Embed Size (px)
Citation preview
The Impact of Free/Open The Impact of Free/Open Source Software on Source Software on
Software Engineering Software Engineering Robert B.K. DewarRobert B.K. Dewar
New York UniversityNew York UniversityAda Core TechnologiesAda Core Technologies
SIGAda December 9th, 2002SIGAda December 9th, 2002
A DisclaimerA Disclaimer
Robert Dewar is President and CEO Robert Dewar is President and CEO of Ada Core Technologiesof Ada Core TechnologiesA company committed to Free SoftwareA company committed to Free SoftwareWhy? Because it is advantageous for our Why? Because it is advantageous for our
customers.customers.We choose to use Free Software We choose to use Free Software
Licenses because we think there are Licenses because we think there are many advantages from a pragmatic many advantages from a pragmatic point of view.point of view.
Free Software and Open Free Software and Open SourceSource
These terms refer to specific These terms refer to specific methods of licensing and distributing methods of licensing and distributing software. That’s all they mean from a software. That’s all they mean from a precise technical point of view.precise technical point of view.
But they also are associated at least But they also are associated at least in people’s minds, and in some cases in people’s minds, and in some cases in real projects, with development in real projects, with development methodologies.methodologies.
What is Free Software?What is Free Software?
Typically, Free Software is Typically, Free Software is copyrighted software that is copyrighted software that is distributed with a license for limited distributed with a license for limited use.use.
The only difference compared to The only difference compared to Proprietary Software is that the Proprietary Software is that the license is far more permissive than a license is far more permissive than a typical proprietary license.typical proprietary license.
More on Free SoftwareMore on Free Software
Typical licensing requirements for FSTypical licensing requirements for FSReceiver of software has full useful sourcesReceiver of software has full useful sourcesUser can make any modifications requiredUser can make any modifications requiredIn other words can make derived worksIn other words can make derived worksUser owns any modifications they makeUser owns any modifications they makeSoftware can be used without license keys Software can be used without license keys
etcetcSoftware can be further distributedSoftware can be further distributedBut distribution is never requiredBut distribution is never required
More on Free SoftwareMore on Free Software
Any software distributed in a manner Any software distributed in a manner that meets these requirements is that meets these requirements is considered to be Free Software considered to be Free Software (adjudicated by FSF)(adjudicated by FSF)Public DomainPublic DomainBSD licenseBSD licenseOther similar licensesOther similar licensesThe GPL (Free Software /= GPL, it’s just The GPL (Free Software /= GPL, it’s just
one of the possible approaches)one of the possible approaches)
The GPL in ParticularThe GPL in Particular
The GPL (in the news recently because The GPL (in the news recently because of the Microsoft attacks) is a particular of the Microsoft attacks) is a particular Free Software License.Free Software License.
Meets all the requirements for FSMeets all the requirements for FSBut restricts what you can do with the But restricts what you can do with the
software in such a way that if the software in such a way that if the software is further distributed it software is further distributed it remains freeremains free
More on the Microsoft attack laterMore on the Microsoft attack later
What is a Deriviative Work?What is a Deriviative Work?
The issue here is the creation of a The issue here is the creation of a deriviative workderiviative work
This is when you take and modify a This is when you take and modify a copyrighted work, e.g. painting a copyrighted work, e.g. painting a moustache on the Mona Lisa.moustache on the Mona Lisa.
Copyright gives author complete Copyright gives author complete control over the creation of control over the creation of deriviatives. You cannot do it unless deriviatives. You cannot do it unless you have permission.you have permission.
