New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Has nothing to do with it.
I think that's the problem. Have to be a bit realistic.
All the best though.
Instead of hitting at Virtkick, who acted stupidly but not in an evil way, we should rethink the open source model.
Except for very few projects, open source projects can not select developers, they have to take what they get, and an immense number of open source projects do not even get enough low-quality hackers.
I personally always understood indigogo and similar projects as a hint, actually a rather strong hint that the open source model is widely broken and insane and unrealistic.
And, mind you, there are actually quite ugly sides, too. One example is really important open source projects not getting people because those people are spread out over a gazillion of projects, most of them not exactly important or useful (many actually just brainfarts of not yet grown ups).
"professional" in the original sense means "for a living". A person you pay can be asked for many things, e.g. for quality. An "enthusiast" (usually an internet euphemism for "unprofessional kid who wants to become famous for playing") can't be asked anything, certainly not for quality or reliability (again, some very few projects are the exception to that rule).
"You get what you pay for" is probably not the nicest rule and not always true - but it should not be forgotten or ignored either.
4k$, 4 full-time people ... and you complain? Seriously?
I don't know (or care) what their stuff is worth but it's nice enough that they give (part of) it away for free and that they pay back those who desire so. So how about "You were dreamers and so were we. But Thank you for playing with open cards"?
Ugh, what do you mean? They are forced to accept code?
If the refund the money, no problem, they are fine in my book, but this should be automatic, not by request, who does not wish to be refunded will get shares or whatever in the commercial company and will opt-in specifically.
As for the OS being broken, well, not much more than the commercial part, there are maybe tens of thousands of wannabe software houses with lower coding standards than OS projects, some make it, some not, same with us, the great power of OS is that the code is not controlled by anyone, it is really free and fork-able, look what happened with Truecrypt after the domain was seized, other people took up the code, even when it was not really using the GPL or other strong OS license. That would never happen with bit-locker, once backdoored, will stay that way.
There's nothing wrong with the model. It's like donations. Nothing wrong with it is used properly.
It's by choice that people donate. However if it ends up causing more problems than it's worth - e.g. here people had expectations as this was promised and it's failed. Maybe people depended on it and lost more due to it? Who knows, but there is a lot into it.
Pardon me but I will not enter a flame war with open source fans (99% of whom have never shared a single small program).
I think that paying developers (you may call it "donations" if that pleases you) is a good model that nicely fits in between free and payed closed software, offering a very attractive compromise, namely having open source (for at least for the major part) and payed developers (at least for a healthy basis).
Whoever disagrees, fine with me; we're all entitled to have an opinion on everything, even if we don't really know what we're talking about.
You may want to work on your politics here buddy. You say you don't want to enter a flame war, though you say something that may very well be insulting to many of us here.
As much as I may not like it at times, this is indeed a model that works well for many. And I can't blame them. Look at Virtualmin: the free version is very popular as it is but many pay for the Pro version for some more features, supporting the further development of it.
Speaking based on plenty experience I learned that discussions with developers of open source (of which I am one since 20+ years) is very different from discussions with the OS fan crowd who never shared more than a CSS, if that.
(maybe sad) fact is that we all need to pay our monthly expenses. Having invested in education, experience, tools one can do and give only so much for free (also keep in mind that the OS heroes are pretty all payed by companies, foundations, etc). I will gladly share some small tools, even nice ones, and I'm willing to spend some of my time on open source. But I'm certainly not willing to earn less and live worse just to make lots of people happy whose major driving force when asking for open source is the very opposite of what they demand: Not investing.
Because, you see, that's the dark corner of the story that is rarely looked at. The vast majority of "open source" actually mean "free, as in beer" and they want others to invest (their knowledge, experience, time, efforts) so that they themselves need not invest.
Of course there are thousands and thousands of hobbyists out there, some of them even quite capable. For some toy that may be good enough. But we're talking about a software here on which businesses are based, and which are used to process and potentially store client data.
Finally, one might ask why that project (like many) never reached its goal on crowdfunding. Maybe it just wasn't attractive enough. But maybe it's because very few are willing to pay; they'd rather risk their clients data and privacy it seems.
