Open source vs. closed source

From Wikipedia, the free encyclopedia

The neutrality of this article is disputed. Please see the discussion on the talk page.

Open source and closed source (or Proprietary software) are two approaches to the control, exploitation and commercializing of computer software. Open source approaches differ from the traditional model of software licensing by allowing other individuals and organizations to view and modify the source code and in many cases resell the software without providing royalties to the original authors of the software, or under some open source licenses without even requiring that they credit the original authors of the software.

Contents 1 Background 2 Comparing and contrasting the open and closed source approaches 2.1 Collaboration and project management 2.2 Commercialization 2.3 End user support 2.4 Innovation 2.5 Compatibility and interoperability 2.6 User freedoms to exploit software 2.7 Integration and overall "feel" 2.8 Security 3 See also 4 Quotes 5 External links

[edit] Background

Computer software is an unusual commodity. Once written, it can be copied and reproduced for very little cost, and can have great commercial value. However, the original source code created by the authors, if publicized, would allow anyone to duplicate their work in theory. Traditionally, source code has been hidden from anyone outside the company that developed the software and the code is treated as a trade secret which companies may attempt to patent.

Under the closed source model, source code must be hidden from the public and competitors who might otherwise reproduce or modify the code, either to resell the product or for other malicious reasons. Software companies that follow the closed source model see it as a way to protect their products from software piracy or misuse, from reverse engineering and duplication, and to maintain competitive advantage and vendor lock-in. Closed source software usually is developed and maintained by a relatively small team who produce their "product" in a compiled executable state, which is what the market is allowed access to. Microsoft, the owner and developer of Windows and Microsoft Office, along with other major software companies have long been proponents of this business model, although their business models have shifted with time.

The open source model allows for any user to view and modify a product's source code. Organizations and individuals that adhere to this model believe that the benefit that they gain from improvements to their software provided by the community of software developers is more important then protecting their competitive advantage. Common advantages cited by proponents for having such a structure are expressed in terms of trust, acceptance, teamwork and quality[1].

Open source software is licensed under what is often termed a "copyleft" license[2], a term which emphasizes the license's reversal of the principles of copyright. A variety of open source licenses exist. The two main license approaches are the GNU/Linux license which requires that any software that derives from the software also be open source, and the BSD license which allows derivative software to be sold as closed source products, in return for giving credit to the original designers. Open source can and is commercialized, both by purely open source companies such as RedHat and more traditional software companies such as IBM and Novell. The archetypal open source software is Linux (often referred to as GNU/Linux).

[edit] Comparing and contrasting the open and closed source approaches

[edit] Collaboration and project management

Closed source projects ("CS") tend to collaborate either only to a limited or peripheral degree with third parties (other than project co-members), or under non-disclosure agreements. Corporate development is usually run by teams or structured groups, with workload, agendas, intended results, and deadlines, centrally agreed, and use paid developers to achieve these goals as required.

Open source projects ("OS") by contrast usually embrace third party involvement with enthusiasm. Project involvement tends to be voluntary for many of those involved, and harnesses the enthusiasm of participants who are usually given in return, freedom to do what they feel best suited to, and allowed to become involved, committed, or (in many cases) learn as they do so. New code is developed and reviewed in a less formal process by many people - in some cases hundreds of thousands, or millions - and since many of these are intimately familiar with the system concerned, the quality of review and final writing tends to be extremely high on such projects and the speed of development can be very fast. Collaborative work is also resource efficient, since duplication of effort is avoided.

CS and OS projects tend to view their priorities as different. CS projects tend to work to deadlines, the date at which (for corporate, market or investor purposes) a new product or update must be released, or a new feature made available. OS projects, lacking investor pressure, tend to be more actively interested in how to do a job well, as well as produce it quickly, and in producing work to a high standard.

