Slashdot Mirror
Open Code Has Fewer Bugs
ganns.com writes "Reasoning, which sells automated software inspection services, scrutinized part of the code of Linux and five other operating systems, comparing the number and rate of programming defects. Specifically, Reasoning examined the TCP/IP stack and found fewer errors in Linux. 'The open-source implementation of TCP/IP in the Linux kernel clearly exhibits a higher code quality than commercial implementations in general-purpose operating systems,' the company said in a report released last week. Reasoning also compared the code with that used in two special-purpose networking products and found it superior to one of them."
in other news....duh
But bugs are cool..does that make me a geek for using Redhat?
I guess it stands to Reasoning that more developers hammering on code leads to fewer bugs. :)
Companies such as Oracle and Microsoft typically sell binaries incomprehensible to humans rather than the comparatively understandable source code.
After seeing this, I think that statement is being a bit generous
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
I thought this was common knowledge by now?
the more people working on a project, the better it is? I dont necessarily agree, although I do love open source software (no flames please)
Done slashdotting? Check out the hot or not babes at pajonet.com.
What if there were bugs in their code?
How about using a larger sample of code before making such bold statements. It's probably true that the code has fewer bugs, but when you abuse statistics it just makes things look dishonest.
The more people who can look at the source,
The more people who can spot bugs,
The more bugs are found,
The more bugs are fixed.
What I would like to know is whether or not the quality of open code is any better than closed code. Waitasec, RTFA!
-Mark
Pope is catholic
Bears are found to sh*t in woods
Free cell phone tracking
Over time, successfull open source projects which address a particular issue will most likely have fewer bugs; just being open source doesn't mean fewer bugs (or better software). It just means that it has a better chance, if it survives, of being better software.
"What we have here, is a failure to communicate." - Cool Hand Luke
Open source has fewer bugs.
Bill Gates: bugs are cool.
Ergo, open source is not cool!
I'll never forget Mozilla's DHTML bug. I'm still using 1.2 and when it crashes, I quietly curse the lives of the developers and restart the damn thing.
Given enough eyes all bugs are shallow?
Yeah right.
/. Where the truth
Guess it took a rocket scientist to figure that one out.
Let the linut zealot vs. m$ zealot postings commence!
and to them I say...
Someone's boxen is only as secure as their updates go...Not all m$ boxes are as secure as linux boxes and vice versa. End it there.
oh...read the article too...it's not even about m$
Is it me or does the article start out talking about a comparison of code quality the slide over into the Microsoft bad, Linux/OSS good?
;)
.1 errors per 1000 lines of code. Let the people know where the problems are so there can be less.
Its also kind of strange that they don't even disclose what they compared Linux (kernel 2.4.19) to. Not really a big selling point for Linux. Oh wait its free
On a side note, I would like to see the
Get paid to code OSS
Really? But I thought most commercial OSes derived their TCP/IP stacks from BSD code in the first place. And since BSD is open-source, shouldn't these commercial OSes show roughly the same level of quality then? Or are they arguing that the Linux TCP/IP stack is superior to the BSD one?
Cheers,
Ian
Reasoning, which sells automated software inspection services, scrutinized part of the code of the Linux and five operating systems,
Including the Solaris, the Windows, the AIX, and the HP/UX.
I want to drag this out as long as possible. Bring me my protractor.
Over time open source has the *possibility* of having fewer bugs. There are plenty of older open source projects that have TONS of bugs, moreso than equally old MS suites.
"I have an odd craving to whisper about those few frightful hours in that ill-rumored and evilly shadowed seaport of dea
I find the fact that they did not say what OSes they compared to be very... suspect. What about Mac OS X, FreeBSD, and other open source OSes that have Open Source TCP/IP implementations in their kernels? Since they did not say what OSes are being used...
"Reasoning declined to disclose which operating systems it compared with Linux, but said two of the three general-purpose operating systems were versions of Unix."
How lame. For all we know, they could have tested the Amiga OS, Mac OS 9, Windows 3.1, A/UX, and NeXTStep! Other than this, the article is pretty vague and does not seem to give me much meat on the subject, nor a link to the study (you have to go through some forms and give up personal info to get it at www.reasoning.com).
Conglom-O: We Own You (TM).
i'm switching to linux immediately!!
any1 know if the no-cd cracks for C&C Generals, mohaa, and morrowind will still work under linux?
Most cryptographic algorithims do not gain acceptance without being open to peer review to spot flaws and potential weaknesses...
So why should any of this article be a suprise or even particulary note worthy?
--- Users are like bacteria -> Each one causing a thousand tiny crises until the host finally gives up and dies.
...when they've got software like this for the halting problem.
