Upload
silvia-hancock
View
216
Download
1
Embed Size (px)
Citation preview
Open Source Software - New Trends and Impacts – Or –
“Paradigm shift or just a huge, unprecedented, poorly understood overhaul of everything you and your company know, plan and do about software.”
10 September 2002Don Shafer Henry W. (Hank) Jones, IIIChief Technology Officer, Athens Group, Inc. Intersect Technology [email protected] Law Office of Henry W. Jones, IIIwww.athensgroup.com mobile 512-695-4673512.345.0600 x117 [email protected]
fax 512-857-0393
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 2 -
This program will help you and your organization prepare for a genuine paradigm shift for both MIS and every entity that depends on its data creation, presentation and storage: Open Source Software (OSS). Hank Jones and Don Shafer will cover exactly when, why, and how OSS is likely to change your MIS reliability, strategy, budgeting, procurement, training, as well as insurance, intellectual property, related security and financial auditing concerns – and your career.
Open Source SoftwareNew Trends and Impacts
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 3 -
OSS
php
Tcl/Tk
Perl
Ruby
Click Wrap
Sleepycat
LGPL
SourceForge
GNU GPL
Linux
FBSD
Java
Gnome
Struts
MLF
Tutos
Tucows
Python
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 4 -
What’s Your Exposure to OSS?1. IDENTITY:
– Are MIS managers within corporations? within gov’t.? – Vendors to MIS operations?
2. CURRENT PERSONAL OSS EXPERIENCE:– Got Linux running in your shop now?– Personally worked with Linux? with other OSS code? with an OSS app., rather than o.s. or kernel?– Who’s uploaded or redistributed OSS back to an OSS group?– Have heard of Eric Raymond’s book The Cathedral And The Bazaar? Read it?– Have studied the written output of the Free Software Foundation?
3. CURRENT ORGANIZATIONAL OSS EXPERIENCE:– Have current OSS training plan? Expect that you’ll be having some OSS training in the next 12 ms.?– Have an OSS committee in your shop? An OSS policy?– Believe that you’ll try an OSS app., rather than o.s. or kernel, in the next 12 months?– Are familiar with these particular OSS tools, terms, acronyms, and apps?– Believe your senior management would like MIS to reduce its outside software procurement and maintenance costs? (“Would
that be helpful to your career”?)
4. DEGREE OF OSS RISK AWARENESS/CONSIDERATION/ACTION TO DATE?– Think that there might some OSS in use within your .org without your knowing about it, as suggested in the new issue of
Upside magazine? (show Jones’ copy)– Have done an audit to determine whether or not there’s OSS code in use in your org.?– Have gotten a question about OSS a finance colleague? – From a legal colleague? Have worked with your counsel re. special obligations and risks with OSS? Have studied the full text
of the GNU license? Have heard of the dual proprietary and open “Sleepycat” license?– From an insurance colleague or broker?– Have gotten an OSS question from a potential new hire in MIS?– Have gotten an OSS current use question, e.g., in a due diligence exercise, from an outside customer or supplier?– Would bring to a co. Board meeting to explain OSS a real OSS veteran expert, like Richard Stallman?
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 5 -
Take me to your leaders!
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 6 -
Take me to your leaders – redux!
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 7 -
Don Shafer is a co-founder, corporate director and Chief Technology Officer of Athens Group, Inc. Incorporated in June 1998, Athens Group is an employee-owned consulting firm, integrating technology strategy and software solutions. Prior to Athens Group, Shafer led groups developing and marketing hardware and software products for Motorola, AMD and Crystal Semiconductor. He was responsible for managing a $129 million-a-year PC product group that produced the award-winning audio components for the Apple iMAC. From the development of low-level software drivers in yet-to-be-released Microsoft operating systems to the selection and monitoring of Taiwan semiconductor fabrication facilities, Shafer has led key product and process efforts. In the past three years he has led Athens engineers in developing industry standard semiconductor fab equipment software interfaces, definition of 300mm equipment integration tools, advanced process control state machine data collectors and embedded system control software agents. His latest patents are on joint work done with Agilent Technologies in state-based machine control. He earned a BS degree from the USAF Academy and an MBA from the University of Denver. In addition, Shafer’s work experience includes positions held at Boeing and Los Alamos National Laboratories. He is currently a graduate lecturer in software engineering at Southwest Texas and the on-site instructor-in-charge of the University of Texas Software Project Management Certification Program. With two other colleagues in 2002, he wrote Quality Software Project Management for Prentice-Hall now used in both industry and academia.
