Lock-In 2.0

In its May 28th issue, The Economist has a leading article (editorial) about the state of open-source software, and its relation to “cloud computing”.   From their perspective, the question of whether or not open-source software will have a significant place in the future of computing has already been answered:

“FIRST they ignore you, then they laugh at you, then they fight you, then you win.” Mahatma Gandhi probably never said these words, despite claims to the contrary, but they perfectly describe the progress of open-source software over the past 15 years or so.

I have said, on occasion over the years, that the business model for many proprietary software companies was not all that different from the crack dealer’s.  Or, as Tom Lehrer put it, in his satirical song, The Old Dope Peddler:

He gives the kids free samples,
Because he knows full well
That today’s young innocent faces
Will be tomorrow’s … clientele.

Although I frequently got a fair amount of static after making a remark along these lines, it seems that The Economist agrees with me to some extent:

At the time, selling software to large companies was sometimes likened to drug dealing, because once a firm installed a piece of software, it had to pay a stream of licence fees for upgrades, security patches and technical support. Switching to a rival product was difficult and expensive.

Proprietary vendors tried on a variety of arguments to pooh-pooh the idea of using open source software for any serious purpose, among them:

  • It’s insecure, because anyone can look at the source code.  I’ve talked in earlier posts about the notion of “security by obscurity”, and why it doesn’t work.
  • It’s a socialist / communist concept that will destroy the software industry.  Someone please tell Red Hat and Google.
  • If you use it, you run some huge (though generally unspecified) legal risk.
  • It’s a hobbyist thing, not reliable enough for “serious” use.

The security and reliability argument has been shown to be particularly risible:

The fact that Google, the industry’s new giant, sits on a foundation of open-source code buried the idea that it was not powerful or reliable enough for heavy-duty use.

So, as I said at the beginning, the authors seem to think that the first questions have been answered:

The argument has been won. It is now generally accepted that the future will involve a blend of both proprietary and open-source software.

The article goes on, though, to raise the possibility of a new kind of vendor lock-in, tied to the rise of the “cloud computing” (Software as a Service) phenomenon.   As I discussed earlier, the use of cloud computing raises some new issues of trust and security; but it also creates a risk of being locked-in to a particular cloud computing provider, because it might turn out to be nearly impossible to move one’s data to a new service.  (I talked about a similar issue with proprietary software and file formats in an earlier post.)  It is not too difficult to imagine how this might come about:

But customers risk losing control once again, in particular over their data, as they migrate into the cloud. Moving from one service provider to another could be even more difficult than switching between software packages in the old days. For a foretaste of this problem, try moving your MySpace profile to Facebook without manually retyping everything.

The article concludes with the recommendation that cloud computing customers must insist on open standards for storing and transferring data.

So buyers of cloud-computing services must take account of the dangers of lock-in, and favour service providers who allow them to move data in and out of their systems without too much hassle. This will push providers to compete on openness from the outset—and ensure that the lessons from the success of open-source software are not lost in the clouds.

I couldn’t agree more. If a vendor suggests that you move your systems and data into his proprietary cloud, think of The Old Dope Peddler, and Just Say No.

One Response to Lock-In 2.0

  1. […] I noted in an earlier post, there is a danger of getting “locked in” to a particular cloud computing provider, if […]

%d bloggers like this: