Free Software isn't about free software , JT Moree, 2006/3/18
Open Source is Futile and Limited because of OpenOffice?, JT Moree, 2005/12/16
Anti-virus and Anti-spyware software are Practically USELESS!, JT Moree, 2005/1/17

JT Moree, 2006/3/18

The problem with Free/Libre/Open Source Software (FLOSS) isn't the source.  Not even rude developers are the problem--in spite of little or bad documentation, they generally have too much to do and no one to help.  The problem is users--specifically, the way most users--who have even heard about Free Software--view the concept.   I often come across people who have this idea that everyone should be able to download software without cost, use it without cost, never contribute to the community or company, and demand 24/7 enterprise level support--again without cost.  It's almost as if they think developers of Free Software are all kids living with Ma and Pa who have nothing to do except tend to every user complaint that comes along just for the sheer joy of it.  If complaints don't get answered immediately then they blather on about 'nothing free can be any good' or 'FLOSS is a failed ideology'.

All of us are users of software--at least everyone reading this article.  I'm not trying to create class warfare between developers and non-developers but some attention needs to be brought upon this Free Lunch attitude.  Free Software is free as in Free Speech--not free as in Free Lunch.  I don't event think adherents the Free Beer (BSD) licenses hold the same Free Lunch view as most users.  After all do BSD proponents desire that people support the BSD projects with purchases, donations, and contributions?  Doesn't it annoy all of us when someone posts meritless complaints about a package because they had a problem with it?  And when they demand that we fix their problem now (for free) while ranting 'This software sucks!'?

Misconceptions of Users

I see this Free Lunch attitude on mailing lists, in articles on the 'Net, and in magazines.  When I have a chance to respond I tell them, "If you come to FLOSS with the attitude that you can get all the software you want and it will never cost you anything then it will fail to meet your expectations."  Sure, quite a number of people can leech for a long time but eventually a project will go away if no one contributes.  That's how the FLOSS paradigm works.  Everyone--whether contributing or not--is forced to find a different project when the current one fails.  It's the almost the same in the commercial world.  A company goes out of business because of lack of customers.  The difference is that when proprietary software goes out of business it is dead--never to return.  A Free Software package discontinued by one company or person might be carried on by others.

Another misconception voiced is that just because source code is available it must be easy to fix bugs.  In reality, this varies from one project to another.  It can be difficult to setup the proper compiler or find the source file you want to look at.  Software is extremely complicated--not so much because of programming but because software builds on top of other software which builds on top of other software and so on.  Personally, I stay away from hacking on other peoples' code because I know how much work is involved in getting into a project.  I'd rather pay to have a feature implemented in a project by someone who is already familiar with it.  The process will be more efficient and the code will be better.  Our company has paid developers of FLOSS projects to implement features and when necessary we have hacked on projects in-house.

Users often complain that bugs are not fixed and features don't get implemented.  This is usually because the developers are very busy with other aspects of the project or other projects--maybe even busy with the rest of life.  I would love to have the time to completely recode some of the applications we support but there is a need to pay the bills that gets in the way.  So fixing things is directly impacted by time available and time available is directly impacted by finances.  Most developers would love to have bugs fixed and features added by others too.  We have said to people, "That is a great idea but we can't implement it.  We will gladly accept patches if you do."  Some people see this as pushing work off onto others as if we are lazy.  In reality, FLOSS is more market driven than proprietary software because if the market isn't willing to pay for a feature or do it themselves, it is unlikely to get done.

Developer Dynamics

After looking at software from the user's point of view let us look at it as the developer.  What attitudes do developers of FLOSS have about software and how might that explain the dynamics of a community? 

First, almost all software is written because someone sees a need.  Developers are the type who meet needs with programs--sometimes small and other times large.  What motivates a developer to work on a program when he isn't getting paid?  'An itch' is how Eric Raymond puts it.  Sometimes I spend just that little extra time on a project or write a script over the weekend just to scratch an itch.  An itch is seeing a need and wanting to do something about it.  I could sell some of these programs but I have received many free programs from others so I often give mine back to the community.  When I start a project it's my baby so I nurture it and develop it with care but as the project grows, time becomes a problem.

There are pressures to get new releases out with fixes and features but new code may introduce new bugs.  Developers often need to be more careful to test projects before releasing them.  I am guilty of not testing code as thoroughly as I should.  It is very wearisome to constantly hack on the same code, stare at it, and then have to run the same program over and over with different test cases.  I'd much rather implement new features than constantly debug old ones.  It's more satisfying to see a new program in action even if it doesn't work completely.  There are practices to help this tedious process but again time becomes an issue.  Do I take the time to learn the new tools and methods or keep working on getting the projects done that I'm already behind on?  Balance is the right solution but it is not easy.  We need to continue learning while at the same time working on current projects.

