Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)
On 9/13/2022 7:11 PM, Thiemo Kellner wrote:
> Am 13.09.22 um 23:55 schrieb Chuck Zmudzinski:
> > On 9/13/2022 4:14 PM, Thiemo Kellner wrote:
> > I think Megha is emphasizing, and possibly over-emphasizing, the fact
> > that the persons
> > who actually commit the code in free software projects can operate with little or
> > no oversight when they are just volunteers not really accountable to anyone.
> And I very much think she is wrong there. Being software developer
> myself, unfortunately closed source mainly, I can tell that oversight is
> not related to the licensing model or the pay of the developer. I would
> go to the length to say that volunteers take, in general, a bigger pride
> in the quality of their work, because they are not payed for it. The few
> quite fruitless attempts in writing OSS, I took, failed sometimes
> because I intend to create the perfect solution and thus not
> progressing, whereas in the work for money I am often forced to
> implement a working solution I can tell from the start, it will not be
> easily maintainable or extendable.
> > to think the situation might be better if either 1) open source projects exercised more
> > oversight than they currently do over the persons who actually write the code and
> > release the software
> As I already told. In over 25 years of experience, I do not have
> complaints about the oversight taken by OSS projects, where as I
> regularly can complain about closed source payed for software. In the
> past two weeks I was hunting down a problem we had with IBM DataStage.
> One of the parallel subprocess terminated unexpectedly and all the
> message DataStage cared to give was that the subprocess received a
> SIGINT. We hope to have work around, because we could not find the
> source. To me, one of the worst things one can do as developer not to
> have proper error reporting - unless you know, you will not get bothered
> when the shit starts to hit the fan.
> > , or 2) free/oss software never became ubiquitous. We just cannot
> > know without being able to do a time machine experiment and see how the software
> > world would have developed if free/oss software had not become as ubiquitous as it is
> > today.
> I cannot agree with you at all on this point. Omnipresence of OSS does
> not mean there are more error in the code. It just means there are more
> users to detect problems, thus more possiblities for the bugs to get
> fixed. Sure, if OSS developers are overloaded the will not get to fix
> all the problems, just as developers on CSS (closed source software).
> Much more, because the sales man can sell better new shiny features even
> if useless, than stable code. The buyer expects that flaws get fixed for
> free, maybe rightly so, thus the CSS company will fix as few bugs it can
> get away with (exageration).
> > If there was not a serious problem of malware, identity theft, ransomware, etc.,
> > I would be more inclined to question what Megha Verma wrote, but based on what
> > I see in how free/oss projects are governed, I am not surprised that a world that relies
> > on so much free/oss software also suffers from so much malware, ransomware, identity
> > theft, etc.
> Again, my experience with OSS is not this one. And I very much think,
> that malware, ransomware usually is software on its own not built-in any
> software. Maybe exploiting a backdoor a company put in their products
> for ease of maintenance or just by negligence. Identity theft sounds
> like social engineering or man in the middle attack. The latter not
> necessarily being a problem of OSS.
> > Just because *you* have not experienced malware in the software you use
> > does not mean that there are no cases where free/oss software is being deployed
> > elsewhere in a stealthy way for malicious purposes.
>
> I did not state that OSS was free of flaws and bugs. I am make a point
> to state that in my experience there are fewer bugs therein than in CSS.
>
> > I am fairly sure I was a victim of
> > the breach of Yahoo that affected hundreds of millions of its users.
> I am sorry for you. I do not know this case, so I cannot tell whether
> OSS or CSS components of their service were breached, or even a social
> engineering case.
> >
> > I know people will reply and say it is much worse with proprietary software. But we
> > really cannot know for sure, because free/oss is so ubiquitous now it is hard to
> > separate free/oss software from proprietary software.
>
> I certainly can tell my experience comparing OSS to CSS. And there I OSS
> gets better off. And for the rest, well I cannot tell it is this or the
> other way around at all.
>
> > For example, most web
> > browsers are based on chromium, a free oss project that comes in large part from
> > Google, but some of the most-used browsers in the world based on chromium
> > are proprietary, such as chrome and edge.
> I am not sure that this holds true. I would be quite surprised that
> chromium or edged can legally use code of a OSS browser, being CSS. But
> I am not an attorney.
> > I recommend everyone be very aware of the risks of using any software, whether
> > it be proprietary software or free/oss software in today's world of so much malware.
> >
> Nice final point.
>
>
Thanks for your excellent observations from your own experience. I cannot dispute
anything you say. The only thing I would add is that free/oss projects need to be
vigilant so the poor practices of closed source software development do not creep
into free/oss projects.
Reply to: