Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Impact of Free/Open Source Software on Software Engineering Robert B.K. Dewar New York University Ada Core Technologies SIGAda December 9th, 2002.

Similar presentations


Presentation on theme: "The Impact of Free/Open Source Software on Software Engineering Robert B.K. Dewar New York University Ada Core Technologies SIGAda December 9th, 2002."— Presentation transcript:

1 The Impact of Free/Open Source Software on Software Engineering Robert B.K. Dewar New York University Ada Core Technologies SIGAda December 9th, 2002

2 A Disclaimer Robert Dewar is President and CEO of Ada Core Technologies Robert Dewar is President and CEO of Ada Core Technologies A company committed to Free Software A company committed to Free Software Why? Because it is advantageous for our customers. Why? Because it is advantageous for our customers. We choose to use Free Software Licenses because we think there are many advantages from a pragmatic point of view. We choose to use Free Software Licenses because we think there are many advantages from a pragmatic point of view.

3 Free Software and Open Source These terms refer to specific methods of licensing and distributing software. Thats all they mean from a precise technical point of view. These terms refer to specific methods of licensing and distributing software. Thats all they mean from a precise technical point of view. But they also are associated at least in peoples minds, and in some cases in real projects, with development methodologies. But they also are associated at least in peoples minds, and in some cases in real projects, with development methodologies.

4 What is Free Software? Typically, Free Software is copyrighted software that is distributed with a license for limited use. Typically, Free Software is copyrighted software that is distributed with a license for limited use. The only difference compared to Proprietary Software is that the license is far more permissive than a typical proprietary license. The only difference compared to Proprietary Software is that the license is far more permissive than a typical proprietary license.

5 More on Free Software Typical licensing requirements for FS Typical licensing requirements for FS Receiver of software has full useful sources Receiver of software has full useful sources User can make any modifications required User can make any modifications required In other words can make derived works In other words can make derived works User owns any modifications they make User owns any modifications they make Software can be used without license keys etc Software can be used without license keys etc Software can be further distributed Software can be further distributed But distribution is never required But distribution is never required

6 More on Free Software Any software distributed in a manner that meets these requirements is considered to be Free Software (adjudicated by FSF) Any software distributed in a manner that meets these requirements is considered to be Free Software (adjudicated by FSF) Public Domain Public Domain BSD license BSD license Other similar licenses Other similar licenses The GPL (Free Software /= GPL, its just one of the possible approaches) The GPL (Free Software /= GPL, its just one of the possible approaches)

7 The GPL in Particular The GPL (in the news recently because of the Microsoft attacks) is a particular Free Software License. The GPL (in the news recently because of the Microsoft attacks) is a particular Free Software License. Meets all the requirements for FS Meets all the requirements for FS But restricts what you can do with the software in such a way that if the software is further distributed it remains free But restricts what you can do with the software in such a way that if the software is further distributed it remains free More on the Microsoft attack later More on the Microsoft attack later

8 What is a Deriviative Work? The issue here is the creation of a deriviative work The issue here is the creation of a deriviative work This is when you take and modify a copyrighted work, e.g. painting a moustache on the Mona Lisa. This is when you take and modify a copyrighted work, e.g. painting a moustache on the Mona Lisa. Copyright gives author complete control over the creation of deriviatives. You cannot do it unless you have permission. Copyright gives author complete control over the creation of deriviatives. You cannot do it unless you have permission.

9 Fair Use You can do some things that would normally violate copyright You can do some things that would normally violate copyright For your own use For your own use On a small scale On a small scale Rules are case law not statutory Rules are case law not statutory Licenses can prohibit things that might otherwise be fair use Licenses can prohibit things that might otherwise be fair use DMCA allows restriction of fair use DMCA allows restriction of fair use

10 More on Deriviative Works Virtually all proprietary software, e.g. everything from Microsoft Virtually all proprietary software, e.g. everything from Microsoft Is protected by copyright, limiting the creation of deriviative works Is protected by copyright, limiting the creation of deriviative works Comes with a license that further restricts the creation of deriviative works, and eliminating possible fair use exceptions Comes with a license that further restricts the creation of deriviative works, and eliminating possible fair use exceptions

