Linux in Government: GNU/Linux Clears Procurement Hurdles

by Tom Adelstein

In the first quarter of 2004, sales of GNU/Linux servers increased 56.9% over the same period in 2003. That performance follows six consecutive quarters of double-digit growth for the free operating system, according to a report by IDC. Although Linux currently has the best growth rate of any operating system globally and has cleared major procurement hurdles for government entities, Linux gains remain limited compared to those of other government vendors.

In a recent article in internetnews.com, Sean Michael Kerner interviewed me with regard to gains made by Linux in government. His article focused on the decision by Munich and Bergen to deploy Linux. Here's what Sean wrote:

According to Tom Adelstein, Linux and open source consultant, the Munich decision is a failure in the Microsoft political machine. "It makes a similar statement about Microsoft, as does the EU's decision to fine Microsoft for anti-trust violations," Adelstein told internetnews.com. "The Munich voters represent a large body compared to cities in the U.S. This was more of a popularity contest than a technical decision. I would not call it a win for Linux as much as a defeat for Microsoft," he said.

Sean did not want to go where I wanted to lead him. He wrote a positive article that made the gains in Europe seem like Linux was winning the OS wars. That may provide plenty of excitement for readers, it's simply not the whole truth.

Linux usage in government and education in the United States remains small at best. Microsoft still owns an astounding 95% of the market. In spite of logic and reason, government decision makers cannot pull themselves away from Microsoft, even in the face of US government warnings.

Mindshare

Microsoft owns the mindshare of information technology in this country. After settling anti-trust suits with Sun Microsystems for somewhere around two billion dollars, people saw that as a win for Redmond. In the past couple of years, Microsoft has settled anti-trust and copyright infringement litigation at a dizzying rate, and people still shrug their shoulders as if to say, "It's okay, I'll just reboot again". That's the Microsoft two-step.

In the government and educational sectors, people easily can add up the cost savings. You don't need a rocket science pedigree to see the savings or the vast amount of software available to run schools and governments. Still, people shrug their shoulders and sign purchase orders for Microsoft products.

In a June 30th article in eWeek, Steven J. Vaughan-Nichols wrote:

The state of Mississippi has launched a Linux-based, mobile public safety system that links police, fire and emergency services to a single DB2 database. Sen. Thad Cochran, R-Miss., announced the successful initial deployment of the public safety system, Mississippi ASP (Automated System Project)--a mobile data infrastructure that's based on IBM eServer hardware and IBM DB2 and Novell SuSE Linux software-at a press conference at the University of Southern Mississippi.

That sounds great, doesn't it? Unfortunately, Linux plays a minor role in this project. The system is really based on Microsoft .NET technology, not Linux. The vast majority of the funds went to the purchase of products from InterAct Public Safety Systems. One of InterAct's core competencies is converting legacy Cobol system applications to .NET applications.

IBM did sell hardware to ASP and did deliver SuSE Enterprise Linux software, but that is not where the money went. You did not see Microsoft executives throwing a fit over the ASP project, because they know their solution dominates. Ultimately, the advocates at ASP and southern Mississippi will have an open-source project, but it's years away.

Microsoft has done such a grand job of owning the mindshare in the technology field, it even has Linux advocates attacking Sun Microsystems and Novell promoting .NET technology in the form of Ximian's Mono programming language. Okay, shrug and reboot--do the Microsoft two-step.

Hello?

Hard-Fought Battles for Linux in Government

On July 1, 2004, the Executive Office of the President of the United States issued a memorandum for Senior Procurement Executives and Chief Information Officers. The memorandum emphasizes the President's previous memorandum titled "Maximizing Use of SmartBuy and Avoiding Duplication of Agency Activities." In this latest memorandum, OMB 04-16, the President issued the following ground-breaking statements:

This reminder applies to acquisitions of all software, whether it is proprietary or Open Source Software. Open Source Software's source code is widely available so it may be used, copied, modified, and redistributed. It is licensed with certain common restrictions, which generally differ from proprietary software. Frequently, the licenses require users who distribute Open Source Software, whether in its original form or as modified, to make the source code widely available. Subsequent licenses usually include the terms of the original license, thereby requiring wide availability. These differences in licensing may affect the use, the security, and the total cost of ownership of the software and must be considered when an agency is planning a software acquisition.

Microsoft government advocates have fought the eventuality of this pronouncement. In the past, we had to fight the proprietary language in Requests for Proposals from all government entities, which kept open-source projects out of the procurement mechanism.

