I think that the key issue that Microsoft may be working towards is a move away from a single product (i.e. a "basic" collection of Word, Excel, and PowerPoint) into an actual service -- a complete solution of services that not only let you do the basic job, but also to complete the various tasks that go along with it, to help businesses manage the entire workflow.
Good point/insight! Actually, I thought this open-format strategy was geared towards avoiding the "perils" of OASIS and FOSS migration (see my earlier post), but I realize you're right on the mark: Microsoft wants to move in on the content-management arena. This is preventive action against OASIS and turf war with Enterprise Content Management solutions and third-party vendors. Also, I think it's important to say this again: Microsoft Office dominates the corporate landscape because it sits in an eco-system of third-party content-management software for which there are no open-source alternatives, so no, OpenOffice will not take over the world, until alternatives for ECM exist, because there's no integration with content-management software to reduce paper work. The office desktop isn't about John Doe, the solitary user and his files. "It's the workflow, stupid!" So, in a nutshell, Microsoft is moving in for the kill, raising the bar for competitors, and with FOSS ECM solutions not even on the horizon, I think it's almost Game Over, unless independent software vendors move quickly (which makes me wonder: is Mono understaffed? Why aren't enterprises putting money on Mono-based ECM solutions? Don't they see that it's the Royal Road to migration? Don't they see that either you provide tools to integrate office apps with content management or there is no open-source corporate desktop!)
Sure, OpenOffice is great, but commercial enterprises will stick with commercial solutions for which there is support.
I don't exactly get what you mean by support. My impression from the people and businesses I know personally is that Microsoft Office format is a big success not because of "support", but because there's a wealth of products built around it by third parties.
These 3rd-party products are crucial for the enterprise, stuff like Eletronic Content Management, being able to create document workflow and revision systems, and groupware. All this stuff integrates seamlessly with the Windows desktop and the Windows office applications. In any enterprise with a huge amount of paper and workflow, document management systems are a necessity. This is point OpenOffice proponents frequently forget: office applications are not about just the single desktop user but they are also about integrating seamlessly in an eco-system of content management software provided by theird-parties and accessing legacy documents. For instance, in my country, Brazil, legislation demmands that certain financial documents be stored for a period that outruns any document format you might have seen. This means people have to migrate very old sofware document records.
This is an area ISV working on open-source platforms could explore, an unexplored niche market. AFAIK, not even COLD solutions exists and COLD goes way back decades (ever since computers started processing bills.) And there are no equivalents of proprietary software in the open-source market (this shows you that open source developers are sometimes out of touch with their would-be customer base). People are developing groupware, but there are no ECM (Enterprise Content Management) solutions. Groupware, ERM, and ECM are the bulk of enterprise software.
If only the open-source community would take something like OpenOffice, or further develop AbiWord (which has nice plug-in functionalities), and integrate these with Mono, you would have made a serious dent in the Windows dominance. I mean, who wouldn't want to avoid expensive per-seat Microsoft licenses, plus per-seat ECM licenses? And software houses that provide ECM solution (e.g., the market leader OnBase) work with year-round support and customization, and we know this is a way of doing business that is viable for open-source (of course, they have per-seat licenses).
BTW, I really mean Mono, and not Java. Java is not an alternative on the long term, not only because of the Java's proprietary nature, but because Mono is gearing itself towards Windows-*Nix interoperability, to the point where software build with Windows.Forms will work on Mono. Additionally, having to depend on Sun's finances is a a suicidal investment of resources.
But open-source has major hurdles: it nees to standardize on OpenGroup and LSB That is to say, the Free Standards Group has to advanced by libre *Nix distros and vendors, so that software developers have an easier time with all the distros. De Icaza wrote something about this in this essay. Linux distros need to be reliable in terms of time frame for releases (which the commercial ones are), too.
