Reflections on FOSS

Introduction

FOSS and H/FOSS projects are a very interesting topic for discussion. The shift in Open Source Software has put the Software as a Service (SaaS). There are both benefits and disadvantages to both development models. The selected reading, The Cathedral and the Bazaar, illustrates the process of developing FOSS for the masses and the downsides of this method of deployment. Open Source Software has been a blessing and a curse depending on which side of the market one lies on, opinions will differ on the matter.

Open Source Benefits

If you are a consumer then Open Source Software benefits you, since there is little to no cost associated, unless the user is willing to donate to the project or contribute in their spare time. This model of software development/deployment benefits both the creator and the users, as the users can suggest/implement features for the entirety of the project or can create a local version for themselves (without offering the project for a fee as that would violate some of the many different licenses that are currently employed by Open Source projects).

A great example of this model’s success is Linus Torvalds and Linux. The project itself, seemed like it would devolve into utter chaos, but somehow, someway, the project has thrived and is currently in release 20.10 (with major feature updates released in both April and October as well as Long Term Support (LTS) releases for multiple years for enterprise systems). Why has this been so successful? The answer lies in the relationship between the users and the developer. Linus Torvalds embraced the ideas that the community brought forth and was able to listen and integrate the ideas into the operating system very easily through version control. Another benefit of Open Source Software is the added security that is enabled through discourse within the communities and the ability to audit projects that are on the open web. The ability for security researchers to look directly at source code and discover vulnerabilities, can lead to early fixes rather than distributing a vulnerable package to multiple enterprises. This also goes hand in hand with Requests For Comments (RFCs) as they allow for input on new protocols or applications that need extra input before implementation.

Open Source Disadvantages

A blaring disadvantage of Open Source are that there are some projects that are taken advantage of and they are not properly funded, and without funds (or even interest/lack of time from the developer) the projects are neglected and die out. This is not beneficial to the users, since they rely upon the project for a critical function of their enterprise and can be sitting ducks for hackers if no security updates have been pushed to the project. Another disadvantage of Open Source Software is that with a great project, comes the responsibility to understand what they are developing. In the article, the developer describes a new protocol, SendMail, that would deprecate SMTP and POP3 delivery methods into one protocol that involves forwarding all email protocols to a common protocol. With this implementation, email clients would need to adapt to the new protocol as well as the email servers that hosted the email users (since protocol translation would need to be implemented), which is cost-ineffective.

A final disadvantage that goes hand in hand with the first reason is security considerations. Without putting in the proper time and research, Open Source Software can become weaponized if security vulnerabilities are discovered and not patched in a timely manner. Two examples would be VSFTPD 2.3.4 and LibSSH 0.7.1-0.8.3. Both could have been patched sooner if more research and time had gone into the development of these Open Source Softwares.

Conclusion

Generally speaking, Open Source Software is beneficial to the community with many new and innovative ideas becoming implemented in real world applications. But with every new idea, comes the possibility of deprecating old technologies or even putting a wide user base at risk with untimely patches and updates.