Wednesday 24 October 2007

It's in: The decision

Having pretty much abandoned this blog as a redundant mechanism for forming my opionion (redundant, because the opinion is formed), the answer can only be that Open Source is not only a good direction to go in, for some projects, and for some people, but is a spectacularly good fit for the project I had in mind (housed now here).

In Healthcare generally, and Radiology specifically, there is a significant number of end-users who would consider themselves technically (in computer terms) adept. That indicates a potential community (and indeed, there are projects already in that space building on that community). The commercial alternatives to an open-source PACS are financially unattractive, and many healthcare institutions, being conservative, would require commercial support. Therein, I think, lies the essential elements of a successful commercial open source project.

Now. That's the easy bit..................

Tuesday 17 July 2007

Open source competition

Through Matts entry I read Roy's thoughts on competition between OSS vendors in a marketplace, and it seems to me that the OSS model is beginning to see teenage angst on the horizon.

"I do believe that the first one in a market raises the barrier to
entry, effectively closing the door behind him. Would you want to enter
a market against Alfresco at this point"


I think Roy is right here - the barrier to entry is raised - but the sentiment could also be reworded "who would want to enter a market against Documentum and Sharepoint".  But Alfresco did just that.  Yes, it's true that the first to dominate the 'commoditized' part of any market can take advantage of low-hanging fruit that those following have to work a little harder to find, but then, hats off to those folks who had the courage to step up to the mark early.
But being an OSS vendor is not exclusive to being 'incumbent'.  Once a vendor of any disposition reaches a certain point in growth they are susceptible to disruption.  Few OSS vendors have reached that stage - RHT may be one (are they not being disrupted by the likes of Ubuntu?). JBoss may be another (Spring?). 
Being 'incumbent' comes with an increase in the difficulty in responding to new challenges quickly and effectively.  Being OSS doesn't help with the reality that a big lump of software based on  code from 5 years ago is harder to innovate with than one written with new challenges in mind, and based on contemporary technologies.
Yes, Alfresco, Zimbra, and the others noted amongst many others, have the stage at the moment.  But as in punctuated equilibrium, the biggest 'aint always the fittest.


Powered by ScribeFire.

Tuesday 3 July 2007

Last note on Ubuntu. Honest

Ubuntu doesn't support proprietary formats out of the box. That's why DVDs can't be played without adding stuff from the repositories. Mark Shuttleworth has good reasons why Canonical takes this position.
But hang on. Out of the tin, Ubuntu includes OpenOffice, which supports MS Office formats - proprietary no?



Powered by ScribeFire.

Wednesday 27 June 2007

In this industry you often only get one shot......

My last post really set me thinking. I wasn't entirely sure exactly what was going to end up on page when I started & then when I looked back at the result, it struck a major chord. My conclusion after all the thinking is that while OSS isn't always the best option, it most certainly is a natural home for my own temperament and development (whether it is software or product) style. So there. The decision is made. I started this as a way to 'open' (if you wish) my own thoughts that OSS may be the appropriate way to go for a particular project I have in mind. But more of that later.

In the meantime, I've been starting to doubt the wisdom of the Dell decision to ship Ubuntu. As an Ubuntu user myself, I've had a couple of annoying experiences recently:
  • Throwing a DVD into a machine & being told I would have to start download 'potentially illegal' software. Yes, I know all the arguments & agree with most of them but that doesn't make it any less annoying.
  • Spending 3 hours getting 2 Ubuntu machines to share files with each other. Coming across (very recent) forum threads asking why it's much easier to get an Ubuntu box to talk to a Windows box than 2 Ubuntu boxes together.
For the vast majority of users, either of those (or the many other annoyances that enthusiasts have so much fun with) would result in one more coaster being added to the global population.

My concern is this. Having written a post elsewhere on OpenOffice today, I thought back a few years to when a colleague of mine tried to implement (actually StarOffice, but the point is moot). It wasn't ready. It wasn't interoperable with MS Office and the users hated it and the effort failed. It will be many years before the memory of that failure fades enough for another attempt at the North Face.
Will the same thing happen to Dell's offering of Ubuntu? Since it is being reported that Dell are only offering ubuntu to 'personal' customers and not to business, the impact may not be huge. But still. Those 'personal' customers who have the interest to give it a go may end up losing interest for good when it just doesn't do what they expect out of the box.

