Slashdot Mirror
Open Source Studies
e8johan writes "Avaya Labs Research has presented a paper studying the open source process in the cases of Apache and Mozilla. They reach a number of interesting conclusions, the ones I find most interesting are: * Open source projects tend to have a core team of 10-15 coders, producing almost all code. The next layer is a set of developers submitting new features and bugfixes. The next layer is a set of advanced users submitting bug reports. * Open source projects tend to have a lower bug-rate than commercial projects. * Open source projects are generally quicker to respond to user requests. The article also discusses the differences between projects that have always been open source (such as Apache) and projects having a proprietary history (such as Mozilla)."
if these projects average 15 coders, on average they're also significantly less complex projects, and then of course on average theyll have less bugs.
also, if you have a team of people who are PAID to find bugs, theyll find more.
... and here is my bug sumission. It's spelled COMMERCIAL, not commersial I guess this submission was proprietary.
"Never doubt that a small group of thoughtful citizens can change the world. Indeed, it is the only thing that ever has."
-- Margaret Mead
So close and yet so far from the world's perfect ID number
Open Source projects tend to have less men with whips walking around your cubical.
"We are slaves."
I bet most open source projects would be better if the 10-15 core coders were paid as full time employees. Of course this would require compaines to back them, which is easier said than done.
Get thee to the bible of all things Software The Mythical Man Month. Take 15 motivated and talented indivduals (they have to be both) and they will whoop the arse off a team ten times their size which is filled with average people.
Adding more people _makes_ a project more complex but not in terms of the problem being solved, it makes it more complex because there is more communication and communication is not always accurate, the more communication the more bugs. Its no suprise when you look at some elements of large OSS projects that you see that PersonX does everything on Y, its this "master" concept that helps them deliver. And of course in having an excessively large testing team by commercial standards, testers out-numbers codes by huge ratios, any one been on a commercial project where there was even parity.
OSS is the best way to run a paid or unpaid project IMO, the problem is that it looks so expensive on the surface the companies don't do it. But the Total Cost of Ownership is much higher because of the lack of testing and the lack of review, and of course because instead of 15 developers and 100 testers they have 100 developers and 3 testers, 6 managers, 1 programme manager, two account managers, one account director and two administration assistants.
The common factor between OSS and standard commercial is that no-one does enough documentation.
An Eye for an Eye will make the whole world blind - Gandhi
Anyways Adobe has a pdf translation engine here. Just punch in the URL ...
Alison
"It is a miracle that curiosity survives formal education." - Albert Einstein
Open source software has been in my mind more of a philsophical debate than one of software production. It seems like computer science mimics things a lot in regular science. A new *thing* is discovered, and becomes a widely used standard incorporated into other programs (aka inventions) and it becomes part of the market place.
According to the article: Proponents claim that OSS software stacks up well against commercially developed software both in quality and in the level of support that users receive...
In many ways this is true, but coming from me, someone who is trying to switch from windows to linux, help is a lot harder to come by than they claim. I've relied much on my friends who have used linux to help me get my system running, and without their help I would have spent weeks on google, newsgroups, forums, doc, and man pages just to get things as simple as my audio drivers for my laptop working.
Support for OSS is minimal at best, and that's to be expected. When you have to pay for software, someone is payed to answer phone calls, to write thorough docs.. because it is their JOB. I know a lot of people, such as those 10-15 dedicated developers like the article says, can do a lot when it comes do documentation and support, but companies beat them hands down in this department. That is a big problem, there needs to be a better system. The irony there is if you make linux easier to use you lose the power of customizing your kernel, or optimizing programs by compiling them on your machine, etc.
If something isn't done though, OSS software will always take more time to setup than commercial software.
- tristan
One of the authors, Roy Fielding, is on the Apache Board of Directors. I haven't read the paper yet and I'm sure he can be objective, but still.
So open source group dynamics are similar to closed source projects. Not really surprising, since both are staffed by people!
Larger more formalized projects, aerospace for example, improve on the above by making subgroups of subgroups. This layering of project & program management really increases the overhead. It seems to slow things down, but at the end you can put things together and have a hope of making it work. It's really a formalization & extension of the way we organize ourselves naturally.
"Glory is fleeting, but obscurity is forever." --Napoleon Bonaparte
HTML version via since the original is slashdotted and a PDF anyway.
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
It's all well and good to focus on the characteristics of a successful OSS project. It's extremely interesting that these projects succeeded without elements that are considered to be fundamental to success in commercial development. However, studying success provides only half the picture. It won't tell you what things to avoid that tend to make OSS projects fail. Without that knowledge, attempts to reproduce and improve upon the methods used by Apache and Mozilla will experience unforseen failures that could have been avoided.
How can we afford to ever sleep
So sound again
--ebtg
It is often characterized as a fundamentally new way to develop software that poses a serious challenge to the commercial software businesses that dominate most software markets today.
I was under the impression that this kind of approach to building is a fudamentally old way of getting the job done. The Homebrew Computer Club essentally built everything "open source" (well, it was hardware mostly, but same approach). The current resurgence of OSS is not something new and revolutionary, it is instead a rediscovery of old techniques that were coopted by big business.
"Your superior intellect is no match for our puny weapons!"
The Raven
The Raven
The report mentioned many things that we already know. But there's one important thing about the Open Source software the report may have missed
The freedom to change / customize the software via the source code.
People can argue that even Windoze can be customized - background, for example - but it ain't the same as cusomization via source code.
Do you ever have the feeling, when you use commercial / close-source software, that some part of it are kinda stupid, cumbersome, or simply plain assinine ?
Do you ever think that if you _just_ have the source code, perhaps you could do some change to it, at least to better suit your taste ?
Well
Now, of course, not every one know how to code, and even fewer of us know how to tweak the code to our own liking. But that doesn't change the point that with Open Source, we _can_ change the software anyway we like it.
It's a feeling of having TOTAL CONTROL over the software.
It's a feeling of empowerment.
It's just _the_ thing close-sourced software users don't get to enjoy.
Muchas Gracias, Señor Edward Snowden !
I'm sure the study will have very little effect on software development practices.
It reminds me of the study cited in DeMarco and Lister's "Peopleware" on the relation between schedule setting and productivity. They compared programmer productivity under four regimes: schedule set by the manager; schedule set by the programmer; schedule set by a neutral third party; and no schedule. The first three alternatives were tightly bunched, with "schedule set by the manager" producing the worst results (but only by a small amount). The fourth, no schedule, result in more than double the productivity of any of the others.
This book has been out for at least a decade, but as far as I know it has not led to the adoption of schedule-free development anywhere...
"How to Do Nothing," kids activities, back in print!
The metric they used was bug density, not the absolute number of bugs. In other words, number of reported defects per N lines of code.
...
Mozilla is a far larger project than the Apache core, so given an equivalent number of bugs per N lines of code you will see a far larger number of bugs.
They did report that to some extent the measurement of bug density wasn't necessarily directly comparable due to the different state of the projects at the time the report was written (Apache == stable, Mozilla == pre-release). If you're interested in more details read the paper yourself
It depends how you define successful. Yes, Apache and Mozilla are great products, but if there are so great, why aren't people dropping their closed source software and downloading their open source counterparts in droves? Hell, the two examples given are not only open source, but they're free!
Obviously it all can't be a success. How about the downsides? What about time to market? How long did Mozilla take to deliver a 1.0? What about lack of common features that customers want? (When I say customers, I mean the target audience as a whole, not just the geek community.)
If your open source project does not have a critical mass of developers it will fail. Critical mass can only be acheived if the program being developed is largely finished or already useful in some way. Everyone likes to back a winner. The exception to this rule is when you have a project started by someone with past successes such as Miguel starting the Mono project after the successful GNOME project. But then you could argue that C# was already a mature specification for Mono to exploit, so it was already a "winner" in a sense. The Parrot project, by comparison has the disadvantage of not having pristine design specification and documentation (courtesy of Microsoft) to mimic.
