvantages of FOSS
from a familiar existing system. In gen-
Frequently identified cost disadvantages
eral, users are extremely conservative and Training costs
will resist migrating from a familiar envi- Users are generally conservative and resist migrating from
a familiar environment to a new environment
Lack of textbooks and reference material for mastering

ronment to a new environment. Therefore, FOSS
Support costs
it is necessary to factor in the cost of train- High cost of support due to limited supply of FOSS
engineers
ing when newly deploying FOSS. Costs are going to decrease as FOSS becomes more common
Systems modification costs
A shortage of textbooks and reference ma- Servers may need to be modified
Some systems only designed to work with specific clients
terial to master FOSS also contributes to FOSS clients may not work within such systems

higher training costs for FOSS. In compari-

son, books for commonly deployed systems
are widely available and can be used for self--study. The limited supply of informa-
tion for FOSS also drives up costs due to the need for customized training courses.
The same situation also exists for support costs. A limited supply of FOSS engineers
contributes to the view that support costs are still high. However, the high cost of
labor is anticipated to drop as FOSS becomes more common.
One element that can impede cost reduction from FOSS deployment is the need
for additional costs relating to system modification. This is likely to occur when
deploying FOSS for an existing system that is already running. For example, when
clients are migrated to FOSS as a way to reduce costs, the server may need to be
modified. This can lead to an actual increase in costs. The configuration of the
existing system comes into play, in terms of whether the system is designed to only
work with specific clients. Systems configured in this way may prevent FOSS clients
from working, so that modification of the overall system is required.
193
Vendor Lock--In
9.3 Vendor Lock--In

This section examines the nature of ven-
dor lock--in and the issues it causes. Ex- Vendor Lock-In
amples of vendor lock--in in other indus-
What is vendor lock-in
tries are illustrated, since vendor lock--in An environment or situation that locks in users to
products from a specific vendor
is not unique to the IT industry. In order What are the problems with vendor lock-in?
Examples of lock-in business strategies

to avoid lock--in, it is important to sepa- Vendor lock-in is found not only in IT market
rate the interface and implementation by Separation of Interface and Implementation

Promoting fair competition among implementations
adopting a standard interface. This ar- from each vendor, in conformity with standard
interfaces
rangement promotes competition via the FOSS and open standards

Reasons why fair competition requires more than
implementation. In addition, the relation- specification standards

ship between FOSS and open standards

is also explored, examining why it is not
enough to standardize specifications.
9.3.1 What is Vendor Lock--In

Vendor lock--in describes an environment or situation that locks in users to prod-
ucts from a specific vendor. Vendor lock--in is used as a customer retention strategy
by vendors. Various factors can lead to
vendor lock--in, such as the need to en- What is Vendor Lock-In
sure compatibility with archival data or
Vendor lock-in
between data formats exchanged by users. Locks in user environment to specific vendors
products
The integrated look and feel of a user in- Type of customer retention strategy
Can lead to endless vicious circle of biased
terface can also contribute to vendor lock-- procurement
Forces users into regular version upgrades
Monopoly can invite lower quality and higher costs
in. Other contributing factors can include Need to maintain compatibility with archival assets
Eliminates participation by other vendors through use of
how a system’s features are operated or the closed specifications
Used to be an excellent business model

knowledge of that environment. Users: Buy long-term support and peace of mind
Vendors: Stable revenue and growth of market share

Vendor lock--in used to be an excellent busi- An Introduction to Free/Open-Source Software
ness model. Users expected vendors to

provide long--term support in a vendor lock--
in situation. In some ways, vendor lock--in provided a way for users to purchase peace
of mind. For vendors, vendor lock--in was recognized as an effective business model
that balances long--term stable revenue and growth of market share.
Eventually, enclosure by specific companies became more of an obstacle for certain
products. This became true of products like software, which rely on frequent up-
dates and are high in interdependency. In these industries, vendor lock--in becomes
an obstacle to ensuring fair competition. Vendor lock--in of software and systems
encourages an ever--widening vicious circle of biased procurement. Under this ar-
rangement, locked in users must continue to procure product lines from a specific
194
Features of FOSS
vendor over the long term. Vendor lock--in also forces users to implement regular
version upgrades. Furthermore, a monopoly invites the possibility of lower quality
and higher costs. The need to maintain compatibility of data can also be unsoundly
used as justification to eliminate the participation of other vendors through the use
of closed specifications.
9.3.2 Examples of Lock--In Business Strategies

