OStatic

by an anonymous user on Dec. 12, 2009

Start the fun at www.kubuntu.org . Why not run a no obligation, dual "boot", by adding Kubuntu after Windows; when you have plenty of unused hard drive space? This way, you have both. Without needing double system resources and running each, in the native rendition. Only by booting back and forth and trying it all; other a long period of time (like year) can you really see the true pros and cons. Meanwhile, you have the best of both worlds. Are you sick of security chores or getting hacked? Are you sick of tiers software payment schemes? Are you sick of a non-comprehensive, online upgrade methods; not handling security and every, single program on your system? It's like getting free improvements; everyday.

by Dann on Dec. 13, 2009

You forgot to mention that FOSS = FREE and Open Source Software, which is not equal to just plain Open Source.

The speed of bugfixes is definitely in the field of Open Source's favour though.

by Wayfinder on Dec. 13, 2009

I really don't understand or agree with Bruce Schneier's comment regarding security and open source. It seems a concept that is totally contradictor. Open-sourcing security routines is granting hackers direct access to breaking those routines. Without further explanation as to why he makes his statements, I would have to consider Mr. Schneier's comment either very poor satire, or conclude that this is the last person on earth I would hire to secure my company's information.

There are some situations in which open-sourcing is beneficial. But like pretty much all aspects of life, to think that open source works for everything is delusional and un-factual.

During my career I designed software that was specifically written to handle delicate, personal information and was strongly encoded against piracy, to prevent unauthorized access to that information. I can assure anyone who has any question, that had this software been open source and unsecured, pirates would have put our company out of business the first month.

I have seen strong debates about Open Sourcing ever since the concept began. I have never seen anyone convincingly present strategic and valid evidence that Open Source software can be used in all commercial environments. I have however, seen companies put out of business due to software piracy, and databases hacked because NOT ENOUGH security was applied to the system.

I am heavily against DMA stunts that prevent legitimate use by authorized customers. I do agree that it is nice for customers to be able to adapt software to their specific needs. That however, cannot always be done and in my experience, there are far less customers wishing to "adapt" software than there are those who simply wish free software via the piracy route.

When someone can show us how to grant Open Sourcing while still retaining trade secrets and proprietary rights... I'll start listening. Until then, I have to recommend those demanding open source across the board to wake up to the reality of the business world. We do not live in a Utopia where every individual conducts himself according to a strict code of honor or ethics. As long as there are thieves, pirates and hackers, I will not be convinced that open source is sufficient to all needs of the business world. It's nice when it works, but I do not view the world through open-source rose-colored glasses. It simply will not work in the majority of business security operations.

Real security can only exist where the software that provides that security is closed to prying eyes.

by an anonymous user on Dec. 13, 2009

Bruce Schneier is one of the world's leading experts on security and encryption software. Do a bit of research, and then tell me with a straight face that he isn't recognized as such by his peers.

As for "further explanation," I suggest that you look into the matter yourself before making an ass out of yourself in a public forum. There are powerful, well-elucidated arguments for open code in security and encryption applications.

by apexwm on Dec. 14, 2009

The fact that open source software is updated more frequently and swiftly is a fact, and has been this way for many years. Personally, I ONLY use open source software (GNU/Linux) for my own personal business as well as home use. I couldn't be happier. First, I save thousands of dollars. Second, I don't have to constantly update and reboot my PC. Windows updates are to fix large security problems, while Linux updates are not nearly as severe. I have been able to find open source software to replace the apps that I used to use in Windows. The problem we face today, is that Linux is not released to the public eye. It is behind the scenes, only IT folk know about it primarily. Thankfully the FSF (Free Software Foundation) is devising ways to get the word out. Let's support open source software, it is the way of the future.

http://members.apex-internet.com/sa/windowslinux

by an anonymous user on Dec. 14, 2009

Sorry but Wayfinder is a clown, saying

"I can assure anyone who "

which is saying take my word for it as a total stranger whilst dismissing a high profile figure who can be verified as such for doing the same. You can't say he has no evidence then prattle on saying take my word for it.

Surely the whole world being able to see the security routines results in yes more baddies looking but hopefully they are outnumbered by more goodies looking. So yes statistically once in a while the baddies will see something to exploit before a goodie but that will be rarer. Where as if you keep it closed you reduce the size of your army, you have the proprietary developers versus the baddies and it probably comes down then to the secret goodies (actually corporate self interested money makers rather than goodies, who don't even have the same motivation to do a good job as the open goodies who are doing it in the majority interest) versus an equal or greater number of baddies. Plus because the commercial success of the company will dip if they admit a vulnerablilty the baddies have and extra advantage in terms of victims who don't know they are exposed and a larger window to exploit it because those people can do nothing about it until they discover they are a victim or eventually the provider passes them a patch, a patch they probably only get if they keep paying subscriptions or buying updates?

All in all it makes the commercial security company seem very much to be avoided.

by an anonymous user on Dec. 14, 2009

It's strange that Veracode would find F/OSS about as buggy as commercial software. Coverity's bug scans found that the Linux kernel and other "Rung 1" OSS apps had at least an order of magnitude fewer bugs per 1000 lines of code than commercial software.

http://scan.coverity.com/report/Coverity_White_Paper-Scan_Open_Source_Re...

Perhaps Veracode is just going by bug reports, and not sufficiently discounting the fact that all F/OSS bugs are public, whereas commercial vendors try to keep their "dirty laundry" out of sight.