Discussion on:

Is open source no longer a differentiator?

I think you are misguided. Open source rocks and is still rocking. Look at the great products of the last ten years - most are open source. Talking of source - source control management has been turned on its head by open source: Git, Hg and Bazaar. Does anyone still use huge centralised monolithic source management software that cost you an arm an a leg. Just one example so sorry Justin but you are misguided

I think you misunderstood the editorial. I never said that open source was bad, or that there was no good open source projects. No, what I said is that the *label* "open source" is not a differentiator any longer, that you can't just make something "open source" and have it fly off the virtual shelves or be a success, and that to the people who make purchasing decisions, "open source", in and of itself, is not as valued as it once was.

J.Ja

When has it EVER been that way?

Given all other things are equal, available code and peer review are a plus no matter how you look at it and whether or not you add the label OPEN SOURCE to your project/software.

I think it depends on how you define 'peer.' In my experience, the vast majority of people associated with a project are glorified cheerleaders, including the 'code checkers.' It's good to have peer review, but there's a point where it's valuable to have 5 qualified peers as opposed to 100 amateurs.

> It's good to have peer review, but there's a point where it's valuable to have 5 qualified peers as opposed to 100 amateurs.

I'd like to know how you define "qualified" in this context.

I think that open source *always* has the potential to be better than closed source, for the reason of "many eyes." That said, there is never a guarantee in open source that there will be "more eyes" or "better eyes" on the code than a closed source project, or vice versa. You don't find out until you find out how good or bad it is. And this is one reason why it's not a real differentiator.

J.Ja

> I think that open source *always* has the potential to be better than closed source, for the reason of "many eyes." That said, there is never a guarantee in open source that there will be "more eyes" or "better eyes" on the code than a closed source project, or vice versa. You don't find out until you find out how good or bad it is. And this is one reason why it's not a real differentiator.

That doesn't follow from your previous statement.

Given two options (all else being equal) -- either it's going to be quality level N, or it's going to be somewhere between quality level N and quality level 2N -- which do you choose?

That's a differentiator.

There are some things in software where I can say, "I've had good luck with this vendor" or "this project looks good" and just go on that assumption. But for major software decisions, it doesn't work that way. You need to evaluate, research, etc. Whether or not something is statistically likely to be better, based on a detail like it being open source, puts items into that decision making process, but it doesn't make the decision for you.

J.Ja

> You select tech based on aggregate statistics? But for major software decisions, it doesn't work that way. You need to evaluate, research, etc.

I never said otherwise. You Whether or not something is statistically likely to be better, based on a detail like it being open source, puts items into that decision making process, but it doesn't make the decision for you.

Whether or not something is statistically likely to be better is "a differentiator". It's not the sole metric.

You started a discussion about statistical tendency to offer certain advantages when you questioned whether open source development models serve as a useful differentiator.

I know exactly what you said, and what I said was no intentional misunderstanding. I'm saying that the *potential* to be better is not a *reality*. You still need to check stuff out before making a decision. You talk about "all else being equal"... when does that happen? As such, making choices based on "all else being equal" factors doesn't apply much.

J.Ja

. . . you're just ignoring my point.

but only as much as it always has been on a practical basis. In those 'Easy IPO' days, Open Source was made to sound like it's Free Trade, Dolphin-Friendly, Eco-friendly, Free Range, and all the other buzz phrases used for the artificial feel-good.

Open source is only a description of the intellectual property rights on the code base and the price for a license to use it. Nothing else really.

i respect your point of view but i don't see enough arguments in favor of your opinion. Just pointing out that there is a higher failure rate in open source projects compared to commercial ones isn't enough, especially if you considere that every developer with an idea can start an open source project, which is not the case for commercial's ones. Commercial's projects have teams paid to make the project work, which is not the case for open source projects. And open source projects fail sometimes because there is another ones more interesting and doing a similar thing the previous one was doing. Moreover, with today fast moving technology, companies relying on closed project to keep them up to date are maybe shooting themselves in the foot

I wasn't arguing that open source projects are all failures, and I wasn't arguing that open source projects are not relevant. My point is that aside from a few people with a strong emotional connection to the open source label, customers just don't care if something is called "open source".

J.Ja

Generally intentionally misinterpret everything.

You aren't doing Justin James any favors by "agreeing" with him that way.

