[Info-vax] C99 stuff (Re: The Road to V9.0)

Sun Jun 9 11:54:06 EDT 2019

On Sunday, June 9, 2019 at 9:06:44 AM UTC-4, Arne Vajhøj wrote:
> On 6/9/2019 8:57 AM, Arne Vajhøj wrote:
> > On 6/9/2019 8:44 AM, Scott Dorsey wrote:
> >> =?UTF-8?Q?Arne_Vajh=c3=b8j?=  <arne at vajhoej.dk> wrote:
> >>> closed source works like:
> >>>
> >>> vendor produce product X
> >>>    customer A use X as is
> >>
> >> Customer A adds feature to X, gives it to vendor, vendor incorporates it.
> >> Or customer asks vendor for feature and vendor incorporates it.
> >>
> >>> open source works like:
> >>>
> >>> vendor produce product X
> >>>    customer A use X as is
> >>>    customer B hack X to become Y
> >>>
> >>> A does not care about what B does.
> >>
> >> Unfortunately it doesn't always work that way, because if customer B's 
> >> hack
> >> gets accepted by a majority of the community it becomes canon.  And 
> >> now if
> >> you want support from other users, you have to be running the version Y
> >> with that hack because that's what everyone else is running.
> > 
> > That could happen.
> > 
> > But that does not meet the criteria that I commented on:
> > 
> > "you'll be the sole tester of the code, instead of code that is checked 
> > and tested by many."
> > 
> > Going from closed source to this particular open source case mean that
> > that instead of getting updates tested by vendor then you get updates
> > tested by B, vendor and all the other customers that tested it before
> > the vendor took it.
> > 
> > That sounds like a a factor 2-100 increase in testing of the stuff you
> > receive. Pretty good IMHO.
> > 
> >> This can be a good thing because it promotes rapid advancement but it can
> >> also promote rapid change for no reason.  It's a good thing in a field 
> >> that
> >> is rapidly evolving, it is a terrible thing for a commercial OS.
> > 
> > I don't see that.
> > 
> >>> Besides that then very few open source customers actually hack the
> >>> code.
> >>>
> >>> My guess is that it is less than 1 per 10000 Redhat customers that do 
> >>> so.
> >>
> >> It only takes one.
> > 
> > If you don't take their change then it does not impact you.
> > 
> > If the change get back to vendor then it is tested by author customer +
> > vendor + N other vendors instead of just vendor.
> 
> It is also worth noting that commercial OS implies that
> some part of the OS is not open source - it does not imply
> that there is no open source in the OS.
> 
> I would expect any general purpose commercial OS
> to include huge amounts of open source today.
> 
> If VSI started counting then I think they will find quite
> a bit for VMS as well.
> 
> Obviously all the application support stuff: Apache,
> XML libs, Java etc..
> 
> LLVM for compilers.
> 
> I strongly suspect that the new password hashing will
> be based on open source code not a clean room implementation
> of the algorithm.
> 
> Etc..
> 
> And whatever changes these projects get from customers
> will end up in VMS whenever VSI feels confident to take a
> new version.
> 
> Even though VMS is closed source.
> 
> But I don't see that as a problem. This stuff will be pretty
> well tested.
> 
> Some customer tested it. Some other customers tested it. Official
> project tested it. And VSI tested it.
> 
> Arne

Arne,

Not always the case, even for a popular and pervasive product. See the history of OpenSSL. Major players used the code as a core technology, but everyone took the path of presuming that everyone else was checking the code. 

In Economics 100 (Introductory Economics here in the US). the problem is referred to as "Tragedy of the Commons". Something which belongs to everyone, has no responsible party, hence gets abused.

Open source can be good, if large numbers of (competent) people are looking at the code. If people (and organizations) give in to free loading, problems ensue.
Note that there are also problems when Open source projects are shadow funded by major players.

Closed source systems can be extended, if the needed documentation and information is available. While some interfaces could be better documented, OpenVMS has been good at documenting interfaces. (to pre-empt, I said "good" not "perfect").

- Bob Gezelter, http://www.rlgsc.com