You miss the point. With Eazel, the software doesn't cost money. The service costs money. If Microsoft came out and said "Office from now on will be free, but we have a service you can buy on a yearly basis to keep up-to-date", that would be a totally different story. All free software services are services in addition to the product - things that are (1) a commodity, because anyone can perform them, and (2) something that users would have trouble doing on their own.
Actually, the GPL means that software is to be treated like a commodity, and that software modifications and development are to be treated like a service. Proprietary software treats software ideas as a tangible thing, which you are allowed to use in certain ways only, if you pay a defined fee.
The market is stagnant. What new/brilliant/whatever features has any word processor put out in the last five years? The only new things I can think of are import/export filters, and a new document format that's incompatible with the old one. Word processors are essentially a commodity product now. The only problem is, there aren't being charged like one. Microsoft isn't the only one to blame, either. All of the proprietary word processors are like that. Anyway, the upgrade cycles on these things are nuts, and totally useless anyway.
What you need to do is find the business reasons that they want to switch. Is there something specific they want to be able to do that exchange allows? If not, then it is stupid to switch. If so, you need to find out
a) what the costs are to implement said functionality with exchange
b) what the costs are to implement said
functionality without exchange
Include all costs - hardware, software, licensing, support, man-hours of work, user training, sysadmin time on installation of outlook on all machines, server maintenance, scalability costs, etc.
The problem with most decisions is that the full costs are hidden. It's your job to bring them to light, and to show what the actual costs are. If they are willing to take those costs for the functionality they want, fine. Its your job to give it to them. However, if they don't know all of the options and their true costs, then that's your fault. If the have the knowledge an make bad decisions, there's nothing you can do.
I think you're missing how many clients 30 is. As far as hard-hitting clients go, 30 is a _huge_ number to have simultaneously. If you remember MathWorld, it served up 2 Gig worth of data per day, yet only had between 5 and 20 clients at any one time, most of which were downloading pictures, not pages. I'd say that we were probably getting about 3 page connections per second (I could be wrong, my data is obtained from watching a tail -f on a log file, and remembering the results).
Anyway, the number of tables you have depends greatly on the problem you are trying to tackle. If you've used SourceForge, you'll see that there is a whole lot of data displayed on each page. I would be more worried if he would have been able to get all of this from a single database query (could you imagine a table that would do that - yuch)
Actually, this probably means that the database was very well-designed. I have seen way too many databases that consisted of one to three tables. Most real-world databases require a whole lot more. Maybe you should also look at the page he is talking about before you comment. That page has a lot of functionality.
However, Nautilus works by having every thing as a bunch of small bits. It uses the mozilla embedded widget for HTML rendering (only loaded when needed), and basically has a generic plugin mechanism for all this stuff. So, consider Nautilus as two things
1) the basic program - very small, with a container and hierarchical architecture
2) a distribution consisting of the "Nautilus Program" and all of the program components that do nifty things.
I think the original comment was quite subjective, but one that I agree with. Let me continue it further -
Gnome has -
a) standardized on CORBA - an open standard
b) created many "core" libraries that can be used in text-only apps without the bloat of GUI libraries. libxml is an example. glib is probably the best example, because it allows object-oriented programming in C (well, 2.0 will), has an event loop abstraction, and covers for most of the missing pieces of the standard C library.
c) created using C (stable ABI) while still maintaining a _very_ object-oriented posture
d) allows the GUI of the program to be changed without a recompile using libglade (note - programs must explicitly _use_ libglade to get this feature, but as far as I'm aware it isn't available at all in KDE)
e) tends to support more methods of usage. This is very subjective, but KDE tends to say "use _this_ filemanager, use _this_ window manager", while GNOME tends to say, "here's the specs, use any file/window manager that fits - if you don't, that's okay, too, you just don't get all the features".
Those are the ones I can think of off the top of my head.
Why does it matter? Isn't that what schemas are for? Every connection to Postgres gets its own process, so what does it matter if rows are in the same database or not? Maybe the fact that you were splitting up your databases are because of limitations in Sybase, and not because of the inherent goodness of splitting. Please clarify your post, or clarify your understanding of PostgreSQL.
MySQL is gaining popularity because it is so fast. The reason it is so fast is because it supports almost none of the features that people want in a RDBMS. It really is only useful for small datasets. Now people are trying to use it for larger datasets and more complex things, and finding out that they really do need those extras that normally come with RDBMSs. Once those things finally get implemented in MySQL, it will be just as slow as any other database. So, for large datasets where manageability is an issue - go for PostgreSQL - MySQL will make it there eventually, but Postgres is there now.
