“开源软件有很多称谓:一种运动,一种潮流,一种病毒,一个共产主义阴谋,甚至有人说它是因特网的灵魂。但人们常常忽视了一点:开源软件也是把财富从发达国家向发展中国家转移的一种极为有效的工具。”
-- Andrew Leonard[13]
自由/开源软件免费吗?
自由/开源软件能节省多少?
自由/开源软件有什么好处?
自由/开源软件有什么缺点?
关于自由/开源软件的一种常见想法是认为它总是“免费的”。在某种程度上这种想法是对的。没有真正的自由/开源软件收取用户授权费用。大部分自由/开源软件发行版本(Red Hat,SuSE,Debian 等等)可以免费从因特网上获取。考虑授权费用的话,自由/开源软件几乎总是比私有软件便宜。
但是,授权费用并不是软件包或基础架构的唯一花费。考虑人员开支,硬件需求,机会成本和培训费用也很必要。一个经常使用的概念是总体拥有成本(Total Cost of Ownership, TCO),这些成本给我们最清楚地展示了使用自由/开源软件所节省的花销。(2)
The popular myth surrounding Free/Open Source Software is that it is always “free”—that is, “free of charge.” To a certain degree this is true. No true FOSS application charges a licensing fee for usage. Most FOSS distributions (Red Hat, SuSE, Debian, etc.) can be obtained at no charge off the Internet. On a licensing cost basis, FOSS applications are almost always cheaper than proprietary software.
However, licensing costs are not the only costs of a software package or infrastructure. It is also necessary to consider personnel costs, hardware requirements, opportunity costs and training costs. Often referred to as the Total Cost of Ownership (TCO), these costs give the clearest picture of the savings from using FOSS1.
除了廉价以外,公共或私人组织还有很多理由大力推动自由软件的使用。这些理由包括:
对于政府来说最后四点需要根据各自的不同情况考虑,因而特别重要。公司和最终用户一般不考虑这些事项。
=安全=
虽然并没有完全安全的系统或平台,像开发方法、程序架构和目标市场这样的因素都会极大地影响系统的安全性并决定攻破它是否困难。在这方面,自由/开源软件系统有一些指标优于私有软件系统:
对安全的考虑已经推动许多公共机构转移到或考虑转移到自由/开源软件方案。法国海关和间接税管理部门主要出于安全的考虑,迁移到了 Red Hat 6.2 平台[24]。
一般认为,自由/开源软件较好的安全记录有如下原因:
=可靠性/稳定性=
自由/开源软件因为它们的可靠性和稳定性而闻名。业界已经有许多自由/开源软件服务器不需维护连续运行数年的故事。但是,定量研究相对而言更加困难。以下介绍两个近年进行的研究:
=开放标准和摆脱供应商依赖=
开放标准的用户,不论是个人还是政府,都拥有在不同的软件、平台和供应商之中选择的灵活性和自由。而私有的、保密的标准使得用户只能使用一个供应商的软件,并且因为他们的数据都存储为私有格式,转换代价高昂而在此后继续受供应商的摆布。
荷兰国际信息经济研究所(International Institute of Infomatics)《自由/开源软件:调查研究》这篇论文的作者们也反对在政府中使用私有软件。他们认为:
“……因此反对在公共部门使用私有软件的一个主要理由是对私有软件供应商的依赖。私有标准一旦建立人们就必须服从。即使在开放的竞标制度下,与私有标准兼容的需求也使得制度偏向于特定的软件供应商,因此造成长期的依赖。”
自由/开源软件的另一大优点就是它们几乎总是使用开放标准。这样做主要有两个原因:
在不同的地区,使用自由/开源软件作为摆脱供应商依赖的手段都获得了提倡。一份提交英国政府的报告认为“数据标准的开源实现常常能加速标准的推行,推荐政府有选择地支持这样的开源实现。”[29]
=减少进口依赖=
发展中国家选择自由/开源系统的一个重要动机是可以节省高昂的私有软件授权成本。发展中国家所有的私有软件几乎都依赖进口,因而消耗了宝贵的硬通货和外汇储备。而这些储备本可以用于其他开发项目。
《自由/开源软件:调查研究》这个在欧洲进行的研究也显示:“开源软件偏向服务的模式带来的成本都在政府机构内部被消化,而不是流向大型跨国公司。这对就业、本地投资、税收等等都起到促进作用。”[30]
=增强自身软件能力=
人们发现经济体内自由/开源软件开发者的增长与创造能力(软件)成正相关关系。国际信息经济研究所的一份报告列出了这个现象的三个原因[31]:
自由/开源软件的开发方式不仅极大地促进了创新,也有利于创新成果的传播。一份微软的内部备忘录写到,“基于 Linux 的研究/教学项目由于 Linux 源代码随处可以获取而很容易传播。特别是新的研究想法都先被在 Linux 上实现和发布,然后才在其他平台上被整合或发布。”[32]
=杜绝盗版,遵守知识产权条约和世贸组织规定=
对于世界上几乎每一个国家,软件盗版都是个问题。商业软件联盟(Business Software Alliance)估计盗版仅在2002年一年就造成了130.8亿美元的损失。即使像美国和欧洲这样在理论上能够负担软件费用的发达地区盗版率也分别高达24%和35%。而在收入较低的发展中国家,软件相对更加昂贵,盗版率可达90%以上[33]。
软件盗版和缺乏相应的法律会在很多方面对国家造成不利影响。对知识产权(Intellectual Property Rights, IPR)的保护较差的国家对外国投资者的吸引力较小。世界贸易组织(World Trade Organization, WTO)的成员资格和从中获取的收益与国家对知识产权的保护紧密相关。最后,盗版软件的风气损害软件开发,因为本地的软件开发者开发产品的动机较弱。
=本地化=
“本地化的含义是使产品符合目标区域(使用和销售产品的国家/地区和相应语言)的语言和文化要求。”
