[oclug] How open nature of Linux can work against it.

[Greg]

You are saying drug industry servers are wide-open to script-kiddies,
because they never install "service packs".  SPs being impossible in
principle to validate;  worse, M$ is admitting in EU courts that they
cannot even document, much less validate, their systems.

If you sit back and ruminate, you will discover you/they are demanding
absolute standards of open systems but 'as best we can' of proprietary.



Rod Giffin wrote:
> Some thoughts sparked by the discussion of Linux in the news.
> My point of view might sound strange to a lot of people involved with
> Linux.  I design computer systems for the bioinformatics industry.  One
> heavy user of bioinformatics is the Pharma industry.  In Pharma
> (pharmaceutical/medical and agri-food etc. research and manufacturing),
> Linux has been making some really good inroads, and made some
> interesting headlines about some very large installations.  This
> industry sector is also one of the heaviest users of IT on the planet. 
> It is one of the industries where a petabyte literally might not be
> enough.  On the surface, the stability and scalability of Linux based
> systems makes a lot of sense, and because of that has attracted a lot of
> initial attention in the Pharma industry.
> 
> But there are some roadblocks to general acceptance, things about the
> nature of Linux, that actually works against it.  Fundamental things,
> like it's open source, and distributed under the GPL.  And intellectual
> property issues are not even part of the discussion.
> 
> The problem with open source software is that it makes it easy to modify
> source code that impacts the operating system.  The consequence is there
> are a lot of different ways of doing things in Linux, and many
> distributions.  Linux has a good handle on monitoring changes, and
> identifying what changed, who changed it, and potentially identifying
> why it changed, but what it doesn't have a good handle on is what the
> impact of the change is to the operation of the rest of the system.
> 
> In the Pharma industry, everything that comes into "contact" with the
> product or research is validated.  The validation a mandatory part of
> life in this industry.  The tenticals of their validation requirements
> extend from the industry's HR practices, to the color of the ink in
> their pens.  No pencils.  Usually black ink, occasionally black or blue
> - but not often.  Print please, or type, sign and keep every version of
> everything.  Electronic records are digitally signed, and versioned,
> stored in document and record management systems that record every
> change.  White-out and Post-It notes are not just bad ideas for this
> industry, they could cause entire batches of product to be thrown out as
> potential toxic waste, or years of research to be discarded as so much
> trash. For software, even regular patches sent from the manufacturer
> (i.e. in the case of operating systems; Microsoft, Sun Microsystems, IBM
> etc.) are validated before they are deployed into production
> environments.  It is not uncommon to find installations still using
> Microsoft Word 97, or older versions of WordPerfect Suite 8 because they
> haven't allocated the funds to validate any updates to a word processor
> that still suits the purpose (and is already validated.)
> 
> The cost of computer system validation (CSV) to the industry is
> enormous.  It can exceed the cost of the entire system by a factor of
> several times.  A one hundred thousand dollar software development
> effort can result in a million dollars worth of validation, or more.  So
> can a thousand dollar software patch, or a free one.  If the component
> being modified or added impacts other components, it can result in the
> re-validation of entire IT infrastructures, and the million dollars
> becomes tens of millions.  For each patch.   When you're dealing with
> "industry standard"* software that is widely distributed however, the
> cost can be born by the industry as a whole.  (*meaning here: everyone
> in the industry who uses the software gets the same thing.)
> 
> With Linux, that isn't so possible.  There isn't an "industry standard"
> Linux, so the costs validating the patching and upgrading of operating
> system software aren't spread out over the entire industry, but only by
> the companies with that identical configuration... often just one.  The
> costs of going through the CSV process are prohibitively high, so while
> there is a lot of interest in Linux in the industry's IT sector for
> technical reasons, like stability and scalability, it often doesn't make
> business or economic sense.
> 
> Rod.
> 
> 

-- 
Why, Benedict, did you?