Often, the majority of work in a pre-critical mass project has already been done by a single individual. This is conveniant because they usually become the defacto project leader. It is just as useful to prevent poor contributions into the project as it is to add quality code to the project. This is due to the fact that no one likes code audits.
And the final mark of a good open source project - the leader cannot be a prick. There's too much bullshit to put up with in day to day life, why would you want to get harassed without being payed?
This is probably the most profound statement about OSS I've seen in this discussion.
OSS projects are not better because the coders are more talented or devoted than closed source projects. They are better because they actually have QA resources that cannot be matched by close source projects.
Yes, but on the flipside OS software is like a box of chocolates, you never know what you're going to get.
Without reliability, business won't endorse open source software. So what ends up happening is you have hundreds of so-called "advanced users" who are basically hobbiests with a sense of adventure spending thier time using faulty software...so that eventually the rest of us will get a useful product. Sure it's thorough, and the bugs do get found...but there are side-effects to this.
For a lot of us who were using Mozilla in the beta stages, it was a complete mess. I remember one bug that was just so rediculous it rendered the entire browswer unusable. As I recall the only way to type a URL into the browser address window was to doubleclick on the text, and hold down the mouse while typing the URL. It was maddening and I stopped using it after a few days. The bug was addressed, and fixed in the next version. But it wasn't for another 8 months(long after the 1.0 release) that I picked up and tried mozilla again.
The point is, I wanted a web browser, not an adventure. Most users want things they can trust. They want working e-mail, office applications, web browsers, etc. Businesses are even more fickle about this. In a business environment software has to be reliable or it could end up costing millions, there is just no room for "software speculation".
OSS projects like Apache and the Linux kernel are stable because they have enjoyed years of meticulous care. I say care because in those cases the user and the developer were the same person. But where are you going to find daring OSS beta-testers for office applications and enterprise level software? These are products that need to work now. 5 years of screw-ups may produce a good product in the end...but most companies can't afford those 5 years.
The government has a defect: it's potentially democratic. Corporations have no defect: they're pure tyrannies. -Chomsky
OpenSource development is more successful because the people involved love what they're doing.
Unfortunately that implies a disadvantage, too: Things they don't love doing often don't get done at all.
Quality: Many businesses make the assumption that commercial software is more rigorously developed and tested than open source software. The rationale here is that a commercial software vendor has an economic incentive to ensure quality and correct problems. There is also an expectation of accountability from an organization that exchanges products for currency.
Support: When investing in a mission critical software package, an organization wants to rely on the vendor to provide assistance and support that may be beyond the capabilities of its own staff. This is coupled with a desire for fast response to critical problems - if your company's livelihood depends on your webserver being up, you want to partner with a vendor that can deliver immediate service and support.
Integration: In today's computing landscape, software does not exist in isolation - software is expected to interface and collaborate with other packages and components that are part of the portfolio of an organization. Unfortunately, integrating diverse software components is a daunting and error-prone task. Organizations tend to favor vendors that provide installation and configuration support as well as consulting services geared toward integrating their products with the systems they already have deployed.
Maintainability: Organizations make software acquisition decisions based on the long-term. From their perspective, they want to invest in a "platform" that has long-term viability. This viewpoint is often associated with buying applications from an established vendor who they expect to be stable and viable enough to last the long-haul.
Usability: When a company makes a purchasing decision for a software package, one of the factors considered is whether the software is usable. This includes how easy it is to configure and maintain, the quality of the GUI (if any), the ease with which you can understand how the software operates, and so on. Open source software, is often viewed as being written "by hackers for hackers". In reality, open source software usually IS targeted to the upper echelon of software users, making it more difficult for organizations lacking highly experienced staff from being able to adequately deploy and use such software.
