Slashdot Mirror

← Back to Domains

Domain: dwheeler.com

Stories and comments across the archive that link to dwheeler.com.

Comments · 467

  1. Some useful references by dwheeler · · Score: 1 · on Open Source Course for Managers?
    You might find the following web pages useful:
    1. Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers! ; this paper gives quantitative measures (such as experiments and market studies) on why using OSS/FS products is, in a number of circumstances, a reasonable or even superior approach. It's available at http://www.dwheeler.com/oss_fs_why.html
    2. Open Source Software / Free Software (OSS/FS) References ; this gives a short introduction. You might this to be a useful starting point. http://www.dwheeler.com/oss_fs_refs.html

    You'll need to discuss at least two situations: (1) using open source software in your business, and (2) developing/modifying open source software. Obviously, the issues are different.

  2. Some useful references by dwheeler · · Score: 1 · on Open Source Course for Managers?
    You might find the following web pages useful:
    1. Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers! ; this paper gives quantitative measures (such as experiments and market studies) on why using OSS/FS products is, in a number of circumstances, a reasonable or even superior approach. It's available at http://www.dwheeler.com/oss_fs_why.html
    2. Open Source Software / Free Software (OSS/FS) References ; this gives a short introduction. You might this to be a useful starting point. http://www.dwheeler.com/oss_fs_refs.html

    You'll need to discuss at least two situations: (1) using open source software in your business, and (2) developing/modifying open source software. Obviously, the issues are different.

  3. Some useful references by dwheeler · · Score: 1 · on Open Source Course for Managers?
    You might find the following web pages useful:
    1. Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers! ; this paper gives quantitative measures (such as experiments and market studies) on why using OSS/FS products is, in a number of circumstances, a reasonable or even superior approach. It's available at http://www.dwheeler.com/oss_fs_why.html
    2. Open Source Software / Free Software (OSS/FS) References ; this gives a short introduction. You might this to be a useful starting point. http://www.dwheeler.com/oss_fs_refs.html

    You'll need to discuss at least two situations: (1) using open source software in your business, and (2) developing/modifying open source software. Obviously, the issues are different.

  4. Some useful references by dwheeler · · Score: 1 · on Open Source Course for Managers?
    You might find the following web pages useful:
    1. Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers! ; this paper gives quantitative measures (such as experiments and market studies) on why using OSS/FS products is, in a number of circumstances, a reasonable or even superior approach. It's available at http://www.dwheeler.com/oss_fs_why.html
    2. Open Source Software / Free Software (OSS/FS) References ; this gives a short introduction. You might this to be a useful starting point. http://www.dwheeler.com/oss_fs_refs.html

    You'll need to discuss at least two situations: (1) using open source software in your business, and (2) developing/modifying open source software. Obviously, the issues are different.

  5. RMS is busy maintaining Emacs by Per+Abrahamsen · · Score: 2 · on RMS Running For GNOME Board Of Directors

    He just took over maintenance of GNU Emacs again by default, and I doubt he is seeking any additional programming challenges. Maintaining GNU Emacs is a full time job, it is one of the largest free software packages out there, much larger than the Gnome core, libs and applets combined according to this study.

  6. Some relevant URLs (quantitative data, security) by dwheeler · · Score: 1 · on Opposing Open Source?
    Here are some URLs that you might find helpful:
    1. Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers! has a number of quantitative measures showing advantages of at least some open source software.
    2. The chapter Is Open Source Good for Security?, part of the Secure Programming for Linux and Unix HOWTO, discusses the security pros and cons of open source software/ free software.
  7. Some relevant URLs (quantitative data, security) by dwheeler · · Score: 1 · on Opposing Open Source?
    Here are some URLs that you might find helpful:
    1. Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers! has a number of quantitative measures showing advantages of at least some open source software.
    2. The chapter Is Open Source Good for Security?, part of the Secure Programming for Linux and Unix HOWTO, discusses the security pros and cons of open source software/ free software.
  8. Some relevant URLs (quantitative data, security) by dwheeler · · Score: 1 · on Opposing Open Source?
    Here are some URLs that you might find helpful:
    1. Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers! has a number of quantitative measures showing advantages of at least some open source software.
    2. The chapter Is Open Source Good for Security?, part of the Secure Programming for Linux and Unix HOWTO, discusses the security pros and cons of open source software/ free software.
  9. Re:Faxing web log to congressman by mikosullivan · · Score: 1 · on New (More) Annoying Microsoft Worm Hits Net
    he will look at that and go "huh?"