Fair UseFair Use
You can do some things that would You can do some things that would normally violate copyrightnormally violate copyrightFor your own useFor your own useOn a small scaleOn a small scaleRules are case law not statutoryRules are case law not statutory
Licenses can prohibit things that Licenses can prohibit things that might otherwise be fair usemight otherwise be fair use
DMCA allows restriction of fair useDMCA allows restriction of fair use
More on Deriviative WorksMore on Deriviative Works
Virtually all proprietary software, e.g. Virtually all proprietary software, e.g. everything from Microsofteverything from MicrosoftIs protected by copyright, limiting the Is protected by copyright, limiting the
creation of deriviative workscreation of deriviative worksComes with a license that further Comes with a license that further
restricts the creation of deriviative restricts the creation of deriviative works, and eliminating possible fair use works, and eliminating possible fair use exceptionsexceptions
Back to the GPLBack to the GPL
A key point of Free Software is that not A key point of Free Software is that not only can you create deriviative works but only can you create deriviative works but you can further distribute themyou can further distribute them
But the GPL and other similar licenses But the GPL and other similar licenses allow the creation and redistribution of allow the creation and redistribution of deriviative worksderiviative works
But if you redistribute, the GPL requires But if you redistribute, the GPL requires that the jointly owned work be GPL’edthat the jointly owned work be GPL’ed
The GPL never forces you to redistributeThe GPL never forces you to redistribute
What about the Run-TimeWhat about the Run-Time
When using a compiler, the run-time When using a compiler, the run-time is typically protected by copyright.is typically protected by copyright.
Cannot redistribute with a licenseCannot redistribute with a licenseA proprietary license might charge youA proprietary license might charge youThe GPL would require you to GPL your The GPL would require you to GPL your
codecodeBoth possibilities are alarmingBoth possibilities are alarming
So this is a real point of concernSo this is a real point of concern
More on the Run-TimeMore on the Run-Time
When using any software, it is vital to When using any software, it is vital to check the license agreement carefully!check the license agreement carefully!
If you need to be able to distribute your If you need to be able to distribute your program that you have compiled, check program that you have compiled, check that the license is suitable.that the license is suitable.
In the case of GNAT, the GNAT modified In the case of GNAT, the GNAT modified GPL (GMGPL) allows free distribution GPL (GMGPL) allows free distribution without having to GPL your code.without having to GPL your code.
How is Open Source DifferentHow is Open Source Different
Open Source is a newer conceptOpen Source is a newer conceptUses similar licensesUses similar licensesBut often not quite as freeBut often not quite as free
Modifications may not belong to authorModifications may not belong to authorDistribution of modifications may be Distribution of modifications may be
requiredrequiredReminder: whether using Free, Open, Reminder: whether using Free, Open,
Proprietary software:Proprietary software:CHECK THE LICENSECHECK THE LICENSE!!
A Note on Checking the A Note on Checking the LicenseLicense
The way copyright law works is that YOU The way copyright law works is that YOU are responsible for checking copyrights.are responsible for checking copyrights.
Notices in source files or displayed by Notices in source files or displayed by programs mean nothing legallyprograms mean nothing legallyIf someone posts Microsoft sources with GPL If someone posts Microsoft sources with GPL
notices attached, and you download, you notices attached, and you download, you are not protected, you are violating are not protected, you are violating copyright.copyright.
Copyright is strict liability. It is no defense Copyright is strict liability. It is no defense that you did not knowthat you did not know
More on Checking LicensesMore on Checking Licenses
If you acquire (proprietary or Free If you acquire (proprietary or Free Software) from a company, they provide Software) from a company, they provide a contractual commitment on the a contractual commitment on the licensing.licensing.You may still end up violating copyright, but You may still end up violating copyright, but
you have someone to blame.you have someone to blame.Deal with people you trustDeal with people you trust
If you download stuff freeIf you download stuff freeYou take full responsibility for checking You take full responsibility for checking
licenses etc.licenses etc.
Free Software vs Open Free Software vs Open SourceSource
Free Software emphasizes the Free Software emphasizes the freedom given by the license to the freedom given by the license to the user.user.
Free/Open Software are associated Free/Open Software are associated with open development environmentswith open development environments
Open Source emphasizes the quality Open Source emphasizes the quality aspects obtainable from open aspects obtainable from open development.development.
