I just read through the article about using Open Source or Free software alternatives in the business. Great article. I think you guys just brushed the surface of what is out there. There are many great applications for doing almost everything that you have to buy... from photos to anti-virus, you can get it all for free... as the FOSS (Free and Open Source Software) movement philosophy focuses on the good of the community over profits.

If anyone has questions or needs recommendations, please PM me!

I agree we just skimmed the surface. We'll plan to cover some other types of open source software in the near future. I'd be curious to hear your recommendations -- and I'm sure other forum members would be as well..
--Dan

I find the whole open source movement interesting, but it's one of the less pleasant facts of human life that nothing motivates quite like personal interest (read:greed). That's why the US usually leads the world in medical and dental advancement, because we don't have socialized medicine.

Similarly, I find that while the open source applications I've tried do work pretty well, they don't quite meet the level of reliable function that commercial apps do. This is just my personal experience.

I've had good experience with the open source packages I've used, but there are clearly some immature projects out there. Interestingly, some of the open source apps out there (i.e., mySQL) have commercial counterparts that help keep them competitive. Likewise, some of the open source projects have forced commercial apps to regain their competitiveness. As an example, the rapid adoption of Firefox finally got Microsoft off the stick to make some enhancements to Internet Explorer. (Maybe we'll even see the announced changes to IE sometime soon...)

Open source isn't always the be-all end-all, but it has a valuable role in the scheme of things. And some of the open source apps are clearly as good, if not better, than their commercial competitors.

Something else to consider: there are many applications that at one point were completely commercial apps but have been open-sourced.

The excellent Quasar Accounting package is one example. Since 1995, the fine folks at LinuxCanada have been continually supporting this application which they wrote ten years ago. While it was commercial-only for most of its life, it was released as open source in January of 2005. This application is on-par with the features, capabilities, reporting, and ease-of-use of QuickBooks Enterprise Edition (as it surpasses QuickBooks Basic and QB Pro with some advanced inventory features). January of 2006 will see the release of Quasar 1.5 with even more advanced inventory features such as LIFO/FIFO pricing.

As tens of thousands of businesses worldwide have discovered, you can't beat an open source accounting system which is reliable enough to handle millions of invoices a year, is robust enough to handle tens (perhaps hundreds?) of concurrent users at multiple store locations (with no license fees), and runs on a virtually virus-proof and otherwise highly secure operating system...

Check it out. Even the feature list is 50 pages long!

http://www.linuxcanada.com
ftp://ftp.linuxcanada.com/pub/Quasar/1.4.7/manuals/quasar_features-1.4.7.pdf

(Disclaimer: I don't work for LinuxCanada - just a satisfied user of their s/w.)

I think deploying open source software is still probably beyond the tech. skills of most smaller SMBs. However, what intrigues me is the notion of service providers offering open source apps as Web-based services. It has the potential of offering the best of both worlds. Small businesses get the features they need at a monthy subscription price considerably lower that proprietary applications. However ,the xSP handles the infrastructure, software patchs, upgrades and so on.

Of course, nothing is right for everyone. Some companies aren't comfortable with Web-based applications. I just think open source will continue to provide more compelling options as the primary barrier (complexity) is lowered.

--Dan

Another point I forgot to mention, the open source movement has pushed commercial developers to hone their products further to stay a step ahead. THat can't be a bad thing

I think deploying open source software is still probably beyond the tech. skills of most smaller SMBs. However, what intrigues me is the notion of service providers offering open source apps as Web-based services.

In many cases I would whole-heartedly agree with you, however some of the open source apps have put a lot of work into making their installation/configuration pretty painless. I also agree that it is pretty attractive when service providers offer open source apps. One host I use has installers for a whole range of open source apps (including portals and e-commerce) which I have found to work seamlessly and offers a great benefit to the customer.

I know that when I develop an application, like SynergyMovies, something that I made just for myself to use, I often open it up for free. Why not share the wealth?

There is also a good open source productivity suite called OpenOffice. I have played with it and you can integrate the files into Office, word, powerpoint, excel, and visio. I know that many European companies have adopted it as an alternative to commercial office suites.