    I doubt that. Here's the text of the fax before the grep:

    Dear Representative Boucher:

    Another virus is making the rounds of the web via Microsoft technology. It is probably trying to infect your web server right now. This virus, dubbed Nimda, effects Microsoft IIS web servers and Microsoft Internet Explorer. However, the Apache web server, an open source project that has not had a major security issue in four years, has not been effected in any way.

    Nimda spreads itself by contacting other web servers and sending special commands that infiltrate the security of the computer. Nimda attempted to contact our server over 900 times just yesterday, but those attempts have been futile: the virus writers have found it easier to write viruses for Microsoft IIS than for Apache. The code that follows are just a few of the attempts made. Many more will follow on our server and your server.

    These security breaches (Microsoft IIS averages more than two a year) cost the taxpayer, the military, and American businesses billions of dollars a year. See http://www.dwheeler.com/oss_fs_why.html for more details on why open source is more secure and more cost-effective than the closed-source software used by so many government and private organizations.

    sincerely,

    Miko O'Sullivan
    A concerned constituent
    miko@opensourcelobby.org

  10. Re:High bug count == sloppy programmers by Anonymous Coward · · Score: 0 · on Mozilla's 100,000th Bug
    From David Wheeler's estimate of Linux's size, Mozilla has 2065224 SLOCs. The version wasn't specified, but it's probably relatively recent since the distribution used was Red Hat 7.1. That would put the bug rate at a little under one per 20 SLOCs, which I think is on the high end based on my experience. One thing that clouds the issue is that Bugzilla doesn't have support for reconciling duplicate bug reports, the Mozilla team just immediately closes out the duplicates. Also, the Mozilla team uses Bugzilla for tracking feature requests and development tasks. So the real number of unique bugs is somewhat less than 100,000. Unfortunately, we don't know how much less.

    Also, I don't necessarily agree that the complexity of the project and the number of bugs to be found grows exponentially with the size of the project. Clearly, the relationship is going to be more than linear, but IMHO if it's growing exponentially it indicates a mismanaged project. Large projects simply have to put more emphasis on architecture and clean abstractions. An iterative development model with continuing design refactoring helps a lot too. I worked on two projects that grew to considerable size (500-700k SLOCs) and neither suffered from that kind of complexity growth.

  11. Re:Thought Police by Anonymous Coward · · Score: 2, Insightful · on RMS Accused Of Attempting Glibc Hostile Takeover
    What is part of the operating system?

    - kernel

    Linus wrote it.

    - libraries necessary to run C programs

    When Linus started, he wrote that too. It wasn't until libc4 that the Linux C library was derived from the GNU project, and it wasn't until libc6/glibc2 that it became part of the GNU project.

    - the most basic interface possible

    Which would consist of tty support, terminal emulation, and a shell. The tty support was part of the kernel, and Linus also started out by writing his own terminal emulator. At the time, GNU bash wasn't available, so presumably Linus used csh, which is BSD software.

    So according to your own definition, the operating system I call Linux started out without relying on a lot of GNU software.

    Okay... so, you should call linux "GNU/Linux", because GNU tools are a larger percentage of the Operating System itself than even the Linux kernel

    No, that's most definately not true. From David Wheeler's analysis of RH 7.1:

    kernel 2.4.2 - 2437470 SLOC
    glibc 2.2.2 - 646692 SLOC
    GNU binutils-2.10.91.0.2 - 690983

    And binutils contains a lot more than your definition of just "the most basic interface possible". Even if you throw in the compiler suite, you still won't end up with as many SLOCs as the kernel.

  12. Statement on computer science. by cant_get_a_good_nick · · Score: 1 · on CAIDA Released Code-Red Worm Post Mortem
    I'm a programmer. We like to call ourselves engineers but most of us are still a bit far away from that. This work was caused by a stack smash exploit, a buffer in a local variable. Put too much stuff in it, and you scribble over the stack, and maybe you get a shell. In this case, it got permissions, and was programmed to spread itself.

    The problem is that these happen all too often. We're building complex systems, but our tools are not up to the task, at least at the security end. This was a stack smash, the multiple telnet vulnerability is a stack smash (there's some keyword expansion in the buffer, and that wasn't accounted for), the (in)famous Morris worm was a stack smash. There are exploits for environment variables of unchecked length, there are exploits for using a supplied string for a printf or sprintf ( printf(a) instead of printf("%s", a), which causes problems if a is evil-user supplied). Why are these still happening? These are all known problems, with easy solutions. C tends to be our language of choice, but is insecure. Where are the additional tools though that can secure it? A sort of SecureLint? These bugs and worms are causing economic damage. Isn't it worth a portion of this money to try to make tools to clamp these down?

