Slashdot Mirror
Does Open Source Need Quality Standards?
underpar writes "This Techworld.com article reports that a UK group called the Open Source Consortium is being officially launched today. The article further states that the goal of the group is to respond to claims that switching to open source is more expensive than using Microsoft products and to help smaller companies compete with Sun and IBM for open source contracts. They say they will not compete with other open source groups and they intend to eventually come to the US. The hype-filled about us section of their site says their Quality Standard Certification provides a "simple framework for self-assessment and performance improvement." The question of whether this is useful or even wanted in the US still remains to be answered."
Some open source projects do (carrier grade linux; linux in medical devices).
Others don't (screen savers, C# clones(to match MSFT's Quality Standards), etc)
Just because Linux is under the GPL which is an OSI aproved license does not mean that anything that has to do with open source has to be about linux.
... and rumor has it they're experimenting with this quality assurance idea called 'pier review'
Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose.
I like the dedication to quality evidenced in their About Us page:
We are a not-for-profit organisation which guarantees the the quality of open source deployments in the public sector (emphasis mine)
"Truth is not decided by majority vote" consensus gentium -- Norman Geisler
Short answer is YES, almost everything needs a certain level of quality standards for widespread use. Even MS has its own quality standards :)
However, who is to set these standards and who is to govern them is another question.
I have a subtle feeling that Open Source = Freedom, that's probably why we see so many forks and distros because "I would have done this that way, and I could".
So what is to stop a "US Open Source Consortium" being officially launched tomorrow because another group of developers have different idea on Open Source's quality standards?
Can Linus the most influential man gives a single, authoritative guideline?
Rock that crushes, Paper & Scissors that don't matter.
Be careful what you wish for.
Something "free" or "cheap" might be so for a reason.
I still say best open source is that tied to proprietary hardware then you really cash in.
As for la-dee-dah software, operating systems, etc, I stay away from those.
More to the point, isn't ISO 9001 one of those standards where you prove your ``quality'' by committing to following a process, and documenting that you do indeed follow that process? The inevitable result is that you can commit to shooting your customer in the foot, and document that you have done so, and earn the highest ``quality'' rating for it. That sort of ``quality'' isn't very reassuring.
See what I've been reading.
Certifications like this are often welcome in corporate environments where names and packaging often matter as much or more than the product.
... anything that lends credibility to OSS is, in my book, a good thing. So if this takes off and acts as some sort of benchmark for quality that people can rely on, I say more power to them.
Even if OSS is better in a lot of cases, many managers can't politically afford to introduce it because of the climate that exists in the still largely Windows-controlled world.
Any sort of
dmiessler.com -- grep understanding knowledge
If you have had Six Sigma traning, then you are definitely baffled about what it is.
--- Ban humanity.
Scientists wonder:
Do bears shit in the woods?
Is the pope Catholic?
I think we all agree that a business world based on OpenSource would be preferable to a Windows-centric system. To achieve this, high-quality-business solutions have to be written and found. I am running my own business and am using Linux on 5 machines. There is some old Mac, but I do not really use it anymore. To please the Finanzamt (the german IRS), you have to file reports, do some accounting etc. This has proven very difficult for me when I tried it with OpenOffice. So I searched for business software, e.g. accounting suits, ERP and CRM-Software. I tried for over 2 months and have compiled about 100 different approaches - but all of them were either abandoned, not scaleable to other countries needs (I cannot use spanish tax forms) or they simply didn't work the way they where supposed to do (I even had an KDE program that was published with internal static linking to the programmers home directory!). I finally settled with lxoffice (http://www.lxoffice.org), which is fairly scaleable and where 95% of the system works, but it was a hard fight. While I am accepting such situations as a hobbyist, as a business owner that's lots of time I am not paid for. Quality control could help in such situations, helping users choose reliable software. And yes, I'd be willing to pay for it.
Screw the FSM - Real geeks believe in the Invisible Pink Unicorn
YES !!!
And it needs to stick to them. Microsoft may produce buggy insecure code but I'm fed up of finding bugs in Open Source software and being told 'what do you expect, it's free'.
Ed Almos
Budapest, Hungary
The more corrupt the state, the more numerous the laws. - Tacitus, 56-120 A.D.
Based on the amount of abandoned projects, weak support, buggy code, inconsistent UI, and so forth I've seen in projects that were "neat ideas", I'd say yes, some standards would be useful. Especially when there are projects like Firefox, OpenOffice, and Gaim to carry the banner (plus many other lower-profile projects).
