Linked by Thom Holwerda on Sat 10th May 2008 20:27 UTC, submitted by rosebug
Bugs & Viruses 1983. The year of the IBM PC XT, the Apple Lisa, Pioneer 10 leaving the solar system, and Hooters opening up shop in Florida. It's also the birthyear of a 25 year old BSD bug, squashed only a few days ago.
Thread beginning with comment 313770
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: HEH
by evangs on Sun 11th May 2008 07:29 UTC in reply to "RE: HEH"
evangs
Member since:
2005-07-07

I think this illustrates the fallacy of the "many eyeballs" meme that is taken as the gospel truth in open source circles.

Here, we have a bunch of open source developers (samba) who find a flaw in an open source product (BSD) and instead of stepping through the BSD source tree to find the problem, they code a samba hack that works around the problem on BSDs. In fact, it appears they didn't even submit a bug report.

Guess what? This happens all the time in the closed source world. If we come across a bug in someone else's code, we code a temporary hack around the problem and wait for the bug to be resolved. This article suggests that such development culture appears in open source projects too, which is understandable.

I hope that naive open source advocates who keep preaching the "many eyeballs" meme will stop doing so. The majority of developers do not have the desire or the inclination to fix other peoples bugs even if the source is available. Hell, it seems that some don't even file bug reports...

Reply Parent Score: 7

RE[3]: HEH
by stestagg on Sun 11th May 2008 09:52 in reply to "RE[2]: HEH"
stestagg Member since:
2006-06-03

So you're taking one specific incident, and using it to back up generalized statements about the whole Open Source community?

Reply Parent Score: 10

RE[4]: HEH
by evangs on Sun 11th May 2008 18:25 in reply to "RE[3]: HEH"
evangs Member since:
2005-07-07

One specific incident where developers of a popular open source project cba'ed to step through the source code of another popular open source project demonstrates the fallacy of the meme.

On the other hand, the reasoning that "many eyeballs" makes code more secure while intuitive, AFAIK is not substantiated. The reason for this is because application programmers rarely have the skill set necessary to muck about with kernel internals. And vice versa.

However, if this incident causes the meme to be updated to something along the lines of "many eyeballs makes secure code, but with notable exceptions" I'd call that a vast improvement.

Reply Parent Score: 1

RE[3]: HEH
by abraxas on Sun 11th May 2008 14:52 in reply to "RE[2]: HEH"
abraxas Member since:
2005-07-07

I think this illustrates the fallacy of the "many eyeballs" meme that is taken as the gospel truth in open source circles.


The exception confirms the rule. The fact that this is newsworthy and thus uncommon in open source projects proves quite the opposite of what you are saying. Open source isn't a perfect development system but these kinds of unfixed bugs aren't exactly the norm in open development. Closed source software has all kinds of workarounds built into them to address issues with their interaction with other closed source software but we don't hear about it because it is so common that it isn't newsworthy. Workarounds are only necessary in the closed source world because there is no code to look at to confirm the bug and the developer can just deny the bug exists and claim it is the interaction with other software that is flawed.

Reply Parent Score: 4

RE[3]: HEH
by Morin on Mon 12th May 2008 14:04 in reply to "RE[2]: HEH"
Morin Member since:
2005-12-31

> I hope that naive open source advocates who keep preaching the "many
> eyeballs" meme will stop doing so. The majority of developers do not
> have the desire or the inclination to fix other peoples bugs even if the
> source is available. Hell, it seems that some don't even file bug
> reports...

Just to show you another point of view: I have had that situation just a few days ago, where I would rather code around a bug in Eclipse IDE than report details or even fix it. Guess why? The bug had been known for more than three years, and repeatedly been marked as "we won't fix this, and we won't accept fixes" (for backwards compatibility).

No, I do not have the desire nor the inclination to investigate any deeper when I know that the aim of the developers is NOT to fix those bugs.

Reply Parent Score: 2