Slashdot Mirror
All Source Code Should Be Open, Revisited
cconnell writes "In my last article, I presented the idea that all commercial source code should be open. In other words, part of the delivery package for any software purchase should be a copy of the source files. If everyone saw software vendors' design and coding, the vendors might stop shipping us such lousy programs. The article generated a fair amount of controversy. My latest piece follows up on this idea and includes a few adjustments that respond to reader feedback."
the cost to develop an app will always stand before cost of quality of the app. to think that every commercial app will be released as open source is very naive.
Reading this and at the same time see ad for Microsoft .Net Enterprise at slashdot.
Ciryon
In any large software system, the truly unique code probably accounts for about 1% of the source.
Hmm, not on any large software system I've ever worked on... The important part isn't some magic 1% of the source, it's the fact that you got a group of people together for long enough to ship the thing.
This negates one of his basic points, and doesn't really contribute much over his previous rant...
Nae bother
If a company had to release their code for products they sold, it wouldn't do any good to the end user. The code would be way to complex for 99.9% of all users to understand. The only users who would really understand it are the programmers, and even then they would need to spend a LOT of time analyzing it (Assuming it is a decent size program) before they could even start to understand it.
The only people who would benefit are the releasing company's rivals, who would have the time & money to sit down and reverse engineer the code, and then rerelease it as their own.
Then again, maybe I'm missing the whole point of this and should RTFA.
No
If I spend 400 hours writing code for something I want to sell, I'm not gonna give it away. I'm sorry
I contribute to open source projects as well but, I have to eat. That's just the facts of life.
Support of user modified code is impossible
Competitors may take advantage of reading the source
It's "my money" that went into developing the source and "I" want to reap the benefits of "my" work
Bug handling would be a nightmare
There are several other reasons too. I'm not sure why all source has to be open source. Sometimes I feel that a lot of people just want a system to be Open SOurce just because it is The Right Thing (Tm), not because it would give them anything.
I have no problem with non-commercial software beeing open-sourced or even to a certain degree commercial software. But is it really necessary that ALL software is open source? I fail to see the need in all cases or the reason for it to be so.
If you mod me down, I *will* introduce you to my sister!
Now imagine every script kiddie having the full source to W2K or XP, or heck even Office. Lets say, following the rules of the article, MS removes the 1% of intellectual property and replacing them with stub routine. There is still enough there to determine the weaknesses, and maybe even enough to create a new trusted OS that really isn't trusted?
I understand the benifit is to be able to determine the weaknesses and report them back, but as fast a MS is at getting patches out, this would become insane really quick.
99% of the people absolutely don't care about the sources, why should they have to spend 20 more minutes downloading a bigger package if they absolutely don't care about it ?
Who do you think you are to require people to open their code ? If you don't like closed source software, don't buy it, it's as simple as that.
Authors also have a right to freedom, it's not only for the users.
The problem with OSS is that there is no money in it.
Some have said that the money is in tech support / documentation, but that is just as bad.
If your product generates enough tech support revenues to support a large project then you simply wrote horrible software, and chances are if you did write horrible software it won't be used. It's a paradox, so it probably won't actually happen. And people aren't that stupid - I hope.
And if you charge people for documentation, then I simply call that bundling. You are paying for a bunch of documentation that just happens to come with some software.
The way to make companies produce good software is to stop buying crappy software. It's pretty simple. If people stop paying for expensive tickets to go to professional sports then guess what, they will lower the price. It's simple economics of backlog.
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
I have been wanting the source for this wonderful program for years. ;-)
If we take source to mean the building materials of a program, everything else is open.
Words of a novel can be yanked off a page. You can order enough parts, individually, to make your own car rather than purchasing it from a dealership.
You can always order wood and build a desk yourself. Got enough heat? You can make your own wine glasses that are exactly the same as those ones off the shelf. Everything, in reality, is pretty much open.
There's a difference with code, though. If I write a program, a person with the source can compile it and use it without having any sort of skill. Whereas someone lacking skill can *not* write Lord of the Rings. They can't build a car for themselves that I'd wish to ride in. Their desk would likely fall apart. Their glasses would end with them receiving severe burns.
If you wish to compare source code to everything else that's open, then, by the Gods, compare it fairly - compare the compilers, the availible libraries, etc.