The attitude I've seen in the corporate world is that open source products are made by amateurs and is therefore in some way not blessed by the magical corporate coding fairy which makes all the shit churned out by corporate code shops stink less. This attitude is arrogant and does not take into account the simple fact that all those people who got into programming just for the money tend not to work on open source products. When you've got code that is both written and reviewed by legions of people who love to code and who find good computer programs to be beautiful, you're going to get better code.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
The more points of view you apply to solving a problem, the quicker, and better you'll solve it. The beauty of human reasoning isthat no two people will view the world in *exactly* the same way, therefore each one of their respective paths to the solution will be different...Travelling that path to one solution can, as we know, lead to other SOLUTIONS to other PROBLEMS.. The more heads that work, the more solutions discovered . . and so on..
Open Code Has Fewer Bugs
The study looked at a single part of an operating systems (TCP/IP stack) and then the posting made a very general claim about open source software. This is cheap engineering (a.k.a. bad science). Period. You need a much larger sample to make such a claim. A single data point is meaningless. In fact, I believe that code bugs are much more a function of programmer performance and code complexity than open vs. close source development model. Opening the code may have a positive impact, but it is not the major factor to consider. The last thing Open Source needs is this kind of marketing strategies...Severity of bugs is more important that number of bugs. I could have a program with one bug, doesn't work. And you can have two bugs, feature broken and memory leak, but it works. Who is better?
I also like the assumption in the title that because linux was found to have fewer bugs than some other OS's that open software in general has fewer bugs. Take a look at some of the bug lists on sourceforge projects and tell me that again. Number of bugs varies by project, not by open-ness.
The GeekNights podcast is going strong. Listen!
Why did they test only one free software kernel while testing four proprietary ones? I'm not saying that if, say, a *BSD kernel was used, the results would necessarily be something else, but making general statements of open code by examining only one open project is certainly not very accurate. Although I suspect that these inaccurate conclusions are more in the Slashdot side than in the study.
'The open-source implementation of TCP/IP in the Linux kernel clearly exhibits a higher code quality than commercial implementations in general-purpose operating systems,
Well of course it does! The Linux and BSD IP stacks are benchmarks. This is where practically all protocol research happens - how would anyone be able to verify your results otherwise? Furthermore, only the free stacks are useful for compatibility testing because they are so configurable.
So obviously it stands to reason that this code is much more complete and bug-free than any commercial implementation. THOUSANDS of people are studying every single line of this code on an ongoing basis.
I've worked on a number of commercial IP stacks - some from scratch, and some based on Linux. Any IP stack written from scratch is understandably simpler, but it's not that hard to implement the essential RFC requirements (i.e. the "MUST"s) and make it stable. Now, making it FAST and making it use all of the bleeding-edge TCP stuff... that's another story. Only Linux/BSD are there (and of course any other OSes which use their stacks).
They decline to name the commercial OSes. In a world where DBMS makers often refuse to let reviewers disclose performance benchmarks, could this be because no company like Sun is going to disclose the source code for their OS so that some company can go and run a comparison of the quality of their code against their competitors ?
As for Linux beating one of two "special purpose" networking products, the flip siding of beating one of two is that one of two of the commercial OSes was superior to Linux.
Both to the linux dev team and to the commercial vendors. Pointing out an aggregate number of defects is pretty stupid without telling the developers what they are.
What I'd love to see is: If all of the significant defects found were reported, how many *still* exist 1 month later.
I am curious why they choose the TCP/IP stack. My guess would be that TCP/IP would be where Linux and BSD's would be the strongest. I am also a little confused because I thought Win2000 used BSD's TCP/IP stack.
I am sure those guys are alot smarter than I, but I am a little confused on testing.
Anyone?
Well ya know you can either go on cursing or upgrade...
"Mozilla 1.2.1 was released to correct a DHTML bug in Mozilla 1.2. The only difference between the two releases is the fix for this bug (Bug 182500). If you have already installed Mozilla 1.2, you should upgrade to Mozilla 1.2.1. "
yours ever, fz.
Sweeping generalizations have more critics
They chose the TCP/IP stack. That is almost certainly the best tested of all the components in Linux. It is used by everyone, so the eyeball count is particularily enormous.
If they would compare the implementations of something less popular, the numbers MIGHT be different. x.25 or something.
Stop the brainwash
I don't know which OS he's talking about, but Microsoft pinched their TCP/IP stack from *BSD. So open code has fewer bugs than, what, open code?
Blue skies, Barthy Burgers, girls...
The code for the shuttle's GPCs is closed, and it's regarded by many as probably the most bug-free code around with any degree of complexity. It's been upgraded several times since the '70s, and rarely have errors been found.
It probably had one of the longest development times for its size, too. Which helps a lot.
Quality has nothing to do with whether code is open or closed source. It's got everything to do with the environment in which it was written. Code written under extreme management pressure from a profit-hungry megacorp is just as bad as code written by an ignorant or uneducated dork in his basement.
What about BSD? I was under the impression that at laest one of the major vendors of commercial OSen (no names mentioned) had taken their TCP/IP stack from BSD. BSD is open source (at least, the BSD they took it from). Wouldn't that invalidate the claim that open source has fewer bugs?