But this is only an association!But this is only an association!
Achieving Quality in SoftwareAchieving Quality in Software
There are various aspects in both There are various aspects in both software and the software software and the software development process that can help development process that can help lead to higher quality software.lead to higher quality software.
In the following slides we will look at In the following slides we will look at some of these aspectssome of these aspects
Careful SpecificationCareful Specification
At one end of the scale, software is At one end of the scale, software is carefully/formally specified before carefully/formally specified before implementation startsimplementation starts
At the other end of the scale specification At the other end of the scale specification is simply not a recognized stepis simply not a recognized step
High reliability and secure software High reliability and secure software definitely benefits from careful definitely benefits from careful specificationspecification Because security aspects are often Because security aspects are often
non-obviousnon-obvious
Careful Software ProcessCareful Software Process
At one end of the scale, software is At one end of the scale, software is developed according to a carefully developed according to a carefully specified process which controls all specified process which controls all aspects of the development cycleaspects of the development cycle
At the other end, software is simply At the other end, software is simply thrown together without any processthrown together without any process
Quality software definitely benefits from a Quality software definitely benefits from a careful processcareful process Since the process can reveal quality and Since the process can reveal quality and
security riskssecurity risks
Extensive TestingExtensive Testing
At one end of the scale, thorough testing At one end of the scale, thorough testing is emphasizedis emphasizedCoverage testing, formal models (e.g. MCDC)Coverage testing, formal models (e.g. MCDC)Following similar protocols to safety-criticalFollowing similar protocols to safety-critical
At the other end, testing is sporadic and At the other end, testing is sporadic and non-systematic.non-systematic.
Systematic testing is important for qualitySystematic testing is important for qualitySince flaws can be revealedSince flaws can be revealed
General Quality IssuesGeneral Quality Issues
Add here whatever quality issues you Add here whatever quality issues you likelikeUse of formal techniques (correctness Use of formal techniques (correctness
proofs)proofs)Careful commenting (literate programming)Careful commenting (literate programming)Formal models (e.g. UML, Mascot etc)Formal models (e.g. UML, Mascot etc)Use of appropriate tools (e.g. SPARK)Use of appropriate tools (e.g. SPARK)Use of annotations (programming by Use of annotations (programming by
contract)contract)Etc. etc. etc.Etc. etc. etc.
Relation to Free SoftwareRelation to Free Softwareand Open Sourceand Open Source
None!None!None of these quality issues have None of these quality issues have
anything to do with either Free anything to do with either Free Software or Open Source.Software or Open Source.
You can be anywhere on any of these You can be anywhere on any of these scales with either Free/Open scales with either Free/Open software or fully proprietary softwaresoftware or fully proprietary software
The (Incorrect) Image The (Incorrect) Image
Open Source involves a large group Open Source involves a large group of people hacking away at a piece of of people hacking away at a piece of softwaresoftwareNo controlNo controlNo organizationNo organizationNo testingNo testingComplete ChaosComplete Chaos
The RealityThe Reality
As with proprietary software, the quality As with proprietary software, the quality and quality-oriented procedures vary and quality-oriented procedures vary greatly from one product to another.greatly from one product to another.Some argue for very open development Some argue for very open development
with relatively little control (The “Cathedral with relatively little control (The “Cathedral vs the Bazarre”) discussion.vs the Bazarre”) discussion.
But others remain mostly in the cathedral But others remain mostly in the cathedral (The GNAT Pro Ada compiler development (The GNAT Pro Ada compiler development is for instance very tightly controlled).is for instance very tightly controlled).
Looking for Quality SoftwareLooking for Quality Software
Whatever criteria are appropriate for Whatever criteria are appropriate for the development and production of the development and production of high quality software should not be high quality software should not be compromised.compromised.And that goes whether development And that goes whether development
uses a closed proprietary model or an uses a closed proprietary model or an open source model.open source model.
