Forgot your password?
typodupeerror
Programming

Code Quality: Open Source vs. Proprietary 77

Posted by Soulskill
from the put-your-money-where-your-code-is dept.
just_another_sean sends this followup to yesterday's discussion about the quality of open source code compared to proprietary code. Every year, Coverity scans large quantities of code and evaluates it for defects. They've just released their latest report, and the findings were good news for open source. From the article: "The report details the analysis of 750 million lines of open source software code through the Coverity Scan service and commercial usage of the Coverity Development Testing Platform, the largest sample size that the report has studied to date. A few key points: Open source code quality surpasses proprietary code quality in C/C++ projects. Linux continues to be a benchmark for open source quality. C/C++ developers fixed more high-impact defects. Analysis found that developers contributing to open source Java projects are not fixing as many high-impact defects as developers contributing to open source C/C++ projects."

Comment: Re:Rewarding the bullies... (Score 1) 697

I'm not saying this is the "right" or "best" solution, but...

I taught my son to punch hard and aim for the nose: "if you miss, you'll get his mouth or cheek or eye and it'll still hurt". I also explained that if the bully hit, slapped, tripped, or otherwise battered him, that my son was to lay him out. "What if I get in trouble?", he asked. "You let me handle that part", I replied. We had to play-act it a few times because my boy kept wanting to say something first, like "if you touch me again I'll hit you in the nose!" No. You've already warned him before and he kept it up. Don't talk: act.

Cut to a week later when the teacher was waiting for me when I went to get my son from school. "He hit another kid today." "Was it so-and-so?" "Yes." "Good. I told him to." The teacher looked around, leaned in and confessed: "someone needed to belt that little asshole."

The bullying ended that day. My boy stopped coming home with torn clothes, scratches, and bruises. My son got an enormous confidence boost and hasn't had a problem with other little thugs since then.

Violence is not the solution to all problems, but damned if it can't fix some.

Comment: Re:Gentrification? (Score 2) 330

by argStyopa (#46765835) Attached to: San Francisco's Housing Crisis Explained

I'll use Thomas Sowell's example: People like to live by water, on a shore.
There is only X shoreline.
There are two ways to apportion that shoreline.
1) money: let people buy and sell it, or
2) you can divide it up, and give a piece to everyone; of course, this results in uselessly small pieces (and you have to forbid transfers or you end up with #1), complications with inheritance (is it heritable? How do you deal with death? Marriage?)

The problem with #1 is that as the resource is finite, the prices will become very, very high.

San Francisco is a wonderful location but is extraordinarily geographically constrained. Which do you want: a dictatorship that controls everything and allocates places to people according to what they think is fair today, or a "free" market where prices skyrocket to their value and prevent any but the super-wealthy from living there?
You can't have both, as I suspect that the inefficiencies of trying to chart a middle course make it the worst possible choice.

Comment: Hypocrisy abounds (Score 1) 666

by argStyopa (#46765771) Attached to: Study Finds US Is an Oligarchy, Not a Democracy

What's so hilarious is that to most of the commenters here, the Koch Brothers exemplify the absolute evil in the system whilst (and simultaneously) George Soros is merely 'doing the right thing' and 'helping people speak truth to power'.

One party is clearly the party of business, and business wields a lot of money. Hell, one whole tv network is dedicated to pushing their views.

The other party has draped themselves in the flag of victimhood, somehow managing to portray themselves as the oppressed when they a) are the majority, b) spent 57%(!) more in the last presidential election. They have a much smaller media network overtly supporting them, but 8-9/10 of general journalists sympathize and vote with this party.

In my view, BOTH parties are corrupt, nepotistic heads of the same beast. The idea that you support one side or the other is a Hobson's choice that keeps us running around the wheel, generating funds.

Next time someone from "the other party" pisses you off, think for a second if they weren't prompted to it by rabble rousers on their side SPECIFICALLY to make you angry. Ask any stage magician or pickpocket: controlling your attention is 90% of the trick.

Comment: Re:What a shame (Score 1) 164

by Qzukk (#46762081) Attached to: Snowden Used the Linux Distro Designed For Internet Anonymity

Just like a malicious client can suck data out of a vulnerable server, the same can work in reverse, though clients tend not to keep an SSL connection open any longer than they need to (unless, it's IMAPS or FTPS or chat or some other application with persistent connections).