Why do you assume commercial projects start out with teams of developers? I'd wager most projects, open-source or closed, start out with one or two guys working in their spare time.

Two of the biggest IT companies in the world - Microsoft and Google - both started out as two guys in a garage.

The problem is not that open source is not taking over from closed source or that open source is a bad business model. Open source is not about any of those things. Open source is about choice, fragmentation, have a lot of alternatives that do things different than each other, because it's about not pinning a user down to one way to do things but to give them choices of many ways to do the same thing.
It's a way to be defiant and not use the same thing everyone else is using because you want to be a bit different and geeky.
It certainly is not about replacing closed source but to give alternatives based on the quirkiness of the original author. And most of all it's about someone doing it their own way and then gifting that quirky way to do something to the world. It's geeky, it's quirky and it's free.
Now some companies have decided that they want to use this as a business model and some have put together nice packages of open source items, even sponsored some developers. And if they can make a go of it cool. But remember that the only person an open source developer really has to make their software work for is themselves, every other user is secondary as the reason they made this was so they could have software that worked the way they wanted to. If it does then the software is successful, every other user is gravy. (I know when something comes along like say Firefox and an organisation takes it over and they start promising the world that team now has more goals, but by that time the software already works for the original author and by definition it's successful.)
So go out look at your choices and choose. Feel free to switch choices. After all that is what this open source movement and values are really about, you get more choices and the world is a better place.

WOW... I haven't read such a passionate testimonial for open source in years.

I actually read your post after I posted mine and by principle I definitely agree, the problem is in business it doesn't work that way and it is sad.

We as a company support open source where possible, personally I spend about 1 working hour per day on open source forums but it is rare and it is getting to a point where I will have to stop myself if we don't get the return value from the community.

Yes we do have choices but we also have to think about the cost in continuing with open source product ranges that cost more and unfortunately are starting to to return less value to the business. As I said below we will continue to deploy more open source applications, but we will now look at the alternatives of building apps to solve our problems in-house and also look more closely and seriously at competing closed source products also.

I hope that we can continue with open source but unless the community changes we will have to also

What I tried to say but didn't very well in the post below is these are all tools, each is good for some things, each has problems. People are not perfect neither is our software.
As a business you need certain things. If an open source product is being developed as a business then they should perform at the level that makes their product salable. Most open source projects are not run or developed that way. If you enter into a contract with a company and they tell you this feature will be there in the next version, get it on paper and expect them to meet that contract.
But most open source software is not run as a business and I assumed that since the original article mentioned all of the failed projects on sf.net that we weren't just talking about the ones run as a business.
(I have never understood the business model where you give away your only product anyway.)
I love open source as a community. But software built that way won't appeal to most people because of things like rejecting DRM as a principle and insisting that any changes be returned to the original project. These are what a lot of people would like to see changed about the community.
The community is a spectrum from the people who believe all information should be public and hack everything and post it, to people who run a business using open source for profit. There is room in here for everyone.
The software we create is also a spectrum. But then again so is closed source.
These are tools, we have to pick and choose the right tool for the job. Sometimes we pick the wrong one. Hopefully we learn as we do.
I hope my posting here has helped someone, and I thank you for your answers to my posts.

Personally, I want something that works the first time, has good documentation and allows me to build upon the work that's already done. I work with a number of open source products and the business reality of them is that I get to bill hours filling in gaps for clients in both documentation and features that they would have gotten out of the box with closed source packages. In closed source, I make less money because I only get to bill for customizations, not making it work the way it should have to begin with, the originator of the work usually makes at least 35% of the project's bill in licensing (which I'm fine with, btw).

In business, hours count, hours cost, and if you don't account for those hours, you're wasting money and not providing value. Closed source software generally leads to me providing a better quality product that the client can maintain themselves long-term. Open source software makes me more money as I get to bill more hours. It's not about feelings, it's not about principle, it's about giving the client what they demand and making sure the numbers balance.

Out of interest KittyK4t, would you rather provide the best solution or the solution that puts more money in your pocket? Assuming that they are different things.

I know exactly what you mean and it can be a fine line at times. We do both custom web apps and mods to existing open source projects, do we recommend a custom app or a mod to an existing distribution?
We get more for custom apps and less for mods but we do a greater quantity of mods.

The thing that I'm finding on these discussions is that it seems to be yourself, Justin and myself that understands the business case, maybe because of our backgrounds and experience?

