Slashdot Mirror
No Respect for Windows Open Source
man_of_mr_e writes "Shaun Walker, one of the founding developers of the DotNetNuke Portal/CMS has written an interesting piece about Open Source software on the Windows platform. "It's hard being an open source project on the Microsoft platform. Because no matter how hard you try to exemplify true open source ideals, you will not get any respect from the non-Microsoft community." He also says "There are Open Source zealots who believe that unless an application is part of a stack which includes 100% Open Source services and components, that it can not claim to be Open Source. [...] But does this "stack" argument actually make any sense?""
I routinely install Cygwin, OpenOffice, Dia, Python, Ghostscript, GIMP, and several other lesser apps on my own personal windows machines. Aside from games and CAD, I can get a pretty complete system using free software.
It is true though that for some unknown reason, corporate IT people won't even consider an open source app most of the time. Why businesses continue to hire these wastrels is beyond me though. Companies will throw millions of dollars into crappy proprietary software, then cut jobs when the red ink starts appearing.
Clickety Click
It's good that this is modded as funny.
People often quote the number of security advisories against a product as evidence of how secure it is. In some cases this is warranted, but this is not one of them... a general rule: comparing closed source and open source products in this fashion is not valid.
Most security flaws in open source programs are discovered by people looking through the code, and noticing things like unchecked buffers, etc. In closed source programs, these types of flaws are found generally through more sinister means. What this means is usually closed source vulnerabilities are less frequently reported, but when they are they are generally more serious -- not because the potential exploit is more serious, but because it's almost always guaranteed that at the time of discovery a working exploit is already loose in the wild.
And there are many other factors involved as well. Apache does WAY more things than IIS does (when you include all of the add on modules and so forth), and this is fair to say since the security advisories include problems that relate only to modules.
The Apache 2.0.x stream is almost 6 years old now. IIS 6.0 has only been around for about a year or so.
It seems silly to count the number of security vulnerabilities in a new closed source product against a much older, more widely used, more complex, open source one.
Having said all of that, I feel the need to point out that secunia.org is really not a very trustworthy source of information. There are many known IIS 6.0 exploits that don't appear on that list.
For example:
IIS Information Disclosure
I just wanted to say that you really can't do such a comparison.
Well there's been some interchanging of "free" and "open" throughout the comment sections which I'm not sure is warranted since there's two different philosophies at work here in terms of software. But for all points and purposes I suppose I'll try and tackle both.
:)
Yes, GNU isn't interested in developing things which are not [or rather, cannot be] free from the ground up. That's why they don't endorse OpenOffice 2.0 or the Sun JDK [the former due to great use of the latter]. Sure, there was compromise at the beginning, what with having to develop GCC on some other compiler that wasn't free [if memory serves me right from "Revolution OS"], but the groundwork has been laid out and so there's nothing stopping the 'proper' development of free software now.
But the perceived issue here is in regards to the politics of open source and the lack of understanding of those mentalities when it comes to Windows users. Indeed, it's hard to change that mindset overnight; as a University student [and a CS major to add to that] I'm faced with enough "pay me for my work" peers that cannot even begin to understand the point of doing something for free [they believe no one will donate a penny given the choice]. There's also the ones that use Linux due to financial constraints but have no other affinity to the OS or the mentality.
I consider that neither of these groups can truly understand the nature of free and/or open source. While the world is happy enough with just one Richard Stallman, it cannot be denied that Linux is a movement that has more than just technological implications. Sure, it isn't communist [as it has been sometimes thrown around] but maybe some "technological marxism" [economically speaking] can be traced to it, and surely it bothers a lot of people.
Okay, kinda went off-topic there, apologies.
Windows OSS isn't a movement per-se. It's sprung as a by-product of the Linux/BSD OSS movements and lacks the drive or 'notoriety' characteristic to these. There's rarely any understanding of the core mentalities in most [read: average] Windows users and they'll look at anything free with incredulity at best and suspicion at worst.
The non-Windows community doesn't disregard WinOSS based solely on the non-free stack upon which it tries to function: yes, I think it is generally a matter of portability rather than anything else. Most OSS devs work in free environments because it feels more 'at home' to do so; and non-portable code does not interest them since they cannot benefit it.
The stack principle is valid in terms of free software; the mentioning of it here, when it comes to Open software, seems an indication of the lack of depth given to clearly understanding the difference between the two issues... wonder why you'd get shot down sometimes
Cheers!