PostgreSQL _IS_ a lot faster for some things, especially complicated selects. In addition, it has SERIALIZABLE transaction isolation support (email me if you don't understand how serializable differs from other transaction isolations), capable of views(why have a database without views?), allows you to create functions in PGSQL, C, or a few other languages, supports triggers and other wonderful things. For basic stuff, its not much slower than MySQL, and for complicated things, it is much faster. In all things, it is much more flexible.
You really need to think before posting. Most of the security compromises you list for Linux are _local_ compromises. That means, you must already have a shell to do them. If you have a shell on Windows, getting root is even easier, unless you have all of the security updates. When NT4 was first released, almost every kernel call did not do proper checking, and you could comprimise security with _any_ kernel call. As far as _network_ security goes, securing Linux is just like securing any other OS - you check the network programs. The way you secure the console is by simply removing unwanted SUID programs. With Windows, you can assume that if someone is at the console or telnetted in (which you _can_ do with the proper software), you should assume they have administrator priviledges. As far as security advisories, most Linux security advisories come from the people developing the code, not from being cracked. This means you get to secure your machine _before_ script kiddies get their hands on things. With NT, the advisories are normally based on someone actually being cracked. Please think before posting, and make sure you understand the topic at hand.
I'm not even trying to say "Linux is better than Windows" with this post. I'm just pointing out that your arguments are comparing apples to oranges (network security to local machine security, and published exploits to theoretical problems).
PPPLLLLLEEEEEAAASSSEEE - RedHat is a kitchen sink package. They include every good tool on the net, not all of which you need. It is trivial to get it installed into 400 Megs (including GNOME) if you want to. I have it installed on a laptop with only 600 Megs available.
That is an incorrect number. The correct number is between 150 and 200, most of them not actually bugs, but feature requests. The 2,000 number is the number of bugs found in _all_ RedHat releases (including betas) since they installed bugzilla (which was somewhere around 6.0. So, the real number is around 200, with most of those, not being bugs.
What is revolting about it? It would open up literature to be a discussion instead of static content. For example, lets say you wrote novel A (this being a _real_ work of literature with meaning) which had a dark, dreary view of the world. Then someone else, who disagrees with your view, rewrites your novel with a more optimistic tone, as a direct answer to the questions your novel poses. This would make the world of literature flowing and dynamic, and put a real conversation into literature, instead of just having stand-alone, static books. Also, wouldn't a great project for school be, rewrite the ending of novel X according to your own perspective.
I don't see the problem. Why shouldn't someone be allowed to paint a copy of the Mona Lisa with a different smile? Why not rework portions of Chaucer? As long as you don't claim to have written parts you didn't write (which open source forbids as well), I don't see the problem.
Actually, QA will make the total amount of effort on the developer less. Finding and fixing that bug now will be a whole lot easier than finding and fixing it in the future. If he spends 4 hour doing QA on it, it could save him 20 or 30 later on trying to figure out why an obscure bug keeps cropping up.
As stated,
1. Most people, even hackers, don't have the incentive or time to track down a bug in huge software products.
It doesn't take most. In fact, if just 1/1000 do this, you probably have more QA going than any commercial product with the same number of users.
2. Fixes made by people who aren't familiar with a code base are unreliable. Changing code is scary if you don't understand the code.
In commercial software houses, changes are made all the time by people who don't understand the code. Often times, the person who wrote the code left several years ago, and noone is really even sure it works completely with the latest library versions. However, with free software, projects tend to be much smaller, and so figuring out what is going on is fairly trivial (I found a problem in inetd in under an hour - it ended up not being a bug, but a feature I didn't know about). Big projects (like Oracle Applications) are riddled with bugs, and without the source, your company is dead in the water waiting for the benevolent company:) to make a fix.
3. Most people who touch OSS code don't do regression testing. Heck, most OSS doesn't have test suites available.
This is your only good argument. We do need a
generic regression-testing interface. Number of
hours of QA time (mentioned by others responding to the article) is a really bad metric. Having
well-defined test-cases to run all the time is
a good thing. However, currently most free software is pretty good about being backward compatible. This is probably because there are enough users willing to put time into keeping them that way.
4. Many "bugs" end up being differences of opinion or simply a user not understanding things properly. Jumping in and fixing those is bad.
