dwheeler.com · Domains · Slashdot Mirror

Re:The human factor by stevey · 2004-06-28 06:32 · Score: 2, Insightful · on Blame Bad Security on Sloppy Programming

Secure Programming for Linux and Unix HOWTO is one attempt to correct this.

I agree though, most books are filled with examples and have merely a warning in the introduction "To reduce the size of code listings all error checking has been removed from our examples".

I wish more people read documents like that I linked to above, but people can get suprisingly far into their careers before this becomes obvious to them.

Re:grass is always greener by pavon · 2004-06-23 14:38 · Score: 3, Interesting · on Slackware 10.0 Officially Released

This means that foobar.dll v1.0 and foobar.dll v1.1 can exist on disk at the same location (to the requesting program).

This is already possible in Linux and has been for years (it probably inherited the practice from other unices before it was created). The way that linux handles different versions of the same libraries is actually really nice. You can read about it here . Where the problem comes in is that that either the package manger doesn't like to install multiple versions of the libraries, or the user isn't aware that it is possible. I think that the latter is the more common case. The user sees that they need library version Y, and they have X so they naturally upgrade the package rather than installing it beside the existing one.

This is where .NET comes in. There is no more DLL hell.
Kind of live WinForms/Avalon :P

Here are lots of facts they forgot to mention by dwheeler · 2004-06-11 16:05 · Score: 1 · on Microsoft's Magical 'Myth-Busting' Tour

Take a look at Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!, which has a large collection of quantitative studies suggesting that looking at OSS/FS (including GNU/Linux systems) is a good idea. Just updated as of a few days ago.

Any software acquirer should look at all sides of an issue, and not just take any vendor's word for how wonderful their products are.

Re:Finding the holes is only half the battle by stevey · 2004-06-11 05:52 · Score: 2, Insightful · on Is Finding Security Holes a Good Idea?

This is why documents such as The Secure Programming for Linux and Unix should be compulsory reading for developers.

Time after time we see the same flaws being found, sometimes by me, sometimes by more focussed groups.

I seriously believe half the problem is the number of young developers who read manuals/textbooks/online guides which have a paragraph at the introduction saying something like "To keep the code concise we've ommitted all error checking in our examples". With nary a mention of security throughout the rest of the piece.

Half joking - half serious.

Re:Does he think Linux was completed overnight? by versus · 2004-06-05 00:50 · Score: 1 · on Ken Brown Responds to His Critics

0.01 is available from kernel.org, and is dated from the fall of 1991. With headers and everything, 'wc' reports that the entire thing is less than 7500 lines. (That includes blank lines, comments, lines with a single brace, etc.)

I used SLOCCOUNT utility.

Linux v0.01 source tree:

Totals grouped by language (dominant language first): ansic: 6975 (85.35%) asm: 1197 (14.65%)

David A. Wheeler's Why OSS/FS?Look at the Numbers! by NZheretic · 2004-05-09 01:04 · Score: 1 · on Well Documented Open Source Business Case?

Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers!.

"Java" is a standard, not a product. by Anonymous Coward · 2004-05-01 11:16 · Score: 5, Interesting · on Gosling on Opening Java

Anyone is free to make their own implementation of a Java framework. There's an (outdated) list here of alternative implementations (and possibly more here as well).

For example, SableVM and Joeq are the first two that I found on Sourceforge (and there are several more).

So it's not really a question of "open sourcing Java" - because there are already open source implementations of Java (and a few commercial ones as well). It would be a question of Sun opening up their reference implementation of Java.

So the main advantage of opening up their reference implementation would be to focus the software community's efforts more on one Java implementation and to stop the fragmentation. People would still be free to develop their own Java compatible VM's & compilers, but it would provide less of an incentive for them to do that if there's one central, relatively community-oriented distribution.