There are many other factors (both real and perceptual) that impact organization decision-making when it comes to open source software. Vendors tend to market their products to corporate decisions makers aggressively, whereas open source software does not. In many cases the merit of an software solutions is less important than the "relationship" between the IT decision makers and vendors. Not all organizations are aware of the wealth of open source solutions available to them in virtually all domains. And, clearly, if you don't know something exists you won't use it.
The reality is that much open source software meets the quality, support, integration, maintainability, and usability requirements that organizations demand. In many cases, open source software is actually better than the commercial alternatives. The free availability of source code makes it possible for the user community to find more of the potential problems and defects than in closed, black-box commercial alternatives. Skilled consumers can actually submit fixes to the community maintaining the open source solution making turn-around of bug fixes considerably faster. Open source software tends to be more compliant with other industry trends and open source alternatives, vs. the proprietary NIH (not invented here) mentality prevalent among large commercial software vendors.
This is not to say that open software doesn't have its downside. The availability of source code makes it possible for hackers to discover holes and back-doors more easily than with closed commercial software. Installation and configuration is often a tricky, complicated proposition. You can't get an SLA for an open source program. Maintaining, integrating an operating open source software often requires a higher class of user or IT professional than shrink-wrapped software.
Organizations need to learn to better recognize and weigh the benefits of open source against its downside. And while there is a place for both open source and commercial applications in the business environment, organizations need to overcome the "false" impressions they hold of open source software and leverage its benefit.
You're a new coder, aren't you?
In most industries the QA department is a joke. A really bad one. QA is the last thing budgeted and the first thing cut -- because when you have a deadline to hit management always thinks that QA is superfluous. I've heard VP's state that it's better to have a buggy product out than no product at all. And the VP in question really didn't care just how buggy it was. With that kind of attitude toward release quality QA can be viewed as nothing but an impediment to getting product out (and, to be fair, some QA departments do view that as their job - preventing anything from being released). So some QA departments just rubber stamp things instead of doing real testing.
On top of that getting good QA people is extremely difficult. A good QA tester has to have enough technical expertise to design test programs, methods, and sets themselves (having the coders do this defeats the purpose of QA), but doesn't want to be a coder fulltime. That particular combination of abilities and desires is very rare indeed.
Finally, and perhaps worst of all, a good QA department is invisible. If QA has done their job then there will be minimal complaints from end users -- sure, there will be issues, but nothing huge. When you never have any huge problems, management tends to forget that it was QA that caught those huge problems before the product shipped.
Where does QA work? Usually in industries like Aerospace, Medical, telecomm, and power generation -- industries which don't have a margin for error. They have decades old QA practices that often got instituted the hard way. They also have relatively little competition and insanely high development costs.
Frankly, OSS does a far better job of QA than most closed shops, because the QA team is not paid by the same company/group developing the software. So there's no incentive to not report a bug, but there's also no incentive to block release -- if a major bug is revealed then Joe Blow user isn't going to get fired for failing to find it.
Oh, I'm sure you won't agree with me. Get another decade or so of experience in the real world and I suspect that you'll think differently.
Wow, FUD. According to our study we created to reach our preconcieved notion open source methods are superior.
Where to start?
Open source projects are generally quicker to respond to user requests.
I'm sorry but comparing two open source products to "commercial products" which is who? what product? what project? I don't see any quantative data besides a few lines refering to commercial products as a whole and saying the authors have experience with them is not scientific. I take exception to this because the paper sepcifically tries to appear scientific but yet offers no data comparing either project referenced (Apache and Mozilla) to a commercial counterpart or their ability to respond to bugs.
Open source projects tend to have a lower bug-rate than commercial projects
Again, where is the data? I see the scietific method they use for tracking bugs per line of code and they go into great detail comparing the two projects but yet we see no comparison to commercial project bug counts or the same method applied to commercial projects. The paper is laced with phrases such as "One might speculate". Yeah one might. Of course one might not speculate and offer evidence. If I create a hypothesis should I not have to back it up and test for truth?