OSS still has a bit of a reputation of being "kids in basements wearing black t-shirts hacking out amateur software surrounded by Matrix screen savers" and not always undeservedly.
But not always deservedly either. And some sort of cert program (I leave to people smarter than I am the how, where, and when of certification) could be helpful. Would it make it more difficult for an innovative project to take root? Well, yes, but that would be the point, and it would guard against projects that are abandoned when, for example, their creators graduate from university.
I'm a big fan of Free software, btw.
Linux is quality. By having publicly available code, we can all make sure it's up to our standards. If it's not, then you are welcome to (a) not use it, or (b) fix it. So why the concern? Contribute to the community and all is well. There's no barrier to helping (such as improving a country). But seriously, Linux has proven itself worthy of being quite stable and for the most part secure (problems are bound to happen in such a large block of code, but responsible repair is key). Same with the core applications within it. The UNIX model is tried tested and true over and over again. It's still used so commonly BECAUSE it just makes sense... Try that in a windows world (click here, then here, then here... no wait- we moved that feature elsewhere in the latest 'security patch'). -M
when you see the word 'Linux', drink!
"Who is this 'We,' paleface?"
... MR. SUBARU!
:)
Lots of people are quick to say that someone else's work "needs" something. My car needs its cupholder in a sane spot, instead of so it just about blocks the radio buttons. It's true, but that's not exactly a demand on the car maker. Just a hint
Sometimes it's hypothetical and prescriptive; "Red Hat needs to compete in the market X, so it needs to advertise in trade publication Z and add the de-pre-mux-defrobnostication patch that this special niche requires." Fine
Other times, the "need" is expressed as an imperative, when the speaker has no standing to demand anything ("The GIMP interface needs to change!") etc, or (as in the headline here) where there is no single Thing to change. "Open Source" covers a huge range; it's like "Things that have the letter R." It's true that some of these things (like Catherine Zeta Jones) are beautiful, but it it does not follow that all things with "R" better our existence in quite the same way.
It's perfectly nice and positive and welcome etc that someone has decided to promulgate what they consider higher standards of quality for "Open Source" -- as long as everyone realizes that only a certain subset of open source software can be scrutinized by any given such body, that developers may have their own ideas (even if they are not universally popular, and even if they have no intention of following someone else's ideas of UI perfection), that open source's great advantage in this context is that UIs are a) frequently separate from the underlying code and b) forkable.
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
F/OSS needs more unified standards first! (like for packages).
This is indeed Geek News, but please keep it to yourself. The other 90% of geeks that have yet to be laid will get jealous and mark you offtopic out of spite.
Engineering is the art of compromise.
Certain versions of embedded and server Linux had already passed the Telecom Carrier Grade Reliability Test. Carrier Grade Linux is 99.999% Reliable. Any Window is NOT Telecom Carrier Grade Reliable. Microsoft won't even try because it will fail.
While i could care less about w3c compliant, *if* you decide to put up a link to w3c, checking valid xml stuff, make sure it's actually valid ;)
I can imagine an organized group like this, though, would be excellent at answering issues like corporate generated FUD in an organized and coherent way. That's our big problem, we lack representation (not counting eccentric geniuses with big ZZ top beards).
Luck favors the prepared, darling.
If FOSS is to conquer the end user market, there must be quality standards for usability (giving the system a polished look) and documentation. Many projects already are quite good at the documentation but a lot lack usablility in terms of "I'm coming from windows and I want at least a bit comfort by configuring the system via a GUI". That's not my opinion (I like the config-file-style) but it's how less technically experienced people think. And this is, after all the group of people that should be carefully driven away from monopolist software and at least use some free software.
SQA is essentially one of the most important aspects in software engineering. Depending on the nature of a software, open source or not, SQA is definitely a must and key to developing software that meets the needs of the intended end-users without sacrifycing quality. What's the point of having a software that has fancy features of this and that and yet crashes every now and then?
SQA helps to validate the software whether it is developed up to certain acceptable standards like whether it's functioning the way it supposed to, does it go berserk and stop functioning after the user keys in certain kind of data, etc.
Just because a software is open source and free, I see no reason why the quality should be compromised especially the operating systems, office productivity and development tools.