---
"For every complex problem there is an answer that is clear, simple, and wrong."
-- H.L. Mencken
Please correct me if I got my facts wrong.
Specifically, Reasoning examined the TCP/IP stack and found fewer errors in Linux.
So they just looked at the code and found all the bugs. They must have the best programmers in history working for them if they could just look and find all those bugs that it usually takes years for mortal programmers to find.
Much more interesting would be a code comparison between open source samba and the micro$oft CIFS code..
Before we begin the bashing, let's note that two flavors of 2.4.19 were compared to two closed source Unix operating systems. Let's try to keep the evil empire out of this one!
Put identity in the browser.
TCP/IP is better on linux because many very talented people have worked on it. This is an area in which open source software development has worked well. However, it does not mean that open source developement always works better.
If they found 0.1 errors per 1000 lines of code, did they approach Linus and Co. to point them out? Has Reasoning submitted any kernel patches to address the errors they say they found?
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
As you can see in the article, they compare using ratios rather than exact numbers
Isn't it illegal to reverse engineer proprietory code?
Were they testing code from 7 years ago?
Can't you see that everyone is buying station wagons?
I thought we hate trolls at /.
Support Israeli punk bands. Man Alive.
The code I write for myself is the cleanest stuff in the universe. I get freaky about extra lines or lines that look "ugly" or inelegant.
.024 euros.
Now when I'm at work I toss out functional, ugly code. Doesn't work quite as well, but 90% of the users will never know that. I'll write catch statements for the most obvious errors, but I don't sit and brood about what some hypothetical idiot might want to do with the code. If there are enough people who hit an error there, I patch it, and move on with my life.
By and large, high production commercial code is sloppy. There isn't any profit to be made in making it pretty or elegant, and we all know how (for a random example) MICROSOFT feels about profit.
Open source is just the opposite; if you're not making any money on it, you're doing it for your own personal satisfaction, and I think most people find it more satisfying to have clean baddass code, rather than sloppy junk code. Heh. Especially when your NAME is on it, and the SOURCE is available.
Just my
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Reasoning "sells automated software inspection services."
The key word here is "sells." They would have a tought time selling this to open sourcers, what with everything wanting to be free and all. Instead, they show the big closed source companies that their code isn't nearly as bug free as the open stuff, therefore they really need to buy this.
I'm not denying that open source is less buggy, but always question the motivation of the company making the claims. Just because Reasoning's assertions fit your own neat world views doesn't mean that they are without bias or secondary motivation.
Do not taunt Happy Fun Ball(TM)
Actually, you've inadvertantly stumbled upon an excellent point.
No code is perfect to begin with. The BSD stack is still improved from time to time. The BSD stack that companies folded into their code years ago has since had some major changes and the companies haven't bothered to take many of those changes into account.
Had they been required by license (GPL) to keep the code open, then it could be fixed by other people. Instead, the implementation has languished. This in fact is one of Stallman's great resons for keeping all code free.
However, the reality of it is that our current environment still favors closed source software. With any luck, people will slowly start to wake up and realize that source code needs to be open for all software projects. Think about it. If it was normal to receive source with binaries, nobody would really think twice about it. It's only seen as a bad thing because it's not what Microsoft does. But the reality is that Microsoft has a business model that works well for them, a giant monopoly. The reason their competitors fall on their asses is because they are trying to play as if they were MS, which they are not. It's not impossible to compete with Microsoft, it's just impossible to compete head-on.
What I am wondering is which is the cause and which is the effect:
Microsoft source code is defective because it is closed.
Microsoft source code is closed because it is defective.
now we need to go OSS in diesel cars
Now if they could please point out the filenames and line numbers in question, perhaps we could eliminate the bugs altogether...
Comment removed based on user account deletion
like most police-trolls, your mind is so regimented with procedure, you fail to see the subtle wit of the populace you protect. Given the horrendeous copious amount of poor /. spelling and poor grammer, you, Captain, cannot prove that I simply omitted a crucial word to my post: the word "You're". sorry, that's a conjuction, not a single word. Granted, as part two (2) of my rant, 78% of all /. users do not know the proper difference between "your", "you're", or "Yore". So to omit the conjuction altogether might be the most brilliant move at all, to facilitate maximum hygenic communication. You cannot prove that my post was simply directed to the pathetic 2nd-poster who was aiming for first, with the omission of the word "You're not even close . . . to getting first post."
have mercy, police-troll. you're a funny guy.
>pure FUD it is nice of you to moderate your own post for us. >personally have not had a single Red Hat >distribution in 10 years that was better than >the at the time Windows version Which makes me wonder if you have ever even HAD a version of red hat. I am on RH8 and it works great. >The command line guys may find stability, but it >takes them 2 days to do a 10 minute task. I allways thought command line was more efficent for most things. Just not as pretty or easy to use. Anyway I recon you are trolling and if I wasn't so bored then I wouln't have botherd rising to it.
