Tuesday, July 06, 2004
Apache Vs. IIS
OK, just to appease the legal types, let's get the disclaimer out of the way. All copyrighted material quoted here is the property of its owners, and any excerpting of same acknowledges copyright, and is done only for fair use criticism purposes.
In a campaign season of polarization, when Republicans and Democrats seem far apart on issues like Iraq, the economy and leadership style, it is perhaps not surprising that the parties find themselves on different sides in the politics of software as well.
The Web sites of Senator John Kerry and the Democratic National Committee run mainly on the technology of the computing counterculture: open-source software that is distributed free, and improved and debugged by far-flung networks of programmers.
In the other corner, the Web sites of President Bush and the Republican National Committee run on software supplied by the corporate embodiment of big business - Microsoft.
Just because Mr. Gates is a large taxpayer doesn't mean there are necessarily political synergies between him and the Republicans. I detect rather the opposite from him as well as the rest of the senior MSFT leadership.
The dispute can take on a political flavor at times. David Brunton, who is a founder of Plus Three, a technology and marketing consulting company that has done much of the work on the Democratic and Kerry Web sites, regards open-source software as a technological expression of his political beliefs. Mr. Brunton, 28, a Harvard graduate, describes himself as a "very left-leaning Democrat." He met his wife, Lina, through politics; she is a staff member at the Democratic National Committee.
His company's client list includes state Democratic parties in Ohio and Missouri, and union groups including the United Federation of Teachers and the parent A.F.L.-C.I.O. "The ethic of open source has pervaded progressive organizations," Mr. Brunton said.
There's that naughty word, progressive. The instant the word "progressive" is uttered by a left-leaning type, unless it's in the context of discussing Yes and Nektar, darn sure he/she/it will be referring to something Stalinist. I well remember the Village Voice describing a certain Central Brooklyn politician as a progressive, when he was actually well-known for his anti-Semitic rabble rousing.
But the politics surrounding open-source software do not always fit neatly into party categories. The people who work on software like the Linux operating system, the Apache Web server and others are an eclectic bunch of technologists. "You'll find gun nuts along with total lefties," Linus Torvalds, the creator of Linux, said in an e-mail message.
Notice Linus' phrase "gun nuts". Just because someone enjoys the hobby of collecting and shooting firearms does not make them a "gun nut". Just because someone keeps a weapon for personal safety does not make them a "gun nut". What would I consider a "gun nut"? Someone who treats firearms irresponsibly, someone like this, ferinstance:
I count at least three major gun safety violations there. Uh, Lurch, take your finger off the goddamn trigger if you aren't aiming!
Back to the fisking of the article -
Those open-source advocates will presumably find Senator Kerry more appealing than President Bush, according to Daniel Weitzner, technology and society director at the World Wide Web Consortium, an Internet standards-setting organization.
"It may be that the populist-versus-establishment dynamic plays out as Democrat versus Republican in this election," Mr. Weitzner said. "But the open-source movement is a populist phenomenon, enabled by the Internet, and not a partisan force in any traditional sense of politics."
Iffy proposition. I know plenty of partisan Microsoft defenders who are staunch Democrats. The unwashed Linux types may vote whatever way they choose, but there are plenty of Linux advocates (for the simplest of reasons, going to Linux saves them big money) in the biggest Wall Street shops who are staunch Republicans.
Eric Raymond, a leading open-source advocate, writing in his online "Jargon File," described the politics of the archetypal open-source programmer, whom he calls J. Random Hacker, as "vaguely liberal-moderate, except for the strong libertarian contingent, which rejects conventional left-right politics entirely."
Mr. Raymond, for one, shoots pistols for relaxation (a favorite is "the classic 1911 pattern .45 semiautomatic") and he supported the invasion of Iraq.
At least Mr. Raymond has a respectable viewpoint and hobby. Perhaps the altruistic publishers of open source do indeed lean left or identify as libertarian. Most folks who hack (in the design/coding sense) for a living are usually too busy to give much thought to politics. They're fighting fires in their shops.
Microsoft, to be sure, has fared far better under the Bush administration than under the administration of President Bill Clinton. The Clinton Justice Department filed a sweeping antitrust suit against Microsoft, and asked that the big software company be broken up. The Bush administration later settled the case and left Microsoft intact.
Referring to the software selection process, Steve Ellis, director of network and online services for the Republican National Committee, said: "There was no pressure. We were free to use whatever software we thought worked best."
The principal consideration, Mr. Ellis said, was computer security and protecting the privacy of personal data on the Web site. The programming tools, procedures and the larger pool of workers skilled in using Microsoft software, he said, prompted the Republicans to opt for Microsoft's Web server, called Internet Information Services, running on the Windows 2000 operating system.
Mr. Ellis has obviously not had much experience with Microsoft security, surely one of the greatest oxymorons in the world. Fromage Suisse, comme ce dit en Francais. It would take a total novice about a day to discover the open source analogs of Visual Studio. I haven't dug into either site to see what delivers their active content, be it ASPs, WebSphere, WebLogic, PHP or whatever, but just as a general rule of thumb, I wouldn't put an IIS server facing the Internet directly. It works fine as an intranet server. Not that keeping Linux and Apache patched is any picnic either.
Both the Microsoft Web site software and the open-source alternative, the Apache server running on Linux, have had security problems, said Richard M. Smith, a computer security expert. But the Microsoft software, he said, "clearly is the least secure of the two Web serving solutions," given its susceptibility to infection by malicious computer worms like Code Red and Nimba.
For technology experts, like Mr. Brunton, software may have a political cast. But there is little evidence that it has become an issue for front-office political operatives. Told that the Democratic National Committee Web site runs on open-source software, Tony Welch, the national committee's press secretary, replied, "Oh, thanks for telling me." Later, after checking with his technical staff, Mr. Welch called back to say that open-source software was "the right technology at the right price."
Unless you're MSFT or one of those folk trusted by them with enough details on the internals of IIS and the underlying OS, you are putting your site's availability and security into their hands. Oh sure, there are plenty of things you can do to mitigate the risk, put in Pentasafe (or I should say NetIQ) or other security monitoring tools, do desk checks of the code associated with the sites (making sure the coders limit buffer sizes and put sanity checks in), and all the best practices you can think of in terms of locking boxes down.
The point here is that tools and politics should be agnostic and unrelated. I consider myself a Linux champion, and I'm a conservative. I also will recommend and deploy MSFT tools when they're appropriate. The Times of course has to make a rather strange comparison, but then again, I suppose the Times does have to please the cosmic nexus between Central Park West and Riverside Drive, bordered on the south by 57th Street and on the north by 96th, that it considers its core consituency, and the heck with anyone who has real world experience with these things. Remember that the eighth and ninth layers of the OSI model are politics and religion.