FLOSS developers often use Open Source licenses because they understand what it is like to be trapped in a situation with no options.  In capitalism the sellers try to keep buyers trapped and charge as much as the market will bear.  Buyers look for sellers who trap them the least at a fair price.  The buyers make the final decisions.  The market trends towards better choices.  Adding FLOSS to the market lowers prices because often the software is redistributable and free.  At the same time the sellers of both free and proprietary software have less income to put back into research and development.  The software will stagnate unless someone is willing to pay for something.  Developers have to eat too.

Be a Responsible User

If we use FLOSS we must ask ourselves, have we ever purchased anything that supports the packages we use or contributed to the project in some way?  You see, I am guilty of this Free Lunch attitude also.  We should all go buy a T-shirt from the Blender Foundation, the Mozilla foundation, or some other FLOSS project.  Even better--buy one from each, make donations, or purchase software and support from those that offer it.  There is a Software Freedom Day in September.  Perhaps on this day everyone should send donations or purchase merchandise from 3 projects.  We must be willing to support our Free Software even if it is free software or it will eventually go away.

JT Moree
2005/12/16

http://technology.guardian.co.uk/weekly/story/0,16376,1660763,00.html

I read the article at this site and once again I see a person coming to Free/Libre/Open Source Software (FLOSS) with expectations and faulty notions.  Upon having been let down by his expectations, this author--like many others--makes broad claims about how 'Open Source' as an ideology is 'limited' and 'futile'.

In spite of the fact that the article makes very true claims about how complex the OpenOffice source code is, the author's real intention is to prove a statement wrong because he's disgruntled.  Like a grad student writing a thesis, he proclaims it at the beginning:

'"Many eyes make bugs shallow", suggesting that if lots of people can view a program's source code, they will find and fix its errors more quickly than commercial products whose code is jealously guarded.  The only problem with this is that it's not true - certainly not in one of the flagship projects of open source, OpenOffice . . . .  But it also vividly demonstrates the limitations of open source as a way of producing software, and its futility as an ideology.'

This article is making broad sweeping claims that don't hold up to scrutiny.  I believe that these claims are based on false assumptions.  Lets look into them. 

The article supports the thesis with this argument:  "The myth of open source rests on two improbable assumptions. The first is that a significant proportion of users can fix bugs.  .  .  . This is important because of the second crucial false assumption: that even if not all users can fix a bug, they can help find them. They can't."

I agree that these two assumptions are wrong but they are not basic assumptions of FLOSS.  The quote from Eric Raymond (I've heard Linus Torvalds use it too) is not talking about users--it is referring to developers.  The whole article is based on faulty premises.  Furthermore, look back at the statement that he is disproving.  The statement itself is a quote plus his own interpretation of that quote.  You might note that the article is 'disproving' its own interpretation and not the quote itself.  To be fair, I've done the same thing--we all misunderstand things from time to time but writing an article blasting all of 'Open Source' because of one project with faulty notions about the whole movement is a bit extreme. 

Another counter argument I would make is that OpenOffice is not a 'flagship Open Source' project as the article claims it is.  It's only my opinion but I would argue that Apache or the Linux kernel are much better examples of flagship projects for the FLOSS movement.  The big difference between OpenOffice and Apache or the Linux kernel is that the latter have always been FLOSS.  OpenOffice was first a proprietary, closed source product. 

The article says, "As far as I know, in the five years it has been available as open source, not one contribution to the program has come from amateurs."  Then it says, "There has been a lot of volunteer effort, but it has gone into support."  So the article claims no one is helping and then says "Oh that help . . .  well that help isn't with source code".  Again I disagree.  The documentation is part of source and from the article it sounds like macros were fixed--which is definitely source code.

The original quote from Eric Raymond does not say that users will fix bugs but that is one of the 'basic tenants of open source' arguments.  In the broadest sense this is true.  Some users will download and fix bugs but a better phrasing would be 'users can download'.  It seems the author has misunderstood the real concept of FLOSS which lies in the word can not will.  The article says that FLOSS ideology is futile because of this misguided assumption.  Contrast this with the 'ideology' of proprietary software where users neither can nor will work with source code because it is not available. 

Even if we allow this dubious interpretation using the word will, the article is still making the faulty assumption that that all FLOSS projects are the same as OpenOffice.  Why doesn't the article compare Apache or the Linux kernel to some proprietary equivalents and make these same arguments about user support, code complexity, and bugs?  That would be a more accurate comparison of the FLOSS ideology. 