This section provides examples of enclosure in business that translate into vendor
lock--in. Although there are many examples of enclosure in business, it is rare
for strong vendor lock--in to be achieved
through technology. Examples of Lock-In Business
Strategies
The customer loyalty or rewards program
Rewards programs Mobile phone carriers and ISPs
is a leading example of a lock--in business Leading examples
Credit card companies

Frequently introduce new
models and services
strategy. Primary examples of rewards pro- Frequent flier programs
Mail order companies and

Users do not wish to change
mobile numbers and e-mail
addresses
grams include those used by credit card mass merchandisers
Everyday examples Introduction of mobile number

portability may reduce lock-in
Frequent buyer cards
companies, mail order companies and mass from retailers
Restaurant coupons
advantage
MNP: Mobile Number Portability
merchandisers. Frequent flyer programs Car dealers

Preferential trade-in
Worst case of vendor lock-in
One yen bid
used by airlines also fall into this catego- programs for car brands
from same manufacturer
Bid on first year at low cost
Gain highly profitable private

contracts in after the second
ry. Everyday examples include frequent Frequent model changes

year
buyer cards from retailers and restaurant

coupons.
Another type of vendor lock--in strategy is the preferential trade--in program offered
by some car dealers in Japan. This type of program applies to trade--ins of a car
brand from the same manufacturer. Car manufacturers also introduce frequent
model changes to encourage customers to upgrade to a new vehicle. This business
strategy is similar to the regular introduction of version upgrades for software.
Mobile phone companies and ISPs also rely on business models with similar elements.
By continually introducing new models and services, users are encouraged to upgrade
their equipment or purchase new services. At the same time, users tend to resist
changing their mobile phone number or e--mail address (ID), so that they are locked
into their assigned ID. However, the introduction of mobile number portability across
telecommunication carriers is expected to reduce the lock--in advantage for mobile
phone companies.
In Japan, the most unfair example of vendor lock--in is the “one yen bid,” which
undermines the very purpose of bidding as a way to reduce costs. The one yen
bid takes advantage of Japanese business customs and the complexity of system
building. Under this strategy, the vendor places an ultra--low bid on the first year
of a contract. After building the system at a loss, the vendor gains private contracts
after the second year and beyond, based on its established record as the system
195
Vendor Lock--In
builder. These contracts enable the vendor to take on highly profitable contracts
for systems operation and continued development.
9.3.3 Separation of Interface and Implementation

Interfaces should be clearly defined and standardized for the purpose of avoiding
vendor lock--in and promoting fair procurement. Separating the interface from the
implementation achieves fair competition
within a standard interface. The follow- Separation of Interface and
Implementation
ing steps are used to separate the imple- Separate from implementation to achieve
mentation, which will ideally result in fair competition

1. Derive necessary functions and separate into modules.
competition: 2. For each module, separate the interface and implementation.
3. Define the interface and establish it as a standard.
Separation of implementation ideally results in fair

competition
1. Derive the necessary functions and sep- From de facto standards to open standards
Conventional de facto standards
arate into modules. Implementation also treated as part of standard
Open standards
Standards formulation process also handled openly
Implementation left to each vendor
2. For each module, separate the interface Interface is specified to a standard, and implementation
is interchangeable
and implementation. An Introduction to Free/Open-Source Software

Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved.
249
3. Define the interface and establish it as a standard.
Due to the importance of interface standardization, the trend among IT vendors

today is to emphasize open standards as vendors move away from de facto standards.
Conventional de facto standards were treated that way due to the large market share
of certain software. Under this arrangement, the interface is also treated as part of
the de facto standard.
In contrast with the de facto standard, which treats an existing implementation as
the standard, the de jure standard is based on a previously formulated standard.
Implementations are made to be compliant with the de jure standard. Sometimes
the decision--making process used in formulating the standard is entirely open. This
is referred to as an open standard. Under an open standard, only the interface is
standardized. Implementation is left to each vendor.
196
Features of FOSS
9.3.4 Free/Open--Source Software and Open Standards

Open standards are an effective strategy to avoid vendor lock--in. Open standards
are open in all phases of the standardization process and its application: e.g. partici-
pation on the standardization committees,
access to the standardization documents, Free/Open-Source Software and Open
Standards
and implementation of the standard. By
Avoid vendor lock-in
making specifications open, it is possible to Make specifications open to maintain competition

Open specifications alone are insufficient

maintain competition. However, it is wide- Also need to release source code
Enables other vendors to participate in system upgrades
User has upper hand for price negotiations
ly believed that open specifications alone Why open standards alone are inadequate
Vendors will always emerge to seek differentiation through
are not enough to maintain fair compe- proprietary means
Example of HTML
tition. According to this view, releasing Standard specifications decided by W3C
Browser war: Browser incompatibilities due to proprietary tag

extensions
source code as FOSS is the first step to- Example of tying applications into OS
Proprietary performance enhancements using unpublished APIs
ward complete avoidance of vendor lock-- Vendor gave itself unique advantage as OS developer

in.
Systems that comply with open standards
provide for interchangeability of the implementation. This is said to enable other
vendors to participate in system upgrades and gives users the upper hand in price
negotiations. However, FOSS proponents argue that this only works in theory.
Open standards alone are viewed as being inadequate, due to the rule of thumb that
vendors will always emerge seeking differentiation through proprietary means.
The example of HTML or HyperText Markup Language illustrates this view. The
standard specifications for HTML are decided by the World Wide Web Consor-
tium (W3C). However, browsers have introduced proprietary extensions to HTML
tags in competing for market share. This has led to an uneven history of browser
incompatibilities.
Further illustrating this point is the example of a certain OS vendor accused of tying
in applications to its own operating system. The vendor had created unpublished
APIs for its OS. These APIs were exclusively used by the vendor’s own applications
to deliver performance enhancements of a proprietary nature. The arrangement
enabled the OS vendor to give itself a unique advantage. The incident is also one of
the reasons why users remain locked into that OS today.
Yet another argument in favor of this view are the recent incidents surrounding the
standardization of OOXML. One of the many criticisms against this standard claims
that a FOSS implementation is not possible since OOXML implicitly relies on (not
yet standardized) proprietary software.
197
Security
9.4 Security
This section examines the issue of security in software and whether FOSS is inherent-
ly more or less secure. Although there are arguments for both sides, a quantitative
evaluation of FOSS security has yet to be
conducted, making it a matter for future Security
discussion. FOSS security tools are also
Security of Software
examined. What is secure software? From whom do we have to

protect our software?
Is FOSS really more secure?

Opinions from two sides: More Secure vs Less
Secure
Many eyes of developers

The reason why FOSS is more secure
Naked implementation
The reason why FOSS is less secure
FOSS Security Tools
There are many security tools released as FOSS
9.4.1 Security of Software

By definition, the security of software provides a measure of whether software can be
anticipated to continue running. Obstacles to security include outside threats such
as unauthorized access and interception of
communications. Unauthorized manipu- Security of Software
lation of data such as falsification is also Security is the ability to keep software operating as
a threat to security. Additional obstacles expected
Obstacles to security
to security include defects in the software Outside factors
Unauthorized access: Unexpected manipulation by third party
itself and vulnerabilities in the design of Interception and falsification: Incidents relating to transmission
path for privileged data
software. Interception: Unexpected leakage of data
Falsification: Transmission of insidiously modified data
Internal factors
Unauthorized access involves unexpected Software defect: Unexpected operation due to fault in software
Vulnerability: Fault or specification issue that could be used by

third party to take over system or leak data, etc.
manipulation by a third party. Intercep- Raises the issue
tion and falsification are examples of unau- Can FOSS improve security against these threats?