Secure Programming HOWTO by dwheeler · 2004-04-27 03:17 · Score: 4, Informative · on PHP and SQL Security

For guidelines on how to develop secure programs, see my Secure Programming for Linux and Unix HOWTO. This Free book provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. That includes application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. The book includes specific guidance for a number of languages, including C, C++, Java, Perl, Python, PHP, and Ada95.

secure programs howto by e**(i+pi)-1 · 2004-04-10 15:36 · Score: 3, Informative · on Embedded RTOS Maker Raises Linux Security Issues

Some good reading about this topic can be found here.

GPL incompatibility is a problem of practicality by dwheeler · 2004-04-07 10:14 · Score: 1 · on X.Org Foundation Releases X11R6.7 X Window System

The problem is that GPL-incompatible programs cause a host of practical problems. The majority of all open source software / Free Software (OSS/FS), counting by number of packages or lines of code, uses the GPL. You don't have to use the GPL license, but creating an OSS/FS a license intentionally incompatible with it causes lots of practical problems. See my essay on using GPL compatible licenses for more information.

Dish out, take in by GreyWizard · 2004-03-08 07:54 · Score: 1 · on Beyond An Open Source Java

While that may be true on the Linux platform, I do not believe that to be accurate on either my Windows or BSD box. MOST of the software on my BSD box is free and NOT GPL.

Over half of all free software available on the most important internet archives for the stuff is licensed under the GPL. Check the statistics found here. I didn't say that half of the software on your FreeBSD or Windows machines was GPL licensed. More than half the software on your Windows machine is surely proprietary. I'm sure that the FreeBSD base system is almost entirely BSD licensed. However, stroll over to the ports system. There you will find a convenient way to install GCC, Bash, Emacs, and an endless selection of powerful and useful GPL applications and libraries.

Does FreeBSD even come with a C compiler that isn't GCC? On my FreeBSD machine "cc --version" gives me GCC output, but the first thing I do when I install such a thing is setup a variety of useful GPL applications, so I very well may have clobbered or overlooked some anonymous BSD licensed compiler along the way.

Do you disagree? Are you saying it is OK for me to scavenge code from GPL software to make other non-GPL free software? You make it seem like GPL is the only 'free' solution.

Are you even paying attention? I did not say it was acceptable for you to scavenge code from GPL software and place it into proprietary code. However, merely looking at GPL code will not prevent you from writing your own oringinal non-derivative but possibly similar code that does similar things. Read the GPL and tell me where it says that you can't do this.

Even IBM has their own open source license.

I have said over and over again that the choice of whether to use the GPL is a strategic one. Have you read the IBM public license? Here is what the FSF has to say about it:

The IBM Public License is incompatible with the GPL because it has various specific requirements that are not in the GPL.

For example, it requires certain patent licenses be given that the GPL does not require. (We don't think those patent license requirements are inherently a bad idea, but nonetheless they are incompatible with the GNU GPL.)

In other words, the GPL is not restrictive enough for IBM in some cases. Meanwhile IBM contributes to GPL projects including Linux all the time, so they are clearly not allergic to it.

However, nothing on either of those pages show anything about the "Spirit of the GPL". However, a quick search of Google OR Slashdot will show that people quite regularly complain about projectX or licenseY breaking the Spirit of the GPL.

Good grief. Do you mean to say that the hoards on slashdot and various web logs are a better arbiter of what is and is not within the spirit of the GPL than the Free Software Foundation, the organization that created it, simply becuase the latter doesn't use the exact phrase "Spirit of the GPL" on the page?

Perhaps this is an issue that would be better resolved directly with licensing@gnu.org, with whom I will email directly to get clarification.

Yes, do. I'm sure you'll be back with an out-of-context quote that you've only half understood and turned upside down to make into some nefarious thing, but at least you will have had the opportunity to see learn something.

And can that resulting application be BSD-licensed? NO! It has to be GPL'd.

And your point is what exactly? What I said was that the GPL gives you an incentive to make your work free software, and it does that.

