Skip to main content

[Rant] Stop Discrediting Open Source Software

I have been hearing people discrediting open source software many times over the last few months. And I just don't like the way they are putting it, especially people who are selling products.

When comparing their products with open source software, they need to stop using the excuse "it's insecure because it's open source", or "it's not as good a product because it's open source", or "because there is no support it is not a good choice", also "because anyone can submit code to be included in the software there might be malicious code".

These are some of the weakest arguments I have ever heard -- they could have compared features, how their product is better, how having a support for the software can help them, and more. These arguments are much better and hold much more water. But they choose to discredit open source software so that the clients will buy their products.

Firstly, open source projects *can* be more secure, as anyone who has discovered a bug or vulnerability has the ability to report it. Other users will help to confirm that report and then subsequently escalate it if necessary. At this stage, anyone (and I mean ANYONE) can submit patches for the bug or vulnerability and have it included in future releases, killing the bug or vulnerability once and for all.

Also from the previous point is that since anyone can submit code, people actually submit features that they want to see included in future versions of the software. Some of these get implemented into the future releases and the whole community that uses the software benefits from it.

There might be limited support for a particular software, but here are where I feel open source software excels -- user guides, and forums. There are wikis and user guides all over the internet on how to setup and use a particular piece of software. If in any doubt, search in the forums for an answer, or if the question has not been asked, you can always ask a new question, and the community will come to your aid.

If you say "If the above statements are true then why do we not hear about/use open source software more often?". Well, open source software is all around you whether you like it or not. Let me list down a few:-
  • Apache and Nginx dominate (80%~) the web server market. They are both open source software. They literally power the internet.
  • The Android kernel that you are probably using right now is open source. It runs on 50+% of all smartphones.
  • Mozilla Firefox, the next biggest browser (11.3%) after Google Chrome (53%) and Internet Explorer (11.4%), is open source.
  • The top 500 supercomputers in the world right now ALL runs on Linux, an open source operating system.
  • Python, one of the, if not the fastest, growing programming language, is open source.
  • macOS, at the lowest level, is open source (XNU kernel and Darwin).
  • ChromeOS, a growing desktop OS, is based on the Linux Kernel which, as mentioned, is open source.
  • OBS, a popular video streaming software, is open source.
  • Bitcoin (THAT Bitcoin) is open source.
  • PHP, a programming language designed for web server side processes, and is running the very website that you are reading this post on, is open source.
My point is - stop discrediting open source software per se.

Just because the source code is made available for everyone to see does not make it any less secure. The transparency of the source code actually can make the software more secure, as no one, including the owners of the software, will be able to get away with uploading malicious code, backdoors, or any services that can send/sell data to a third party.

This is however, not true when it comes to closed source software, and you will have to take the company's word at face value. Only in recent years we realised what some of these companies have been doing with our data, which we all have let them have their way as these permissions are hidden somewhere in the long chunk of text that we'll all never read known as the End User License Agreement (EULA).

Just because the someone can submit edits to source code does not make the software any inferior or less secure. In fact, it was because people can submit code and updates can be pushed quickly, the DirtyCOW vulnerability was able to be patched within hours of reporting by Canonical (the company that takes care of Ubuntu) in their Ubuntu Server OS.

Compare this to the major update schedules of Windows, which are pushed only on Patch Tuesdays (i.e. every second and sometimes fourth Tuesdays of the month). This means that it is possible that a Zero-day can only be fixed every two weeks, instead of "almost immediately" when it comes to open source software.

Just because you cannot charge money for people buying the software does not mean that the software does not fulfil it's intended purposes. Canonical provides Ubuntu Server (Linux) for free, but only charges for support. And yet Ubuntu is one of the dominant server operating systems.

What would it be without open source?

The internet will not be what it is today without Apache and Nginx, and it will be hindered by slow growth and adoption because everyone wants to push their own proprietary software and standards.

