This section provides some simple answers to common questions and misunderstandings regarding Open Source. They are presented in FAQ format for simplicity.
This is maybe the most common misunderstanding. While the majority of Open Source software was available for the Linux and *nix platforms there is now a growing and significant volume of high quality software available for Windows. Much of this software is 'cross-platform' - it runs on both #nix and windows platforms - but a significant, and growing, proportion is Windows only. Notable examples are Libre Office a full suite of Office productivity applications, the Mozilla Browser and Mail client, Audacity - audio editor and recorder, VLC - multi-media player (and embryonic video editor), wxWidgets - cross platform windows framework and the now almost ubiquitous Filezilla - ftp client. Have a look at this list of Closed vs Open software for windows, some of the comments are a little out of date but - is this a choice or what?
Not at all. The reason it's called 'Open Source' is, quite simply, because the source code is available. You can use the software legally without paying any license fee (you may voluntarily donate to the project to assist with future development expenses but you are not obligated to do so). Alternatively, you can use the source code to modify anything you want and continue to use the software free-of-charge for your own purposes. Precious little, if any, Freeware is released with the source and in some cases Freeware is simply used to lead you into purchase of the 'Professional' version.
Remember, however, in the event that you do modify the standard software and depending on its Open Source license you may be obligated to make any changes public (Open Source) if you supply it to others - whether free or at some cost.
One of the surprising characteristics of the Open Source world is that support is 'generally' very good. You may have to do a little work to get the support but most Open Source applications have mailing lists, discussions forums and IRC channels to provide the support you need. The folks who provide this support are volunteers. Read or search the mail-list archives before you post the 20th request for the same information - you may get a gentle reminder (in some cases a tad more forthright than gentle) that this topic has already been covered fairly frequently. Memo to self: waste volunteer's time at your peril.
Documentation is generally surprisingly good and in some case just plain excellent. PHP, Python and Libre Office are especially notable for the quality of their documentation - these are not exceptions.
Many of the larger packages especially those with commercial appeal have attracted organisations which will provide a range of support, training and consultancy services - you will however pay for these services. Most of the applications or systems web sites will have a list of such organisations.
This classic shibboleth is normally heard just after someone has paid the bill for their latest software upgrade and is frequently muttered through clenched teeth.
One of the most disturbing things for many of us is that Open source has irrevocably broken the cost = quality equation. THERE IS NO LONGER A RELATIONSHIP BETWEEN SOFTWARE COST AND QUALITY. NONE.
Unfortunately Open Source takes away the easy option - choices have to be evaluated on their functional merits. When users boast of web server run-times of 6 - 12 months without problems and everything is free - the OS, the web server software, the firewall, the web programming languages and the database - well you gotta evaluate, how else you gonna justify spending money when 30m (see below) others are not. Mmmmmm.
Mmmmm... The most popular web server is called Apache and it is Open Source software. The Netcraft Web Server survey consistently shows over 60% of web sites running Apache. In April 2012 that amounted to over 440'ish million. Not too shabby.
Maybe this statement should now read 'Closed Source - just used by guys who like to give away dollar bills'!
Seriously, these numbers show that the Open Source model is used by many, many organisations large and small. We read years ago that the Queen of England's web site was hosted by Apache (that may or may not be a recommendation depending on your point of view).
We are going to generalise wildly and divide the Open source community into two groups:
Amateurs - we use this term not disparagingly but in the original Olympic sense where standards are incredibly high, there is simply no renumeration. Folks who enjoy creating high quality software and simply get a kick out of seeing others use it - software development is a very creative, potentially addictive process!
Many of these projects use Open Source 'incubators' which provide all kinds of resources to help smaller projects get going. SourceForge is probably the best known.
Professionals - full time professionals programmers are paid directly by their companies or through a non-profit foundation (Mozilla, Apache and FreeBSD are some examples) to develop software that is made freely available in Open Source format. IBM, Oracle, HP, Apple and Google are among many companies, large and small who do this. Altruism - absolutely not. It makes hard commercial sense for these companies.
Whatever the motivation - many of the members of the 'professional' groups have strong and long histories in the Open Source world and would be involved even if they weren't being paid - there is a clear sense of purpose and enthusiasm that shines through. Perhaps one of the better facets of mankind is on display for a change.
