I started writing about Linux not because I thought it interesting, fascinating, or even because I liked to code (I don't).
I started writing about Linux because I was told I couldn't and the more people told me I couldn't, and particularly when they said "or else," the more the Linux dirty laundry became attractive to me. In short, if anyone bothers to look at the sequence of events, they will see that the Linux community pushed me down this path. Granted I didn't fight much, but I have this thing about cover-ups. I believe they can lead to disasters both within a company and across a nation; here in the U.S. this last point, whether it be Global Warming or Iraq, would seem self evident.
So this time I'd like to talk about the five things you can't talk about without being attacked by OSS supporters. I'll take the heat, and as always, I'm not suggesting you stop deployment of Linux, I'm just suggesting you intelligently cover your backside.
One: Is Linux a Myth?
This strikes me as both the most obvious and the least talked about. We talk about Linux like an operating system when we compare it against Windows, we talk about it as a company when we compare it against Microsoft, and when we describe its attributes it almost seems super-human or god like.
Linux isn't a thing, and it sure isn't a god. When we compare an operating system to another we should be comparing the specific distribution, which is a thing. When we compare it to Microsoft we need a company to do that; Red Hat, Novell and now Oracle provide us with a framework so that we can intelligently compare one to another and assess the differences.
The reason Linux has been abstracted into a concept is so it doesn't have to compete on merit. It can be anything, in concept, it needs to be to win a deal. But we live in the real world where there needs to be a real product and a real support structure behind it. If we are actually doing an evaluation we have to evaluate what we are actually going to end up using and it isn't generic "Linux."
This isn't to say Linux can't or doesn't win in real comparisons, only that the majority I've seen weren't real comparisons. As a ex-auditor I care less about who wins than I care about the process that determines the winner. I've seen too many instances where decisions were made on products, including proprietary products, based on what appears to be graft. One CIO even won a Mercedes Benz for making the "right choice" -- we'll talk about that in a future post.
Presenting the products and companies in abstract was actually rather brilliant, however, I can't find a Steve Jobs-like person I can congratulated for this excellent work. It just seems to have happened that way naturally, but, if you are going to be successful, your justification needs to be solid and for that you'll need the specifics.
Linux is a grown up product; it isn't for everything or everyone though. Do your assessment with a real product against real metrics. SuSe and Red Hat are both capable enough to compete without cheating.
Two: Is Linux Secure?
I already said there is no "Linux," so how can I now treat it like a thing? The easy path here would be to present the different security models for the different distributions but, for this purpose, I'm going to leave Linux in abstract and talk about the unique security problem it represents. I'm not saying Windows is more secure either; I'm saying the products are so different from each other that comparisons may not actually make much sense, which is why there are reports supporting both sides of this. So, let's start by saying nothing is secure enough if people are involved.
Long before IT stopped being just "it," security had three aspects: Physical Safety, Possession Protection, and Intelligence. The way security was breached in all cases was physical; people came in and did harm, stole, or deployed "spies." They didn't need viruses or hacks, they just pitted their intelligence against yours and, if they won, you lost and, in the case of harm, that loss could be terminal.
We know that crooks generally are crooks because they didn't do well in school, not because they graduated from the top of their class at MIT (though clearly this "rule" has been broken from time to time). We also know that the most successful kind of attack to get "intelligence" is a phishing attack, and what brought this into the news recently was HP's pretexting problem.
Linux is surrounded by people who generally don't even use real names and often "exaggerate" what they do for a living. Wonder over on Groklaw and you'll see a lot of legal experts, a few months back I corresponded with one. His legal "expertise" came from a class on contracts, and I'm not kidding, he took in high school. PJ, the woman who allegedly heads up this legal resource, is currently ducking service from SCO and lord knows what she is covering up (and I don't think it is that she works for IBM; they aren't that stupid).
We also know that when someone gets access to information it generally isn't reported anyplace, primarily because, at least until we figure the Quantum thing out, the activity itself doesn't prevent subsequent use by anyone else. For instance, after the Cold War ended, we were amazed at how much of what we had the Russians had copied. What drove our suspicions was the similarity in what resulted, and the fact we also had spies looking at their stuff.
Linux exists in an environment where there is broad collaboration, but no effort to validate the collaborators so the opportunity for traditional, old style, data breach is immeasurable.
We know that pretexting is wide-spread, how much easier (and harder to catch and convict) if the person doing the pretexting doesn't even have to come up with a real fake identity?
