Open source icon Stormy Peters recently joined us for a live Network World chat. Peters is co-founder of the non-profit GNOME Foundation and director of community and partner programs for OpenLogic. Peters discussed why enterprises don't know how much open source software they use, how newbies and non-programmers can become involved in the movement and why she thinks open source software is more secure than proprietary code.
Open source icon Stormy Peters recently joined us for a live Network World chat. Peters is co-founder of the non-profit GNOME Foundation and director of community and partner programs for OpenLogic. Peters discussed why enterprises don't know how much open source software they use, how newbies and non-programmers can become involved in the movement and why she thinks open source software is more secure than proprietary code.
Moderator-Julie: Welcome. Our guest today is Stormy Peters. You know her from the GNOME Foundation and OpenLogic. (OpenLogic offers tools to manage enterprise-class open source software. Through its Expert Community, it also offers technical support to enterprises for all kinds of open source issues.) Peters also founded and managed HP's Open Source Program Office and helped establish its Linux division. She's ready to answer your questions about open source software and the enterprise.
Stormy_Peters: Hi, Everyone! Thanks for joining us today - I look forward to an interesting conversation!
Moderator-Julie: While Stormy types up her answers to the first questions, here's a pre-submitted Q&A: How are the areas of integration between open source and commercial software improving? Can you name vendors that are doing good work in that area?
Stormy_Peters: We find at OpenLogic that a lot of our support calls fall into either a "how do I use/integrate this?" or "why isn't this open source software project working right with my commercial or home grown software?" Our customers give us a lot of kudos for helping them figure it out. We'd like to pass those kudos on to our Expert Community. Together with the open source software committers in our OpenLogic Expert Community we are able to help our enterprise customers integrate open source software with commercial and home grown solutions.
GoldNugget: How can a non-programmer contribute to GNOME?
Stormy_Peters: Non-programmers are needed - and welcome - on most open source software projects. The most obvious way is as active users - using, testing and submitting any issues. Documentation is also usually the most sought after. As a non-programmer looking to get involved in open source, the first couple of things you should do are 1) download and use the software, 2) join the mailing list, 3) let people know you are available to help.
jrep: Note that first-time user experience reports are really valuable to all open source projects.
Stormy_Peters Thanks, jrep. I think it's also important to note that different open source projects have different cultures so check out the mailing lists and make sure it's "compatible" for you. Some are more friendly to newbies than others.
jrep: How do you "communitize" the "... or I'll fire you" guy? A really hopeless way to commune.
Stormy_Peters: Ah - you're referring to the cartoon on my blog, http://openlogic.com/blogs. I think you show them the benefit of participating in social networking and present them with a plan that includes the costs - mostly time. [Editor's note: Click here to see the cartoon.]
@rohanpinto Where's the "money" in open source?
Stormy_Peters: It depends on who you are. If you are an enterprise, the money in open source is lower total cost of ownership (not just initial costs), more choice, better developer retention (developers like open source) ... If you are an open source company ... well most of them at the moment make money off support and services. If you're a developer, you can make money by finding a job working on open source for a company. (I think the stat is a 40% pay raise!) Or you can start your own company working on open source solutions or support or services.
gbellcolorado What kinds of help do enterprises typically need as they begin to use more open source?
Stormy_Peters: At OpenLogic we usually get a couple of different types of calls. Sometimes people need help convincing their management. Sometimes they need help developing policies. Sometimes they need support for a particular open source software project. We get a lot of calls for support for projects where official enterprise support (like a number to call 24x7) is not available anywhere else.
@rohanpinto: When organizations announce that they are open-sourcing a product, the trend is that they open-source it and then roll in the contributions from the community into their own product. Is this commercialization of open-source products a de facto standard that only the big companies can adopt?
Stormy_Peters: Not at all. I think "commercialization" usually means that there's a number that enterprises can call for help. I think you could create that type of commercialization for any of the open source software development models.
Moderator-Julie: Pre-submitted question: Do enterprises need to have open source experts on staff? Can they get away with not having anyone or only staffers with passing knowledge if they want to adopt open source?
Stormy_Peters: I think enterprises need to know how they'll deal with any problems they run into whether it's problems with the open source software itself or problems integrating it into their environment. That said, their solutions can range from hiring open source software experts to contracting with a company like OpenLogic.
@rohanpinto: Enterprises refrain from using open source components for liability reasons. One main reason enterprises pay so much for commercial products is because they get a throat to strangle when liability questions arise. When do you think this trend would change?
Stormy_Peters: Not in the real near future. Enterprises must answer to their customers and shareholders. So they need to have a plan for when things don't go well. They also need to be able to guarantee uptime or response time.