My feeling is that Microsoft has foreseen a trend going against its closed-source format (OASIS, the Massachusetts imbroglio) and anticipated any possible open-source incursion in the field of content management. If these formats are truly opened, they've raised the bar for the arguments of any future switching to FOSS platforms+OO.org solutions (because, right now, as I've argued, there are no FOSS replacements for content management for the enterprise AFAIK, and there's a huge amo
Well, the difference is that noone pays us Debian Developers to do the work.(...) I'm sure that if you volunteer to do all the security fixes for 4-5 years, noone would mind too much
So? Anybody pay FreeBSD, OpenBSD? Yeah, some sponsors do, but that's because of their organizational skills, which shows up in code and release engineering cycle too, by the way, allows someone like Theo to live of his free software work.
As to participating in Debian: it's too cumbersome to get into Debian. In other free software distros it's more organic: you show up and to the work and you get commit status. In Debian, it's a fucking burocracy. Even Stallman gave up.
Want to know what's really bad for Debian: people don't have committer status, they have developer status. So they think they're above human. When people complain about Debian falling short, they whine they're not paid. Why don't you go work for Ubuntu? You'll get paid there.
"If there aren't any RC bug reports it gets included"
Yeah, little know fact for people who don't follow Debian, because Debian fanboys are quick to excuse Debian's every mistake. Also, watch another part of the Debian QA, the "Debian Bug Squashing Party." I mean, seriously...
There really aren't any "BSD zealots". We're all resigned to the fact that slashdot doesn't give us the same air-play as any Linux news (...) Our stuff works, we don't need to defend it
Exactly. And let me explain myself here: my comment was about the majority of Debian developers. This is not to say that Debian isn't a good distro. But they need to get their act together. What angers me is people using the "so many platforms" excuse for the mishandling and mismanagement of Debian, because you look at any BSD project, and you see a lot more systems programming (and done right!) than in Debian. These are the facts. And BSD people know this. That is why you don't hear much about BSD. They don't care to advertise much, while Linux gets all the hype, because of the huge corporate backing. They also get a lot more of kernel exploits per year. Why management doesn't see this says a lot about management. Debian, OTOH, is allowed to get away with ridiculous excuses. Once upon a time we, 3 guys and me, started a local Debian LUG. One of them was a Debian developer. To this day, I can't get over the moronic things this guy used to say. He couldn't even program a linked list in C, but his ego was so big you had to get out of the room.
I didn't to a search on them but I've never heard of Debian guys hacking on TCP stack, OpenSSH (*), or creating something like CARP to subsitute Cisco routers, or BSD sockets. Debian has thousands of so called developers.
(*) Question is, did you write the original code and start the original project?
I've never heard of Debian guys hacking on TCP stack, SSH, or creating somethiong like CARP to subsitute Cisco routers, or BSD sockets. Debian has thousands of so called developers.
Your argument is highly flawed, it's not even logical. Furthermore, it's been proved wrong in real life. Here's why: 1) Sure, GCC, and system-programming stuff is very platform specific. OTOH, we already have GCC for a whole buch of "minority platforms". Are you suggesting to just drop this ?! GCC isn't used used only in the RedHat corporate environment only, you know? Need I remind you of other uses, like scientific applications?
2) So, if systems-programming tools are by nature very specific, I guess you would have to agree the userland apps need not be. So, this means: write clean, portable code. I guess this means that you can provide interoperability between different flavors of Unix if you're not lazy. The problem I have with my OpenBSD box is that every now and then I have problems with software written for Linux, just out of ignorance. So I keep a Debian box around to get things done. Even the original GNU software FSF claims makes "GNU/Linux" is highly portable. So all Ulrich-derived arguments and their offsprings are non-sequiturs.
3) And real life disproves you: all BSDs have written a Linux Binary compatibility layer that maps glibc onto their c libraries. Even the original GNU software FSF claims makes "GNU/Linux" is highly pottable. So all Ulrich-derived arguments and their offsprings are non-sequiturs.
What Ulrich should be really worried about is why is it that independent software vendors suffer from package-building hell, and what's RedHat gonna do about the LSB and the Open Group working teams for interoperability.
The only thing I agree with him is that support for proprietary systems should be dropped. They should be left on their own.
glibc is one of the main reasons why Linux application deployment sucks in major (read: heterogenous) installations.
