Is open source software sustainable?

Recently, a genuinely concerned coworker expressed concern that “not paying for software [may] ultimately kill the industry” because it encourages people expect something for nothing.

For those who would like this and other common concerns about open software answered, I recommend reading Open Source-onomics. Here’s a list of concerns it addresses:

  • “Open Source is not economically viable”
  • “Not paying for software will ultimately kill the industry”
  • “Why will programmers continue to contribute code if they can’t make money from it?”
  • “Even Open Source development involves effort, so there has to be payment for that effort”
  • “Are Open Source programmers writing themselves out of their jobs?”
  • “But free isn’t natural. There’s no such thing as a free lunch.”
  • “Is software a commodity?”
  • “Who will invest in software development if it doesn’t yield a return?”
  • “Open Source may have a niche, but proprietary commercial products will continue to rule”
  • “Customers will never trust something that is free”
  • “Open Source may release value, but it doesn’t create value”

For those who would like even more detailed reading, I recommend David Wheeler’s “Why Open Source Software? Look at the numbers!

Utah’s Diebold voting machines

We don’t need computers to enable voting in our republic. Technology can serve us, or we can be slaves to technology. In the case of electronic voting, the technology does not serve us sufficiently well to compensate for the risk and expense that it introduces. We are better off manually counting votes, with witnesses to verify.

Nearly three years ago, I voiced concern about the security of up-and-coming electronic voting systems in my home state, Utah. My colleagues and I wrote a letter to the editor of my local newspaper, and I spoke with the Utah County Commissioner. At the time, the commissioner told me that they wouldn’t buy Diebold machines, due to security concerns they’d heard about from other states.

Apparently, security concerns aren’t of concern — “All 29 counties [in the state of Utah] signed a contract saying they would use the Diebold machines,” said Michael Cragun, director of the State Elections Office. Officials “are aware of the problems, but Diebold is addressing it.” Excuse my skepticism, but I’ve heard that one before. Diebold will not address the problems until their feet are held to the fire. The only way we will get secure electronic voting is to 1. require full vendor responsibility for flaws, 2. have the systems openly peer reviewed for security flaws or bugs by experts, and 3. electronic election results must be audited. However, we don’t need electronic voting. The current, manual procedures aren’t broken.

Deseret News Article: http://deseretnews.com/dn/view2/1,4382,635194578,00.html

Questions we should be asking of e-voting vendors: http://avirubin.com/vote/questions.html

Refactoring C++ with Ref++

IntelliJ IDEA has world-class refactoring support for Java. I’ve never seen a good tool for refactoring C++ code, until now: Ref++ for Visual Studio 2003 and 2005. Admittedly, it isn’t nearly as good as the refactoring tools available for Java code, but it’s a start, and Ref++ saves time.

Fedora Core 5

I’ve been using RedHat/Fedora distributions of Linux since 1995. I typically keep my home machines running a fairly recent release. I find that it’s easier to upgrade if I don’t procrastinate through too many releases.

On the other hand, I’ve found that upgrading too soon can be risky. I depend on third party repositories for some of the software that I use (e.g. an ntfs driver). It takes between two to four weeks before the software repositories start offering their packages for a new distribution.

If I wait at least a few weeks to upgrade, after the release of the new distribution, and I run into problems, I can usually google to find a solution to the problem. If I’m on the bleeding edge, I don’t get that benefit. Instead, I’m the one posting problems and solutions that other people google.

On Monday, I downloaded the recently released Fedora Core 5 DVD via bittorrent, and decided to upgrade my less-critical Fedora Core 3 machine.

Backup. Even though I’m generally careful, I find that it’s easier to recover from a mistake if I have a complete backup. For this, I used Norton Ghost.

First try: I was impressed by the shiny new graphics in the installer. After several screens of questions and after it analyzed my system to figure out what packages to upgrade, it informed me that I didn’t have enough disk space (I only had 2 Gig of free space). The install aborted and I had to reboot my machine.

Yum cache: I use yum to upgrade my machines, and I happen to know that by default, it leaves a cache of the packages in the /var/cache/yum directory. I deleted the directory, which freed up 2 Gig of space. Shouldn’t the installer do that for me?