JamesRoth: It seems like there's resistance to open-source solutions because of perceptions that open source means more difficulty to manage, fewer techs and engineers know it, etc. Thoughts on that perception?
Stormy_Peters: One of the big strengths and perceived weaknesses of open source is it's modularity. It's really easy to customize solutions, integrate them into your environment, etc. But when something goes wrong, enterprises are now faced with figuring out which component is responsible. (And maintaining relationships with all those vendors/communities to fix it.) I think it's just a new model and that the strength of modular solutions outweighs the "pain" of having lots of components.
@rohanpinto: Does usage of open source components to build something also mean giving the (new) developed code back to the community? Or is it based on the specific open source license used?
Stormy_Peters: It depends on the license and whether or not you are distributing the software. Most licenses that require open sourcing are triggered by distribution - sending it outside the company. It also depends on how you "build" it. If you are just linking at runtime to LGPL licensed software, that's different than if you actually copy LGPL licensed code into your product. Distribution usually means shipping outside your company but with some licenses like AGPL it also can mean creating a Web service.
gbeckmeyer: Do you think open source, and Linux in particular, could benefit from an increase in Mac market penetration?
Stormy_Peters: I'm not sure Linux benefits from Macs but open source runs on just about every platform out there. There's a surprising number of open source developers using Macs!
Sammy: In terms of so much open sourced based software coming into the enterprise, there are more companies (it seems) that want to insure that the code is what it is supposed to be. One way to insure this is to "escrow" the account in the event there are any questions that appear down the road. Hence I was curious if this is starting to come up more and more.
Stormy_Peters: I know that one of the advantages that people see with open source software is that the code is there and they aren't dependent on a particular vendor. (Even if they never exercise the freedom to fork and use it themselves, that freedom helps keep the vendor "honest".) That said, I did hear about one agreement (secondhand) that an enterprise wrote in a clause that said the code would become open source if anything happened to the vendor.
jrep: "Escrow the product" has been happening for a long time. I've done a lot of them, and never really believed the customer was getting a buildable escrow. But with O-S based products, there's a better chance the escrowed stuff actually could be built.
Stormy_Peters: And even with open source you should make sure you can build it. Open sourcing the code and open sourcing the build process are always not the same thing!
iforem: I came to hear about developments related to builds and forks in code. My company iForem has developed a fully automated "escrow" that allows custom mods that are not fully open sourced to be protected, even if it is to be released later to "open source." The key is we provide a "badge" that shows they have protected the asset ahead of any specific request.
Stormy_Peters: Thanks - that's another model that sounds like it would work.
jrep: To what extent do OpenLogic customers move up from consumers to contributors to committers?
Stormy_Peters: Hmm. We have customers that give us code to check in because they want to remain anonymous - that makes them a contributor. I see this a lot more on our Expert Community side though. I see a lot of people who would like to become committers and they see OpenLogic as a facilitator to that - answer questions for OpenLogic's customers, fix some bugs, gain credibility with the community, become a committer. [Editor's note: A committer is a member of the OpenLogic Expert Community that is under contract with OpenLogic to help enterprises solve complex issues with open source projects.]
twessels: Many public schools only use Microsoft software for instructional purposes. When the use of open source is brought to their attention, they reply that employers need people who can use Microsoft software. How can open source software advocates make their case with public school officials that open source software should also be part of their instructional program?
Stormy_Peters: That's a good question. I heard from a country in Africa that couldn't use open source because there wasn't enough documentation and the end users were teachers and medical staff in small towns. (This was a number of years ago.) I think the answer now is that OpenOffice is completely usable to anyone who is used to Microsoft Office. My ASUS Eee PC (Linux desktop) was extremely easy to use. I ordered it from Amazon.com. It came the next day. I opened it up and it just ran on my wireless network. Everyone from my 7-year-old stepson to my dad could use it with no problem. Except the keyboard was too small for adult males!
JamesRoth: What are the benefits for enterprises in looking at the open-source Android platform for mobile phones vs. going with other devices that aren't open-source? Or is it still too early in this market?
Stormy_Peters: I think by going with an open source platform you are more likely going with a platform that will ultimately have more resources behind it and will have a better chance of becoming the standard – just because it's open.
Moderator-Julie: Pre-submitted question: What is the biggest impact open source has had on the enterprise to date?
Stormy_Peters: While I think most people would say the biggest impact open source software has had on the enterprise is to save them money, I think the biggest impact has been on the developers. Not only do developers have lots more tools and software solutions available to them but they are part of a bigger community. I think it affects the way they work, their career, their happiness, companies like Kaplan are using open source as a developer retention tool!
