open source software - new trends and impacts – or – “paradigm shift or just a huge,...

Open Source Software - New Trends and Impacts – Or –

“Paradigm shift or just a huge, unprecedented, poorly understood overhaul of everything you and your company know, plan and do about software.”

10 September 2002Don Shafer Henry W. (Hank) Jones, IIIChief Technology Officer, Athens Group, Inc. Intersect Technology [email protected] Law Office of Henry W. Jones, IIIwww.athensgroup.com mobile 512-695-4673512.345.0600 x117 [email protected]

fax 512-857-0393

mailto:[email protected]

http://www.athensgroup.com/

mailto:[email protected]

© 2002 Athens Group, Inc. and Intersect Technology Consulting - 2 -

This program will help you and your organization prepare for a genuine paradigm shift for both MIS and every entity that depends on its data creation, presentation and storage: Open Source Software (OSS). Hank Jones and Don Shafer will cover exactly when, why, and how OSS is likely to change your MIS reliability, strategy, budgeting, procurement, training, as well as insurance, intellectual property, related security and financial auditing concerns – and your career.

Open Source SoftwareNew Trends and Impacts


OSS

php

Tcl/Tk

Perl

Ruby

Click Wrap

Sleepycat

LGPL

SourceForge

GNU GPL

Linux

FBSD

Java

Gnome

Struts

MLF

Tutos

Tucows

Python


What’s Your Exposure to OSS?1. IDENTITY:

– Are MIS managers within corporations? within gov’t.? – Vendors to MIS operations?

2. CURRENT PERSONAL OSS EXPERIENCE:– Got Linux running in your shop now?– Personally worked with Linux? with other OSS code? with an OSS app., rather than o.s. or kernel?– Who’s uploaded or redistributed OSS back to an OSS group?– Have heard of Eric Raymond’s book The Cathedral And The Bazaar? Read it?– Have studied the written output of the Free Software Foundation?

3. CURRENT ORGANIZATIONAL OSS EXPERIENCE:– Have current OSS training plan? Expect that you’ll be having some OSS training in the next 12 ms.?– Have an OSS committee in your shop? An OSS policy?– Believe that you’ll try an OSS app., rather than o.s. or kernel, in the next 12 months?– Are familiar with these particular OSS tools, terms, acronyms, and apps?– Believe your senior management would like MIS to reduce its outside software procurement and maintenance costs? (“Would

that be helpful to your career”?)

4. DEGREE OF OSS RISK AWARENESS/CONSIDERATION/ACTION TO DATE?– Think that there might some OSS in use within your .org without your knowing about it, as suggested in the new issue of

Upside magazine? (show Jones’ copy)– Have done an audit to determine whether or not there’s OSS code in use in your org.?– Have gotten a question about OSS a finance colleague? – From a legal colleague? Have worked with your counsel re. special obligations and risks with OSS? Have studied the full text

of the GNU license? Have heard of the dual proprietary and open “Sleepycat” license?– From an insurance colleague or broker?– Have gotten an OSS question from a potential new hire in MIS?– Have gotten an OSS current use question, e.g., in a due diligence exercise, from an outside customer or supplier?– Would bring to a co. Board meeting to explain OSS a real OSS veteran expert, like Richard Stallman?


Take me to your leaders!


Take me to your leaders – redux!


Don Shafer is a co-founder, corporate director and Chief Technology Officer of Athens Group, Inc. Incorporated in June 1998, Athens Group is an employee-owned consulting firm, integrating technology strategy and software solutions. Prior to Athens Group, Shafer led groups developing and marketing hardware and software products for Motorola, AMD and Crystal Semiconductor. He was responsible for managing a $129 million-a-year PC product group that produced the award-winning audio components for the Apple iMAC. From the development of low-level software drivers in yet-to-be-released Microsoft operating systems to the selection and monitoring of Taiwan semiconductor fabrication facilities, Shafer has led key product and process efforts. In the past three years he has led Athens engineers in developing industry standard semiconductor fab equipment software interfaces, definition of 300mm equipment integration tools, advanced process control state machine data collectors and embedded system control software agents. His latest patents are on joint work done with Agilent Technologies in state-based machine control. He earned a BS degree from the USAF Academy and an MBA from the University of Denver. In addition, Shafer’s work experience includes positions held at Boeing and Los Alamos National Laboratories. He is currently a graduate lecturer in software engineering at Southwest Texas and the on-site instructor-in-charge of the University of Texas Software Project Management Certification Program. With two other colleagues in 2002, he wrote Quality Software Project Management for Prentice-Hall now used in both industry and academia.

