Author Topic: Commercial product source code  (Read 25533 times)

0 Members and 1 Guest are viewing this topic.

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: Commercial product source code
« Reply #100 on: May 03, 2014, 09:09:31 pm »
what's really weird is that you have your XP PC still connected to the internet  >:D
its not weird to maintain a stable and practical OS. its not weird if its not data sensitive or server PC. its not weird when there are 3rd party security softwares supporting it. whats weird is humanity embracing darwinism novelties.

Not to count licensed software that is tied to my motherboard/OS for a piece of software that is no longer supported but I paid a lot for it, so I have to keep this system going (Accusoft's Visiquest) also I have others tied into this system that I could transfer to a different system but I rather stick with this one for the time being.

 

Offline Richard Crowley

  • Super Contributor
  • ***
  • Posts: 4310
  • Country: us
  • KE7GKP
Re: Commercial product source code
« Reply #101 on: May 03, 2014, 09:17:19 pm »
I have several computers used for different things (audio editing, video, editing, graphics, circuit/PC design, etc.).
But most of them are NEVER connected to the public internet because I don't need reference to the outside world to do the particular job.
Of course, sometimes application programs are updated, etc. I don't believe in slavishly "updating" software unless it provides some benefit TO ME.
If I need to update something, I will download the code on my internet-connected machine and then "sneaker-net" the USB flash drive over to the protected PC.
I would be VERY wary about connecting an XP system to the public internet since MS discontinued support.
 

Offline jaxbird

  • Frequent Contributor
  • **
  • Posts: 767
  • Country: 00
Re: Commercial product source code
« Reply #102 on: May 03, 2014, 10:09:31 pm »
I have several computers used for different things (audio editing, video, editing, graphics, circuit/PC design, etc.).
But most of them are NEVER connected to the public internet because I don't need reference to the outside world to do the particular job.
Of course, sometimes application programs are updated, etc. I don't believe in slavishly "updating" software unless it provides some benefit TO ME.
If I need to update something, I will download the code on my internet-connected machine and then "sneaker-net" the USB flash drive over to the protected PC.
I would be VERY wary about connecting an XP system to the public internet since MS discontinued support.

I think you might have mistakenly posted this in the wrong forum. I might be mistaken, but I fail to see any relevance to the subject being discussed.

BTW: MS is still updating XP even they said it would be the end of it. (but no guarantees for how long)

Analog Discovery Projects: http://www.thestuffmade.com
Youtube random project videos: https://www.youtube.com/user/TheStuffMade
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: Commercial product source code
« Reply #103 on: May 04, 2014, 02:27:18 am »
I think you might have mistakenly posted this in the wrong forum. I might be mistaken, but I fail to see any relevance to the subject being discussed.

BTW: MS is still updating XP even they said it would be the end of it. (but no guarantees for how long)
He didn't post on the wrong forum, he was replying to me having still XP, well I'm not too worried about the security of my systems.
I do prefer windows 7 by all means, just have a system stuck with XP because of an expensive license for a product that is not supported, so, that will be my XP machine until I don't need that software anymore. I guess since I have a license I could download and install a cracked version but no reason to do so.
 

Offline HackedFridgeMagnet

  • Super Contributor
  • ***
  • Posts: 1938
  • Country: au
Re: Commercial product source code
« Reply #104 on: May 04, 2014, 04:40:05 am »
Quote
Thanks, yeah, most people don't realize how much work goes into writing a single line of production worthy code.
Easy to think if you know a bit of programming you can easily do 1000s of lines of code a day, but that will change once you need to get every single line of code reviewed.
And knowing everything you write will be included in your yearly review, where the bottom x% gets the pink slip:D
So yeah, production code quality is by definition much higher quality than open source.

So no, production code quality is not by definition much higher quality than open source.  FTFY.

How can production quality code be better if it is written by people who cant apply logic correctly to an argument?

Your logic assumes a few things that clearly are not correct.
    One is that every production house does things the same formalised way as you.
    Another is that no open source projects do apply quality controls to the same degree as you specified.
    Another is that the quality controls you specified equate to higher quality code.

Maybe I am being pedantic but I am guessing that is the nature of high quality production code. So it should be second nature to you.
I agree that more reviewing and more care helps create better coding but to paint all OSS as lower quality than commercial source code is a crock of shit.

There are probably better ways of measuring code quality,including things such as
what the user thinks of the code.
the complexity of what the codes does.
bug/issues currently open.
new bug/issue rate.
test coverage.
etc etc but you get the picture.


I think these are so much more important than just a code review. In the heartbeat bug the code was actually reviewed and signed off on.
And the vice president signing off, well that would be a joke in some companies.