> The thing that I'm finding on these discussions is that it seems to be yourself, Justin and myself that understands the business case, maybe because of our backgrounds and experience?

. . . or maybe the three of you just work in circumstances much more similar than those in which people like seanferd and I work. Wearing the "everybody's circumstances are exactly like mine" blinkers, by the way, is not good for serving your business case in the long run.

Let's take a more nuanced look at the situation:

> Personally, I want something that works the first time, has good documentation and allows me to build upon the work that's already done. I work with a number of open source products and the business reality of them is that I get to bill hours filling in gaps for clients in both documentation and features that they would have gotten out of the box with closed source packages.

Someone is doing something wrong, then -- and it's not the open source development community, in the general case.

In my experience, an extra 20% time and expense up front for configuration (typical open source option) versus an extra 10% time and expense up front for securing and licensing (typical closed source option) is worth it once I factor in the extra 30% month after month for maintenance and ongoing security management (typical closed source option).

Of course, this assumes you're taking the intelligent approach to whichever option you are using -- which involves paying a little more per administrator maintaining the system when using open source options to ensure you have someone who can make use of the much greater automation benefits that are commonly available to the knowledgeable administrator, thus greatly reducing the number of man-hours that must be spent on said maintenance and security management.

Ultimately, what this boils down to is that if you're providing exactly the same value but costing your clients more overall to maintain open source software, chances are good that someone is doing something horribly wrong in software selection, personnel selection, and/or system configuration and automation policy -- even if it's something as simple as not properly securing the closed source alternative. (There are exceptions, of course.)

Interesting post. I like the way you:
a) plucked numbers out of the air
b) assume closed-source products are less secure and require more maintenance
c) conclude that the only way open source can cost more ongoing is if the company implementing it are inept, because obviously the software is great.

Oh, and of course everyone must agree with your opinion, otherwise they are clearly one of these idiots not taking the "intelligent approach" and doing "something horribly wrong".

Like most people in IT, I've used plenty of open- and closed-source products. While there are some great open-source products, most suffer from a lack of polish and documentation that you just can't get away with when selling closed-source software.

Regarding Brian Gentile's perception "that many people in the open source community don???t give back", my feeling is that user contributions mean less for an open source project owned by a corporation.
I think corporate owners tend to drive development to a greater extent than in 'grass-roots' open source projects, and users have less say.
Also, there is always the risk that the company (or its future owners) will close the source, stranding your contributions.

I've been an open source advocate myself for a while, but I've noticed these trends myself. I just didn't know they were as pronounced.

Justin, clearly you have under-estimated open source - there are many open source products that trump and out weight closed source products, comparing Red Hat and Windows list prices doesn't help your case, the devil is in the detail (application reliability, scalability, hackability etc.) Windows Server will fail in every aspect (unless of-course you bring in Microsoft 'specialists' at a premium to sort out your woes). Our company has been running an open source ESB for 2 years without a hitch thanks to excellent support and code quality second to none (trust me, I've seen fix-packs from IBM and Oracle that define the word 'buggy'). Open Source in my experience is still a differentiator - now more than ever.

The fact that you don't know what you're doing on a server is not the fault of the server's developers. My servers, linux and windows, have about the same reliability. I've calculated my cost differential there and found it to be that linux saves me 3 machines per 1000 boxes in terms of overall performance and reliability. The difference with linux is I need 2-5 times as many support personnel, and I have to pay them 35% more than a comparable windows admin.

Do me a favor though, go see how unhackable your linux servers are if you haven't performed server hardening with bastille or other applications, and then install apache httpserver on it, just for my amusement. There's no way out of the box on a fully updated win server 2008 r2 instance to crack it remotely sans having physical access to the box, in which case OS can prevent entry.

I don't trust anything you say. I doubt you've ever worked in any developmental capacity with websphere, other ibm products or oracle.

> The difference with linux is I need 2-5 times as many support personnel, and I have to pay them 35% more than a comparable windows admin. There's no way out of the box on a fully updated win server 2008 r2 instance to crack it remotely sans having physical access to the box, in which case OS can prevent entry.

That's as ludicrous a claim as the typical Ubuntu weenie's claim that "Linux is invulnerable."

this mean that base of new source give as stage "not Deer",to biginner to delope their hash.

I have been a developer for 11 years now, I run teams and often deploy open source solutions internally. As a business we both love them and hate them.

