Five misconceptions about open source

Open source software has its admirers, and more recently, when it comes to developing some kind of “national” products, this is basically what open source means. Paradoxically, the interest in this type of software has generated a lot of distortions and delusions, which in practice prevent its spread.

Our company has been participating in open source projects since 2005 - thanks to the development of its own open source solutions ( OpenVZ , CRIU projects ), participating in other open source projects ( QEMU , OpenStack , libvirt , libcontainer , etc.). For 10 years, we have collected some of the most common myths about open source software. I will tell about each of the errors and explain why it is wrong. Surely, you will remember the same number, but, in my opinion, these five are the most "hellish".
')

An open source project is an open source project.

Any software project consists of many artifacts: project source code, information about uncorrected defects, test source code, documentation. The source code of the project is only a part of it, free access to which does not give the right to call the entire project open. In addition to the source code, free access should be open to other development artifacts, and the more artifacts are open, the more the project is open to contributors (people who want to contribute to the project). In addition, transparent processes between all community members, open communications in the project, etc. are necessary. All these measures will only contribute to the development of the project and the fruitful cooperation of community members.

Oracle VirtualBox is an example of a closed source open source project. The code is fully available, but the development process is closed and opaque.

Products based on open source projects contain only open source.

Companies that develop commercial solutions based on open source projects may include closed components in their products. Because it is precisely the additional closed functionality that can give them a competitive advantage among companies that also build a business based on this open source project. It is the closed components that often form a product that a company can sell to its customers and earn money from it.

For example, we recently announced the development of the next version of Virtuozzo , the distribution of which will be distributed free of charge. The user will be able to use virtual machines and the latest version of our containers freely and without restrictions, but if desired, he will be able to install a set of add-ons (distributed data storage, components to increase the density of containers on one physical server and others) that will help him to successfully solve his tasks. This is part of the freedom of open source software. You choose the option that suits you best: use the basic version or advanced. In our practice, there are examples of client companies that provided services based on OpenVZ technologies, but later appreciated the advantages of the commercial version, and have since become our paid customers. This is a win-win strategy in which both sides win.

Using open source software is completely free.

There is a widespread belief that free software is at the same time completely free. However, the price of the software itself is only a small part of the costs associated with its use. Free software is no exception, therefore, before using it, it is necessary to evaluate its entire life cycle. This is the only way to conclude whether the introduction of open source software will be profitable or not.

Let's sort it out by examples:

• An experienced user installed and configured a freeware program on his computer. He paid for it with his time spent on installation, development, support (updates, etc.)
• An inexperienced user asked an experienced user to install a freely distributed program on their computer, paying for his services.
• The company providing hosting services, began to provide services based on open solutions. Such a company will pay either to the staff from its IT department or the company that participates in the development of this project, for implementation and technical support. Which option the company chooses depends on the cost, but the fact that a project to introduce and use open solutions will not be free is a fact.

In all the examples there was no purchase of the right to use the program (license), which actually occurs during the acquisition of commercial software. But each time there was a different cost, for example, the cost of services or the cost of owning a business, plus cost savings due to free use rights.

One of the advantages of Open Source is that marginal costs are essentially absent, since, as a rule, no additional licenses are required as the implementation expands.

You can not build a business on open source solutions due to lack of technical support.

Support is a key point for users. An ordinary user can do without it when using open source software, as we explained in the examples above, but technical support is necessary for companies in most cases.
Serious open projects are either actively supported by the developer community, or there are companies that can commercially provide support for large businesses. And if necessary, add the necessary functionality to the product.
This is the model we follow in the OpenVZ project. Project components are distributed freely, but if you need support or development of additional functionality, then we can provide it .

Open source quality is worse because anyone can write code for it.

The main principle of open source software - open joint development - is in itself a guarantee that poor-quality code, crutches and patches simply cannot be hidden from other participants. A person, participating in such projects, is ready for the fact that his work will be subjected to both analysis and criticism, which means that there will not be a hack. His reputation is at stake, and no one wants to lose it.

In addition, in some communities (for example, the community around the development of the Linux kernel), there is a hard principle - only the best, tested and perfect code is accepted into the original kernel. An attempt to add low-quality changes will be rejected, the second attempt is fraught with a loss of reputation for a person or a company-distributor.

That is, an open project really gives anyone the opportunity to take part in writing code, but in serious projects because of the high threshold of entry, the code will not be accepted from people with insufficient expertise.
Most major IT companies (IBM, Google, Canonical, Parallels, etc.) have entire departments where specialists get paid for working on open source projects and thus working indirectly on company products.

Separately, it is worth mentioning that companies that develop products based on open source projects are interested in improving the code of open source projects that they use during testing. Therefore, all the problems found need to be corrected and ensure that this fix is ​​added to the main branch of the project in order to have as few differences as possible in its code and the open project code. Our products use the code of other open projects, so the problems found in the code of these projects are corrected and sent to upstream. So it was with vulnerabilities in the RHEL core: Red Hat noted Vladimir Davydov for detecting serious vulnerabilities CVE-2014-0203 and CVE-2014-4483 in one of the RHEL6 kernel updates (the second problem, by the way, was found using one of our automated tests, using Linux Test Project ). Vasily Averin was thanked for finding the error CVE-2014-5045 , Dmitry Monakhov - for CVE-2012-4508 . The fact that a good Linux kernel was tested was even noted by Andrew Morton ( who is this? ): “I’m interested. Over the past few months, people from @ openvz.org have found (and fixed) a bunch of incomprehensible, but serious and rather ancient bugs. How did you find these bugs? ”

Total

In fact, all these myths arise for the most part among users who either are just starting to work with OpenSource software, or have not tried to do this at all. The best way to get rid of prejudices is to start working closely with such solutions.
We recently announced an open development process for a new version of our product Virtuozzo 7. If you are also interested in creating the best container virtualization technology, then join .