-- 本地化产业标准协会(Localisation Industry Standards Association)[34]
本地化是开放的自由/开源软件的强项之一。用户可以修改自由/开源软件以适应特定文化区域的需求,不论其经济规模的大小。开发一个最基本的本地化自由/开源软件版本只需要少数有技术能力的人。建立一个完全本地化的软件平台并不容易,但还是可以办到的。如果没有自由/开源的替代品,微软公司1998年拒绝开发冰岛语版本 Windows 98 [35]的决定可能会带来严重的后果。
大多数亚太地区最初的自由/开源软件项目都与软件的本地化有关。关于本地化的更多详情可以参阅本册书的“本地化和国际化”小节。
Besides the low cost of FOSS, there are many other reasons why public/private organizations are aggressively adopting FOSS. These include:
Security
Reliability/Stability
Open standards and vendor independence
Reduced reliance on imports
Developing local software capacity
Piracy, IPR, and WTO
Localization
Of particular importance to governments are the last four points as they are government-specific. Corporations and end users usually do not deal with these issues.
Security
While there is no perfectly secure operating system or platform, factors such as development method, program architecture and target market can greatly affect the security of a system and consequently make it easier or more difficult to breach. There are some indications that FOSS systems are superior to proprietary systems in this respect:
1.The Gartner Group recommends that businesses switch from Microsoft Internet Information Server (IIS) to Apache or another web server, due to IIS’s poor security track record. The Gartner Group noted that by July 2001 US enterprises had spent US$1.2 billion simply fixing Code Red (IIS-related) vulnerabilitiesi.
2.“Hacker Insurance” issued by J.S. Wurzler Underwriting Managers costs five to 15 percent more if Windows is used instead of GNU/Linux or Unix systems. Walter Kopf, senior vice president of underwriting at J.S. Wurzler Underwriting Managers, says, “We have found out that the possibility for loss is greater using the NT system.”ii
The security aspect has already encouraged many public organizations to switch or to consider switching to FOSS solutions. The French Customs and Indirect Taxation authority migrated to Red Hat Linux 6.2 largely because of security concernsiii.
Three reasons are often cited for FOSS’s better security record:
Availability of source code: The availability of the source code for FOSS systems has made it easier for developers and users to discover and fix vulnerabilities, often before a flaw can be exploited. Many of the vulnerabilities of FOSS listed in Bugtraq were errors discovered during periodic audits and fixed without any known exploits. FOSS systems normally employ proactive rather than reactive audits.
Security focus, instead of user-friendliness: FOSS can be said to run a large part of the Internetiv and is therefore more focused on robustness and functionality, rather than ease of use. Before features are added to any major FOSS application, its security considerations are considered and the feature is added only if it is determined not to compromise system security.