Example:

• Microsoft Windows is closed source, it is the worlds most common operating system and a de facto standard in the computer world. Proponents would tend to agree that almost every version of Windows has been a major leap from previous versions, in practically every area, both in innovation, and ease of use. Because it is developed by one company, it can be centrally managed and co-ordinated, and there are fewer "odd gaps" in its development as such. However against this, a huge effort has gone into protecting and preventing others from benefiting from this work in unintended ways, there has been much conflict over "hidden code" allegations, and security and quality have consistently been criticized by many third parties over the years.
• Wikipedia itself is open source, both its software (mediawiki) and the actual content, is collaborative. In five years it grew from under 1000 articles, to millions of articles, and its software is continually updated by a developer community that spans the world. The software is as a result very robust, since millions of people have access to it and any untoward happening has been analyzed by many developers at a moments notice. The information contained is broader, more comprehensive and more in depth than any corporate team could produce, and grows extremely fast in quality and scope, there is no censorship or hidden agendas, and there is a huge user base of millions of contributors, however as there is no central control, there are many articles not yet up to the intended long term standard and no article can be 100% relied upon without additional checking by the user.

[edit] Commercialization

The primary mechanisms for making money from closed-source software all seem to involve imposition of artificial scarcity constraints on something that, by its nature, can be very easily and cheaply copied and distributed. It has famously been said that "information wants to be free"; closed-source vendors would counter this by saying that "information providers want to be paid". Thus, they impose various limitations on what can be done with their software, first of all by usually not giving customers access to the source code, and then backing this up by restrictions on copying, enforced using both legal (copyright law) and technological measures (copy protection and digital rights management).

Thus, in closed-source software, there is an element of the design which means that the product is designed to prevent the customer from doing some actions that the company feels would result in compromise of their source code, even if this is something that isn't source compromising, or something the consumer wishes to do.

Open-source, on the other hand, abandons all such attempts at forcing the customer to do things in a certain way. Instead, the revenue model is based solely on what customers can be persuaded to pay for of their own free will.

Another important factor in the closed-source revenue model involves fending off competitors (both actual and potential) by continually raising the barriers to entry. Thus, new versions of the software are continually being introduced, with lots of new features being added. Competitors then have to come up with their own answers to these new features (otherwise they will not be seen to "remain competitive"), which they have to reinvent essentially from scratch, which adds to their own costs. Typically these features are added with little thought for their impact on the conceptual integrity of the overall product^{[citation needed]}, leading to the well-known phenomenon of software bloat.

Another problem with the addition of these features is that they often add to the software vendor's own costs; when they try to adapt the product to new markets and new applications, then the more feature-ridden the product is, the less flexible and adaptable it becomes. For example, operating systems built on the Linux kernel are available for a wider range of processor architectures than Microsoft Windows, including PowerPC and SPARC. None of these can match the sheer popularity of the x86 architecture, nevertheless they do have significant numbers of users; yet Windows remains unavailable for these alternative architectures, because the cost of porting it would be far too great.

The most obvious complaint against open source software revolves around the fact that making money through some traditional methods, such as the sale of the use of individual copies and patent royalty payments, is much more difficult and sometimes impractical with open source software. Moreover, many see the introduction of open source software as damaging to the market for commercial software. Most software development companies sell licenses to use individual copies of software as their primary source of income, using a combination of copyright, patent, trademark and trade secret laws (collectively called intellectual property rights laws). Fees from sale and licensing of commercial software are the primary source of income for companies that sell software.

Additionally, some companies with large research and development teams develop extensive patent portfolios, with the purpose of making money from patent royalties. These companies can charge licensing fees for the use of their patents in software, however open source distribution creates the potential for an unlimited number of derived works using the patented technology without payment to the patent holder.

This complaint is countered by a large number of alternative funding streams, which are actually better-connected to the real costs of creating and maintaining software. After all, the cost of making a copy of a software program is essentially zero, so per-use fees are perhaps unreasonable. At one time, open-source software development was almost entirely volunteer-driven, and although this is true for many small projects, many alternative funding streams have been identified and employed for open source software:

• Give away the program and charge for installation and support (used by many Linux distributions).
• "Commoditize complements": make a product cheaper or free so that people are more likely to purchase a related product or service you do sell (this is a primary reason for OpenOffice.org; Sun gives away the office suite to encourage users to buy their computer hardware). This is similar to The Gillette Company giving away razor handles so they could make money on razor blades, or Radio Shack giving away :CueCat scanners.
• Cost avoidance / cost sharing: many developers need a product, so it makes sense to share development costs (this is the genesis of the X Window System and the Apache web server).

Increasingly, open source software is developed by commercial organizations. In 2004, Andrew Morton noted that 37,000 of the 38,000 recent patches in the Linux kernel were not created by developers directly paid to develop the Linux kernel. Many projects, such as the X Window System and Apache, have had commercial development as a primary source of improvements since their inception. This trend has accelerated over time.