"Reasoning examined the TCP/IP stack and found fewer errors in Linux" The TCP/IP stack in Linux (and for that matter, most operating systems) was borrowed from BSD. Shouldn't this comparison be a testament to quality BSD instead of Linux? Paul Zimmerman http://zimmermantech.com/webcam.htm "Comments should be like skirts - Short enough to keep your attention, but long enough to cover the subject"
Listen to Live FM Radio
This is still an argument for the open source method, but I think that the code quality should be attributed to a different source. Perhaps it is not about an inherently good or inherently bad method. What if age is the key factor?
The Linux networking code has been in for a long time. Not in it's present form, obviously, but each change builds on the last; as it must in open source - it would be foolish to start afresh when you have something that works. So a cylcle develops and at each stage the code gets better. Compare this with proprietary; can they look at a competitors code? No. They must start afresh and so their code is effectively younger.
Further, if we measure software age not in units of time but in units of updates, open source has the advantage that there are many updates, there is always someone new to look at the code. No company can compete with the sheer quantity of viewings and therefore updates that occur in open source developments.
Carpe Daemon
Choose something--anything other than benchmark TCPIP stacks and see if the same heuristic holds. I don't know--visio vs xfig? open source word processors capabilities vs bugs?
equal.
that MS code is just as good as code written by an ignorant or uneducated dork in his basement.
He'll probably have his mom sticth it into a sampler he can hang on his office wall.
(Of course, personally, I don't think it's true. Bill has the resources to throw at code to make it much worse than any single dork can, but that's just my opinion)
KFG
If they inspected the code and found bugs, I have two questions:
1) Have these bugs been fixed now?
2) Why didn't they do this years ago?
Two key points are that (1) most of the bugs Reasoning found are false alarms (which is an occupational hazard for this kind of analysis), and (2) one reason Linux does so well is that those lunatics at Stanford have been doing just this kind of analysis for quite some time, so most of the easily-found bugs were found long ago.
This doesn't invalidate any of their conclusions, of course: the Stanford lunatics haven't been analyzing NT, they've been analyzing Linux, and for sound academic reasons.
begin troll
This may be another feather in the Open Source cap, but I wonder if Open Sources is a good thing in the first place. Think about it for a second. Linux replaces Unix in the server world (which is happening). Companies that make closed source Unix OS's lose money, then they fire people. Company's get used to not paying for software so they start using Open Sources more. More closed source companies lose money, more fire people. Just something to think about when your hacking away at your latest kernal patch. You are writing software so companies can spend less money, executives can give them selves big bonuses for saving money, and vendors can fire people. I'm a consultant for big companies, I've seen it, it happens.
"Failure is not an option, it's part of the standard package"
...they found bugs in all of the things they looked at. What I want to know is whether they entered the damn things as bugs in the proper bug tracking databases.
this is news to /. readers?
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
... so with the luxury of time, it _should_ be less buggy.
I don't think releasing the source is necessarily a good thing for a commericial app. How would you control updates and mods? Where would the configuration control come from? I just had my first encounter with CVS at Sourceforge. _NOT_ straightforward. I don't think you could scale that up to a million purhcasers.
"Consensus" in science is _always_ a political construct.
It's great to compare the TCP/IP stack, but how about weird UI behaviors? I've seen plenty of those...
reminds me of this fool
While I would tend to agree that, all things being equal, having millions of people reviewing the same lines of code and having a large number of people actively partaking in the authorship will contribute to quality, it is disingenious to assert that participation (and hence quality) naturally and necessarily flows out of open source code. Just because code participation can happen does not mean that it does. Linux is exceptional. It is #1 out of a very small group of open source code bases (e.g., Apache, Bind,...what else) that really enjoys that substantial levels of participation. Not only is most open source code currently not popularly participated in, even essential and important packages (e.g., Open Office), but I do not believe that this such popular attention can scale in the future to support other kinds of code or a much larger quantity of code. Linux enjoys being the most prominent open source code package and it enjoys a relatively narrow scope, i.e., it's just a kernel. [The open source community loves to use the varying definitions of Linux interchangably, they talk about Linux as if it is Windows, i.e., a complete OS, but then when, say, security bugs come out for one of the numerous utilities, they assert that Linux is just a kernel (the correct definition)] Under the smaller kernel definition, Linux enjoys a couple key advantages over most of the areas that the open source community presumes to conquer:
A) Linux is percieved as being a worthy task of a "hacker" (e.g., elite, low level, etc)--as opposed to, say, a word processing suite or one of the many mundane but important features that may save users millions of hours.
