Re: [squid-users] what's better than msproxy 2: Does someone wants to laugh ?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 17 Dec 2002 21:26:41 +0100

Dan Cave wrote:

> From a support perspective, companies would rather pay for something
> commercial that they can get support for, even if it uses opensource.

Yes, For this purpose there exists several companies making commercial
products based on Squid, my own included. Sure, you do not get these
things for gratis, but they are still free in most parts.

The argument that Free Software costs nothing is usually not a very good
argument. What is for free can't be good can it..?? In such situation
you need to find other approaches and arguments.

One argument which can work is to explain what really Free Software and
Open Source in general is about and why it is such an success as it is.
Free Software is not at all about that the software should be at no
cost, it is about making sure you have the freedom to improve what you
have and not be locked down to a single provider/vendor.

If you find something you are not entirely satisfied with in an Open
Source product the fact that it is Open Source allows you to take the
initiative to have it corrected/extended.

Now, this ofcourse does not appeal to everyone and as not all companies
can afford or wishes to have their own staff who is capable. For this
reason there exists several companies selling support on Open Source
components.

There also exists several commercial players (myself included) who make
commercial products based on Open Source. The commercial products
shrinkwrap the Open Source components combined with the expertese of the
commercial vendor to make a product which combines the best of both
worlds.

So some arguments?

Q: Need to have commercial support

A: There is several companies providing commercial support to those who
need. In addition there is often very good support to be found on the
Internet if you can affort to spend some time on trying to get a problem
solved.

In many cases the need for commercial support is less for Open Source
products due to their open nature, but it is always recommended to get
support options for any mission critical components in your business.

As with the traditional closed vendors support can most often be found
direct from the Open Source vendors. The main difference is that there
usually is not a single big player but many smaller to select between.

Q: Need to have a stable and trustworthy provider

A: By using a well known Open Source software you are guaranteed a
stable provider. A good and well known Open Source product such as Squid
is almost guaranteed to surive for extended period of time. Unlike many
of the smaller commercial vendors Open Source software does not rely on
a investors of commercial vendors who may go bankrupt or change their
business. The people working on Squid may change by time, but as long as
it is beeing in use by others it is likely to get better by time and to
have a trustworthy "provider".

Q: Need to have a provider I can trust

What can be said about trust is that Open Source software is in many
aspects less likely to have security issues or backdoors. The source is
available freely, and such issues is quite likely to be found very
quickly. What is certainly true is that in general Open Source software
reacts much quicker to security issues than most commercial vendors and
it is not uncommon that you will get a fix shortly after sending a good
security report to the group of people developing the Open Source
software you use. Another is that most put way too much trust in their
commercial vendors. If you read the fineprint of mostly any commercial
agreement you will find that most "respected and well known" commercial
vendors actually takes very little responsibility for what they deliver.

At some times it may seem like Open Source software has more security
issues than a closed vendor. However, in most cases this not really true
but an positive effect of the software being open allowing others to
audit and test and also to provide fixes to the problems found. Closed
vendors is very likely to as many or more security issues, most likely
you will hear a lot less about the issues they do have and it will take
longer for them to provide fixes. Closed vendors keep generally their
mount shut until there is a fully tested correction available, if there
at all will be one.

Regards
Henrik Nordström
MARA Systems AB, Sweden
http://www.marasystems.com/
Received on Tue Dec 17 2002 - 14:42:51 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:07 MST