We love them because: we can customise and modify them as our business case requires and when dealing with multiple charsets we find this a MASSIVE advantage.

We hate them because: we do find that open source solutions often are more expensive to deploy. A great example of this is we deployed a support ticket system that had issues with international characters such as "??" and "??", once we fixed this we had to adapt other blocks of code to support or replace the characters, it took 1 developer over a month to adjust the open source software to get the solution working to our needs, this made our total cost of implementation in the vicinity of US$10,000 including new server, software license and staff time. This represents ROI of around 10 months to us vs. around 4-6 months on the closed source solution. We passed on proprietary systems as at the time we didn't find any that really met our needs however now we wish we went down this path and took up a solution that was good but not perfect.
In addition to this, over the past 4-5 years communities of open source projects seem to have been reducing, we have also seen the quality in support of many developers to have reduced.

We frequent forums for open source projects that we use as we are a team of developers and we feel as a company that giving back to the community is an important part of open source, we just don't see this as much as we used to.

With our own products, we don't hide that we use open source technologies but we also don't promote it. We're are on a SaaS model so our applications are closed source and not downloadable but a few years ago many companies proudly displayed the PHP and mySQL logos along with "built using open source" as a loud and proud header. These days do seem to be gone. I read an article a few years ago now about a UK company (forgot the name now sorry) that said their customers started to think of open source technologies as free technologies, they started getting a lot of questions along the lines of why should the customers be paying for 'premium software' that is based on something that doesn't cost much to the developer? And are you really providing 'premium software' because it is based on open source? They forget that the real cost is in time and distribution, not to mention marketing and support.
Then the quality of the product doesn't always come down to the technology behind it, some are better then others depending on what you're doing with it as we know.
But the bottom line is sales dropped and this company started moving away from open source marketing also.

Will we use open source again? Definitely, but we will also look at the value in building the applications in-house and potentially adding them to our SaaS product line-up also. In addition we won't discount closed source applications so fast.

It isn't the first time an open source product cost us more than the closed source option but it is the first time that it cost us so much with what really is no tangible additional value to the company.

I like Open source, and as a research lab we use a lot. Open source has deep roots in the research community, we have shared software since a long time before anyone called it open source. But Open Source is just another choice. Like any software you are going to use you need to evaluate and be able to defend your choice. And remember that when an open source product is made it is made to fit the authors requirements, which they then decide to share. Hopefully you will check that those requirements match with yours and that the quality of software you need and the level of software quality the software you are evaluating match.
What software you use is your choice, and choice, not cost, is what open source is all about.

Sysop-dr, I respect your view and agree with it on principle personally but in business this is not a viable stand.
I love open source, I have worked and developed with and on it for years, this isn't the problem, it is the business case and the open source landscape.

Your question is the right question to ask but the person you're asking is not the right person in this case for your point and here is why.

The open source landscape is changing and has been for some time, this is changing how software is adopted and the choices being made. In the beginning open source was about sharing ideas and creating choice without having financial restrictions. Unfortunately when companies start looking at how open source can make them more money the community starts to fall over because after all why should the community pay for support when the company is being paid to provide it? The truth is the company sees open source as a way to reduce costs by having the community support itself. I have seen this attitude destroy many great products.

You also need to remember we are developers so the choices we made were very educated, we understood what we were looking at and looking for. We have been in business for a while now and understand these aspects, it was unfortunately an oversold product.

If I wasn't clear before, the software chosen was seen to be the best of both worlds, providing minimum requirements with the ability to customise it and make it into what was a best fit for the business. The problems and costs that came up were unforeseen by us being like a heap of dominoes, when 1 was picked back up the other was knocked.

Being developers we do our homework very well on software, we research everything, get feedback, get references (1 happens to be a good friend of mine that I have known since University), checked their forums, spoke to their support staff, we did all the normal things plus more.
So what was the problem and how was the real problem it missed? Their application supports multiple brands and languages, IF the languages are all UTF-8, we deal with other charsets as well as UTF-8, we told them that we need to also have support on other charsets and the response was no problem, just set up another database to support that interface and feed the data, the language scripts will send the correct charset to the header. This works, we do this in our own apps.
It turns out that they would normally tell customers that their software only supports UTF-8 but they thought they would have options for other charsets to be used before we deployed, then when we started deployment and they weren't ready for us but they didn't tell us.
The next release that came out about 6-weeks ago apparently deals with multiple charset support but we have already had a bad deployment, fixed the problems ourselves as well as written the add-on functions we wanted and spent real money to do it. We have patched the files with the security updates (plus a couple they missed in their update).

