April 03, 2006

An open source manifesto worth listening to

I think I've finally found a well-rounded, non-dogmatic, rational, and pragmatic view about why commercial open-source software has significant benefits over proprietary enterprise software. The paper is entitled "Open Source Software: It Isn't Just for Developers Anymore" from Zimbra, an email/collaboration software company whose president/CTO is Scott Dietzen, formerly BEA's CTO.

I liked this article, and agree with most of it, though I have three comments.

Firstly, backloading software costs makes sense, in that commercial OSS does not require you to pay license or support fees until you require the value-added service of easy upgrades and support. With leading-edge technology, however, I'm not sure if it's much of a benefit. Most companies either require a vendor-guided proof-of-concept or consulting engagement to mitigate risk and increase the chances of success. In the former case, this requires substantial sales budget. In the latter case, it can cost a client tens to hundreds of thousands of dollars in consulting fees and expenses. OSS doesn't change this reality.

Secondly, I do not think that it is verifiably true that the share of sales/marketing vs. R&D is lower in commercial OSS. The Goldman Sachs quote, that 76% of revenues go to sales & marketing, seems like complete bullshit, unless they're lumping all non-R&D activities as "sales and marketing".

Looking at the latest SEC 10-Q filings, RedHat Inc., for example, spends only 13.2% of revenue on R&D and 28% on sales & marketing. The mighty Google spends barely 7% on R&D, but 8% on sales & marketing. To contrast, Oracle spends 13% on R&D and 22% on sales & marketing. BEA spends 15% on R&D and 37% on sales & marketing. Microsoft's ratios are comparable.

Most OSS advocates aren't generally into business, finance or accounting, and thus exagerrate in their minds the R&D:Sales ratio. Perhaps it is true in the short run, mainly because the companies are in startup mode and private, so we can't scrutinize their numbers. Smaller companies do pour a lot into R&D, but it's usually less than people think. Another view is that OSS often hasn't been "end user targeted", it has been technical-audience-targeted, which requries less investment in sales and marketing, as most engineers or technicians have a very different purchase criteria than a consumer or business-person.

Generally speaking, I think the more involved and broad a product offering, the more a company needs to be able to fund meetings, presentations, workshops, proofs-of-concept, executive forums, seminars, lunches, and all of the associated travel, lodging, and expenses incurred. This requries a sales budget, and requires a renewable revenue stream to fund it. Low-margin license fees combined with high-margin annual support/maintenance contracts fees have traditionally been the way to do this. While it's a clear win if the software industry finds a way of eliminating license fees, it's unclear if the economics of the enterprise software purchasing ecosystem will evolve to support this model, or if clients will demand it. I claim that, today, commercial OSS companies (such as RedHat) can't afford to do direct business with most large entities, and require a large "front company" like IBM or HP to provide the legal, support, and services firepower to make the sale, given the required technical hand-holding, procurement debates, and legal T&C's. Even medium-to-large proprietary software companies will refuse to do business with others because of these challenges.

Thirdly, the "OSS increases security and reliability" debate continues. The recent serious hole in GPG, for example, shows that open source, even for important security-focused software, does not automatically lead to "fewer bugs" -- though it does mean bugs will be arguably fixed faster than a proprietary codebase will. Security expert Bruce Schneier, for example, believes that security products should be open source to enable scrutiny, but does not believe that open souce automatically leads to "fewer bugs". Security software, and cryptography in particular, is a complex area that requires scrutiny to ensure that algorithms and pre-cautions are implemented correctly. I think it's clear that software benefits from scrutiny by experts or specialists, and that open source is a great way to make software available to them (assuming they have time to review or contribute). What's unclear is if generalist scrutiny is also beneficial.

An elegant software architecture is in the eye of the beholder, and the ability to evaluate one typically requires rare expertise. By architecture, I mean the design of the interactions, contracts, and dependencies between services/modules/chunks -- how well they perform, tolerate different modes of failure, respond to requirements changes, and in the case of multi-user concurrent software, scale with an increased user load and/or increased hardware capacity. What often passes for "elegent architecture" in the OSS Java community today, for example, would likely give an expert enterprise architect major indigestion. The BileBlog chronicles the hubris and unreality prevalent in major pockets of the OSS community, even though Hani has a financial stake and strong belief in the benefits and success of commercial OSS.

To be fair, Zimbra's paper does suggest that one goes with a "winning" OSS project, though it's sometimes hard to tell what's actually winning vs. what is an orchestrated astroturf campaign. While I am in full support of the power of increased expert scrutiny on quality, I do think there is a large tradeoff here -- the mob-mentality that is so good at fixing bugs is also very good at starting religious wars to hold certain ideas back. A recent article (I can't remember where) noted that since the late 1990's, the number of discussions on open source mailing lists has increased geometrically, but growth in the number of actual development contributors has been quite small. The vast majority strikes me as religious posturing, arm-chair quarterbacking, and flame wars (see Gnome v. KDE).

Part of the problem is that there is no single "OSS community" - there are many communities with a loose set of shared values, and they don't necessarily play well with others. Many marvel over the elegance of Squeak, Scheme, or FreeBSD, but plenty of OSS developers have a strong dislike of Lisp, Smalltalk and other high-level languages, and most (non-Macintosh) X11/GNU platform users run Linux, not a BSD variant.

To summarize point #3: every OSS sub-community has its own value system to evaluate quality & elegance. The quality and elegance they value is not necessarily (and sometimes in direct opposition to) the value system of a paying customer.

I will leave you with this... A wise business/economics professor and tech company advisor once told me, around 6 years ago (i'm paraphrasing): "The Internet is not reality. It contains a thousand cross-section samples of reality, with unknown, highly skewed distributions. Your business will fail if it is your primary source of market information."

Posted by stu at 11:46 PM