Roots: FOSS systems are mostly based on the multi-user, network-ready Unix model. Because of this, they come with a strong security and permission structure. Such models were critical when multiple users shared a single powerful server—that is, if security was weak, a single user could crash the server, steal private data from other users or deprive other users of computing resources. Consequently, vulnerabilities in most applications result in only a limited security breach.
Reliability/Stability
FOSS systems are well known for their stability and reliability. There are many anecdotal stories of FOSS servers functioning for years without requiring maintenance. However, quantitative studies are more difficult to come by. Here are two of the studies conducted to date:
In 1999 Zdnet ran a 10-month reliability test between Red Hat Linux, Caldera Systems OpenLinux and Microsoft’s Windows NT Server 4.0 with Service Pack 3. All three ran on identical hardware systems and performed printing, web serving and file serving functions. The result was that NT crashed once every six weeks but none of the FOSS systems crashed at all during the entire 10 monthsi.
A stress test using random testing stressed seven commercial systems and the GNU/Linux system in 1995. Random characters were fed to these systems, to simulate garbage from bad data or users. The result was that the commercial systems had an average failure rate of 23 percent while Linux as a whole failed nine percent of the time. GNU utilities (software produced by the FSF under the GNU project) failed only six percent of the time. A follow-up study years later found that the flaws identified by the study were all fixed in the FOSS system, but were generally untouched in proprietary softwareii.
Open standards and vendor independence
Open standards give users, whether individuals or governments, flexibility and the freedom to change between different software packages, platforms and vendors. Proprietary, secret standards lock users into using software only from one vendor and leave them at the mercy of the vendor at a later stage, when all their data is in the vendor’s proprietary format and the costs of converting them to an open standard is prohibitive.
The authors of the paper “Free/Libre and Open Source Software: Survey and Study” produced by the International Institute of Infonomics in the Netherlands also argue against use of proprietary software in government. They say:
…Consequently one major argument against the implementation of proprietary software in the public sector is the subsequent dependency on proprietary software vendors. Whenever the proprietary standards are established the necessity to follow them is given. Even in an open tender acquisition system, this requirement for compatibility with proprietary standards makes the system biased towards specific software vendors, perpetuating a dependency.
Another advantage of FOSS is that they almost always use open standards. This is due to two primary reasons:
Availability of the source code: With the source code, it is always possible to reverse-engineer and document the standard used by an application. All possible variations are plainly visible in the source code, making hiding a proprietary standard in FOSS systems impossible. Proprietary software, however, are much harder to reverse-engineer and in some cases are deliberately obfuscated.
Active standards compliance: When established standards exist, such as HyperText Markup Language (HTML), which controls how web pages are displayed, FOSS projects actively work to follow the standards faithfully. The Mozilla web browser, a FOSS effort, is fully compliant with many standards from the World Wide Web Consortium (W3C). Webstandards.org notes that Mozilla is one of the most compliant browsers available todayi. Compliance with standards is due to the FOSS development culture, where sharing and working together with other applications are the norm. It is also much easier to work with a globally dispersed group of developers when there is a published standard to adhere to.
Using FOSS systems as a means of gaining vendor independence has been raised in several areas. A report to the UK Government concludes that “the existence of an OSS reference implementation of a data standard has often accelerated the adoption of such standards, and recommends that the Government consider selective sponsorship of OSS reference implementations.”ii
Reduced reliance on imports
A major incentive for developing countries to adopt FOSS systems is the enormous cost of proprietary software licenses. Because virtually all proprietary software in developing countries is imported, their purchase consumes precious hard currency and foreign reserves. These reserves could be better spent on other development goals.
The European study, “Free/Libre and Open Source Software: Survey and Study”, also notes that, “The costs of this more service-oriented model of open source are then also normally spent within the economy of the governmental organization, and not necessary to large multinational companies. This has a positive feedback regarding employment, local investment base, tax revenue, etc.”iii
Developing local software capacity
It has been noted that there is a positive correlation between the growth of a FOSS developer base and the innovative capacities (software) of an economy. A report from the International Institute of Infonomics lists three reasons for thisi:
Low barriers to entry: FOSS, which encourages free modification and redistribution, is easy to obtain, use and learn from. Proprietary software tends to be much more restrictive, not just in the limited availability of source code, but due to licensing, patent and copyright limitations. FOSS allows developers to build on existing knowledge and pre-built components, much like basic research.
