Lock-In 2.0

June 6, 2009

In its May 28th issue, The Economist has a leading article (editorial) about the state of open-source software, and its relation to “cloud computing”.   From their perspective, the question of whether or not open-source software will have a significant place in the future of computing has already been answered:

“FIRST they ignore you, then they laugh at you, then they fight you, then you win.” Mahatma Gandhi probably never said these words, despite claims to the contrary, but they perfectly describe the progress of open-source software over the past 15 years or so.

I have said, on occasion over the years, that the business model for many proprietary software companies was not all that different from the crack dealer’s.  Or, as Tom Lehrer put it, in his satirical song, The Old Dope Peddler:

He gives the kids free samples,
Because he knows full well
That today’s young innocent faces
Will be tomorrow’s … clientele.

Although I frequently got a fair amount of static after making a remark along these lines, it seems that The Economist agrees with me to some extent:

At the time, selling software to large companies was sometimes likened to drug dealing, because once a firm installed a piece of software, it had to pay a stream of licence fees for upgrades, security patches and technical support. Switching to a rival product was difficult and expensive.

Proprietary vendors tried on a variety of arguments to pooh-pooh the idea of using open source software for any serious purpose, among them:

  • It’s insecure, because anyone can look at the source code.  I’ve talked in earlier posts about the notion of “security by obscurity”, and why it doesn’t work.
  • It’s a socialist / communist concept that will destroy the software industry.  Someone please tell Red Hat and Google.
  • If you use it, you run some huge (though generally unspecified) legal risk.
  • It’s a hobbyist thing, not reliable enough for “serious” use.

The security and reliability argument has been shown to be particularly risible:

The fact that Google, the industry’s new giant, sits on a foundation of open-source code buried the idea that it was not powerful or reliable enough for heavy-duty use.

So, as I said at the beginning, the authors seem to think that the first questions have been answered:

The argument has been won. It is now generally accepted that the future will involve a blend of both proprietary and open-source software.

The article goes on, though, to raise the possibility of a new kind of vendor lock-in, tied to the rise of the “cloud computing” (Software as a Service) phenomenon.   As I discussed earlier, the use of cloud computing raises some new issues of trust and security; but it also creates a risk of being locked-in to a particular cloud computing provider, because it might turn out to be nearly impossible to move one’s data to a new service.  (I talked about a similar issue with proprietary software and file formats in an earlier post.)  It is not too difficult to imagine how this might come about:

But customers risk losing control once again, in particular over their data, as they migrate into the cloud. Moving from one service provider to another could be even more difficult than switching between software packages in the old days. For a foretaste of this problem, try moving your MySpace profile to Facebook without manually retyping everything.

The article concludes with the recommendation that cloud computing customers must insist on open standards for storing and transferring data.

So buyers of cloud-computing services must take account of the dangers of lock-in, and favour service providers who allow them to move data in and out of their systems without too much hassle. This will push providers to compete on openness from the outset—and ensure that the lessons from the success of open-source software are not lost in the clouds.

I couldn’t agree more. If a vendor suggests that you move your systems and data into his proprietary cloud, think of The Old Dope Peddler, and Just Say No.

New Version of Java SE

June 6, 2009

Sun Microsystems has released a new version, 6u14, of its Java runtime environment [JRE], and of the associated Java Development Kit [JDK].   At present, these are being offered primarily for use in testing and development.  Accorrding to the Release Notes,

This feature release does not contain any new fixes for security vulnerabilities to its previous release, Java SE 6 Update 13. Users who have Java SE 6 Update 13 have the latest security fixes and do not need to upgrade to this release to be current on security fixes.

One change that is mentioned is the addition of support for Windows Vista™ with Service Pack 2, which was recently released by Microsoft.  The run-time environment and the JDK can both be downloaded here

This version also includes the Java Hot Spot Virtual Machine version 14.0.  This includes various performance enhancements, including a new garbage collection routine, G1, in an early access version.  The Release Notes explain how to enable these features.

Since this update does not have security implications, I can see no reason to be in a rush to install it, but it’s probably worth having when it’s convenient to do the update.

%d bloggers like this: