除了廉价以外,公共或私人组织还有很多理由大力推动自由软件的使用。这些理由包括:
对于政府来说最后四点需要根据各自的不同情况考虑,因而特别重要。公司和最终用户一般不考虑这些事项。
=安全=
虽然并没有完全安全的系统或平台,像开发方法、程序架构和目标市场这样的因素都会极大地影响系统的安全性并决定攻破它是否困难。在这方面,自由/开源软件系统有一些指标优于私有软件系统:
对安全的考虑已经推动许多公共机构转移到或考虑转移到自由/开源软件方案。法国海关和间接税管理部门主要出于安全的考虑,迁移到了 Red Hat 6.2 平台[24]。
一般认为,自由/开源软件较好的安全记录有如下原因:
=可靠性/稳定性=
自由/开源软件因为它们的可靠性和稳定性而闻名。业界已经有许多自由/开源软件服务器不需维护连续运行数年的故事。但是,定量研究相对而言更加困难。以下介绍两个近年进行的研究:
=开放标准和摆脱供应商依赖=
开放标准的用户,不论是个人还是政府,都拥有在不同的软件、平台和供应商之中选择的灵活性和自由。而私有的、保密的标准使得用户只能使用一个供应商的软件,并且因为他们的数据都存储为私有格式,转换代价高昂而在此后继续受供应商的摆布。
荷兰国际信息经济研究所(International Institute of Infomatics)《自由/开源软件:调查研究》这篇论文的作者们也反对在政府中使用私有软件。他们认为:
“……因此反对在公共部门使用私有软件的一个主要理由是对私有软件供应商的依赖。私有标准一旦建立人们就必须服从。即使在开放的竞标制度下,与私有标准兼容的需求也使得制度偏向于特定的软件供应商,因此造成长期的依赖。”
自由/开源软件的另一大优点就是它们几乎总是使用开放标准。这样做主要有两个原因:
在不同的地区,使用自由/开源软件作为摆脱供应商依赖的手段都获得了提倡。一份提交英国政府的报告认为“数据标准的开源实现常常能加速标准的推行,推荐政府有选择地支持这样的开源实现。”[29]
=减少进口依赖=
发展中国家选择自由/开源系统的一个重要动机是可以节省高昂的私有软件授权成本。发展中国家所有的私有软件几乎都依赖进口,因而消耗了宝贵的硬通货和外汇储备。而这些储备本可以用于其他开发项目。
《自由/开源软件:调查研究》这个在欧洲进行的研究也显示:“开源软件偏向服务的模式带来的成本都在政府机构内部被消化,而不是流向大型跨国公司。这对就业、本地投资、税收等等都起到促进作用。”[30]
=增强自身软件能力=
人们发现经济体内自由/开源软件开发者的增长与创造能力(软件)成正相关关系。国际信息经济研究所的一份报告列出了这个现象的三个原因[31]:
自由/开源软件的开发方式不仅极大地促进了创新,也有利于创新成果的传播。一份微软的内部备忘录写到,“基于 Linux 的研究/教学项目由于 Linux 源代码随处可以获取而很容易传播。特别是新的研究想法都先被在 Linux 上实现和发布,然后才在其他平台上被整合或发布。”[32]
=杜绝盗版,遵守知识产权条约和世贸组织规定=
对于世界上几乎每一个国家,软件盗版都是个问题。商业软件联盟(Business Software Alliance)估计盗版仅在2002年一年就造成了130.8亿美元的损失。即使像美国和欧洲这样在理论上能够负担软件费用的发达地区盗版率也分别高达24%和35%。而在收入较低的发展中国家,软件相对更加昂贵,盗版率可达90%以上[33]。
软件盗版和缺乏相应的法律会在很多方面对国家造成不利影响。对知识产权(Intellectual Property Rights, IPR)的保护较差的国家对外国投资者的吸引力较小。世界贸易组织(World Trade Organization, WTO)的成员资格和从中获取的收益与国家对知识产权的保护紧密相关。最后,盗版软件的风气损害软件开发,因为本地的软件开发者开发产品的动机较弱。
=本地化=
“本地化的含义是使产品符合目标区域(使用和销售产品的国家/地区和相应语言)的语言和文化要求。”
-- 本地化产业标准协会(Localisation Industry Standards Association)[34]
本地化是开放的自由/开源软件的强项之一。用户可以修改自由/开源软件以适应特定文化区域的需求,不论其经济规模的大小。开发一个最基本的本地化自由/开源软件版本只需要少数有技术能力的人。建立一个完全本地化的软件平台并不容易,但还是可以办到的。如果没有自由/开源的替代品,微软公司1998年拒绝开发冰岛语版本 Windows 98 [35]的决定可能会带来严重的后果。
大多数亚太地区最初的自由/开源软件项目都与软件的本地化有关。关于本地化的更多详情可以参阅本册书的“本地化和国际化”小节。
Besides the low cost of FOSS, there are many other reasons why public/private organizations are aggressively adopting FOSS. These include:
Security
Reliability/Stability
Open standards and vendor independence
Reduced reliance on imports
Developing local software capacity
Piracy, IPR, and WTO
Localization
Of particular importance to governments are the last four points as they are government-specific. Corporations and end users usually do not deal with these issues.