11 Back to the GPL A key point of Free Software is that not only can you create deriviative works but you can further distribute them A key point of Free Software is that not only can you create deriviative works but you can further distribute them But the GPL and other similar licenses allow the creation and redistribution of deriviative works But the GPL and other similar licenses allow the creation and redistribution of deriviative works But if you redistribute, the GPL requires that the jointly owned work be GPLed But if you redistribute, the GPL requires that the jointly owned work be GPLed The GPL never forces you to redistribute The GPL never forces you to redistribute

12 What about the Run-Time When using a compiler, the run-time is typically protected by copyright. When using a compiler, the run-time is typically protected by copyright. Cannot redistribute with a license Cannot redistribute with a license A proprietary license might charge you A proprietary license might charge you The GPL would require you to GPL your code The GPL would require you to GPL your code Both possibilities are alarming Both possibilities are alarming So this is a real point of concern So this is a real point of concern

13 More on the Run-Time When using any software, it is vital to check the license agreement carefully! When using any software, it is vital to check the license agreement carefully! If you need to be able to distribute your program that you have compiled, check that the license is suitable. If you need to be able to distribute your program that you have compiled, check that the license is suitable. In the case of GNAT, the GNAT modified GPL (GMGPL) allows free distribution without having to GPL your code. In the case of GNAT, the GNAT modified GPL (GMGPL) allows free distribution without having to GPL your code.

14 How is Open Source Different Open Source is a newer concept Open Source is a newer concept Uses similar licenses Uses similar licenses But often not quite as free But often not quite as free Modifications may not belong to author Modifications may not belong to author Distribution of modifications may be required Distribution of modifications may be required Reminder: whether using Free, Open, Proprietary software: Reminder: whether using Free, Open, Proprietary software: CHECK THE LICENSE! CHECK THE LICENSE!

15 A Note on Checking the License The way copyright law works is that YOU are responsible for checking copyrights. The way copyright law works is that YOU are responsible for checking copyrights. Notices in source files or displayed by programs mean nothing legally Notices in source files or displayed by programs mean nothing legally If someone posts Microsoft sources with GPL notices attached, and you download, you are not protected, you are violating copyright. If someone posts Microsoft sources with GPL notices attached, and you download, you are not protected, you are violating copyright. Copyright is strict liability. It is no defense that you did not know Copyright is strict liability. It is no defense that you did not know

16 More on Checking Licenses If you acquire (proprietary or Free Software) from a company, they provide a contractual commitment on the licensing. If you acquire (proprietary or Free Software) from a company, they provide a contractual commitment on the licensing. You may still end up violating copyright, but you have someone to blame. You may still end up violating copyright, but you have someone to blame. Deal with people you trust Deal with people you trust If you download stuff free If you download stuff free You take full responsibility for checking licenses etc. You take full responsibility for checking licenses etc.

17 Free Software vs Open Source Free Software emphasizes the freedom given by the license to the user. Free Software emphasizes the freedom given by the license to the user. Free/Open Software are associated with open development environments Free/Open Software are associated with open development environments Open Source emphasizes the quality aspects obtainable from open development. Open Source emphasizes the quality aspects obtainable from open development. But this is only an association! But this is only an association!

18 Achieving Quality in Software There are various aspects in both software and the software development process that can help lead to higher quality software. There are various aspects in both software and the software development process that can help lead to higher quality software. In the following slides we will look at some of these aspects In the following slides we will look at some of these aspects

19 Careful Specification At one end of the scale, software is carefully/formally specified before implementation starts At one end of the scale, software is carefully/formally specified before implementation starts At the other end of the scale specification is simply not a recognized step At the other end of the scale specification is simply not a recognized step High reliability and secure software definitely benefits from careful specification High reliability and secure software definitely benefits from careful specification Because security aspects are often non-obvious Because security aspects are often non-obvious

20 Careful Software Process At one end of the scale, software is developed according to a carefully specified process which controls all aspects of the development cycle At one end of the scale, software is developed according to a carefully specified process which controls all aspects of the development cycle At the other end, software is simply thrown together without any process At the other end, software is simply thrown together without any process Quality software definitely benefits from a careful process Quality software definitely benefits from a careful process Since the process can reveal quality and security risks Since the process can reveal quality and security risks