The tools and materials are there. The skill? The skill is why source is often closed, and in many cases, should be closed.
http://saveie6.com/
What kinds of steel were the supports and cables made of? What was the mix of the paving materials and how thick are their layers? Did the contractors skimp on the re-bar? How deep were the foundations sunk?
Just try to get this information about any big public bridge. They'll say, "We can't tell you for security reasons." ...just like certain software vendors we know.
-Rick
...and the closed source version of a car wouldn't work, but you can pay for support to give you the run around and try to convince you that YOU must be doing something wrong.
come on fhqwhgads
belong in National Enquirer, along with pictures of two headed babies and Michael Jackson.
The article itself is just blatant flamebaited advertising. I fail to see how he addressed any of the points in his previous article (which I also thought was codswallop).
Did anyone ever see films of the Verrazano Narrows bridge collapse? There's an example of a bridge that looks fine on external viewing, (even by TRAINED experts), but doesn't work for real. Joe Average knows squat about bridges, and won't recognize a faulty design unless he's falling into the river with it.
As for the 1% of "real" code in a product - what a load! If your key code is buried deep in some subroutine, then how can you "remove" it from your product and still make it functional?
Feh!
For mass-market products like Windows, Office, etc, (ie, those where the users themselves are not computer science people), I'm sure 99% or so are absolutely unqualified to look at the source code and make informed decisions about code quality, so they'd have to trust some third party. And even if there is some software "Ralph Nader", how much influence it would have over those users who haven't got any idea of the importance of "good" code is doubtful.
Incidentally, the mass market products are those most likely to cause a security risk like worms or viruses, because of the very fact they are used so much by clueless folks.
I'm not saying it won't work, but it may not be as effective as it seems.
There's 10 types of people in this world, those who understand binary and those who don't.
\i{Look at how today's technology compares to NASA. They sit and pore over every detail, examine and re-examine; approve and check. What are they using in the space shuttles? 386's for main computers still?}
BZZZT! And thank you for playing. They don't use '386s because they spent so long checking the code.... They use 386s Because they've been proven reliable. They spend hours and months poring over the code, providing traceability and working on correctness because if they fuck up, people die.
You can't compare NASA to today's "Ship it now! If we ship an hour later we'll lose $1M" business world. Totally different set of requirements.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
The lack of MS source has not in any way slowed the discovery/exploitation of Windows flaws. But because the only peoples looking that intently at the poor design of MS products are a) the people who poorly designed them and b) the exploiters and the kiddies who use their tools, the vicious cycle continues. Opening the source code could allow others with a more positive inclination in to help fix the problems and point out the potential future points of trouble.
In short, RTFA.
Ryan T. Sammartino
"Ancora imparo"
To put it simply, there is no profit to be had in selling software anymore.
/. poll.
Please tell me you are joking. Microsoft makes a lot of money off of software. How about Adobe? Macromedia? Real Networks? Symantec? The hundreds of game companies? Should I keep going?
I believe that source code should be released when the product is out of support (the source for Windows 95 should be release, for example). To release the source for commerical applications with many users (Windows 2000, Windows XP, even antivirus software) would just be insane because of the amount of hacking that would take place.
I do contribute on a few open source projects, but I do not believe that everything should be opened just because a few of us write code that is opensource. What is the percentage of OSS coders compared to programmers that code closed source applications. Might be a good
I'm the CTO of a software development company called Intellinger.
We're young, new on the block, and competing against some big fish in the performance monitoring space.
One of the biggest issues we have is trying to placate potential customers that are worried about us going out of business and leaving them with un-supported code.
To get around this, we've put copies of source code, with docs, build environments/scripts, etc., in escrow. This way, if we DO go down in flames, all registered license holders of our software are entitled to complete access to EVERYTHING required to support the software themselves.
This keeps our investors happy, our customers happy, and us, the developers, happy. There's NO WAY IN HELL that our investors, or me, for that matter, would condone or support making our entire product OS. We've spent a couple of years working on this thing, and we'd like to get some benefit out of it.
There is an infrastructure (that we call Brazil) that will probably be put into open source in about 6 months, but the customized/specialized modules that plug into it that we've developed will NOT be made OS.