Security
While there is no perfectly secure operating system or platform, factors such as development method, program architecture and target market can greatly affect the security of a system and consequently make it easier or more difficult to breach. There are some indications that FOSS systems are superior to proprietary systems in this respect:
1.The Gartner Group recommends that businesses switch from Microsoft Internet Information Server (IIS) to Apache or another web server, due to IIS’s poor security track record. The Gartner Group noted that by July 2001 US enterprises had spent US$1.2 billion simply fixing Code Red (IIS-related) vulnerabilitiesi.
2.“Hacker Insurance” issued by J.S. Wurzler Underwriting Managers costs five to 15 percent more if Windows is used instead of GNU/Linux or Unix systems. Walter Kopf, senior vice president of underwriting at J.S. Wurzler Underwriting Managers, says, “We have found out that the possibility for loss is greater using the NT system.”ii
The security aspect has already encouraged many public organizations to switch or to consider switching to FOSS solutions. The French Customs and Indirect Taxation authority migrated to Red Hat Linux 6.2 largely because of security concernsiii.
Three reasons are often cited for FOSS’s better security record:
Availability of source code: The availability of the source code for FOSS systems has made it easier for developers and users to discover and fix vulnerabilities, often before a flaw can be exploited. Many of the vulnerabilities of FOSS listed in Bugtraq were errors discovered during periodic audits and fixed without any known exploits. FOSS systems normally employ proactive rather than reactive audits.
Security focus, instead of user-friendliness: FOSS can be said to run a large part of the Internetiv and is therefore more focused on robustness and functionality, rather than ease of use. Before features are added to any major FOSS application, its security considerations are considered and the feature is added only if it is determined not to compromise system security.
Roots: FOSS systems are mostly based on the multi-user, network-ready Unix model. Because of this, they come with a strong security and permission structure. Such models were critical when multiple users shared a single powerful server—that is, if security was weak, a single user could crash the server, steal private data from other users or deprive other users of computing resources. Consequently, vulnerabilities in most applications result in only a limited security breach.
Reliability/Stability
FOSS systems are well known for their stability and reliability. There are many anecdotal stories of FOSS servers functioning for years without requiring maintenance. However, quantitative studies are more difficult to come by. Here are two of the studies conducted to date:
In 1999 Zdnet ran a 10-month reliability test between Red Hat Linux, Caldera Systems OpenLinux and Microsoft’s Windows NT Server 4.0 with Service Pack 3. All three ran on identical hardware systems and performed printing, web serving and file serving functions. The result was that NT crashed once every six weeks but none of the FOSS systems crashed at all during the entire 10 monthsi.
A stress test using random testing stressed seven commercial systems and the GNU/Linux system in 1995. Random characters were fed to these systems, to simulate garbage from bad data or users. The result was that the commercial systems had an average failure rate of 23 percent while Linux as a whole failed nine percent of the time. GNU utilities (software produced by the FSF under the GNU project) failed only six percent of the time. A follow-up study years later found that the flaws identified by the study were all fixed in the FOSS system, but were generally untouched in proprietary softwareii.
Open standards and vendor independence
Open standards give users, whether individuals or governments, flexibility and the freedom to change between different software packages, platforms and vendors. Proprietary, secret standards lock users into using software only from one vendor and leave them at the mercy of the vendor at a later stage, when all their data is in the vendor’s proprietary format and the costs of converting them to an open standard is prohibitive.
