Debugging in OSS Always Faster 297
dex@ruunat writes "Damien Challet and Yann Le Du of the University of Oxford studied a model of software bug dynamics, which resulted in a paper on cond-mat this morning. In this paper they study the difference in evolution of number of bugs in open and closed source projects. They conclude: 'When the program is written from scratch, the first phase of development is characterized by a fast decline of the number of bugs, followed by a slow phase where most bugs have been fixed, hence, are hard to find'. Another, perhaps surprising conclusion is that debugging in open source projects is always faster than in closed source projects."
Possible explanation? (Score:4, Interesting)
Re:Possible explanation? (Score:4, Insightful)
Re:Possible explanation? (Score:5, Insightful)
Re:Possible explanation? (Score:3, Insightful)
If the testers have some general coding and OS knowledge, they can help determine the fix before sending off an issue. It doesn't really matter whether the code is publicly available or not. Testers for non-open source projects can have access to the code as well. The code isn't usually kept in a vault with armed guards protecting it, you know. It is more a matter of having knowledgable and studious tester
Re:Possible explanation? (Score:2)
Re:Possible explanation? (Score:4, Funny)
graspee
Re:Possible explanation? (Score:3, Funny)
Well, as they say, hindsight is 20/20.
The "many eyes" myth (Score:5, Insightful)
Many eyes can. How many actually do? Unless you're talking about the really big projects, probably very few indeed -- one, I suspect, in many cases.
It's not fair to cite mainstream developments like Linux or Mozilla as the way all open source is any more than it's fair to cite Microsoft's history on things like security and reliability as the way all closed source is.
Re:The "many eyes" myth (Score:3, Interesting)
Re:The "many eyes" myth (Score:3, Informative)
Dispite the fact that the topic of this article is stupid I would have to disagree with your claim that the "many eyes" statement about OSS is a myth. I run a medium sized OSS project and only a very select few have ever contributed any worthwhile code but what is usefull is that occationally someone finds something genuinely important. A bug. A simple code c
To quote Gene Spafford... (Score:5, Insightful)
I went to a speech by Gene Spafford here a few years ago, when the subject of Linux code quality versus other systems (especially MS) came up. Someone mentioned Eric Raymond's "Thousand Eyeballs" theory, that more people looking at the code ensured better quality.
Spaff responded "that does no good if those thousand eyeballs are looking at things like networking your toaster instead of quality and security".
I don't think this point is emphasized enough. It's not enough that lots of people are looking at the code. You need lot's of people with training, expierience, and an eye for problems to look at the code. He pointed out that one of the biggest problems in development is that while people can learn C from a book, and even get good at it, they don't learn proper software engineering techniques, philosophies, and debugging skills that way.
In short, simply being open source and having lots of developers isn't a solution in itself.
Re:Possible explanation? (Score:4, Interesting)
What we need is a QUALIT RATING or SECURITY or DESIGN ratings for OSS.
There is too much crap that is accepted as is because it is FREE.
I want QUALITY software, I want to see what footprints the software uses, what info is left where etc (security ratings), I want to see USABILITY (design ratings), good layouts, not like 100 sepereate windows where an MDI type frame with docking would be better (photoshop vs GIMP etc) and so on.
OSS NEEDS this.
Re:Possible explanation? (Score:2)
Commercial software needs those things too. There's the security ratings for Word and Outlook? Where's the usability ratings for IE?
Etc.
Re:Possible explanation? (Score:3, Interesting)
I like the way Photoshop for Mac is done. It's not MDI, because all windows are managed by the WM, but it gives it enough hint
Re:Possible explanation? (Score:3, Insightful)
The gimp could be fixed pretty easily to annoy a lot of people less:
1) Menus across the top of each image window.
The right click to access the main menu is not familiar at all to most people. To fitts law lovers
when gtk supports universal menus, that will work,
currently, it doesn't.
2) The toolbox should not be the master of the universe -
When the last image is closed, the g
Re:Possible explanation? (Score:5, Insightful)
The theory that your best work will be done when the most eyes are watching can also apply. I think we (developers) are all guilty of shoving some nasty code in a project at some time or another under the notion that no one else will ever see it. When the whole world can look at your work, sometimes those attitudes change.