And so I really feel this Quality Standard Certification is needed, I mean just look at the numbers of governments and organizations is using Windows OS despite it's many flaws compared to the number of Linux OS adoption. The reasoning for this that "Linux is harder to use" is lame - it's obviously because of it's reputation and that Microsoft gave "quality assurance" to their product. What about Linux? Is there concrete proof that Linux is better that will convinced the government and the organization that it is a better OS?
Not only an overgenralisation, it is a redundant idea to boot. OSDL already provides a lot of the stuff they publicly talk about - code quality etc. The real purpose of the organisation comes to light when you read deeper into the site.
You need to be skilled in their "consulting framework" and you need to conform to some "financial framework" as well. Their membership criteria are mysterious (hint, you probably need to be a member of their club of buddies) and some of the organisations that are members (and knowing those organisations intimately, they probably are the drivers behind this thing as well) are decidedly dodgy - Open Forum Europe has publicly spoken as "Open Source Representatives" and as such, have signed a declaration supporting software patents. Looks to me like just another group of people trying to corner a market. Anyone remember the Open Group, and the "good" they did for UNIX? (another hint - a lot of the same people are involved)
This is so much the wrong crowd to hang out with....
People who think they know everything are a great annoyance to those of us who do.
Good to see "Dumb overgeneralization" modded to +5 right off the bat. Other replies in this thread also deserve "insightful" moderation.
Software should be held to whatever quality standards the customer requires, regardless of it's proprietary or open development process.
For products where quality IS important, published documentation, including source, code-change-history, published test-cases and results of running those tests cases, etc. can help ensure quality. Commercial outfits typically rely on outside auditors or "trust us" to show that they probably ship quality code. At best, they publish their test cases and the results of those tests. If we are really lucky, a few outsiders have reviewed the code and pronounced it good.
For projects where quality isn't important, well, nobody cares but the authors.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
You are mistaking a 'standard' (such as TCP/IP) with a 'quality standard'. One can make a program to follow a specific protocol, but that doesn't make it a good program at all.
We're talking about quality. How good is the finished product compared to its usage. Is a mission-critical application actually going to be stable? Does your application spend most of its time in spin locks? The quality is in the method of the implementation. A web server can answer HTTP requests without trouble, but will is do so well? Is it expandable? Is it going to advance? Is it useful? Are its libraries useful to other functions?
Quality is a 'degree of excellence'. So what makes the software you see on Linux better than 'average'. Why are we all using it? Price decreases our costs and barriers, but a degree of quality exists because there is a large user base creating quality, and demanding quality.
If you make code that is not readable or properly coded, nobody will use it, or people will say "I'm starting my own project" and fork off (as we've seen so many times in the UNIX world).
A good example of quality (IMHO) is qmail. Written well, coded securely, very functional, and very logical. And it has succeeded for those reasons (and hype). The tens of patches out there for it adding all sorts of neat features are people saying "this code makes sense. This structure makes sense". Adding features to a SMTP system doesn't involve mucking up the mail system. People like it because it screams of quality. A great deal of time, effort, and quality went into the code.
You mention a standard. We need standards in protocols- not in quality. The standard says that a SMTP conversation goes like this... but the style, programming language, where security checks are made, and so on are all up to the programmer or team of programmers. And why should we (you?) take away that freedom? If I want to make my code of low quality, don't use it, don't buy it, don't use the service I offer from it (not that I do produce poor code).
-M
when you see the word 'Linux', drink!
I tend to think of OSS as a war between different developers to see who's idea will be favored by the market. For too many years, implementation of ideas was up to some PHB. The problems of that system are starting to show. The idea that "well, it may not be the best way to do it, but at least we can all agree to do it this way" goes against the idea that the best solution will come out on top.
I think developers should continue to try new ideas and do it their way. If nobody likes their idea, their software won't be used and it won't matter.
The market will adjust. It may not be elegant or convenient to juggle several different packaging systems, for example, but people are doing it. Eventually, the best packaging system will come out on top because people chose to use it, not become some standards organization decided it was best.
These past few years of OSS have shown some pretty neat ideas in a short amount of time. I think it's going to improve at a faster rate in the next few years.
I've seen some difficult to understand jokes on slashdot, but "pier review" is not one of them. On the other hand, is there a special significance to "Pier 13?" Yes, I've googled it, but there's only so much time for me to waste till I get out of work.
Don't know much about Quality, do you?