From the article "But complex open source projects seem uniquely badly placed to fix them [bugs].  They rely on a very small group of programmers relative to the user base, and who have no direct incentive to work on the bugs that are important to users."  Although I can see some truth in this quote, once again we have a broad sweeping statement.  In most FLOSS projects the developers are also the users.  It makes no sense to say that the developers only work on bugs that don't matter to users when they are the primary users.  Not only are they users but they are contributing by doing more than just reporting bugs--they are fixing them.  The incentive to fix the bugs that are important is that they are running into them.  If other users want long outstanding bugs fixed they will have to provide other incentive.  If we again look at this from the proprietary software angle, if a bug is annoying someone and he really wants it fixed he should start some bug bounties.  Get a few other users to chip in and pay to fix those bugs.  Has the author never seen bugs in proprietary software that were long outstanding?  How is FLOSS so unique in this matter?  I've seen page numbering bugs in the most popular proprietary Word processor that were there for years and may still be there.  Yet, would the author say that proprietary software is a futile ideology because of outstanding bugs?

The article is implying that FLOSS will fail--which only leaves proprietary software.  OpenOffice was a proprietary product with complex messy code--so how is it that commercial software is so much better as an ideology?  Why is it that Open Source will fail?  User support seems to be the answer given.  The article makes allusions to support for proprietary software and seems to claims that the 'Open Source' ideology should support people the same way commercial companies do.  NEWS FLASH  If you want commercial support for OpenOffice, buy StarOffice from SUN Micrososystems.  StarOffice is the commercial equivalent that comes with support.  You would think the author would know that since he has been working with the OpenOffice community on bugs for a period of time.  It seems that the author--like many other people--is assuming that freely downloadable software should come with enterprise level free user support.  That intepretation of 'Open Source' doesn't match up with the reality of it.

The quote from Eric Raymond also does not say, "If you open source your software everyone will fix all of your bugs and provide user support for you."  Yet at the end of the article he takes the position that companies only use FLOSS to get out of supporting users and implies that FLOSS ideology is to blame.  While I'd agree that many people have the same wrong ideas about FLOSS, this position is too broad.  Only some of the most successful FLOSS projects have commercial and non commercial forces behind them.  Debian and Knoppix are two examples of projects with very little ties to commercial entities yet users get support in those forums.  The Linux kernel, Ubuntu, and Apache have commercial backers who fund most of the work.  Those companies paying for the development have much input into the process and are supported by the organization that maintains the project.  The problems the article talks, about including bugs and support, vary just as much in FLOSS projects as it does in proprietary environments.  Are we to believe that the author has had nothing but excellent support from all of the proprietary software he has ever used?  In reality, this support argument is a red herring because he complains about lack of support when the author could get support from Sun for a very reasonable price.  StarOffice is $70 directly from Sun and cheaper from some resellers.

In all of the rattling on about how FLOSS doesn't work as an ideology the article misses the whole point of FLOSS.  That anyone can fix/fork/build a business on/modify a FLOSS package because they have access to source code.   That cannot be done with proprietary software because there is little to no unrestricted access to source code.  I do not see how this fact makes FLOSS a futile ideology.  Furthermore, the arguments given in the article don't actually apply to FLOSS.  The problem here seems to be that FLOSS doesn't live up to the expectations of some misguided people. 

I could go on--like the place where the article says FLOSS doesn't have enough incentive to avoid errors in the first place or the diatribe about signing a legal agreement before gaining commit access to source code--but I won't.  The second to last paragraph in the article states that Windows^® is much better than older version of Windows^® and posits that OpenOffice might someday be as good as Windows^®--I certainly hope not.

2005/1/17
JT Moree

You've been bombarded over the past year with popups and SPAM emails telling you that spyware is on your computer.  But there is hope!  If you just click on that link it will take you to a web site where you can BUY your way to Anti-spyware Heaven.  The problem is that it won't work.  "But the big software companies are telling me to buy their anti-this or anti-that software and it will fix all my problems.  Can't I trust big names like Microsoft^®, Symantec^®, and McAfee^®?".  The short answer is no.  They are selling you practically useless software.  Why?  1) It is impossible for anti-virus/anti-spyware software to detect all viruses/spyware.  2) If you have a virus or spyware you are already doing something wrong and it will happen again and again and again. 

For the purpose of this article 'spyware' includes all forms such as adware, malware, and any others you may or may not have heard of.