@rohanpinto: When your contributors request code to be checked in, what policies and formats (diligent QA processes) does one follow to ensure that the code checked in does not contain any backdoors or hooks?
Stormy_Peters: We review the code and the committers in our OpenLogic Expert Community review the code. So far the contributions have been pretty straight forward. Do you think companies are trying to submit backdoors into open source??? I think you are overestimating them! :)
Stormy_Peters: Hey before I move on to more questions, I want to remind everyone to take a few minutes and submit your scan to The Open Source Census, http://osscensus.org. Make open source count!
JamesRoth: Do you think that most IT people would consider open source first, and it's only the business people within companies that push them away? Or are there still IT skeptics?
Stormy_Peters: I think there are still IT skeptics but most people who have used it at all are fans. There are some big fans on the business side too!
columbiatwin: Can we get a count of how many attendees are already using open source software? And what they are using
Stormy_Peters: I can't (technically) but I can tell you that every enterprise we have worked with is using open source software. And when we ask them what they are using and then run OSSDiscovery (http://ossdiscovery.org) we find they are off by a factor of 3-10x! So if they have a list of 10 open source software projects that they are using, Discovery finds that they are using 100. (And they aren't surprised.)
jrep: The oscensus.org scan which you mentioned suggests that many enterprises are unaware they're even using OS. Jonathan Schwartz recently blogged in much the same vein. Do you really see that at OpenLogic? Enterprises that think they're using none_?
Stormy_Peters: Enterprises usually know they are using open source software. And they usually realize that they don't know how much they are using. But it's embarrassing to admit that - even if everybody else is in the same boat! That's why we open sourced OSSDiscovery - so people could run it for themselves and see what they are using. (We have a webinar next week to show them how to use it.)
Moderator-Julie: We are about halfway through the chat ... keep those questions coming! In the meantime here's another pre-submitted question: Is the whole services revolution (where infrastructure, applications and god-knows-what runs in the cloud) having a negative impact on open source adoption in the enterprise, i.e. are users opting to outsource rather than build it themselves?
Stormy_Peters: Whether they outsource it or build it themselves, they often end up using the same solutions; almost all with lots of open source software components.
twessels: Do you think major commercial players like IBM, HP, Google and Novell are doing enough to promote the development of open source software? All of these vendors benefit substantially by having open source software available to them but are they doing enough to foster the continued development of open source software?
Stormy_Peters: I think sometimes the vendors are in an arms race to show who can say they contribute the most to open source. Reality is that they all use a lot of open source, they all employ developers who work full time on open source software and they've all made code contributions. I think about 75-80% of open source software community members receive a salary from a company to work full time on open source software. That said, I think they are continuously learning how best to work with the community - I've been spending a lot of my time lately helping the open source community help their employers figure out how best to work with the community.
Moderator-Julie: Pre-submitted question: Do you think line-of-business applications will be a big growth area for open source in the future? What other open source applications do you see growing in popularity for use in the enterprise?
Stormy_Peters: I do - I think we saw open source software start out with the network edge (web servers, print servers, etc) and migrate to the data center and now it's moving into the desktop and business application space.
twessels: Novell claims their November 2, 2006, agreement with Microsoft has helped push forward adoption of SUSE Linux Enterprise Server in major commercial customer accounts. And having just attended Novell's BrainShare I can see that the technical cooperation between Novell and Microsoft is starting to bear fruit. Was the knee-jerk reaction of the purists and fanatics worth all of the rhetoric that ensued? And if not, why has Red Hat refused to even consider such an agreement with Microsoft? It seems that they lost out on having a powerhouse marketing partner, like Microsoft, driving business their way.
Stormy_Peters: "Was the knee-jerk reaction of the purists and fanatics worth all of the rhetoric that ensued?" Absolutely. The open source community needs the purists and fanatics to keep us straight. That said, the world is not black and white and business is not always evil. Also, businesses are using combinations of open source and proprietary software in very effective ways. So if the Microsoft agreement brings more customers to Linux, good. If some open source developers protest the patent agreement, good too. (Now hopefully nobody quotes just one part of this answer!)
ITgirl: So, is it safe to say that the whole Microsoft threats thing has turned into nothing ... do you think enterprises are at all concerned about that anymore? Do you think that Microsoft might still really take legal action against any Linux or open-source companies?
Stormy_Peters: First off, I'm not an attorney and I can't say whether the threat is real or imagined. However, I think Microsoft is adopting the open source software model more and more. I've definitely been hearing less concern around the whole Novell/Microsoft agreement.
I think the patent and open source issue is still a very real concern. It's very hard for open source software developers to know if they've violated someone's patent (out of the tens of thousands out there) and very easy for someone to see if an open source software developer has violated their particular patent.