21 Extensive Testing At one end of the scale, thorough testing is emphasized At one end of the scale, thorough testing is emphasized Coverage testing, formal models (e.g. MCDC) Coverage testing, formal models (e.g. MCDC) Following similar protocols to safety-critical Following similar protocols to safety-critical At the other end, testing is sporadic and non-systematic. At the other end, testing is sporadic and non-systematic. Systematic testing is important for quality Systematic testing is important for quality Since flaws can be revealed Since flaws can be revealed

22 General Quality Issues Add here whatever quality issues you like Add here whatever quality issues you like Use of formal techniques (correctness proofs) Use of formal techniques (correctness proofs) Careful commenting (literate programming) Careful commenting (literate programming) Formal models (e.g. UML, Mascot etc) Formal models (e.g. UML, Mascot etc) Use of appropriate tools (e.g. SPARK) Use of appropriate tools (e.g. SPARK) Use of annotations (programming by contract) Use of annotations (programming by contract) Etc. etc. etc. Etc. etc. etc.

23 Relation to Free Software and Open Source None! None! None of these quality issues have anything to do with either Free Software or Open Source. None of these quality issues have anything to do with either Free Software or Open Source. You can be anywhere on any of these scales with either Free/Open software or fully proprietary software You can be anywhere on any of these scales with either Free/Open software or fully proprietary software

24 The (Incorrect) Image Open Source involves a large group of people hacking away at a piece of software Open Source involves a large group of people hacking away at a piece of software No control No control No organization No organization No testing No testing Complete Chaos Complete Chaos

25 The Reality As with proprietary software, the quality and quality-oriented procedures vary greatly from one product to another. As with proprietary software, the quality and quality-oriented procedures vary greatly from one product to another. Some argue for very open development with relatively little control (The Cathedral vs the Bazarre) discussion. Some argue for very open development with relatively little control (The Cathedral vs the Bazarre) discussion. But others remain mostly in the cathedral (The GNAT Pro Ada compiler development is for instance very tightly controlled). But others remain mostly in the cathedral (The GNAT Pro Ada compiler development is for instance very tightly controlled).

26 Looking for Quality Software Whatever criteria are appropriate for the development and production of high quality software should not be compromised. Whatever criteria are appropriate for the development and production of high quality software should not be compromised. And that goes whether development uses a closed proprietary model or an open source model. And that goes whether development uses a closed proprietary model or an open source model.

27 The Notion of Open Development Free Software and Open Source allow a model of development which we will call Open Development. Free Software and Open Source allow a model of development which we will call Open Development. Open Development means sources are freely available to the world Open Development means sources are freely available to the world So that anyone can participate in the development process So that anyone can participate in the development process

28 What does Participation Mean? At one end, we can have totally uncontrolled development At one end, we can have totally uncontrolled development Anyone can change anything at any time Anyone can change anything at any time At the other end, we simply use this open environment as a source of possible ideas At the other end, we simply use this open environment as a source of possible ideas Which may or may not be incorporated, following strict or less strict guidelines Which may or may not be incorporated, following strict or less strict guidelines Most projects tend to the second rather than the first model. Most projects tend to the second rather than the first model.

29 How Free Software Can Help? There are really two quite different aspects to this question There are really two quite different aspects to this question First, the use of open source development tools can help your software process First, the use of open source development tools can help your software process Second, there is a claim that the open development process helps to guarantee higher quality software. Second, there is a claim that the open development process helps to guarantee higher quality software.

30 Free Software and YOUR process From the point of view of a user, FS means three important things From the point of view of a user, FS means three important things Source for all components is available Source for all components is available You are not tied to the software supplier You are not tied to the software supplier You can use the software freely You can use the software freely

31 Source for All Components is Available Critically, this means that there are no black boxes which you cant look into. Critically, this means that there are no black boxes which you cant look into. Your debugging can roam into any system components as needed if needed Your debugging can roam into any system components as needed if needed You can modify and recompile anything at any time (no problem of being locked into code generated by a particular compiler vsn etc) You can modify and recompile anything at any time (no problem of being locked into code generated by a particular compiler vsn etc)

32 Available Source: An Example Wes Embry has been converting a large Ada/C++ app from Greenhills to GNAT Wes Embry has been converting a large Ada/C++ app from Greenhills to GNAT Binding lead to undefined symbols Binding lead to undefined symbols Mystery, could not figure out where from Mystery, could not figure out where from Recompile loader with debugging, debugged the loader. A bit gruesome, last resort! Recompile loader with debugging, debugged the loader. A bit gruesome, last resort! But possible and practical But possible and practical And revealed a missing extern C in a C++ file And revealed a missing extern C in a C++ file