Additionally, it is worth noting that open source programmers may have non-financial reasons for developing software. An analogy is that of Wikipedia, where people contribute without expecting compensation.

[edit] End user support

Computer software is complex enough that users frequently need help with it even after they have got it set up and working to begin with. Software also invariably has bugs in it, which may adversely impact the users' ability to get work done and so need to be fixed. And a user may see areas in which the functionality of the software may be improved, to help not just that user but others as well.

Closed-source software vendors typically provide a "one-stop shop" for all support matters: since the vendor developed the software (and appropriately licensed any included components that were developed by others), the vendor also provides all necessary support functions. Nobody else can provide the level of support that the original vendor does, simply because nobody else has the requisite access to the source code (not just to understand how it works, but to make modifications and fix bugs).

This kind of model works well up to a certain point. However, as the number of customers increases, its effectiveness decreases. The better-known PC software packages of today have customer bases numbered in the millions. With that many users, support needs to be delegated to a group of people separate from the software developers (otherwise the developers would have no time to work on the software). This group increases development costs, and invaritably, not all bugs may be fixed fast enough to remain profitable. Another problem when a closed source project is this big is hackers trying to compromise other users' systems, often outnumbering the bug-fixers. (However, some say that it is easier to find bugs in open source software, as bugs can be more easily found with source code.)

Open-source offers an alternative model, where easy access to the source code allows the proliferation of a multitude of alternative support organizations, each remaining small enough to remain responsive to the needs of its own set of customers. With ready access to the source code, anybody can find a bug or shortcoming in the software, and submit a patch for it all the way back to the original software developers, who in turn can very quickly decide whether the patch is worth accepting or not. It is often said that the more eyes looking for bugs reduce them, and with more people looking for bugs, then looking to exploit them, it is no wonder bug fixes may be faster for open source projects.

[edit] Innovation

Open-source software has often been accused of being more derivative than innovative. This is true to some extent, mostly in the desktop arena. Thus, GIMP is in many ways a reinvention of the functionality of Photoshop, while OpenOffice.org is primarily designed as a plug-compatible replacement for Microsoft Office.

Many of the largest well-known open source projects are either legacy code (e.g., FreeBSD or Apache) developed a long time ago independently of the open source movement, or by companies like Netscape (which open-sourced its code with the hope that they can compete better), or by companies like MySQL which use open source to lure customers for its more expensive licensed product. However, it is notable that most of these projects have seen major or even complete rewrites (in the case of the Mozilla and Apache 2 code, for example) and do not contain much of the original code.

However, one should not overlook the many innovations that have come, and continue to come, from the open-source world:

• GCC is a set of compilers for C and other languages, that supports more different processor architectures, for both native and cross-compilation, than any other compiler.
• Linux is available for nearly two dozen different major processor architectures—more than most other operating systems^{[citation needed]}.
• Apache powers more web servers on the internet than any other program, including Microsoft's own IIS, and yet has a reputation for fewer software problems and vulnerabilities when configured by a competent user, despite (presumably) being of more interest to hackers due to its greater popularity.
• Mozilla Firefox is a Web browser which has managed to take increasing market share from Microsoft's Internet Explorer, to the extent that the forthcoming version 7 of Internet Explorer promises many features similar to those already in Firefox. Firefox, however, copies many features from closed-source browsers such as Opera.
• Greasemonkey is a Firefox plug-in that allows user customization of the appearance and behaviour of Web sites, whether to work around bugs, or to add features that the site creators omitted (inadvertently or otherwise).
• Beowulf MPI is an open-source framework used for building parallel-processing applications that run on Linux and other UNIX-like operating systems. It has proved itself so powerful that Microsoft has adopted it as a crucial part of its own efforts to establish a presence in the supercomputing market.
• The Gmail Filesystem is a good example of the collaborative nature of much open-source development. Building on FUSE (which allows filesystems to be implemented in userspace, instead of as code that needs to be loaded into the kernel) combined with libgmail, which is a Python library for programmatic access to a user's Gmail message store, the result is the ability to use the multiple gigabytes of Gmail message space as a fileserver accessible from anywhere on the Internet.
• Perl, the pioneering open-source scripting language, made popular many features, like regular expressions and associative arrays, that were unusual at the time. The newer Python language continues this innovation, with features like functional constructs and class-dictionary unification.
• dcraw is an open-source tool for decoding RAW-format images from a variety of digital cameras, which can produce better-quality output than the closed-source tools provided by the camera vendors themselves.
• Nicholas Negroponte's $100 laptop will use Linux as its operating system. The decision was made after months of discussions with vendors of closed-source alternatives.
• A number of laptop models are available with a particular emphasis on multimedia capabilities. While these invariably come preinstalled with a copy of Microsoft Windows, some of them [3][4] also offer an alternative "fast-boot" mode based on Linux. This gets around the long time it can take to boot up Windows.
• JACK is an audio-routing architecture that has been found sufficiently useful to be ported to Apple's Mac OS X.