If you are using Linux and haven't done a physical security audit in a while and specifically looked at who is collaborating with whom, I would say it is likely well past time.
By the way, this is true whether you are using Linux or not; we generally are not focusing enough on physical security right now, particularly in home and branch offices. But that is for another time; a good resource is "Security Dreamer," which focuses on the topic of physical security in general; the author, Steve Hunt, is one of the best in the business.
If you are using UNIX, Linux, Windows or Apple, you need to ensure they are secure. OSs aren't security products; none of them are secure enough.
Three: Do Communes Work?
If you step back and look at Linux from a distance it actually looks like this idea of community works, there is progress, and UNIX has been taking it in the shorts. But, when you get close, you see a political nightmare that can make the bureaucracy at IBM and Microsoft seem simple and almost streamlined by comparison.
Let's take the GPL; this is like watching a government working. This is the license that defines how you will use the product and what you will "pay" for it. Right now they can't even agree if they need a new one, and the two sides have, as they seem more than willing to do, degraded into name-calling. This has gotten to the point where Linus Torvalds, one of the nicest guys, has been called some rather nasty things, not by Microsoft, but by other Linux users.
The reason Communes do not work is a few do the work of many and aren't compensated for it. In general, the few are increasingly upset that others are benefiting from their efforts and the many get upset when they see things done they didn't want done.
The GPL 3.0 is a good example; a few are doing the work of many, and the end result is clearly, on my reading, anti-business. In fact, a committee had been put together with some of the largest and most powerful supporters of Linux, and because the framers disagreed with what the committee recommended, it was disbanded and the recommendations, apparently, will be disregarded.
Sounds like a government doesn't it? Everyone, and I mean everyone, who uses Linux will be impacted by the license. You'd better read it, and you'd darned well better make sure it is what you want it to be. There is one word for people that let any group or company unilaterally write a contract they have to live under, yet I've seen that word applied to the people who don't participate in communal efforts (and yes, voting is a communal effort, given how few participate in that, there should be no surprise we are in the mess we are in).
Now, if you wanted to participate but were blocked from participating, don't you think that speaks directly to whether an effort is, in fact, communal? Could I now argue that Linux is simply another name for OSF? Really, look at the language in GPL 3. If you have intellectual property to protect, your attorneys should have a major cow with regard to what is in that puppy. But they should read it regardless. Now there is a question of whether Linux will adopt it, but if you use a Linux based product, this is a question you should help answer.
If you are going to use Linux, you should get involved, even though the Free Software Foundation may not listen.
Four: Is Linux Pro-Developer, or Pro-You?
Maybe if you live in a Third World country and like to work for peanuts. Linux throws off very little cash; much of the revenue that comes from it is tied to services and hardware, and these services are generally, though not always, discounted below what they would be for a "proprietary" product. The applications that go on top of the platform are also discounted, many of them being "free" as well. Now Google is proving every day that the advertising model works and it can be very lucrative, but it may not work for you if you are an inside IT resource (though selling ads for you HR internal website would be a creative way to get more income for your department).
Employees often are valued based on the cost of what they work with. The higher the cost, the easier it is to justify an employee's salary. More important, if a product is expensive, the focus is often on the cost of the product, but if the product is free, the focus is on the cost of the employees.
Let's move out of industry where the example is clearer. If you are a Ferrari mechanic you make substantially more (I worked as a Jaguar mechanic while in college) than if you are a Chevy Mechanic. You may not be able to find work (not a lot of Ferrari dealerships), but you'll make a lot more money. Companies typically don't reduce salaries; they either get rid of the expensive people or outsource or both.
When I first started writing about Linux, I heard from over a thousand people that they disagreed, some rather violently, with what they thought I had written. For many, once they realized I'd actually not said what the excerpts they had read had implied, they actually entered into very real discussions.
Over the last two years the vast majority of them have lost their jobs due to outsourcing after their companies moved to Linux from UNIX. While I don't have enough to do more than suggest there is a cause and effect here, I can say that the use of Linux neither protected their job nor made them more valuable to their employer; in fact it seemed to have done the opposite.
Recently, outsourcing has slowed; I think this is because companies finally realized that sending a critical part of the firm to the Third World made execution all but impossible. However, have you noticed that Sun has started to come back?
