|
|
|
|
Welcome!
Posted:
Aug 27, 2004 7:48 AM
|
|
|
I'd love to hear people's view on my article, which started life as notes for a quick talk at JavaOne and seems to have gathered a life of its own.
I believe that selecting, integrating and delivering software profiles that meet the needs of selected audiences will increasingly become the way that commercial software is created and marketed. It won't be the only way - we will still see the need for custom-crafted code. But as the pool of community-maintained software grows and grows doing so will become less and less viable.
Do you agree? I have had several e-mails from people who don't - the floor is yours!
S.
|
|
|
|
|
|
|
|
|
|
Re: Welcome!
Posted:
Sep 22, 2004 1:37 PM
in response to: webmink
|
|
|
> I'd love to hear people's view on my article, which
> started life as notes for a quick talk at JavaOne and
> seems to have gathered a life of its own.
The Newspaper analogy is great. It explains the vision Sun has behind JDS, and puts the reasons why the strategy is a good done in easily understandable terms. And now another one for the 'grid-computing-on-demand' vision, please!
cheers,
dalibor topic
|
|
|
|
|
|
|
|
|
Re: Welcome!
Posted:
Sep 27, 2004 5:45 AM
in response to: webmink
|
|
|
and what will happen when the ONLY software left is that community maintained code?
At that point there will be no more community because all developers will have changed jobs in order to make a living, jobs that will require the same amount of dedication software development does leaving them no time to maintain all that software.
That's the fallacy in all statements that predict closed and proprietary software failing to open source, such statements never take into account the destructive effect such a development would have on the open source community itself.
Nor does it take into account the fact that the majority of software development is NOT going into software that would ever survive as open source.
It's either too specific to one user's (company's) need or a very small group (think control code for powerstations), or has security concerns that mean it cannot be divulged outside the group that created it (think expert systems for intelligence agencies, encryption/decryption code for military forces, financial institutions).
Such code will continue to exist as long as there are people capable of writing it.
When all other code goes into the OS domain to be maintained by vollunteers so that companies can reap benefit of the effort by selling support or pre-packaged versions, that pool will dry up as there will be no more incentive (read money to pay the bills) to get into software development (the chances of landing one of the few jobs remaining will be too small, the world will go back to the days when developers were trained purely in-house in a kind of apprenticeship program on custom tools varrying per group).
In time, the donators themselves will find they can no longer retain their development groups as people leave with noone to take their place while maintenance from their communities is dead in the water as well.
What will be left is a pool of stagnant, dead, software with some tiny eddies of activity floating around the edges from custom projects run by people who have no knowledge of the waters of that pool and are content to remain at the runoff streams.
|
|
|
|
|
|
|
|
|
Open Source: Not just hobbyists
Posted:
Sep 27, 2004 6:05 AM
in response to: jwenting
|
|
|
You're making a common, huge mistake here. Who is the community? You assume it's all people who have a 'day job' who are writing the code in their spare time (away from their jobs in McDonalds). It's not! It's people like the ones Sun employs, experts at Apache, Gnome, NetBeans, OpenOffice.org and so on, who are working on the projects. That /is/ their day job. I'd suggest that the vast majority of people in the vast majority of successful open source projects are paid partly or entirely because of their open source community membership.
You're right to assert that a public open source approach isn't right for every project, but your view of the 'reach' of open source is also not right. In the future most internal projects will be based on open source frameworks, use open source tools (based on NetBeans or Eclipse), link together open source capabilities (like Spring and Hibernate) and run on open source servers. The people working with those tools will be part of the open source communities for those things, in varying degrees. How will they get their software? It will be delivered as part of the subscriptions they or their employer purchase, or they will be using in-house co-ordinators to procure it.
There's a fundamental shift in progress. It's not the move to Marxism that you fear. It /is/ a move to a massively-connected society.
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Sep 27, 2004 8:48 AM
in response to: webmink
|
|
|
You're not looking far enough into the future. At the rate of open source progress I do not believe there will be any reason to use any proprietary software in 20 years. At this time most software developers will be largely out of work and the revenue generation capabilities of the software IT sector will largely be removed from the global economy.
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Sep 27, 2004 9:09 AM
in response to: markswanson
|
|
|
Once again, you miss the point. Who do you think writes & maintains the open source code? How many Apache Members /don't/ make their living because of Apache? Linux kernel developers? OpenOffice.org developers? Open source certainly changes the fiscal flow of the computer industry but the assumption that all that code is going to be maintained by bus drivers in their spare time is way off the mark.
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Sep 27, 2004 1:05 PM
in response to: webmink
|
|
|
> Once again, you miss the point. Who do you think
There is no "once again", it was my first comment.
> writes & maintains the open source code? How many
> Apache Members /don't/ make their living because of
> Apache? Linux kernel developers? OpenOffice.org
> developers? Open source certainly changes the fiscal
My point is that the need for proprietary software is going away fast. The economic benefits of proprietary software development will eventually largely be lost to free software. If everything is free and high quality the economic benefits of software development will erode into nothing. By the time enough software is free and high quality there will be virtually no need for maintenance or specific enhancements either.
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Sep 27, 2004 1:26 PM
in response to: markswanson
|
|
|
So who will write that software?
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Oct 1, 2004 12:18 AM
in response to: webmink
|
|
|
that is indeed the problem I hint at.
As economic incentive to write software goes down because of large availability of free software, so does the incentive to learn to write software.
In the end there will be noone left with the know-how to create and maintain the software needed.
It will take time, we'll probably all be retired or dead when it happens (if it happens, it's always possible someone will see it happening and succeed in reversing the flow) but it's a serious possibility.
So I'm not talking about tomorrow, or even 5 years from now.
I'm thinking of 30-40 years from now.
It's already starting though. The number of jobs in the software industry has dropped dramatically over the last several years (due to economic influences this time, at least in large part). The current slow recovery sees only senior jobs being created though while entry-level positions are still being scrapped (or moved to SE Asia, where sooner or later the incentive to get into the field will taper off as well when it turns out there's no high-level jobs to be had). This leaves a large gap in the near to mid future as those senior people retire or get promoted to non-IT jobs and it turns out there's noone left to be promoted in order to replace them.
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Sep 28, 2004 3:23 AM
in response to: markswanson
|
|
|
You're only thinking of shrinkwrap software a la MS Office, Windows,...
You have to keep in mind that Open Source only deals with software that is interesting to develop ("interesting", of course, varies strongly from person to person);
What you're missing is internal software. Think of special accounting software, software that does internal transactions, embedded software to control devices,...
Sure... they can *use* libraries from the Open Source space, but hooking those together or turning specific specs into code still needs to be done by skilled developers.
That's already the largest part of programmers jobs; Few people work on shrinkwrap software. Just think of the many people that do SAP consulting. They would make their money even if the SAP R3 product would be free, because they make their money by customizing the software for the customer.
(Of course, the thought of spending the rest of my working life as an SAP consultat makes me want to sell my laptop, move to iceland and start a polarbear taming business... but that's just me...).
murphee
http://jroller.com/page/murphee
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Sep 28, 2004 3:56 AM
in response to: murphee
|
|
|
I do totally agree with you, but even "packaged" software isn't going away. The point of my article is that "packaged" software turns into an editorial act akin to the consulting you refer to, but performed for the mass market.
I still don't agree with assertions like "Open Source only deals with software that is interesting to develop" though. Even allowing for the fact that "interesting" is relative (some people even think that football is interesting, for example!), I'll again point out that open source merely refers to the way the development organisation is arranged - "commons-based peer production," as Benkler calls it. *People can still be paid to work on the commons*. I'd assert that a remarkable number are even today.
What changes is that new, more local ways arise for people to be compensated for the creation of "software wealth" and the flows of wealth become more related to value seen to be delivered and less related to value obtained from the commons. At the risk of crossing to discussions here, Paul Graham writes usefully on the subject of wealth in 'Hackers & Painters'.