I'll speak of these things in general, since they are essentially the same types of certifications (ISO, CMM, etc). If your customer agrees to be shot in the foot, and you shoot him in the foot, then the quality of that release is right on the money. One of the things that people miss (or fake) when implementing these processes is that they try to cut corners and fake-out the process. These certifications usually require that you get customer commitment to process changes. That means you keep your customer in the loop of communication. Therefore, you get them to agree to things and hold them to it. Customers don't usually like that, they love to wiggle and worm their way around commitments. But if you follow these processes, you can get them to document their commitment. They aren't very happy when they are called on the fact that they get exactly what they asked for, but in the end the point is to make them happy by getting them to ask for what they really want.
Everyone loves to put down things like the CMM and Six Sigma, because they "don't work". Just because you worked somewhere where it didn't work doesn't mean the models don't work, it means you didn't do them very well. And they aren't easy to do well, they take effort. Most places will cut corners and fake the behavior that they think will let them slide by to get a certification, then they will usually go right back to doing what they want. There is a difference to "getting to certification level X" and "operating at certification level X".
And the real definition of quality is the delta between what the customer expects and what is delivered.
My beliefs do not require that you agree with them.
Of course.
I don't spend my time reviewing others' code unless it is, for example, a smaller tool which is of importance (a third party suexec wrapper for example, or a rare Apache module from a less than perfect source).
My point was that:
1. We can if we want to. If something is that important, you at least take a quick look at it to see if any care was taken. This may be more so in smaller projects such as a perl script.
2. If you're not hiding it from other people, you're not ashamed of your potentially sloppy and buggy code being an easy target for anyone to exploit (not that a good hacker needs the code, but you see the point). It's not a black box.
3. People can implement features as needed in the code, and here they find security issues. The constant development to different platforms for big tools means that bugs can be found faster and advancement moves quicker as a whole.
A standard of quality is subjective and really depends on what is 'acceptable' and what you consider 'quality' code. Keep in mind that I'm not saying that M$'s code is not of quality or comparing them (for what Windows does (including application compatibility dating back to Windows 3.1) it does a decent job of it).
Simply, the optimal standard is pristine code that has all the features you want, no bugs, and will work on all systems. But we're in a realistic world. Having countless developers and testers makes some of these projects what they are and acts as a second check for many changes.
I'm not reviewing most of the code on the system, but somewhere, someone is catching the security holes and bugs you hear announced on the various tracking sites... so someone's probably doing it for you...
-M
when you see the word 'Linux', drink!
I'll give you that, but for every binary decision, you're going to piss off roughly half the people.
:)
There are security analysts who do spend time looking at the kernel, but it's a big job. As with most of these projects, they usually start becomes someone pays a security company to spend millions auditing it (ie: a government wanting to use it for sensitive data or voting machines). If only we could get every linux user to do one line of code *smirk*
BTW: FHS is an attempt at getting some standardization.
You mention 'designed for linux' and 'interoperability' which I think are tough ones. The big difference I find between Linux OS and Windows OS is that one company merges the GUI, kernel, drivers, shared libraries of 3rd party applications (DLLs), and (sadly) web browser into one. Linux, while having folks like RedHat producing distros, has no consistancy.
Now of course, I'm not saying anything you (or anyone on Slashdot) doesn't already know. But the key factor is that I can make my new audio board 'designed for linux 2.6', but the actual installation is different on every system. Some want a kernel compile, some store modules in one place, others will scream that the kernel is tainted when you load them. So how can one ensure that their board will work properly (and easily)?
There are a few attempts at standardizing hardware (as you mention linux hardware). The most popular thus far is DKMS: DKMS stands for Dynamic Kernel Module Support. It is designed to create a framework where kernel dependent module source can reside so that it is very easy to rebuild modules as you upgrade kernels. This will allow Linux vendors to provide driver drops without having to wait for new kernel releases while also taking out the guesswork for customers attempting to recompile modules for new kernels.
See http://linux.dell.com/dkms/ for more information.
when you see the word 'Linux', drink!
Seriously, if a programmer can't even put forth the effort to make autoconf work on more than one platform, then they won't have the time to spend on "quality standards." I've seen professional programmers spout "best practices" out of their asses for a long time, and, when it comes time to produce something, they are just as fast and loose as anyone. The reason: talk is cheap. quality is very hard.
-- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
My company has looked at Open Source alternatives for some technology. We are subject to stringent certification process for our aviatoin software. The quality of Open Source code (programming habits, style, algorithms), the comments, the organization, makes use of Open Source a no-go.