thorized manipulation of privileged data

streamed over a transmission path. Both
problems can result in unexpected circulation of tampered data.
A software defect occurs when software operates in an unexpected way due to a fault
with the software. Software and system vulnerabilities occur when there is a system
fault or problem with specifications. These problems could enable a third party
to take over the system, or take advantage of the vulnerability to leak confidential
data. The next section examines whether FOSS can be used to improve security
against such threats.
198
Features of FOSS
9.4.2 Is FOSS Really More Secure?

There are two widely divergent views on
the impact of FOSS on security. One ar- Is FOSS Really More Secure?
gument holds that FOSS offers greater se-
Widely divergent views
curity due to its transparency and active FOSS is more secure due to transparency and active
developer base
developer base. The opposing argument Proprietary software from major vendors affords
greater chance of ensuring security
claims that proprietary software from ma- Reality of the situation

Servers
jor vendors affords greater opportunities to Unauthorized access and security accidents occur on all
platforms including Unix, GNU/Linux and Windows
ensure security. Desktops

Viruses and worms targeted at FOSS are extremely rare
Low probability due to small number of FOSS desktops to begin
The reality for servers is that unauthorized with?
Depends on system design principles; operating systems

designed for convenience are comparatively more vulnerable
access and security accidents occur on all An Introduction to Free/Open-Source Software

platforms including Unix, GNU/Linux and

Windows. The rate of problems depends
on the popularity of the platform.
The situation is slightly different for desktops. Viruses and worms targeted at FOSS
are extremely rare and almost non--existent today, although the number of FOSS
desktops is relatively low to begin with. However, it is hard to imagine that viruses
will become rampant on FOSS desktops as they are today, even with the spread
of FOSS desktops. This reasoning is due to the system design principles employed
for Free/Open--Source operating systems. The trade--off that exists between conve-
nience and security. Operating systems that are designed for greater convenience
have comparatively more vulnerabilities. As Unix--based systems, FOSS desktops
place an emphasis on security.
9.4.3 “Many Eyes” of Developers

The “many eyes” of developers is cited as one reason why FOSS offers greater se-
curity. The notion refers to the many eyes of developers that inspect source code
to identify any issues with code. This view
holds that continuous round--the--clock de- Many Eyes of Developers
velopment by a worldwide developer base
Possible reasons for greater security of FOSS
enables rapid response to defects. This in Rapid response to defects
Continuous round-the-clock development by worldwide
turn enables relatively fast response when developer base
Relatively fast response when critical vulnerabilities or

security holes are identified
critical vulnerabilities or security holes are Applies to actively developed FOSS projects
Trojan horse measures
identified. Although the notion of “many Difficult to slip unauthorized code into source code
circulated as FOSS
eyes” applies to actively developed FOSS Based on notion of improved security through
vigilance of many developers
projects, it does not necessarily apply to
FOSS projects developed under a small de- An Introduction to Free/Open-Source Software
velopment structure.
199
Security
FOSS is also claimed to be effective for

countering the “Trojan horse” program. This view holds that it is difficult to slip
unauthorized code into source code that is published as FOSS. Both the “Trojan
horse” measures and the notion that FOSS offers rapid response to defects are based
on the idea that security is improved through the vigilance of many developers.
9.4.4 Naked Implementation

FOSS is also claimed to reduce security, based on the argument that releasing
source code gives crackers enough information to attack FOSS. This view holds that
FOSS makes it easier to find errors or secu-
rity holes in the implementation or design Naked Implementation
of software, resulting in reduced security.
Reasons FOSS is thought to reduce security
However, the “many eyes” notion offers a Releasing source code provides crackers with enough
information to do harm
counter--argument to this view. Since in- Easier to find errors or security holes in
implementation
formation about FOSS is released, devel- Counter-argument: Release of source code enables
immediate response if security holes are discovered
opers can respond immediately when a se- Concern about structure for security measures
by software provider
curity hole is discovered. Major vendors are putting resources into security
measures
Lack of trust in volunteer development of FOSS