33 Another Example In GNAT ACT supplies GNAT.Sockets In GNAT ACT supplies GNAT.Sockets An API for use of sockets An API for use of sockets The VxWorks version was limited to 32 sockets (not sure why, historical perhaps?) The VxWorks version was limited to 32 sockets (not sure why, historical perhaps?) One customer needed more, so simply recompiled this unit One customer needed more, so simply recompiled this unit And suggested we fix this, which we will, but was not dependent on ACT. And suggested we fix this, which we will, but was not dependent on ACT.

34 You are not Tied to Vendor No need for source escrow No need for source escrow You have the sources You have the sources Any one who is capable can support Any one who is capable can support No IPR restrictions on who can do support No IPR restrictions on who can do support Look for a counter example at GRACE vs GEAC (Newark District Court) Look for a counter example at GRACE vs GEAC (Newark District Court) GRACE providing support for GEAC software GRACE providing support for GEAC software Ruled to be a copyright violation Ruled to be a copyright violation GRACE is now out of business GRACE is now out of business Customers tied to expensive GEAC support Customers tied to expensive GEAC support

35 You Can Use the Software Freely No license keys No license keys Software can be freely moved around Software can be freely moved around Engineers can use software on home machines Engineers can use software on home machines Copies can be supplied as needed to your customers. Copies can be supplied as needed to your customers.

36 What About the Quality Issue So, given this viewpoint, does open source bring anything to the quality/security table? So, given this viewpoint, does open source bring anything to the quality/security table? Yes, it definitely does Yes, it definitely does Other things being equal (in terms of quality procedures etc) Other things being equal (in terms of quality procedures etc) Open source operates in No More Secrets mode, since lots of people will look at the sources. We assume some degree of open availability of the sources here. Open source operates in No More Secrets mode, since lots of people will look at the sources. We assume some degree of open availability of the sources here.

37 Secrets and Lies Proprietary Software can keep secrets Proprietary Software can keep secrets And sometimes fights hard to do so And sometimes fights hard to do so HP earlier this year threatened to use the DMCA to sue someone who exposed a security flaw in HP software. HP earlier this year threatened to use the DMCA to sue someone who exposed a security flaw in HP software. Even without such extreme actions, secrets can remain out of view. Even without such extreme actions, secrets can remain out of view. Look at the lists of Easter Eggs Look at the lists of Easter Eggs For example, the Microsoft Excel Flight Simulator For example, the Microsoft Excel Flight Simulator

38 Do Secrets Protect Security? Sometimes, BUT … Sometimes, BUT … In the software world, secrets dont stay secret easily In the software world, secrets dont stay secret easily Hackers delight in digging out these secrets Hackers delight in digging out these secrets If your security depends on no one knowing about particular failings in the software you are using If your security depends on no one knowing about particular failings in the software you are using You are not in a very secure state You are not in a very secure state You are particularly vulnerable to inside attacks You are particularly vulnerable to inside attacks

39 Openness is a better path to Security and Quality In Open Source software In Open Source software Many people examine software for security flaws and other errors. Many people examine software for security flaws and other errors. No one is relying on protecting secrets No one is relying on protecting secrets Open source development cannot stop people from revealing flaws Open source development cannot stop people from revealing flaws So the flaws do get revealed So the flaws do get revealed And fixed … And fixed …

40 An Example in Action: GNAT Pro GNAT Pro is the commercial product of Ada Core Technologies. GNAT Pro is the commercial product of Ada Core Technologies. Certainly not free in $ (minimum cost is $12,500/year with high level support) Certainly not free in $ (minimum cost is $12,500/year with high level support) But uses Free Software License (GPL) But uses Free Software License (GPL) Development is very carefully controlled Development is very carefully controlled And subject to a rigorous process (see our web site www.gnat.com for description) And subject to a rigorous process (see our web site www.gnat.com for description)www.gnat.com

41 GNAT Pro and Open Development A version of our source base is openly available as part of the GNU Project. A version of our source base is openly available as part of the GNU Project. Anyone can look at our sources, and may do look at them very carefully. Anyone can look at our sources, and may do look at them very carefully. They point out errors, and sometimes they suggest improvements and fixes They point out errors, and sometimes they suggest improvements and fixes We fix the errors if we agree We fix the errors if we agree We incorporate the improvements if we agree and they meet our rigorous quality standards. We incorporate the improvements if we agree and they meet our rigorous quality standards.

