PolitechBot

Back to home page: http://scratchpad.wikia.com/wiki/Sasecurity

http://politechbot.com/pipermail/politech/2004-April/000604.html

[Politech] Replies to IPI fending off "attacks of open-sourcers" [ip] Declan McCullagh declan@well.com Wed Apr 14 02:09:25 CDT 2004

* Previous message: [Politech] Three replies defending Google from the pro-regulatory privacy crowd [priv] * Next message: [Politech] More on California may regulate car rental GPS tracking [priv] * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Original Message Subject: Re: [Politech] IPI successfully(?) fends off "attacks of theopen-sourcers" [ip] Date: Tue, 13 Apr 2004 15:15:11 -0400 From: William Allen Simpson  Organization: DayDreamer To: Declan McCullagh  References: <407C0961.3010805@well.com>

Declan McCullagh wrote: >... > Original Message > Subject: IPI: IPI defends against the attacks of the open-sourcers > Date: Mon, 12 Apr 2004 12:39:57 -0500 > From: Tom Giovanetti  >... > IPI published a new paper called "Has Open Source Reached Its Limits?" > questioning whether open source software really has the potential for mass > market penetration, and whether open source will ever deliver innovative > products, rather than the derivative products that have thus far > characterized successful open source projects. >... I'll bite. The original (and most existing) Internet implementations are open source. How was that derivative?

In the marketplace, IP was a direct competitor to the private telephone companies' OSI -- that failed miserably despite billions of dollars in direct government investment, compared to a few measly millions in the ARPAnet and NSFnet (predecessors of the commercial Internet).

Too broad a scope? How about the Point-to-Point Protocol, developed in open cooperation among a large number of companies, institutions, and individual consultants through the IETF. (As the Editor, I'm reasonably familiar with the specifics.) How was that derivative?

As an open source contributor, my PPP software proliferated into many projects, including proprietary products. And that's what allowed the "common user" to dial-up the Internet, leading to an entire industry of widespread Internet Service Providers. Mass market enough? -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32

Original Message Subject: Re: [Politech] IPI successfully fends off "attacks of the open-sourcers" [ip] Date: Tue, 13 Apr 2004 20:51:35 -0400 From: Dan Geer  To: Declan McCullagh 

[IPI is a conservative group in Lewisville, Texas. To give you an idea of where IPI is coming from, it has close ties with former House Majority Leader Dick Armey

and it gets Microsoft funding

--dan

Original Message Hi Declan,

Kudos to IP for selecting and attacking a partisan response to its original partisan report, and for painting all open source advocates as crazy zealots living on the fringe of reality, who are forcing the rest of us into an unworkable anti-property (read:communist) system. Well played!

However, IPI's assertion that all open source software is not ready for and can not be made ready for the mass market can be disproved by a single counter example. Along with many other people, my mom and not too technical best friend are both members of the mass market for computer software. Both use OpenOffice.org, which is a powerful open source office suite similar to Microsoft Office. I installed the software and trained them no more than I would have if I had installed Microsoft office. Q.E.D.

Regards,


 * NAME WITHHELD*

Original Message Subject: Re: [Politech] IPI successfully fends off "attacks of the open-sourcers" [ip] Date: Tue, 13 Apr 2004 14:26:20 -0500 From: Jim Davidson  To: Declan McCullagh  CC: tomg@ipi.org

Dear Declan,

> But, thanks to Google News Alerts, we found out about the > attack, and demanded the right to have our reply published, > which showed up today.

Since when is there a "right to have our reply published"?

That's a mythical "right" which creates an affirmative obligation, much like the "right to education" and the "right to healthcare" which are touted by other socialists. Such a right, if it were to exist, would obligate anyone who publishes any information to publish information in direct opposition to their own views. The claim that such a right exists is destructive of freedom of speech and is the sort of typical socialist tyranny that neo-cons seem to love.

Nobody has a right to have their reply published, and only fascists would claim such a thing. Which makes me unwilling to examine the words of IPI.

Regards,

Jim

Original Message Subject: Re: [Politech] IPI successfully fends off "attacks of the open-sourcers" [ip] Date: Tue, 13 Apr 2004 22:20:19 -0600 From: Allen S. Thorpe  To: Declan McCullagh  References: <407C0961.3010805@well.com>

I don't consider anti-opensource-freeware to be a conservative position. I don't know why TCS and this group get so worked up about these initiatives. If people want to give away their work to make it a better world, more power to 'em. Maybe Linux won't dislodge Microsoft, but it won't be for the reasons I've read so far.

