Rephrase: uninformed asserstions that happen to be false

[Albert P Tobey]

My appologies to everybody for a not-really-but-kinda-sorta-perl-related
thread on this list.
--
Matthew,

Do not simply label me an open source zealot.  I can be one, but I'm not
because I understand (just as most knowledgable OSS advocates) that some
current business practices require propriety over their IP.  The point I
was trying to make is that you /could/ use OSS, not that you have to, or
not even that the products I mentioned would suit the task.  I could
poke holes in your arguments all day long, but I'm guessing that it'll
be a waste of my breath.  I could carry this thread on forever if
unchecked, so I'll make this may last word unless others on the list ask
for clarification.  You'll notice I will reiterate a couple points - it
is because I find those points to be especially important for anybody
reading this to understand.
 
The fact that your company is peddling shrinkwrapped software is
irrelevant to the points that I'm making.  The fact is that all of the
products I mentioned can be directly included into a boxed product
without paying a fee or directly including the source.  The only
requirement, even under the GPL, is that you make the source available -
ftp, or just a link to the original author/maintainer's site.  If you
are linking a library or connecting to a database that is under the LGPL
or GPL, respectively, you DO NOT have to open the source to your
product.  You only need to make modifications to GPL covered products
available to your customers.

As for proprietary data models, they're absolutely worthless no matter
how you slice it, unless you're interested in lock-in Microsoft style
(read: monopoly).  MS Word DID NOT gain dominance because of some silly
data format - it did because it's one of the best product available in
its class and is by far the best marketed.  Has anybody ever said, "gee,
word is great because their doc format is so cool."  More often I hear
the opposite, especially when it comes to editing the document outside
of Word.  How many times have people requested applications to index doc
files for a web portal or to translate to other formats?  Why, now, is
the industry starting to move over to XML which is, by nature,
non-proprietary?
If you're interested in protecting your content, use 3DES or AES
encryption - you can either buy or get for free (and use freely)
software to do the encryption for you.  Anybody who has an inkling about
security and cryptography can tell you that obfuscation buys you
absolutely nothing.  So, especially, in the case of 'data files',
cramming data into some proprietary and obfuscated format usually done
out of ignorance and jealousy.  Perhaps in the case of an application
like Oracle ('data base') I can see the need to use 'proprietary'
formats because their business model is based entirely on the
performance and stability of their database, not content or user
applications.  I don't have time for details on where proprietary makes
sense, but there are some very good websites out there like
www.opensource.org and www.fsf.org that can explain it better -
especially check out Eric Raymond's essays that can be found on
opensource.org and his book "The Cathedral and the Bazaar".

...

>   Sure, you can make money with open
> source, but it doesn't fit well into a content/subscription model.
Huh?  That's one of the _best_ ways to make money with OSS.  Give away
the software, charge for the content.
> My customers actually pay money for our software and content on
> a subscription basis.  That's very different thant the IT services world.
> In your solution,  I would give away the keys to the kingdom!

You can still charge all you want for both the software and the content,
even if you use non-proprietary data files and even some OSS software in
your product.  Obviously, you haven't read the licenses or you don't
understand them.  Do you think Oracle or Nvidia have to release sources
because they have code compiled by gcc and binutils and links to the GNU
C library?  No.

This is why I go off when I see inaccuracies about OSS - because you are
just one of thousands of misinformed people who get around spouting
half-truths and false statements.  Ignorance is never an excuse.

> >The only thing nifty about it is that the developer
> >(you?) can buy himself some more job security.
> Fine, Let's avoid the flames and stick to facts.
> Seriously, we have 10 developers here.  We hired a contractor to do
> a great deal of the programming on our Data Storage Tier.  He's gone,
> and if I quit, someone else would be up and running shortly.  If we
lost
> all 10 developers, that would  be bad - but we have a half-dozen
> information developers who know how to build catalogs in our
> proprietary format.
Ahh, but if it were an open format, you wouldn't have needed that
contractor at all and new developers would already know what's going on,
day 1.

> I want to re-distribute the database and run it on the user's desktop.
> BerklelyDB is attractive for that, but if I want to redistribute it, I
have
> to ship the source code and pay a fee. (1)  Considering that I want
> my data to be encrypted and stay that way (only accessable through
> my data handlers), that's not a very good choice.  [I know, we're back
> to open source again ... what can I say?  I work for an intellectual
> property company.  I may not like your opinions, but I do recognize
> that you have a right to them.]
> 
> MySQL is the same way(2)
Umm.  You didn't read the licenses did you.  While I don't know the
Berkely license as well as OSS or GPL, I do know that you don't have to
pay a fee, and I'm pretty sure you don't have to distribute the source
at all.  This is why Apple chose BSD code for OS X and not Linux or
other OSS stacks - BSD does not require you to publish your
modifications at all and there's no fee.  MySQL has been released under
the GPL, so regardless of what MySQL (there are two companies selling
slightly different versions) charges for support or whatever, you can
distribute it unmodified as much as you want with only a README to point
to the source.  MySQL's license changed only about a year ago, so you
may be thinking of their old license.  And, yes, PostgreSQL is GPL IIRC
and it is still under active development by a couple groups - Redhat's
RedHat Database is based on the PGSQL code, for instance.  Many OSS
companies do have instances where you pay, but it's not for the code -
it's for specific feature enhancements, distribution media, support, or
content.

> Essentially, you're repeatedly suggesting that I ship an open-source
> database to individual client machines.  I'm suggesting that that
doesn't
> fit with the client-side app content/subscription model, and you can
tell
> by reading the license  agreements to those apps.

The key word is suggest.  I'm making the point that you could use any of
the available open source software and not endanger your business
model.  In fact, it may enhance the bottom line of your company by
cutting back on developer time to produce the product - or leave more
time for interface and other enhancements instead of reinventing
wheels.  I was not referring to the technical capability of any of those
products to fulfill your needs.  But, I cannot think of many ~500mb
storage applications that couldn't be handled easily by MySQL,
BerkelyDB, or even a good XML/SAX parser.

If you're not encrypting data (I'm guessing not), then you should be
using an industrial-strength encryption algorithm if you're that
concerned about the propriety of your data.  Obfuscation of data is like
using a cheap paddlock on your castle's front gate.  Paddlocks are only
good for keeping honest people honest: any crook with an acetylene torch
can access your data no matter how good your paddlock.  Use AES and it's
like a titanium safe - crooks can hack and cut for years and still not
get in.

> Have a few more Databases you'd like to
> discuss?  I'd love to hear it.
Oh yeah - there's a great SQL engine that's fully commercial and
designed specifically for embedded applications (e.g. shrinkwrap) called
Solid SQL.  Do a google search.  You'd be surprised how many apps use
it.

Again, I really don't care what you do with your applications, but I do
care when people spread false information.  While I'd love to debate
this further, I don't have the time.  Just make sure you know what
you're talking about the next time you try to disregard OSS.  Just
think, Perl would not be anywhere near where it is today if it weren't
for open source development and the communities that have grown up
around it's open nature.

-Al Tobey

-- 
 "Open source" means that anyone can get a copy of the source code.
Developers can find security weaknesses very easily with Linux.
The same is not true with Microsoft Windows.

Microsoft, "What Every Retailer Should Know", February 2001



********************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity
to whom they are addressed.  If you have received this 
email in error please notify the Priority Health Information
Services Department at (616) 942-0954.
********************************************************************