IoT
Software
News
9/27/2007
09:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%
RELATED EVENTS
The Analytics Job and Salary Outlook for 2016
Jan 28, 2016
With data science and big data top-of-mind for all types of organizations, hiring analytics profes ...Read More>>

IT Survival Guide: Exercise Caution Amid Open Source Options

Open Source software is generally reliable, but GPLv3 can cause problems. Here are ways to avoid pitfalls.

Open source is typically of high quality and can be counted on to run reliably. That doesn't mean you don't have to do your homework before deploying it.

First and foremost, you now have to contend with GPLv3, the recently updated version of the Free Software Foundation's General Public License. GPLv3 imposes restrictions on digital rights management and embedded Linux that might prove troublesome if your company plans to resell code based on open source.

InformationWeek Reports

GPLv3 applies to a minor part of open source code so far. Only 693 projects are issuing code under it. By comparison, 5,219 projects license under GPLv2 "or later," meaning the same code is available under both licenses. GPLv2 projects were never expected to convert en masse to GPLv3. That will happen gradually as developers decide on the merits of GPLv3 when releasing new or updated software.

The Opportunity
>> COST CUTTING
With open source, you avoid front end license fees. Support subscriptions are often priced below commercial product support, or support is available in free, public forums.
>> INNOVATION
Projects generate market-leading products, such as the Apache Web server. Strong projects attract top programmers and become self-sustaining.
>> KEYS TO SUCCESS
Make sure there's a thriving community around what you adopt to assure continued code development and support. Examine how fast bug issues are addressed; long delays may be a flag for trouble.
The Linux kernel still is issued under GPLv2, but some of the add-ons, such as the Samba file translation package, will soon be out under GPLv3. So Linux from Red Hat, Novell, and other major distributors will contain both GPLv2 and v3. That means "you've got to evaluate open source code before it comes in behind your firewall," says Theresa Bui Friday, co-founder of Palamida, an open source code auditing company.

The reliability of Linux, Apache, and Samba is well established, but that's not the case with newer projects. If you're assessing prototype code, project mailing lists provide a view into issues and features and give potential adopters a sense of what to watch out for. A list that airs a bug or security exposure also will supply the dates around when a problem appeared and got fixed. A project that has a major exposure that endures for six months might be code to avoid.

Sites such as SourceForge.net and Ohloh.net provide stats on a project's activity level. How many contributors are there? How frequently is code posted to the core build? How many bugs are awaiting fixes? The degree of activity can be signs of whether a community is thriving or waning.

GREEN LIGHT
There are a few ways that new code can be quickly vetted. Tools shown to work inside the Eclipse programmer's workbench or applications that work with OpenOffice.org have already passed a fundamental test of reliability and compatibility. Software that's been OK'd for inclusion in one of the software stacks, such as LAMP (Linux, Apache, MySQL, and Perl, Python, PHP) is another quick measure of reliability. SpikeSource, Covalent, Red Hat, Novell, and SourceLabs vouch for certain pieces of code working together. Sun Microsystems also tests and distributes PostgreSQL, MySQL, and the Apache Foundation's Derby Java database to work with Solaris and other Sun software.

Such ratifications by experienced groups are important. But you don't want to get in the situation where the software is theoretically compatible but the companies or groups behind it aren't and will stop short of troubleshooting joint operational problems.

Comment  | 
Print  | 
More Insights
Google in the Enterprise Survey
Google in the Enterprise Survey
There's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity ­products, and 69 percent cite Google Apps' good or excellent ­mobility. But progress could still stall: 59 percent of nonusers ­distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
Register for InformationWeek Newsletters
White Papers
Current Issue
How to Knock Down Barriers to Effective Risk Management
Risk management today is a hodgepodge of systems, siloed approaches, and poor data collection practices. That isn't how it should be.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.