> -----Original Message----- > From: Denstizzo [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 07, 2007 8:44 PM > To: CF-Community > Subject: Re: Why Linux is more secure than Windows > > On 2/7/07, Jim Davis <[EMAIL PROTECTED]> wrote: > > Are you proposing that the number of people who know C++, isn't that > large? Or perhaps that it's so difficult to pick up a language, that > there > aren't many people familiar with them? I don't think that's the case, but > you seem to imply that it's difficult to look at source and understand > what is going on. Which it may be. For some people.
For MOST people - in fact for almost ALL people! I am saying that for the products we're throwing around (Linux, Firefox, Apache, etc) the number of programmers in their user communities are small minorities. > I don't refute your, to steal someones analogy, "Flying in the airplane" > mentality. Not many of the people who fly in them, could fly them. > > I also don't refute that, just because it's out there, people are looking > at > it. It's possible no one has! But that IS sorta the whole point. > I think high security places actually have to audit code, and whatnot. > Are you telling me it's just as easy to audit closed source as open? > > ARE YOU!!! ANSWER ME!!! :-) Sorry for the tone, esse! For the people actually working on the code, of course it is! To audit code you need access to it. Whether open or closed source an audit is, by definition, an examination of the source code. My code at the office is closed and audited. Now - can ANYBODY audit closed source - of course not. > For the vast majority of users there is essentially no difference between > > open and closed source in this respect: when something goes wrong they > > look > > to the vendor to fix it. > > > Well, there is one HUGE difference. With open source, the "vendor" can be > anyone with the know-how. Closed, by definition, is less open. :) Yes - but that's a flawed analogy as well. The vendor isn't any guy on the street - it's apache.org or mozilla.com. You download software from there, you use it, if you find a problem with it you go back there. The vast majority of people treat open source products exactly like closed source products. > I wouldn't be at all surprised, in fact, if the number of people seriously > > working on, say, the Apache codebase was about equivalent to the number > of > > people working on the IIS codebase. > > I would. =] It's easy enough to look up. For Apache, at least. ;] And what's the number? Not the number of people that have looked at the source, but the number of actual core developer's working on the project? > Basically all I'm saying is that the ability to look at the source is > > important to very few people. > > I hear you on the whole "relative" part, but I still gotta say, "very > few" can == millions. Still tho, I know most people just want to > ride, vs. fly. And who really teaches themselves? ;-) But the point here that while the products we're talking about may indeed be great for those wanting to learn programming the product itself rarely requires any programming background at all to use. > The basic requirements are the same for both open and closed source in any > > segment. Things like security, usability, productivity, performance, > etc. > > Sure. But in one case, only a "select" few can do anything. In the other, > at least the selection is up to the individual (and is potentially > limitless!). Potentially, sure, but not actually. There is also a downside to this: Open source projects generally seem to attract a very specific kind of contributor. Whereas a closed-source project defines its needs then hires people to meet them. Open source is notoriously poor at the "soft side" of development: design, usability, consistency, etc. Some open source projects are large enough to overcome this somewhat, but there are still signs of the problem. Others overcome this to a greater or lesser extent, but are still more susceptible to contributor turnover than closed source. Some projects simply ignore that side of things (Apache is a prime example) and focus on the core functionality and in many cases it works. > But the idea that a problem in open source software is less problematic > tha > > in closed source because "you can just fix it yourself" always strikes > me as completely silly. > > > Well, I can see how it would, seeing as how you don't do it. But believe > me, it IS POSSIBLE! Really, and truly. Again possible doesn't mean common. > What I like more, is the ability to extend. It's awesome to add on to > stuff. > Software is software, there are problems, that's just part of the game. In my experience closed source and open source solve this problem in much the same way. To extend Firefox you can modify the core source: which means that you've now branched the source and will find it difficult to maintain parity with the main branch. Or you can use the more generally extension capabilities built into the core product. Your extensions can be traded, posted, moved from version to version, etc. Of course this is exactly the way you extend closed source software (at least good closed source software). Scripting languages, object models, extension hooks, filter interfaces, etc. Again - the vast majority of users will never do this - they'll use the software as is. A much smaller, but still significant group will actively explore and use third-party extensions. A much smaller group will actually write their own extensions. And, only in the case of open source, a much (I think MUCH) smaller group will contribute to the core product. > But at least if I did some cool think^hg, *I* could profit off of it, vs. > some big > company that "owns" it all, and thus takes a cut (if they even let you do > your thing). I don't see this. People rarely (very rarely actually) make money by modifying open source applications (instead it's actually large companies that do: IBM and Apple come to mind). Instead, just like closed source, they make money by extending the products. MS doesn't take a cut of ISAPI filters, COM objects, WSH scripts, explorer bars, etc. Adobe doesn't take a cut of custom tags. > Where this argument DOES work well is in programming: where the open > source > > component extends an environment that the end user is expected to be > > somewhat familiar with. I'm all for "open sourcing", say, CFML or > > JavaScript or Python - there's a legitimate possibility that the person > > using the code WILL modify it. > > > See, I think this contradicts what you say on top. It's sorta like "for > me, > I don't use it, so it's not important, but the stuff I *do* use, well, > that's > important". I'd say the same argument you apply to CFML applies to, > say, C++. But perhaps I have this whole programing/whatnot wrong? Not at all. In this I'm talking about the "distance" between the open source component and the usage of that component. One extreme might be Firefox. There is no aspect of Firefox that requires users to use the tools used to CREATE FireFox. The vast majority of FireFox users just want a web browser (in fact like most desktop applications 80% of them won't even alter the default preferences). Now at the other end of the scale let's take, say, Dojo. Dojo's written in JavaScript but, importantly, to use it you HAVE to know some JavaScript. The gulf of understanding here is very small. The smaller that gulf, the more likely that end users will take advantage of open source in this way. > Have you actually done any searches for stuff with Apache? There > are TONS of people extending things, wanking on odd stuff, etc.. > Modifying it, extending it. Is it because they're super smart? Or > because they can? Are you honestly telling me that you don't think > there would be "pilots" to justify selling planes to the public? Again I see a TON of extensions for Apache... and a ton for IIS. I see very little modification of the core source and a ton of advantage taken of the built-in extension mechanisms: mechanisms which are just as prevalent in closed source as they are in open source. In fact there is a point to be made that products like APACHE, FireFox, etc are SO good at exposing extension opportunities that it actually becomes LESS important to have access to the core source. > Well, I get the gist of your argument. I think you're logic is biased at > a low level though. What, pray tell, is bad about open source? If > we're all passengers anyway, what does it matter, at that level? Now don't put words in my mouth. I never said that open source was bad: I said the argument that open is good because "you just change it yourself!" is weak. And annoying. ;^) There are much more practical, reasonable arguments to be made in favor of open source. Open source is great - for some things and is improving for other things. It's clearly successful for "back end" solutions but so far has yet to truly compete on a usability or design level. All of my code is released - proudly - under the BSD license. At the same time I still greatly prefer the usability and productivity gains of some closed source software. > Open Source Rocks! Plain and simple. Open source is a method, nothing more. Sometimes successful, sometimes not. More applicable for some things, less applicable for others more applicable for some teams, less applicable for others. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:227496 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