Don Shafer – Veteran geek half of the team
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 8 -
What is Open Source Software?
Fad or Permanent
Paradigm Shift?
Just kernel and OS or
applications too?
Just for shops with big MIS staffs
enabling an OSS Geek sub-team?
How to know which tools and
applications have bugs?
Does OSS compromise
security?
How can we monitor OSS downloading
and use by our MIS and other individuals
and consultants?
How can we avoid Copyright Infringement and Contract Breaks by
non-compliance with non-traditional OSS
licenses?
Can I convert OSS options into a
Negotiating Tool with Traditional
Vendors?
?
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 9 -
• http://sourceforge.net/projects/ag-mlf/ • The Model Layer Framework (MLF) is a lean code framework
for building the model layer in a Java server or client-side application. The MLF provides persistence services, data source encapsulation, code generation, and more.– Development Status: 5 - Production/Stable
– Environment: Web Environment
– Intended Audience: Developers
– License: GNU General Public License (GPL)
– Natural Language: English
– Programming Language: Java
– Topic: Software Development
Athens eats its own dog food!
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 10 -
• Can you really depend on OSS product(s) and service(s)?
Bet your career and your company?
“We would have spent several years and up to a million dollars to achieve the same functionality as what VGem provides. We couldn’t have sold our testers without VGem.” Tester Manufacturer
E82 Intrabay
FOUP
OHT
Load PortE15.1
E84 Enhanced PI/O
E37.1 HSMS
E87 CarrierManagement
Tester/ProberE5 SECS-IIE30 GEME30.3 TSEME39 E40E87E94
Factory Host
E99Yes!
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 11 -
• Can you really depend on OSS product(s) and service(s)?
Bet your career and your company?
No!
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 12 -
OSS in an effective IT strategic plan
Foundation
Develop Idealized Architecture
Task 2Review or Create Business Process Map
Task 1Define Critical Criteria
Task 3
Initiate
Select Top Candidates
Evaluation
Select Top 2 Candidates
Decision
Integration Analysis
Task 10
Detailed Vendor Review & Demo
Task 11
Final Selection
Phase 2 Readiness
Develop Integration Plan and Systems Architecture
Task 12
Evaluation Report
Task 13
Develop High Level Implementation Plan
Task 14
Define Integration Requirements, Arch. Constraints
Task 6 Define Requirements, Categories, Priorities
Task 5
Vendor Risk Analysis Task 7
Detailed Vendor Scoring Task 9
• Web
site/
Plan
Upd
ates
• W
eekly
Sta
tus
Repo
rt / M
eetin
g• R
equi
rem
ents
Man
agem
ent
• C
lient
Rev
iew
Proj
ect M
anag
emen
t
Compare to Vendor Capabilities Task 4
Initial Demos Task 8
• Define Project Plan/Process
Package SelectionImplementation PlanArchitecture
• Release Project Website • Initialize DB Tools
•Target Vendor List•Kickoff Meeting
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 13 -
Ownership and Quality
• How do you achieve low TCO and long-term TQM if you incorporate OSS written by outside ad hoc groups?
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 14 -
Is “free” really cheaper?
Rank Prob-ability
Sever-ity
Risk Mitigation Plan Contingency Plan
24 4 6 Staff lacks necessary skills.
Training and joint implementation team of client and consulting partner.
Alleviate implementation bottlenecks with additional temporary staff.
24 3 8 Quality is hard to control.
Disciplined development process and project status reporting to senior management.
Apply additional resources to technology leadership and project management.
21 3 7 Introduction of Next-Gen interferes with existing operations over a long period.
Phased development and implementation approach designed to minimize disruptions.
Additional temporary staff to help with current operations.
21 3 7 Next-Gen requires months of fine-tuning before it is acceptable.
Upfront investment in requirements definition, detailed design and appropriate technology selection. Include users in design and application reviews.
Careful monitoring of existing system to ensure that it can continue to meet client needs if necessary.