One frequent concern about FOSS is the projects
Risk is higher for less active FOSS projects
structure for security measures on the part An Introduction to Free/Open-Source Software

of the software provider. Major vendors of

existing proprietary software are putting
adequate resources today into security measures. However, there is a lack of trust in
the security measures of FOSS projects, which are implemented through volunteer
development. The security risk is thought to be higher for FOSS projects that are
not particularly active.
200
Features of FOSS
9.4.5 FOSS Security Tools

This section introduces FOSS security tools as part of the subject of FOSS security.
FOSS Security Tools
GNU Privacy Guard (GPG)

PGP encryption tool from GNU
Many MUAs work with GPG
Snort, CodeSeeker
FOSS Intrusion Detection Systems (IDS)
OpenSSH
FOSS implementation of Secure Shell (SSH) protocol
Commonly used today in place of Telnet and remote

shell (rsh)
OpenSSL, GNU TLS

FOSS implementations of SSL (Secure Socket Layer)
protocol
Other tools: OpenVPN, Tripwire (system integrity

check tool), etc.
9.4.5.1 GNU Privacy Guard

GNU Privacy Guard (GPG) is a tool for PGP encryption of e--mail. Developed by
GNU, GPC is considered the standard tool for PGP encryption. Many MUAs have
been developed to work with GPG.
9.4.5.2 Snort, CodeSeeker

Snort and CodeSeeker are FOSS implementations of Intrusion Detection Systems
(IDS).
9.4.5.3 OpenSSH
OpenSSH is a FOSS implementation of the Secure Shell (SSH) protocol, which
provides for encryption of communication paths. SSH is increasingly common as a
replacement for Telnet and remote shell (rsh) to connect to remote hosts.
9.4.5.4 OpenSSL, GNU TLS, Etc.

OpenSSL and GNU TLS are FOSS implementations of the SSL (Secure Socket
Layer) protocol used for secure communications. These technologies are frequently
incorporated into network software. Other major FOSS security tools include Open-
VPN for building virtual private networks (VPN) and Tripwire, a system integrity
checker.
201
Educational Benefits
9.5 Educational Benefits

This section examines the educational ben-
efits of FOSS. The ability to learn from the Educational Benefits
precedence of released source code is high-
Source code as an example
ly effective as an education tool. Well-- Learn from the precedence of released source code
Leading source code is equivalent to an excellent text
written source is the best textbook, while book
Using a debugger to verify that source code runs

sloppy source code sets a negative example Important issue is that the source code is really
runnable
for learning. In order to use a debugger to Low cost of development environments and
see how code works, it is critical to use resources

Low entry levels to start learning
source code that actually runs rather than Educational benefits of communities
We have much from communities
just sample code. With FOSS, it is possi- An Introduction to Free/Open-Source Software

ble to prepare a development environment

and obtain development resources at low
cost. This means that the barriers to beginning study are low. Information ex-
change through the FOSS community also provides practical benefits for education
that cannot be ignored.
9.5.1 Source Code as an Example

FOSS excels as a source of training material for IT engineers, by providing con-
crete examples for learning about software design techniques and working pro-
gramming technology. FOSS offers a way
to learn from actual examples rather than Source Code as an Example
just sample programs. Since FOSS pro-
Study concrete examples
vides actual running source code, it is pos- Software design methodologies
Programming techniques
sible to learn step--by--step how a program Actual programming samples
runs. This is accomplished by inserting de- Learn step-by-step how a program runs
Look up similar code
bug print routine or using a debugger. Source code as a textbook

Publications relating to FOSS such as Code Reading
Another major educational advantage of and Lions' Commentary on UNIX 6th Edition with
Source Code are published
FOSS is the ability to look up similar code.