Obviously, our position could change in the future, but for now, it's not an all or nothing proposition.
$0.02 (CDN)
Apart from word processors, spread-sheets and other "untrusted" apps, banks and anybody else who spends upwards of six mil a year for development and maintenance, will damn well make sure that they get the code.
For some of their stuff on mainframes and PCs they HAVE to to comply with banking commission and/or SEC and/or government regulations. Its more than just a good idea, its the law.
They have to be able to TOTALLY reassure the auditors and inspectors that NOBODY is 'skimming' pennies from each transaction. When you're talking a trillion transactions a day, week, month or year, it adds up to big time fraud damn quickly.
You CAN'T do that with a "pig in a poke." They get the source code to keep the baddies who can shut 'em down from shutting 'em down.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
What makes code good or bad?
Is it the resultant way in the program runs? Is it the effeciency of the code?
Finally, is it possible for two different programmers to look at the same source code and have strongly differing opinions about its quality, or is it a pretty much agreed upon criteria?
While I honestly do not think that an idea such as this will ever come to fruition, I cannot help but wonder at what the standard of judgement will be should it occur. If code is deemed to be good or bad based solely on subjective criteria, then I think the whole idea is doomed from the get go.
If brevity is the soul of wit, then how does one explain Twitter?
In an academic, Computer Science research sort of way, you're probably right. And there is a lot of common code in many applications, it's true - but that's what vendor-supplied and third party
The #1 cost in most software is time - to design, to code, to test and to document. That's what adds value. What you are saying is like saying that "houses should cost no more than the bricks they're made of, or that cars should cost no more than what the iron ore cost to mine. Hell, iron ore should be free, right, it's just sitting there in the ground waiting to be dug up!"
Here are the facts:
People like you will continue to say that software should be free, and you'll keep coming up with ways to justify your belief. That's fine, because you're fighting the laws of economics, and they're just as implacable as the laws of thermodynamics.
If 1% of the source were to have the magic, then if that part is hidden, basically all you have left is gui and i/o. So What's the Point of releasing it?
Furthermore, this guy somehow thinks that removing the #define is an effective barrier to piracy? I think I heard of something called a symbol table at some point.... maybe that would help black-beard?
This guy is just trying to stir up shit so that he can make a mark. The only customers that would be dumb enough to hire him, are the same ones that would believe his inane ramblings.
Good luck Mr. Connell, if you ever have a good idea, feel free to share it.
Ok, I thought the first one was pretty off base and utopian in it's thinking, and I don't think this one-page update to the artice does anything to improve matters.
:-)
/. crowd - we all know GCC or compiler of choice like the back of our hands. Or, for some, the palm of thier hands ;-)
/. crowd's heads part of the time (picking an arbitrary number here) So what point was it in handing the source for a accounting system to someone who who is a systems administrator? Parts and bits of it make sense, but, without the background in accounting systems, there's parts of it that could cause more grief than it's worth for a simple change.
Now, before someone decides I'm an anti-Open Source type o' guy, forget it. I'm not - I use Mozilla (1. 2 - woohoo!) for my browsing and mail, and Open Office as a most-of-the-time replacement for MS-Office (*SIGH* I still have office loaded for a few oddball things OpenOffice doesn't do right.) I've got a nice firewall (linux) and fileserver (linux) all running open source operating systems.
So, consider that before markin' it as troll when I say... Oh, PUHHHLEEZ!
Look, makin' an application Open Source does not garantee quality. It does not reduce code bloat (in fact, I'm starting to believe that at it's core, the Open Source way of doing things is starting to increase code bloat. However, the really slick thing is bein' able to fix that on a personal level with a simple recompile most of the time! But, that's a totally different article to write...) It does not garantee an increase in quality - just because you can LOOK at a bridge's construction, do you fully inderstand the architect & engineer's design methodology? Would adding another bolt hole here and throwing a bolt through it increase or decrease stability of the bridge. You have to be a specialist in the field to truely understand (just being an engineer doesn't cut it - you need to understand BRIDGES before you work on a bridge
Same applies to software engineering - while anyone could look at the source, and start hackin' at it, that does almost nothing for other people in the first place. You've got to redistribute the improvements, get it back into the source tree, and convince other people to re-compile before you do it. Most of the steps above require specialized knowladge of one form or another. (Before someone debates that point - no, not people don't understand how to run a compiler. I'm not talking about the
But, even then, some of this stuff is way above 75% of the
There's also somehow the impression that this would "change things". That somehow, because of magically having the source code available, this would make products better. Well, it's not going to increase the quality of the code from the original company who released it. And unless there's a clearing house for everyone to update thier application, what's the point? Overall quality doesn't improve, only single installations (or corporate installations where someone made the nessisary change and distributed it on the desktops - which to be honest, DOES indeed provide some promise to the concepts he presents in his article. Corporate licensing would be handy.)