Please back up your statement with facts, else, keep your useless opinions to yourself. They are a lot of opensource fans working on the CentOS/Debian/whatever project (through bug reports, feature suggestions, programming, etc)
Such ego. Much experienced. Wow.
Nobody told opensource programmers to work full time on their opensource projects. They can be working full time at Dropbox and part time on their opensource project. (a good example is Sentry, a Python project)
If you can't get hired full time to be a developer at a company that pays you well because you're incompetent and can only program "opensource" software that nobody wants to use (probably because it is shit), don't complain.
Wait, didn't you say 99% of opensource fans don't share their code?
Oh, so you can pay for privacy? If Google was to tell you to pay $100 monthly for privacy, will you do so?
Open source is not always about code.
$ninja edit
@GIANT_CRAB
Oh, Wow, you really gave it hard to me. Me impressed.
Try again when you have more to offer than ad hominem attacks and when you've understood some basics.
Like, for instance, 1 mio developers (of different quality levels) is certainly "many". But on the other hand 1 mio is just 1% of 100 mio open software users.
The simple fact is that many complaints and demands (like in this case here) are basically just "I expect you developers to invest your know-how, experience, and time to provide free (no cost) software to me while I'm not willing to invest anything - not even some $".
And most of those complainers simply want to save the cost for their current software.
"Oh but security provided by open source" you say? Bullshit! Most users do never look at the source code. That's why OpenSSL had multiple desasters. The "1000 eyes" principle is but another hype.
Finally, why are so many eager to have Virtkick for free while they were evidently not willing to contribute at least some money?
The day Virtkick were cheaper than the commercial closed source products you are using now would be the day when people ran to get Virtkick.
More like we just want what we were initially "sold" and that was free. No more no less. If it was a paid product from the start it'd be different. Just expectations.
I understand that although it's still basically what I just described. But from what they've told and from what other guys report it seems they did not rip off anyone but they payed back contributors who desired so.
Edit: Just seen. A decisive "not" missing in "did not rip off". Apologies for that stupid mistake.
The code is still (and will always be?) open source and licensed under the Apache license, everyone is allowed to fork the code, remove all the VirtKick branding and use it as they wish. We could even create a LET collaborated fork.
Not all the code, only a part.
Naw, OpenSSL had a thousand eyes or more looking at it's codebase. It's just that culturally, the project hindered security matters. It hindered concern of old code. Why? Backwards compatibility.
Thousand eyes works. Would the world have even known about heartbleed if there wasn't someone looking?
Then we'd have to find something else. :P
I'm sure this new concept will attract a lot of "summer hosts". All they have to do is spin up a couple dedicated servers, run the installer and connect the hypervisors to the panel. They don't need to handle the billing and panel upgrades but lose 15% of their profit. At the end of the summer they just disconnect the hypervisors and leave with the profit.
[OOT]
I prefer donated my money to NTP
http://www.informationweek.com/it-life/ntps-fate-hinges-on-father-time/d/d-id/1319432
i was testing virtkick for alomost a month from now on and i just can say that the whole product is just bull**** and full of bugs. The support is friendly but not really able to help. Just getting the same answere all the time "We are working on it, It should be working etc etc etc." in conclusion, the product is just not running smooth, especially not on production.
Beside that all informations are stored in the USA with Amazon AWS. Why not hand over my/your data directly to the NSA??? thats sooooo...
if you really want to host your own cloud go OpenStack! its more complex but its working stable!
Nothing that takes 15% profit should be used in production, it makes as much sense as buying extra SolusVM licenses for my pets...
soooo muchhhhhh nneeerecccroooo
I intentionally gave this a while to settle and calm down.
Pardon my french but that's BS or religious dogma.
The sad fact is that openssl failed even on the modest 4 eyes principle. The guy supposed to check the code of the student who massacred heartbleed did not check the code (or lousily failed to see the problem) - and we're talking about a PhD at a university here.
If even the minimum security net of "1 experienced guy checks all code fragments before entering them into the code base" lousily failed how would anyone reasonably continue to believe in the 1000 eyes fairy tale?
There is some ugly truth about foss that most simple prefer to blissfully ignore: Time and knowledge are the very factor upon which economy rests. All of who get paid for our work in the end get payed for those two factors in one form or another.