You are correct. A better fix is a configuration option (which is mostly how its done).
Anyway, as I said, we need a good test suite. Now, some programs have excellent regression testing available, but noone has done a decent generic library for it. Examples of good regression tested programs are:
If you expect your users to be braindead, then the security measures won't add any security. The OpenPGP standard with the "web of trust" was made so that doing PGP would be as simple as the conceptual model (i.e. - you don't have to do anything "special" just because the coders were too lazy to do it for you), but it didn't make anything insecure. If users have a simple "secure my email" flag set, then they will have a false sense of security by setting it.
The web of trust security model makes key exchanges fairly simple and transparent - all you have to know is one or two known good keys, and everything else is all set. In addition, you can verify keys without copying the whole thing, just ask for a "fingerprint", which is a shortened version that is useful for identification.
Security requires both knowledge and time. If you or your users are not willing to put up with that, then just accept doing things in an insecure fashion. There's nothing wrong with that. But there is something wrong with giving a user a false sense of security. Let the user choose - take the time and effort to be secure, or save time and effort, and be willing to take responsibility when your emails are intercepted.
Have you ever tried modular development? The best way to do it is to make several modules, and make sure they all work. It makes sure that you don't have any false assumptions. Now, making it work with these doesn't PROVE that it is sufficiently modular, but without doing such development, it would be impossible to even attempt it. Personally, I'm not at all a fan of XUL. I wish the Mozilla team had focused on the browser as a component, and let other existing programs be used for mail and such. However, being as I'm not a developer (although I have done some testing and bug reporting), I have very little room to talk. I am actually quite impressed with the amount of progress Mozilla has made. I think its unfortunate that many people look at Mozilla as a failure. In fact, it is a great success! Some people are upset that it didn't ship in time. Well, as everyone knows, great products take time, and they'll ship when they are ready!
Yes, 4.X used less cycles. However, you had to wait for the WHOLE FREAKIN PAGE WITH ALL ITS GRAPHICS to load in order for it to display anything. However, with Mozilla, it progressively renders as it loads. Therefore, it uses more clock cycles, but it renders faster. In NS 4.x, it sat around in a wait state, but in Mozilla, it
is actually doing something. I've been using Galeon for a while, and it loads about as fast as NS, and the page loads are much faster.
Slashdot Mirror
You miss the point. With Eazel, the software doesn't cost money. The service costs money. If Microsoft came out and said "Office from now on will be free, but we have a service you can buy on a yearly basis to keep up-to-date", that would be a totally different story. All free software services are services in addition to the product - things that are (1) a commodity, because anyone can perform them, and (2) something that users would have trouble doing on their own.
Actually, the GPL means that software is to be treated like a commodity, and that software modifications and development are to be treated like a service. Proprietary software treats software ideas as a tangible thing, which you are allowed to use in certain ways only, if you pay a defined fee.
The market is stagnant. What new/brilliant/whatever features has any word processor put out in the last five years? The only new things I can think of are import/export filters, and a new document format that's incompatible with the old one. Word processors are essentially a commodity product now. The only problem is, there aren't being charged like one. Microsoft isn't the only one to blame, either. All of the proprietary word processors are like that. Anyway, the upgrade cycles on these things are nuts, and totally useless anyway.
What you need to do is find the business reasons that they want to switch. Is there something specific they want to be able to do that exchange allows? If not, then it is stupid to switch. If so, you need to find out
a) what the costs are to implement said functionality with exchange
b) what the costs are to implement said
functionality without exchange
Include all costs - hardware, software, licensing, support, man-hours of work, user training, sysadmin time on installation of outlook on all machines, server maintenance, scalability costs, etc.
The problem with most decisions is that the full costs are hidden. It's your job to bring them to light, and to show what the actual costs are. If they are willing to take those costs for the functionality they want, fine. Its your job to give it to them. However, if they don't know all of the options and their true costs, then that's your fault. If the have the knowledge an make bad decisions, there's nothing you can do.
Isn't Informix based on an old version of Postgres?
Anyway, the number of tables you have depends greatly on the problem you are trying to tackle. If you've used SourceForge, you'll see that there is a whole lot of data displayed on each page. I would be more worried if he would have been able to get all of this from a single database query (could you imagine a table that would do that - yuch)
Actually, this probably means that the database was very well-designed. I have seen way too many databases that consisted of one to three tables. Most real-world databases require a whole lot more. Maybe you should also look at the page he is talking about before you comment. That page has a lot of functionality.