However, if the code was Public Domain, then NO ONE would question that everyone could use it without reinventing the wheel. GPL does not add this capability -- since Public Domain (BSD, etc) all have been around with that sa

Re:closed source != bad always by gaj · 2004-03-06 08:54 · Score: 2, Insightful · on ATI Releases Drivers for XFree 4.3.0

You are either ignorant, stupid or a troll.

I'll assume the first, and attempt to educate you. I've already pissed off a bunch of people who instead provided the usual whiny /. repsonse to your (possibly unintiontional) troll, so I figure I better piss off the rest. wheee!

So what if the drivers are closed source?

I value my time far to much to fully answer this one, but there are many reasons for preferring open source: philosophy, practicality, curiosity and quality are four of the biggest.

ATI cant [sic] and wont [sic] expose the low level details of their hardware's functionality to competitors.

This is, frankly, mostly an argument made by marketing and PHBs (and people who just plain don't know any better, but I repeat myself). The fact is, they can and they will. They have no choice if they want to ship a product. Rest assured that, to the extent that they care to, NVIDIA knows lots about the low level details of the ATI designs. Having the source to the drivers would be a small bit of help, but, frankly, things move so fast that by the time a competitor could reverse engineer ATI's current feature set and figure out a way to integrate sait technology into their own, ATI would have rolled on to the next level. The architectures of the leading solutions are sufficiently different that reverse engineering the competitor is of primarily academic value (and perhaps a bit of marketing). Both ATI and NVIDIA have some of the best engineers in the world on their teams ... I assure you, we engineers would much rather design new stuff the copy someone else's stuff. Hell, more often than not developers will reinvent the f'ing wheel rather than use something NIH.

Whats the difference anyway? It is naive to think that you could even understand, let alone improve, what the engineers - who know the hardware intimately - have written?

You must be kidding, right? Not only are there plenty of engineers reading /., but, frankly, if the code is so poorly written that a reasonably smart person who knows C can't figure it out given specs and time, it probably sucks ass and I probably don't want to be running it anyway. The lowest levels of driver code can indeed be twisty, but much of this stuff is code to present an interface to client code. Also, while Joe User may well not be able to understand the code, a) the XFree86 folks sure as hell can and b) if it mattered enough he could hire someone who does understand it. One of the beauties of open source, BTW.

And by the way, Nvidia does not publish its source either...

You f'ed up, man. You got one accurate (if obvious) point into your message. Bad troll ... no cookie.

HTH HAND

or not

Ducks in a Row by Anonymous Coward · 2004-02-24 07:53 · Score: 0 · on Apache says ASL2.0 is GPL-compatible

The OSS/FS movements really need to get their licensing 'ducks' in a row...

Ah yes Black Duck tracking 100+ FOSS licenses, compatibility .. against source, downloads, installs from 100K+ projects ...

But then one might just consider GPL compatibility update per blog

Ducks in a Row by Anonymous Coward · 2004-02-24 07:53 · Score: 0 · on Apache says ASL2.0 is GPL-compatible

The OSS/FS movements really need to get their licensing 'ducks' in a row...

Ah yes Black Duck tracking 100+ FOSS licenses, compatibility .. against source, downloads, installs from 100K+ projects ...

But then one might just consider GPL compatibility update per blog

Source Code Auditing Tools by cquark · 2004-02-16 07:45 · Score: 1 · on Exploit Based On Leaked Windows Code Released

There are a variety of static source code analyzers that will find potential buffer overflows and other types of security flaws. I like Flawfinder, but ITS4 is also good though it's licensing terms aren't as clear or free as I'd like. There's also Secure Software's RATS, which can analyze several languages in addition to C and C++. Each of these tools generates a large amount of output and you have to have some understanding of security to use them, but they can find potential security flaws that you would otherwise overlook.

