What's the matter with Open Source?

Pagina 3/4
1 | 2 | | 4

Van mth

Champion (480)

afbeelding van mth

31-12-2002, 17:18

Still, a lot of open source software shows nasty fixes by underexperienced developers.

I don't see that happening, do you have any examples?

Usually changes to open source packages are made by experienced developers; not just anyone gets write access to the source archive. New developers often begin with sending in patches, which are reviewed by developers working on the project for a long time.

Most open source projects could use a little more management.

Much open source code is written by volunteers. They probably don't like it if someone starts managing their free time.

And maybe the source should only be open to a limited ammount of people. This to ensure the quality of the final product and to prevent security issues.

It's not really open then, is it? Who will decide whether I am trustworthy enough to see the source? And based on what knowledge?

To ensure the quality, it is enough to limit write access, no need to limit read access. About the security issues: hiding issues by keeping the source secret may work in the short term, but in the long term I have more faith in fixing the issues, which is done faster if many people see the source.

Van snout

Ascended (15187)

afbeelding van snout

31-12-2002, 18:54

>>Still, a lot of open source software shows nasty fixes by underexperienced developers.<<

I don't see that happening, do you have any examples?

Well.. ehm.. for instance.. the CMS this very website is based on Smile I really underestimated the ammount of tweaking that had to be done. (On the other had, it's a good thing the CMS is opensource, otherwise we would have had to do everything by ourselves... )

Much open source code is written by volunteers. They probably don't like it if someone starts managing their free time.

I wasn't talking about managing the spare time, but about managing 'who fixes what'. (without the 'when')

It's not really open then, is it? Who will decide whether I am trustworthy enough to see the source? And based on what knowledge?

The project manager Smile. Like I said, I would like to some hybrid version of open/closed source. Without the restrictions of 'closed source' and avoiding many downsides of opensource Wink

Van mth

Champion (480)

afbeelding van mth

01-01-2003, 08:50

>>>>Still, a lot of open source software shows nasty fixes by underexperienced developers.<<<<

>>I don't see that happening, do you have any examples?<<

Well.. ehm.. for instance.. the CMS this very website is based on Smile I really underestimated the ammount of tweaking that had to be done. (On the other had, it's a good thing the CMS is opensource, otherwise we would have had to do everything by ourselves... )

But would the same core developers have produced something better if it were closed source? Ofcourse having better developers will benefit any project, no matter whether it is open or closed. And even good developers usually don't get things right on the first try, so it could simply be the immaturity of the project.

>>Much open source code is written by volunteers. They probably don't like it if someone starts managing their free time.<<

I wasn't talking about managing the spare time, but about managing 'who fixes what'. (without the 'when')

Bug tracking systems are used for that. Most moderately and large sized projects use one. For example SourceForge offers one, many other projects use Bugzilla. In small project such things are usually managed on a mailinglist.

>>It's not really open then, is it? Who will decide whether I am trustworthy enough to see the source? And based on what knowledge?<<

The project manager Smile.

The last question still remains: based on what knowledge?

Also, does making it harder to exploit the code outweigh the opportunity to get more developers? Remember that closed source is no hard protection against exploits at all, for example plenty of Windows exploits are documented. It only makes finding exploits slightly harder.

We could also examine the results: are today's open source programs more often exploited than their closed source equivalents? As far as I can see:

  • Exploits for both open and closed source projects are regularly posted on security mailinglists. While it is hard to directly compare the numbers (for example multiple Linux distributions will each report the same issue), I think it is safe to say that both are in the same order of magnitude.
  • Web servers are by definition accessible to the public and therefore an easy target to exploit. Many of them run open source software, such as Apache on Linux or BSD. If those servers were broken into too often, the people running them would be changing to different software, yet there is no decline in the percentage of open source powered web servers.
  • The number of exploits per individual project varies a lot per project, when compared to other projects in the same class (open/closed). So other factors such as project priorities (security vs new features, performance, flexibility etc), maturity and developer talent seem to make a bigger impact than the availability of the source.

So while I cannot prove open source is equally or more secure than closed source, I think it's reasonable to conclude that the number of security issues it has is not that far apart from closed source.

Like I said, I would like to some hybrid version of open/closed source. Without the restrictions of 'closed source' and avoiding many downsides of opensource Wink

Personally, I only see one downside of open source: getting resources. Developers, servers, hardware to run the software on etc. For example, getting developers for interesting tasks usually succeeds, but getting people to do boring but essential tasks can be difficult. In a commercial environment the payment compensates for part of the work being boring, but not all open source projects are lucky enough to have companies supporting them with paid developers.

The way I see the future, there will be a place for both open and closed source. Open source will mainly be used for infrastructure software, such as operating systems, server frameworks etc and closed source will mainly be used for specific applications. I do think that in ten years from now, the majority of software on an average PC will be open source. However, since open source will mainly be used for infrastructure software, what is most visible to the user might well be the closed source minority. (Remind me in ten years to check how far off my prediction was. I just know we'll still be MSX-ing then...)

Mac OS X is an example of this: the basic OS is an open source BSD port called Darwin, the GUI is Apple's own close source work. The rationale between this separation is that a company wants to concentrate their resources on what makes their product special. The basic OS layer is well-understood (Unix dates back to the 70's and the same concepts still work well today) and does not offer any features that desktop users will care about. Apple was forced to upgrade their outdated OS layer; if they would have written one from scratch it would have taken a lot of time and money, without any benefits to the end user over existing OSes. The GUI however, is what makes Mac OS X different from Windows and Unix desktops like KDE. So this is where they want to keep their efforts to themselves.

IBM does something similar for the Eclipse IDE: the IDE framework is open source, together with several key plugins such as a syntax-highlighting editor, build tool integration, configuration management integration etc. But some of the more advanced plugins are sold by IBM as part of Websphere Studio. By open sourcing the core, IBM gets free development on the framework and a lot of useful plugins they may not even have thought of themselves. And by selling additional modules they still have the ability to make money.

Van snout

Ascended (15187)

afbeelding van snout

05-01-2003, 22:19

Wow, what a post, mth Wink. I do agree with you on a lot of things, but...

So while I cannot prove open source is equally or more secure than closed source, I think it's reasonable to conclude that the number of security issues it has is not that far apart from closed source.

...however, still a small percentage of computers are running Linux compared to Windows. This means that

1) Hackers probably aim more at the most-used OS: Windows. Especially since it's cool to be anti-MS.

2) Relatively more security issues should come to light as more people are likely to find a security issue just by using the software alone

It's very hard - if not impossible - to say if Linux is really better (or not) when it comes to security.

Van anonymous

incognito ergo sum (109)

afbeelding van anonymous

06-01-2003, 03:03

It's very hard - if not impossible - to say if Linux is really better (or not) when it comes to security.

I think it's impossible to say any OS is better than another, because it all depends on your needs and experiences.

Van Bart

Paragon (1423)

afbeelding van Bart

07-01-2003, 00:34

>>It's very hard - if not impossible - to say if Linux is really better (or not) when it comes to security.<<

I think it's impossible to say any OS is better than another, because it all depends on your needs and experiences.

Where did you gather all this wisdom Guyver? You've got a fresh look on things. I cannot say else then that I really must agree with you.

I use linux and windows at home and at work. I really don't get people who have an attitude against one of them.

My linux machine is my server. My windows machines are my work stations. Each OS does what it's good for Smile

Van Leo

Paragon (1236)

afbeelding van Leo

16-02-2003, 22:05

In open source you can customize the levels of security without giving the keys to the rest of the community, so you dont have to trust any opaque tool it is only upon yourself.

I think open source brings top technology to lots of people ( costs and save dev. time ), so much more people can then enter this business. And with lots of more players the inter-emulation endtail to better software.

So open source is good even for customers of commercial software !

Van Bart

Paragon (1423)

afbeelding van Bart

18-02-2003, 01:18

Nice copy 'n paste work Leo.. Or did you learn all that by heart?

Van Grauw

Enlighted (8031)

afbeelding van Grauw

18-02-2003, 16:01

bullshit. open source is usually less maintainable then pricey software is.

I highly doubt that. Closed source software is often developed within 1 company, with all employees on the same floor. There is much less need for coordination and good documentation than in the case of opensourced software, because if there is a problem somewhere it is easy to just ask the person who created that part.

However in the case of opensource software, it usually is developed by a team of people all over the world (I say usually here because just the fact that I release my source to the public doesn't nessecarily mean I accept contributions to the project from outsiders). Such a wide distribution of programmers and such a potentially high number of them requires very strict rules for project management and documentation.

Aside from that you can also benefit from the experience of much more people than your own team. That alone is a huge advantage and if they can give you tips or even restructure/reprogram vital parts of the code it does a great deal of good to the 'maintainability' of the software. And the chance of all the developers quitting the project is much smaller aswell; if the software company goes bankrupt, the product development will stop, or if the code is sold to another company they have to pick up with it again. In the case of opensourced code it is usually not 1 company involved and so the chances for everyone quitting at once is low. So there will always be some people in the team left which already have experience with the project, hence improving the transition and the continuation of it.

~Grauw

Van snout

Ascended (15187)

afbeelding van snout

18-02-2003, 22:54

However, many people working on one thing has a lot of negative effects as well.

- It might slow down development, because there's a higher need of documentation, and a dependancy on other developers
- With the experience of other developers, you also add the incapabilities and the 'habits' of other developers to your project

Also, a major downside of open source software is that it's not really possible to gain money with the software anymore, because anyone can obtain the sources for free and - with a bit of hassle - compile them themselves.

Pagina 3/4
1 | 2 | | 4