[edit] Compatibility and interoperability

One issue that needs to be watched with software as it evolves is the need to maintain compatibility with other software, whether via common data formats, communication protocols or APIs. Closed-source software has a particular problem with APIs, since old, obsolete ones may need to be supported essentially forever, because they are still being used by other software that has never been updated.

For instance, consider the migration from 16-bit to 32-bit x86 processor architectures. Microsoft brought out its first 32-bit version of Windows, Windows NT 3.1, in 1993, yet it wasn't until 2001, with the release of Windows XP, that it was able to put out a mass-market 32-bit OS that did away with most of the backward compatibility with 16-bit code. Now there is the next transition, to 64-bit processor architectures. Windows XP Professional x64 Edition was released in 2005, but full 64-bit support in the way of applications and hardware drivers still remains thin on the ground, and the migration looks likely to be at least as protracted as the 16-to-32-bit one.

Contrast the situation with Linux. That has been available on a range of processor architectures, including 64-bit ones, since early in its history. Now that 64-bit processors are commonplace in the mass market, all the major Linux distributions offer full 64-bit-native versions, running full 64-bit binaries and using full 64-bit drivers.

[edit] User freedoms to exploit software

The politics of Open Source is an area that is so controversial, often even Open Source advocates themselves cannot agree what it should be.

However, one thing all are agreed on is that Open Source software is never designed to prevent users from doing things they might legitimately want to do.

For example, when Adobe Systems released its SDK for Photoshop 7.0 in 2002, it abandoned its previous policy of making SDKs available for free download from its Web site, instead requiring prospective developers to sign non-disclosure agreements before they could obtain the SDK. The reason given was that the new version included trade secrets and other commercially-sensitive information that could not be revealed to all and sundry. Which seemed reasonable enough. Except that, at the same time, SDKs for 6.0 and earlier versions of Photoshop were withdrawn from the site. Surely the argument of trade secrets in version 7.0 could not retroactively apply to earlier versions. Yet this kind of arbitrary exercise of control is precisely the sort of thing that regularly happens in the closed-source world, and that open-source advocates abhor.

[edit] Integration and overall "feel"

When people compare the user experience with using Microsoft Windows versus typical Linux distributions as a desktop system, they generally agree that Windows works in a more seamless fashion. Every bit of the system was produced by one company, so naturally the parts work together well. A typical Linux distro, on the other hand, is a combination of pieces from a large number of independent groups: the Linux kernel itself, basic operating system infrastructure from the GNU project, basic GUI functions from X.Org on top of which one may run window managers or alternatively more elaborate GUI environments such as Gnome or KDE, and so on. The Linux desktop experience is very much a work in progress.

But on the other hand, all the different open-source groups have a strong interest in having their projects work well together. They achieve this by having a fondness for open interoperability standards, such as those promoted by Freedesktop.org and the Linux Standard Base.

This cooperation between different groups naturally has to be conducted on a more structured basis than that between different departments of the same company. This turns out to have benefits in some respects. For instance, the Internet Explorer browser is so heavily tied into the Windows operating system that it needs to run effectively as "superuser", with full access to every part of the machine. This kind of situation would be unacceptable in the Linux world, where ordinary user desktop software has no business requesting full superuser privileges; if there is some task that it needs superuser privileges to perform, then it can ask the user for appropriate permissions before performing that specific task, or if that is not convenient then alternatively a suitably-privileged daemon could be created to perform that part of the task, with a defined protocol for communication between privileged and non-privileged code, to minimize the opportunity for security breaches that might compromise the integrity of the machine. Having the entire application run all the time with full superuser privileges is almost never the right solution to the problem.