This is what Marc Espie, an OpenBSD developer said about Ulrich on O'Reilly's OnLamp (commenting the proactive measures OpenBSD takes in C programming vs. Ulrich's "Linux programmers are geniuses" view):
"We have had a lot of success explaining the issues and getting a lot of people to switch from strcpy/strcat to strlcpy/strlcat.
Weirdly enough, the Linux people are about the only major group of people that has constantly stayed deaf to these arguments. The chief opponent to strlcpy in glibc is most certainly Ulrich Drepper, who argues that good programmers don't need strlcpy, since they don't make mistakes while copying strings. This is a very mystifying point of view, since bugtraq daily proves that a lot of Linux and free software programmers are not that bright, and need all the help they can get.
(Considering the shining, flaming personality of Drepper, and the fact that he is always Right, this is not that surprising, though)."
AFAIK, it's not OpenBSD people who do the porting to Linux. Which explains the bugs you get in OpenSSH on Linux, and not on OpenBSD: One team does strictly OpenBSD-based development, aiming to produce code that is as clean, simple, and secure as possible. We believe that simplicity without the portability "goop" allows for better code quality control and easier review. The other team then takes the clean version and makes it portable, by adding the portability "goop" so that it will run on many operating systems (these are known as the p releases, and named like "OpenSSH 4.1p1")(from: OpenSSH
A proposal for the new millenium that article was, wasn't it? "Let's not write portable code! Let's give up even trying!" While the Linux Standard Group and the Open Group work together to solve any LSB and POSIX glitches, here comes this RedHat guy with the bright idea. If you write software for Unix you should be OK, shouldn't you? People have been doing it for decades. At least, that was the impression little old me was under. Now, I'm sure RedHat has this little strategist amongst their ranks. He wears a...red hat, because it gives him bright ideas. For instance, one of their strategic ideas is: not care about Mono, because it's SuSE's thing, so they can go after SUN's spoils using Java, a proprietary platform. And now this new one: let's break everything! Let's make thing go "bump" in the nightly builds! After all, there's sooo much that was just Linux software, like OpenSSH, right? Oh! I forget! That was from OpenBSD originally! Gee! Ah...these little strategists with red hats...
Let's have a really mature and highly technical discussion here on Firefox and IE: shoulda, woulda, coulda, who cares? Happy with IExploits? Think Microsoft will build secure software, even though it's been promising that for 10 years? Good for you!
I saw a big E (IE logo) in the middle of the article and didn't see the Firefox logo, so I'm not gonna read the rest of the article, because I think this is subliminal propaganda.
GCC with ProPolice is the default in OpenBSD. Why isn't it the same in Linux? Why this "oh, it's impossible to program safely anyways, so let's not even try" mentality that a lot of open-source developers display. I mean, 9 kernel exploits for Linux as of May 2005 is too much.
Slashdot Mirror
I think that the key issue that Microsoft may be working towards is a move away from a single product (i.e. a "basic" collection of Word, Excel, and PowerPoint) into an actual service -- a complete solution of services that not only let you do the basic job, but also to complete the various tasks that go along with it, to help businesses manage the entire workflow.
Good point/insight! Actually, I thought this open-format strategy was geared towards avoiding the "perils" of OASIS and FOSS migration (see my earlier post), but I realize you're right on the mark: Microsoft wants to move in on the content-management arena. This is preventive action against OASIS and turf war with Enterprise Content Management solutions and third-party vendors.
Also, I think it's important to say this again: Microsoft Office dominates the corporate landscape because it sits in an eco-system of third-party content-management software for which there are no open-source alternatives, so no, OpenOffice will not take over the world, until alternatives for ECM exist, because there's no integration with content-management software to reduce paper work. The office desktop isn't about John Doe, the solitary user and his files. "It's the workflow, stupid!"
So, in a nutshell, Microsoft is moving in for the kill, raising the bar for competitors, and with FOSS ECM solutions not even on the horizon, I think it's almost Game Over, unless independent software vendors move quickly (which makes me wonder: is Mono understaffed? Why aren't enterprises putting money on Mono-based ECM solutions? Don't they see that it's the Royal Road to migration? Don't they see that either you provide tools to integrate office apps with content management or there is no open-source corporate desktop! )
Sure, OpenOffice is great, but commercial enterprises will stick with commercial solutions for which there is support.
