Shaun Savage wrote: > Crispin Cowan wrote: > >> Shaun Savage wrote: >> >>> 1A+ "competition inceases software quality" >> >> Does not follow. A vendor that has a monopoly on a narrow niche may >> be able to devote sufficient resources to supporting a complex >> application, where as two competing vendors trying to live in the >> same niche may find themselves with insufficent revenue to properly >> support their applications. > > If two companies make "chairs" and if one company chair is softer, > last longer, and cost the same, the other company will need to make > better chairs in order to sell chairs. The niche example is an > exception not the rule. If there are exceptions, then it is not a rule. This is particularly true if we use strong language like "axioms." >>> 1A- "shorter development time reduces software quality" >> >> Does not follow. Good design can lead to shorter development and >> better software quality. And this does not appear to have anything to >> do with monopolies. > > Correct it does not relate to monopolies, but on average it is true. > When a project reaches a large size, the good design will only help so > much. On average, if competition forces the release of a project > before it is ready, the software quality will be reduced. The more > "man years" put into software the better the software ON AVERAGE. All other things being equal, shorter development time reduces quality. But there are lots of things you can do that simultaneously reduce development time and improve quality, so it makes a very poor rule. >>> 2> "proper software development inceases software quality" >> >> Er, yes, but "proper" is so ill-defined that this statement is a >> tautology. >> > Yes, the word proper is ill-defined. That is what I would like to see > this group define. If this group can define what is "proper" then the > group can help the state. You seem to be trying to define principles of good software engineering. That is a large and complex task. It is not special to CRIME, Portland, or even security (although it is closely related to security). You might want to check out the International Conference on Software Engineering <http://www.cs.orst.edu/icse2003/>, which will be in Portland in 2003. But the core problem here is that the principles of good software engineering are actually still unknown to science, and good software engineering remains a black art. > The concept of "people are more important than business" is that the > term "business" means the enity of, not the verb. I see Enron, > Harken, Tyco making shady deals and stealing from people. I see > companies getting bailed out by the US goverment, I see companies > selling something then telling you you can't use it. > > To me this is business being more important. That is why I say > "people are more important". Those examples are not "business more important than people." Quite the opposite: that was individual people (executives) setting themselves up as more important than the business (the shareholders) and robbing them blind by betraying their fiduciary duties to the business. Those are examples of exactly why business is more important than the wants of *individual* people. > I keep hearing about companies giving away IP if they move to open > source. I keep hearing about what is the motivation is write open > source software? > If the state pays for a custom software, does not the state owns that > custom software? That depends on the coontract. The state is in a position to mandate that kind of thing, but AFAIK, has not done so. >> * The State should *consider* open source solutions when procuring >> commodity systems, but should not be required to choose open >> source for any particular application. This is because open source >> is *sometimes* the best solution (e.g. Apache is the most >> cost-effective web server) and sometimes not (AbiWord and Star >> Office are simply not viable competition for MS Office. Yet :) > > OK, BUT all protocols and file formats should be OPEN and published. > By requiring open protocols and file formats, that allows prevents > monopoly on software and locking user into poor software. I agree with this philosophically, but IMHO the State of Oregon is not in a position to enforce such a thing. Oregon state government is too small a market to ever hope to influence core Microsoft policies, and if such a mandate goes through without forcing Microsoft to comply, then it becomes VERY expensive. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Wed Sep 25 2002 - 00:51:12 PDT