[oclug] How open nature of Linux can work against it.
rgiffin at xplornet.com
Sat Aug 12 11:13:52 EDT 2006
Some thoughts sparked by the discussion of Linux in the news.
My point of view might sound strange to a lot of people involved with
Linux. I design computer systems for the bioinformatics industry. One
heavy user of bioinformatics is the Pharma industry. In Pharma
(pharmaceutical/medical and agri-food etc. research and manufacturing),
Linux has been making some really good inroads, and made some
interesting headlines about some very large installations. This
industry sector is also one of the heaviest users of IT on the planet.
It is one of the industries where a petabyte literally might not be
enough. On the surface, the stability and scalability of Linux based
systems makes a lot of sense, and because of that has attracted a lot of
initial attention in the Pharma industry.
But there are some roadblocks to general acceptance, things about the
nature of Linux, that actually works against it. Fundamental things,
like it's open source, and distributed under the GPL. And intellectual
property issues are not even part of the discussion.
The problem with open source software is that it makes it easy to modify
source code that impacts the operating system. The consequence is there
are a lot of different ways of doing things in Linux, and many
distributions. Linux has a good handle on monitoring changes, and
identifying what changed, who changed it, and potentially identifying
why it changed, but what it doesn't have a good handle on is what the
impact of the change is to the operation of the rest of the system.
In the Pharma industry, everything that comes into "contact" with the
product or research is validated. The validation a mandatory part of
life in this industry. The tenticals of their validation requirements
extend from the industry's HR practices, to the color of the ink in
their pens. No pencils. Usually black ink, occasionally black or blue
- but not often. Print please, or type, sign and keep every version of
everything. Electronic records are digitally signed, and versioned,
stored in document and record management systems that record every
change. White-out and Post-It notes are not just bad ideas for this
industry, they could cause entire batches of product to be thrown out as
potential toxic waste, or years of research to be discarded as so much
trash. For software, even regular patches sent from the manufacturer
(i.e. in the case of operating systems; Microsoft, Sun Microsystems, IBM
etc.) are validated before they are deployed into production
environments. It is not uncommon to find installations still using
Microsoft Word 97, or older versions of WordPerfect Suite 8 because they
haven't allocated the funds to validate any updates to a word processor
that still suits the purpose (and is already validated.)
The cost of computer system validation (CSV) to the industry is
enormous. It can exceed the cost of the entire system by a factor of
several times. A one hundred thousand dollar software development
effort can result in a million dollars worth of validation, or more. So
can a thousand dollar software patch, or a free one. If the component
being modified or added impacts other components, it can result in the
re-validation of entire IT infrastructures, and the million dollars
becomes tens of millions. For each patch. When you're dealing with
"industry standard"* software that is widely distributed however, the
cost can be born by the industry as a whole. (*meaning here: everyone
in the industry who uses the software gets the same thing.)
With Linux, that isn't so possible. There isn't an "industry standard"
Linux, so the costs validating the patching and upgrading of operating
system software aren't spread out over the entire industry, but only by
the companies with that identical configuration... often just one. The
costs of going through the CSV process are prohibitively high, so while
there is a lot of interest in Linux in the industry's IT sector for
technical reasons, like stability and scalability, it often doesn't make
business or economic sense.
More information about the OCLUG