Enterprise Unix Roundup -- Open Source Bucks the Herd

Main

Sender ID for E-Mail Update

In Other News

Security Roundup

Tips of the Trade

With governments showing interest in open source, will following the herd remain the de facto safety standard in IT? Microsoft's Sender ID for E-Mail continues to polarize. ngrep makes it easy to both sniff network packets directly and extract information logs.

A favored sub-genre of Linux news story is the "Government of fill in the blank is requiring its agencies to consider open source software" narrative.

These stories have been popping up for several years now, and they're interpreted in a variety of ways. Commercial software companies like Microsoft have fielded proxies to fight "mandatory open source" as anti-capitalist and anti-competitive, while the open source enthusiasts tend to read the stories as the capturing of a beachhead in the ongoing war for open source dominance.

So what do they really mean? According to a report from the Center for Strategic & International Studies (CSIS), perhaps not so much.

While a clearly defined "best pick" might be nice for IT managers who can at least point to herd consensus, it's not a guarantee that anyone, taxpayers included, will get the best value.

"Slightly more than half of the initiatives never went beyond the proposal stage," the report said, and of those policies that mandated the use of open source software, none have entered into force yet. In fact, it goes on to say, the net result of most government open source initiatives has been "technological neutrality."

On their face, such initiatives have some obvious use. The old dictum of "Nobody ever got fired for buying IBM" has since given way to Microsoft in that equation, but the sentiment remains the same: Stick with the herd, and you'll be fine. While a clearly defined "best pick" might be nice for IT managers who can at least point to herd consensus, it's not a guarantee that anyone, taxpayers included, will get the best value.

Besides promoting hidebound dependence on a single platform or solution, that mentality has effectively empowered behavior on the part of Microsoft and others best described as extortionary and occasionally obnoxious.

We were entertained, for example, to note a recent article in the Boston Globe wherein a frustrated author, locked out of her own MS Office software because she didn't have the CDs on hand, ended up recommending several alternatives, including Sun's OpenOffice, a freely downloadable Office competitor.

One reporter doesn't a trend make, but the story serves as an illustration of how Microsoft has to consider how off-putting its behavior is in a market where competitors are slowly closing the feature gap for much less money.

In the server space, that's illustrated with Microsoft's price concessions in the face of large governmental contracts suddenly coming up for bids. Assorted Linux-based solutions are appearing as viable alternatives, and that has Microsoft grumbling about shrewd government purchasers using Linux as a threat to wring better pricing out of Redmond.

The dark side of governmental open source mandates is found in the more ham-fisted attempts to insist nothing but open source software be used. That's bad policy for a number of reasons, not the least of which is that the imbalance in preferences that enabled Microsoft to contemplate more and more restrictive and expensive licensing wouldn't be rectified: It would just tilt in favor of the Red Hats and SUSEs of the world. While they might not make users agree to an egregious EULA, they would most certainly enjoy applying their own set of screws in the form of support costs and "subscriptions."

The reflexive response to such an objection is, of course, that since Linux and other open source solutions are freely available, users can always migrate to, say, Debian. That's fine if you don't want guaranteed support or the other niceties a commercial enterprise brings to software deployments, like migration teams.

So while the CSIS report might not seem to hold much cheer for advocates hoping open source would simply become the law of many lands, the lackluster performance of open source policies has had a good result anyhow: By drawing attention to the viability of open source software, competition has opened up and IT managers have been released, by virtue of government fiat, from a narrow-minded, play-it-safe approach to building their infrastructures.

Sender ID for E-Mail Update

Two weeks ago we discussed the basics of Microsoft's Sender ID for E-Mail and the allergic reaction its licensing terms were creating in the open source community. That reaction has intensified in the past week, as some noteworthy open source and free software projects said they'll refuse to implement Sender ID for E-Mail under its current terms.

Both the Apache Software Foundation and the Debian project have made announcements stating that Sender ID for E-Mail's licensing terms are unacceptable. The Debian Project went so far as to note that it "would be forced to remove SenderID support from software we ship that does support Sender ID upstream according to the terms of our social contract."

The net effect of the Debian announcement is that even if a software development team working on a mail transfer agent like postfix or exim were to decide to include Sender ID support, the developers packaging the software for inclusion in a Debian release would remove or disable that support.

The Open Source Initiative (OSI) has reportedly been negotiating with Microsoft about the terms of the license, but at least one report indicates Microsoft isn't going to budge because outright donation of Sender ID intellectual property to the IETF is "not in tune with Microsoft's current focus on building its patent portfolio and intellectual property."

The IETF working group dealing with the matter believes a compromise in which Microsoft's technology is discarded from the standard might be a solution to the impasse.

>> To Other News
>> To Security Roundup
>> To Tips of the Trade