For another example of why integration needs to be done on a carefully-structured basis, compare the systems for applying updates to operating system installations in Windows versus typical open-source operating systems. In versions of Windows up to XP/2003, updates (patches) are applied to the OS as a monolithic whole [5]:

One of the new features under consideration for the next version of the Windows Installer is the ability to uninstall a patch. Currently you must uninstall the whole product or use a hacky anti-patch style mechanism.

...

Currently patches are applied by MSI in the order they are received at the client, not the order they were created by the author. This can get really nasty in some scenarios, because applying patches in the wrong order can actually result in files being down-reved.

Most Linux distributions, as well as the BSD operating systems, on the other hand, include package management systems as standard. The various components of the installation are carefully separated into individual packages, with clearly-defined dependencies between them. An attempt to upgrade a package on which another package depends will trigger a message to that effect, perhaps with an offer to automatically upgrade the latter package as well. Two packages that do not depend on each other can be independently upgraded, and if a problem is revealed with the new version of one of them, it can be independently reverted, regardless of the order in which the two were upgraded.

And since the package management systems are open-source and public, it is straightforward for third parties to set up additional package repositories (such as Packman for SuSE Linux) that integrate cleanly with the original vendor/developer provided ones

[edit] Security

Open source advocates usually believe that open source programs are more secure, mostly because flaws in the code can be seen and fixed by anyone. Different studies reach different conclusions about security through obscurity versus open source. Closed source programs have fewer advisories, but open-source software usually has less times between flaw discovery and a patch or a fix. Also note that proprietary software companies may not always release advisories for all bugs in their software. Closed source advocates, including Microsoft corporation, argue that since no one is responsible for open source, there is no way to know whether it has been fixed. Open Source advocates argue back that no one knows what bugs exist in a closed source product, since there is no one indepenedent and credible checking in depth claims made by its vendor nor any open process addressing problems whose quality can be examined by 3rd parties.

Some people believe that closed source software is more secure than open source software. With any given piece of software, it's much easier for a black hat to find and exploit security holes in any given piece of software when he has the source code than without it. For example, many open source web programs using PHP have serious security problems and although these problems are being fixed, they are only fixed when affected end users prompt the developers about the problem.

Other people believe that open source software is more secure than closed source software. The availability of open source code leads to faster discovery of security issues, and faster resolution of these issues. They point to the exploitation of proprietary software such as Internet Explorer. But others claim that such software is exploited because it has a large market share—making it an attractive target for attackers—and claim that open-source software would also be exploited if it attracted the attention of those attackers. Open source advocates often counter by pointing to Apache, which is more popular than its main competitor, Microsoft IIS, but is also exploited less often. This argument is analogous to one in cryptography: it is believed that a secure encryption scheme has to be able to withstand attacks from people who have access to the code, and that security through obscurity is not a good thing. However, cryptography and software development are very much different things.

Flaws certainly occur in both closed-source and open-source software. However it has frequently been the case that a patch to fix one security problem in closed-source software has created another problem[6][7][8][9][10] or failed to fix the actual problem[11][12], and other times[13][14] [15] a vendor may leave a known flaw unpatched for months or even years at a time. These sorts of issues seem to be less common in open-source software [16].

[edit] See also

• Windows vs. Linux
• Linux adoption
• Open system
• Open standard
• Open format
• Vendor lock-in
• Embrace, extend and extinguish
• Network effect
• Opendocument great summary of the new OASIS Opendocument format (ODF) to create an open system for business & public sector documents

[edit] Quotes

From the European Parliament investigation into the Echelon system (05/18/2001):

"As far as firms are concerned, they should take strict measures to ensure that sensitive information is only transmitted via secure media.... If security is to be taken seriously, only those operating systems should be used whose source code has been published and checked, since only then can it be determined with certainty what happens to the data." report mirrored on fas.org website, PDF, p.83

[edit] External links

• Open source versus proprietary software: a discussion
• Peru congressman response to Microsoft detailed letter summarizing and rebutting on the Peruvian government's view, why closed source is not seen as being appropriate

Debate

• Forum Debate a lively and informative ongoing debate over whether or not a word processor application should adopt the OpenDocument format (ODF) included is a discussion of open vs. closed systems, open vs. closed standards, and free vs. proprietary software