While we were all distracted by the whole Microsoft vs. Linux BS, the real fight wasn't between Windows and a Linux distribution; it was between Linux and HP-UX, Solaris, and AIX instead. IBM and HP did both, and are complex companies which conceal the impact of the move, but Sun is simple and arguably the strongest UNIX firm. As companies bring IT back from the Third World, UNIX appears to be coming back as well, and I think that is partially because developers understand that it is a vastly more financially beneficial platform. I also think CIOs are starting to remember that being in the software development business carries with it too much risk, and that depending on vendors like Sun, EMC, HP, and IBM provides a more sure result.
In any case, if we accept (and OSF in particular would not agree to this) that financial success is the primary measure of a successful platform, Linux has done very poorly historically against the alternatives, and both UNIX and mainframes seem to be coming back as a result.
By the way, Google is a really good example of how to use Linux and make tons of money doing so, so I'm not saying it is anti-business, as I mentioned above; it is FSF that appears doing that. I'm not sure Linux is pro-anything, though it is clearly positioned most often against Microsoft.
Products have implications that go beyond code; they have implications for organizational structure, for salaries, and for best use. Before you advocate anything new, you may want to think a bit on the secondary impacts; the grass may be greener, but it may be wise to also watch where you step. (I have three dogs, and they suggested I mention this).
Is Linux is "Open"?
How can anything be "Open" if honest discussion isn't allowed?
If you think a Microsoft product sucks you can say that to great detail without having to be afraid of your job, apparently even if you work for Microsoft (which I kind of find surprising). But if you suggest that Linux isn't ready for the desktop -- which I do often because it isn't -- you'll have folks coming after your job and, sometimes, suggesting you won't be long for this world. Some of the mail has been rather nasty (though I do admit it has moderated of late).
No product is perfect for everything. What made Windows good for the desktop is largely what makes Linux a better product for some servers, and the opposite is true. I think that Microsoft made a huge strategic mistake when it merged the workstation/server code base with the desktop code base. They optimized for them and forgot about the customer. I could say that then, and I can say that now without any concern for my safety.
As an analyst I actually had to quit my job to have the same freedom of speech with Linux. According to The Register, there is actually some kind of a strike team that comes after me every time I say something positive on Microsoft or negative on Linux. And I'm not alone: Laura DiDio at Yankee gets sexual harassed, and Dan Lyons over at Forbes is attacked regularly, although he does have supporters as well.
Let's take indemnification; this should be a topic every company should suddenly be looking very closely at. Microsoft just got nailed with a whopping $1.53 Billion, that's with a "B", judgment for the use of a common music standard. They did this because they indemnified Dell and Gateway, the companies initially targeted. If they had used Linux instead of Windows, it would be Dell and Gateway hit with some fraction of this judgment (and even a fraction of $1.52B is a big number). So where is the coverage? Don't you think it should be a hot topic right now, so where is the chatter?
There are at least two sides to everything. What I've observed with OSS in general and Linux in particular (and this applies to Apple as well) is there is a distinct effort to make sure only the popular side can speak.
I think the thing that bothers me the most about Linux is IT advocacy. IT shouldn't be an advocate of any product, because it needs to make determinations between them. Whether it is Microsoft, Apple, or Linux, once IT takes a side it is no longer capable of properly assessing a solution based on the needs of the business. And that is the job.
IT needs to ensure, not prevent, discussion so that the best product, company, or service is chosen, and when they can't do that, they should find other jobs.
When only one side is heard, you don't have "Open," and you sure as heck don't have "Free" as in Freedom, which, to me is more important than "Free" as in "Free Beer." If, to get "Free" Software, we give up "Free" Speech the cost, at least to me, is way the heck too high.
I stopped at five things but there are clearly more we could chat about.
Like why don't we talk about Apple vs. Linux? In the last trial I participated on for the desktop, Windows won, Linux missed by a mile but Apple only by a hair (and Apple will be pulling that hair next month).
Does the Free Software Foundation own Linux? They appear to be trying to rename it.
Who's side is Steve Ballmer or Richard Stallman on? (I would argue it is Stallman and the GPL 3.0 do more to kill Linux than anthing Microsoft could conceive of, and that Ballmer's statements generally benefit, though unintentionally, Linux).
When I was growing up a popular T-Shirt Slogan was "Question Authority." Take a look around, what are people afraid to ask questions about, what isn't being discussed that should be? I believe in preventing mistakes, not constantly finding creative ways to blame someone else. Ask questions, get answers.