21 3 7 Contribution from new system is not significantly different from current system.
Dedicated involvement from user community on the project and ongoing risk and cost/benefit analysis.
Open architecture provides a solid migration path to future needs.
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 15 -
Product Development Risk Analysis
Product Area Team Size6 Number of Team Members - includes 3 developers, engineering mgt. and support
Requirements1 10 Is there a one sentence product team and product description?2 5 Can the product team describe the target user ?3 5 Are the prerequisites and customer operating business environment documented ?4 8 Are the product team objectives understood by all stakeholders?5 8 Is there a prototype of the product team's product(s) ?6 4 Are the competitions' features documented side by side with this product areas'?7 8 Does this product team have access to the domain expertise needed for success?
8 8Is there a published schedule for the products and first customer deliveries for this product area ?
9 4 Has a complete cost analysis been completed along with break even scenarios ?10 0 Has a life cycle been defined for this product area ?11 8 Is a marketing/business development person part of the product team ?12 5 Is a staffing person part of the product team?
Risk Analysis Results
NewProduct v1.0 73 Preliminary score 80.3 Final score (preliminary score adjusted for team size)
Chance of Success: FairEvaluation: A good first pass. A product area with this score will likely experience high stress and shaky
team dynamics, and the product will ultimately be delivered with less functionality than desired at greater cost and with a longer schedule.
For each question, give the product development team 10 points if it is definitely true, 8 points if 80% true, 5 points if 50% true, 4 points if No but planned and 0 points if No and NOT planned. There is a maximum of 10 points per question.
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 16 -
Build and deliver within five weeks a Java software engineering development environment with these requirements:
1.Must run on any Pentium 1 based hardware or better2.Must run on a machine with < 4 Gig hard drive3.Must load from CDROM(s)4.Machine will have access to the Internet5.Must load into a green-field machine6.Must include the entire software system (yes this does mean the OS!)7.End User Delivered Software System must cost less than $1008.Hardware is NOT included in the system cost9.All documentation must be browser based10.No pirated software allowed11.Tools must cover entire software life cycle12.All project support processes must be implemented13.Must support team development environment14.Full system and user documentation must be delivered
Would you take on this SOW?
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 17 -
How much effort?
Java Tools OS SE Tools Testing Docs Integrate Totals1st Week
Project Plan 24 10 15 9.5 12 8 78.5SRS 18 8 10 6 6 0 48
Total 1st Week 42 18 25 15.5 18 8 126.52nd Week
Prototype 1 42 128 15.5 3 6 8 202.5SDS 8 4 9 10 8.5 0 39.5
Total 2nd Week 50 132 24.5 13 14.5 8 2423rd Week
Prototype 2 8 35 9 8 6 11 77Test Plan 9 2 25 20 2 0 58
Total 3rd Week 17 37 34 28 8 11 1354th Week
User Manual 0 10 0 2 19 2 33Installation Plan 2 57 45 37 3 27 171
Total 4th Week 2 67 45 39 22 29 2045th Week
Product 2 20 15 16 9 30 92Total 5th Week 2 20 15 16 9 30 92
Total Project 113 274 143.5 111.5 71.5 86 799.5
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 18 -
– Running a DMZ server for client project status web sites– Prototype Linux system for Dell laptops– JDE evaluation platform
Actual Use of the “Product”
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 19 -
Generic Process
Based on strategy, determine needs.
Find / Review Opportunities
Due Diligence
Technology• People• Process• Technology
Financial• Verification• Analysis• Projections (ROI)
Marketing / Management• People• Competition / Strategy• Customers / Channels
Integration Planning
INTEGRATION
Lessons learned / New opportunities
Appar
ent O
SS Is
sues Real Area of OSS Issues
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 20 -
Disclosed Risks in S.E.C. Filings from Red HatRisks Related to our Linux-based
Open Source Business Model• We depend on the support of Linux developers not employed by
us to release major product upgrades and maintain market share. …
• The scarcity of software applications for Linux-based operating systems could prevent widespread commercial adoption of our products. …
• We may be unable to predict the future course of open source technology development, which could reduce the market appeal of our products and damage our reputation.
• We do not exercise control over many aspects of the development of open source technology. …
Do You Want Career Headlines?