So why is it impossible for anti-virus and anti-spyware to detect all problems?  It is because computers are pretty dumb.  Their job is to simply run programs.  Viruses and spyware are programs but the computer doesn't know the difference between them or any other.  Anti-virus and anti-spyware software try to keep a list of 'known' problematic programs.  The 'known' list will never include all viruses or spyware that exist.  It is similar to the 'known' list of animals on the planet.  Scientists are still 'discovering' species of plants and animals because there are so many and they are hard to find.  It is unlikely that they will ever find all of them.  The viruses that do the most damage are the ones that become 'known'.  I could write a very inconspicuous virus that installs spyware and target someone.  It is very likely that no one would ever know.  Criminals are now using tools like these to steal information and credit cards.  Unlike a typical script-kiddie they have no incentive to cause a big epidemic.  They are not doing it to become famous. 

Next, If you have a virus or spyware you are already doing something wrong.  Let's look at specific types of viruses and what you can do to be pro-active instead of re-active.  This is going to be rather technical so you may need to do some research if you don't understanding something.  This is a good thing--you NEED to understand these issues.

Boot sector Virus
How are you doing something wrong?  You are probably downloading programs from the 'Net or trading programs with other people.  You may also have the BIOS set to boot from the floppy drive.
What to do about it?  Always change the BIOS on a PC to boot only from the hard drive.   You can always change it if you need to do some sort of maintenance with a boot disk.  As for trading programs with other people--it's a lot like having sex with all those same people.  You're going to get what they got.  Abstinence is the only sure way to prevent infection.

Macro Virus
How - You are probably trading Microsoft^® Office documents with people.
What - In the short term, try to use an alternative to Microsoft^® Office but that will only help until those programs are exploited as well.  The solution is to NOT trade programmatic files with other people (many office formats support executable code in the form of macros).  Instead, you should request that others send documents in safer formats such as pdf, text, rtf, or html.   (HTML is not always safe.  See next two entries.)

Worm
How - Worms are programs that scan networks for vulnerable services such as web servers.  If you have a worm it is probably because you are not patching/updating your software.  Most software vendors have a means to update the software.  USE IT!  Microsoft^® Windows has an update in the control panel and it may have a little pop up in the task tray that tells you updates are needed.  Apply them!  Most of these services should not be available to the outside world anyway.  You probably have all of your ports (fancy networking term for predefined service numbers) open.
What - Keep software updated.  Also, use a firewall to close off all ports except what is absolutely necessary.  For machines not on a network NO ports should be open to the outside world.  Install a firewall or turn on Windows firewall and set it to deny everything coming in case you connect to a network (by dialup or otherwise).  If you have a network the ports to be open will differ for clients and servers.  A client (anything not serving--yes this is what you have) should NOT have any ports open.  A peer to peer network or a server will have specific needs that I don't have the time to go into here.  Some of the firewalls help you as you setup this type of thing.

Trojan
How - You probably installed software that included a trojan program.
What - Don't install software unless you trust the source of the software.  Clicking on banner ads for software utilities is a sure recipe for getting infected.  Don't install software just because it claims it will make your computer faster!  You don't need most of the stupid utilities that are advertised anyway.  If you really do want to try something, use Google to research it before installing.  Also, programs from a community will generally be safer.  For example, mozilla.org vs some utility made by an advertising company.  Which one is more suspicious?

ActiveX
How - ActiveX exploits are generally a type of trojan.  These programs get installed by visiting web sites with ActiveX plugins.   Either you have an vulnerable web browser which installed the software without asking or you may have even consented to the install.
What - Don't use ActiveX browsers like Internet Explorer unless you absolutely have to.  Personally, I don't use ActiveX except for Windows Update and I complain by email and feedback to web sites which require it. 

Spyware
Spyware is a lot like a Trojan virus.  You generally install it as part of another program.  The program might claim your computer will be cleaned of all spyware or will run better but that is often a lie.  Some people think, "I never connect to the Internet so having spyware on my machine is no big deal."  But the more programs your computer runs the less resources it has to spare.  Performance suffers greatly when viruses and spyware are infecting a computer.

So what's an average Joe to do about these issues?  The first thing you can do is be educated.  Understand the technology that you use or want to use.  Why do we make people take driving tests?  Because it's fun?  or just makes money for the state?  What happens when a person ignores the warning lights in a car because he doesn't know what they mean?  Don't be an irresponsible user.  Get educated.  So let's recap:

• Use Google for research before installing a program
  
• Use safer technologies (Don't use IE)
• Use a firewall on EVERY machine
• Keep software updated
• Only download files from sites you trust

View the archive of older articles.