B) It is so popular for users and such an exclusive focus, you can be sure that a significant contribution will be seen by many geeks, again, unlike a word processing suite
C) Because it is relatively small, especially if you throw out all the drivers and the experimental stuff, and leave it to things like the very popular TCP/IP stack (which was reviewed in this article)
Linux and some of its associated code are very good in some respects as a result of their incremental improvements and bug fixes. The trouble with this is that when you significantly expand the scope of Open Source efforts things start to fall apart. In such a relatively unstructured environment as the popular open source method, i.e., little to no centralized development/testing/etc, there is every reason to believe that the overlap is key. In other words, since there is really no official QA or group of individuals that can be told or expected to methodically test, evaluate, or fix areas, the open source community essentially depends on random overlap. When you have a sparse group of competent developers or testers, you will run into trouble, as in the case of word processors. Likewise, when you depart from the relatively well established world of the kernel, when you start having to develop everything, not just the code, but the framework, the UI, the API, etc, from scratch the dependence on overlap becomes more and more of an issue. It's one thing to accept the a small patch for a well established tcp/ip stack, it's another thing entirely to have to coordinate the changing of a whole API, to make multiple pieces fit together seamlessly, without a more concrete organization (which can just barely happen in the manner popular open source development method).
Code review is a good thing, in and of itself, if nothing else, for its ability to make those many incremental enhancements and bug fixes. From a strictly technical perspective "open source" code can work as addititive, i.e., you develop, say, your Word processor with a more traditional software group, and then you allow the public to contribute. THe trouble with that is that for most code there simply isn't a viable business model that can support that sort of development effort, or at least, I don't see one and none of the current methods really compute, and as a result open source fails to deliver. I think that there are areas where open source code can thrive. For instance, I'd love to see IBM and a coalition of other software and hardware companies band together to make Linux (or some other kernel) into a complete OS that is every bit as easy to run as Windows and more stable, flexible, etc. It'd be good for everyone involved (except for MS of course) and it's quite doable. However, except for cases like that, where you have a very definite common good, i.e., a reasonably priced OS/API that allows strong and equal footing for 3rd party developers and manufacturers, there simply isn't a formula to actually pay for development. Consequently, open source will not produce better code by and large.
How lame. For all we know, they could have tested the Amiga OS, Mac OS 9, Windows 3.1, A/UX, and NeXTStep! Other than this, the article is pretty vague and does not seem to give me much meat on the subject, nor a link to the study (you have to go through some forms and give up personal info to get it at www.reasoning.com).
Reasoning is not a research entity, they are commercial code analysis contractor. They make their money by having large companies pay large dollars to run lint against their code and perform some additional analysis.
The reason they don't reveal to what they compared Linux is that they are under heavy NDAs from their customers. They couldn't very well say that "Linux stack has fewer bugs than Solaris'" and expect Sun to keep paying them. (I don't know that Sun is a customer, it's a hypothetical.)
The likelihood is that stacks used in comparison are current versions from large corporations and not obsolete code. Large corporations are the only entities with both the means and motivation to hire Reasoning and that's how Reasoning gets the source in the first place.
Finally, Reasoning doesn't have any interest in free software or Linux so this isn't blind advocacy. It's likely a straight comparison of numbers running their standard suite against Linux and comparing to their records of current customers.
If Reasoning found bugs in the Linux TCP/IP stack, then they should contribute to the community and send bug reports (or fix the code).
Tony
My point is, you can pick a random example of code and draw conclusions about that code from it. But you can't make sweeping generalisations about all code from that. Hence the fact that this article only looked at TCP/IP stack code is flawed. You can't draw generalisations out of this just by siting an example.
Bob
as if there's nothing "commercial" about Linux
Well, when was the last time YOU (or someone you know) got paid for submitting a Kernal patch that you developed on your own time? The ownly thing commercial about Linux is the Red Hat's and IBM's making money off of YOUR backs.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
But this is only part of the big picture. Other key components are security (where OSS also does quite well) and usability and compatibility, where Linux still has a long way to go before it can make serious inroads into the mainstream market.
People coding something because they want to (and because they need it for something for themself) leads to better code. I know when I do something for myself, I don't half-ass it.
Coding for the end result = quality
Coding for a living = paycheck
Any questions?
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
I'm afraid there's a bug in your logic: implication is not the same as equivalence.
"Bugs are cool" does not mean that things that are without bugs are not cool.
Don't feel bad.
At least you can know that you're cool.
Mod me down and I will become more powerful than you can possibly imagine!
Open Source is still largely deveolped as a hobby of enthusiasts. Some companies have their hands in the pie too, but even the resultant effort seems to be more in the style of the hobbiest than of the typical company effort.
Two factors. When I develop closed source apps for work, especially if it is something I have no real passion about, I tend to have messier code. No one is going to see it anyway. If I ever change jobs, a potential employer isn't going to ever see that code to review my style. If no user or the community in general will not see it, I'm more likely to take riskier shortcuts and settle for inelegant hacks. As long as no obvious runtime problems occur, then it is enough. When I submit patches for open source applications, I take more pride in the work. I want it to be clean, easy to read and follow, and free from amateurish looking code.