RS
http://www.landisnetusa.com

Yeah I considered it when I found Office wasn't bundled with my new pc. But I ended up sticking with office, mostly for outlook. Then I ended up using thunderbird for email anyway. Although it has far fewer features than Outlook, it has the spam filtering I desperately need for my work email

I like Outlook so much with all of the extra's in it that I have not migrated to Thunderbird, although I like Firefox very much. I cannot give up the task manager that pops up when I have scheduled to do something. That little tool has saved my life at least 10 x(s) over.

RS
http://www.landisnetusa.com

If you love Outlook, I know that I use all of its features, you should really install Spambayes. http://spambayes.sourceforge.net/ Spambayes installs and adds a excellent spam filter to Outlook. It is as good if not better than the one in Thunderbird, and it is 100% free.

http://spambayes.sourceforge.net/

I have it, it works well but too slowly. Also, one thing Outlook does that drives me absolutely nuts, it gives the small env. in the systray when you get ANY mail, including junk mail. That makes me crazy. We use our email for everything in my company, and I stop what I'm doing the second I see i have mail, and check it. If I had to check for every piece of useless mail I get each day, I'd never get anything done.

JPncy - my favorite thing outlook does is automatically goes into Offline mode. That is the best! Stupid MS! As for Spambayes... I love it, its a bit slow (takes about 30 seconds to go through 200 spam) but I rarely have to go one by one.

Open Source does produce some decent software, however having been an engineer for 10 years I can tell you that there is a big disconnect in the professionalism of open source supporters compared to corporate programmers.

Also Open Source may allow security holes to be patched, but only after the hacker community exploits them.

As far as Microsoft's woes, FireFox is now learning that all it takes to get hacked constantly is to be worth the effort user-wise. Microsoft has always been a target becuase of it's size, however due to it's proprietary nature, exploits are much more difficult to find, and then they have millions to fix the issues.

EWB - That is the MS argument. Personally I don't see how an open source program like a photo editor is an issue.

Well no, those programs aren't a liability, but the online variety are. I've been hearing this from all manner of alternative users for yrs, those on Macs, or Linux, etc. I keep trying to tell them that popularity is ALWAYS security's antidote. You may THINK your program is secure, but you never KNOW what holes it has until you have that same think-tank trying to attack it. That pool of knowledge that goes after MS stuff.

Hi James,

Open Source does produce some decent software, however having been an engineer for 10 years I can tell you that there is a big disconnect in the professionalism of open source supporters compared to corporate programmers.

Can you give specific examples? While this may be true for Cool Joe's CD-Ripr 0.01, there are many open source supporters that are very professional... like [SugarCRM, Quasar Accounting, the PostgreSQL group, or even that Fortune-100 company with three letters, IBM.

Also Open Source may allow security holes to be patched, but only after the hacker community exploits them.

Again, can you give specific examples please? The track record I've seen indicates that most Open Source projects patch holes as soon as they're discovered, not after they're exploited. There are a few exceptions to this as there are with all kinds of software (for example, the Microsoft IE security holes that are *never* patched; at least with Open Source you *can* patch them, you're not at the mercy of Microsoft).

As far as Microsoft's woes, FireFox is now learning that all it takes to get hacked constantly is to be worth the effort user-wise. Microsoft has always been a target becuase of it's size, however due to it's proprietary nature, exploits are much more difficult to find, and then they have millions to fix the issues.

But until the recent past, Microsoft has not fixed vulnerabilities *at all* until they are published by those who discover them. Now they do so because there are competitive threats out there (FireFox). Furthermore, it is a fallacy to believe that just because Microsoft has millions (or even billions), they will spend said money on fixing what they have versus developing new stuff.

The problem with Microsoft is poor design; for instance, why on earth would you need to make system-level OS calls to render a web page? There are many, many IE vulnerabilities that allow an attacker to gain full access to a machine. On the other hand, FireFox runs purely as a user process and therefore any vulnerabilities - however infrequent they are - can't cause a system level exploit.

So just by that statement they would be safer as the would not be targets?

Until they become popular, yes. Firefox was the darling of the "secure set", until it got a little too popular, and then holes starting being reported, and they continue to come. They now have nearly as many as IE. In fact, if you look at the last 6 to 12 months, they have MORE reported than IE, and that's STILL while holding around a quarter of the market. Imagine if they ever won the browser war. The Secunia site is a good place to check for such things.