The authors of the paper “Free/Libre and Open Source Software: Survey and Study” produced by the International Institute of Infonomics in the Netherlands also argue against use of proprietary software in government. They say:
…Consequently one major argument against the implementation of proprietary software in the public sector is the subsequent dependency on proprietary software vendors. Whenever the proprietary standards are established the necessity to follow them is given. Even in an open tender acquisition system, this requirement for compatibility with proprietary standards makes the system biased towards specific software vendors, perpetuating a dependency.
Another advantage of FOSS is that they almost always use open standards. This is due to two primary reasons:
Availability of the source code: With the source code, it is always possible to reverse-engineer and document the standard used by an application. All possible variations are plainly visible in the source code, making hiding a proprietary standard in FOSS systems impossible. Proprietary software, however, are much harder to reverse-engineer and in some cases are deliberately obfuscated.
Active standards compliance: When established standards exist, such as HyperText Markup Language (HTML), which controls how web pages are displayed, FOSS projects actively work to follow the standards faithfully. The Mozilla web browser, a FOSS effort, is fully compliant with many standards from the World Wide Web Consortium (W3C). Webstandards.org notes that Mozilla is one of the most compliant browsers available todayi. Compliance with standards is due to the FOSS development culture, where sharing and working together with other applications are the norm. It is also much easier to work with a globally dispersed group of developers when there is a published standard to adhere to.
Using FOSS systems as a means of gaining vendor independence has been raised in several areas. A report to the UK Government concludes that “the existence of an OSS reference implementation of a data standard has often accelerated the adoption of such standards, and recommends that the Government consider selective sponsorship of OSS reference implementations.”ii
Reduced reliance on imports
A major incentive for developing countries to adopt FOSS systems is the enormous cost of proprietary software licenses. Because virtually all proprietary software in developing countries is imported, their purchase consumes precious hard currency and foreign reserves. These reserves could be better spent on other development goals.
The European study, “Free/Libre and Open Source Software: Survey and Study”, also notes that, “The costs of this more service-oriented model of open source are then also normally spent within the economy of the governmental organization, and not necessary to large multinational companies. This has a positive feedback regarding employment, local investment base, tax revenue, etc.”iii
Developing local software capacity
It has been noted that there is a positive correlation between the growth of a FOSS developer base and the innovative capacities (software) of an economy. A report from the International Institute of Infonomics lists three reasons for thisi:
Low barriers to entry: FOSS, which encourages free modification and redistribution, is easy to obtain, use and learn from. Proprietary software tends to be much more restrictive, not just in the limited availability of source code, but due to licensing, patent and copyright limitations. FOSS allows developers to build on existing knowledge and pre-built components, much like basic research.
FOSS as an excellent training system: The open and collaborative nature of FOSS allows a student to examine and experiment with software concepts at virtually no direct cost to society. Likewise, a student can tap into the global collaborative FOSS development network that includes massive archives of technical information and interactive discussion tools.
FOSS as a source of standards: FOSS often becomes a de facto standard by virtue of its dominance in a particular sector of an industry. By being involved in setting the standards in a particular FOSS application, a region can ensure that the standard produced takes into account regional needs and cultural considerations.
The FOSS developmental approach greatly facilitates not only innovation but also its dissemination. A Microsoft internal memo noted, “Research/teaching projects on top of Linux are easily ‘disseminated’ due to the wide availability of Linux source. In particular, this often means that new research ideas are first implemented and available on Linux before they are available / incorporated into other platforms.”ii
Localization
“Localization involves taking a product and making it linguistically and culturally appropriate to the target locale (country/region and language) where it will be used and sold.”
Localisation Industry Standards Associationi
Localization is one of the areas where FOSS shines because of its open nature. Users are able to modify FOSS to suit the unique requirements of a particular cultural region, regardless of economic size. All that is necessary is the technical capability within a small number of individuals to create a minimally localized version of any FOSS. While the construction of a completely localized software platform is no small feat, it is at least possible. Microsoft’s decision in 1998 against producing an Icelandic version of Windows 98ii would have had serious implications if it were not for the emergence of FOSS alternatives.
Most initial FOSS initiatives in the Asia-Pacific region have dealt with localizing FOSS. More details on localization can be found in the “Localization and Internationalization” section of this primer.