What I'm saying is this open source software did not represent real value for money at the end of the day and the company selling it was looking for a quick sale, the choice was right based on the information we were provided by the vendor (after re-reading the emails) but looking back knowing what we know now, it was wrong in reality. We should have gone for a product that was not the best of all worlds and that did the the minimum requirement well, a product that developers would support and fix if there was a charset problem (a standard question we ask all), this would have represented value for money as a business.

That's something that I've noticed for a while. Out of the big-name open source projects, name a single one, outside of Apache Foundation projects and Mozilla, that isn't under the thumb of corporate interests, let alone simply being a corporate project that happens to be open source. I think Ruby may be about it. Even stuff like Rails is finding corporate benefactors. If you look at who is doing the checkins, corporate backed (and corporate employed) developers are doing the lion's share of development. Really, they are just using the traditional freeware model, but calling it "open source" with a "community edition" as a marketing buzzword, nothing more. If you have to pay for the features you need, and the community isn't big enough to do any real development on their own, does it matter if you can read the source code? Nope. And all of those benefits of open source, like "many eyes" only happen with an active community.

J.Ja

I completely agree Justin, this is really a problem for the open source community if it is to continue to function into the future.

Previously our company used osTicket, again open source with similar charset issues in the beginning, we had to move because we have new requirements but I have noticed that solutions that myself and other developers have created have been showing up regularly in the past few releases, some of the fixes have been credited where others haven't been.

I also recently solved a 3 year old bug that has caused massive headaches and users have more so learned to live with, I emailed the developer the fix and told them they are welcome to use it. About 5 minutes later I received a rude reply saying that they already fixed the bug and it will be in the next stable release. So I asked why they haven't already distributed the fix (being a big one) as a patch until the next stable release, the answer - no reply.

Where osTicket has the look of being an independent project but I haven't entirely been satisfied this is the case since the last stable release.

> Out of the big-name open source projects, name a single one, outside of Apache Foundation projects and Mozilla, that isn't under the thumb of corporate interests, let alone simply being a corporate project that happens to be open source. I think Ruby may be about it. Even stuff like Rails is finding corporate benefactors.

I do not believe that having corporate "benefactors" (that is, corporate contributors) is the same thing as being "under the thumb of corporate interests". The PostgreSQL project, for instance, is pretty fiercely independent -- but EnterpriseDB is both building competition with Oracle and contributing a lot of code to PostgreSQL.

One of the benefits of open source software is the fact that it is in the best interests of heavy users of open source projects to contribute code and/or money to those projects. As a result, trying to call having a corporate contributor "being under the thumb of corporate interests" is turning a benefit on its head, and basically saying that an open source project can only be considered "independent" if corporations think it's useless. It's setting up a lose-lose situation, where the only way an open source project qualifies as independent in your world is arranging for it to be called useless. The truth of the matter is that the best independent open source projects are typically heavily supported by corporate interests, but not controlled by them.

You've gone from asking if "open source" is a business product differentiator to claiming there's no real open source any longer, and that stuff we call "open source" is just a loss-leader. This is not in any way consistent with what I see.

This is not to say there are not such supposed "open source" projects. MySQL has been one of those wolves in open source clothing almost as long as it has existed, for instance, and PHP is a ball of corporate suck as well. It is true that corporate dominance is a danger for any popular open source project that is not prepared to maintain its independence, it is not true that this means they all become corporate dominated product lines. In general, the best stay free, and the only corporate influence takes the form of good ideas and useful contribution as corporate users join the community.

"Enlightenment, Fossil, FreeBSD, MediaWiki, Mercurial, NetBSD, OpenBSD, PostgreSQL, SQLite, XFCE . . . ?"

OK, good examples. Probably the best ones in there are the BSDs and PostgreSQL, because those are large projects that needed decades to become what they are.

"I do not believe that having corporate "benefactors" (that is, corporate contributors) is the same thing as being "under the thumb of corporate interests"."

That's true. It depends on the project. A lot of them (like Ruby) seem to be on a steady march towards being an extension of a business.

"One of the benefits of open source software is the fact that it is in the best interests of heavy users of open source projects to contribute code and/or money to those projects."