Anyway. This was never intended to be a blog on Ubuntu or even desktop Linux in general so that'll be my last word on that topic.

Maybe.


Powered by ScribeFire.

Thursday 31 May 2007

Dancing with Professional Open Source

Software projects are unlike most, if not all, of other kinds of projects. The relationshipp between problem and solution is rarely clear at the start of the project, and successful outcomes are usually the result of a delicate dance between customer and vendor(s), user and provider. I believe many software projects fail because they are managed in the same way as the provision of more tangible objects. It isn't possible to mitigate against failure by including contractual penalty clauses because in general, once those penalties are invoked, the project is doomed. It's like deliberately stamping on the feet of your dancing partner.



I have long been an advocate of a form of "Vendor Relationship Management" that sometime runs contrary to the traditional hard-nosed business of software and system provision. I have watched on as cast-iron contracts are signed for cut-throat prices only to see the vendor subsequently reaching the end of his budget and fading into the background. Yes, it is possible to insist on the terms of the contract being met but I can't think of a single project I have ever worked on (as customer or vendor) where the contract includes everything eventually needed to deliver success. The goodwill of a vendor is crucial, and maintaining the goodwill creates a win/win scenario.



I recently came across a fantastic paper written by James Dixon of Pentaho discussing the concept of "Professional Open Source Software" or POSS (which I believe was originally coined by JBoss), and read it cover to cover. His analogy of POSS companies being "bee keepers" I thought extremely useful, and particularly his contrast of the "whole-product" development models in traditional commercial companies vs POSS companies.



But one observation really got my attention. In POSS projects (or even FLOSS projects), the end user (/customer) is engaged at a much earlier stage in the process, thereby ensuring that design defects and unexpected use cases are brought to surface before it is too late.



The dance begins.



What OSS (any variant) brings to the floor is an definition of what the style of the dance is, what the steps are and in what order, and importantly the means to ask one's prospective partner:



Q: Are you dancing?



A: Are you asking?



..... without fear of rejection.



The bee keeper analogy hits the spot & I would recommend the paper to anyone interested in OSS management and the gap between traditional OSS and "whole-product".









Powered by ScribeFire.



Friday 18 May 2007

Is Linux as secure as it used to be?

As a frequent train traveler I have a number of podcast sources to take along to keep me company. One of those is from IT Conversations. Along with a bizarre tendency to stray into fields like biotechnology, there are frequently fascinating podcasts. One such is an interview with Mikko Hypponen on the state of viruses and malware. It's an hour long but worth every minute.

One particularly interesting point is that the source of viruses has changed over recent years. No longer is the anti-M$ script-kiddy the primary source of malware, but instead the issue is with organised crime, building empires of bot-nets with which to extort money or influence. This is an important shift in motivation because they do not have any preconceptions of what target to attack. The only criteria is to create maximum effect, which means targeting the platforms with the greatest market share. In the desktop world, that means Microsoft. Interestingly, in the mobile technology arena, it isn't pocketPC-based devices but instead devices based on the Symbian platform.

But Microsoft's dominance in the desktop world, is of course, Ubuntu's Bug#1, which it intends to fix. With Dell offering Ubuntu to the consumer market a large step towards that fix is taken, and the question arises: how big a market share is needed to make Linux desktops attractive to the malware developers?

But of course Linux is so much more secure than the MS alternatives! Not necessarily. Certainly one prominent Linux figure contends that while the Linux kernel is pretty secure, that cannot be said for many other FLOSS projects, including, of course applications that run on the Linux platform.



But then even if malware strikes a Linux desktop, how much damage can it do? To do any real harm, malware would need elevated priviges, which requires the user to specifically authorise, which of course one would only do for known applications.