Re:Let's not jump to conclusions here... by kiscica · 2004-02-13 07:53 · Score: 3, Interesting · on Microsoft Source Follow-Up

I keep seeing these figures for the size of the entire Windows source code base, "40GB and 40 million lines of code." Unless I'm missing something, this just doesn't add up. ~40 billion characters / 40 million lines implies that the average length of a line of code in the Windows source is 1000 characters. Even if the comments are terribly verbose, I highly doubt that is correct.

Now, I haven't looked at the leaked (putative) Windows source code yet, but I did check some of the Linux kernel source, and the average seems to be more on the order of 20-30 characters per line.

If Windows source is statistically similar, 40 million lines would be close to 1 gigabyte (not 40), so the 650 or so megs of leaked code might indeed be a significant chunk of it. (I saw at least one claim that the leaked code comprises 13 million lines, which would be in line with these estimates.)

I find the "40 million lines" claim for Windows source code, even including all the drivers etc., a lot more credible than the "40 gigabytes" (which would imply something like a billion lines of code). Even then, it's a lot. For comparison, a recent Linux kernel on my machine is about 5 million lines of source code (and 150 megs), and an entire Linux distribution of around the same vintage as W2K, namely Redhat 7.1, is about 30 million lines. The total functionality of W2K is arguably significantly less than that of an entire Linux distribution.

Kiscica

OSS Policies - here are some useful links by dwheeler · 2004-02-13 03:52 · Score: 4, Informative · on Constructing a Corporate Open Source Policy?

I think you'll find these useful:

Why OSS/FS? Look at the Numbers! has lots of quantitative data showing that you should consider using OSS/FS. The whole thing is long; Why OSS/FS? Look at the Numbers (presentation) is useful as a short presentation of the info.
The MITRE report on OSS use in the DoD shows that OSS is already being widely used there.
On May 28, 2003, the DoD issued a formal memo placing OSS/FS on a level playing field with proprietary software, without imposing any additional barriers.
If you want to reference guidance on how to evaluate OSS/FS, see How to Evaluate Open Source Software / Free Software (OSS/FS) Programs.
Although it's from a government view, you might find this presentation helpful: What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?

Hope those references help.

OSS Policies - here are some useful links by dwheeler · 2004-02-13 03:52 · Score: 4, Informative · on Constructing a Corporate Open Source Policy?

I think you'll find these useful:

Why OSS/FS? Look at the Numbers! has lots of quantitative data showing that you should consider using OSS/FS. The whole thing is long; Why OSS/FS? Look at the Numbers (presentation) is useful as a short presentation of the info.
The MITRE report on OSS use in the DoD shows that OSS is already being widely used there.
On May 28, 2003, the DoD issued a formal memo placing OSS/FS on a level playing field with proprietary software, without imposing any additional barriers.
If you want to reference guidance on how to evaluate OSS/FS, see How to Evaluate Open Source Software / Free Software (OSS/FS) Programs.
Although it's from a government view, you might find this presentation helpful: What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?

Hope those references help.

OSS Policies - here are some useful links by dwheeler · 2004-02-13 03:52 · Score: 4, Informative · on Constructing a Corporate Open Source Policy?

I think you'll find these useful:

Why OSS/FS? Look at the Numbers! has lots of quantitative data showing that you should consider using OSS/FS. The whole thing is long; Why OSS/FS? Look at the Numbers (presentation) is useful as a short presentation of the info.
The MITRE report on OSS use in the DoD shows that OSS is already being widely used there.
On May 28, 2003, the DoD issued a formal memo placing OSS/FS on a level playing field with proprietary software, without imposing any additional barriers.
If you want to reference guidance on how to evaluate OSS/FS, see How to Evaluate Open Source Software / Free Software (OSS/FS) Programs.
Although it's from a government view, you might find this presentation helpful: What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?

Hope those references help.

OSS Policies - here are some useful links by dwheeler · 2004-02-13 03:52 · Score: 4, Informative · on Constructing a Corporate Open Source Policy?