I keep trying to tell them that popularity is ALWAYS security's antidote. You may THINK your program is secure, but you never KNOW what holes it has until you have that same think-tank trying to attack it. That pool of knowledge that goes after MS stuff.

While this is a valid point, it is used far too often to excuse poor design and bad software. People love to say, "Oh, Linux is more secure because people don't attack it as often..." No, Linux is more secure because it has a better design; this fact stands regardless of how many people try to attack it.

Let me use the parable of the Big Bad Wolf to illustrate:

Imagine that there are two houses, one built from wood and one built from brick. For whatever reason - be it monopolistic (or standard) business practices or because people think it's easier to use - the house built from wood has many parties and lots of visitors. The house built from brick has fewer parties and visitors. Because it is so popular, the house built from wood is always attacked by packs of big bad wolves, trying to blow it down. Holes are blown in the wooden house's walls, and patched afterwards. Because it is made from wood, the wooden house is easy to blow holes in.

If, all of a sudden, the house made from brick became popular and held many parties, then logic would dictate that the packs of big bad wolves would try and blow *it* down. However, no matter how hard they try, or how many wolves are in the pack, they simply cannot blow down the house built from brick. Nor can they blow holes in its walls - it is simply better designed.

Similarly, regardless of how many people attack well-configured Linux boxen and how many people attack well-configured Windows boxen, the Linux boxen will suffer far fewer holes simply because Linux is designed better.

People who continue to believe that the perceived security of Linux (or other open source apps) is explained by the low number of people attacking it are not only deluding themselves into accepting subpar software, they are shortchanging themselves by not demanding better software from their vendors and they are also not using the free market economy in their favor by switching to products which are indeed more secure. Those who *are* fully aware of the big picture and are able to see past the hype will have a better chance to run their businesses more efficiently.

(Granted, this might all change with Windows Vista, but Microsoft has been promising a secure operating system since the days of Windows NT 3.51 back in the early 90's, so I'm not holding my breath.)

It's not the quality of the walls alone. It's the quality of the whole building.
I usually use the Termite example. Termites, as you know, eat wood.
Now imagine a wooden building, a stone building on a wooden fundament and a stone one built on stone, and a colony of termites, attacking each of these buildings. Assuming the termites keep to the ground:what will be the building that the termites will not be able to get into?

That's why I don't use Windows nor Linux (in fact, any unix) on my internet-accessable machines. And I DO run opensource on it - often Linux based - because it's cheap (no cost) and very workable. There may be some redesign and recode involved to make it even more stable and secure, but the products I use (or am going to) have a good record. Also, I'm not unprepared: scanning the webserver logs I have found some possible exploits of products not yet installed so I can take precaustions.

My experience is that the quality of Open Source software, and esepcially where there is a good developers base, is generally good. The more a package is used, the better it usually is. However, it does not always apply to the documentation. Also I experineced problems with dependencies on libraries - explicit versions must sometimes be available otherwise the programs won't run. Some packages won't co-exists with others for this reason, and you must be exteremely careful in updating/upgrading packages or OS; it could influence the behaviour of other programs - not at all related but for the used libraries.
Even just replacing one library for a higer version - where I would expect to be no problem at all - may cause incompatbilities.
In some way, the developers cannot be blamed for security holes. The programming language that is often used inplies them, but my knowledge tells me that if dicipline were exercised in defensive programming and taking care for backward comptability, efficiency, co-existence, interoperability and keeping documentation up to date, it would make it all more useful.

Perhaps I am spoiled by working in this highly secured, higly available, perfectly designed and well behaving environment. But it is the environment in which I learned programming.

Well there's another point to be considered. Some of the holes are just born of shortsightedness, but many of them are born of the number of possibilities built into the software. For instance, activeX tecnhology allowed greater possibilities, but unfortunately that also translates into possibility to exploit as well.

And I still maintain that NO one can know what vulnerabilities exist in these "brick houses" until you have the same knowledge base in the same numbers attacking it. There is just no way one programmer, or even several, no matter HOW brilliant, can completely exhaust the realm of possible attacks like millions will. It just cannot be done. So from where I sit, there is only ONE means of proof that any program is secure, and that's to have it be the most popular in it's field. That's the only type of proof worth anything, in my view.