GoldNugget: As a woman involved in IT, and Open Source in particular, have you had any problems being taken seriously by others in this industry?
Stormy_Peters: I've found the open source software community to be a very open and welcoming community. My first introduction was through the GNOME community - and they are a bunch of great guys - and gals! I often get approached at conferences and asked how to encourage more women in open source or asked to meet with a particular woman. I've talked about women in open source at conferences. In general, I've found the women in open source to be extremely supportive of each other.
All that said, I've seen some pretty anti-women comments in places like Slashdot. As I said before, pick your communities carefully. Apache, GNOME, and many others are welcoming of women.
ITgirl: As a woman, I have to say that the entire IT industry is a great place to be if you are a woman with brains. It is much, much more about what you know than what you look like than many other industries. That said, there are jerky people that make jerky comments, sexist or racist or whatnot, no matter where you go.
Stormy_Peters: I agree. I also find the open source community is very willing to publicly step in and denounce the jerks.
ITgirl: Do you think the open source model creates more secure software?
Stormy_Peters: I do. I'm a big fan of security by transparency as opposed to security by obscurity. There's a lot more eyes on the code and a lot more people able to fix any issues that come up. It's a bit of a reach but I like to compare it to what I'd do if someone was pursuing me. I've always thought about it in terms of personal safety. If someone is attacking me, I can run to a house in the woods and hope they don't find me or I can surround myself with all my friends and a couple of police officers. They can all help check out my surroundings to make sure there aren't any security holes. (Can you tell I'm a city girl?) That said, there's a lot of open source software projects out there. The most widely used and examined ones are more likely to be secure than the one man project you download from an obscure web site with 0 users.
ITgirl: Is open source software creating new things that have never been done by software before? Have you got any examples of that?
Stormy_Peters: Yes. Some of it is putting existing things together in new ways and some of it is new technology. Look at Twitter with Ruby on Rails as an example. Most of the Web 2.0 world is that way. Any others?
@rohanpinto: Twitter is not open source... or is it?
Stormy_Peters: Sorry - Ruby on Rails is. Right?
GoldNugget: Google Earth is an example of open source doing something software has never done before -- maps, even space. Taking info that has been there for a long time, using open tools and platforms and making these available to everyone...for free.
Stormy_Peters: Good example. I think we are starting to see "open information" and "open data" play a very similar in social applications that open source software does in software applications.
JamesRoth: You mentioned Web 2.0 stuff -- that seems like its getting more attention than open-source did (which seemed cooler in the late '90s, early '00s). How can open-source remain hip and trendy?
Stormy_Peters: Open source needs to do a bit of marketing and make sure people know those Web 2.0 apps are built on open source and that's important because it enabled them to be what they are, grow and expand.
@rohanpinto: What future do you see in store for LAMP?
Stormy_Peters: Did you know that I predicted Linux on the desktop five years ago? :) I think LAMP will continue to be a commonly used stack but there will also be others - you are already seeing other acronyms trying to copy LAMP. [Editor's note: LAMP traditionally refers to a stack of software consisting of Linux, Apache, MySQL, Perl/Python/PHP.)
iforem: How can open source drive into the core of say automobile development and such? Will success come because manufacturers will see that it is not a core value in development? But more a value to control access for safety and testing? Robots might be another example?
Stormy_Peters: Absolutely. We currently work some very large manufacturers in non-IT industries that use open source software extensively in their environments.
Moderator-Julie: Thanks for coming and thank you, Stormy, for being our guest today. Please remember to join us for our next chats, all of them begin at 2 p.m. ET, at www.networkworld.com/chat.
Wednesday, May 28 Crimeware: Understanding new attacks and defenses, with authors Markus Jakobsson and Zulfikar Ramzan.
Tuesday, June 10 Enterprise technology trends IT departments can't afford to ignore, with John Hagel and Eric Openshaw.
Wednesday, June 18 Counterfeit network gear: How to detect it and protect yourself, with Mike Sheldon.
Stormy_Peters: Thanks everyone for joining me today. If you have any questions or other good ideas to discuss, feel free to find me on e-mail (stormy@openlogic.com) or twitter (http://twitter.com/storming).
Transcripts for more recent Network World chats:
- -- May 5, 2008
Why the iPhone (and gadgets like it) harm the Internet with Jonathan Zittrain
-- April 28, 2008- -- April 22, 2008
- -- April 9, 2008
- -- March 25, 2008
Busting enterprise security myths, with 451Group's Nick Selby
-- March 07, 2008- -- February 25, 2008
- -- February 5, 2008