Re:Possible explanation? (Score:5, Insightful)
Your "untold number of eyes" is nearly indistinguishable from "0" unless your open source project is widely used. Sure, this may hold for the Linux kernel, or Apache, or even Mozilla, but what about all of the open source projects on SourceForge?
Sounds to me like you're working with an inadequate number of testers, or at least an inadequate unit testing plan for developers. Testers are invaluable because that's all they do -- test code. This frees up the developer to be able to actually write code while not having to sacrifice quality for lack of testing. Sure, it's more expensive to hire both testers and developers, but I'd bet that of your 30 or so developers, you could fire 10 of them and hire 15 testers for the same cost, and still have enough man power for development while increasing your code quality from rigorous testing. (Note: This isn't saying that developers can or should write bad code so long as they have testers. Developers should still aspire to writing quality code, so that the testers can focus on the really heinous parts, and not on trivial bugs or logic errors. But at least with testers and good unit tests, you're less likely to let slip a silly bug.)
That may be true in theory, but it doesn't pan out in practice. In practice, most open source projects will only be seen (code-wise) by the author(s). If you're lucky, you might have two or three active users that will submit bugs or patches, but often that's not the case.
Re:Possible explanation? (Score:5, Interesting)
While this argument does hold merit, I do think you would be surprised at the amount of looking over that utilities get. Ever hear of SDMS? [slashdot.org] Probably not. Not many folks have, I would reckon. I did some work with this project almost two years ago trying to implement PostgreSQL support so our company could use the utility internally. I found a few bugs and sent back patches as well as my changes to incorporate Postgres support. I can't speak as to the bug changes, but some time later Postgres support was added to the project.
This is but one example, but I think it's fair to say that, although "millions and jillions of eyes are looking!!!11!" isn't correct, there are more eyes looking than you would imagine. There are only so many categories of software, and each have a good number of users.
"Sounds to me like you're working with an inadequate number of testers, or at least an inadequate unit testing plan for developers."
At the risk of sounding like an ass, have you or are you now working as a programmer? Testers are a valuable commodity, but are rarely used in the manner that they should be. The company that I work for is a good example, though we're attempting to move in that direction.
Even with that said, this point is generally moot as one can argue that "more heads are better than none."
Re:Possible explanation? (Score:3, Interesting)
Heh. I was reading the source code for XGammon [unibw-hamburg.de] for some random reason a few months ago, and the README said
and later
I sat there for a moment trying to figure out who this Bart Skinner person was: I had done CS at U. Oregon in that time frame, and couldn't remember the name. Finally it came
Re:Possible explanation? (Score:3, Interesting)
For the last year, I've been working as a "Software Analyst". I get bug reports that our setup folks can't solve and I solve them. This often requires a lot of code hunting. We've got everything from extremely junky Fortran 77 (no whitespace, no variable names over 6 characters -- and Fortran at that) for our lega
Re:Possible explanation? (Score:2, Informative)
Your "untold number of eyes" is nearly indistinguishable from "0" unless your open source project is widely used.
In other words, he is no worse off writing open-source software than closed-source. Most closed-source software is only checked over by one person, the one who wrote the software. At least with open-source there is the potential that other poeple will get involved with the project, with closed-source there is no potential.
Sounds to me like you're working with an inadequate number of test
Re:Possible explanation? (Score:2)
And how did you come to that conclusion?
Re:Possible explanation? (Score:2)
Osty, you're exactly right. Sometimes we just have to make do. The few of us decent programmers hope for a day when the management gets the stones to get rid of the dead weight. My company is like many others : keeping your job is
Re:Possible explanation? (Score:2)
As soon as it gets used, it gets seen, which is not true for even popular closed source material.
I once programmed against libgnet 0.2. This library was (at least back then) so obscure that only two websites from google had the (fairly lacking) HTMLized API docs
Re:Possible explanation? (Score:3, Insightful)
This sort of code hording is impossible in OSS, and it's a shame. It's well known in literary circles that the more eyes that grace a page, editorially, the more likely you'll be to have a coherent and gramatically correct work. Code is no different IMO.