Secondly, even when I would like to re-evaluate approaches I use in a commercial environment, the business end of things will push deadlines. Time that I would have normally taken to go back, clean up, and rework the bits that work, but are too inelegant is denied. There is a significant amount of care with respect to market trends, customer demands, and marketing promises that interfere with quality code. With open source, you do it as you feel like it. Take as much time as you want. Sure, there are frequently deadlines in large projects (feature freeze, etc), but the penalty for not being able to meet those deadlines just means your work will be delayed to the next release cycle. There is no danger of losing your job, and even if consistantly missing feature freezes means you lose cvs write access, or are not taken as seriously, it really is no skin off your back, and you can almost always get back in through picking up the pace again...
XML is like violence. If it doesn't solve the problem, use more.
The Linux defect rate was 0.1 defects per 1,000 lines of code, Reasoning found.
</i>
So they DID find errors. Did they submit bugreports??
<i>
The rate for the general-purpose operating systems--two of them versions of Unix--was between 0.6 and 0.7 per 1,000 lines of code.
</i>
Linux is a general-purpose operating system. You cant really be more general-purpose than Linux. From desktop and gaming platforms to PDAs and serverfarms and vector-processor crays. Windows is comparatively a narrow-market OS.
Nice article. I just dont quite understand what they mean by quality of code beside statistically taking performance and stability. And I do mean statistically. For a one-day test, any OS will run fine and fast. Try a 6-month marathon with at least a 50% load average and 100 processes, both with heavy paging and without it. Stress-testing brings out real qualitities.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
Yeah, like when government offices ship things with FedEx. Is it a "secret" show of solidarity with the USPS?
Well ok, I forgot about that possibility sorry.
How the hell can you live with 0.98? It's unbearable to use...so slow...
You can:
a.) buy any linux* magazine, whichever country you're in, which will have the latest moz. That's valid for most european countries, and possibly the US
b.) get a patch from the company that makes your linux distro, that sometimes works
c.) download it in an internet cafe, then burn it
d.) download phoenix, it's less than half the size
But yes it's considered good practice to wait at least 1-2 weeks before upgrading stuff that's a pain to update, and a few months for server software.
yours ever, fz.
...the comparatively understandable source code.
:) I imagine they too have seen some almost incomprehensible source code.
Lol
Get your own free personal location tracker
The Linux IP stack is a complete rewrite and doesn't derive from the traditional BSD sockets code at all. In particular IP packet formation between Linux and BSD is completely different. The header and tail portion of an IP packet is handled in a single pass through called an "sk_buff". In BSD header and tail formation of the packet is handled in two passes, one for the header the next for the tail, in an "nbuf". The BSD protocol implementation is traditional and the one described in TCP/IP Illustrated, while the Linux implementation is completely new. I believe that one positive feature of the Linux implementation is that it has allowed for zero copy networking, though that's a limited benefit which is only of use to a very small subset of servers connected to very fast network links. A big positive of the BSD stack is that it's old, rigorously tested, and very well documented. Note that the System V Streams implementation is completely different as well, so Solaris and other SysV derived kernels follow their own method for packet formation. I make no claims that any of these protocol implementations are better than the others, only that the code base and history are completely different.
I've attended a few USENIX kernel internals courses but that's the extent of my competence (have poked through the source out of curiosity though). Please feel free to post additional information or correct any mistakes I may have made.
Cheers,
--Maynard
Avionics code is bug free because its proven mathematically for correctness and undergoes tens of thousands of hours of rigorous lab testing. At least that's how its supposed to work.
For example, the code flying the Boeing 777 flew literally millions of flights in every possible variable and condition before a single prototype of the plane ever left the ground. This was to catch any possible faults that the rigorous mathematical analysis didn't involve.
How or why ariane failed to do apparently either of these is shameful and shocking. But perhaps it is incidents like the ariane that led honeywell - and all modern avonics designers - to go the lengths they do now to validate the code.
-
Well I have a copy of the PDF in question, such as it is.
In addition to being a shameless plug from
some commercial program, the CNET article
her insults our collective intelligence by
sayin
Source code is the collection of instructions written by people and later translated
into "binaries" that computers can understand
Iam not trolling. But I bet there are
companies out there who just want to exploit
the websites reach by cheaply disguising
marketing gimmicks as news-bytes. Now if the
same thing was opensource, we could benefit.
Btw, does having a low bug count prove that
some OS is more usable?
...are made up on the spot.
How can they even know the rate of bugs in the code? It mentions automated defect detection software. If this is their benchmark, I am extraordinarily skeptical.
Windows is not explicitly included in their list of OSs. Gee, one would think that in order to laud the relative merits of open-source, it would be prudent to compare it to the most popular closed source one around. Just maybe?
They used the TCP/IP stack as the testing grounds. As most everyone knows, the TCP/IP stack in Linux is descended directly from the BSD stack, probably one of the oldest, most stable implementations around. It would be a lot more meaningful to do this comparison on some part of the OS that has a lot of churn, rather than one that is relatively fixed for a long period of time.
