Open-source hot air

Looks like it'll be a long, hot (northern) summer at least when it comes to politics and open-source software. A fortnight ago, Ralph Nader sent a letter to the White House suggesting that the government use its purchasing power to keep Microsoft Corp. in line by adopting open-source software. That was just after a Microsoft-funded think tank, the Alexis de Tocqueville Institution, announced the publication of a white paper arguing that the government shouldn't use open-source software because it would pose a national security risk.

Competing masses of hot air in Washington are nothing new. Neither is government use of open-source software that's been steadily increasing, both in the U.S. and abroad. And that's good news for corporate IT people, since it means somebody else is doing the work to evaluate the software, so we don't have to.

It also puts pressure on Microsoft which has lobbied furiously against federal use of open source to close security holes, improve quality and cut better deals with customers. That's the kind of leverage we'd like to have with any IT supplier.

Trouble is, we're not going to get any leverage from the most recent round of rhetoric.

Consider Nader's letter. It's nominally a request for information from the White House Office of Management and Budget. ("Approximately how much money has the federal government spent each of the past seven years to license MS Windows for the client platforms?") But the letter is really a proposal that the government use open source to pressure Microsoft.

True, the government has done this before. That's how a previous Seattle-based high-tech giant was broken up in 1934 into today's United Air Lines Inc., The Boeing Co. and United Technologies Corp. William Boeing's United Aircraft and Transport Corp. wasn't dismantled by an antitrust lawsuit, but because the federal government refused to give airmail business to a monopoly.

But how likely is the Bush White House to apply that kind of pressure to Microsoft? Not very. The Nader letter isn't a serious proposal it's just a lot of gas. And IT gets no leverage from that.

The Tocqueville think tank's pitch is even lamer it suggests that using open source would "alter the very foundation of computer security" because bad guys can see open-source software's architecture and source code.

Sure, but "security through obscurity" just trying to hide that information doesn't work. And it isn't necessary. For example, bad guys can also see the details of the most successful encryption algorithms, but that doesn't make crypto easier to crack. And though the source code for commercial software isn't available, hackers and terrorists can buy exactly the same product a government agency uses, then experiment to find security holes at their leisure.

But with open source, government IT shops can patch, customize and recompile at will. (And don't kid yourself any patches the government deems secret won't go into the public domain, GNU license or no.) That kind of flexibility explains why Mitre Corp., which has analyzed computer security for the Defense Department since Bill Gates was still in short pants, recommended last month that the Pentagon keep using open source for lower costs and improved security.

From the Tocqueville think tank, we got no real security analysis just more gas. These guys and Ralph Nader deserve each other.

There is a serious debate under way on the virtues and shortcomings of open source. It looks like we just won't hear any of it in Washington this summer.

Maybe it seems obvious, but as the rhetoric heats up, it's worth saying again: The real question about open-source software or any IT system isn't who makes it, or how. The question is whether it can do the job you need it to do, with the effectiveness, security, reliability and support you require.

The rest is just hot air.

Frank Hayes, Computerworld's senior news columnist, has covered IT for more than 20 years. Contact him at