Of course,
Re:Possible explanation? (Score:2)
Ego problem != closed source problem! (Score:3, Insightful)
It should be impossible in a sensibly run closed source project as well. If you have a development team whose egos are such that they can't stand criticism and claim unique ownership, you are on the absolute lowes
Re:Possible explanation? (Score:2)
Those are, precisely, the bugs escaping the first phase the article writer talks about.
Programmers are humans too and get bored. First passes of debugging are done more or less deeply, but unconsciously the following passes can't catch so much attention from the programmers, no matter how hard they try.
In closed source, bringing new programmers not involved from the beginning is outrageou
Re:Possible explanation? (Score:5, Interesting)
I see code that's very carefully analyzed first, thoroughly commented, thoughtfully indented, module, class, and variable names, though generally longer, they make sense. People go out of their way to be elegant.
I think that Peer Review is probably MORE important to overall quality of the end product, than developer experience. That's just my opinion, but after living the chaos that was a non-peer reviewed environment for 10 years, the attitudes, etc. there's really a huge difference.
It's even better if the Review team reserves the right, by convention, to give the presenter a wedgie if they don't like their code.
Re:Possible explanation? (Score:3, Interesting)
Besides, you'd be surprised how many commercial libs out there are based on OSS. Like all the zlib variants. Or all the MP3 decoders, etc...
The difference is more of a "reputation" is at stake in OSS. You can't just half-ass write something that works most of the time when your name is all over it.
Of the few software firms I've worked in most of the software developers are in the mindset "if the program runs and doesn't crash, its all good" which leads to horribly incomplete poorly f
Re:Possible explanation? (Score:5, Funny)
Well, looking at most OSS projects, you can do that as long as
1) No-one else has done it yet.
2) You mention in the source that this is a "half-ass hack that I threw together to make something work"
Re:Possible explanation? (Score:4, Insightful)
1. In general, there are more users of closed source software, so bugs may be discovered at a faster rate. With limited development resources, the greater number of bugs take longer to fix.
2. Users of open source software tend to be more programmer-minded. They find bugs and fix them themselves, since they have access to the source code. Everyone fixing their own bugs leads to faster debugging times.
3. In larger companies, development and test typically are two distinct groups. There is an inherent lag in this that leads to slower response time in removing bugs. Open source software is developed and tested by the same core, ususally small group. Since the same people develop and test, they are more likely to find the bugs in their own code and fix them quicker.
Just some observations, and I am sure there are other reasons. I'm sure the results of the study are a combination of many factors.
Re:Possible explanation? (Score:2)
In other news ... (Score:5, Funny)
Re:In other news ... (Score:2)
Faster to debug? (Score:2, Interesting)
--
Getting too much pr0n? [porn-free.org]
Re:Faster to debug? (Score:2)
Re:Faster to debug? (Score:2, Informative)
(Also, ask all of your contributors to send patches in your style. If you are the main coder for a project, that is an easy thing to handle. If you are part of a team, have the team code in a particular style. Doesn't matter which one, as long as you guys are consistant.)
Re:Faster to debug? (Score:2, Interesting)
While I [as I suppose many OSS developers] try to write good code, all too many end users [often other developers] will simply plomp a library in and use it.
How many times can you honestly say you verified the source for vorbis/ogg or zlib or e
Re: verified for correctness (Score:2)
Re:Faster to debug? (Score:2)
they are assuming, like most other users, that
the code is correct and if not; someone will
file a bug resport about that fact.
They are confident of the fact that this report
establish; The open code contains fewer bugs.
Look at lifecycle (Score:2, Interesting)
I know when I work on open source, if something is really ugly and needs to be replaced, I do. In a close source world thats often considered too risky and old unmaintainable code hangs around forever.
Not very impressed (Score:5, Insightful)
Maybe most OSS projects are easier to debug because of lack of features, or smaller scope, etc.
What percentage of OSS projects, on say sourceforge.net, have a version number 1.0? (and are "widely" used). The first one that comes to my mind is MythTV and/or FreeVo. I can't speak of freevo, but mythtv (while being impressive) is still very bug ridden and has been out for over a year.
Another factor is the user group, of course. With OSS I imagine the kernel gets more bugs submitted by users than mythtv, just because the users aren't so much code hackers... they just want to use it.
The one rule in the software engineering is that there are no rules.