Don Shafer – Veteran geek half of the team


What is Open Source Software?

Fad or Permanent

Paradigm Shift?

Just kernel and OS or

applications too?

Just for shops with big MIS staffs

enabling an OSS Geek sub-team?

How to know which tools and

applications have bugs?

Does OSS compromise

security?

How can we monitor OSS downloading

and use by our MIS and other individuals

and consultants?

How can we avoid Copyright Infringement and Contract Breaks by

non-compliance with non-traditional OSS

licenses?

Can I convert OSS options into a

Negotiating Tool with Traditional

Vendors?

?


• http://sourceforge.net/projects/ag-mlf/ • The Model Layer Framework (MLF) is a lean code framework

for building the model layer in a Java server or client-side application. The MLF provides persistence services, data source encapsulation, code generation, and more.– Development Status: 5 - Production/Stable

– Environment: Web Environment

– Intended Audience: Developers

– License: GNU General Public License (GPL)

– Natural Language: English

– Programming Language: Java

– Topic: Software Development

Athens eats its own dog food!


• Can you really depend on OSS product(s) and service(s)?

Bet your career and your company?

“We would have spent several years and up to a million dollars to achieve the same functionality as what VGem provides. We couldn’t have sold our testers without VGem.” Tester Manufacturer

E82 Intrabay

FOUP

OHT

Load PortE15.1

E84 Enhanced PI/O

E37.1 HSMS

E87 CarrierManagement

Tester/ProberE5 SECS-IIE30 GEME30.3 TSEME39 E40E87E94

Factory Host

E99Yes!


• Can you really depend on OSS product(s) and service(s)?

Bet your career and your company?

No!


OSS in an effective IT strategic plan

Foundation

Develop Idealized Architecture

Task 2Review or Create Business Process Map

Task 1Define Critical Criteria

Task 3

Initiate

Select Top Candidates

Evaluation

Select Top 2 Candidates

Decision

Integration Analysis

Task 10

Detailed Vendor Review & Demo

Task 11

Final Selection

Phase 2 Readiness

Develop Integration Plan and Systems Architecture

Task 12

Evaluation Report

Task 13

Develop High Level Implementation Plan

Task 14

Define Integration Requirements, Arch. Constraints

Task 6 Define Requirements, Categories, Priorities

Task 5

Vendor Risk Analysis Task 7

Detailed Vendor Scoring Task 9

• Web

site/

Plan

Upd

ates

• W

eekly

Sta

tus

Repo

rt / M

eetin

g• R

equi

rem

ents

Man

agem

ent

• C

lient

Rev

iew

Proj

ect M

anag

emen

t

Compare to Vendor Capabilities Task 4

Initial Demos Task 8

• Define Project Plan/Process

Package SelectionImplementation PlanArchitecture

• Release Project Website • Initialize DB Tools

•Target Vendor List•Kickoff Meeting


Ownership and Quality

• How do you achieve low TCO and long-term TQM if you incorporate OSS written by outside ad hoc groups?


Is “free” really cheaper?

Rank Prob-ability

Sever-ity

Risk Mitigation Plan Contingency Plan

24 4 6 Staff lacks necessary skills.

Training and joint implementation team of client and consulting partner.

Alleviate implementation bottlenecks with additional temporary staff.

24 3 8 Quality is hard to control.

Disciplined development process and project status reporting to senior management.

Apply additional resources to technology leadership and project management.

21 3 7 Introduction of Next-Gen interferes with existing operations over a long period.

Phased development and implementation approach designed to minimize disruptions.

Additional temporary staff to help with current operations.

21 3 7 Next-Gen requires months of fine-tuning before it is acceptable.

Upfront investment in requirements definition, detailed design and appropriate technology selection. Include users in design and application reviews.