The existence of new ways to for wealth to flow will certainly change and dilute the market for packaged software and open the door to Doc Searls's "do-it-yourself IT" but I'd contend that the market for editorial packaging won't go away.
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Sep 28, 2004 4:25 AM
in response to: webmink
|
|
|
Hmm... about the "OS only does intersting stuff": Well, I said that "interesting" varies from person to person (there are loads of people translating software... without monetary compensation, and they have their reasons to do that).
BUT: I agree, I over-generalized the term "Open Source". There are more and more projects that are Open Source that weren't started by private people (OpenOffice, Eclipse,... come to mind). Seems like it's time to get some more specific terms... Open Source is just to general (and by now, some people seem to have acquired negative associations with it).
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Oct 1, 2004 12:21 AM
in response to: webmink
|
|
|
the idea that soon all software development will exist of putting together components from one source or another has been opted time and again.
I think the first time I heard it was over a decade ago. At that time it was estimated that within 5 years all custom software would exist of off the shelf components and some scripts to make them work together.
5 years ago I heard the same, and now again?
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Sep 28, 2004 6:41 AM
in response to: murphee
|
|
|
> You're only thinking of shrinkwrap software a la MS
> Office, Windows,...
I'm not.
> What you're missing is internal software. Think of
> special accounting software, software that does
> internal transactions, embedded software to control
> devices,...
I'm not missing it. The depth and breadth of free software will grow to provide all useful and necessary combinations of features. The very fact that programmers are constantly stitching together higher level freely available components shows this trend.
> Few people work on shrinkwrap software. Just think of
> the many people that do SAP consulting. They would
> make their money even if the SAP R3 product would be
> free, because they make their money by customizing
> the software for the customer.
Customized software will be replaced by freely available components that will be consistently easier to use, configure, and interoperate with other freely available components. Entropy is definately on my side on this one.
Cheers.
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Sep 28, 2004 7:17 AM
in response to: markswanson
|
|
|
> The depth and breadth of free software will grow
I'll keep on asking: who will write it? It won't grow all by itself.
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Sep 28, 2004 7:49 AM
in response to: webmink
|
|
|
Why do some people seem so keen and so happy to get rid of software companies??
I like working at a software company! Would I prefer to work at a Bank, an Aerospace company, a car factory, a food producer?? Hell no!!
Software companies are cool, they have casual wear, they have flextime, I don't have to deal too much with customers, I get free drinks, etc..
If it were true that OSS is going to eliminate all shrink wrapped software.. then we would not have any software companies. We'd have to be like Michael Angelo who looks for a sponsor who can "tolerate" his art.. Thanks, but no thanks.. I rather be building the strategic project for a company.
OSS has its place, but if it results in getting rid of Software Companies.. I'm against it!
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Sep 28, 2004 8:21 AM
in response to: markswanson
|
|
|
I think your vision is partially utopic. While it is true that freely available components will make development easier and more standard (this is already true) the need for domain specific extensions and domain specific components will never fade. The day the development of proprietary software will cease to have an economic value so will the development of software itself. Don't think about us but put yourself in the shoes of a generation grown in a world were software has no economic value. To make a living, such a generation will turn its energy and stamina toward something more profitable not bothering with software at all.
Bruce Sterling explored this avenue in a book which title should be "Caos USA" or something similar.
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Sep 28, 2004 1:03 PM
in response to: markswanson
|
|
|
>Customized software will be replaced by freely available
>components that will be consistently easier to use,
>configure, and interoperate with other freely available
>components. Entropy is definately on my side on this one.
Well... 200 years down the road, this might be true... but I don't see anything like that in the near future.
Sure... in the past decades, we've been getting more and more powerful libraries (or components), but that doesn't mean that they'll soon string themselves together by magic.
Unless someone develops a "Do what I mean"-To-Machinecode compiler, there will still be a need for developers that turn requirements into specs and then into some form of code. This code might not be 'int x = Integer.parseInt("123");...', or something like that... but it will still be required to put something a computer can process.
This all means: there is still plenty of need for paid programmers in the future, no matter how good the components get.