    And that's just the base stuff, sacrificing security for perceived ease of use or speed to market is a topic for someone elses rant.

    (Obligatory karma whoring link)
    Flawfinder

  13. Zero by Adam+J.+Richter · · Score: 1 · on What Actually Makes Up "Linux"?

    From section 2.2 of the paper (my emphasis):

    The ``physical source lines of code'' (physical SLOC) measure was used as the primary measure of SLOC in this paper. Less formally, a physical SLOC in this paper is a line with something other than comments and whitespace (tabs and spaces). More specifically, physical SLOC is defined as follows: ``a physical source line of code is a line ending in a newline or end-of-file marker, and which contains at least one non-whitespace non-comment character.'' Comment delimiters (characters other than newlines starting and ending a comment) were considered comment characters. Data lines only including whitespace (e.g., lines with only tabs and spaces in multiline strings) were not included.

    Since the copyright statements are comment, I infer that none of their lines have been counted. If you want to check this statement later, you're supposed to be able to download David Wheeler's sloccount code here, but the .tar.gz file seem to be accidentally read-protected at the moment.

    Come to think of it though, I would be even more interested in counts that included comments and documentation but somehow removed duplication, since comments and documentation also take an investment of time and add value (such as usability and maintainability) to the product.

  14. SLOC Count by Cardhore · · Score: 1 · on What Actually Makes Up "Linux"?

    I have a sneaking feeling that the author used SLOC Count by David Wheeler to determine the number of source lines of code--particulaly because of the cost-to-develop estimations that the article mentions. Even if he didn't, this is a nifty tool.

  15. Re:Discoveries are not the same as consumer goods by dwheeler · · Score: 1 · on Linus Responds To Mundie
    Open source/free software systems are clearly demonstrating that, at least for software, it is possible to develop large systems using an approach similar to the scientific approach of sharing discoveries. To some, this is counter-intuitive, but it's still demonstrably true.

    I actually measured the number of source lines of code (SLOC) of a GNU/Linux distribution (Red Hat Linux 6.2). I then used those measures to estimate the person-years and dollar costs necessary to build the same system (if it was developed in a proprietary manner). You can see the results in my paper Estimating Linux's Size at http://www.dwheeler.com/sloc. Here's a brief summary:

    1. This Linux distribution includes well over 17 million physical source lines of code (SLOC).
    2. Over 4,500 person-years of development time would have been required to build this distribution by conventional proprietary means.
    3. It would have cost over $600 million (in year 2000 dollars) to develop this distribution in the U.S. using conventional proprietary means.

    No doubt newer distributions would be even larger, with even larger costs to develop traditionally. Some distributions include many more packages, and I would expect some of them to have cost over $1 billion (U.S., 2000 dollars) to develop using proprietary means.

    A little over half of the lines of code in this distribution are licensed using the GPL license. This includes gcc, emacs, many KDE programs, many GNOME programs, and other software that tends to be included on *BSD as well as GNU/Linux systems. Thus, it makes sense for Microsoft to particularly attack the GPL license: Removing software licensed through the GPL would cripple many systems that compete with Microsoft. And clearly the GPL does not fit into Microsoft's business model. The notion, however, that business models different from Microsoft's model are somehow dangerous and need suppression is -- well -- laughable.

  16. Lesser known CGI Language? How about Ada? by EverCode · · Score: 2 · on Which CGI Language For Which Purpose?

    You cannot get anymore obscure than using Ada for a CGI app. Here is the packages for it.

    Ada is the highest level language there is, even above Java. The military uses it the most.

    If you need strong data-typing and easy code management, Ada is a good route to go. There are compilers for many platforms.

    "...we are moving toward a Web-centric stage and our dear PC will be one of

  17. List of pointers by Slugbait · · Score: 1 · on Auditing for Linux?
    Here is a collection of pointers (some already listed):

    http://bastille-linux.sourceforge.net/

    http://dwheeler.com/ secure-programs/Secure-Programs-HOWTO.html

    http://i30www.ira.uka.de/SawMill/index. html

    http://immunix.org/

    http://medusa.fornax.sk/

    http://oss.sgi.com/projects/ob1/index.ht ml

    http://soledad.cs.ucdavis.edu/

    http://users.ox.ac.uk /~mbeattie/linux/ANNOUNCE.mac30-20000214

    http://www.data.slu.se/bifrost/index.en .htm

    http://www.guug.de/~winni/posix.1e/

    http://www.lids.org/

    http://www.rsbac.de/rsbac/

    http:// www.securecomputing.com/archive/press/2000/nsa_faq _secure_linux.html

    http://www.trinix.org