Data science will not be as developed a field as today without Python, Ruby, and R (ALL are open source programming languages), and again will be hindered by slow growth.

The smartphone market will be a confusing one with many very different mobile operating systems, different application support, and application development will become an expensive field as you will need to develop apps for far more platforms than just for Android and iOS.

Supercomputers will not be as developed as it is today as, let's all face it, Windows is not the most efficient OS, and let's not forget the cost that you will need to pay Microsoft for the Windows license, calculated based on how many cores the server has, which will be murderous a price to pay for a supercomputer with thousands of cores.

Google will have a monopoly over the web browser market and they will have the power to force everyone to play nicely with them, which, mind you, was something Microsoft had done in the past to force alternative operating systems and software out of the market that ultimately led to its dominance today.

Am I saying we should ALL move to open source? No. In all honesty I do not think the market is ready for it yet. Some of the software is brutally difficult to set up without proper knowledge and cryptic error messages don't help their case at all.

Since most open source software runs on Linux (let's face it as well), it will be a huge learning curve for system administrators to transition to command line commands instead of GUIs and clicking. This applies to running software on the MinGW Stack on Windows as well.
Labels:

Comments

Post a Comment

Popular posts from this blog

[Guide] Installing Microsoft Office 2016 on Ubuntu Using WINE

WINE is a compatibility layer that lets Linux users install and run Windows applications. It is not a virtual machine or an emulator. In simple words the compatibility layer translates Windows calls to Linux calls and thus something that can be understood by the underlying Linux system. For GUI folks (like me), PlayOnLinux is a graphical frontend to manage WINE applications. It also helps to automate some processes during the execution of the EXE files through the use of POL Scripts. All along POL  has a script that installs Microsoft Office 2010 to a point where it runs quite smoothly and mostly bug-free. However, future versions of Office have failed to be installed or run properly. As I was playing around with a copy of Microsoft Office 2016, I was able to get Microsoft Office 2016 running "well enough TM " such that it can be used on a day-to-day basis. Here I will outline the steps I have done to accomplish My laptop is running Kubuntu 18.04.3 LTS and has POL 4.2
Post a Comment
Read more

[Project] Pi-based Laptop (Part 2 - The SBC)

In Part 1 of the Pi-based Laptop, I have mentioned that I needed to look for an SBC that is more powerful than the Raspberry Pi 3B+ to power the laptop. Do refer back to that particular post to check out what I am looking for. Since there are so many SBCs in the market now, I have decided to be very strict in my elimination process. As long as the SBC does not hit one of the core criterias that will affect performance, it will be dropped. I will, however, make some leeway for criterias that should not affect the performance too much such as the WiFi not supporting 802.11ac. After searching around (admittedly it got boring very quickly), I have narrowed down my search a little by including major boards that run on the RockChip RK3399 (hexa-core, 4-cores @ 1.5GHz, 2- cores @ 2.0GHz). I have also included boards that seem powerful enough on paper. The budget I'm looking at? SG$180 for the SBC and its components (~US$140). So here are the final contenders: Rock64 RockPro64
Post a Comment
Read more

[Post] Logitech K375s Multi-device Keyboard

Image from logitech.com If you are like me and have a tendency to work across multiple computers, then you will appreciate the functionalities that the Logitech K375s can provide you. The keyboard comes with a Logitech Unifying receiver, which can pair up to 6 devices per dongle, and is pretty much plug-and-play on any PCs. It also comes with a handy smartphone stand, which has also served me pretty well. The magic in this keyboard is the ability to pair with up to 3 different devices, either through Bluetooth or Unifying. "But Tim, there are those other Logitech keyboards that also support multiple devices and are cheaper" I hear. Well, I personally prefer full-sized keyboards, as well as the better-feeling keys. When I was looking for a new keyboard, some of the options I looked at were the K480 and K780. While they offer similar functionalities, I turned down the K480 because it is not a full-sized keyboard; while I turned down the K780 due to the short key press
Post a Comment
Read more