42 Openness in Action: GNAT Pro As noted previously GNAT sources are publicly available. As noted previously GNAT sources are publicly available. After these sources were posted After these sources were posted A volunteer noticed possible security risks A volunteer noticed possible security risks Not in GNAT itself, but in programs built using certain features of GNAT Not in GNAT itself, but in programs built using certain features of GNAT These security flaws were actually reported to CERT so that the public was notified These security flaws were actually reported to CERT so that the public was notified Both users and ACT were immediately alerted Both users and ACT were immediately alerted

43 The Microsoft Attack The Microsoft Viewpoint The Microsoft Viewpoint The GPL is evil and stifles innovation The GPL is evil and stifles innovation Translation: Microsoft cannot appropriate other peoples GPLed software and incorporate it into their proprietary software. Translation: Microsoft cannot appropriate other peoples GPLed software and incorporate it into their proprietary software. They think this is unfair because open source vendors can take advantage of this They think this is unfair because open source vendors can take advantage of this

44 More on The Microsoft Attack It is true that Free Software creators and vendors agree to freely share technology It is true that Free Software creators and vendors agree to freely share technology They do so for mutual advantage They do so for mutual advantage We have a deal to propose to Microsoft: We have a deal to propose to Microsoft: You can freely use our stuff You can freely use our stuff If we can use your stuff If we can use your stuff If you agree, welcome to the open source community If you agree, welcome to the open source community

45 More on The Microsoft Attack Microsoft has another argument Microsoft has another argument No one can make money on Free Software No one can make money on Free Software So Free Software will undermine the viability of large companies making lots of money So Free Software will undermine the viability of large companies making lots of money This might be partially true This might be partially true But so what? But so what?

46 Software and Dollars The world needs good software The world needs good software Software engineers must eat Software engineers must eat This means that people who create software must be able to make a reasonable living. This means that people who create software must be able to make a reasonable living. But the world does not particularly need people to get mega-rich from software. But the world does not particularly need people to get mega-rich from software. We are doing nicely at ACT. We dont have a corporate jet, but we manage We are doing nicely at ACT. We dont have a corporate jet, but we manage

47 The Halloween 2 Document A recent document claims to be an internal Microsoft document on Open Source strategy. A recent document claims to be an internal Microsoft document on Open Source strategy. It notes that the attack discussed in the previous slides is not working well It notes that the attack discussed in the previous slides is not working well What a surprise! What a surprise!

48 More on Halloween 2 What Microsoft does say is that the problem with Open source software is the lack of deep pockets support. What Microsoft does say is that the problem with Open source software is the lack of deep pockets support. Well, its amazing, but we at least partly agree with this Well, its amazing, but we at least partly agree with this There is nothing about Free or Open Source software that precludes proper support. There is nothing about Free or Open Source software that precludes proper support.

49 The Issue of Support You may or may not need proper support for the software you are using You may or may not need proper support for the software you are using A student hacking around does not A student hacking around does not A company building critical systems does A company building critical systems does You need to adopt appropriate policies You need to adopt appropriate policies For example, the lawyers for one of our large customers looked at the FS issue and decided that the use of FS was fine IF SUPPORTED. For example, the lawyers for one of our large customers looked at the FS issue and decided that the use of FS was fine IF SUPPORTED. You are in command here, you choose! You are in command here, you choose!

50 Conclusion Free Software and Open Source can play a significant role in improving quality of software. Free Software and Open Source can play a significant role in improving quality of software. FS and OS can play an important role in your development process FS and OS can play an important role in your development process Incremental open development can be a powerful tool for detecting and eliminating security and quality flaws in software. Incremental open development can be a powerful tool for detecting and eliminating security and quality flaws in software.


Download ppt "The Impact of Free/Open Source Software on Software Engineering Robert B.K. Dewar New York University Ada Core Technologies SIGAda December 9th, 2002."

Similar presentations


Ads by Google