The code can then be incorporated into An Introduction to Free/Open-Source Software
your own code as long as it is permitted

under the licensing. Publications relating
to FOSS such as Code Reading and Lions’ Commentary on UNIX 6th Edition with
Source Code have long been published. These practical books are popular and
widely reprinted.
202
Features of FOSS
9.5.2 Using a Debugger to Verify how Source Code Runs

FOSS makes it possible to obtain, modify and check source code. It is impor-
tant to study source code that actually runs and to use a debugger that enables
you to see how a program runs. This ar-
rangement makes it possible to study prac- Using a Debugger to Verify that
Source Code Runs
tical techniques beyond theory. By study-
FOSS makes it possible to:
ing real code from actual programs, you Obtain source code
Modify source code
can learn about current technology trends Check source code
Source code that actually

and gain a broad understanding of soft- runs
ware design techniques beyond fundamen- Important to verify using

debugger
tal theory and technique. Verify operating logic
Learn through practical

experience
Enables study using real

code
9.5.3 Low Cost of Development Environments and Resources

Proprietary software often involves tall barriers to participating in development,
primarily in terms of cost. These barriers include the need to purchase devel-
opment tools and receive fee--based train-
ing to learn about development technolo- Low Cost Development Environment
and Development Resources
gy. Although much of the information nec-
Proprietary software involves tall barriers to
essary for development is available online, participation

Purchase of development tools
essential information may need to be ob- Purchase of development information
Fee-based training
tained from vendors for a fee. Development resources comparatively lower

cost for FOSS
In comparison, resources for FOSS tend to Distributions include development tools
Information available online
be available at a comparatively low cost. Training largely fee-based
Risks for software technology acquisition under
Distributions come with development tools, FOSS

Time and effort
while information necessary for develop- Ability to control risks yourself is where FOSS excels in

ment is almost always available online. How-

ever, there is still a shortage of textbooks
and reference books for beginners, and training courses are largely fee--based.
FOSS offers lower financial risks for investment in software technology acquisition.
Beyond that, there are only minor risks associated with the amount of time invested
in training and the effort you invest. FOSS--based training makes it possible to
control these risks yourself, which is where FOSS excels compared with training
that uses existing proprietary software.
203
Educational Benefits
9.5.4 Educational Benefits of Communities

FOSS communities also offer educational
benefits, based on the approach that users Educational Benefits of Communities
can learn how to use software from the

Approach that users can learn how to use
community without learning by users them- software from the community without learning
by users themselves
selves. The underlying purpose of user com- User communities as cooperative organizations
munities is to facilitate mutual assistance Ask questions through mailing lists and message
boards
for FOSS projects, which tend to be short Rules of communities

Give-and-take of information
information authorized by a developer com- Observe netiquette
Prevent flame wars from occurring
munity. Many FOSS communities normal- Development communities must also make an
effort to provide accessible information
ly conduct their virtual activities online. An Introduction to Free/Open-Source Software

As part of FOSS communities, user com-

munities play a major role to facilitating
information exchange through mailing lists and message boards.
The rule of communication in FOSS communities is to exchange information on a
give--and--take principle. Observance of netiquette and respectful interaction are
also emphasized. In the faceless world of online communication, flaming can erupt
when participants fail to observe these rules of conduct. Flaming is undesirable and
has even caused some famous projects to split or stop completely.
Developer communities should also make an effort to provide ready access to rel-
evant information and user manuals. Projects with a good flow of feedback from
user communities as well as information from developer communities can expect to
achieve a positive cycle of growth. This leads to faster development and growth of
the user base and community.
204
Features of FOSS
9.6 Sustainability
Many software projects feature ongoing development in order to respond to defects
or provide support for diverse platforms. This section examines why sustainable
software development is necessary and the
reasons that FOSS is effective for achiev- Sustainability
ing sustainable software development. Al-
Necessity of sustainable software development
so examined are the reasons for the analo- Why sustainability of software development is so
important?
gy drawn between the advancement of soft- The key is adaptation to various kind of platforms
Realizing sustainable software development

ware and scientific progress. The freedom Why FOSS enables us to realize sustainable software
development?
of software is also essential to the advance- Scientific progress and advancement of software
ment of software science and software engi- Similarities between scientific progress and
advancement of software
neering, and to producing better software. For the advancement of software