Re:Not very impressed (Score:3, Funny)
The one rule in the software engineering is that there are no rules.
YOU FOOL! Your paradox has just ripped a hole in the space time continum! Now the planets will collapse upon themselves, destroying the entire universe. We will all enter a parrallel dimension the size of a pin tac. it will be very cold. jerk
Re:Not very impressed (Score:4, Insightful)
While I applaud all the people trying to propose alternative explanations for their findings -- if you read the paper, there are no findings.
They have a statistical model that shows that "release early, release often" will cause bugs to be fixed faster, all things being equal, and that a handful of projects (Linux, Mozilla) have scaling behavior that fits their model. That's all.
Re:Not very impressed (Score:2)
As for the second, release often.... technically the most current source is always released due to CVS, it would be impossible for closed source to compete with this. And a closed source project cannot release as fast as an open one, I can release a new version o
but I thought... (Score:5, Funny)
I thought the first rule in software engineering was "you don't talk about software engineering."
Re:Not very impressed (Score:3, Insightful)
I'd say that projects saying their development status is at 5 - Production/Stable [sourceforge.net] would be a better comparison.
Looking through the first couple pages I see phpMyAdmin, Gaim, BitTorrent, and NTFS support for Linux. I'm sure there's more widely used apps there, but I either don't know them, or didn't want to look through all the pages.
Re:Not very impressed (Score:2)
And that's what every company I've ever worked for has tried to do. Because it's integrated, package d solutions that mak
Re:Not very impressed (Score:4, Flamebait)
This is false. An urban myth. Something that people like to say to make themselves sound more knowledgeable than they really are. The reality is that statistics is a mathematical field and it is as rigorous as any other mathematical field.
The real problem is that people think they understand statistics when they do not. They will claim "statistics say blah" when the statistics say nothing of the sort. The non-mathematical audience blames the statistics instead of their own ignorance.
Re:Not very impressed (Score:5, Insightful)
This is false. An urban myth. Something that people like to say to make themselves sound more knowledgeable than they really are. The reality is that statistics is a mathematical field and it is as rigorous as any other mathematical field.
Thank you for correcting my misunderstanding on this. I have always naively assumed that the raw data selected for analysis was somewhat important. In the future, I shall never doubt the result of those benchmarks I see reported as long as the numbers are correctly calculated using appropriate statistical formulae.
Faster debugging in Open Source (Score:5, Insightful)
I don't buy it. Many open source projects (ACE/TAO, Mozilla) for instance have large customer bases using non-current versions, and presumably finding bugs. Sure, if you only want to fix the bug in the released version, its faster, but it's not like closed source vendors don't have the source code to their previous release to debug with.
Sure debugging is faster if you always make everyone upgrade to the latest version before filing a bug report. Good luck getting mass acceptance with that.
Re:Faster debugging in Open Source (Score:4, Insightful)
I think that the most debugging benefit that open source provides is that knowledgeable users sometimes do all the work for you...
Re:Faster debugging in Open Source (Score:3, Insightful)
It's also possible that you get can and apply a patch that solves your problem. I've d
bug reports (Score:4, Insightful)
I'd imagine that one of the most difficult parts of debugging for a large OSS project is dealing with the deluge [mozilla.org] of bug reports.
I thought this was agreed on .... (Score:2, Insightful)
I thought that this was the one pro OSS argument that was the least argued; release early and often (since the only way to simulate all the different conditions your software will encounter in the outside world
This is also based on the fact (?) that the hardest part about squashing bugs is finding them
Is this actually controvers
Models? (Score:2, Offtopic)
We introduce a model of software bug dynamics where users, programmers and maintainers interact through a given program. When the program is written from scratch, the first phase of development is characterized by a fast decline of the number of bugs, followed by a slow phase where most bugs have been fixed, hence, are hard to find. For a given set of parameters, debugging in open source projects is always faster than in closed source projects. Finally, we determine qualitative lowers
Mediocre Propoganda at Best, A Joke at Worse (Score:5, Insightful)
This was a paper written for a class on statistics. It was not a rigorous study. Their findings are based on a lot of assumptions. They have a very small sample set--they only test their model on Linux, fetchmail, and Mozilla. Many people, including myself, consider these the cream of the crop so far as OSS goes.
