Thursday, October 05, 2006

In response to Doug Karr: Protecting Software and Customers from Counterfeiters?

Doug Karr's original post... When I tried to respond to Doug's questions my answer just seemed to grow beyond a comment post... so I put it here...


What follows will appear to be off-topic initially but I assure you it will circle around to the issues that you have brought up...

I am a dyed-in-the-wool Slackware Linux advocate. I am particular about Slackware. I am particular about Linux. These two combined means that I am particular about Open Source Software. This in turn means that I am particular about “free” software.

I have had the luxury, the inclination, the opportunity and the technological resources to become a moderately fluent Linux 'Business' user. (I have 7 linux servers in production providing a number of "back office" services (e.g. firewalls, proxy, HTTP, router/gateway, alpha-numeric paging, and network management).) It has taken time and effort to capitalize on my situation. Time and effort that most likely is not available to Joe Average.


I have sampled many of the mainstream Linux distributions (distros). I have had the opportunity to try a myriad of avant-nerdy-custom distros. The mainstream distros are as proprietary as a well know commercial OS. The smaller specialty distros are keen, neat and interesting but lack a polished finish. Slackware, the work of Patrick Volkerding, is the seminal foundation of Linux distributions. One of its many claims to fame is that it puts the onus of responsibility on the user. While a few "features" are turned on the rest of the configuration is left up to preferences of the person using Slackware. In addition Slack, as it is lovingly called, is not natively encumbered with the burden of a Graphical User Interface (GUI). Every aspect of Slack can be configured using a simple text editor.

[I am supposed to add here; not for the faint of heart.]

Linux is born on the back of Open Source Software (OSS). OSS is an affirmation of the value of software as a contribution to a larger community. It, software, is written because it needs to be written the way a painting need to be painted. Occasionally an artist will paint "on commission" as a programmer will develop a specific program for a client. More often than not the artist/programmer will create to fulfill the need of creation.

The business model that has evolved out of OSS is an acknowledgement of where the true value lies in software. It is best seen in the "Distro" business model. The value is not in the software but in the packaging and integrating of the software into the distro package. Red Hat was quick to tell me that the support cost I was asked to incur was not to "purchase" the software but rather to cover the cost of ongoing support for _all_ of its constituent elements. I was assured that the software was available for download from a number of sources at no cost. [BTW: I received the same position statement from Novell's SUSE - so this isn't vendor specific.]

This business model extends to individual applications as well. PostgreSQL, the RDBMS with the difficult to pronounce name, is a very good example. PostgreSQL is readily available for download at no cost. It comes complete with _very_ comprehensive documentation. Additionally there are publicly accessible forums where usage discussions and even some problem solving is available, again for free. If however you want or need to please the PHB by being able to point to a service contract that stipulates the terms of support - PostgreSQL is more than happy to oblige, for a price. Do not mistake my levity in this matter for a slight against PostgreSQL. Their application is professional at every turn as is their support. It just so happens that they have chosen to place monetary value not on a world class program but on world class service and support.

After all that Slackware Linux OSS evangelizing I now put on my professional hat: I am the Manager of Information Systems for a mid-sized manufacturing concern here in the mid-west. We do business the old fashioned way - Microsoft Windows: 9 Servers and 70+ desktops. We use Windows as a business resource because that is what our most important business resources, people, are trained and proficient with. We use Windows because our second most valuable business resources, our customers, use Windows. We use Windows because the business applications we depend on are Windows based. So, regardless of my personal preference I am a staunch supporter of Microsoft Windows.

I have also 'enjoyed' the polite invitation from Microsoft to run an internal audit and verify that all of my PCs and servers running Windows were and are duly licensed. I assumed that if I had not complied with their polite request I would have ended up on a list to be visited by the BSA. I am not a lawyer and I do not suggest that I fully understand the dotted "i's" and crossed 't's" of the EULA but I am relatively sure Microsoft was and will continue to be within their rights to respectfully offer such 'Invitations'. My position, whether I personally like it or not, is that I do business using Microsoft products and I am honor bound to adhere to a contractual agreement regarding their use.

In my view the question of whether I should be saddled with the responsibility of verifying and validating the implementation of their product is mute. Caveat emptor! "Buyer beware" is the watch word that we should live by. I view the verification and validation mechanisms as just another type of 'dongle'. In reviewing the Microsoft Position I was heartened to hear that only minor punitive measures will be taken against those who are not in compliance. Of particular note is Microsoft's insistence that they will not prevent non-compliant instances of Windows from obtaining critical updates. I take this as a significant gesture of good will.

As to the cost verses the worth of Microsoft products I have one observation; contemporary OS and software customers expect the same functionality from their home PC that they do from their business PC. In many cases people have higher expectations from their personal computers than they do of the PCs that they use at work. I believe this disparity of expectation significantly colors the "supply and demand" market influences. To put a finer point of this I believe that Microsoft is on the right track offering 'Windows Lite' to burgeoning third world nations who have severely limited technological resources. (I know, this is a departure from my pervious rant regarding Microsoft pricing schedule. See Microsoft Redux ) On the other hand, if Joe Average expects his home PC to perform as well or better than his office PC then Joe should be expected to pay for that performance.

The problem is that Windows is not a qualifiable or even quantifiable product. It does not wear out nor is it [intentionally] designed to stop working after a specified period of time. It is not, in and of itself, a dependable income generator over time. That coupled with the fact that software (OSs and Applications) are easily duplicated means that Microsoft has very little to actually market unless they impose arbitrary value limits. Their first imposition is the actual price of the product, the unit cost. Second are the measures they impose on the customer to insure the adherence to contractual obligation. Finally, Microsoft should be acknowledged for making each successive version of their flagship product Windows better. It is this value that we as consumers should measure when considering our next OS or application purchase.

The OSS model depends on free distribution to extend applications and distros into the greater computing community. Then it is a matter of trial by fire. If the app or distro meets community imposed standards of excellence it flourishes. When it does succeed then its value is acknowledged and the authors can exercise their right to realize monetary rewards for the real value of their efforts. There are some cases where an author will actually choose not to accept remuneration for their apps or distros but instead use the creditability of their success to further their careers in other ways. A good example of this is nmap, acknowledged widely as the premier port scanner. Nmap author fyodor@insecure.org doesn't (yet) charge for his program but he is acknowledged in his field as an expert and sought after as such.

So it would appear that Microsoft is in the unenviable position of having to establish and then protect its product in order to realize a monetary return. OSS, on the other hand, does not have to protect its product and is able to capitalize on the real value that the community places upon it. Microsoft must place demands on the public. OSS receives support from the public. Microsoft will inevitably crumble beneath its own weight. OSS will just continue to grow in its freedom.

1 comment:

  1. William, this is a very well thought out post and I'm in agreement with the general theme of OSS vs. MS. I'm an OSS guy as well at home and a product manager at work overseeing all .NET/MSSQL products.

    In the end, I simply wonder if Microsoft wouldn't be more popular and less pirated if they had a product that was both superior and less expensive - in other words, making it worth while to purchase.

    Thanks for writing such a great post in response!

    ReplyDelete

. . .