Tech support becomes a nightmare too - "Oh, sir? You changed that bit of code? Sorry, can't help ya..." Let's face it, it's hard enough to support an application and all it's versions - it's hard to support it when someone can make a simple change. Add a public code repository to it, and man it just gets worse. Once the code is touched, there's no support anymore. (But, of course, if you know enough to mess with it, is it a downside? *SHRUG*)
Licensing would become an even deeper nightmare. If companies are putting horribly restricting EULA's on compiled products, imagine what they are going to want to do with the source? Sure, he talks about how to protect it with copyrights and excluding certain modules (more on that in a moment), but, companies aren't happy with copyright now, how will that improve with source code involved?
And of course, there's this interesting idea that you could just exclude some modules. Well, that does a couple of interesting things. 1, it defeats part of the purpose (but not all of it.) So there's still parts of the code that's buggy and unreleased. Whoo... what exactly did we fix there? 2, it would be an absolute Haven or Hell for Open Source developers. Companies would fall very quickly prey to people who simply replaced that core module, and suddenly have a working application - no need for the original developer anymore, just release a new open source core for the program. Open Source developers are going through a lot of effort to copy the current functionality of an application - if there was an even shorter route to gettin' the job done, someone would end up doin' it. Of course, given the paranoia level of some companies, Open Source developers could end up having to deal with ELUA's that prevent you from having looked at another company's source tree and writing your own. MS is already attempting this with a couple o' items. Why would the situation improve?
While it's an interesting set of thoughts, to me it comes down to a combination of personal choice, and company motivation. If you want the source code to an application, then choose your application wisely - use Open Office over MS Office. Linux over Windows. Etc. Almost anything out there has an Open Source equivalant (almost, not quite.) Use it.
As for companies - it's up to them to decide what resources become available to the end user, and under what license. If I can get one more feature out of Mozilla (contact synching with Windows CE... er.... PalmPC machines, not just PalmOS machines) I'll begin moving everyone in our offices to it - the combination of MS's licensing and features -vs- Mozilla's Licensing and features will make it a logical choice. Companies are now starting to have to take that sort of thing into account already - I'm not the only commercial developer out there deciding how much of my application (games, in particular) source I'm going to be providing to the end user. If Collaborative Source, Shared Source, Open Source, or model of choice where the user gets the source code, is truely of importance to end users, we'll see it happen. And the companies that didn't follow that path will have a hard time - adapt or die.
I personally choose to have applications that have the source available, as long as everything involved fits my needs. And, not including the "Everything should be free" crowd, I think that' show most users will have to make thier choice anyway.
Davis Ray Sickmon, Jr - looking for something to read? Check out my three free novels at MidnightRyder.org
The original article (and the subsequent followup) attempt to solve a problem using a desired tool, rather than looking for the right tool for the job. A lot like the old saying "If all you have is a hammer, everything starts to look like a nail."
The base problem that I think he's trying to solve here is that software quality is abysmal. That is, all commercial (and most free/open) software is riddled with bugs, many of which are well-known at ship time, but haven't been fixed.
Making source code available (whether as Open Source, Free Software, or a eyes-only copy-restricted) is orthagonal to this problem. yes, maybe, it could help. But that's incidental to the Free/Open software movement. And (as many people have pointed out), there are many problems with providing source with all programs, most of which are massive barriers to any help with quality of the software.
The fundamental flaw here is that commercial software's quality is the producer's responsibility, not the target audience's. In Free/Open software, the developers and audience have significant overlap, so it can be truly said that the audience can help quality. This is patently untrue for closed-source programs: the development community is very tightly controlled, and the user community has no real method of influencing quality (other than by not buying the product), even if provided with the source code.