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Sep 28, 2004 1:19 PM
in response to: murphee
|
|
|
... and at the risk of being too repetitive, /someone has to write the libraries/!
Open source in no way invalidates paid-for programming, nor obviates the need for sources of supply for aggregated software and support. It just changes the way the money flows.
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Jun 16, 2005 12:30 AM
in response to: webmink
|
|
|
> ... and at the risk of being too repetitive, /someone
> has to write the libraries/!
>
> Open source in no way invalidates paid-for
> programming, nor obviates the need for sources of
> supply for aggregated software and support. It just
> changes the way the money flows.
This is somewhat disingenious. Suggesting that changing the way money flows won't effect the software industry is... interesting. You may be right. But historical examples show that changing the flow of money is usually catastrophic.
The idea of the flow of money is an interesting one. Unlike others have suggested I don't think that it will entirely dry up, but there's every reasonable expectation that in many cases free software can act as a substitute (in the Econ 101 sense) good for paid software. Given the presence of a lower cost substitute, the average amount of money spent on that good will (should) decrease.
We can see the effect of a reduction in money being pumped into the software industry in recent history. Take England after the dotcom bubble burst... where you had experienced software engineers (say 5 yrs experience) being offered 25 thousand quid, whereas in London a *trainee* manager burger flipper at the scottish restaurant (McDonalds) were being offered 20-21 thousand quid.
Or, in other words, the effect of the money flow reducing is that programmers start being paid like burger flippers. Ouch.
As various people have pointed out, (if that became the prevailing future condition of the software industry) that would act as somewhat of a disincentive to people entering the software writing industry.
Currently the money flows from:
(1) Ordinary consumers
(2) Large organizations
(3) Software developers
to:
(a) Software developers (who self publish)
(b) Software developers (who work for a Large organization)
(c) Software developers (who do consulting (for Large organizations))
(d) Large organizations that produce or publish software
(e) Large organizations that sell consulting services
Like all gross generalizations there are all sorts of boundary cases and counter-examples, lets just take them as given. Note especially that I'm conceptually lumping most of the large organizations into the same bucket, as I don't really see much difference between working for Sun or working for SAP (I do know I prefer writing software to configuring software that others have written) - in terms of what the end user sees they have nothing, they pay some company some money, and then they get some working software. Whether because the software was shrink wrapped, or simply that they had to pay a consultant to un'break' it... matters not.
In a very real sense, F/OSS is a direct attack on (a), 'the little guy'. In many cases in the computer industry large organizations have sprung forth from the operations of the little guy. Arguably this is a lot harder these days for hardware companies to start in someones garage (yes, Apple did it 25ish years ago, but could it be done again today?). Perhaps it is a natural evolution for software to go the same way - in which case we would expect over time to see fewer and fewer software companies, like what has happened to general purpose hardware companies (I don't know if there are more niche hardware companies nowdays, eg people manufacturing iPod accessories??)
(a) has many advantages for the individual. He or she can collect royalties or sell to practically anywhere in the world.
(b) has obvious disadvantages if the money flow diminishes, as the pie gets smaller, the developers will get less
(c) has obvious disadvantages as well.
Now, since (c) is the underpinning of F/OSS claim to not being anti-commercial, let us examine them in detail:
Firstly, there is no possibility of royalties. The implication of this, is that if you stop working (ie stop providing these services), you stop getting paid. Also you can't build up a company, write better software, or employ more people etc (eg FogBugz et al) .... unless you somehow manage to clone yourself?
Secondly, if someone puts out a F/OSS shrinkwrapped software that performs the same tasks you used to, then you are stuffed. (Arguably this is quite likely to happen, unless the developers/configurers all collude to produce deliberately broken software)
Thirdly the barriers to entry and change are high (they would have to be, otherwise noone would pay you for these services). Eg if the software is easy to install and configure, then noone is going to pay you to do it. Whereas if the software is arcane and difficult, and takes many years of experience to understand... then you can charge a much higher rate. This means that my job as a F/OSS consultant is contantly under threat and I am on a constant treadmill of upgrading my skills (windows is like this as well - one of the reasons why (a) is pretty much always better for the individual than (c))
There are other problems with (c).