The Notion of Open The Notion of Open DevelopmentDevelopment
Free Software and Open Source allow Free Software and Open Source allow a model of development which we a model of development which we will call Open Development.will call Open Development.
Open Development means sources Open Development means sources are freely available to the worldare freely available to the world
So that anyone can participate in the So that anyone can participate in the development processdevelopment process
What does Participation What does Participation Mean?Mean?
At one end, we can have totally At one end, we can have totally uncontrolled developmentuncontrolled developmentAnyone can change anything at any timeAnyone can change anything at any time
At the other end, we simply use this At the other end, we simply use this open environment as a source of open environment as a source of possible ideaspossible ideasWhich may or may not be incorporated, Which may or may not be incorporated,
following strict or less strict guidelinesfollowing strict or less strict guidelinesMost projects tend to the second Most projects tend to the second
rather than the first model. rather than the first model.
How Free Software Can Help?How Free Software Can Help?
There are really two quite different There are really two quite different aspects to this questionaspects to this question
First, the use of open source First, the use of open source development tools can help your development tools can help your software processsoftware process
Second, there is a claim that the Second, there is a claim that the open development process helps to open development process helps to guarantee higher quality software.guarantee higher quality software.
Free Software and YOUR Free Software and YOUR processprocess
From the point of view of a user, FS From the point of view of a user, FS means three important thingsmeans three important thingsSource for all components is availableSource for all components is availableYou are not tied to the software supplierYou are not tied to the software supplierYou can use the software freelyYou can use the software freely
Source for All Components is Source for All Components is AvailableAvailable
Critically, this means that there are no Critically, this means that there are no black boxes which you can’t look into.black boxes which you can’t look into.
Your debugging can roam into any Your debugging can roam into any system components as needed if system components as needed if neededneeded
You can modify and recompile You can modify and recompile anything at any time (no problem of anything at any time (no problem of being locked into code generated by a being locked into code generated by a particular compiler vsn etc)particular compiler vsn etc)
Available Source: An ExampleAvailable Source: An Example
Wes Embry has been converting a large Wes Embry has been converting a large Ada/C++ app from Greenhills to GNATAda/C++ app from Greenhills to GNAT
Binding lead to undefined symbolsBinding lead to undefined symbolsMystery, could not figure out where fromMystery, could not figure out where fromRecompile loader with debugging, debugged Recompile loader with debugging, debugged
the loader. A bit gruesome, last resort!the loader. A bit gruesome, last resort!But possible and practicalBut possible and practicalAnd revealed a missing extern C in a C++ And revealed a missing extern C in a C++
filefile
Another ExampleAnother Example
In GNAT ACT supplies GNAT.SocketsIn GNAT ACT supplies GNAT.SocketsAn API for use of socketsAn API for use of socketsThe VxWorks version was limited to 32 The VxWorks version was limited to 32
sockets (not sure why, historical sockets (not sure why, historical perhaps?)perhaps?)
One customer needed more, so simply One customer needed more, so simply recompiled this unitrecompiled this unit
And suggested we “fix” this, which we And suggested we “fix” this, which we will, but was not dependent on ACT.will, but was not dependent on ACT.
You are not Tied to Vendor You are not Tied to Vendor
No need for source escrowNo need for source escrow You have the sourcesYou have the sources Any one who is capable can supportAny one who is capable can support No IPR restrictions on who can do supportNo IPR restrictions on who can do support Look for a counter example at GRACE vs Look for a counter example at GRACE vs
GEAC (Newark District Court)GEAC (Newark District Court) GRACE providing support for GEAC softwareGRACE providing support for GEAC software Ruled to be a copyright violationRuled to be a copyright violation GRACE is now out of businessGRACE is now out of business Customers tied to expensive GEAC supportCustomers tied to expensive GEAC support
You Can Use the Software You Can Use the Software FreelyFreely
No license keysNo license keysSoftware can be freely moved aroundSoftware can be freely moved aroundEngineers can use software on home Engineers can use software on home
machinesmachinesCopies can be supplied as needed to Copies can be supplied as needed to
your customers.your customers.
