It's Free, You Say, in the Industrial Community?

See, the Issue is That Cloud-Based Programming Using Free Tools Doesn't Give You the Same Protection as if You Had Purchased the Environment

By Jeremy Pollard

Social media, open-source, back-door daemons, clouds, virtualization and COTS—are they a part of our beloved industrial community? You betcha, but where do they show up or, more importantly, where are they going to show up, and how many current companies will fall under the knife of "free?"

Heartbleed brought fear into the open-source world, and so it should. So is it beneficial for a hardware company such as Rockwell or Siemens to employ and promote open source? One wonders.

I recently priced out an existing application using a SCADA system provided by a major vendor—the application had two servers and 40 clients. I wrote all the software for this application(s) over the past five years using Visual Studio—the free version.

To be clear, in 2014, this application would have cost more than $500,000 to license and implement. With free development tools and graphics, all I had to do was put the screen together and animate. Well, sort of, but you get the drift.

There is now a version that really is cloud-based, so you can create and compile for the Windows platform on the fly. I haven't used it, but the opportunity is there, and I wonder if there are companies that have developed applications using free software, and then turned around and sold the applications as "home-grown."

Also Read: The Heartbleed Security Bug Breeds Insecurity for Industrial Networks 

See, the issue is that cloud-based programming using free tools doesn't give you the same protection as if you had purchased the environment.

Most products once used a proprietary operating system. In the old days, the graphics were generated by the hardware and the OS. I remember Steve Rubin, founder of Intellution, which is now a part of GE Intelligent Platforms, telling me about how his wife burned UVProms with the graphics character sets for the software on the kitchen table after Sunday dinner.

Now those images are almost free. And they're much prettier. Embedded systems typically use a form of Linux, maybe with some FPGAs, but mainly a no-cost OS. Android and Chrome are two additional operating systems that are free to the user, with free development tools, which leads us to the marketing platform of allowing the user apps to dictate the development environments, something Apple figured out a long time ago.

Databases are usually MySQL or Microsoft's SQLExpress —both are free. MongoDB is a leader in the NoSQL database race, which provides scalable and balanced platforms for document management. It's automatic and takes the hair-pulling out of the database management. It uses a browser as its interface. Firefox, Chrome, Safari and Internet Explorer are all free. A free user interface running HTTP5 and cascaded style sheets and maybe some AJX and SOAP code with some PHP thrown in delivers a stunning application.

All at zero cost, except for development, of course. Check out Facebook infected our minds as well as providing an unfettered landing spot for user comments and a way for companies to track individuals. I am not an old school guy, but I find the online stuff has only just reached the point where the reading is easy. It's only a matter of time, I'm sure, that all content will be pushed based on our profile(s).

I recently got introduced to Rockwell's Connected Components Workbench for its Micro line of devices. It is developed using Visual Studio, uses VS runtimes, and sometimes just feels like a shell extension of the development environment. The application is free. The hardware platform won't control a paper mill, but for the most part, it acts like a commodity.

Teamviewer is the de facto standard for remote access. I use it because my customer base is local, and the security level isn't all that important. But for state-wide access, one would be wise to be more vigilant, since all traffic goes through a server in Germany and other parts of the world. But it's free.
So what is it we should pay for? That's my question. That 40-client application cost my customer around $100,000 over seven years. He can add 40 more clients for nothing.

But what are we giving up for free? Is it really worth the aggravation or support or maintenance of such systems? Let me know what you think.  

Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


  • <p>The problem here is that YET AGAIN the distinction between "free as in freedom" and "free as in beer" has been forgotten. Maybe that commercial software offers an extra degree of protection, but maybe that confidence is misplaced -- have you bothered to read the disclaimers in your software license recently? Maybe it is time to end the orgy of "something-for-nothing" self deception, and start paying to support the resources you depend on. (I am one of those who "walks the walk," though in a very minor way, in proportion to my needs and my stake if things go bad.) If all of the major players who depended on it contributed $20 for maintenance and one-half day of code review per year to the OpenSSL project... if all of the pundits who claimed they have superior technology for detecting software security problems had applied it to the code base... maybe dumb and costly errors like "heartbleed" would have been a lot less likely, don't ya think? Cheapskates (and you know who you are), you are getting full value for everything you don't pay, disasters and all, so quit whining. </p>


  • <p>I believe Team Viewer uses VPNs, so your communications back and forth over public networks are encrypted. If you are using it commercially, you should be paying them. It is only "free" for personal use. The real issue is- do you trust the company, or whoever is evaluating their software's security? Can they look at, or give out your data? Do they have backdoors that are a security weak links?? How important is the data, really? Can compromising it allow someone take down the power grid, steal your identity, or just let someone into your collection of dilbert cartoons? Do you understand all the issues involved with security on computers and networks?</p> <p>With all that has come out lately about companies colluding with and/or being pressured by governments to install backdoors and otherwise compromise "secure" commercial operating systems- if you do not have the source code, or access to it, (and compile it yourself after seeing it!) your "security" is just a good feeling. If your data is not encrypted on your end, it is not likely secure.</p> <p>Microsoft's "free" (or any commercial closed-source software) and the open source community "Free" are not at all the same thing, as Larry points out. </p> <p>I am typing this on a browser in Windows 7. I KNOW it is not really secure. I will never see the OS source code. </p> <p>As you say, someone needs to actually LOOK at the code or or invest resources so someone who knows what they are doing can evaluate it. </p> <p>Unfortunately, it is not just the "getting something for nothing" problem, it is also paying FULL PRICE and getting nothing real, other than a good feeling that you bought the software and do not need to worry. You really DO need to worry, in either case. If you care.</p> <p>Good luck getting the corporate "IT" crowd and "CIO"s to understand the difference. If they did, there would be a big push for open source and transparency with all critical industrial software, hardware, and networks. </p>


RSS feed for comments on this page | RSS feed for all comments