NS6 actually has its own CVS branch. It is maintained somewhat independently.
FYI - those are just threads. Mozilla runs multithreaded, and PS lists them all as processes. Just in case you didn't know
However, Nautilus works by having every thing as a bunch of small bits. It uses the mozilla embedded widget for HTML rendering (only loaded when needed), and basically has a generic plugin mechanism for all this stuff. So, consider Nautilus as two things
1) the basic program - very small, with a container and hierarchical architecture
2) a distribution consisting of the "Nautilus Program" and all of the program components that do nifty things.
I think the original comment was quite subjective, but one that I agree with. Let me continue it further -
Gnome has -
a) standardized on CORBA - an open standard
b) created many "core" libraries that can be used in text-only apps without the bloat of GUI libraries. libxml is an example. glib is probably the best example, because it allows object-oriented programming in C (well, 2.0 will), has an event loop abstraction, and covers for most of the missing pieces of the standard C library.
c) created using C (stable ABI) while still maintaining a _very_ object-oriented posture
d) allows the GUI of the program to be changed without a recompile using libglade (note - programs must explicitly _use_ libglade to get this feature, but as far as I'm aware it isn't available at all in KDE)
e) tends to support more methods of usage. This is very subjective, but KDE tends to say "use _this_ filemanager, use _this_ window manager", while GNOME tends to say, "here's the specs, use any file/window manager that fits - if you don't, that's okay, too, you just don't get all the features".
Those are the ones I can think of off the top of my head.
Why does it matter? Isn't that what schemas are for? Every connection to Postgres gets its own process, so what does it matter if rows are in the same database or not? Maybe the fact that you were splitting up your databases are because of limitations in Sybase, and not because of the inherent goodness of splitting. Please clarify your post, or clarify your understanding of PostgreSQL.
MySQL is gaining popularity because it is so fast. The reason it is so fast is because it supports almost none of the features that people want in a RDBMS. It really is only useful for small datasets. Now people are trying to use it for larger datasets and more complex things, and finding out that they really do need those extras that normally come with RDBMSs. Once those things finally get implemented in MySQL, it will be just as slow as any other database. So, for large datasets where manageability is an issue - go for PostgreSQL - MySQL will make it there eventually, but Postgres is there now.
PostgreSQL _IS_ a lot faster for some things, especially complicated selects. In addition, it has SERIALIZABLE transaction isolation support (email me if you don't understand how serializable differs from other transaction isolations), capable of views(why have a database without views?), allows you to create functions in PGSQL, C, or a few other languages, supports triggers and other wonderful things. For basic stuff, its not much slower than MySQL, and for complicated things, it is much faster. In all things, it is much more flexible.
You really need to think before posting. Most of the security compromises you list for Linux are _local_ compromises. That means, you must already have a shell to do them. If you have a shell on Windows, getting root is even easier, unless you have all of the security updates. When NT4 was first released, almost every kernel call did not do proper checking, and you could comprimise security with _any_ kernel call. As far as _network_ security goes, securing Linux is just like securing any other OS - you check the network programs. The way you secure the console is by simply removing unwanted SUID programs. With Windows, you can assume that if someone is at the console or telnetted in (which you _can_ do with the proper software), you should assume they have administrator priviledges. As far as security advisories, most Linux security advisories come from the people developing the code, not from being cracked. This means you get to secure your machine _before_ script kiddies get their hands on things. With NT, the advisories are normally based on someone actually being cracked. Please think before posting, and make sure you understand the topic at hand.
I'm not even trying to say "Linux is better than Windows" with this post. I'm just pointing out that your arguments are comparing apples to oranges (network security to local machine security, and published exploits to theoretical problems).
I think you're mistaken. That's 2000 FIXED bugs, and 150 new bugs.
PPPLLLLLEEEEEAAASSSEEE - RedHat is a kitchen sink package. They include every good tool on the net, not all of which you need. It is trivial to get it installed into 400 Megs (including GNOME) if you want to. I have it installed on a laptop with only 600 Megs available.
That is an incorrect number. The correct number is between 150 and 200, most of them not actually bugs, but feature requests. The 2,000 number is the number of bugs found in _all_ RedHat releases (including betas) since they installed bugzilla (which was somewhere around 6.0. So, the real number is around 200, with most of those, not being bugs.