Before you praise it, I urge you to actually read the paper. Don't be intimidated by it--FUD is FUD, even if it's mixed with a heavy does of greek letters and charts.
Re:Mediocre Propoganda at Best, A Joke at Worse (Score:2, Funny)
Mod parent and grandparent and great-grandparent down.
Also, mod parents children down.
Also, mod great-great-grandparents great-great-granddaughters down.
Also, say up unto them verily, that the mod of the parent will be cast down the generations to be a mod on the children, and on the children's children, and on the children's children's chilluns.
And also, mod down the nephews of the parents of the sibilings of the grandparent for though they be trolls or flaimbait, they
Re:Mediocre Propoganda at Best, A Joke at Worse (Score:4, Interesting)
Re:Mediocre Propoganda at Best, A Joke at Worse (Score:2, Insightful)
I agree that Mozilla and the Linux kernel are very good pieces of software--I use them each for many hours each day. I don't have a problem with them: I have a problem with using only three projects has a sample size. They're attempting to make a precise model to describe
Mythical Man Month Myths (Score:3, Insightful)
You have seriously misread The Mythical Man Month, to the point of absurdity. The Mythical Man Month does emphatically not claim that more people can't do any more then fewer people.
What it says is that programmers are not interchangable, and as a result, adding program
Of course debugging is easier... (Score:5, Insightful)
Frankly this is why I try to stick to open source software when I do development work. Hell of a lot easier to figure out how something works when you've got code and direct access to the developers via a mailing list.
Re:Of course debugging is easier... (Score:3, Informative)
Just this week we've had a major problem with one of our customers: IE is continuously crashing (an internal IE problem). It doesn't help that the customer isn't very good at giving us detailed information about who it happens to when, but what makes it even worse is the cryptic nature of t
Absolutely false!!! (Score:2)
(
Trust me on this, I'm in this situation every day.
Easy explanation (Score:5, Funny)
If you've got open sores, you're going to want to get bugs off of them as quickly as possible. You're also going to notice sooner because it's still bleeding. If you've got closed sores, you might not notice flies buzzing around them near so quickly.
Microsoft Refutes Oxford Researchers' Conclusions (Score:4, Funny)
ESR says... (Score:4, Interesting)
1) With enough eyeballs, all bugs are shallow - someone will know the answer, or stimulate the person who does.
2) Users provide better bug reports including line numbers, decent config information, possibly even patches.
To which you can add number 3 and 4 of my own devising:
3) The kind of people who write and use OSS care about security and stability (often to an extreme) and so think that bug fixes are essential not a nice-to-have.
4) Closed source developes have to deal with management and merketing wienies - it's a wonder they even get buggy code out the door.
Re:ESR says... (Score:2)
3) The people writing OSS don't have to deal with #4, which makes security and stability a more achievable goal.
(I can't argue with the reality of CS being often less secure and less stable - that is just 4) makes it so)
Re: ESR says... (Score:3, Informative)
> 1) With enough eyeballs, all bugs are shallow - someone will know the answer, or stimulate the person who does.
> 2) Users provide better bug reports including line numbers, decent config information, possibly even patches.
As a part of these phenomena there is the direct interaction between the user and the hacker. A nobody like me can post a problem to the LKML and get a reply from than Alan Cox suggesting things to try that will give him more information about the bug. Or can post something to
old practices (Score:3, Insightful)
It is important to shield the developers from telephone calls and visits from the customer, because otherwise the developers will get nothing done, not necessarily because they have no time (time_in_day - time_dealing_with_customers may still be large), but because they are constantly being interrupted.
As long as the developer has discipline and the customer realizes that the answers won't be instant, though, there can be great v
Bogus assumptions (Score:5, Insightful)
all the users use the modified code at time t + 1 and report bugs exclusively on the updated code.This assumes that all the users update their software at every release.
This is completely bogus. Not every user is going to update immediately. In fact, the larger the company is the less likely this is due to their desire to qualify new software. This means as Open Source gets more popular with big companies, the more bogus this assumption is.
The paper also mentions nothing about QA efforts or beta sites on closed source, which are typically on the "immediately updated" products.
I'm not going to argue whether oss is better/worse than closed, but I heavily doubt this paper proves anything other than if you make lots of assumptions you can prove whatever you want.
