Slashdot Mirror
Oracle Attacks Open Source; Says Community-Developed Code Is Inferior
sfcrazy writes "Oracle has a love-hate relationship with open source technologies. In a whitepaper (PDF) for the Deparment of Defense, Oracle claims that TCO (total cost of ownership) goes up with the use of open source. They're essentially trying to build a case for the use of their own products within the government. 'The skill required to successfully and economically blend source code into a commercially viable product is relatively scarce. It should not be done directly at government expense.' Oracle also attacks the community-based development model, calling it more insecure than company developed products. 'Government-sponsored community development approaches to software creation lack the financial incentives of commercial companies to produce low-defect, well-documented code.'"
That is the most insulting demonstration of hubris from Oracle I have seen in a very long time.
Can't we just call them advertisements like the waste of time they truly are?
the pot calling the kettle black
Larry, wake the fuck up you dumbass.
Half your product line was developed through open source programmers.
Stupid mother fucker...
Wasnt the kernel of their unbreakable linux open source as well?
If an experiment works, something has gone wrong.
And just what fraction of Java was community-developed?
As usual, when a company makes this kind of claim, my first thought is 'yeah right', and my second though is that it's mostly FUD to convince people to buy the crap you make.
And, if my limited exposure to Oracle Beehive and a few other things means anything ... Oracle can produce some major-league shit code on their own. That stuff was complete garbage, wasn't even what I'd call a beta, but it was being sold as if it was solid and ready for business.
Lost at C:>. Found at C.
You said "Government-sponsored community development approaches to software creation lack the financial incentives of commercial companies to produce low-defect, well-documented code."
What you really meant was "Unlike proprietary, hidden commercial code, Government-sponsored back doors in software can't be found in the traditional, open-source, many-eyes, well-documented code.
But that probably doesn't rake in the profits, does it?
Support FSF: Stop thinking with your wallet, and think with your imagination. (cc/non-commercial)
There are many other types of incentives and I have rarely done my best work for strictly financial ones. When contributing to an open source project you have to think that somewhere someone will look at the code you write and have the ability to publicly shame you if you do something truly stupid. Standing, respect, whatever you want to call it, is a big motivator for many people. If the same thing happens in many businesses there *may* be consequences, but often as long as it works well enough to collect the customer's money it ships. Personally, I've found more fugly code turds in various closed source projects than I've touched than in the open source world.
Go decompile some oracle fusion middleware java code sometime. I assure you that what you find will not inspire confidence.
First they ignore you, then they laugh at you. Then they fight you, then you win.
As we will see, total cost of ownership (TCO) for open source software often exceeds that of commercial software. While minimizing capital expenses by acquiring “free” open source software is appealing, the up front cost of any software endeavor represents only a small fraction of the total outlay over the lifecycle of ownership and usage.
I had a similar discussion once with an engineer. We were looking at the numbers and I doubted some of the numbers. the engineer replied, "Well, that number came from somewhere!"
Me: "Yeah, out of someone's ass!"
Financial numbers are not physical constants where there's empirical evidence to back it up like say 'g'.
And the thing is, there aren't necessarily lies. You can apportion costs in many different ways and still adhere to FASB and to IRS rules.
tl;dr: Let me at those numbers and I'll prove that any Oracle solution costs way more than any F/OSS solution - and it'll pass FASB and IRS muster.
Open-source documentation is like an insomniac cat. Theoretically it exists somewhere, but no one's ever seen it.
And remember, in this paper Oracle is pandering to risk-averse goverment "managers" in order to get money from them.
Don't forget the open-source MySQL, which was of such good quality Oracle purchased it for a HUGE amount of money, despite already having a database product (as their primary product no less!).
when you are silly enough to buy it from Oracle. Several shops, I am aware of, are dropping Oracle Linux because their support is worse than useless.
It almost seems that they are trying to prove open source doesn't work by supporting it so badly.