I think you'll find these useful:

Why OSS/FS? Look at the Numbers! has lots of quantitative data showing that you should consider using OSS/FS. The whole thing is long; Why OSS/FS? Look at the Numbers (presentation) is useful as a short presentation of the info.
The MITRE report on OSS use in the DoD shows that OSS is already being widely used there.
On May 28, 2003, the DoD issued a formal memo placing OSS/FS on a level playing field with proprietary software, without imposing any additional barriers.
If you want to reference guidance on how to evaluate OSS/FS, see How to Evaluate Open Source Software / Free Software (OSS/FS) Programs.
Although it's from a government view, you might find this presentation helpful: What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?

Hope those references help.

Absurd. by Anonymous Coward · 2004-02-12 09:37 · Score: 1, Insightful · on Is Open Source Fertile Ground for Foul Play?

This is a specious argument. It assumes that bad code can somehow be slipped into open source code while proprietary code could never ever have such bugs.

There have been software packages that have had backdoors in them for a decade and these were not found until someone open sourced the code.

CERT(R) Advisory CA-2001-01 Interbase Server Contains Compiled-in Back Door Account

Even Microsoft code has been found to have back doors in it:

Netscape Engineers are Weenies

Yes, there will be mistakes made. Security is a process, not a state. The biggest mistake would be for a company to assume that software is secure just because it is open source. No, just being open source doesn't sprinkle magic pixie dust on your product, but it does let you get the sources from the vendor, have another firm or your own in house programmers audit the code to ensure that it is back door free and relatively clean and then you build the code yourself.

Before writing opensource software I recommend all programmers read the following:

Secure Programming for Linux and Unix HOWTO

This document covers everything the article covered and a lot more.

As a last note. Open source software is to computer programming as the scientific method is to science. It is a peer review process that slowly results in better and better software over time. Closed source software is like alchemy of the old days. In just 20 years the open source programmers have build entire platforms that can challenge anything that the proprietary programmers can develop. Where will we be in another 20 years? in 100 years? in 1000 years?

GPL-compatibility is EXTREMELY important by dwheeler · 2004-01-30 06:32 · Score: 1 · on XFree86 Alters License

I'm not certain if this new license is GPL-compatible or not. But a brief reading suggests that it is probably not.

As I discuss in Make Your Open Source Software GPL-Compatible. Or Else , it is extremely important that OSS projects choose a GPL-compatible license. You don't need to use the GPL - not even the Free Software Foundation (FSF), the developer of the GPL and its most avid proponent, claims that absolutely all software must be GPL-licensed. But choosing a license incompatible with the GPL is generally a bad idea if you're developing open source software.

If a project isn't GPL-compatible, it may not receive enough support from other developers to sustain it. Many developers prefer the GPL; the majority of open source software (as counted by packages or lines of code) are GPL'ed. See my paper, there's lots of quantitative evidence for this. Developers who prefer the GPL will work with non-GPL'ed programs, but usually only if they're GPL-compatible. Several high-profile projects have undergone great agony to become GPL-compatible (vim, Python, Mozilla, Qt). Apache just made a change to its license saying that one reason was to make it GPL-compatible. Multiple major projects don't undergo painful license changes unless they have a reason to do so.

If this isn't resolved, the likely outcome is a fork, with the version under the modified license eventually losing. I don't see that this license change is worth such an outcome. They could resolve this with a dual license with the GPL, or just continuing to use the original license, or some variation.

Re:Why shouldn't it be? by ciaran_o_riordan · 2004-01-30 04:27 · Score: 0, Redundant · on XFree86 Alters License

How can programmers share code with each other when there are legal restrictions?

Stallman realised this problem 15 years ago, so he made a *General* license. ReadMe

Re:Debatable scale by Minna+Kirai · 2003-12-23 07:43 · Score: 1 · on MySQL & Open Source Code Quality

If they ran the code bases through something like cindent and standardized the code formatting and removed all comments and whitespace then it's a somewhat more valid comparison.