I don't exactly get what you mean by support. My impression from the people and businesses I know personally is that Microsoft Office format is a big success not because of "support", but because there's a wealth of products built around it by third parties.
These 3rd-party products are crucial for the enterprise, stuff like Eletronic Content Management, being able to create document workflow and revision systems, and groupware. All this stuff integrates seamlessly with the Windows desktop and the Windows office applications. In any enterprise with a huge amount of paper and workflow, document management systems are a necessity. This is point OpenOffice proponents frequently forget: office applications are not about just the single desktop user but they are also about integrating seamlessly in an eco-system of content management software provided by theird-parties and accessing legacy documents. For instance, in my country, Brazil, legislation demmands that certain financial documents be stored for a period that outruns any document format you might have seen. This means people have to migrate very old sofware document records.
This is an area ISV working on open-source platforms could explore, an unexplored niche market. AFAIK, not even COLD solutions exists and COLD goes way back decades (ever since computers started processing bills.) And there are no equivalents of proprietary software in the open-source market (this shows you that open source developers are sometimes out of touch with their would-be customer base). People are developing groupware, but there are no ECM (Enterprise Content Management) solutions. Groupware, ERM, and ECM are the bulk of enterprise software.
If only the open-source community would take something like OpenOffice, or further develop AbiWord (which has nice plug-in functionalities), and integrate these with Mono, you would have made a serious dent in the Windows dominance. I mean, who wouldn't want to avoid expensive per-seat Microsoft licenses, plus per-seat ECM licenses? And software houses that provide ECM solution (e.g., the market leader OnBase) work with year-round support and customization, and we know this is a way of doing business that is viable for open-source (of course, they have per-seat licenses).
BTW, I really mean Mono, and not Java. Java is not an alternative on the long term, not only because of the Java's proprietary nature, but because Mono is gearing itself towards Windows-*Nix interoperability, to the point where software build with Windows.Forms will work on Mono. Additionally, having to depend on Sun's finances is a a suicidal investment of resources.
But open-source has major hurdles: it nees to standardize on OpenGroup and LSB That is to say, the Free Standards Group has to advanced by libre *Nix distros and vendors, so that software developers have an easier time with all the distros. De Icaza wrote something about this in this essay. Linux distros need to be reliable in terms of time frame for releases (which the commercial ones are), too.
My feeling is that Microsoft has foreseen a trend going against its closed-source format (OASIS, the Massachusetts imbroglio) and anticipated any possible open-source incursion in the field of content management. If these formats are truly opened, they've raised the bar for the arguments of any future switching to FOSS platforms+OO.org solutions (because, right now, as I've argued, there are no FOSS replacements for content management for the enterprise AFAIK, and there's a huge amo
Well, the difference is that noone pays us Debian Developers to do the work.(...) I'm sure that if you volunteer to do all the security fixes for 4-5 years, noone would mind too much
So? Anybody pay FreeBSD, OpenBSD? Yeah, some sponsors do, but that's because of their organizational skills, which shows up in code and release engineering cycle too, by the way, allows someone like Theo to live of his free software work.
As to participating in Debian: it's too cumbersome to get into Debian. In other free software distros it's more organic: you show up and to the work and you get commit status. In Debian, it's a fucking burocracy. Even Stallman gave up.
Want to know what's really bad for Debian: people don't have committer status, they have developer status. So they think they're above human. When people complain about Debian falling short, they whine they're not paid. Why don't you go work for Ubuntu? You'll get paid there.
"If there aren't any RC bug reports it gets included"
Yeah, little know fact for people who don't follow Debian, because Debian fanboys are quick to excuse Debian's every mistake.
Also, watch another part of the Debian QA, the "Debian Bug Squashing Party."
I mean, seriously...
Firefox is still at 1.02 even though every security patch has been backported (which makes it exactly 1.04)
Here's what my firefox says: "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050517 Firefox/1.0.4 (Debian package 1.0.4-2)"
I won't bet anything yet, because debian developers haven't decided if it conforms to Debian policy. They'll be arguing that on their lists.
