Bob Young is no stranger to open source. In fact, he has one of the most recognizable names in the industry, alongside movement gurus such as Linus Torvalds, Richard Stallman and Jon “maddog” Hall. After all, Young co-founded Red Hat Inc., arguably the most successful Linux vendor in the world. While Young still sits on Red Hat’s board of directors, he is also CEO of a digital content creation company, Lulu.com, which is to authors what Apple Computer Inc.’s iTunes is to musicians.
This week, Young, a Hamilton-Ont. native, spoke with IT World Canada about his opinions of open source software, where it is heading and how the IT industry will change as a result. Young also plans to discuss similar topics at the University of Toronto’s Open Source Conference, which runs from May 9 to 11.
IT World Canada (ITWC): What is the most interesting development in open source you’ve seen in the last couple of years?
Young: What you’re seeing now is all the leading IT corporations around the world using open source, not just doing trials, but doing serious implementations of open source technologies across their institutions. In the corporate world, the financial services companies in New York City are classic early adopters. They need to deploy the latest technology to steal a five-second advantage over their competitors because five seconds can be the difference between several million dollars on any given trade. Additionally, these are the companies that are paying outfits like IBM Corp. and Red Hat Inc. hundreds of millions of dollars for support services and hardware contracts for deploying Linux, Apache, Postgres and MySQL technologies.
ITWC: Why are we seeing an uptake of open source in financial services firms? What can they get from open source that they can’t get from a proprietary product?
Young: The traditional model is that they save money, which is true, and they get better performance, which is also true. But I argue, if you ask leading corporations who are adopting open source the top 10 reasons why, it would change from firm to firm. The only consistent item in that top 10 list would amount to control over the technology.
For the first time open source gives you not just the binaries you want on your computer but gives you the source code that allows you to make changes to the software technology you’re using. This changes the relationship between the customer and the vendor, and suddenly the customer is in control of the customer-vendor relationship, because [for example], if Red Hat doesn’t look after a user’s systems well enough, the user can go to IBM [Corp.]. Under the binary-only model, if a proprietary software vendor doesn’t look after you but you’ve spent $10 million dollars with them implementing systems, you have no choice. All you can do is whine at them and say “pretty please,” and offer them more money.
ITWC: When Microsoft CEO Steve Ballmer was in Toronto recently, he said in many cases when companies migrate from Windows to Linux, they are motivated by political decisions such as a distaste for Microsoft or packaged software. Are people basing decisions on politics or rational ROI decisions?
Young: To hear Ballmer say that is just astounding because it was only a few years ago that everyone in the open source community was so frustrated with exactly the reverse phenomenon. People would avoid open source technology, despite the fact they knew it was better, because somehow they had to go with IBM or Microsoft — in other words, with a big brand name that amounted to safety in their own minds. The fact that Ballmer is now complaining that people are going to open source for political decisions is a pretty good definition of success. I hope for the sake of Microsoft’s shareholders that he doesn’t actually believe that. Because if so, then Microsoft is in trouble because political reasons are not why people are going to open source. They’re going to open source solutions because they’re tired of being mistreated.
ITWC: Studies have indicated that, as the Linux install base increases, so will the number of hacker attempts and viruses written. As a result, is Linux really more secure than Windows?
Young: There is no way of answering that question because it depends on the situation that the user finds himself in. The problem with Windows security is that because of the binary model you don’t have very good insight as to when you are secure or are not secure. You cannot even hire an expert to tell you if your systems are properly secure because he can’t look at the code — he actually doesn’t know what holes you’ve patched and what holes still exist that can be exploited. You’re completely dependent on Microsoft to tell you that because they’re the only ones that get to review their source code.
However, open source actually looks less secure because you can hire an expert who can point to all the holes in your Linux server. But because you can find where the holes are in an open source solution, you can fix them. Inherently neither Linux or Windows is more secure than the other but there is hope on the open source side that with the right help or expertise you could build a secure system.
To read more of Bob Young’s insights into the open source movement, please see the upcoming May 14, 2004 issue of ComputerWorld Canada.