I smell ridiculous claims and baseless conclusions.
Yup, you're right. Thanks! Looks like Drew Gallatin and Ken Merry have put together a zero copy solution along with a Tiger TG3 Gb driver for FreeBSD. They have an interesting FAQ on the project and development status here. Most cool...
--Maynard
I wish they would report on specific errors so developers could actually use the information for something other than just brag about it...
This way, Linux will look even better the next time they run this comparison.
Demeanor
From the site:
Please adjust your change rate.
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
'Cause if my Space Shuttle's code ever had ANY bugs, you just know I would be in DEEP . . .
Of course, bugless space shuttle code is probably very expense per line . . . maybe $10k per line to write and maintain (total BS number, but you get my point). I doubt Open Source development can beat software development with an infinite supply of funds and extremely narrow purpose (not many developers would need it enough to code for it).
You know, just because space shuttles get the best gas mileage (1 tank of fuel/ many orbits around earth), doesn't mean you want to compare them to the car industry . . .
Sdelat' Ameriku velikoy Snova!
The answer is simple. They often do force you to half ass, cut corners, or even write to a horrible design created by someone with no idea what he is doing. So often I have seen commercial software that I myself have worked on go out in deplorable states due to deadlines, budget reasons, or just plain bad managerial decisions, forcing the coding to be horrible, sleep deprived, and poorly debugged. Last time I checked, I don't have a deadline on my personal projects, therefore I can spend all the time I wish to obsessive-compulsively making sure everything works exactly how it should. It's not a matter of willful half-assing, it's a matter of circumstantial half-assing. Excuse or not, the fact is that quality comes from having both the time and the freedom to do it right.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Or certian commercial vendors force a bug into an os for punishment for not showing up for a meeting.
http://saveie6.com/
This post reminded me of a question I was pondering last week. What makes one software program better than another software program? Is there a way to quantitatively measure how good a piece of software is? Would we measure the "goodness" of software by, the number of bugs it has (or rather the lack there of), the number of lines it took to write it, how long it took to develop, the type of license (open vs proprietary), the efficiency (how long to takes to run), the language it was written in, ease of use, etc, etc, etc? My guess is we would have to come up with a convoluted mathematical formula to measure the goodness of a program. Anyone care to take a stab at it?
I found this whole thing a bit suspicious from the start, and my initial reaction was much th same as KefkaFloyd's.
For the RTFA-impaired, here are some choice quotes from the article, and my take on them.
IE: This is not in any way a verifiable scientific study, it's a means to attract people to our web site.
IE: More of the same.
IE: They tested for basic mechanical errors. It's sad that production code should have these, but anyone could run tools (probably just like the one these guys sell) to fix them. If your process includes automated runs with Lint, Purify, etc. then you should never suffer from these at all. It's actually a pretty damning indictment of all concerned, including Linux, that any such bugs featured in a piece of code as small as the TCP/IP stuff for an OS.
And best of all...
IE: The playing field was not level. For all we know, they compared state-of-the-art yet-to-be-widely-seen algorithms from next generation OSes to tried and tested from Linux.
Hell, for all we know, one of the big Linux distributors commissioned the survey in the first place.
And yeah, I gave up at the point when they wanted all my contact details with no statement about how they'd be used, too.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
http://www.kuro5hin.org/story/2001/6/19/05641/7357
One type of check they did was for null dereferences. Here is a list of possible NULL dereferences for the 2.5.60 kernel.
This is from the Smatch project.
It is natural for open source projects that survive to become very high quality. Look at it this way: If you buy proprietary software from a corporation, you can be sure that they are motivated by the bottom line.
Corporations are there for one reason only: profit. This in itself does not mean that the products that they put out will be inferior. However, being motivated by profit means that:
1. They will push their employees to put out a product quickly.
2. If a product has flaws, it is the bottom line that dictates the priority given to fixing that flaw.
Open source on the other hand is completely different. Although it can be motivated by profit usually it is not as much. A lot of people do it because they just want to do it. This in itself does not make open source less buggy. I would say that most young projects have as many or more bugs in them than proprietary projects.
However, if the projects live for a long time it is because dedicated coders have decided to spend their time improving the product. This dedication over a period of time without the pressure by management to quickly push the product to market is the reason that open source becomes better than proprietary software.
The race isn't always to the swift... but that's the way to bet!
Why has Slashdot not mentioned the recent Debian trojan horse? Open Source is not impervious to bugs or trojan horses.
The trojaning of mICQ
The story, it seems, is this: Rüdiger Kuhlmann, the maintainer of mICQ, had a disagreement with Martin Loschwitz, the maintainer of the Debian mICQ package, on how that package should be built. Mr. Kuhlmann complained that an old version of mICQ was shipped, that it contained bugs which had been fixed upstream, and that his name had been removed from the copyright file. The disagreement had apparently been going on for a while.
