Dear Editor, > > Editor's Corner > > Are the Open Sourcerers Selling You a Bill of Goods? > > It's "common knowledge" in some circles that open source software is > "better" - but is it true? Does software really want to be free? Is > software created by committee really more secure?
A recent Apache review proved exactly this: That Open Source can be, and often is, more secure. Other reviews of other software have shown the same. I leave it to you to do some research (something apparently you need practice with as the FUD in this article shows). > Do those who push open > source (or at least some of them) have something besides software to > sell? > > I hear it all the time: open source is supposedly more inherently secure > than proprietary commercial software, because it's "peer reviewed." > That's the magic that the open sourcerers invoke, So, you enjoy using "magic" and "sourcerers" in order to invoke the perception that what Open Source engineers do is nothing special, is "magic", and is not worth anything more than a quick thought? > but they've never > really explained to my satisfaction how opening up the kernel to any and > everybody can make a program more secure. I can see how it could make > for more features, but I can't see how it makes for more security. A million engineers and others across the globe looking through 4 million lines of code can't possibly help weed out bugs, now can it? Compare that with a couple hundred engineers looking at tens of millions of lines of proprietary code and my bet is on the proprietary code (Not!). > > The ironic thing is that many of those same people who tell me that open > source software is more secure are also warning us that we can't rely on > information we find in Wikipedia. Why? Because it's open to any and > everyone to post articles. It follows the same "peer review" model as > open source software. So why is being open a bad thing in one case and a > good thing in the other? There's a big difference between an online information source and a piece of critical software like a kernel. How critical is it if the description of a llama is incorrect as compared to whether or not someone can hack into your computer with nothing more than a thought and a few commands on a keyboard? The two do not follow the same "peer review" model. In one case there's a lot of very skilled engineers looking at software and running it through the paces. In the other there's a lot of unskilled people with some to no knowledge throwing in their $.02 worth. > > I have nothing against open source software. I just don't buy into the > "it's better because it's open source" propaganda. I use some open > source programs, and although they generally don't work as well and > aren't as user friendly as commercial programs, the price is right. "User friendly" is a subjective term, not objective as most people would like to believe. I think Blender is very user friendly, but 3D Studio MAX is not. I like "The GIMP", not a real fan of "Photoshop". I like "Perforce", not a big fan of "Subversion. Others think just the opposite. When it comes to being "user friendly", there's a great many things that must be taken into account. The GUI is the item most often used to make this judgment, and a GUI that works well for one person may not be another's cup of tea. Error messages are another. Do they tell the user exactly what the problem is or are they so cryptic not even the programmer that wrote the message is sure what it means? Is there a log file that can be reviewed? Are there any messages at all? What about the installation process, updates, removal, configuration, etc.? Whether proprietary or Open Source Software (OSS), there's a good deal to consider and the considerations are not the same from one person to the next or one application to the next. > My > dad always told me that, in general, you get what you pay for, so I > don't expect as much of something I'm not paying for. And therein lies the problem with many executives (and others) when it comes to software. They think that just because it costs more, it has got to be better. This is not always the case, and in practice, with regards to OSS, it is often NOT the case. In addition, just because it's OSS doesn't make it better either. I've run many an application, both proprietary and not, that just plain sucked. The GUI sucked (in my opinion), the operation sucked, the reliability sucked, the security sucked, etc. Somethings just plain suck even though you paid good money for it. Remember the "Bob" operating system? That wasn't free. It sucked and had a short life. On the other hand MySQL, Apache, Open Office, the TCP/IP stack used in Windows and just about every OSS operating system on the planet, Firefox do not suck and most are all at the top (or near it) of the food chain in their respective categories. You don't always get what you pay for, unless you like paying for the ability to get viruses, worms, and trojans when you purchase a copy of any Windows operating system. > > But open source doesn't always mean it's free, either. Let's take a look > at Linux, for example. Depending on the distribution, prices run the > gamut from free download to hundreds of dollars. Only hundreds or thousands of dollars if you pay for the service contract and licensed software. Linux itself is and always will be free. It has to be, it's in the license and the copyright holders say so. The *applications* that you get with a given distribution may or may not be free. Learn the difference between Linux and the applications that run under Linux. > Open source server > software can be quite expensive. Even when the software doesn't cost > anything upfront, there may be hidden costs involved in using it. > Because the free versions don't provide any technical support, there are > plenty of people making money supporting open source products. And there are none making money supporting proprietary systems? Throw some more FUD around. More often than not, Linux requires far less support than Windows servers. In fact, in every case I have ever seen (and after being an administrator at Akamai that has many thousands of servers, and having been around a bit, I've seen more than a few cases) a properly configured Linux or BSD server requires far less maintenance and support than a comparable Windows server ever has. > And if > your time is worth money (mine certainly is), time spent compiling a > kernel or writing your own drivers is going to cost you. Rare case. Very rare. Even so, with a proprietary OS, you don't have this choice 99.9% of the time. When I purchased my first dual AMD system in 2001, Windows 2000 would not run on it at all. Linux would, but not reliably. With Linux, I was able to get it to work within a couple of weeks. With Windows, it was a good year before it worked at all (and even then barely and not really usable). I never did install Windows on it. It has been running non-stop since then (with the exception of a couple power outages and hard drive upgrades) with Red Hat Linux 9. > > Of course, some people would prefer to spend $500 in extra