"To those who are overly cautious, everything is impossible. "
Oracle: "We're buying Sun. Next step is to dismantle (MySQL,) close (Solaris, Java,) dissolve (OpenOffice) and generally disrupt all of Sun's open source properties that we can."
Community: "What? You can't do that!"
Oracle: "Watch us!"
Community: "Well, we'll just fork it."
Oracle: "S---! The forks (MariaDB, Percona, OpenIndiana, LibreOffice) and their pre-existing competitors (Linux, FreeBSD, Dalvik) are getting more popular than our versions! READY THE FUD CANNONS!"
Says the company that borrows from an open source project and puts the word "unbreakable in front of it..... In any case I suppose their point is supported by the fact that current government spending on proprietary software is soooo efficient. :S
Community developed code is insecure! Community developed code is inferior! Open source must be exterminated! Exterminate! Exterminate!
Of course in the show the Daleks are supposed to be a huge threat, but they're also kind of laughable. Slow, clumsy, thrown together using whatever crap happened to by lying around at the time.
So i guess that kind of fits Oracle and its software as well.
This Space Intentionally Left Blank
Do you expect them to say open source has a lower TCO? They are bidding/positioning themselves for contracts. If you were a real estate agent on a client interview and asked about a competitor, would you give them a glowing review? I doubt it.
There are many factors which contribute to TCO and the code itself is just one piece.
Security, both OpenSource and Oracle have fallen short in this area. In some cases Oracle has left security bugs sitting for a very long time. Sometimes until called on it publicly. However, with open source your relying on the code maintainers to put in a fix quick. Alot of times they do but that depends on the software and how actively supported it is. Sure, you can modify the code yourself but that affects TCO.
We have both Oracle and open source software in house. Based on our experiences i'm not sure that the open source software has a lower TCO than its more commercial alternative. The upfront costs to open source are cheaper but the long term support costs were higher. Before I get flamed, i'm talking about a particular open source product. Since i'm posting from work i'll leave specifics out of it. But the point is, just because its open source doesn't always mean overall TCO is lower. You have to do the analysis on a product by product basis and factor in both upfront and long term costs.
"Thanks to the remote control I have the attention span of a gerbil."
wouldn't Java be a example of the contrary to this?
Yes, but not the best one. The best would be Oracle's database. Despite the fact that Oracle Database Server is not the result of a 'community-based development model,' the product has a long, ugly history of vulnerabilities. For some reason it fails to be composed of 'low-defect code,' despite apparently having all the best financial incentives. The list of vulnerabilities is long and grows regularly.
The only reason Oracle Database Server has never been the victim of a SQL Slammer type exploit is that it is so expensive that most instances exist only well behind corporate and government firewalls that, if not well maintained, at least exist. Many SQL Server admins apparently don't believe in firewalls.
However, [Solaris] is more of Sun's creation than Oracle's.
Likewise with Java.
Lurking at the bottom of the gravity well, getting old
As a user of both Open source software and Oracle products, I can say that, at least with Open source you're well prepared for the complete lack of support when a major issue arises. With Oracle, often you're not only surprised by the lack of support, but the fact that their support structure often leads you in the completely wrong direction, usually to squeeze consulting services fees out of you.
You say that as if it doesn't apply to proprietary software as well. Your metric is stupid and if you think it's a good way of measuring, you are stupid. Make no doubt about it: Sturgeon's Law applies to most everything, including proprietary software and FOSS. And it's amazing what kind of garbage people will pay lots of money for in niche usage.
This is my signature. There are many like it, but this one is mine.
If it was good enough that the market was choosing it as an alternative to Oracle (to the tune of $1billion), I think that's pretty good proof of quality right there (at least as far as the end users' TCO was concerned).
They are obviously struggling with how to handle both MySQL and the open source community...
