Re: Don't assume that so fast

Post #87,000 by Ovid 3/10/03 1:20:59 AM Reply	Re: Don't assume that so fast I work with open source because I like using open source tools. Why do I like doing that? Because I find that I run into fewer bugs there. \r\n\r\n Ben, are you smoking crack? ;) Okay, what are the big open-source projects? Linux, Apache, and Samba. Those have so many developers that perhaps they have more people stepping on bugs (not having worked with Samba, I can only say the this does seem to hold true for the first two). However, the vast majority of open-source tools that I work with seem just as buggy as closed-source. \r\n\r\n What about the open-source projects that appear bug-free? Even those are often a mess internally. Case in point: CGI.pm distributed with Perl. Let's face it, it's a turkey. It's a turkey that can fly and reproduce, but it's still a turkey (in Lincoln Stein's defense, even he admits that). Admittedly, I generally tell people to use this to their hand-rolled alternatives, but that's primarily because their turkeys can't fly. \r\n\r\n MySQL is another example. It works, but for the longest time its developers didn't appear to understand what a relational database was. Maybe I can live without views and subselects, but no foreign key constraints, row-level locking or transactions? While they've made great strides in bringing MySQL up to the point where it's a true database, it's still not much more than a file system with SQL slapped on top (to quote Randal Schwartz who may have been quoting someone else). \r\n\r\n Don't get me wrong. I prefer open-source when I get to work with it. I expect bugs, but I want to be able to fix them and not wait for the vendor. Open-source, even when bug-free, is just as succeptible to bad coding or misunderstanding of basic concepts. \r\n\r\n And on a personal note: I'll try to remember to send an email once every three months, m'kay? :) \r\n\r\n Cheers, \r\nOvid "If I heard a voice from heaven say 'live without loving', \r\nI'd beg off. Girls are such exquisite hell." -- Ovid
Post #87,027 by CRConrad 3/10/03 10:37:17 AM Reply	My oh my, it's raining classical poets... (new thread) Created as new thread #87026 titled [link\|/forums/render/content/show?contentid=87026\|My oh my, it's raining classical poets...] [link\|mailto:MyUserId@MyISP.CountryCode\|Christian R. Conrad] (I live in Finland, and my e-mail in-box is at the Saunalahti company.) Your lies are of Microsoftian Scale and boring to boot. Your 'depression' may be the closest you ever come to recognizing truth: you have no 'inferiority complex', you are inferior - and something inside you recognizes this. - [link\|http://z.iwethey.org/forums/render/content/show?contentid=71575\|Ashton Brown]
Post #87,088 by ben_tilly 3/10/03 1:51:33 PM Reply	Nope. I am serious In case you hadn't noticed, I tend to be somewhat of a late adopter. And for late adopters, open source has fewer bugs, and the bugs that do exist are less troublesome. This is a consequence of the dynamics explored in [link\|http://www.cl.cam.ac.uk/ftp/users/rja14/toulouse.pdf\|http://www.cl.cam.ac...ja14/toulouse.pdf] which finds that to first order effects, one expects open source to be equally secure with closed source. Equally secure because the added ease of finding bugs balances out the added rate of locating and fixing to result in a wash. Therefore the ease of finding security holes (to first order) is expected to remain the same. Which means that with open source - investigating with source available - it should be about as easy to find and positively identify a bug as it is with closed source without source at the same stage in the software's development. But the flip side of that is that you run across bugs by accident less often with open source. To take the example that you gave, as you know within the last year I found and fixed a bug in how CGI.pm handled aborted POST submissions when it was not a multi-part form. Without access to source I would still be shrugging my shoulders over a couple of isolated reports of strange behaviour. By contrast with manipulating Access via OLE in Perl I have a couple of isolated freezes. I have no idea what to do next. Some of the code is "source available" but I am not allowed to actually edit it. Most of the layers are proprietary. I am sure that there are lots of bugs. If I had the source and the time to learn it I could probably find a lot of bugs. I might or might not find mine. Without details I don't really have anything that I can submit as a bug report... I do submit bug reports routinely. On both open and closed source programs. Bugs submitted on open source get more of a response. For instance a few I submitted last summer on DBD::Sybase got feedback and fixes. Microsoft has not even acknowledged a bug I submitted about their handling of cut-and-paste from Excel 2002 to text. (Take a spreadsheet with cells with a cell with a double-quote. Cut and paste to notepad. Save. Try to open that in Excel. You get data corruption. Save the spreadsheet as text, open. No data corruption. In cut-and-paste they don't decide to quote cells with " in them and should. In a file save they do.) So yes, I do run into fewer bugs with open source, and I find the ones that I run into less troublesome. Really. :-) Cheers, Ben "good ideas and bad code build communities, the other three combinations do not" - [link\|http://archives.real-time.com/pipermail/cocoon-devel/2000-October/003023.html\|Stefano Mazzocchi]

Welcome to IWETHEY!