Careful monitoring of existing system to ensure that it can continue to meet client needs if necessary.

21 3 7 Contribution from new system is not significantly different from current system.

Dedicated involvement from user community on the project and ongoing risk and cost/benefit analysis.

Open architecture provides a solid migration path to future needs.


Product Development Risk Analysis

Product Area Team Size6 Number of Team Members - includes 3 developers, engineering mgt. and support

Requirements1 10 Is there a one sentence product team and product description?2 5 Can the product team describe the target user ?3 5 Are the prerequisites and customer operating business environment documented ?4 8 Are the product team objectives understood by all stakeholders?5 8 Is there a prototype of the product team's product(s) ?6 4 Are the competitions' features documented side by side with this product areas'?7 8 Does this product team have access to the domain expertise needed for success?

8 8Is there a published schedule for the products and first customer deliveries for this product area ?

9 4 Has a complete cost analysis been completed along with break even scenarios ?10 0 Has a life cycle been defined for this product area ?11 8 Is a marketing/business development person part of the product team ?12 5 Is a staffing person part of the product team?

Risk Analysis Results

NewProduct v1.0 73 Preliminary score 80.3 Final score (preliminary score adjusted for team size)

Chance of Success: FairEvaluation: A good first pass. A product area with this score will likely experience high stress and shaky

team dynamics, and the product will ultimately be delivered with less functionality than desired at greater cost and with a longer schedule.

For each question, give the product development team 10 points if it is definitely true, 8 points if 80% true, 5 points if 50% true, 4 points if No but planned and 0 points if No and NOT planned. There is a maximum of 10 points per question.


Build and deliver within five weeks a Java software engineering development environment with these requirements:

1.Must run on any Pentium 1 based hardware or better2.Must run on a machine with < 4 Gig hard drive3.Must load from CDROM(s)4.Machine will have access to the Internet5.Must load into a green-field machine6.Must include the entire software system (yes this does mean the OS!)7.End User Delivered Software System must cost less than $1008.Hardware is NOT included in the system cost9.All documentation must be browser based10.No pirated software allowed11.Tools must cover entire software life cycle12.All project support processes must be implemented13.Must support team development environment14.Full system and user documentation must be delivered

Would you take on this SOW?


How much effort?

Java Tools OS SE Tools Testing Docs Integrate Totals1st Week

Project Plan 24 10 15 9.5 12 8 78.5SRS 18 8 10 6 6 0 48

Total 1st Week 42 18 25 15.5 18 8 126.52nd Week

Prototype 1 42 128 15.5 3 6 8 202.5SDS 8 4 9 10 8.5 0 39.5

Total 2nd Week 50 132 24.5 13 14.5 8 2423rd Week

Prototype 2 8 35 9 8 6 11 77Test Plan 9 2 25 20 2 0 58

Total 3rd Week 17 37 34 28 8 11 1354th Week

User Manual 0 10 0 2 19 2 33Installation Plan 2 57 45 37 3 27 171

Total 4th Week 2 67 45 39 22 29 2045th Week

Product 2 20 15 16 9 30 92Total 5th Week 2 20 15 16 9 30 92

Total Project 113 274 143.5 111.5 71.5 86 799.5


– Running a DMZ server for client project status web sites– Prototype Linux system for Dell laptops– JDE evaluation platform

Actual Use of the “Product”


Generic Process

Based on strategy, determine needs.

Find / Review Opportunities

Due Diligence

Technology• People• Process• Technology

Financial• Verification• Analysis• Projections (ROI)

Marketing / Management• People• Competition / Strategy• Customers / Channels

Integration Planning

INTEGRATION

Lessons learned / New opportunities

Appar

ent O

SS Is

sues Real Area of OSS Issues


Disclosed Risks in S.E.C. Filings from Red HatRisks Related to our Linux-based

Open Source Business Model• We depend on the support of Linux developers not employed by

us to release major product upgrades and maintain market share. …

• The scarcity of software applications for Linux-based operating systems could prevent widespread commercial adoption of our products. …

• We may be unable to predict the future course of open source technology development, which could reduce the market appeal of our products and damage our reputation.