FOSS as an excellent training system: The open and collaborative nature of FOSS allows a student to examine and experiment with software concepts at virtually no direct cost to society. Likewise, a student can tap into the global collaborative FOSS development network that includes massive archives of technical information and interactive discussion tools.
FOSS as a source of standards: FOSS often becomes a de facto standard by virtue of its dominance in a particular sector of an industry. By being involved in setting the standards in a particular FOSS application, a region can ensure that the standard produced takes into account regional needs and cultural considerations.
The FOSS developmental approach greatly facilitates not only innovation but also its dissemination. A Microsoft internal memo noted, “Research/teaching projects on top of Linux are easily ‘disseminated’ due to the wide availability of Linux source. In particular, this often means that new research ideas are first implemented and available on Linux before they are available / incorporated into other platforms.”ii
Localization
“Localization involves taking a product and making it linguistically and culturally appropriate to the target locale (country/region and language) where it will be used and sold.”
Localisation Industry Standards Associationi
Localization is one of the areas where FOSS shines because of its open nature. Users are able to modify FOSS to suit the unique requirements of a particular cultural region, regardless of economic size. All that is necessary is the technical capability within a small number of individuals to create a minimally localized version of any FOSS. While the construction of a completely localized software platform is no small feat, it is at least possible. Microsoft’s decision in 1998 against producing an Icelandic version of Windows 98ii would have had serious implications if it were not for the emergence of FOSS alternatives.
Most initial FOSS initiatives in the Asia-Pacific region have dealt with localizing FOSS. More details on localization can be found in the “Localization and Internationalization” section of this primer.
虽然自由/开源软件带来了种种好处,但它并不总是最合适的选择。以下是自由/开源软件需要改进的地方。
=缺乏商务应用=
虽然当今已经有许多自由/开源软件项目,但很多领域中仍然缺乏功能全面的产品,特别是在商务应用方面。最近像 SAP 和 Peoplesoft [36]这样的企业资源规划平台的移植满足了高端应用市场的需求,但中小型企业(Small and Medium Enterprise, SME)的市场还是空白。像 Quickbooks,Peachtree 和 Great Plains 这样的提供基本或提高功能的软件目前都没有自由/开源的相应同等产品。
这种情况的部分原因是缺乏对技术和商业问题都精通的人才。目前存在的大部分自由/开源软件项目都是由于开发者遇到了问题而编写软件试图解决。这些项目都非常偏向技术本身,例如开发 web 服务器,编程语言/环境和网络工具。软件开发者很少遇到像会计这样的问题,也缺乏相关的商业知识从技术上提供解决方案。
=与私有软件系统的配合=
自由/开源软件系统不能与私有软件系统完全兼容,特别是在桌面方面。对于已经在私有应用软件和数据格式上投入了大量资金的组织来说,整合自由/开源系统的尝试可能会极为昂贵。私有软件常常为了阻止其他解决方案的整合而频繁改变标准,使问题更加严重。
随着组织从私有标准转向开放标准,这个问题有望得到缓解。
=文档和“美容”=
现有的自由/开源软件缺乏商业软件中全面的文档和用户友好的界面[37]。早期自由/开源软件的开发者只注重功能,认为优异的性能比易用性更重要。
除了高质量的文档,自由/开源软件的图形用户界面(Graphical User Interface, GUI)。因为大多数自由/开源软件系统中的 GUI 元素并不统一,而是一系列不同项目的组合,因此元素的行为千差万别。不同程序的“保存”命令都不同,而不像 Mac OS X 或 Microsoft Windows 这样的系统基本统一。不同程序间的复制/粘贴可能完全不同,甚至根本无法办到。虽然为桌面统一化人们已经做了许多重要工作,在未来一段时间内桌面程序不一致的现象仍将继续存在。
For all the benefits FOSS brings, it is not suitable for every situation. There are areas where FOSS needs improvement.
Lack of business applications
While there are many FOSS projects out there today, there are still many areas that lack a full-featured product, especially in the business world. The recent porting of Enterprise Resource Planning platforms such as SAP and Peoplesofti have helped cover the high-end application market, but the Small and Medium Enterprise (SME) market is still poorly served. Basic, polished accounting applications such as Quickbooks, Peachtree or Great Plains do not have FOSS equivalents at this time.