Are you serious? How about proposing experimental solutions to the management?
And a good day to you, sir.
There really aren't any "BSD zealots". We're all resigned to the fact that slashdot doesn't give us the same air-play as any Linux news (...) Our stuff works, we don't need to defend it
Exactly. And let me explain myself here: my comment was about the majority of Debian developers. This is not to say that Debian isn't a good distro. But they need to get their act together.
What angers me is people using the "so many platforms" excuse for the mishandling and mismanagement of Debian, because you look at any BSD project, and you see a lot more systems programming (and done right!) than in Debian.
These are the facts.
And BSD people know this. That is why you don't hear much about BSD. They don't care to advertise much, while Linux gets all the hype, because of the huge corporate backing. They also get a lot more of kernel exploits per year. Why management doesn't see this says a lot about management.
Debian, OTOH, is allowed to get away with ridiculous excuses. Once upon a time we, 3 guys and me, started a local Debian LUG. One of them was a Debian developer. To this day, I can't get over the moronic things this guy used to say. He couldn't even program a linked list in C, but his ego was so big you had to get out of the room.
I didn't to a search on them but I've never heard of Debian guys hacking on TCP stack, OpenSSH (*), or creating something like CARP to subsitute Cisco routers, or BSD sockets. Debian has thousands of so called developers.
(*) Question is, did you write the original code and start the original project?
I've never heard of Debian guys hacking on TCP stack, SSH, or creating somethiong like CARP to subsitute Cisco routers, or BSD sockets. Debian has thousands of so called developers.
Your list just shows that Java is available for only ONE free platform.
Your argument is highly flawed, it's not even logical. Furthermore, it's been proved wrong in real life. Here's why:
1) Sure, GCC, and system-programming stuff is very platform specific. OTOH, we already have GCC for a whole buch of "minority platforms". Are you suggesting to just drop this ?! GCC isn't used used only in the RedHat corporate environment only, you know? Need I remind you of other uses, like scientific applications?
2) So, if systems-programming tools are by nature very specific, I guess you would have to agree the userland apps need not be. So, this means: write clean, portable code. I guess this means that you can provide interoperability between different flavors of Unix if you're not lazy. The problem I have with my OpenBSD box is that every now and then I have problems with software written for Linux, just out of ignorance. So I keep a Debian box around to get things done. Even the original GNU software FSF claims makes "GNU/Linux" is highly portable. So all Ulrich-derived arguments and their offsprings are non-sequiturs.
3) And real life disproves you: all BSDs have written a Linux Binary compatibility layer that maps glibc onto their c libraries. Even the original GNU software FSF claims makes "GNU/Linux" is highly pottable. So all Ulrich-derived arguments and their offsprings are non-sequiturs.
What Ulrich should be really worried about is why is it that independent software vendors suffer from package-building hell, and what's RedHat gonna do about the LSB and the Open Group working teams for interoperability.
The only thing I agree with him is that support for proprietary systems should be dropped. They should be left on their own.
glibc is one of the main reasons why Linux application deployment sucks in major (read: heterogenous) installations.
This is what Marc Espie, an OpenBSD developer said about Ulrich on O'Reilly's OnLamp (commenting the proactive measures OpenBSD takes in C programming vs. Ulrich's "Linux programmers are geniuses" view):
"We have had a lot of success explaining the issues and getting a lot of people to switch from strcpy/strcat to strlcpy/strlcat.
Weirdly enough, the Linux people are about the only major group of people that has constantly stayed deaf to these arguments. The chief opponent to strlcpy in glibc is most certainly Ulrich Drepper, who argues that good programmers don't need strlcpy, since they don't make mistakes while copying strings. This is a very mystifying point of view, since bugtraq daily proves that a lot of Linux and free software programmers are not that bright, and need all the help they can get.
(Considering the shining, flaming personality of Drepper, and the fact that he is always Right, this is not that surprising, though)."