time than > $200 out of their pockets, and that's their choice. But you have to > admit it's a bit insidious, sort of like the way people who never see > all that money coming out of their weekly paychecks seem to think the > government is giving them some sort of gift when they get their tax > refunds. But as the website for the GNU project (which developed > licenses for open source software) says, "Free software is a matter of > liberty, not price." More FUD. > > Now, if you're a programmer type who wants to be able to rewrite the > program code for your own purposes, open source is a great choice for > you. But the vast majority of regular computer users just want software > that works and don't want or need access to the source code. I had a > friend who ranted and raved about Microsoft operating systems for years. > Finally, about a year ago, he decided he'd had enough and he was going > to run Linux from now on. Within six months, he was back to XP. Why? "I > never realized how easy Windows really is to use until I tried Linux." One gripe I have about Linux: Many applications are not as easy to install as they are in Windows. This is a big deterrent to desktop users and the main reason Linux does not have a larger foothold on the desktop market. > > In fact, I have a lot of friends who complain incessantly about how bad > Windows is and talk about what a great idea open source is, but who are > still using Windows. If you ask them why, they tell you it's because > "Microsoft has a monopoly." Huh? There are dozens of distributions of > Linux available. Some of them are free. There's nothing stopping those > folks from wiping Windows right off their hard disks and running open > source. So why don't they? Apparently you don't understand what a monopoly is and how it forces most people to stick with Windows. Windows networking is not entirely compatible with the rest of the world. Microsoft and Windows-based programming tools and languages are not compatible with the rest of the world (.NET, C#, C++, J++, JScript are either bastardized versions of standards or only work on Windows systems). Microsoft file formats are often closed and those that are based upon open formats are changed by MS to make them incompatible. Microsoft mail formats are proprietary. Need I continue or do you get the picture? All of these seemingly little things add up to a huge problem if someone needs to be compatible with others using multiples of these and wants to change to another platform other than MS. > > Another thing my dad always told me was that actions speak louder than > words. I respect the open source advocate who actually uses open source > software. I don't put much credence in the complaints of the Windows > bashers who keep on using Windows. See above. Again, I see in the above paragraph more FUD. > > And if you really believe in "freedom" when it comes to software, how > about letting those of us who prefer to use Windows do so without > condemning us for that choice? It doesn't matter to me what software > anyone else uses. So why are the open sourcerers always trying so hard > to convert me? Because it's the problems brought about by the MS security model (or lack thereof) that has resulted in billions of dollars wasted every year due to viruses, trojans, worms, and the like? If you want to use Windows and deal with all that, then don't make me have to deal with it too. Unfortunately the world has made me deal with it in the form of the thousands of e-mails I get every day filled with these things. (I don't worry about them infecting my system though, I don't use Windows for mail.) Oh, and there's that implication by the use of the word "sourcerers" again. Not at all a biased article is it? There are also zealots on both sides that will try to convince you of their way of thinking no matter what. > > Does software really want to be free? I guess some of it does and some > of it doesn't. It's just as silly to expect every software company or > developer to give their products away as it is to expect Sears to give > away refrigerators and furniture. OK, now that's ridiculous. Hardware costs money in materials. No one is going to give away free hardware in bulk. Need I say more FUD? How about a more relevant comparison. As for software, plenty of companies give it away for free. They make money on service contracts and other perks. > Sure, you can go to Craig's List and > find all sorts of appliances and such that are free for the asking. And > if that's the way you choose to outfit your house, that's fine with me. > But don't look down on me if I choose to pay for my new dishwasher, > okay? > > At least if my store-bought dishwasher doesn't get my dishes clean or my > paid- for programs don't work the way they're supposed to, I feel > justified in complaining about it, and maybe I'll even get something > done about it. If I find myself stuck with a hunk of junk that some > stranger gave away or my free download hoses my system, what am I going > to do? Ask for my money back? Another bad analogy. More FUD. Well, you stuck yourself with Windows, causing you to have to purchase anti-virus, anti-spyware, anti-adware, and other anti-<whatever> software. Complain to MS about that and see where you get. Symantec is happy, MS has built for them a huge business. On the other hand, if you get a free version of Linux from Red Hat and have a problem, you can contact them (in a number of ways), and they will assist you. Find a security problem, and chances are it will be fixed the very next day. Try that with MS (while paying them per minute for the phone call) and chances are you'll have to wait until the next Update Tuesday (or whatever day it is now) the following month. > > How about you? Do you buy the idea that being "open" makes software more > secure, or automatically makes it "better" or somehow morally superior > to closed source software? Have you tried open source operating systems? > Did you come back to Windows or do you still use Windows for some of > your computers? If so, why? Do you get tired of being looked down on > because you haven't gone "pure open source?" If you use both open source > and proprietary software, what do you like and dislike about each? Let > us know at [EMAIL PROTECTED] > The bottom line is this: Use the software that does the job. When making a choice in software, the criteria, from most important to least important, should be: 1. Will it do the job we need now? 2. Will it do the job we need later? 3. Can we get support and what kind/level? 4. How much will it cost? When answering each question above, there are many things to consider. Question 4 should only be a consideration when more than one package meets the criteria of questions 1-3 at the same level. Cost should only be the deciding factor when all other factors are equal. Oh, and proper research is of upmost importance (something I think you missed during the development cycle of the article). PGA -- Paul G. Allen BSIT/SE Owner/Sr. Engineer Random Logic Consulting www.randomlogic.com -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
