Why free things are so attractive in universities

December 31, 2009

I've seen a number of people saying that universities who took advantage of ipsCA's offer of free SSL certificates for educational institutions are now getting their money's worth, and that it clearly would have been better to pay a real SSL CA vendor for real certificates. Would that it were so simple.

The real attraction of the free ipsCA certificates here (and likely at other universities) was not that they saved you $40 US or so. Their real attraction was that you could get them without bureaucracy.

Spending actual money on SSL certificates would have raised a horde of questions that had to be answered. Who was the best and cheapest vendor? Did we really need a proper SSL certificate for this purpose, or could we either live without SSL or use a self-signed certificate (or even create a local CA)? What budget category and area paid for this certificate, and who had to authorize it? If this service costs $40, is it actually worth it (and can you convince the authorizer of that)?

Getting an ipsCA certificate took one sysadmin ten minutes. It was no contest. And of course we wound up getting more certificates because we didn't have to cost-justify them. A proper certificate for our inbound MX so that even cautious people could do TLS-encrypted ESMTP? Sure, why not, it's free.

This applies to far more than SSL certificates. It is the universal attraction of free stuff at universities, because spending money (even quite trivial amounts of money) can take huge amounts of effort, annoyance, and time. Naturally, things that let you avoid all of this are very attractive.

(In theory the staff time and effort required to spend money acts to drastically raise the real cost of small purchases. In practice, universities generally consider staff time to be free.)

There is an immediate corollary to this for people who want to offer free stuff to universities. The important thing is not that it is free, it is that it requires no bureaucracy; free is a necessary but not sufficient condition for this. A free thing that requires the departmental chair to sign an official agreement that must be inspected by a university lawyer might as well cost a thousand dollars, for all the interest that you're likely to see from us.

Comments on this page:

By DanielMartin at 2009-12-31 23:40:05:

This isn't unique to universities. Specifically, at my previous job I found this to be the case for tools that were required to do my job.

Getting signoff from the various necessary executives to purchase software or software services necessary for deployment (Sybase or Oracle licenses, Red Hat Support contracts, etc.) was easy. (*) Getting them to authorize purchases of software tools necessary for my own job was another matter. Fortunately, Eclipse and subversion were more than adequate to the task. I do wish I had pushed harder to get a commercial java profiler; it would have been a cost-effective move for the company to buy me one when I asked for it to track down a particularly odd performance issue. However, I gave up after the first round of meetings, and never scheduled the second round.

I think that the lack of hassle in adopting open source (because it doesn't need budget approval) is a big part of what has driven open source adoption inside large organizations of any type over the last decade.

(*) As you might expect, this was to a great extent the result of which budget bucket the money needed to get pulled from. Not in that we were passing the cost along to the client (a stupidly written contract meant that we were eating the cost), but in that politically it was fine for certain budget buckets to expand, but not others.

From at 2010-01-01 01:09:35:

This isn’t even unique to SSL certificates and doesn’t even require the heft of a corporation to be an issue: cf. The Problem with Software Registration.

Of course, for a corporation, having to manage all their licences for all the software they “bought” is infinitely much more of a hassle.

A major attraction of libre software is entirely analogously that you simply don’t have to bother with any of this kind of bureaucracy. You just install it, use it, delete it… whatever you need to.

Aristotle Pagaltzis

Written on 31 December 2009.
« Look at your pull-based system for things that push
Brief bits from the evolving ipsCA failure »

Page tools: View Source, View Normal, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu Dec 31 20:50:20 2009
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.