But now I want to take a look at the current industry and where the pressures are.
On the one hand, we have Apple's OS X, which shows that there is a market for 'slapping a nice ui' on F/OSS unix and selling it as shrinkwrapped software. A lot of recent converts are ex-linux/windows devs who get tired of the constant fiddling around in those other os', and want one where things 'just work'. Just because I can spend hours and hours fiddling around to get my network printer working, does not mean that I desire to do so (even if the struggle would be a character building experience).
So we see that easy to use interfaces aren't just for little old ladies anymore - they are also for power users too.
Then we have lots of new programmers entering the domain of the software industry all the time. These are in the form of young college-age students. They are smart, have plenty of time on their hands, have no money anyway (so they don't miss it when they give their efforts away) - in short, these are our pool of future Torvalds (and that guy that did Napster etc).
And on a side note, isn't it interesting that even someone with an absolutely massive impact on F/OSS like Linus still has to go to work (for 'the man') or he won't get paid...?
These youngsters are driven by different forces. Partly those who want to enter the software industry need to somehow give themselves an edge against other new job applicants, and writing a popular piece of F/OSS is a good way to get some credibility. Partly they just want to write cool stuff, even if they don't view themselves as programmers, they might just be 'amateurs' who slap something good together, or just enjoy fiddling around on their computer, even if they see their career as something different.
Odds are, if someone puts out a program to do something, and charges say $20 for it, a young F/OSS acolyte will take it as a challenge, and devote a couple of years to putting out a free version.
In other words, anything I can do, they will try to do better (or, at least... 'freer').
So if I want to do (a) I need to somehow 'out resource' the F/OSS fans. I could do this probably with say 10-100 person years of effort. That puts it out of the reach of a casual assault. And into the range of needing some serious organization, both on my part and on the part of my F/OSS opponents. Eg they'd need to do something like the mono project. Where would I get the money and resources to do that? Who knows? Its an interesting question.
So we see that F/OSS raises the barrier of entry for shrinkwrap/propriatory software. At least where we try going head to head against it.
Could I instead somehow emulate Apple, and build something on top of a F/OSS base, and then sell it? Quite possibly, after all it is well known that the interests of consumers and the interests (as in scratch an itch) of the developers do not often match up. So if I can offer a product to the masses, built on a foundation of F/OSS ... I still somehow need to avoid incurring the wrath of the F/OSS crowd. Because there really are some who seem to take other people's interest in making money as a personal insult, and it can be like waving a red flag to a bull.
So somehow you have to market yourself to consumers ande also other developers. Even then it doesn't always work out, as we see with the recent linux kernel versioning debacle, it is hard to please all of the people all of the time, and it only takes one idiot to ruin it for everyone else. So perhaps any short term alliance between the free and shrinkwrap worlds is always going to be a precarious balance? Probably staying as far away from the GPL as they can get is a good start, going with either the BSD or Apache style licences for software to build on, as they seem less inclined to take offense.
Looking again at the Mac, I find that while there are lots of small companies selling niche products, the only pieces of software I've actually paid for are the OS, and one game ( -> Majesty <- I play a lot of other games, but they were either free downloads, or in the case of Diablo II were already included on my CD of the game for my PC (yay Blizzard!). Everything else I've either written myself, or downloaded free (as in beer) versions off the net (Apples site has links to thousands of free programs written by other people).
The only thing I really yearn for, is a decent spreadsheet. There's one that comes free with Appleworks, and I've got the OO.o one (the Javafied one, I couldn't be bothered figuring out how to get X11 to work under OS X), but neither of them is as good as I want. I would buy Office for the Mac, but don't want to support the evil empire (whose years of abuse (and a crappy IBM laptop) are what drove me into the arms of Mac in the first place).