This problem has come about in part due to the scarcity of people competent in both technical and business subjects. Technical developers who encountered problems and wrote software to “scratch an itch” started most of the existing FOSS projects today. These projects are usually fairly technical in nature, such as the creation of web servers, programming languages/environments and networking tools. It is rare for a software developer to encounter accounting problems, for example, and have the business knowledge to create a technical solution.
Interoperability with proprietary systems
FOSS systems, especially on the desktop, are not completely compatible with proprietary systems. For organizations that have already invested massive amounts of capital into proprietary applications and data storage formats, attempting to integrate FOSS solutions can prove to be prohibitively expensive. Changing proprietary standards, which is often aimed at preventing the integration of alternate solutions, exacerbates this problem.
In time, as organizations shift from proprietary to open standards, this problem should be reduced.
Documentation and “polish”
Established FOSS lacks the extensive documentation and user-friendliness found in commercial softwareii. The primary focus of early FOSS developers was functionality. Creating a program that worked well was far more important than ease of use.
Besides the dearth of high-quality documentation, there are also user interface issues with FOSS Graphical User Interfaces (GUI). Because the GUI element in most FOSS systems is not a single element but a collection of different projects glued together, the behaviour of the GUI elements differ greatly. Command-to-save data differ from one program to another, quite unlike proprietary desktop operating systems such as the Mac OS X or Microsoft Windows. Cutting and pasting between different programs can be wildly inconsistent or even impossible. While there is significant ongoing work to unify the desktop, the desktop is likely to remain inconsistent for some time to come.
已经有许多因使用自由/开源软件节约大量开支的案例报告,特别是那些把内部系统迁移到 GNU/Linux 平台上的大公司。英特尔在报告中说把系统从 Unix 迁移到 GNU/Linux 为他们节省了2亿美元,而 Amazon 通过把服务器换成 GNU/Linux 平台节省了1,700万美元[14]。许多金融机构如 Credit Suisse First Boston,Morgan Stanley,Goldman Sachs 和 Charles Schwab 都把他们信息系统的一大部分迁移到自由/开源系统以节约成本[15]。
有一些 TCO 研究比较了运行自由/开源系统和私有软件系统的成本差别。这些研究分析了除授权费用以外的多种成本因素,包括维护费用,人员开支和服务中断的机会成本。自由/开源软件在以下一些研究中获得好评:
* Robert Frances 集团进行的一项 TCO 研究发现 GNU/Linux 的成本只是微软 Windows 系统的40%,是升阳 Solaris 系统的14%[16]。
* NetProject 在报告中说 GNU/Linux 的 TCO 是微软 Windows TCO 的35%[17]。值得注意的是节约的并不仅仅是授权费用,也包括使用 GNU/Linux 后减少技术支持人员和软件更新次数节约的费用。
* Gartern 报告说在不变配置的情况下使用 GNU/Linux 比使用 Windows XP 节省了15%的总体拥有成本[18]。
著名的金融管理公司美林集团在最近的报告中认为 GNU/Linux 可以极大地降低成本。他们的 TCO 研究显示最大的成本节约不是软件授权成本而是人员和硬件的成本。[19]
直接费用的节约——一个例子
澳大利亚的 Cybersource[20] 通过比较提供类似功能的微软产品和自由/开源软件产品分析了自由/开源软件节约的费用。这项名为“Linux 对 Windows:底线”的研究,比较了三个假想的公司可能的费用削减。所有的金额单位均为美元:
| 微软方案 | Linux/FOSS 方案 | |
| 甲公司:50名用户 | $87,988 | $80 |
| 乙公司:100名用户 | $136,734 | $80 |
| 丙公司:250名用户 | $282,974 | $80 |
注:采用自由开源软件而非微软方案节约的费用随着用户数量的增加而增多——规模越大,节约越多。因此大的组织有更大的经济驱动使他们转移到自由/开源软件平台。
Cybersource 的研究非常直观,只比较软件包的费用。下面的两个表格列出了50名用户的公司采用微软和自由/开源软件两种方案的软件价格。
| 微软方案软件价格 | ||
|---|---|---|
| 软件名称 | 拷贝数 | 花费 |
| Norton Antivirus 2002 | 50 | $2,498 |
| MS Internet Information Server | 2 | $0 |