AFAIK, it's not OpenBSD people who do the porting to Linux. Which explains the bugs you get in OpenSSH on Linux, and not on OpenBSD: One team does strictly OpenBSD-based development, aiming to produce code that is as clean, simple, and secure as possible. We believe that simplicity without the portability "goop" allows for better code quality control and easier review. The other team then takes the clean version and makes it portable, by adding the portability "goop" so that it will run on many operating systems (these are known as the p releases, and named like "OpenSSH 4.1p1")(from: OpenSSH
I'm really torn about what to think of Debian.
On one hand, I really like the concept--that they keep Linux available on a wide range of architectures
Everytime somebody likes to say that about Debian, I like to remind them the NetBSD folks support an acorn26 acorn32 algor alpha amd64 amiga amigappc arc arm32 atari bebox cats cesfic cobalt dreamcast evbarm evbmips evbppc evbsh3 evbsh5 hp300 hp700 hpcarm hpcmips hpcsh i386 iyonix luna68k mac68k macppc mipsco mmeye mvme68k mvmeppc netwinder news68k newsmips next68k ofppc pc532 playstation2 pmax pmppc prep sandpoint sbmips sgimips shark sparc sparc64 sun2 sun3 vax x68k xen impressive array of platforms, and at the same time hack userland, kernel and protocols. While Debian developers mostly package upstream stuff.
KDE + X.Org + Linux is a cobbled together setup,
Yes. Linux is a legion. *BSD is a tighter platform. They're not so much a bunch of assembled parts.
A proposal for the new millenium that article was, wasn't it? "Let's not write portable code! Let's give up even trying!"
While the Linux Standard Group and the Open Group work together to solve any LSB and POSIX glitches, here comes this RedHat guy with the bright idea.
If you write software for Unix you should be OK, shouldn't you? People have been doing it for decades. At least, that was the impression little old me was under.
Now, I'm sure RedHat has this little strategist amongst their ranks. He wears a...red hat, because it gives him bright ideas. For instance, one of their strategic ideas is: not care about Mono, because it's SuSE's thing, so they can go after SUN's spoils using Java, a proprietary platform. And now this new one: let's break everything! Let's make thing go "bump" in the nightly builds!
After all, there's sooo much that was just Linux software, like OpenSSH, right? Oh! I forget! That was from OpenBSD originally! Gee!
Ah...these little strategists with red hats...
Gee, I was modded a troll! Oh, the lack of humor!
Let's have a really mature and highly technical discussion here on Firefox and IE: shoulda, woulda, coulda, who cares? Happy with IExploits? Think Microsoft will build secure software, even though it's been promising that for 10 years? Good for you!
Whaaaa ?! The first IE was better than Netscape? You weren't around back in the days when Al Gore invented the internet, were ya?
I saw 'em too, but THEY'RE SMALLER.
I was joking. Was I joking?
I saw a big E (IE logo) in the middle of the article and didn't see the Firefox logo, so I'm not gonna read the rest of the article, because I think this is subliminal propaganda.
You bet. This is all PR.
Sorry people, Linux is not "safe."
Depends on which Linux your talking about. Maybe if you were talking about a Linux that is geared towards military use, and that underwent formal methods of software verification (which is a standard practice in that industry), you wouldn't say that. Or, to keep it at a more prosaic level, if only Linux hackers looked thouroughly at their source code and adopted counter-measures to buffer overflows, maybe you would have a resonably safe Os at your home.
However, at the current state of: 1) hacker sloppiness (99% couldn't give a shit about proving and algorithm correct - let alone construct software with formal specification and verification); 2) languages used (C/C++ used everywhere is a disease we must cure ourselves of - we're all in trouble.
And what fucks the software industry is this attitude that there's nothing you can do about. Or, as is the philosophy in the Linux Kernel community: ship fast, fix later, because "there are many eyes looking at the source code and somebody will fix it. Bullshit. May 2005 - Linux already has 9 kernel exploits from this year.
GCC with ProPolice is the default in OpenBSD.
Why isn't it the same in Linux? Why this "oh, it's impossible to program safely anyways, so let's not even try" mentality that a lot of open-source developers display. I mean, 9 kernel exploits for Linux as of May 2005 is too much.