To produce better software products
9.6.1 Necessity of Sustainable Software Development

Sustainability of software development is desirable as long as there are users for
the software. This is due to the increasingly complex environment that surrounds
software today, which makes it difficult for
software to be flawless. Defects in soft- Necessity of Sustainable Software
Development
ware are continually discovered on a dai- Sustainable software development is necessary as long
ly basis. These defects can include securi- as users wish to use software
Defects in software discovered on daily basis
ty holes that can inconvenience others and Security holes cause problems for others
OK to end development of tried-and-tested software*?
eventually develop into a social problem. *Tried-and-tested software: Software in which almost all bugs
have been worked out
Tried--and--tested software is software that Are there any issues with suspending software
development?
Yes, there are
has had almost all of the defects worked Reasons
Changes in surrounding environment including OS, dependent
out of it. Although it might seem accept- libraries, etc.
Software must be adapted to support to these changes
able to suspend the development of tried-- FOSS capable of being adapted to diverse platforms

and--tested software, this is frequently not

the case. Maintenance is often needed due
to the continually changing environment that surrounds software, both in terms of
operating systems and dependent libraries. Even tried--and--tested software must
be adapted to support these changes, as long as there are users that wish to use the
software in such environments.
Since FOSS enables modification and redistribution of source code, it can be easily
adapted to support diverse platforms. Consequently, FOSS simplifies the implemen-
tation of sustainable software development.
205
Sustainability
9.6.2 Realizing Sustainable Software Development

With proprietary software, there is a risk
of software development ending for what- Realizing Sustainable Software
Development
ever reason. For example, development
For proprietary software
projects are frequently suspended due to Risk of software development ending for some reason
poor sales. In extreme cases, development

of software may collapse due to the de-
veloper firm going out of business. When
this happens, the rights to the software are
sometimes transferred to another company
to carry on development, if the software An Introduction to Free/Open-Source Software
has some merit to keep the development

going.
In the case of FOSS, development is sustained even if the core development com-
pany pulls out of development or developers leave due to individual circumstances.
Development is carried on as long as there are users that wish to see it continue,
and other engineers to take over development. Under FOSS, all information includ-
ing necessary resources for development is published, which makes it possible to
implement sustainable software development.
9.6.3 Scientific Progress and Advancement of Software

There are fundamental similarities between the advancement of software and the
notion of scientific progress. These similarities are evident from the comparison be-
low. With FOSS, advancement of software
occurs when software grows or is expanded Scientific Progress and Advancement
of Software
under the following criteria:
Advancement of software and scientific progress
fundamentally similar
1. Implementation is shared and extended Compare the following points
Advancement of software (under FOSS)

through the release of source code. Implementation shared and extended through release
of source code
Source code must run properly. Avoid reinventing the
2. Source code must run properly. wheel
Scientific progress
3. Reinventing the wheel should be avoid- Knowledge shared and expanded through publication
of papers
Test theory through use of corroborative experiments
ed. Pointless to conduct the same research afterwards
The notion of scientific progress shares the

following characteristics, which can be compared with the above points:
1. Knowledge is shared and expanded through publication of papers.
2. Theory must be correct and verifiable through corroborative experiments.
3. Pointless to conduct the same research afterwards.
206
Features of FOSS
The similarities between the two sets of criteria show how the advancement of soft-
ware shares common characteristics with the notion of scientific progress.
9.6.4 For the Advancement of Software