A lawyer lacking legal knowledge and experience will not be payed, simple as that. A doctor lacking knowledge will not be payed, simple as that. An architect lacking knowledge will not be payed, simple as that.
Tell me the difference between them and a software developer. All of them need lots of knowledge (and hence expensive education) and all of them provide a service that could be roughly summarized as putting their knowledge at some clients service for some time.
Would you ask a lawyer for free "open source" advice? Hardly. Would you ask a surgeon to perform an "open source" operation for free? Hardly. And if you did they would laugh at you before showing you the door.
Of course, some lawyers and doctors do some free pro bono work - but there is no right to it; they do it with good intentions but everyone understands that that is like a gift that they friendly enough give.
So, how come so many are deeply convinced that software should be free and that not-free software is evil and to be avoided and that developers working only for money are greedy bastards?
I already hinted at it: Most of your foss heroes do not work for free! They are well payed by large organisations or corporations. I will spare you the question what the motivation of intel and many others might be; maybe, just maybe, it's not because otherwise greeds purely profit driven corporation suddenly turned into nice fairies.
I have given away code for more than 2 decades for free. I also have been helping quite many people for free. Not much different from the lawyer or the doctor who does some limited work for free for a good cause.
But there is a simple yet very ugly "but": If I gave away all or a major part of my work for free I would live under a bridge and not even have a computer anymore.
Another important point is this: You have NO rights whatsoever, NONE regarding my foss code. I may or may not correct bugs or provide docu or help you out using it. You do not even have the right to expect that the code works and doesn't go berserk on your system. And pretty every foss license states that clearly.
If you pay me then you have a right to expect that my software works as specified, that it's reliable, that I correct eventual bugs, that I take time to help you, that I implement features you need.
Now let's have a look at the reality.
We have no secure OS. We have virtually no secure libraries, no secure servers, not even actually widely useable languages allowing and supporting to create good quality and secure software.
Hence there is hardly ever a week in which not some ten million user data sets and/or email adresses or credit card numbers are stolen. Heck, even the crown jewels of security, openssl, is known and proven to not be secure!
THAT is what you get for free.
Now, call me asshole if that calms you but do yourself a favour and wake up and see the bloody reality.
That's uhh... certainly one perspective
It was mine anyway. Experience tells that sometimes a distance of some days is helpful regarding "hot" issues.
Unfortunately, it's fairly trivial for an incompetent developer to get paid. Demand is high, supply is relatively low. This isn't really comparable to doctors, architects and lawyers - in particular because all of those fields require certification to some degree, and software development doesn't.
Because software != the work put into it. You're conflating the two concepts here. And no, that doesn't mean that all work put into it is necessarily paid either.
Except this has fuck-all to do with open-source or free (as in beer) software, and the proprietary/paid software world is in an equally bad shape, potentially even worse.
The reality is that the lack of secure options doesn't have anything to do with whether people get paid for their work or not. It has to do with the lack of repercussions when things aren't secure.
bullshit. Open-Source it's business model. Reward beneficiary in open-source always developers. This is not customer oriented model. It's model oriented for receiving profit for only developers and people who can use this work for development purposes only. It's not about classic business models, or profit from selling copies, it's new era of new business models which much more effective because of very big client base (thx to freebies).
VirtKick did really big mistakes and critical fails from the start. I guess sometime soon we will see +- the same panel features but which will be called RealHit Inc.
I'm sorry, what was your LET name again?
You are right to a large degree. But foss has muddied the waters and made everything worse.
And most importantly one has at least the right to demand certain parameter to be met by paid software. True, it is hardly done, but that doesn't change the principle. From foss developers, however, one can not demand anything.
About the only positive factor/advantage of foss is transparency; one can see and one can change (and particularly repair) foss code. In cryptology, for instance, that is of immense value. But one must also note that very much of that is done in academic institutions with public money and hence one can demand both quality and foss.
There is particularly one point I want to stress: Most of the major foss projects are actually done, at least to a large degree, as well as under de facto control of people who are payed by their companies to do that. This brings three major points with it, namely a) the corp can play the nice guy, 2) the corp gins much know-how and insight, and 3) the corp has no responsability whatsoever.
windows driver, for instance, are typically part of the product package - linux drivers, however, are not, they are part of the (foss) distro. So, while it's actually rarely done, one could sue a company if it shipped lousy windows drivers. if that same companies linux drivers where rotten, though, one would not have that right.