My concern is when the overwhelming majority of contributions come from a business; that is when needs of that business start to override those of the community. I'm not sure where the line in the sand is, but it most certainly exists. A lot of projects are "open source" in that anyone can get the code, but the project is hardly a "community effort".

"You've gone from asking if "open source" is a business product differentiator to claiming there's no real open source any longer, and that stuff we call "open source" is just a loss-leader."

That's a shift in conversation, the two are tangential to each other. If there is a lot less true "open source" than we think, than it obviously is less of a differentiator. And yes, that's exactly how I see a lot of "open source", as a loss leader.

One thing I note, is that in the "big name" projects you listed above, while they are "big name" to you and me, a lot of people have never heard of them, and very few have actually used them. I think that MediaWiki is the only one on your list with widespread usage. And it's truly unfortunate, because in that list are a lot of truly superior projects. Mercurial? My SCM of choice. The BSD's? If I could do what I need to do in them, I'd gladly switch. Enlightenment and XFCE? I hear nothing but praise for them (I don't touch C so I can't personally vouch for them). PostgreSQL? Great system.

But... where's the market share? And barring that, where's the visibility? I know that the BSDs have decent adoption in the server room, but few people care about them past that (I'll be stunned the day sites like this rename their "Linux and Open Source" categories to be "Linux, BSD, and Open Source" for example). I think there are a number of factors behind it, but the lack of a big company making big bucks off the project is a lot of it. "The community" can only go so far. In my personal experience, most sys admins have *heard* of BSD, but aren't exactly sure what it is. Few developers have even heard of PostgreSQL. Last I heard, Mercurial's market share was around 2%, which is depressing considering what a "night and day" difference it is compared to SVN and TFS. That's actually the truly criminal one if you ask me. I think the average person won't notice much difference between Linux and BSD, or MySQL and PostgreSQL (or even Oracle and SQL Server...). But going from SVN, TFS, SourceSafe, etc. to Mercurial is an unbelievable difference, yet it's not happening en masse like I'd hope for.

If your only concern is really great software, that's well and good and you can make your decision based solely on that. But if you need to work within the confines of the "typical business environment", all of a sudden, picking the technically best project is not the only factor. For example, if you want to build a project based on PostgreSQL running on FreeBSD, a supervisor in a Windows shop and probably a LAMP shop is going to shoot it down because they don't have the internal knowledge to maintain it. And that sucks. Having that big corporate benefactor (or ruler) goes a long way in changing that.

So yes, I think that there are some great open source projects without that corporate master... but I definitely wonder why they aren't making inroads.

J.Ja

> A lot of them (like Ruby) seem to be on a steady march towards being an extension of a business. My concern is when the overwhelming majority of contributions come from a business; that is when needs of that business start to override those of the community.

I don't think that necessarily follows. With good governance, only contributions that are good for the project will be accepted, regardless of who offers the contributions. Even if 98% of contributions come from large corporations, good project governance can see to it that good contributions are accepted and those that would undermine the project's values are not.

In fact, in many cases, it is a good thing that business contributions are accepted in disproportionately large volume relative to non-business contributions, when the software in question is business oriented or reaches users primarily through business distribution of the software. Keep in mind that a strong community is not necessarily a business-absent community, nor necessarily a large community. In many respects, the OpenBSD community is much A lot of projects are "open source" in that anyone can get the code, but the project is hardly a "community effort".

"Community effort" is not exactly the same as "community project". Yes, there are community open source software projects that are not, on the whole, "community efforts" in terms of development contribution. On the other hand, I care very little who actually puts in the development effort as long as:

1. the development effort is good development

2. the development occurs at all

Let's say our choice is to either have the memory fragmentation/leak problem in Firefox fixed by IBM or not fixed at all -- but, if fixed by IBM the project ends up being pushed up to 98% business develpoment or, if not fixed at all, Firefox development becomes overwhelmingly supported by community development as a percentage of effort. Let's say that all else is equal.

I'd prefer the memory fragmentation/leak problem getting fixed, dammit. Because IBM does not dominate the MoFo And yes, that's exactly how I see a lot of "open source", as a loss leader.

I agree there's a lot of open source like that. That has been the case since at least the late '90s, though -- and possibly as far back as the late '70s. It has just become more obvious recently, in large part because of the buzzword compliance of terms like "Linux".