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 21 -
Disclosed Risks in S.E.C. Filings from Red Hat, cont’d.
• With our declining stock price we may have increased difficulty in attracting and retaining highly skilled employees. …
• We may lack the financial and operational resources needed to increase our market share and compete effectively with Microsoft, other established operating systems developers, software development tools developers and other service and support providers. …
• If we fail to establish and maintain strategic distribution and other collaborative relationships with industry-leading companies, we may not be able to attract and retain a larger customer base. …
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 22 -
Risks Related to Legal Uncertainty• We could be prevented from selling or developing our
products if the GNU General Public License and similar licenses under which our products are developed and licensed are not enforceable. …
• Our products may contain defects that may be costly to correct, delay market acceptance of our products and expose us to litigation. …
• We are vulnerable to claims that our products infringe third-party intellectual property rights particularly because our products are comprised of many distinct software components developed by thousands of independent parties. …
Disclosed Risks in S.E.C. Filings from Red Hat, cont’d.
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 23 -
Is OSS Easy or Hard?
1. Progress Software and NuSphere v. MySQL
2. Last Month’s OSS Bad News: Sigma Designs’ Piracy Revealed by OSS Group XVID.org’s Reverse Engineering
3. Who’s Next?
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 24 -
OSS MIS Sole Turf• MIS Costs = CFO Turf• Data and Finance Number Accuracy =
Finance Turf• Organizational Security = CEO, CFO,
Investor Relations, and General Counsel Turf
• Operational Assurance = CEO, CFO, COO, Risk (Insurance) Manager, and Legal Dept. Turf
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 25 -
No More Moats Around MIS
• OSS Action Imperatives For MIS• Educate Executives• Educate and Manage Traditional MIS Operations
Teams• Educate and Manage Web / E-Site Operations Teams• Educate CFO, CFO, Counsel, R&D, and Other
Constituents• Typical (Inadequate) Approaches• Best Tools and Practices: Challenges and Creativity
in Fear, UnderStructures, and Deliberations
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 26 -
Shafer – The right blendType Source Example
Application systems COTS or OSS Star Office, Enhydra, Tomcat, Zope Application products
Custom Built Extensive script modifications using VBS to Microsoft Products
Operating systems OSS Linux Extensions Network software COTS Extensions to Netware, Windows driver
extensions Distinct technology products
Custom Built Core IP for software application companies
Documentation Custom Built Product and process documentation built to support products
Data Custom Built Data sets that support product stress testing, configuration files and run time data sets.
Knowledge and experience embedded in people, systems, and databases
Custom Built Rules embedded in process and product engines such as application programming interfaces and hardware abstraction layers.
Intellectual and innovation capital
Custom Built Trades secrets, embedded patent, copyrighted code.
Test Suites Custom Built Full regression scripts and code sets. This can be 2 to 5 times the amount of code in an application and just as costly to develop.
Tools OSS, Custom Built
Application builders, performance stressors and testers, real time, in-line test tools and application monitors.
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 27 -
• Piracy By Your People• Breaching Contracts By Your Organization• Contracts Ambiguity In Your Organization• Contracts Misplacement and Amnesia In Your
Organization• Bugs• Costs, Deadlines, and Deliverable Uncertainties• Other
Meet The New Risks,Same As The Old Risks
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 28 -
New Necessary Skills For New MIS Rules and Tools
Old Challenges: New Challenges:
Site License GNU’s GPL
Click-Wrap Sleepycat Dual License and Model
Upgrades v. Enhancements Interpreting BSD, LGPL, and
Dozens of Other OSS Licenses
Other Other
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 29 -
• Enlist, Deputize and Dragoon Allies• Invest In Education: Circulate Microsoft’s OSS FUD FAQ• Invest In Education: Do New Mandatory Internal Training
Sessions• Define New Roles and Responsibilities• Audit Operations • Audit Vendors?• Create, Communicate, Document, Enforce, and Update New
Policies For Engineers, Programmers, and Other Employees• Create, Communicate, Document, Enforce, and Update New
Policies For Vendors• “/(Better) Take Out Some Insurance/”• Other
What Do MIS Leaders Do?
© 2002 Athens Group, Inc. and Intersect Technology Consulting - 30 -
Questions ?