Second try: The installer ran without a hitch. It upgraded my system, even though it took a while.

First boot: The boot process hung when it tried to initialize OpenCT smart card terminals, whatever those are. I don’t think I have any. Back in the days when Iinstalled FC3, I had to add “acpi=off” and “pci=noacpi” to the boot loader before FC3 would work on my system. The FC5 upgrade had left those options in place. I deleted the options, and rebooted. This time, the boot process didn’t hang. Wierd. There may not have been a correlation.

First login: The GNOME desktop loaded much more quickly than with FC3. However, several error dialogs appeared. Various resources couldn’t be located, including icons for desktop launchers that I had customized. As I already mentioned, the third party repositories that I use with yum didn’t have FC5 packages available.

Upgrade versus Fresh Install: I find that upgrades are less than ideal, especially when I want to experience the new features of a distribution. Upgrades tend to leave out new features and new packages. Since RedHat has been changing SELinux policices at a rapid rate, an upgrade isn’t likely to leave SELinux in a workable state. A fresh install is better. For a home, desktop system that isn’t a server, it’s probably best to disable SELinux. It will be interesting to see how SELinux fares compared to the now open-source AppArmor that is included with SUSE. AppArmor appears to be easer to use and configure, but SELinux has fewer gaps in security coverage. I tend to think that ease-of-use will win out. In any case, I do use SELinux to protect one of my web servers.

Audio journals, foreign language and MMS streams

For my last birthday, my wife bought me an iAudio 5 digital mp3 player. It also plays ogg vorbis and WMA files. It has an FM radio, and will record from a built-in microphone. I’ve placed a few albums from my personal collection on it, but I don’t listen to them much. I’ve found that I use it to record audio journals, since I’m too busy to write much of one at home anymore. I learned Dutch when I served an LDS mission in the Netherlands 12 years ago. I like to keep my language skills somewhat fresh, so I subscribe to the Liahona in Dutch, a magazine from the LDS church. Reading Dutch and listening to audible Dutch aren’t the same thing.

Twice a year, the LDS church broadcasts “General Conference” to its members througout the world. The broadcast is translated into several languages, including Dutch. I went to the website where the audio recordings are kept, and downloaded them (using SDP from http://get.to/sdp), and placed the resulting WMA files on my iAudio 5, and listen to native Dutch speakers translation of the conference.

Sidenote: It’s not easy to download the WMA audio recordings from the lds.org website because they’re made available using Microsoft Media Server (MMS) protocol. This means that people usually have to be in front of their computer to listen to the music as it is streamed from the server. Fortunately, some programmers have figured out how the MMS protocol works, and they’ve written clients to download the stream into a WMA file, place it on a portable player, and enjoy the program. SDP is a free client that can download the MMS streams. It’s available from http://get.to/sdp.

Update: Read The Grumpy Editor’s guide to audio stream grabbers. The article covers streamripper, mplayer, wget, ogg123 and arecord.

Subversion and file properties

It’s nice to have proper line-endings on various operating systems when files are retrieved from a Subversion repository. It doesn’t happen automatically unless users configure their client-side settings. You can download a sample config file that shows how I do it. When properties need to be set on files already submitted, it’s nice to have an automated way to do it. I wrote a script, svn-propset.sh, to set the properties. Maybe someone else has done this too.

Run time linker and library symbols

Did you know that almost all programs are incomplete until you start them? When programmers compile a program, it is only partially complete. When you start a program, the operating system looks at the program and runs another program to make it complete — called a run time linker. In the case of modern Linux, it’s usually /lib/ld-linux.so.2. Read the manpage on ‘ld.so‘ for more information.

  • You can find out what libraries your program uses with ldd /path/to/program. You can also run it as follows (assuming you’re using bash/ksh/zsh): LD_DEBUG=files program
  • Find out what symbols a program uses and from which shared libraries: LD_DEBUG=bindings program
  • Have you ever wanted to find out what shared library contains the code or definition for a function or symbol? David Wheeler shows how you can find it: nm -o /lib/* /usr/lib/*/* | grep symbol_name Then look for the capital “T”. Read the Program Library HOWTO by David Wheeler.