Consider, for instance, the fact that MySQL has always been a corporate "loss leader" project. In fact, it has ironically become less One thing I note, is that in the "big name" projects you listed above, while they are "big name" to you and me, a lot of people have never heard of them, and very few have actually used them. I think that MediaWiki is the only one on your list with widespread usage. Enlightenment and XFCE? I hear nothing but praise for them (I don't touch C so I can't personally vouch for them).

You probably don't hear much of what I have to say about them, then. Yeah, I don't like them much -- but then, I loathe KDE and GNOME even more, though I think the XFCE project But... where's the market share? And barring that, where's the visibility?

Marketing achieves visibility much more quickly than quality. The best open source projects tend to have market share far out of proportion to their visibility, especially I'll be stunned the day sites like this rename their "Linux and Open Source" categories to be "Linux, BSD, and Open Source" for example I think there are a number of factors behind it, but the lack of a big company making big bucks off the project is a lot of it.

I dunno about that. Canonical doesn't make that Last I heard, Mercurial's market share was around 2%, which is depressing considering what a "night and day" difference it is compared to SVN and TFS. For example, if you want to build a project based on PostgreSQL running on FreeBSD, a supervisor in a Windows shop and probably a LAMP shop is going to shoot it down because they don't have the internal knowledge to maintain it. So yes, I think that there are some great open source projects without that corporate master... but I definitely wonder why they aren't making inroads.

Marketing, mostly -- and I don't just mean formal advertising.

Our business here at the lab is Nuclear. We have a number of reactors on site and we can't afford any mishaps. I am assuming therefore that our QA requirements are a bit higher than yours.
We can't use most closed source software because of eulas that say we can't use them for nuclear. We have qualified compilers for use in nuclear. We have qualified OSs for use in nuclear. It takes time and money but there are lives at stake so we do what we have to do to ensure that the software does what is says and nothing more.
There are ISO standards for qualification of software from consumer level qualification to safety systems on nuclear plants and aerospace. (61508 is one, there are others.)
These standards list things like what requirement documentation, design documentation, change control, source control, testing and qualification (testing against another method to get the same results) or combination of these are required for each level of software quality. If you are using software that has not been developed in a quality manner using the right quality tools and testing then don't be surprised if it doesn't work for you.
And the only way to know that your doing the correct thing is use of standards.
You can create your own standards in house, on a project by project basis by use of quality plans but unless you have something written down and are following a plan you won't get where you want to go.
And there are open source projects out there who will do this for you or are already doing it. OR you can pay/donate to the project for them to get to the level of quality project that meets the requirements you have.
All of us use some sort of configuration management tool whether just cvs or git or a more comprehensive tool like MKS integrity suite. Some cobble together a set of tools like cvs, sourceforge and a database of requirements. I know some teams use Visual Studio Team System, which works good if your target is Windows.
Otherwise if the team isn't meeting your needs you can supplement their quality plan with your own testing and auditing.
Even with all of these requirements we can still use open source software. Closed source does not mean that the software is built using the correct quality assurance. And open source doesn't mean that there is no quality assurance. For instance the Linux kernel is strictly controlled and uses all of the tools required. We can use that. And gnu ada is qualified for military and nuclear (as is gnu FORTRAN and C++ although only a subset of the C++ language.)
For real time work we worked with an OS vendor to help them through the qualification process and they are now nuclear qualified.
The list is long and I can't mention them all here. We run into some that we try to qualify and can't but that list includes both closed and open software so you take your chances either way unless you do formal qualification of anything.
I know at times we seem to go overboard with the quality thing and you have to be careful that you don't end up with your QA just becoming a clerical rubber stamp which can happen; but if you don't have a plan, a standard to be measuring against, then you don't have anything.
If your vendor can't or doesn't live up to the standards they promised there is not much you can do. You could try to sue but that won't help your project, better to work with them and fix it. But by auditing you should be able to determine before hand the likelihood of failure, although that is not always the case. But because of one failure of one team either open or closed you should not paint the rest of the community with the same brush.
I like to use open source software. I also use closed source as well. Each is a tool that meets it's own requirements. Some open source software is quirky, I like to think reflecting the authors personality. Sometimes those quirks make the software better, other times not so much.
My all time favorite software is Eclipse. Yes it's IBM controlled and a lot of the development still comes from IBM but it just does so much. From a developers point of view you can do everything from brainstorming ideas with the team, requirements management, configuration management, documentation, planning, coding, testing, deployment (even using eclipse as the platform for your software) and actually remotely control the software all from within eclipse. There are also web-browser and email plugins. IBM based it's office suite on it, plugging in OpenOffice.org. And yes we qualified a set of eclipse and c++ development plugins for developing software for nuclear.
Just my 2 cents. I hope this helps.

