On Wed, Aug 03, 2005 at 02:35:07AM -0700, J.C. Roberts wrote:
> your FUD" look, just level with them. "If you really want me to go
> into all the various technical details involved in a full source
> code audit the costs you would bear to do an equivalent audit on a
> closed source binary through reverse engineering and you'd also
> ...
This is venturing into off-topic territory, but it reminds me of a
discussion I started on the wxWidgets users mailing list.
Basically, we had a similar situation where I work: trying to
determine the best GUI platform for our development. I was
championing wxWidgets for it's nice license, open sourceness, great
community support, robust feature set and the most compelling
reason: cross-platform compatibility.
In the end, MFC won out, effectively due to so-called "industry
standards" and "establishedness" (and this was by my peers, not
management).
I know this thread is D-Link vs OpenBSD, and security definately has
a different flavor than GUI toolkits, but there are some parallels
here, primarily, the "nice open source platform with every technical
advantage" versus mindshare/saturation of existing stuff.
Here's a link to the the wxWidgets thread I mentioned above:
http://tinyurl.com/clmdu
I think everyone on this list has done a wonderful job explaining
why an OpenBSD box will beat the D-Link practically hands-down.
The cynical side of me thinks that managers, no matter how great the
reality of OpenBSD, are likely to reject it based on a fear
and/or ignorance of open source, or with logic like, "Well if it's
so good, how come I've never heard of it?"
I don't know if this thin rationale could be applied to the router
situation, but there's always the standard line of, "If it breaks,
who's going to support/fix it?" I doubt D-Link offers this kind of
warranty, but some manager might think, "Well if it breaks, it then
becomes D-Link's responsibility to fix it, and their liability for
any down time and/or security breaches."
Another cynical view is that managers don't like having their
employees knowing more then them or any kind of non-commodity
knowledge (aka "intellectual capital). E.g., with OpenBSD, it's not
"common knowledge", and expertise in that system might make you, as
an employee, not replaceable or not easily outsourced.
Sorry for the rant, I just get frustrated at times trying to be an
advocate for open source :)
Matt
--
Matt Garman
email at: http://raw-sewage.net/index.php?file=email