Mr. Kuhlmann decided that enough was enough, and he was going to take some action. As of mICQ 0.4.10.1, the code will, when built for the Debian distribution, print out a message which says some unflattering things about Mr. Loschwitz and encourages use of a different version; the program then exits. In other words, when built for Debian, mICQ thumbs its nose at the user and refuses to run. To help ensure that this code got into the official Debian version, it was written in an obfuscated manner, set to trigger only after February 11, and only if it was not being run by Mr. Loschwitz.
cpeterso
Yep, I've had every red hat distribution since it came out. I can lock up 15 programs in Red Hat 8 in less than 30 seconds. It works great for you because you don't do anything with it but type ls at a command prompt. Anyone who thinks command line is more effecient is a non-opinion - you just simply don't know enough about computers to even count.
This whole fucking 'if you're not against Microsoft you're a troll' attitude on Slashdot is why it too has become a non-opinion. But thanks for your well documented and factual comeback to my post, it is so much more full of facts and not opinions. It makes me want to run out and delete all my Linux partitions right away.
slashdot troll = you make a compelling argument I do not like the implications of.
Well most of the TCP/IP stacks out there ARE BASED on Open Code (as in BSD). this just shows vendors are slow to patch their code.
The old saying about "many eyes makes all bugs shallow" is true even for propeietary code. I have been working on proprietary software for most of my career. My own opinion is that software made by companies with collective ownership policies is of better quality than software made by companies which allow for individual ownership.
At some places where I worked, some people just "owned" some of the source code and for whatever reason, nobody else was allowed to touch it (or sometimes even see it if the boss owned the code). Anybody else who wrote anything dependent upon that often found a lot of bugs in that code, and just had to wait until so-and-so got around to fixing it. Some of eventually wrote a replacement for that whole component, and obsoleted the original.
At some places where I worked, and at where I am now, the rule is that we all own the code collectively. Sure, there are some people that better understand some parts of the code than others, but nobody tells anybody that some code is off limits. It is easy to just go in to some section of code, fix the bug, and move on.
A fair comparison would have to include a full suite or at least a representative suite of everything in common that is provided by Mac, Windows, and GNU/Linux without picking things that are "mature". It would also have to properly define usability problems, installation difficulties, hardware compatibility problems (which of course the Apple solutions fail by design) and other design flaws as bugs.
Linux would fall behind the others as you get away from the absolutely core critical components. Heck, in a lot of cases, you'd be comparing beta code to production code just because there's no maintainer for critical pieces.
It would be hard to pick a more critical component with a longer history than the TCP/IP stack.
Run the test again with the main components of a modern OS including media players, browsers, complex file systems, etc. and the picture would change.
Just because the network stack in Linux is high quality, does this mean that "open code has fewer bugs?" I don't think so.
Currently hooked on AMP
Do you talk out of your ass often?
"the General Public License (GPL) that governs Linux and many other open-source projects"
Just need to remind people that the GNU GPL is not an open-source license and never has been.
It is a Free Software license.
If anyone dissagrees, try reading the GNU GPL and tell me where is says "This software is open source software" instead of "this software is Free Software".
And no, I'm not refering to free as in price! I could sell as much Free Software as I want, for as much as I want. True, I may find it hard to make a lot of money, allthough RMS did make quite a good living off selling Emacs.
"The Linux defect rate was 0.1 defects per 1,000 lines of code, Reasoning found" (From the article).
So, ideally now that one bug in that 10,000 lines has been fixed? Ahh, the beauty of open-source...
you plageriser you! Bill said bugs are cool first
I think that many commercial, closed-source writers work in this way. I think here specifically of Gaming Industries, where profit drives much of it forward. I can't believe just how many tonnes of games go into commercial release & production with a huge amount of bugs, despite "extensive" beta-testing. SimCity4 springs immediately to mind.
To me it feels as though once developers complete writing their code - and only levels, designs, etc. remain - they feel too reluctant to make any indepth changes and figure they can simply sort it out "with a patch if enough people complain".
Well I don't consider that good enough, hence my recent n00bie conversion to Linux and open-source in general. =;-D>
---------
"I can DoS people's cars from my GBA."
The want you to request the actual paper by filling in a form. This is the URL they sent me http://www.reasoning.com/downloads/Open_Source_Whi te_Paper_v1.1.pdf.
To those accustomed to the precise, structured methods of conventional
system development, exploratory development techniques may seem messy,
inelegant, and unsatisfying. But it's a question of congruence:
precision and flexibility may be just as disfunctional in novel,
uncertain situations as sloppiness and vacillation are in familiar,
well-defined ones. Those who admire the massive, rigid bone structures
of dinosaurs should remember that jellyfish still enjoy their very
secure ecological niche.
-- Beau Sheil, "Power Tools for Programmers"
- this post brought to you by the Automated Last Post Generator...