Just to comment on the nuclear issue... closed source frequently disallows use in things like nuclear facilities for lawsuit mitigation. The vendors *never* want to be in a position to be sued, even if it's not their fault. The open source guys, well, there is no organization to sue, so they don't do it. Also, they don't have EULAs (other than the GPL, BSD license, etc.). Of course, open source licenses will say "use at your own risk" but if a commercial vendor used that language it wouldn't matter, they'd get get sued anyways. So in this particular case, while you are obligated to not use those packages for *legal* reasons, the fact is that the lack of language around nuclear facilities in open source packages is not because of technical capability. The moment a vendors figures out how to write a contract that keeps them 100% lawsuit proof is the day you see the nuclear clause removed from those EULAs. I remember, for example, when Java had that clause in its EULA (it no longer does)... did Java get any better? No, but Sun finally felt legally comfortable enough to remove the clause. People used that clause to make some sort of point, like, "Java is so bad, Sun won't let it be used in nuclear facilities!" No, Sun's lawyers didn't think it would be a good idea. Quite honestly, on the basis of stability and security, I'll take a Java (or .NET) app over the C/C++ that you see in the alternatives any day of the week, just because things like remote code execution attacks are so much harder to perform against those apps.

J.Ja

> Also, they don't have EULAs (other than the GPL, BSD license, etc.). did Java get any better? No, but Sun finally felt legally comfortable enough to remove the clause.

I don't know if "comfortable" is the reason. I think Sun was just trying to attract some "open source" buzzword magic, and to do that it had to stop imposing usage restrictions other than those the FSF has blessed.

We often forget to mention things that are very normal to us but are completely unknown to others, in this case sysop-dr I had no idea where you were really coming from, the logical assumption was you're an open source developer with a chip on his shoulder, maybe have problems with a closed source vendor like Microsoft when they had the massive balls ups with the release of Windows XP.

With everything in context I do understand where you're coming from better but this same thing may have blinded you to an average companies business requirements and the truths about sourcing business applications.

It's actually an unusual coincidence because I was contracted about 5 years ago to create a "web-based" audit system for use in nuclear "facilities" as it is carefully worded, the system is to ensure compliance and to be able to locate what caused malfunctions/disasters should they occur, you may even find it in your facility, all I know is the organisation that contracted me started a "commercial distribution" and it has now been rolled out to about 30 nuclear facilities around the world.

At the end of the day though, your requirements are dramatically different to those of "normal business", I have also contracted to a number of government organisations and their requirements, where not always a life or death scenario are similar. I am fully bonded and vetted for work by 3 governments currently, an unusual situation but it is because I have worked on a "joint venture" and I couldn't do my job without having this accreditation from each country involved. This is the catalyst that allowed me to get the contract for nuclear at the end of the day as there is only (to my knowledge) that 1 team of developers that have ever achieved multiple bonding and vetting from multiple countries.

The truth though is when you're dealing with something like nuclear or military daily it can be hard to remember the "normal" business of business. It really is a world to it's own, I should know.

At the end of the day however it is a matter of the needs at the time, I like open source but closed source from a business perspective is often the better solution however.

As I said before, business pays the bills so we need to do what is going to give the best return and not always represents the best case scenario to us.

My own stuff was rather exclusively Microsoft until about five years ago. When I needed to make an interactive website, ASP and ASP.NET just were not going to suit. Too much work for to little value.

So, I looked to open source. MySQL, Ruby on Rails, Netbeans, and more. The one thing that kept annoying me was the false mantra of 'it's open source so it's free and it's better.' Well, MySQL is no better than MS-SQL to me, in fact a little worse and scary in some ways. I use it because it's what I can afford at the moment for a web site.

Rails is night and day better than the pre-MVC ASP.net. Now with ASP.NET MVC, I could see going to it.

You're right about the bottom line. It's the cost of development and implimentation. That includes tools (that are sometimes very expensive), support (that J.Ja pointed out is often more than non-Open Source licenses), and training (that is sometimes just not available).