Frankly I don't know how people make money selling shrinkwrap software for the Mac, its not that there's no market for it, but rather that there's so much free stuff being given away for it, that I don't see why people would pay? (And to the anti-mac crowd if I want 'a real games machine', I'll just buy a Play Station (oh wait, I already did) (definitely not an XBox, for the same reasons as given above)).
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Jun 17, 2005 2:28 AM
in response to: rickcarson
|
|
|
> This is somewhat disingenious. Suggesting that changing the way money flows won't effect the software
> industry is... interesting. You may be right. But historical examples show that changing the flow of money
> is usually catastrophic.
While your post looks well researched I'm under the impression you are looking at the subject from a perspective of someone that has little experience in the field.
A very basic mistake is that the little guy would suffer the most from FOSS as small companies or single programmers would somehow be without any jobs and all would go to the big companies. That conclusion seems quite baseless and direct observation counters this.
The number of upstarts (at least here in Europe) for companies that provide services for open source programs is rising. These services go from teaching via bugfixing and all the way upto genuine support contracts.
With the ever increasing amount of software available for free the cost of ignoring that software to build your own on top of becomes too large to ignore. In other words; companies better start using open source, or they will go out of business. Just rewriting another web framework is just not cost effective.
The largest problem with using frameworks from 3th parties is the learning bit; and the extending bit. Which is exactly where small startups help.
On top of that; almost all posters here forget that some 90% (and I'm not even making that number up) of the software being written today is for internal use. So companies having in house programmers or hiring a software house to write software that only they are going to use.
So unless business practices are going to be streamlined across all companies (yea, right!) the need for programmers will not go away. On top of that the need for people knowledgable of one piece of software in the software stack will only increase. Assuming thats an open source product that many clients will use to build their internal products on. Think hybernate, for example.
Simple economics dictate that every product only lives a limited lifetime being profitable. After that time the market will be saturated and prices have dropped.
Open source is stepping in for many of those products to bring the cheapest alternative (in various respects), mostly after the profitable period has subsided.
Companies doing real research and selling their software will always be around.
In the end the programmers working for a company writing just another clone of a long existing product will lose their jobs. Nobody is going to pay for yet another database or operating system. But if you were that programmer doing something many did before you, then you might just as well work in the mc. flipping burgers.
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Sep 29, 2004 4:02 AM
in response to: murphee
|
|
|
Anybody read the Asimov robot books? Assume that computers get smart, and that applications *do* string themselves together. Somebody is still going to need play the roll of psychologist.
So your job changes ... it doesn't go away. I'm all for open source. I use it all the time. It means that I can concentrate on solving unique business problems rather than writing yet another tree iteration algorithm.
|
|
|
|
|
|
|
|
|
Re: Open Source: Not just hobbyists
Posted:
Oct 1, 2004 12:10 AM
in response to: aaston
|
|
|
If you have read the Robot series, there's still a lot of programming going on.
People program computers to design the robot brains. The programs probably look little like programs we have today, being at a higher level of abstraction, but they're programs just the same.
|
|
|
|
|
|
|
|
|
Re: Welcome!
Posted:
Sep 27, 2004 7:08 AM
in response to: jwenting
|
|
|
A little note concerning encryption/decryption (and security issues), it is well known that secrecy can't rely on the algorithms. I think that open source softwares increase security...
|
|
|
|
|
|
|
|
|
Re: Welcome!
Posted:
Sep 29, 2004 11:22 PM
in response to: turquoise3232
|
|
|
> A little note concerning encryption/decryption (and
> security issues), it is well known that secrecy
> can't rely on the algorithms. I think that
> open source softwares increase security...
You got the sense of it right, if not the wording  Secrecy can't rely on the algorithm being secret.
|
|
|
|
|
|
|
|
|
Re: Welcome!
Posted:
Oct 1, 2004 12:27 AM
in response to: tobega
|
|
|
> > A little note concerning encryption/decryption
> (and
> > security issues), it is well known that secrecy
> > can't rely on the algorithms. I think that
> > open source softwares increase security...
>
>
> You got the sense of it right, if not the wording
> Secrecy can't rely on the algorithm being secret.
maybe not, but it has to rely on the implementation details of that algorithm being secret.