FOSS projects are supported by the notion of freedom. The freedom of Free Soft-
ware is prescribed by the Free Software Foundation in the four points shown below.
Copyleft is the abstract expression of the
four kinds of freedom, which GPL express- For the Advancement of Software
es as a concrete license.
Freedom of FOSS
The freedom to run the program, for any purpose
· The freedom to run the program, for The freedom to study how the program works, and adapt it
to your needs
The freedom to redistribute copies so you can help your
any purpose. neighbor
The freedom to improve the program, and release your

improvements to the public, so that the whole community
benefits
·
Above four kinds of freedoms prescribed by FSFs The Free
The freedom to study how the program Software Definition
Copyleft is abstract expression of four kinds of freedom
works, and adapt it to your needs. GPL expresses four kinds of freedom as concrete license
Leads to implementation of sustainable software

development
Should lead to advancement of software

· The freedom to redistribute copies so An Introduction to Free/Open-Source Software
Copyright © 2005,2006, Mitsubishi Research Institute, Inc. All Rights Reserved.
266
you can help your neighbor.
· The freedom to improve the program, and release your improvements to the
public, so that the whole community benefits.
The sustainability of software development is maintained by guaranteeing the four

kinds of freedom. Sustainable software development in turn accelerates the advance-
ment of software. Without sustainable software development, software cannot be
advanced in an effective way.
207

9 Features of FOSS: 9.1 Performance

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

9 Features of FOSS: 9.1 Performance

Uploaded by

Copyright:

Available Formats

Performance

Other subjects explored include the actual How is performance of

security of FOSS products and the educa- Cost Educational benefits

amine the importance of sustainable soft- Vendor lock-in

of FOSS on sustainable software develop-

Developing speed of active FOSS project is amazingly

in which the actual performance of FOSS high

FOSS performance testing in Japan

A series of performance evaluations on FOSS products

9.1.1 Innovative and Fast Development

create software that they want, or to create

Create software that developers want

cupational programmers, FOSS developers Create software unlike any other

Localization tends to be more easily implemented

al desire, which is likely to produce inno- Rapid pace of development

vative software. developers

Although development sometimes takes place through

Large projects involve worldwide developer base

plement with FOSS, because it is under- Round-the-clock development

taken by the actual users that desire to

9.1.2 FOSS Performance Testing in Japan

Benchmark performance of DBMS was test-

JBFOSS performance and reliability evaluation using

Evaluation and bottleneck analysis of Linux kernel using LKST

Members of Development Infrastructure Working Group

An Introduction to Free/Open-Source Software

ad--hoc queries and concurrent data modi-

standpoint of evaluation. Cost evaluations FOSS is not almighty to reduce costs

must be performed based on a thorough Evaluating total cost of ownership (TCO)

understanding of where FOSS deployment Cost reduction factors

can reduce costs. The cost disadvantages by FOSS adoption?

Cost disadvantage of FOSS

9.2.1 Myth of Low Cost

chitecture) servers. In the case of Tsu- deployment

Amazon.com: Saved $17 million

Inadequate experience and lack of thorough discussion

deployment. Amazon.com is said to have for meaningful comparison of desktops costs

Focus ends up being on maintenance costs

Cost of administrative engineers

Once technology is created to easily manage multiple

Desktop tug-of-war between Windows and GNU/Linux

However, there is only a small gap in TCO An Introduction to Free/Open-Source Software

when comparing GNU/Linux and Windows.

9.2.2 Evaluating Total Cost of Ownership (TCO)

such as systems deployment and operat-

and system administrators also factor into Elements contributing to TCO

It is important to remember that a TCO standpoint of evaluation

evaluation leaves room for the results to be represented?

Various assumptions are suspect

evaluation. Microsoft’s Get the Facts cam-

9.2.3 Cost Reduction Factors

cluded in the distribution. Upgrade costs

tems built entirely using FOSS. If propri- Hardware costs

for that software needs to be purchased. An Introduction to Free/Open-Source Software

Licensing costs are not anticipated to take

9.2.4 Cost Disadvantages of FOSS

eral, users are extremely conservative and Training costs

Lack of textbooks and reference material for mastering

Systems modification costs

A shortage of textbooks and reference ma- Servers may need to be modified

Some systems only designed to work with specific clients

An Introduction to Free/Open-Source Software

Many eyes of developers