But that is a process which Vista has also incorporated. And it can be attacked, and in a way which is easily applied to a Linux desktop. In standard Ubuntu (as an example I tested myself), it is possible for a non-elevated process to replace a menu item in the System...Administration menu with an arbitrary launcher, with an icon to make it look like the original item. If this launcher (lets say one that looked like the "Shared Folders" launcher were to ask for elevated privileges, few (if anyone) would smell a rat or rodent of any description for that matter. After doing some dirty on the system, the malware puts back the original launcher and runs the real "Shared Folders" app. Nobody would know anything was amiss. So once any vulnerability is identified (lets say in one of the desktop games that offer network play mode), and malware is delivered, even in user-mode, the game (as it were) is up.



In this case I'm sure the issue (if there truly is one) will be fixed, probably in Linux distros before it is in Vista, but an attack vector that works so similarly in Windows and Linux is scary.



The day when complacency becomes an issue is close. ClamAV is generally optional in distros - desktop or otherwise. Likewise, IPtables is ineffective without configuration (manually or with a tool like the excellent GuardDog. As it stands, and particularly with many users believing themselves to be in a position of strength, like the song says, there may be trouble ahead. The tools are there, but should be included (and configured) by default for folks who won't (or can't) do that for themselves.





Powered by ScribeFire.

Wednesday 16 May 2007

What was I worried about?

Over the last year or so I been asking myself questions about FLOSS, some of them documented in these notes. While the undocumented questions cover a broader range, so far those in these notes have largely revolved around the readiness (or not) of Linux as a desktop. I have looked on as a number of FLOSS projects are driven by their respective communities - communities by and large comprising and led by developers and/or enthusiasts. My question (for good reasons) is: Can FLOSS, with such communities and leaders, make the leap to expand into the wider non-enthusiast communities? As I've said before, enthusiasts and tech-savvy individuals are exactly the wrong people to judge what priorities the regular Joe Public has. Therein lies the mistake I made. Just because I hadn't seen it in the FLOSS projects I'd had exposure to doesn't mean there is no 'proper' marketing function taking place.



As one would expect from Mark Shuttleworth, Ubuntu has a significant community-based marketing operation. While it seems to a passing eye still a little experimental in process, it is clearly an extensive element of the Ubuntu community, and has been for some time. Perhaps more interestingly, in a project one would not consider to be as commercially focussed, John Williams - who clearly knows about marketing - has posted part one of an article and part two and, indeed, the gnome site itself has much marketing focus.



John Williams' pair of articles describes expertly what marketing is and how it relates to open source projects - in his case, GNOME. But there is one big difference between FLOSS and traditional commercial software. Ubuntu gives us an example:



I use the two applications delivered with Ubuntu for managing my mp3/OGG library. I use RhythmBox to manage and play my library, and SoundJuicer to rip to the library. Let's look at a fairly simple idea - when I rip a CD, I'd like it to appear in my library. Surprisingly, that's why I ripped it in the first place. Currently, I need to manually import each folder (as long as I've used a folder structure for SoundJuicer - if I haven't it creates more problems). To do this transparently means the two applications communicating somehow (probably a mod to SoundJuicer to insert entries into the Rhythmbox database). So somebody like Canonical, who aims to meet those kind of requirements must either:

  • Persuade the SounderJuicer team to implement the change.
  • Have a Canonical staff member with commit rights to the SJ repository.
Hmmmm. Not sure how that is going to work with all of the apps on the supported list, and all downstream dependencies.









Powered by ScribeFire.

Wednesday 9 May 2007

A good note and a bad one.

On the negative side, I'm increasingly coming across people having bad experiences with the latest & greatest (Ubuntu), even without looking for them (example). But on a net-positive day, I made a sweet discovery.



I was trying to install VMWare server onto my Ubuntu FF workstation. I tried obvious choices - the binary packages available for download, and alien'ing the rpm package. In both cases, when running the config utility, the vmware found it needed to recompile a module & fell over. In serious doubt that I had enough motivation to drill down the dependency tree, I came across the feisty-commercial software repository, where a vmware native deb package resides (possibly only for the last 10 days or so. I wonder why that might be?)



Add the repository (deb http://archive.canonical.com/ubuntu feisty-commercial main) into sources and apt-get install vmware-server. Done. That easy.



That is the way it should be done. That one gem of a repository - one which recognises the need for commercial software - is the answer to almost all of my reticence. Curious, I snatched a peek at the respository itself to see what else might be there (I have a few things on my shopping list). Actually, just VMWare. It doesn't seem to be used at all. The equivalent repositories for Dapper and Edgy were not much better - a small (very) handful of apps (opera being an example).



