User:Crulshorukh/FSOSS 08

Introduction

Seneca College holds an annual symposium for open source software known as the Free Software and Open Source Symposium. Various speakers from varied open source communities come together to talk about their passions and concerns relating to open source. This essay will delve into some of the issues related to open source software.

Software Security

One of the more interesting presentations at FSOSS 2008 was by Jonathan Nightingale, titled “The Most Important Thing – How Mozilla Does Software Security, and What you can Steal”. This was one of the top three presentations at this year’s symposium. Jonathan was confident and knowledgeable on what he was talking about. He talked about how Mozilla handles its security and various security threats that they have to deal with on a daily basis i.e. SQL injection attacks, cross site scripting, phishing etc. Throughout the presentation the main point Jonathan tried to convey to the audience was that security is a modern day headache that is here to stay and the only way to deal with it is to be prepared. How does one prepare? The answer he gave was very simple, write more tests. Only someone too lazy and unwilling to do the required work would disagree with this statement and yet this is a major issue with today’s software, not enough tests. Without tests, one can’t say where the problems are and thus is vulnerable to attacks. Mozilla has various rigorous testing frameworks that they apply. No piece of code can be committed without have tests for it. This is a good strategy to employ. The more lines of code one rights the more chances one has of increasing the bugs and vulnerabilities.

Another important point the presenter made was that it is essential that one learns from his/her mistakes. Not doing so is equal to leaving the door open to a hacker’s malicious intents. Yet, it is a major problem in any walk of life, not just software security. People just do not take history seriously, they fail to learn from their (or others) mistakes and thus shoot themselves in the foot when it comes to protecting their software assets.

Open Source Communities

One of the best, if not the best, presentation was given by Greg Dekoenigsberg, titled Community Building and the Architecture of Participation. The presentation was captivating and expressive. He really got the attention of the audience even though it was the last presentation of the day. The talk was about open source communities, how to build and nurture them. One of the most essentials points he made was through a question. Was free and open source software better? Such a question allows one to do some soul searching (in this case the open source community). The open source community at large, generally assumes that open source software is better because it is free and open. Such a question should be analyzed in more detail because consumers in general don’t seem to think so. Consumers go for proprietary software which they empty their pockets for and yet the supposedly better open source software is left behind. Why is that? To find the answer to this question one must go back to Greg’s question. What does he mean by “better”? Better in price? Better in quality? Better in service? In many of these categories free and open source software can be a disappointment. Obviously there are exceptions to this rule but in general open source software doesn’t reach the standard that consumers expect, otherwise they would be using the software in droves. The next question one must ask is what steps one can take to improve free and open source software but unfortunately the talk didn’t delve into that issue. That is for another time and another talk.

Another interesting point that came in during the talk was how projects can acquire new contributors. The main point the presenter made on this issue was to “allow people to start from the “edges” and work towards the “core”. What does this mean? It means that projects have to create an environment where it is easy for beginners and novices to help in the project. The starting tasks have to be easy so that rookies can get involved without feeling that they are in over their heads. This can be accomplished by handing out such essential but relatively easy tasks such as QA or documentation writing. The presenter pointed out that many communities fail to do this. A project fails to get a desired community size because the barrier to entry is too high. The project then eventually fails since new recruits realize that they can’t work in such an environment and thus eventually lose interest in the project. The question then arises what projects can do to make things easier. The initial answers are easy; provide clear and concise documentation (many open source projects fail to do this) and helpful community members. It doesn’t help a project’s community size if new members are shunned away with name calling i.e. “noob” or rude community members. Open source has a social aspect to it even though it is via the internet but social standards must still be met. It is important to convey that new users are desired and that they will be treated with respect and consideration. Attracting fresh recruits is a constant challenge, even for well established open source communities, and thus it is important to handle it correctly to secure the future of the project.

Comparing the Two Presentations

The above presentations by Johanthan and Greg, respectively were very different in content. One was all about the technical aspect on one open source project (Mozilla), the other was about open source communities in general. In the light of the points they made it can be concluded that open source has many challenges ahead on both the technical and social side of the game. Open source is a two headed beast. One head is the technical while the other is social and both must be appeased for the beast to be happy and healthy. A project can be extremely important and needed and technically worthy but if there aren’t enough contributors the project will fail. On the other hand a project can have many contributors but if there isn’t much to do technically the project won’t go anywhere. There must be a harmony between the two. Open source projects are different in that sense in comparison to proprietary software. It is easy to build a community for proprietary software, one just pays all the community members. This is not a viable option for most open source projects (although that is changing rapidly). Most successful open source projects have a hierarchy structure. No piece of code is passed into the main line until the big guys (people in charge) give the go ahead. This is also a balance between the community and technical side. If one gives too must power to every community member that comes along the project is destined to be a failure but if one gives too little power to the community then members will slowly be lost. Again there must a balance like with everything else in life and software development.

Personal Views

Open source is good for software. It is the opposite side of the coin. There must always be balance and together open source and proprietary software can provide that balance. There will always be proprietary software and there will always be open source software. This is a good thing for both developers and customers. The whole premise being that it gives one a choice. Currently, however things are not on equal. Proprietary software has a head start and holds most of the power. Open source software is behind for many reasons. It is essential to examine these reasons and deduce why they are there. Why is proprietary more popular with customers and even with developers? Do they provide better quality? Do they pay more? One thing is for sure, open source software needs to evolve and change. Saying “this is how it works, deal with it” is not going to take care of the problem. It won’t help open source software grow. The talks at FSOSS 2008 has confirmed that open source software has a bright future as there are many bright and talented people working on various amazing open source projects. But it also confirms that there are many problems. It would be a good idea to set up a forum (if one doesn’t already exist) to discuss these issues and look for solutions. FSOSS already does this, in a way but only annually. Setting up a forum that will allow people to discuss and analyze the current state of open source software is only a good thing. It will help deduce the problems and hopefully lead to solutions. FSOSS 2008 was a great success. It allowed various open source communities to come together and share ideas with each other. FSOSS itself embodies the message of open source software, collaboration.