We are not going remind you that this happens frequently in the commercial world. You do not get immunity just because you parted with a few dollars. The situation is, however, very different in Open Source for two distinct reasons:
Projects stay active because their participants are enthused - they want to do it. If only 1 person or company uses the software that's OK - it may be slightly less rewarding but it's still OK. The imperative is not commercial. In contrast in the commercial world if you are the only person or company to buy a particular package for sure the package will disappear. Night follows day in the commercial world.
Now lets assume your commercial vendor and your Open Source supplier fold their tents and walk away. In the commercial (closed source) world that's it - game over - go find another package while you watch your business collapse. In the Open Source environment you have the source code - you can find someone to support it, develop it yourself or better yet start a new Open Source project and find other folks to share the load.
If your criteria is purely safety and continuity, at a time when companies as big as Enron collapse overnight, to select OTHER THAN OPEN SOURCE is taking a RISK.
Note: We love this one since it flies in the face of both the last 100 years or so of security practices and plays to the 'conspiracy-theory of history' gallery as well.
The question contains two aspersions, first that Open Source is inherently insecure because it's Open, second, because it's Open it is easy for individuals who wish to destroy civilisation as we know it to insert malicious code:
Security: Remember when we were schoolkids we invented all those wonderful secret codes for sending messages to our buddies - point about them all was that it was the algorithm that was the secret - find the algorithm and you can subvert every message. For the last 100 years or so secure systems (including cryptographic systems) have assumed that the algorithm is known to the attacker and in fact such systems are only proven to be secure when they are attacked by experts with full knowledge (Open Source) of the algorithm(s) involved. Read Diffie & Hellman's Privacy and Authentication, Proceedings of the IEEE, vol 67, No 3 (not available on-line) for excellent deep background.
As a rule of thumb the more eyeballs that can inspect any given lump/piece/chunk of code the more secure it becomes.
The Closed Source security argument is offered by those whose understanding of security got arrested (ouch!) in the gleeful school-kid phase of development.
Malicious Code: It is possible for a bad guy to submit a malicious patch to an Open Source software project. It is also possible for a disgruntled employee of a Closed Source company to do the same thing. It is also possible for the Closed Source company as a deliberate policy to do something naughty (send back usage and statistics to the developer was a recent example of a pretty dubious practice). We don't have access to the source so we don't know if it's true or not true.
In the Open Source world the patch is submitted to the project, it is then peer reviewed and finally a 'committer' (only a very small group on each project typically has 'commit' privileges and usually after an serious apprenticeship period with the project) adds the agreed patch to the source tree. One assumes a similar process occurs in the Closed Source project but the process is not Open so we do not know. It's also possible in the Closed Source world that a new intern whacks a few lines of code into the product with no supervision.
The Open Source software is released at Beta Status where it is tested by Beta Testers and increasingly by one or more automated test suites. Only after some serious exposure and usage does it reach Release Status.
Finally, there are a number of third party organizations, including academic researchers, who regularly perform security audits on Open Source software.
Could malicious code be added to Open Source software? Sure it could - if a lot of folks were asleep at the wheel, all at the same time.
Could malicious code be added to Closed Source software? There is a lot of empirical evidence to suggest that it might have happened already - whether maliciousness or incompetence was the cause we will never know.
If your criteria is security it's your choice - an open, verifiable process or - Corporate Press releases protesting honesty, vigilance and integrity - but no peeking.
There are a lot of Open Source licenses. Discussion of Open-ness of licenses generates much heated and even vitriolic discussion on mailing lists. We are going to generalise horribly and suggest they fall into two broad categories. The BSD/Mozilla/MIT group and the GPL group.
In general the GNU Public License (GPL) says that you have the right to use and freely distribute the software but you must make available the source code of your changes when you distribute it. The GPL is here and the GNU project's description of their policy.
The BSD/MIT license (and to a lesser extent Mozilla and its variations) are more permissive. They broadly say that you must continue to acknowledge the original copyright in all your derived works but are free in all other senses to use, modify and distribute the software without any obligation to distribute or make available the source. The BSD license is here.
<health-warning> The above notes are not legal advice. Consult an attorney or lawyer before making decisions or selecting a license regime.</health-warning>
Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.
If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C standards compliant browser such as Firefox