What is revolting about it? It would open up literature to be a discussion instead of static content. For example, lets say you wrote novel A (this being a _real_ work of literature with meaning) which had a dark, dreary view of the world. Then someone else, who disagrees with your view, rewrites your novel with a more optimistic tone, as a direct answer to the questions your novel poses. This would make the world of literature flowing and dynamic, and put a real conversation into literature, instead of just having stand-alone, static books. Also, wouldn't a great project for school be, rewrite the ending of novel X according to your own perspective.
I don't see the problem. Why shouldn't someone be allowed to paint a copy of the Mona Lisa with a different smile? Why not rework portions of Chaucer? As long as you don't claim to have written parts you didn't write (which open source forbids as well), I don't see the problem.
Actually, QA will make the total amount of effort on the developer less. Finding and fixing that bug now will be a whole lot easier than finding and fixing it in the future. If he spends 4 hour doing QA on it, it could save him 20 or 30 later on trying to figure out why an obscure bug keeps cropping up.
It doesn't take most. In fact, if just 1/1000 do this, you probably have more QA going than any commercial product with the same number of users.
2. Fixes made by people who aren't familiar with a code base are unreliable. Changing code is scary if you don't understand the code. :) to make a fix.
In commercial software houses, changes are made all the time by people who don't understand the code. Often times, the person who wrote the code left several years ago, and noone is really even sure it works completely with the latest library versions. However, with free software, projects tend to be much smaller, and so figuring out what is going on is fairly trivial (I found a problem in inetd in under an hour - it ended up not being a bug, but a feature I didn't know about). Big projects (like Oracle Applications) are riddled with bugs, and without the source, your company is dead in the water waiting for the benevolent company
3. Most people who touch OSS code don't do regression testing. Heck, most OSS doesn't have test suites available.
This is your only good argument. We do need a generic regression-testing interface. Number of hours of QA time (mentioned by others responding to the article) is a really bad metric. Having well-defined test-cases to run all the time is a good thing. However, currently most free software is pretty good about being backward compatible. This is probably because there are enough users willing to put time into keeping them that way.
4. Many "bugs" end up being differences of opinion or simply a user not understanding things properly. Jumping in and fixing those is bad.
You are correct. A better fix is a configuration option (which is mostly how its done).
Anyway, as I said, we need a good test suite. Now, some programs have excellent regression testing available, but noone has done a decent generic library for it. Examples of good regression tested programs are:
- gcc
- Perl
- some Perl modules
Anyway, thats just my two centsIf you expect your users to be braindead, then the security measures won't add any security. The OpenPGP standard with the "web of trust" was made so that doing PGP would be as simple as the conceptual model (i.e. - you don't have to do anything "special" just because the coders were too lazy to do it for you), but it didn't make anything insecure. If users have a simple "secure my email" flag set, then they will have a false sense of security by setting it.
The web of trust security model makes key exchanges fairly simple and transparent - all you have to know is one or two known good keys, and everything else is all set. In addition, you can verify keys without copying the whole thing, just ask for a "fingerprint", which is a shortened version that is useful for identification.
Security requires both knowledge and time. If you or your users are not willing to put up with that, then just accept doing things in an insecure fashion. There's nothing wrong with that. But there is something wrong with giving a user a false sense of security. Let the user choose - take the time and effort to be secure, or save time and effort, and be willing to take responsibility when your emails are intercepted.
Have you ever tried modular development? The best way to do it is to make several modules, and make sure they all work. It makes sure that you don't have any false assumptions. Now, making it work with these doesn't PROVE that it is sufficiently modular, but without doing such development, it would be impossible to even attempt it. Personally, I'm not at all a fan of XUL. I wish the Mozilla team had focused on the browser as a component, and let other existing programs be used for mail and such. However, being as I'm not a developer (although I have done some testing and bug reporting), I have very little room to talk. I am actually quite impressed with the amount of progress Mozilla has made. I think its unfortunate that many people look at Mozilla as a failure. In fact, it is a great success! Some people are upset that it didn't ship in time. Well, as everyone knows, great products take time, and they'll ship when they are ready!
Yes, 4.X used less cycles. However, you had to wait for the WHOLE FREAKIN PAGE WITH ALL ITS GRAPHICS to load in order for it to display anything. However, with Mozilla, it progressively renders as it loads. Therefore, it uses more clock cycles, but it renders faster. In NS 4.x, it sat around in a wait state, but in Mozilla, it
is actually doing something. I've been using Galeon for a while, and it loads about as fast as NS, and the page loads are much faster.