So, this leaves us with the case of how to make the developer's produce better quality software. Fundamentally, we do this the EXACT SAME WAY all other industries insure minimal quality control: LEGISLATE IT. There are oft-quoted sayings about "if the car companies built cars like software companies build software..." and others to that effect. They all point a massive discrepency in the legal status of software: it doesn't play by any of the traditional product-liability and quality-control laws that every other product industry abides by. Yes, that will change the nature of the software industry: that's the point. And NO, it will not harm Free/Open software (as gifts - i.e. giving away something - are not coverd bty under the various product-liability laws)
You really want to fix the software quality problem? Require that software companies have a warranty of fitness. Require them to refund money for defective products (opened or not). Make them liable for damage caused by known defects. In short, treat them like anybody else. Software isn't special. It's time the software industry grew up.
See my previous post on why the software industry should quite being treated like a spoiled teenager.
The problem is real. The solution provided by the article is wrong. I'm right.
:-)
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.
He forgot:
"I don't want to show the source because we make a ton of money from crappy code and the maitaince fees we get for fixing our bugs."
You laugh, but I've heard statment very similiar.
Of course if people would stop paying companies to fix broken code.
We just bought some code, it had some bugs, the company wanted 200.00 an hour to fix bugs in there code. Outrages.
The Kruger Dunning explains most post on
I find the article somewhat lacking. The points from the other side which he addresses are ones which the open source movement has addressed from day 1.
Anyone who understands the open source movement already knows that peer review is superior to any internal QA process. Despite what the FUD claims, there is little question that the quality of open source software has been higher than that of closed sources software. I think the fact other people might see their software as "lousy" only accounts for a very small % of the reason why most software companies are not open source.
Intellectual property is a much bigger issue, one which the article's author failed to address properly. Right now, I may have no clue what the best way to design a piece of software to do some particular task. If some other vendor has already designed that piece of software and released the source, I might not understand the details of what exactly is going on, but it would not be too hard to get a high level understanding of how the software works.
From there, creating the better mousetrap becomes a much easier task. The design of the software is often as time consuming or more time consuming than the implementation.
Sure, if I used their work in the creation of mine, I have created a derivative work. However, copyright law is a very grey area. If I kept my work closed source, how could anyone prove that I didn't steal my design from their product? They could sue me, but it would be at great cost to them, and if enough of the implementation was changed, they may not even win.
Managing any company successfully is not a trivial task. Executive board meetings are not filled with people who want to create poor software and hide that fact from the consumer. However, when someone presents a concept that could a) help competitors get into their market and b) result in a huge loss in revenue (directly and indirectly), what do you expect them to do? If you were a developer at that company, what would you want?
Regardless of how good you are, there's always going to be someone better out there. Most companies are realistic and realize this. Why give them an edge on your company's business? Do you really want to be out on the street that bad?
Overrated Moderation: This posts sucks... because.
Long ago in a galaxy far far away... ... it used to be that ALL software was distributed in source code form, and then built by the customer prior to installing and putting it into production. The industry would have left things that way were it not for the fact that we were increasingly running into a number of big problems not solvable in that model:
- Customers didn't follow directions, so they always were screwing up the build and/or install. These were very simple tasks back then, much simpler than they are today. And in theory customers were far more educated since they were the very few who could afford those multi-million dollar machines and the huge costs of the rooms and facilities they required. Somehow, though, they still were able to find ways to screw things up, and support organizations spent much of their time walking
customers through these processes.
This would be worse today given many software users have no clue how to program.
- Support was a total nightmare as you never knew what source code customers were using.This was because customers would choose which patches to apply, and would add their own, leaving each customer with a totally unique piece of software. When something went wrong in it, it was impossible to know what the code was supposed to be doing, and what it was doing wrong.
While this might not be quite as bad today, since we no longer must rely on "core dumps" to diagnose bugs, there still is the basic problem of being asked to diagnose problems when you really don't know WHAT source code that customer might be using.