If Canonical can expand that repository and make it a standard way to find commercial software, Ubuntu will have crossed the street into the sunshine.





Powered by ScribeFire.

Thursday 3 May 2007

The Dell decision

So Dell picked Ubuntu. No great surprise there. But I would be a little cautious about what that means. I'm not sure there is a particularly significant market there now other than those folks who were happy to install the OS themselves. There are other skeptics.



Of course, it may be a positional move at this point, putting channels in place ready for when the 'ordinary' punter starts to appreciate there is a choice available.









Powered by ScribeFire.

Can Open Source Sweeten the lemon out of the market?

I just came across a very interesting article here comparing computer security products (hardware and software) to 'Lemon markets' and it rang bells all around the place. Now I didn't know a lemon market from a lemon meringue before it prompted me to go and read up, but by God those bells have gotten louder and louder.



For those in a similar position to myself, allow me to describe, as concisely as I can (or at least quote from the venerable Wikipedia), what a lemon market is, why I find it particularly interesting, and why Open Source software may well help to sweeten the taste.



/* Quote

The paper by Akerlof describes how the interaction between quality heterogeneity and asymmetrical information can lead to the disappearance of a market where guarantees are indefinite. In this model, as quality is indistinguishable beforehand by the buyer (due to the asymmetry of information), incentives exist for the seller to pass off a low-quality good as a higher-quality one.

*/ Unquote



Currently my day job is in a biggish hospital (well, biggish by Irish standards anyway). Buying decisions in this environment are led more by end users than in any other industry I've worked in - particularly in the health-specific areas - clinical, nursing laboratory, etc. While I and my colleagues in IT have a degree of input, the primary decision makers are the end users. Don't get me wrong - I'm not complaining. I happen to think that's the right way to do it. However it is not uncommon for a clinician to return from a conference with a CD under the arm for the latest 'fantastic' app written in MS Access by a couple of guys in their spare time. That makes for a classic lemon market. The end users making the decisions have no idea what software quality is, how it is achieved or how it is measured. The vendors do. Therein lies asymmetric information, and an explanation why sometimes poor software in Healthcare always seems to cost so much. I've used healthcare here as an example because I know a little about the current situation, but I believe this principle applies to software generally.



And the cost helps to perpetuate the lemony smell. There are a number of ways to estimate the quality of software, none of which are perfect. Comparison with a specification doesn't say much about quality. Conformance to quality processes (ISO, CMM etc) is better but really says only that a vendor is capable of a certain level of quality. The fallback is always reputation and reference. Go and talk to existing customers and hear what they have to say about the product. But with many software systems in the healthcare arena costing several hundreds of thousands (euros, dollars, whatever) or more, how many organisations are going to be totally honest about buying a lemon.



Can Open Source help? Perhaps it can. Having access to code (and related artifacts) means that adherence and not just conformance to quality processes can actually be measured, in many instances by automated processes (an example I recently came across directed at open source projects is here and other examples here and here).

There is plenty of scope to extend this model. If test scripts and records are included in the source repository then the degree to which (serious) unit, regression and system testing is performed can be measured, and speaking as a developer who has worked in and with a number of software houses, that would be a metric that would sort the men from the boys.



Open source competition in healthcare is still maturing. Arguably led by the WorldVista project originally developed by the VA healthcare organisation in the States, the open source market in this traditionally conservative sector is stable but still has some growing to do before putting pressure on closed-source vendors. I for one will do what I can to help it along.





Powered by ScribeFire.

Wednesday 25 April 2007

Desktop Linux - distribution fragmentation

I've had an intention in mind for some time now to seriously investigating desktop Linux for professional life. This intention has been driven by a number of factors, but until the advent of Vista gave me a vision of the future, the intention remained just that. Why?



From a personal perspective, it could be because I'm too old or too dim (or both) to go through a great deal of education and re-education trying to work out which distro will provide adequate return on the investment in time and effort. It seems to me that the first port of call is the question "Which distro?". With DistroWatch. recording 350+ distributions it is far too easy to be intimidated out of the market. It gets a little easier when one starts to realise that actually they are not all independent of each other - Ubuntu, Linspire, Knoppix are, for example all based on (extensions of) Debian. Aha! that helps a little. The picture becomes even clearer with a graphical representation of the family tree and a text-based tree here.