And then there is the method of caculating bugs per line of code. They go into great detail about bug counts, when the fix was checked in, the lines of code, etc. But yet how do you measure importance? Some bugs are obviously greater than others. For instance, two teams create two identical applications. One application has 15 bugs and the other application has just 1. They both have the same lines of code, the same project size, same budget, everything is the same. The project with just one bug is obviously superior according to the methods they use, EXCEPT that particular bug allows a remote user to gain Root/Super User access. Which one has failed according to your quantitive data? Which project had the best method? They speak in depth about how this cannot be measured, then show you how they measured it?
Although I think this paper has good intentions and shows insight into some OSS projects,
1. The reference to commercial software as a whole is unfair and offers no value and
2. The method for caculating bugs is not an effective way to measure anything.
This paper is basically the equivilent of Microsoft, Oracle, Sun, or any other entity creating a study that never tests or proves anything and reaching a preconcieved notion. I can see this message being modded as a "troll" but oh well, this paper is not as scientific as it tries to appear.
"Open source projects tend to have a lower bug-rate than commercial projects"
True. But open source projects are much more precisely targetted, and less functional. Not necessarily in a bad way, but in a way that is very different from marketable commercial software.
Take, for example, IIS vs. Apache. On one hand, yes, Apache is so much better at serving web pages -- faster, more stable, more secure, cheaper etc. But functionally, they don't really do the same thing. IIS encapsulates ASP scripting, database access, file security, web serving, ftp serving, mail serving and a very powerful management interface. Apache is just a core web server. It performs one small task out of dozens, and as such the developers can concentrate on making that work best.
It's hard to do the same with commercial software. You have to keep adding features to stay ahead of the competition -- merely having the fastest webserver is not enough, because hype sells servers, not actual results. For this reason, there are a lot of open source projects that would never survive as viable market solutions. Apache's one of them...considering that "all it does" is serve pages and it relies on "third party" modules to do anything fancier than powerful URL rewrites and server side includes, its market price would be low and thus the margins. Never mind that it's stable as a rock while IIS is as insubstantial as a fart in the wind.
This is a big problem with the adoption of open source as well. You can't just "switch" like you can from, say, Word to WordPerfect. If you use SQL Server and enterprise manager, for example, you can't just "switch" to MySQL. MySQL has no totalitarian interface on par with enterprise manager. It has no massive searchable help database and no "for dummies" option for managing jobs and indexes. If you plug in to MySQL with a SQL Server only toolset, you're in for a shock learning curve, even if the databases themselves are on par with each other and MySQL less buggy. The difference is that what's important to the MySQL developers isn't what sells SQL Server.
Hey freaks: now you're ju
Also note the fast, and in some cases parallel development of derivative products. I don't have the details, but there are a host of 'Gekko' based browsers, and the direct spin-off Phenix is proceeding very fast indeed. People are reporting it to be useable and fast at the 0.2 release.
There is one issue to worry about (from the paper). One hypothesis is that if a project doesn't achieve critical mass, it won't get enough of a user following to get the many eyes effect. I suspect that this may be weakened by a number of factors. Even if a project doesn't acheive critical mass, it may be reworked in another form because the code is still available for experimentation.
In contrast, closed source development usually involves assigning people to projects. Their primary motivation isn't the software itself (which they will likely never use), but their job and their stock. Determining features involves a few people guessing hard about what features end users may or may not want. Oh, sure, they listen, but as anybody who has gathered requirements knows, users generally aren't very good at communicating what tradeoffs are important to them. And when closed source projects fail in the market, any new entrant has to start from scratch.
It's not surprising that open source development is winning in the long run. It's central planning (Microsoft, Apple) vs. a free market of ideas (open source) all over again. And we already have a good idea which of the two approaches of organizing large numbers of people around a common goal works better.