- the intellectual property problem... there were plenty of lawyers back then, but there really is a big problem with investing lots of money to build something, a unique set of code, and then making it easy for people to lift it. A variety of methods to secure it while still distributing it to all customers were attempted as there was tremendous cost associated with changing from a source distribution technique to a binary distribution technique, but none ever worked. If anything, today there is far more sophistication on the cracking side, so it seems even more doubtful that it is possible to secure code from mis-use when its considered IP. And there ARE valid arguments against giving away all code.
SO...
There were good reasons the computer industry turned away from distributing their software in the form of source code. I don't think they have been addressed, and thus I am unconvinced the equation has changed.
Freedom is a sloping mountain and everybody wants to get to the summit, forcing all software to be open would be climbing up over the top and then starting down the other side. Nobody should have their creations FORCED away from them, it's THEIR creation, so THEY should get to deside how to distribute it to people. Ideally all people/companies would open their software, but that doesn't mean that they shouldn't have the right to refuse to open it.
;-)
Richard Stallman has talked about how all software should be open and that's always been where I start to disagree with him. Again, I agree that it would be beneficial to the world if all software were open, but I still think that people should be given the right to choose whether or not they want release it as "open".
Oh well, it's not something I really need to take a whole lot of time thinking about and defending against because it's really an unpassable law (and pretty unenforcable too). Just think about it, it'd be about as unenforcable as anti-piracy laws
You're exactly right. When I buy a piece of software, it should work, period. I shouldn't have to look at source code at all, just like I don't have to ask Honda who makes their starters, and in turn as the starter manufacturer who they buy their windings from, and check out the winding manufacturers, and check the quality of the copper. That's bullshit. Software should be warrantied, and if it doesn't work as sold, it's fraud. Period. Software license agreements that say "we don't warranty this product" need to be challeneged in court because they are simply illegal. Just like those truck on the highway that say "we aren't responsible for damaged windshields". That's bullshit. They're carrying gravel, it's uncovered, gravel flies out and hits your car, they're liable, regardless of what the back of the truck says.
We need to see some civil cases in which software companies are challeneged based on nonperformance of their products. It's not my responsibility to check the source code. My responsibility ends when I pay someone for the product. Period. I don't want to see the source code. I want the product to work.
I do not see why source cannot be an integral part of the product. Yes, I am a developer. Yes I do want to be paid.
Let's look at the problems described in the article:
1. Piracy.
How is having the source making it easier to pirate things? People have been swapping microsoft binaries for ages. It is actually easier to just copy the installation disk (whether floppy or cd) than to recompile the program from sources.
2.Copyright laws.
Wouldn't it make it actually easier to check if people conform to copyright laws? If I release all of my source code and you are required (by the marketplace perhaps, not as a law) to do the same than it is quite easy to see if you copied some stuff of of me. How many people have wandered whether Microsoft has copied some code from GPL licensed programs (I doubt it personally). How many have the opportunity to CHECK if they have?
3. National Security.
I do not have a lot of confidence in a nation that bases its security on the ability to sweep them under the rug. The idea is to avoid having those problems in the first place! Maybe if this practice became accepted we would not have destroyers being run on windows.
4. Safety-critical applications.
Even if there is little to gain from having this code available to the users - not having it is worse. What are you trying to hide? If this is a safety-critical application then the answer should be "nothing, have a look".
Nobody is asking to release the source code without compensation. It's just that the source becomes part of the application. IF most people will not use it - then fine. What are you worried about? Is your code really that bad that you could not write good code if forced to?
Like the bridge analogy, you can see that the bridge is sturdy and will hold a sherman tank. That's swell. What you don't see are the misplaced rivets that will cause the bridge to fail in unanticipated ways.
In other words, this is a kick-ass design, and I didn't notice that off-by-one bug until it was too late.
Another thing to ask is what do people really want? Bug-free software? Of course! And you know what they say they really want on airlines? More legroom and good meals!
Unfortunately, airlines that provide more legroom and good meals are running in the red. Unsurprisingly it turns out what people meant is they don't care about legroom and actually want the cheapest possible tickets and on-time flights. They complain that Southwest Airlines sucks, but everyone still flies with them!
My point is that people want the cheapest possible mostly-working software. Let's say, for the sake of argument, that there somehow existed some kind of free operating system for which anyone could look at the source. Would it have fewer bugs than closed-source OSs? Possibly. Is that really important to people?
No--really. Is it?