We've been using MySQL as a very small part of our application; in fact so small that SQLite could have done the job. Because of licensing costs we decided to move to MariaDB and this is the email we got when they understood what was happening:
I was a little surprised to be honest with your decision of no longer using MySQL as a platform for your 5 modules and the fact that XXX is currently looking at different forks like MariaDB, PostgreSQL or other MySQL Forks.
I want to raise awareness on the impact this change will have on your business and also on the risk XXX will be facing when working with freeware technology DB, as it is important for Oracle to make sure all our partners understand the terms and conditions of distribution in which concerns embedding GPL Software.
I know MariaDB and also PostgreSQL – due to the difference in our business models, Oracle cannot offer similar unlimited usage pricing plans.
Nevertheless, before we move forward I would like to share some general business concerns I hear from other companies similar like yours that have previously looked into PostgreSQL, MariaDB, and other MySQL forks.
About any Open Source GPL-Licensed software: (e.g. RedHat Linux or MySQL Community Edition):
- Anyone can fork the software and rebrand it (e.g. Oracle Linux is fork of RHEL; MariaDB, SkySQL, PostgreSQL are forks of MySQL)
- Anyone can sell Support/Training/Consulting for GPL-licensed software
About Embedding GPL-licensed software:
- Embedding a GPL-licensed component makes the entire product to become "infected", and the entire product (including source) must be released under GPL and must be given back to the community. (e.g. MariaDB embedded within your application results in returning the code of the entire product to the open source community)
Before considering a fork, please answer these questions for yourselves:
1.1. Risk of Lock in
Do you want to get locked into an unstable fork of MySQL from a 3rd party?
Can the forks keep up with the MySQL releases (features, bug fixes, etc.)
What happens when the latest MySQL releases are not compatible with forks?
1.2. Lack of Engineering Resources
How many people are dedicated to Product Development of the fork?
How many engineers do they have working on InnoDB, Replication?
Can they deliver bug fixes for InnoDB, Replication, High-Availability etc. on a timely basis?
1.3. Risk of Software Quality
Are their patches extensively tested by millions of users like MySQL?
Do you want your production system to be the test bed for 3rd party patches?
Can they deliver bug fixes on a timely basis?
1.4. Commercial Licenses for OEM/ISVs
When you need a commercial license, who is going to help you?
1.5. Lack of Support Resources
How many people are in their Support Team vs. MySQL/Oracle?
Do they have the resources to service multiple large customers simultaneously?
What happens when they are unable to escalate a bug/feature directly to the MySQL Engineering Team?
1.6. Risk of Financial Viability
How long have they been in business?
Who are their reference customers?
Are their businesses financially sustainable?
Are you, your investors and customers comfortable having Indra Navia using a replica fork product? We will not be the cheapest but I am sure we can negotiate a good structure for you based on the history behind your relationship with MySQL; plus you will deal with the source.
Are you OK to continue?
The question is who you want to pay, and what you want the cost model to be. That is, if it's something with both an FOSS and COTS option.
If you want to pay a vendor a fee, typically based on capacity + professional services, go that way.
If you want to use a FOSS technology, and pay only for professional services, go that way.
Generally I think the FOSS model is much better for customers, because:
1) The customer can scale the business without additional licensing costs.
2) The customer has the flexibility to choose any vendor (or internal staff) to do the work.
So, for example, my last startup grew to 70m users on FOSS software, with hundreds of servers, with only physical server, hosting and bandwidth costs (plus a small dev team, which I would need in any case). If I'd used a licensed OS, database, etc., that cost would have made my business not viable.
Enable 3D printed prosthetics!
There is masses of half-assed, broken, wretched and downright brain-damaged open source code out there, and anyone who claims otherwise doesn't know what they're talking about. Much of it is written as a quick and dirty hack to solve an individual's problem and then released, with scant regard to long term maintainability. Yes, there are some gems, but they are hidden amongst many many times more garbage. The good thing is you can fix it, if needed, and the software will evolve. But typically commercial software has gone through that process several times before it gets to market, because despite what people here may say about microsoft, not many people will pay good money for completely broken crap that doesn't work.