Almost nobody who talks about "lines of code" in a software engineering context means "number of carriage returns". They're smart enough to understand that in languages which allow comments or whitespace, using the actual length of the file is just pointless.

Look at any SLOC counting script. For a C program, SLOC basically equals the number of ";" in the file (outside of comments and string constants, of course). Using the number of "\n" would be silly.

Maybe the article didn't reiterate what it meant by "lines of code"... but comments and whitespace aren't code, so they do not count towards LOC. The formal definition for "line of code" is often "a line ending in a newline or end-of-file marker, and which contains at least one non-whitespace non-comment character."

It's not hard to create a unique name (generators) by dwheeler · 2003-11-21 02:47 · Score: 1 · on Universities Dispute with Red Hat over 'Fedora'

Yes, most of the names in the English dictionary are taken by someone or other. English doesn't have that many words, and there are a lot of projects and companies.

However, it's easy to create a unique name. One way is to use a random name generator. I give away Totro, a free GPL'ed name generator. You don't even have to install anything, just view the page and start creating names. Yes, the resulting name won't be a name in the dictionary, but that's a good thing - that means that the name is much more likely to be unique.

There's more evidence to justify his point. by dwheeler · 2003-11-19 10:43 · Score: 4, Insightful · on The Riches of Open Source

The paper doesn't identify many relevant statistics showing that the open source software community has huge resources, but the evidence is out there.

My paper More than a Gigabuck: Estimating GNU/Linux's Size measured Red Hat Linux 7.1. It found that this distribution had over 30 million physical source lines of code (SLOC), it would cost over $1 billion (a Gigabuck) to develop this Linux distribution by conventional proprietary means in the U.S. (in year 2000 U.S. dollars), and would have required about 8,000 person-years of development time. Over one year's time, it represented a 60% increase in size, effort, and traditional development costs.

Another study (inspired by mine) looked at Debian 2.2. The found that Debian 2.2 includes more than 55 million physical SLOC, and would have cost nearly $1.9 billion USD using over 14,000 person-years to develop using traditional proprietary techniques.

Linus, of course, doesn't have any sort of real control of GNU/Linux outside the kernel. But in the context of this article, the real issue seems to be a comparison of the open source / Free software community (as represented by GNU/Linux, the Linux kernel, and Linus Torvalds) versus Microsoft. And in that sense, this community has managed to acquire an absolutely astounding amount of resources, since it's managed to become competitive with Microsoft in spite of the many roadblocks it's had to handle (lack of hardware vendor support, perception that the approach can't work, etc.).

More quantitative data showing that there cases where open source software / free software is competitive is available in my paper "Why OSS/FS? Look at the Numbers!".

There's more evidence to justify his point. by dwheeler · 2003-11-19 10:43 · Score: 4, Insightful · on The Riches of Open Source

The paper doesn't identify many relevant statistics showing that the open source software community has huge resources, but the evidence is out there.

My paper More than a Gigabuck: Estimating GNU/Linux's Size measured Red Hat Linux 7.1. It found that this distribution had over 30 million physical source lines of code (SLOC), it would cost over $1 billion (a Gigabuck) to develop this Linux distribution by conventional proprietary means in the U.S. (in year 2000 U.S. dollars), and would have required about 8,000 person-years of development time. Over one year's time, it represented a 60% increase in size, effort, and traditional development costs.

Another study (inspired by mine) looked at Debian 2.2. The found that Debian 2.2 includes more than 55 million physical SLOC, and would have cost nearly $1.9 billion USD using over 14,000 person-years to develop using traditional proprietary techniques.

Linus, of course, doesn't have any sort of real control of GNU/Linux outside the kernel. But in the context of this article, the real issue seems to be a comparison of the open source / Free software community (as represented by GNU/Linux, the Linux kernel, and Linus Torvalds) versus Microsoft. And in that sense, this community has managed to acquire an absolutely astounding amount of resources, since it's managed to become competitive with Microsoft in spite of the many roadblocks it's had to handle (lack of hardware vendor support, perception that the approach can't work, etc.).

