On Wed, Aug 03, 2005 at 02:35:07AM -0700, J.C. Roberts wrote: > your FUD" look, just level with them. "If you really want me to go > into all the various technical details involved in a full source > code audit the costs you would bear to do an equivalent audit on a > closed source binary through reverse engineering and you'd also > ...
This is venturing into off-topic territory, but it reminds me of a discussion I started on the wxWidgets users mailing list. Basically, we had a similar situation where I work: trying to determine the best GUI platform for our development. I was championing wxWidgets for it's nice license, open sourceness, great community support, robust feature set and the most compelling reason: cross-platform compatibility. In the end, MFC won out, effectively due to so-called "industry standards" and "establishedness" (and this was by my peers, not management). I know this thread is D-Link vs OpenBSD, and security definately has a different flavor than GUI toolkits, but there are some parallels here, primarily, the "nice open source platform with every technical advantage" versus mindshare/saturation of existing stuff. Here's a link to the the wxWidgets thread I mentioned above: http://tinyurl.com/clmdu I think everyone on this list has done a wonderful job explaining why an OpenBSD box will beat the D-Link practically hands-down. The cynical side of me thinks that managers, no matter how great the reality of OpenBSD, are likely to reject it based on a fear and/or ignorance of open source, or with logic like, "Well if it's so good, how come I've never heard of it?" I don't know if this thin rationale could be applied to the router situation, but there's always the standard line of, "If it breaks, who's going to support/fix it?" I doubt D-Link offers this kind of warranty, but some manager might think, "Well if it breaks, it then becomes D-Link's responsibility to fix it, and their liability for any down time and/or security breaches." Another cynical view is that managers don't like having their employees knowing more then them or any kind of non-commodity knowledge (aka "intellectual capital). E.g., with OpenBSD, it's not "common knowledge", and expertise in that system might make you, as an employee, not replaceable or not easily outsourced. Sorry for the rant, I just get frustrated at times trying to be an advocate for open source :) Matt -- Matt Garman email at: http://raw-sewage.net/index.php?file=email