With OS every cracker in existence can freely pour over the code to find weaknesses to exploit.
Of course the developers can do the same, but the number of developers will always be less than the number of criminals in this field.
Some of the criminals may even join the development team and inject weaknesses into the codebase. If they're clever enough they may even succeed.
Remember that users should not be forced to read and understand the source code of their applications. With OS as it stands that's exactly what they need to do in order to know if an application is sound.
|
|
|
|
|
|
|
|
|
Re: Welcome!
Posted:
Oct 1, 2004 9:11 AM
in response to: jwenting
|
|
|
>maybe not, but it has to rely on the implementation details
>of that algorithm being secret.
So... you've obviously never heard of disassemblers, decompilers, debuggers (providing a view into live memory),...
Algorithms in software aren't secret; if the user only gets binary versions, it only means that the attacker needs to take an extra step to get the algorithm... and frankly, no serious attacker will be stopped by that (serious == capable of actually exploiting a weakness).
BTW: every cryptographer will tell you, that algorithms *have* to be open, have to be reviewed over and over again.
With the last AES standard, for instance, this was done extensively. Every algorithm was public before the final algorithms were chosen... and guess what: most of them were broken, some of them even only minutes after they were presented. If they had been kept secret, these weaknesses wouldn't have been found and would now be in the standard allowing blackhat attackers to find them and keep them secret...(the developers of the algorithms hadn't been able to spot the waeaknesses... and they should have had the best insight into them, you'd think...).
>Remember that users should not be forced to read and
>understand the source code of their applications. With OS
>as it stands that's exactly what they need to do in order
>to know if an application is sound.
WTF?
|
|
|
|
|
|
|
|
|
Security by Obscurity... Not!
Posted:
Oct 14, 2004 10:59 AM
in response to: jwenting
|
|
|
> maybe not, but it has to rely on the implementation
> details of that algorithm being secret.
Absolutely false.
You're promoting a fallacy called "security by obscurity" or "security through obscurity".
Yes, Virginia, there really are ways to make things "secure". There's a lot of information out there on this pretty big subject.
|
|
|
|
|
|
|
|
|
Re: Welcome!
Posted:
Oct 4, 2004 11:33 PM
in response to: tobega
|
|
|
You're right, the sentence is clearer the way you put it!
|
|
|
|
|
|
|
|
|
Re: Welcome!
Posted:
Jan 1, 2005 10:12 PM
in response to: jwenting
|
|
|
I am new to Java, open source, and programming in general, but this is how I see it: code is art.
Just as some musicians makes a living pouring their soul into songs - while others never get their "break", so some coders are lucky enough make a living pouring their ideas into binary - while the rest of us are stuck following the whims of the latest marketing research.
Whoever makes a living doing what they love always has higher-ups to please.
The difference between open and closed-source code, as I see it, is this: open source code is bourne of necessity and written through passion (I'm not talking about romance-novel passion - I'm talking about coding for 24 hours straight because: "I just have one more thing to do"), and closed-source code is written because your manager tells you to. Now obviously this is not always the case, but look at the results - open source software is growing so rapidly that short-sighted people and companies are terrified they will be put out of work!
People will always be paid to create and maintain software. Companies will, in turn, sell the software written by those people. People will also continue to write and maintain software without getting paid. . . why?
Some of us program because we love it. We wake up in the morning and go straight for our machines because we thought of something really cool just before we fell asleep. We couldn't imagine doing anything else.
Such people are artists. They code not only because they get paid, but because something burns inside them. They have great ideas, and they want to share them with the world. They want to make people's lives better (their own included).
Some of us get paid to do what we love, and some of us don't. . . that is how it always has been, and that is how it always will be.
Shameless Plug: OK, like I said, I'm new to programming. I have a project on java.net, thereallm. The URL is https://thereallm.dev.java.net. I have an enormous vision, and I would really appreciate help, advice, and wisdom from those more seasoned than I. Please stop by and check it out.
|
|
|
|
|
java.net RSS
