[oclug] How open nature of Linux can work against it.

Sat Aug 12 11:13:52 EDT 2006

Some thoughts sparked by the discussion of Linux in the news. 

My point of view might sound strange to a lot of people involved with 
Linux.  I design computer systems for the bioinformatics industry.  One 
heavy user of bioinformatics is the Pharma industry.  In Pharma 
(pharmaceutical/medical and agri-food etc. research and manufacturing), 
Linux has been making some really good inroads, and made some 
interesting headlines about some very large installations.  This 
industry sector is also one of the heaviest users of IT on the planet.  
It is one of the industries where a petabyte literally might not be 
enough.  On the surface, the stability and scalability of Linux based 
systems makes a lot of sense, and because of that has attracted a lot of 
initial attention in the Pharma industry.

But there are some roadblocks to general acceptance, things about the 
nature of Linux, that actually works against it.  Fundamental things, 
like it's open source, and distributed under the GPL.  And intellectual 
property issues are not even part of the discussion.

The problem with open source software is that it makes it easy to modify 
source code that impacts the operating system.  The consequence is there 
are a lot of different ways of doing things in Linux, and many 
distributions.  Linux has a good handle on monitoring changes, and 
identifying what changed, who changed it, and potentially identifying 
why it changed, but what it doesn't have a good handle on is what the 
impact of the change is to the operation of the rest of the system.

In the Pharma industry, everything that comes into "contact" with the 
product or research is validated.  The validation a mandatory part of 
life in this industry.  The tenticals of their validation requirements 
extend from the industry's HR practices, to the color of the ink in 
their pens.  No pencils.  Usually black ink, occasionally black or blue 
- but not often.  Print please, or type, sign and keep every version of 
everything.  Electronic records are digitally signed, and versioned, 
stored in document and record management systems that record every 
change.  White-out and Post-It notes are not just bad ideas for this 
industry, they could cause entire batches of product to be thrown out as 
potential toxic waste, or years of research to be discarded as so much 
trash. For software, even regular patches sent from the manufacturer 
(i.e. in the case of operating systems; Microsoft, Sun Microsystems, IBM 
etc.) are validated before they are deployed into production 
environments.  It is not uncommon to find installations still using 
Microsoft Word 97, or older versions of WordPerfect Suite 8 because they 
haven't allocated the funds to validate any updates to a word processor 
that still suits the purpose (and is already validated.)

The cost of computer system validation (CSV) to the industry is 
enormous.  It can exceed the cost of the entire system by a factor of 
several times.  A one hundred thousand dollar software development 
effort can result in a million dollars worth of validation, or more.  So 
can a thousand dollar software patch, or a free one.  If the component 
being modified or added impacts other components, it can result in the 
re-validation of entire IT infrastructures, and the million dollars 
becomes tens of millions.  For each patch.   When you're dealing with 
"industry standard"* software that is widely distributed however, the 
cost can be born by the industry as a whole.  (*meaning here: everyone 
in the industry who uses the software gets the same thing.)

With Linux, that isn't so possible.  There isn't an "industry standard" 
Linux, so the costs validating the patching and upgrading of operating 
system software aren't spread out over the entire industry, but only by 
the companies with that identical configuration... often just one.  The 
costs of going through the CSV process are prohibitively high, so while 
there is a lot of interest in Linux in the industry's IT sector for 
technical reasons, like stability and scalability, it often doesn't make 
business or economic sense.

Rod.