What About the Quality IssueWhat About the Quality Issue
So, given this viewpoint, does open source So, given this viewpoint, does open source bring anything to the quality/security bring anything to the quality/security table?table?
Yes, it definitely doesYes, it definitely does Other things being equal (in terms of Other things being equal (in terms of
quality procedures etc)quality procedures etc) Open source operates in “No More Secrets” Open source operates in “No More Secrets”
mode, since lots of people will look at the mode, since lots of people will look at the sources. We assume some degree of open sources. We assume some degree of open availability of the sources here.availability of the sources here.
Secrets and LiesSecrets and Lies
Proprietary Software can keep secretsProprietary Software can keep secretsAnd sometimes fights hard to do soAnd sometimes fights hard to do soHP earlier this year threatened to use the HP earlier this year threatened to use the
DMCA to sue someone who exposed a DMCA to sue someone who exposed a security flaw in HP software.security flaw in HP software.
Even without such extreme actions, Even without such extreme actions, secrets can remain out of view.secrets can remain out of view.
Look at the lists of Easter EggsLook at the lists of Easter EggsFor example, the Microsoft Excel Flight For example, the Microsoft Excel Flight
SimulatorSimulator
Do Secrets Protect Security?Do Secrets Protect Security?
Sometimes, BUT …Sometimes, BUT …In the software world, secrets don’t stay In the software world, secrets don’t stay
secret easilysecret easilyHackers delight in digging out these secretsHackers delight in digging out these secretsIf your security depends on no one knowing If your security depends on no one knowing
about particular failings in the software you about particular failings in the software you are usingare using
You are not in a very secure stateYou are not in a very secure stateYou are particularly vulnerable to inside attacksYou are particularly vulnerable to inside attacks
Openness is a better path to Openness is a better path to Security and QualitySecurity and Quality
In Open Source softwareIn Open Source softwareMany people examine software for Many people examine software for
security flaws and other errors. security flaws and other errors. No one is relying on protecting secretsNo one is relying on protecting secretsOpen source development cannot stop Open source development cannot stop
people from revealing flawspeople from revealing flawsSo the flaws do get revealedSo the flaws do get revealedAnd fixed …And fixed …
An Example in Action: GNAT An Example in Action: GNAT ProPro
GNAT Pro is the commercial product of GNAT Pro is the commercial product of Ada Core Technologies.Ada Core Technologies.
Certainly not free in $ (minimum cost is Certainly not free in $ (minimum cost is $12,500/year with high level support)$12,500/year with high level support)
But uses Free Software License (GPL)But uses Free Software License (GPL)Development is very carefully controlledDevelopment is very carefully controlledAnd subject to a rigorous process (see our And subject to a rigorous process (see our
web site web site www.gnat.comwww.gnat.com for description) for description)
GNAT Pro and Open GNAT Pro and Open DevelopmentDevelopment
A version of our source base is openly A version of our source base is openly available as part of the GNU Project.available as part of the GNU Project.
Anyone can look at our sources, and Anyone can look at our sources, and may do look at them very carefully.may do look at them very carefully.
They point out errors, and sometimes They point out errors, and sometimes they suggest improvements and fixesthey suggest improvements and fixesWe fix the errors if we agreeWe fix the errors if we agreeWe incorporate the improvements if we We incorporate the improvements if we
agree and they meet our rigorous quality agree and they meet our rigorous quality standards.standards.
Openness in Action: GNAT ProOpenness in Action: GNAT Pro
As noted previously GNAT sources are As noted previously GNAT sources are publicly available.publicly available.