It's not that I hate capitalism. It's more that I don't think that everything has to be done for profit. The value of volunteerism is as fundamental to a free society as democracy is.

Furthermore, I think that personal computers have been oversold as being simple and easy to use. It might be a good thing if we returned to the idea that some work is necessary to be qualified to use one.

Original Message Subject: Re: [Politech] IPI successfully fends off "attacks of the open-sourcers" [ip] Date: Wed, 14 Apr 2004 04:55:54 +0200 (CEST) From: Thomas Shaddack  To: Declan McCullagh  CC: politech@politechbot.com References: <407C0961.3010805@well.com>

I dare to take exception to the "successfully". Fended off, yes - but more by political rhetorics than by real arguments.

Disclaimer: I am just an admin/developer with some hands-on experience. No political nor economical theory background, nor any desire to mess with it.

> IPI published a new paper called "Has Open Source Reached Its Limits?" > questioning whether open source software really has the potential for mass > market penetration, and whether open source will ever deliver innovative > products, rather than the derivative products that have thus far > characterized successful open source projects. Here's a link to the paper: > http://www.ipi.org/ipi/IPIPublications.nsf/f726f4998ba46f86862567d80074727a/bab0bb99395eefe086256e49001e2187?OpenDocument

Couple comments about the most glaring points:

"According to those [Google access] records, Linux has only around 1 percent of the mass market."

Many browsers, from Opera to Links, allow manual setting of the User-Agent string, which is what Google uses for browser/OS identification. Because of sadly way-too-common practice of so-called webdesigners to take shortcuts and exclude everything but MSIE, telling the browser to lie it's MSIE in order to not be redirected to "this site is only for MSIE" pages is quite common. I refrain from guessing the real numbers here, though, just reminding that there may be distorting factors here. Passive IP fingerprinting would do better job than relying on User-Agent header.

"The computer game market is dominated by commercially developed games."

That's true. In the area of "big" games, heavy on graphics. However, code complexity and playability are orthogonal; Tetris is a nice example. There are also examples of graphics-heavy open-source games slowly appearing.

"Third, it's common in open source advocacy to see figures describing the number of projects at open source site sourceforge.net or similar sites, with the implications this represents a mass of useful products."

Sturgeon's law: 90% of everything is crud. So this is unsurprising. The remaining 10% tends to be quite interesting, though.

"In actual fact, most of the projects are of poor quality, are unfinished and are certainly not comparable with the polished products of the commercial software development model."

Windows 95, First Edition. What to say more? (Maybe Windows ME...)

"Fourth, the firms often presented at open source conferences as evidence of the virtues of releasing source code are usually not software developers at all, but web developers, and their much vaunted "products" usually include very little original intellectual property."

What conferences? I never heard about web developers being disproportionally represented on such conferences. Or maybe I remember things wrong way and Suse, Inc. is a group of web developers.

"Communities advocating for open source fall into four main groups - IBM, hardware makers, commodity firms and some types of lawyers."

IBM, yes. But you can choose a lesser brand, or, if you are a small operation, hire a local tech.

Hardware makers, some, especially embedded, as mentioned, yes - the rest is throwing sand into the gears by refusing to release specs or at least drivers, and in extreme cases even threatening the reverse engineers with high-yield intercontinental ballistical lawyers. I dare to contest the claim that openness in embedded software is not good for building software industries - the effort to design a new thing is dramatically reduced, which lowers the cost and time to market and allows developing solutions even for applications that won't be profitable otherwise. Lots of smaller companies can coexist on the market that would otherwise belong to few Big Names, developers working there aren't mere human resources, customers get more personal attention and better-customized solutions.

For various kinds of companies, open-source really represents cost reduction. It also represents a wide market for developers themselves, to customize the applications for the needs of the clients - which is a nice alternative to the one-size-fits-all commercial approach. Comparing the number (and wages) of advertisers, PR specialists, lawyers, salesmen, market analysis and policy research groups working for and paid by various open source initiatives with their industrial counterparts reveals one of the sources of the savings.

Lawyers are opportunists that try to get gain from just about anything, so that's not surprise. What about the corporate lawyers, the patent ones, the intellectual-property ones, and all the kinds of others who parasite on the inhabitants of the legal maze of Commercial Software?