If you suck the private key out of a bank webserver's RAM, then perform a MITM attack on the bank users using the bank's own certificate, not only can you get their bank credentials (by them filling in the form and sending it to you), depending on the browser you may or may not be able to suck up other accounts from them (eg user logs into a credit card company site to see their bill, then logs into your fake bank to see if they can pay it).

Comment: Re:Subtle attack against C/C++ (Score 1) 180

by Qzukk (#46761237) Attached to: The Security of Popular Programming Languages

std::containers don't need to store their size as a separate variable

C strings don't either. It's the protocol that said "hey, rather than null terminating strings, let's put a length byte like Turbo Pascal never went out of style!"

The fun thing is that that design decision has lead to an entire CLASS of SSL bugs (in all stacks, not just openSSL) eg invalid certs validating because of a null byte in the Common Name. And heartbleed was just one more in that heap.

Comment: Re:No shit, Sherlock (Score 1) 135

by argStyopa (#46755229) Attached to: U.S. Biomedical Research 'Unsustainable' Prominent Researchers Warn

As Ike mentioned in his speech widely remembered for the line 'military-industrial complex':

This conjunction of an immense military establishment and a large arms industry is new in the American experience. The total influence -- economic, political, even spiritual -- is felt in every city, every State house, every office of the Federal government. We recognize the imperative need for this development. Yet we must not fail to comprehend its grave implications. Our toil, resources and livelihood are all involved; so is the very structure of our society.

In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the militaryindustrial complex. The potential for the disastrous rise of misplaced power exists and will persist.

We must never let the weight of this combination endanger our liberties or democratic processes. We should take nothing for granted. Only an alert and knowledgeable citizenry can compel the proper meshing of the huge industrial and military machinery of defense with our peaceful methods and goals, so that security and liberty may prosper together.

....and the bit people don't seem to remember, nor take as seriously:

Akin to, and largely responsible for the sweeping changes in our industrial-military posture, has been the technological revolution during recent decades.

In this revolution, research has become central; it also becomes more formalized, complex, and costly. A steadily increasing share is conducted for, by, or at the direction of, the Federal government.

Today, the solitary inventor, tinkering in his shop, has been overshadowed by task forces of scientists in laboratories and testing fields. In the same fashion, the free university, historically the fountainhead of free ideas and scientific discovery, has experienced a revolution in the conduct of research. Partly because of the huge costs involved, a government contract becomes virtually a substitute for intellectual curiosity. For every old blackboard there are now hundreds of new electronic computers.

The prospect of domination of the nation's scholars by Federal employment, project allocations, and the power of money is ever present and is gravely to be regarded.

Yet, in holding scientific research and discovery in respect, as we should, we must also be alert to the equal and opposite danger that public policy could itself become the captive of a scientifictechnological elite.

The pernicious influence of this 'Federal technical complex' has led to an entire generation of scientists who believe that the only credible source of funding must be the federal government.
It is absolutely certain that there are some HUGE projects that need the resources of government, no doubt. But you know what? Not every bloody thing *needs to be researched*, nor does that research need taxpayer dollars.

I know, the idea that research needs to demonstrably benefit the taxpayer to be federally funded sounds like an idea that would come from (shudder) Republicans, but when we're overspending our budget by 30%+ every year to the tune of nearly $1 trillion, we can't afford everything we want, only what we clearly need.

Comment: Slashdot settings help please (Score 4, Interesting) 163

by argStyopa (#46748877) Attached to: The Best Parking Apps You've Never Heard Of and Why You Haven't

Let's say hypothetically a slashditor (let's call him "Supnezmas"), when not posting duplicate articles from 2 days before, has a major erection for some web commenter (let's call him "Notlesah, Ttenneb").

How could I edit my settings so that worthless shit articles from "Supnezmas" referencing this "Notlesah, Ttenneb" were somehow downrated to oblivion so I don't see them anymore, ever? Is there a filter I can apply?

Can I "foe" an editor based on context?

Comment: Re:What is going on?? (Score -1, Troll) 163

by argStyopa (#46748281) Attached to: The Best Parking Apps You've Never Heard Of and Why You Haven't

I'd like to know who the flip is XanC, since you asked the SAME question I did, and I got -1,Troll while you got +5 Insightful?

http://slashdot.org/comments.p...

Note however that I *entirely* agree with you.
Is there a /. editor trying to build a buddy into a web celebrity?
FWIW, I *still* don't really get why Ze Frank is a weblebrity, either. How does one make a living doing that?

Badges? We don't need no stinking badges.

Working...