In May 2004, Oracle helped Red Hat achieve its Common Criteria certification. Version 3 of Red Hat Enterprise Linux was certified to meet Evaluation Assurance Level 2 (EAL2) of the Common Criteria certification, which means it can be deployed in government and in the DoD. It also means Red Hat and Oracle can sell into security sensitive markets, such as federal insurance banks, stock brokerage firms and other government contractors.

In January 2004, less than a year after achieving Evaluation Assurance Level (EAL) 2 for SuSE Linux Enterprise Server 8, SuSE earned (EAL) 3, the next level of certification. Atsec Information Security GmbH, along with IBM, assisted SuSE with the certification process. This was the first major accomplishment for Enterprise Linux.

Common Criteria provides standards for security for mission-critical software. Certification costs millions of dollars and provides a seal of approval recognized by government agencies and enterprise IT professionals. Countries that recognize the Common Criteria include the United States, Canada, the United Kingdom, Australia, New Zealand, Germany, France and Japan.

If one takes those wins alone, you can understand why GNU/Linux sales have increased in double-digit figures for approximately two years running. IBM, HP and Oracle have done a good job of promoting GNU/Linux through their partnerships with Red Hat and/or SuSE. The IBM Linux Competency Center has a great number of open-source projects of which few people are aware.

No Shrugging This

One of the amazing aspects of achieving Common Criteria Certification for Linux involves the versioning. Both SuSE and Red Hat won the Evals based on platform two generations old. That means Linux was good enough two versions ago to be considered safe. The SuSE version used to achieve Eval 3 is 8.0 or SLES, the version with a 2.4 Linux kernel and glibc 2.25.

That may seem strange to you when it comes to selling servers, desktops and laptops. Our friends IBM, HP and Dell recommend Microsoft XP. Considering SuSE achieved Eval 3 certification on its SuSE Linux Enterprise Server 8 (SLES), one would think that desktops based on the same version of Linux would show up in the sales channel.

Also, with Sun's Java Desktop System (based on SuSE Linux Desktop 8) grabbing market share in Europe, Asia and South America, one might think our government would want to see SuSE and Sun Linux presented as a solution.

Within the last three weeks, the United States Computer Emergency Team's (CERT) National Cyber Alert System issued numerous warnings about Microsoft products. On July 14, 2004, CERT issued Technical Cyber Security Alert TA04-196A covering major problems that have gone far beyond the initial warnings about the Internet Explorer Web browser.

Despite all of the security warnings about Microsoft's products, the major computer vendors continue to ship Windows. The government continues to deploy Microsoft products. Taxpayers continue to let their representatives spend excessive amounts of money unnecessarily. It begs the question: When will someone say that the emperor has no clothes? To go one step further, when will people stop shrugging and say, "I won't reboot any more?"

Hope Springs Eternal

When CERT issued Vulnerability Note VU#713878 (last updated July 14, 2004), one of their recommendations said, "Use a different web browser." Following that announcement, Microsoft's Internet Explorer Web browser lost market share for the first time in almost a decade. The Mozilla project benefited from the CERT recommendation.

Additionally, Sun Microsystems' OpenOffice.org and StarOffice products have achieved approximately a 20% market share in the office productivity market. Although the largest gains for Sun Microsystems' open-source projects have occurred in Europe, Asia and South America, these products have achieved some success in the education and small business sectors in the US.

As users continue to install Mozilla and OpenOffice.org on Windows, the jump to Linux becomes easier. Presently, this may be happening only at the grassroots level, but eventually such gains evolve into mindshare.

Winning Mindshare

In a world dominated by media, people find it difficult to filter out messages with pragmatic knowledge. The mainstream knows how to evoke strong emotions, and they do it effectively. Last month, I wrote two articles for Forbes (June 7th edition) and observed the existing concern for media bias within the Open Source community.

The messages in the media--whether in-your-face or subliminal--have not changed much, despite advances made by open-source software. I even contend that media bias still lingers from the early days of Microsoft attempting to kill all things UNIX.

Think of where we would stand if we didn't have Mozilla and OpenOffice.org. As I said, main stream media even has Linux people attacking Sun Microsystems. In a pragmatic and rational world, that makes no sense. Do we have the Linux community doing the MS two-step when it comes to Sun? If so, we may need to change the music.

Tom Adelstein lives in Dallas, Texas, with his wife, Yvonne, and works as a Linux and open-source software consultant locally and nationally. He's the co-author of the upcoming book Exploring t he JDS Linux Desktop, published by O'Reilly and Associates. Tom has written numerous articles as a guest editor for a variety of publications on Linux technical and marketing issues. His latest venture has him working as the webmaster for JDSHelp.org.

Load Disqus comments