Many companies have paid ridiculous amounts of money for code that doesn't work, particularly custom and semi-custom code. The NHS in the UK scrapped a >10 billion GBP - that's 16 billion USD - national healthcare system. Vertical integrators that have a stranglehold on certain professions are often full of horrible, horrible code. Insane amounts of spaghetti code have been made by cheap outsourcing companies to go into "commercial software". Closed source has its gems. Open source has its gems. But as a broad generalization it's the pot calling the kettle black, both have a huge spread. Often it's just good vs better or bad vs less mediocre and the question to pay or not depends on whether a $50k+ worker could be 1% more effective - that's $500 - with that tool or not.
Personally I find there's a difference of layers, closed source software doesn't sell unless it looks good on the surface with user interface and hand-holding documentation, comes with buzzword compliance, feature checklists and fancy demos of the capabilities. Open source is more grab it, put it through its paces and see if it works for you. Doesn't have to be so pretty to look at, but be a solid workhorse with detailed technical documentation but often a high learning curve. It's usually more about manpower though than anything else, often you realize there's five open source developers trying to compete with a hundred closed source developers and it's not so much a better of the quality of the coders but simply about being outgunned.
Live today, because you never know what tomorrow brings
How do you know there have been "very few major vulnerabilities in SQL Server since 2005"? It's closed source.
What you meant to say is "publicly revealed vulnerabilities". Big difference.
not many people will pay good money for completely broken crap that doesn't work.
That's exactly what corporate people do all the time. Salespeople blitz into big corporation/government manager's offices and sell a bill of goods. The managers are hardly competent enough to know if anything is any good. Then later when staff complains the same salespeople are back to sell upgrades or consulting.
That sounds far more like a bug in YaCY than in Java itself, since it does not affect the ability to run other Java programs.... It seems to simply be an example of software doesn't know how to recover after certain type of previous runtime failure.
File under 'M' for 'Manic ranting'
There have been many third party studies on code quality for large open source and closed source projects. Having worked on both kinds of projects I think you really overestimate the code quality of closed source. A lot of it is simply horrid.
There have been many third party studies on code quality for large open source and closed source projects. Having worked on both kinds of projects I think you really overestimate the code quality of closed source. A lot of it is simply horrid.
And one of the reasons it *can* be horrid is that it's closed. There's no peer review, and certainly no customer review.
We used to get crap from a vendor that it'd cost huge amounts of money and resources to correct significant, obvious errors in their product. We would tell them "Send us the code. We'll fix it and send it back". And we meant it. For one issue, our admin team sent *them* code, saying "we think this is what you're doing. This other code is what you should be doing." (The problem was fixed, even after they said it'd be too much trouble.) The move to open source was precisely due to frustration with basic, stupid errors that we couldn't fix because we didn't have source.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
What I've found over the years is, just because you get paid to develop code for someone doesn't mean you crap unicorns and daisies. I've also found that all of the installations I've run across that were running Oracle (or DB2) really didn't need to be running Oracle or DB2. It's been overkill for every position I've worked at. Of course, they end up needing it anyway because of their crappy table design and because they're afraid to ever throw anything away when they're done with it. But if they'd been paying attention to their business process and designing their tables correctly, they could have saved themselves a LOT of money with a copy of postgres running on some Linux box somewhere!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Exactly. It took debian about 2 years to find that the package maintainer had screwed up the version of OpenSSL that was included in the distribution.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
i will always chose an inferior product over a company that is going to fuck me over every once in a while even though i pay them huge amounts of money. oracles business model depends on curruption, cronyism and customers not knowing shit and thats just despicable.
The patches for these issues are intentionally withheld from their products until you encounter them, many of them have existed and have patches for them for several years. Its intentionally crippled code.