Kindly note that I do not say that all foss is shitty - it isn't; usually it about the same (rather lousy) quality commercial software offers. What I say is that one can not demand anything whatsoever from foss.
If, for example you as a provider used a foss panel and client management and your system were cracked and all of your clients data stolen, one could sue you but you could neither sue the foss provider nor - and that is important - could you reasonably and credibly state that you made plausible and adequate efforts to protect those data.
In other words: It would be you who would lose everything.
If that same software were commercial you could demand certain quality levels and/or the assurance thereof. Plus the mere fact that you did pay for it would be in your favour in the legal system (I don't say it's good; I merely state how it is).
Summary: I do not say that foss is bad or shitty. What I say is that its's not only good and nice and heavens and that there are disadvantages, too. And I say that commercial software is not per se evil or bad.
I'd like to see a more realistic and balanced perspective and I'd like to stop hearing all those fairy tales like the "100= eyes" blabla.
I don't see how. All data I've seen suggests that it's made things better, even if they are not at the point where they should be, yet.
Sure you can. It just generally requires a service contract. This is unrelated to it being FOSS.
No, there are many more advantages. Lack of lock-in, better reliability due to projects benefiting from the shared experience of a large community, and so on.
Under what law? Under Dutch consumer law, for example, the company would likely be liable in both cases - including the case where they don't supply Linux drivers at all. But as you already suggested, nobody actually pursues this.
Again: this is not necessarily applicable, and isn't really related to "FOSS". Service contracts, etc. Not to mention that software providers disclaim liability regardless of whether you pay for the software or not, and this can generally be upheld.
Under what law/conditions? And how would a service contract not fall under this? This sounds a lot like armchair lawyering.
There very well may be, but you haven't mentioned any valid ones. You're misdirecting your complaints at "FOSS" when what you really mean is "software you didn't get a commercial contract for".
Yet your perspective is misdirected. Yes, the idea that "open-source is automatically more secure because everybody can inspect it" is nonsense - however, this idea is largely rooted in a misunderstanding of the principle.
The actual benefit is that "open-source can be more secure because everybody can inspect it". There's a higher "ceiling", so to say.
OpenBSD is supposedly considerably more secure than most OSs but it is not a secure OS.
And even if it were, one also needs libraries, servers, compilers, aso.
@joepie91
Those are largely perspective games. Sure, one can differentiate as much as one wants but that doesn't bring us forward.
Let me offer a tangible example: If I divide the playground into 3 groups, namely commercial, academic and foss, then there are mainly 1.5 contributors to more reliable and secure software of any kind: commercial and academia.
I count academia only 50% because the major part of progress there doesn't end up as foss but rather companies created by the academicians as soon as their publicly financed projects bear fruits.
It might surprise (it certainly did surprise me) but the single most important contributor to realiable and safe software today is? Guess. It microsoft!
eff, linux and related, openbsd, etc are all far back. It's microsoft that created the most attractive backend (z3), the first easy to use kind-of-C compiler (integrated into visualstudio), an actually useable languable with good security properties (dafny), and quite some more. Usually they do it together with academic institutions into whom they pump lots of money.
Which also is the pivot word. Money. There you have it again.
So, looking at the very source of more secure tools, academia, we find it not once but twice: Money is the motivation. The game is always the same. Young pre- or postdocs doing publicly funded research (read: that should be foss!), giving away a couple of early versions, usually in an unusable state, and then either working for microsoft research (-> money) or creating a small company to sell an actually useable version of their stuff (-> money).
Or look at ssl. The best lib is embedtls, which is dual licensed (gpl poisoned), the second best is libressl and the holy 1000 eyes foss gpl cow openssl is the worst.
Which leads us to another point, actually 2. One: The BSD universe is different. Most of the old school foss guys are there. Those are people who do it for the love of it, interest, conviction, and who did the same long before the first line of linux was written. And who are not at all religious.
Two: gpl, which makes up the largest part of foss, is a religious sect - and it is not free. Quite the contrary. It's just the currency that's different. gpl is poison; gpl is the price you pay and it's a very high price because it deeply cuts into your freedom. Typically in the gpl universe you find religious sect types.