So now I have a clearer idea where the distro's are coming from but it doesn't asnwer the question "Which one?". Next port of call was the Linux distribution chooser. Depending on the variations of answers to the perhaps over-simplistic questions I got pointed towards OpenSuSE, Fedora or Ubuntu. But WHOOOOOOA! while trying to get my head around the the distro thing, I've ended up with RSS feeds from a dozen or so sources. It doesn't take much to realise that Novell and OpenSuSE have incurred the displeasure of at least a section of the 'community', and Red Hat has its fair share of critics. The last thing I need is to spend a lot of time assimilating the vagaries of a distro that may be marginalised by the wider Linux community. Ubuntu it is.



An Ubuntu it has stayed so far.  It does (almost) everything I wanted it to, and certainly everything I needed it to (not always ideally, but I'll make do). I have a server running on an old laptop, a desktop and notebook running as workstations; Ubuntu itself is going from strength to strength; Canonical has the philosophy right in term of community (although at some point in the future they are going to have to find a way to turn a profit), and I see no compelling reason to move away from where I am. I can get on with 'real' work with a feeling of comfort that the tools I use will be OK for the next while.



That's great. I'm going to recommend Linux to my old Dad. Not.







Powered by ScribeFire.

Saturday 21 April 2007

I am not an enthusiast

I am not an open source enthusiast. That is not to say that I am not enthusiastic about open source, bacause I am, but I am not an enthusiast in the same way that I am not a car enthusiast. I do not spend my spare time tinkering with the hood up adjusting petrol mix for optimum performance, nor do I subscribe to glossy magazines informing me which form of alloy trim is in vogue. Don't get me wrong, I don't have anything against those who do, it's just that I don't.

I have been an IT professional for over 25 years. I have been in my time developer, sysadmin (many OS's), db admin, hardware support, cable puller and all the rest. I have no issues with doing any of that stuff, it's just that it's not what I do now. When I'm doing what I do now, I'd like computers to just work. And for that matter, when I'm not working, and I want to play some music, I don't want to have to google the latest encoding schemes and determine which codec I need to update. I want it to just work. Therein lies a hurdle which Open Source has negotiated poorly to date - one of product management and marketing. And the reason that that hurdle remains is largely in the makeup of the FOSS community.

Open source communities are made up of enthusiasts as a rule (yes, there are exceptions to the rule but not many) and it is inevitably (and to some extent, rightly) that community which determines what happens to a product - which features, bugs and developments are prioritised. Enthusiasts in the community, though, not only don't mind tinkering under the hood, but often prefer a product which requires tinkering. The result is a package which looks great from a developer's and enthusiast's point of view, but not necessarily from an end user's.

Why does it matter? It doesn't as long as FOSS remains bounded by its communities. But there are increasingly commercial enterprises working on a variety of business models. Ubuntu is a good example. Cononical clearly would like Ubuntu to be considered the desktop Linux of choice and would like to break clear of the community boundaries. In my opinion, though, the packages that comprise Ubuntu (and other distributions) are not yet adequately focussed on what that target audience needs to make the switch from Windows.

Of course, many aspects of Linux based desktops (including Ubuntu) knock the socks off Vista. But many are little better that Windows 95, and for that target audience it isn't enough that a package will just about do the job, eventually.

It isn't for nothing that organisations like Microsoft spend millions on market research, focus groups, usability testing and the like. Early on in my entrepreneurial career I was told a truism which I have held central ever since, that the best way to ensure you sell what you make is to ensure you make what you can sell. If FOSS wants to break into the non-enthusiast market, then this must be addressed. Even the otherwise excellent book 'Producing Open Source Software' by Karl Fogel (available here) barely mentions the marketing function.

But how could marketing functions be included in the OSS process? Should the marketing itself be considered to be as open as the source? There may be a platform for opening up the information in a Creative Commons license, but the framework under which the information is derived is unclear (to me anyway). I think it likely that that framework will be different to traditional commercial products.