Nobody mentions a very important group: administrators - it's easier to maintain a system with sources available than a closed something. In numerous cases I had to grep the sources for an error or log message, then looked where it was called from, ltrace and strace helped to pinpoint the cause, and the solution was found. Often in less time than what it takes to get an answer from a helpline. Or, when tuning or supervising a system, had to add a syslog call in some third-party code to have centralized logging/supervision for that application. Same for developers - if you need a program that's similar to other program but has a certain function, you take the similar program and write the function in. It's a courtesy to publish the modification (or an obligation, if you redistribute it, depending on the licence). Also, openness and modularity is a big plus for maintenance of in-house applications.

Another area, often neglected in discussions, is the problematics of interoperability and adherence to standards. There are certain subjects on the market, who see interoperability as a threat for their business model, and go head over heels to "embrace and extend" existing standards, and to push their own opaque proprietary ones. I had to retrieve data from damaged files of all formats; XML format of OpenOffice can't be compared with DOC format of Microsoft Word - it would be like comparing plaintext markup language with poorly documented binary abomination. One you can handle in Notepad, if things come to worst, the other needs its own editor - and even there tends to lose formatting when moved between different versions of the editor.

"For example, whereas a computer costs a month's wages for an average American worker, it costs eight years' wages for a Bangladeshi."

How much does it cost including all the software needed to actually use it? What computer - new state-of-the-art one, or a refurbished old one?

"Good developers create their own designs; they don't need to copy other peoples' source code."

So good developers reinvent the wheel. Did I understand correctly? How much code did the author write?

"Microsoft platforms probably provide it better than open source, because they expose functionality via precisely defined hooks that continue to work in upgraded versions of the platform, allowing properly engineered third party applications to work seamlessly across all required versions of Windows, including future versions."

One word: POSIX. (And various other standard APIs and protocols, allowing applications to work seamlessly across many different processor architectures and operating systems. And when there's not binary compatibility, there's still the source and the tool chain.)

Not mentioning Microsoft's tendency to litter their API with undocumented functions. Rumours are they use them in order to take unfair advantage over the third-party vendors, who don't have access to them. This also causes problems with emulation, hindering interoperability.

"Again, development of custom functionality and third party applications does not need access to source code of the underlying platform."

That's true - but access to the code makes things MUCH easier.

"...avoidance of the alleged dangers of a software monoculture."

Alleged? One word: W32/Lovsan.worm.a.

"The reality is that open source can trap a customer into an outsourcer relationship more readily than commercial software. This is because commercial platforms expose standard API's for third party applications and any consultant can develop for them."

Open-source software exposes EVERYTHING, including the APIs.

"For example, respected open source developer Hans Reiser of the ReiserFS file system has complained that controllers of different versions of Linux have started threatening to invalidate support contracts if customers stray from their own versions. He describes this behavior as being intended to achieve market leverage and exclude competitors."

Many supporters from the Windows World seem to do that too. The real reason seems to be in the difficulties in keeping track of the user's modifications and related issues for debugging. If you run into such issues, the best course of action is either changing the vendor, or getting an in-house support.

"Establishing 100 percent security in software and in large installations of that software is an enormous task."

You can't get 100% security. You can get reasonably close, though. In my experience, Linux turned out to be much easier to manage than Windows. Windows tend to be picky about hardware; when a Linux computer dies, the drive is taken to another computer that has to be just vaguely similar, booted up, and is up again with minimal trouble. Such trick done with Windows (tested with Windows 2000) often ends up with the machine not even booting - happened to me with the SAME MODEL of the motherboard. Reinstallation of the kernel or a damaged or accidentally deleted system library can be done by booting from a service CD and just copying files where they belong. Most system administration can be done over commandline; the flexibility of ssh versus rdesktop can't be compared (try to script mouse clicking - a non-issue for one machine, a big problem with 50). Unifying the configuration of the software can be as simple as rdisting or scping a simple text file to the /etc directory, instead of fiddling with keys sprinkled all over the Registry. (The config files can also be processed automatically with per-machine configuration, using some of the plethora of text-manipulation tools, including but not limited to sed, awk, scripts written in perl and python, C, Java...) Should I continue?

"This is a point made by Bertrand Meyer and Nikolai Bezroukov, who contend that so-called free programming is often funded by taxpayers in one form or another..."

Ummm... isn't closed software licensed by the governments and paid for by taxpayers' money equivalent to funding the commercial software vendors by taxpayers? For a middle-sized country, the costs of licencing vs the costs of "in-country" development can be at worst comparable. The recent China-Korea-Japan Linux development coalition looks like a good idea, cost-wise. If it costs the same or less, why give the money to a foreign corporation instead of keeping it all in local economy and fund the local universities?

