Last night's IBM vs MS debate (or open source vs commercial software)
2004-11-10
6 minutes read

Last night, I was at a debate between IBM and Microsoft on the benefits of open source software and commercial software respectively. I know that commerical doesn’t imply closed-source, so what the debate was really about was open versus closed source software. Shame the organizers didn’t grasp the difference.

It was a good debate. Microsoft’s people were a lot better than IBM’s people, both because they were good and also because IBM had two salespeople and only one technical guy. It didn’t help that the technical guy was from Sk√•ne in Sweden, which made him hard to understand.

The debate started with MS and IBM talking a bit about standards and innovation. MS complained about standardization processes taking a long time, which means it will in many cases slow innovation. Standards are also costly. Patents were briefly covered, and IBM said they were granted about 4 to 5000 patents per year. MS stumbled on their part of the facts, claiming that TCP/IP was invented by Tim Berners-Lee 15 years ago. (He was probably talking about HTTP, to his defense.)

Anders Christensen had a short talk about different licenses used at the department of computer and information science, which was short, fun and to the point. IBM talked a little bit about the GPL and GNU; it was hard to hear what the guy was saying, it was in Swedish and the guy was a bit fluffy. Not very easy to describe, but his words were often high-flying and hard to grasp.

MS then talked proprietary licenses and why they thought they were good. They tried to say “we can show you the source as well”, through their Shared Source program. (But we’ll only show you our deepest secrets if you are a NSA, the IT department of the police or similar.) Of course, they had to FUD a little with saying that you have to watch the license if you use open source software. This is correct, but it applies equally well to proprietary software. If you use third-party software in your application, you have to understand the license, no matter whether the license is free or not.

The IBM people clearly hadn’t done their homework, as one of them said (paraphrased): “Open source is no longer only used on open source platforms”, while this is how it all started. In the early days of the GNU project, the platforms weren’t free, it’s only recently (last ten years or so) that you have been able to run fully free operating systems.

MS were asked whether they though the profit motivation of proprietary software {companies} could interfere with user rights. They didn’t think so, which amazed me a bit. Isn’t that fairly obvious, that in certain situations, a company may want to do something which isn’t in the users’ interest, in order to earn money?

The next part was “Innovation”. IBM was getting increasingly boring to listen to, saying a fair amount of self-evident things and being completely non-agressive, which was sad to see. MS pointed out that patents in many cases are just used for bartering between companies rather than having a single company exploiting the invention for a long time. This is probably the case, but what about the small and poor who can’t afford a license (or who doesn’t get a license, even if they have the money)? Patents are supposed to help innovation, but in many cases, it helps stopping innovation just as much. MS showed the common misunderstanding that free software is only based on volunteer and “random” contributions. This might have been the case ten years ago, but that hasn’t been true for a long time.

The next big chunk was security. MS said they were a high-profile target with 94% market share. Their biggest problems are worms and email-based viruses rather than script kiddies, which are a bigger problem for the Linux and UNIX world. It seems also MS is taking security more seriously; last year they took all their developers through both “how to code more securely” training. In addition, they spent six months going through all their code with an eye on security. Why they didn’t catch the “what does scripting do in a mail reader” problem, I have no idea.

I got some eye-opening quotes from them as well. “We do not tell about security problems before we have a fix ready […] anything else would be irresponsible.” This is fine, assuming that’s MS are the only ones who have found the bug and that there’s no way to protect oneself apart from patching. That’s two fairly big assumes.

They also claimed responsibility for finding bugs before anybody else does – “We have the responsibility for finding bugs on our platform in time”. (Before they are found by somebody else and exploited.)

MS repeated their claim that they are often hit because they are big. To a certain degree, that’s probably correct. On the other hand; where are all the apache, mysql and postgresql worms we should be seeing, then? They also claimed that they fix security-related bugs faster than the open source world. I don’t think that’s correct, but I didn’t have the statistics there, so I couldn’t whack them with anything.

Again, they talked a bit of technology development (which is really just another way of saying more innovation). MS claimed to innovate for the better of their users. Later, they got a question about their embrace-and-extend attitude around Kerberos 5, where they gave the worst answer I heard the whole evening. They claimed that certification was important and that the other Kerberos 5 implementations weren’t certified with the MS server. Well, Kerberos 5 is a standard, and it was extended a bit (in an incompatible fashion) by MS with their Active Directory. (Which is really just a Kerberos 5 and LDAP server with a fancy GUI.)

One more quote: “All our [MS’] file formates were originally designed to talk to printers […] We are doing the world a favor by not opening them up.” Funny, yes. However, many people need to read those formats with other programs than they were originally created with.

MS claimed to give full hardware-freedom. I was tempted to add: “As long as you run on Intel (or compatible) platforms, sure”. The also gave some incredible FUD, that the linux kernel has had eight trojans in different parts of the source. I know of the one attack on a CVS mirror of the bitkeeper kernel repository, but none others.

All in all, an interesting debate, MS were defending themselves quite well, but they were mostly on the defense. IBM were weak and blunt-toothed, which was sad. The audience wasn’t so weak and pressed home when the answers were just avoiding the question.

Back to posts