Re:Bogus assumptions (Score:2)
Silly Story (Score:2)
Re: Silly Story (Score:2)
> Give a random developer 200,000 lines of code he's never seen. Ask him to find a bug. Odds are he'll have lots of trouble doing so. When he's finished, will it make any difference if you tell him that the code was open or closed source? A big project is a big project, period.
Most bugs are found by using the software rather than by reading its code.
The debugging difference between OSS and CSS is (mostly) only interesting in terms of what happens after the bug is found.
Weak (Score:2, Insightful)
Programming Style (Score:3, Interesting)
cond-mat? (Score:2)
Thats because (Score:3, Funny)
Thats because in closed source projects you have to dis-assemble the binary first!
Always ? (Score:5, Insightful)
Re:Always ? (Score:2)
There were some errors in this paper (Score:2)
Seems reasonable to me (Score:5, Interesting)
During development the closed source software will only be used by the developers, and in general the developers are not like their end users and may have little interest in actually using the software they have been payed to write. For open source however the software is likely to be available to users from a very early stage and the developers are likely to be active users of the software as well. It would be very surprising if the bugs were not squashed faster.
Once the software is released closed source has the problem that bugs will only be fixed if the producer sees profit in it. Major security bugs will be fixed "relatively" quickly, as they might impact future sales otherwise, but with closed source the producer may not fix known non-security critical bugs if they don't feel like it, and no one else can.
There is also a problem with bug reporting in the closed source world. Who actually reports closed source non-security critical bugs? There isn't a lot of incentive since they may not be fixed anyway and if they are the fix will likely just go into then next version (that could be a year or two away) and you will have to pay for. Also the fraction of the users that do not have a licenced copy are unlikely to report bugs.
Whatever the merits of this particular study's methodology the results are just plain common sense anyway.
its the documentation! (Score:5, Insightful)
Companies like Microsoft need to introduce policies to create the same effect. Code reviews and extreme programming are good examples. They often degenerate into either a rubber stamp or a grudge match between different interpretations of Hungarian Notation.
Finding fixed bugs (Score:2)
Their "model of iraqi WMD dynamics" is eagerly awaited.
Drink the kool-aid... (Score:2, Interesting)
"Always" is the tip-off (Score:2)
Except when written in Ada (Score:2, Interesting)
I have a c++ (unmanaged) project to get done. (Score:5, Informative)
I then boot to Linux and port my code. I've been writing portable code for half a decade, so I know what I'm doing, more or less. But, I can get more work done with Visual Studio, faster.
In case it makes a difference to your perception, I write end user apps, sometimes with heavy graphics requirements and GUI frontends.
Due to the nature of my work, I can't rely on masses to test everything before I ship.
Re:Who's surprised? (Score:3, Funny)
Ah yes, because we all know that Windows is, in fact, the only closed software in existence.
Re:Who's surprised? (Score:5, Funny)
The very concept fills me with dread.
Re:Who's surprised? (Score:2, Interesting)
Re:Who's surprised? (Score:2)
Is that a euphamism for BSODs?
Re:Who's surprised? (Score:2)
Shit! I've mispelled a word on Slashdot. I'll burn in hell for sure.
Nice troll... (Score:2)
Re:Who's surprised? (Score:2)
Re:suprising? (Score:2, Interesting)
1. Closed-source projects are often have a more structured process for development, along the lines of CMM, ISO 9001, established methodologies, etc. Things like CMM and ISO 9001 are assumed to result in higher quality (I seriously dispute that, but its the widely held assumption).
2. Many closed-source projects have customers with support contracts. Many open-source developers are not bound by such contracts and are not forced to fix bugs. It is assumed that su
Re:suprising? (Score:2)
Re:If it's so fast (Score:2)
The original statement of "Always" is of course compeltely false. There is no such thing as "Always". In my personal experience with using such things as wxWindows etc, I find that debugging an app as a whole goes a lot SLOWER than when using something like MFC because wxWindows itself contains so many bugs that I am frequently debuggint IT instead of my own code. (BTW, MFC and MS's LIBC come with source, so debugging through it is pretty easy, compared to compeltely closed source)
Overa
Re:Debugging Software (Score:2, Interesting)