| MS Windows 2000 Advanced Server | 5 | $19,995 |
| MS Commerce Server | 1 | $12,333 |
| MS ISA Standard Server 2000 | 1 | $1,499 |
| MS SQL Server 2000 | 1 | $4,999 |
| MS Exchange Standard Server 2000 | 1 | $1,299 |
| Windows XP Professional | 50 | $14,950 |
| MS Visual Studio 6.0 | 3 | $3,237 |
| MS Office Standard | 50 | $23,950 |
| Adobe Photoshop 6 | 2 | $1,218 |
| 附加访问授权 | 30 | $2,010 |
| 合计 | $87,988 |
| 自由/开源软件价格 | ||
|---|---|---|
| 软件名称 | 拷贝数 | 花费 |
| Linux 发行版本(如 Red Hat 9.0) | 1 | $80 |
| Apache (Web 服务器) | $0 | |
| Squid (代理服务器) | $0 | |
| PostgreSQL (数据库) | $0 | |
| iptables (防火墙) | $0 | |
| Sendmail/Postfix (邮件服务器) | $0 | |
| KDevelop (集成开发环境) | $0 | |
| GIMP (图形) | $0 | |
| Open Office (办公套件) | $0 | |
| OSCommerce (电子商务套件) | $0 | |
| 合计 | $80 |
注:当用户数量增加时 GNU/Linux 软件解决方案的价格保持不变。这是因为 GNU/Linux 的授权不限定数量,而微软和其他私有软件的授权对增加的每个用户有附加的费用。
公共事务机构的用户常常多得多,因此使用自由/开源软件可以节省更多。比如,瑞典政府每年节约了10亿美元,而丹麦政府也节省了4.8亿到7.3亿美元[21]。
Cybersourcei of Australia has done an analysis of FOSS savings based on a comparison between Microsoft products and FOSS-based software that provide similar functionalities. The study, “Linux vs. Windows: The Bottom Line”, looked at potential savings for three hypothetical companies (A: 50 users; B: 100 users; and C: 250 users). All numbers are in US dollars:
Microsoft Solution
Linux/FOSS Solution
Savings
Company A: 50 Users
$87,988
$80
$87,908
Company B: 100 Users
$136,734
$80
$136,654
Company C: 250 Users
$282,974
$80
$282,894
Note: The savings achieved from implementing the FOSS solution instead of the Microsoft solution actually increases with the number of users—the bigger the outfit, the greater the savings. The financial incentives for migrating to FOSS increase with the size of the organization.
The Cybersource study is straightforward, comparing nothing more than the costs of software packages. The following two tables list the prices of two software solutions, Microsoft and FOSS, for a company of 50 users.
Microsoft Solution Software Cost
Software
Copies
Cost
Norton Antivirus 2002
50
$2,498
MS Internet Information Server
2
$0
MS Windows 2000 Advanced Server
5
$19,995
MS Commerce Server
1
$12,333
MS ISA Standard Server 2000
1
$1,499
MS SQL Server 2000
1
$4,999
MS Exchange Standard Server 2000
1
$1,299
Windows XP Professional
50
$14,950
MS Visual Studio 6.0
3
$3,237
MS Office Standard
50
$23,950
Adobe Photoshop 6
2
$1,218
Additional Client Access Licenses
30
$2,010
Total
$87,988
FOSS Solution Software Cost
Software
Copies
Cost
Linux Distribution (eg Red Hat 9.0)
1
$80
Apache (Web server)
$0
Squid (Proxy server)
$0
PostgreSQL (Database)
$0
iptables (Firewall)
$0
Sendmail/Postfix (Mail servers)
$0
KDevelop (IDE)
$0
GIMP (Graphics)
$0
Open Office (Productivity suite)
$0
OSCommerce (e-Commerce suite)
$0
Total
$80
Note: The cost of the GNU/Linux software solution remains fixed even when the number of users increases. This is because the licensing for GNU/Linux is not limited, whereas there are additional costs per user in licensing Microsoft and other proprietary software.
Public sector organizations often have far more users, which means even more dramatic savings. For example, the government of Sweden has identified savings of $1 billion a year while the government of Denmark has identified savings of between $480 million to $730 millionii.