More quantitative data showing that there cases where open source software / free software is competitive is available in my paper "Why OSS/FS? Look at the Numbers!".

Stupid Darl... by cshark · 2003-11-18 17:10 · Score: 1 · on McBride Speaks, In Person And In Print

It's always fun to watch Darl and his loud and continued misunderstandings of what exactly a copyright is. I found this quote very entertaining.

"What's left in this company are concepts and ideas. If you take away the ability to protect that, we're reduced out ability to compete as a country (cue the break out the flag, someone)."

Correct me if I'm wrong, but isn't copyright the protection of literary works? I know they've changed copyrights a bit recently, but as far as I know, it's still impossible to copyright an idea. If that were possible, entire literary genres would be in jeopardy. Imagine what would happen if you had to pay Geffen Records every time you wanted to write a love song?

Another technical point: (quoting from the article)

Q: What percentage of Linux is infringing?

A: Roughly one million lines of code. 20% of the Linux kernel. BSD is in a clear legal environment. There are dozens of protected BSD files that have made there way into Linux.

Which is interesting. This guy says there are 30,000,000 (thirty million) lines of code in Linux. I've heard it elsewhere as well, mostly here.That would mean that there would need to be at least 6,000,000 lines of code in order to constitute a 20% infringement.Yet, McBride says there are only a million lines of infringing code.And that includes their extremely broad definition of derivative works.

I could be pissing up the wrong tree, but it looks like he's full of it. But we knew that.Let's just hope their legal team shows the same level of ineptitude that McBride has. :)

No - Changing others' thinking/behavior. by dwheeler · 2003-11-14 03:13 · Score: 1 · on Why Personal Websites Matter

I have a personal website (http://www.dwheeler.com), and while this article is interesting, for me and many others this article completely misses the point.

Many people, including me, have a personal website because we want to change people's thinking or behavior, and not because we gain directly from our personal sites.

Let me give specific examples. I've been frustrated that many developers don't know how to write secure programs, so I give away a free book telling people how to write secure programs (particularly for Linux/Unix). I was interested in open source software / Free software, and was frustrated when I discovered that quantitative information existed but it was hard to find - so I collected quantitative data about open source software / Free software so others could benefit from my search, and so that people would start thinking quantitatively about such things. In a similar vein, I was curious about how much source code was in GNU/Linux, and wanted people in general to think about quantitatively analyzing these systems, so I posted my paper on the number of source lines of code in a GNU/Linux distribution ("More than a Gigabuck").

Reputation-building and getting stuff (like money and free things) is nice, and I certainly don't mind those side-effects. Have I made money from reputation, and gotten free stuff? Yes to both questions, but I better not quit my day job :-). But that wasn't my point. My goal was to give useful information to a set of other people, to influence behavior and thinking. I get a lot of visits, and I've received a number of emails suggesting that my material has changed the thinking or behavior of some people, so I think I'm very much meeting my goals.

I think people should be able to create a personal website for whatever reason, and then enjoy it if it meets their goals. If you want a lot of people to visit your personal website, you need to provide something on your website that others might want. A blog declaring what you ate last night isn't going to get a lot of visits. But if it's meeting your goals, go to it! If your goal is to change thinking and behavior, then you must create content that could do so.

I haven't had the problem of being "hidden"; my personal website's content ranks quite high on Google when you enter keywords relevant to my content. Why? Because I've worked hard to create content that at least some people actually want.

The stuff about needing an expert to create fancy graphics is just nonsense. Nonsense! LOTS of people visit my site, without the fancy graphics. When people are searching for information, they'll use search engines which can't even decipher the graphics. As the author says, simple works quite well.

It's not that the author is wrong - if your goal is reputation-building and free stuff, a personal website could do it. But there are many other motivations besides those two.