• We do not exercise control over many aspects of the development of open source technology. …

Do You Want Career Headlines?


Disclosed Risks in S.E.C. Filings from Red Hat, cont’d.

• With our declining stock price we may have increased difficulty in attracting and retaining highly skilled employees. …

• We may lack the financial and operational resources needed to increase our market share and compete effectively with Microsoft, other established operating systems developers, software development tools developers and other service and support providers. …

• If we fail to establish and maintain strategic distribution and other collaborative relationships with industry-leading companies, we may not be able to attract and retain a larger customer base. …


Risks Related to Legal Uncertainty• We could be prevented from selling or developing our

products if the GNU General Public License and similar licenses under which our products are developed and licensed are not enforceable. …

• Our products may contain defects that may be costly to correct, delay market acceptance of our products and expose us to litigation. …

• We are vulnerable to claims that our products infringe third-party intellectual property rights particularly because our products are comprised of many distinct software components developed by thousands of independent parties. …

Disclosed Risks in S.E.C. Filings from Red Hat, cont’d.


Is OSS Easy or Hard?

1. Progress Software and NuSphere v. MySQL

2. Last Month’s OSS Bad News: Sigma Designs’ Piracy Revealed by OSS Group XVID.org’s Reverse Engineering

3. Who’s Next?


OSS MIS Sole Turf• MIS Costs = CFO Turf• Data and Finance Number Accuracy =

Finance Turf• Organizational Security = CEO, CFO,

Investor Relations, and General Counsel Turf

• Operational Assurance = CEO, CFO, COO, Risk (Insurance) Manager, and Legal Dept. Turf


No More Moats Around MIS

• OSS Action Imperatives For MIS• Educate Executives• Educate and Manage Traditional MIS Operations

Teams• Educate and Manage Web / E-Site Operations Teams• Educate CFO, CFO, Counsel, R&D, and Other

Constituents• Typical (Inadequate) Approaches• Best Tools and Practices: Challenges and Creativity

in Fear, UnderStructures, and Deliberations


Shafer – The right blendType Source Example

Application systems COTS or OSS Star Office, Enhydra, Tomcat, Zope Application products

Custom Built Extensive script modifications using VBS to Microsoft Products

Operating systems OSS Linux Extensions Network software COTS Extensions to Netware, Windows driver

extensions Distinct technology products

Custom Built Core IP for software application companies

Documentation Custom Built Product and process documentation built to support products

Data Custom Built Data sets that support product stress testing, configuration files and run time data sets.

Knowledge and experience embedded in people, systems, and databases

Custom Built Rules embedded in process and product engines such as application programming interfaces and hardware abstraction layers.

Intellectual and innovation capital

Custom Built Trades secrets, embedded patent, copyrighted code.

Test Suites Custom Built Full regression scripts and code sets. This can be 2 to 5 times the amount of code in an application and just as costly to develop.

Tools OSS, Custom Built

Application builders, performance stressors and testers, real time, in-line test tools and application monitors.


• Piracy By Your People• Breaching Contracts By Your Organization• Contracts Ambiguity In Your Organization• Contracts Misplacement and Amnesia In Your

Organization• Bugs• Costs, Deadlines, and Deliverable Uncertainties• Other

Meet The New Risks,Same As The Old Risks


New Necessary Skills For New MIS Rules and Tools

Old Challenges: New Challenges:

Site License GNU’s GPL

Click-Wrap Sleepycat Dual License and Model

Upgrades v. Enhancements Interpreting BSD, LGPL, and

Dozens of Other OSS Licenses

Other Other


• Enlist, Deputize and Dragoon Allies• Invest In Education: Circulate Microsoft’s OSS FUD FAQ• Invest In Education: Do New Mandatory Internal Training

Sessions• Define New Roles and Responsibilities• Audit Operations • Audit Vendors?• Create, Communicate, Document, Enforce, and Update New

Policies For Engineers, Programmers, and Other Employees• Create, Communicate, Document, Enforce, and Update New

Policies For Vendors• “/(Better) Take Out Some Insurance/”• Other

What Do MIS Leaders Do?


Questions ?

open source software - new trends and impacts – or – “paradigm shift or just a huge,...

Documents