"As these factors become more apparent, open source will go the way of other IT industry fads that were once trumpeted as the way of the future, like Macintosh computers, business AI, 4GL programming languages and Y2K."

Macintosh machines don't seem to be dying and OS/X looks nice (and it's largely based on open-source BSD code). Business AI moved out of spotlight, quietly maturing in many applications from stock market evaluation to optical systems in robotics. I don't know enough about 4GL, and Y2K was to large extent overhyped in order to provide a comfortable cash cow for the vendors and ratings for the media. Not exactly good examples.

"Indeed, there is already evidence that staffers at Munich are not as enamored of open source as the political advocates are."

Counterquote from the referenced Wired source, its closing statement: "Right now we are proceeding as planned, and we have no hints or signals that the city counsel is regretting or reconsidering their decision to move to Linux," said Hofmann.

- > In reaction, an open source partisan in Australia published an attack on > IPI's arguments, and on IPI. Here's the link: > http://www.smh.com.au/articles/2004/04/05/1081017093699.html > > But, thanks to Google News Alerts, we found out about the attack, and > demanded the right to have our reply published, which showed up today. > Here's the link: > http://www.smh.com.au/articles/2004/04/12/1081621880019.html > > Hope you find this of interest, and we're always interested in your > comments.

I am somehow entirely unsurprised by the vitriolic and ad-hominem nature of the reply, combined with failure to answer even the basic points of the "attack" - in effect resembling more the reaction of a prodded wasp nest than of a 17-year-old, well-respected public policy research organization.

Just few selected points to comment on:

"This improvement in the human condition is due in no small part to innovative technology and health products developed not under any sort of open-source model, but rather under the property-rights incentive model Mr Brooks apparently loathes."

I dare to remind the readers that the property-rights incentive model is related only to applied research, which stands on the shoulders of elementary research that is in vast majority open and publicly funded.
 * Real* innovation comes from there.

"But, in the real world, there is nothing more important to companies than the happiness of their customers."

One word: profit. Happiness of a customer is the means to achieve profit. If the market is distorted the way it is possible and cheaper to cause unhappiness to the non-customers (or customers reluctant to upgrade to the Newest Greatest Really-bug-free-this-time version) instead, eg. by intentional incompatiBILLities, it's done instead. If happiness would be primary, open standards and simple file formats would be used instead of the current proprietary status quo.

"No, it is the open source partisans who ask for something. They ask for laws forcing government purchases to give favourable treatment to open source."

Don't they, the taxpayers, have the right to say where their money will be spent? If it gets swallowed by a multinational corporation and maybe trickle down as few local jobs, or if it stays in the region, feeding the local people, companies, and universities, then the resulting software getting free of charge to the local industry, lowering their expenses and giving them cost (and perhaps performance) advantage over the corporations relying on commercial software?

"They ask for intellectual property laws to be weakened, in effect taking the right of ownership away from those who create and innovate useful products."

Maybe because they are insanely strong? This is a whole separate area for discussion. Eg, the US patent system is thoroughly broken: USPTO grants patents to virtually anything, prior art their donkey; cost of patent litigation can run well over a million dollars, individual developers and small-and-middle sized organizations are unlikely to be able to afford it, even if they would be likely to win. Threat of a lawsuit doesn't belong between the innovation-stimulating things. But many megabytes of disk space were wasted on this problematics elsewhere, without any apparent effect on the intellectual property partisans.

"We should not so quickly toss out the property-rights model of innovation, especially when the alternative has yet to prove itself."

Look at the server market. Reevaluate the statement.

"The right policy for governments to pursue is to leave the open source movement free to see if it succeeds in delivering innovative, useful products for nothing in return."

"Nothing in return" may have the form of at least the free availability of the plethora of tools and applications. Or it may be the job of an in-house developer, or a job in eg. Suse, or maybe a donations-funded job like the core Freenet developer has. Or the feeling of achievement, identification with a project and/or the developer group. Or a hired-gun developer, contracted for a specific problem. Or a combination of the above. There are many different business models even for open-source projects, but I refrain from commenting on them as that's outside of my area of both experience and interest.

"But, in the meantime, wise policy makers will not seek to undermine the proven property-rights model, which has been of such an immense value to civilisation."

History tends to forget the merchants, but remember the thinkers. What has more value for civilization: making money, or sharing knowledge?

* Previous message: [Politech] Three replies defending Google from the pro-regulatory privacy crowd [priv] * Next message: [Politech] More on California may regulate car rental GPS tracking [priv] * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Politech mailing list