After these sources were postedAfter these sources were postedA volunteer noticed possible security risksA volunteer noticed possible security risksNot in GNAT itself, but in programs built Not in GNAT itself, but in programs built
using certain features of GNATusing certain features of GNATThese security flaws were actually reported These security flaws were actually reported
to CERT so that the public was notifiedto CERT so that the public was notifiedBoth users and ACT were immediately Both users and ACT were immediately
alertedalerted
The Microsoft AttackThe Microsoft Attack
The Microsoft ViewpointThe Microsoft ViewpointThe GPL is evil and stifles innovationThe GPL is evil and stifles innovationTranslation: Microsoft cannot Translation: Microsoft cannot
appropriate other people’s GPL’ed appropriate other people’s GPL’ed software and incorporate it into their software and incorporate it into their proprietary software.proprietary software.
They think this is unfair because open They think this is unfair because open source vendors can take advantage of source vendors can take advantage of thisthis
More on The Microsoft AttackMore on The Microsoft Attack
It is true that Free Software creators It is true that Free Software creators and vendors agree to freely share and vendors agree to freely share technologytechnology
They do so for mutual advantageThey do so for mutual advantageWe have a deal to propose to Microsoft:We have a deal to propose to Microsoft:
You can freely use our stuffYou can freely use our stuffIf we can use your stuffIf we can use your stuffIf you agree, welcome to the open source If you agree, welcome to the open source
community community
More on The Microsoft AttackMore on The Microsoft Attack
Microsoft has another argumentMicrosoft has another argumentNo one can make money on Free No one can make money on Free
SoftwareSoftwareSo Free Software will undermine the So Free Software will undermine the
viability of large companies making viability of large companies making lots of moneylots of money
This might be partially trueThis might be partially trueBut so what?But so what?
Software and DollarsSoftware and Dollars
The world needs good softwareThe world needs good softwareSoftware engineers must eatSoftware engineers must eatThis means that people who create This means that people who create
software must be able to make a software must be able to make a reasonable living.reasonable living.
But the world does not particularly But the world does not particularly need people to get mega-rich from need people to get mega-rich from software.software.
We are doing nicely at ACT. We don’t We are doing nicely at ACT. We don’t have a corporate jet, but we manage have a corporate jet, but we manage
The “Halloween 2” DocumentThe “Halloween 2” Document
A recent document claims to be an A recent document claims to be an internal Microsoft document on Open internal Microsoft document on Open Source strategy.Source strategy.
It notes that the attack discussed in It notes that the attack discussed in the previous slides is not working the previous slides is not working wellwell
What a surprise!What a surprise!
More on Halloween 2More on Halloween 2
What Microsoft does say is that the What Microsoft does say is that the problem with Open source software problem with Open source software is the lack of “deep pockets” support.is the lack of “deep pockets” support.
Well, it’s amazing, but we at least Well, it’s amazing, but we at least partly agree with this partly agree with this
There is nothing about Free or Open There is nothing about Free or Open Source software that precludes Source software that precludes proper support.proper support.
The Issue of SupportThe Issue of Support
You may or may not need proper You may or may not need proper support for the software you are usingsupport for the software you are usingA student hacking around does notA student hacking around does notA company building critical systems doesA company building critical systems does
You need to adopt appropriate policiesYou need to adopt appropriate policiesFor example, the lawyers for one of our For example, the lawyers for one of our
large customers looked at the FS issue large customers looked at the FS issue and decided that the use of FS was fine IF and decided that the use of FS was fine IF SUPPORTED.SUPPORTED.
You are in command here, you choose!You are in command here, you choose!
ConclusionConclusion
Free Software and Open Source can Free Software and Open Source can play a significant role in improving play a significant role in improving quality of software.quality of software.
FS and OS can play an important role FS and OS can play an important role in your development processin your development process
Incremental open development can Incremental open development can be a powerful tool for detecting and be a powerful tool for detecting and eliminating security and quality flaws eliminating security and quality flaws in software.in software.