@Jaxbird. I am not saying that there is anything wrong with your companies methodology just that your argument is flawed.
I am also fairly certain that if you say your company produces top quality code then I am sure it does.
It's just that I have seen such crap come out of big and small companies with all the QA in the world that I don't believe a corporate culture actually produces code as good as the top OSS projects.


And here is the one that gets me.
Quote
And yeah, 3rd party libraries, not allowed unless full source available, and full source passes the same security standards required for internally produced code. Any exception requires director level management approval.

We should trust your companies code even though it is almost certainly closed source?
HYPOCRISY writ large.


 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: Commercial product source code
« Reply #105 on: May 04, 2014, 05:07:42 am »

And here is the one that gets me.
Quote
And yeah, 3rd party libraries, not allowed unless full source available, and full source passes the same security standards required for internally produced code. Any exception requires director level management approval.

We should trust your companies code even though it is almost certainly closed source?
HYPOCRISY writ large.

Source is always available from 3rd party libraries (at a price that is)

I bet if you want to pay 100 times more for a gadget so you get source (that you are under NDA not to disclose or to compete against the authors) then sure :)

 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: Commercial product source code
« Reply #106 on: May 04, 2014, 05:32:58 am »
It actually gets even more complicated than that.

Nothing stops me from creating an open source library but being the author I can choose to make the library or a custom version that is heavily gated, available for commercial licensing. The clients that purchased the commercial license are not bound by the open source license at all.

Offering one license, doesn't exclude you from having other licenses available.
 

Offline Dinsdale

  • Regular Contributor
  • *
  • Posts: 77
  • Country: us
    • pretzelogic
Re: Commercial product source code
« Reply #107 on: May 04, 2014, 07:58:11 pm »
Quote
So yeah, production code quality is by definition much higher quality than open source.
http://finance.yahoo.com/news/coverity-scan-report-finds-open-130700038.html
This can't be happening.
 

Offline vvanders

  • Regular Contributor
  • *
  • Posts: 124
Re: Commercial product source code
« Reply #108 on: May 05, 2014, 02:04:44 am »
@Jaxbird. I am not saying that there is anything wrong with your companies methodology just that your argument is flawed.
I am also fairly certain that if you say your company produces top quality code then I am sure it does.
It's just that I have seen such crap come out of big and small companies with all the QA in the world that I don't believe a corporate culture actually produces code as good as the top OSS projects.

If you're comparing top open source projects with all the commercial code out there then of course you're going to find large disparities.

Let me ask you this, how many open source QA people do you see out there? Most people enjoy writing code rather than testing it.

I've spent most of my career working between a mix of open and closed source. Generally widely used open source code is decent if not good. However I've used plenty of broken, poorly written open source libraries as well, some of which I've had to gut almost completely to get an sort of meaningful performance or resource management up the the level required for production.
 

Offline HackedFridgeMagnet

  • Super Contributor
  • ***
  • Posts: 1938
  • Country: au
Re: Commercial product source code
« Reply #109 on: May 05, 2014, 05:19:38 am »
Quote
Let me ask you this, how many open source QA people do you see out there? Most people enjoy writing code rather than testing it.
Yes I think that is a very strong point in favour of commercial software. Especially in the early release phase.

Quote
However I've used plenty of broken, poorly written open source libraries as well, some of which I've had to gut almost completely to get an sort of meaningful performance or resource management up the the level required for production.
Yes I can see what you mean.

Quote
If you're comparing top open source projects with all the commercial code out there then of course you're going to find large disparities.
I guess it would be fairer to consider the top open source software with the top commercial software.  Anyone got contenders for each?
I assume neither Altium nor Kicad qualify.  ;)
 

Offline Mechatrommer

  • Super Contributor
  • ***
  • Posts: 9204
  • Country: my
  • reassessing directives...
Re: Commercial product source code
« Reply #110 on: May 05, 2014, 11:35:51 am »
how do you compare open source with a closed sourced? its closed right? and do we need to inspect all the irrelevant paperworks as well? and being approved by the people of management (aka the people in power) i believe naturally, for open source it will first came out broken, and then got reviewed and fixed later on by volunteers. its the same process imho except it usually take some while for those volunteers to chime in, not like profit money based hurry up professionals. and i believe these paperworks and beaurocrates in corporation are what makes bugs fixes take some while to be published, this probably be its drawback.
if something can select, how cant it be intelligent? if something is intelligent, how cant it exist?
 

Offline mrflibble

  • Super Contributor
  • ***
  • Posts: 1947
  • Country: nl
Re: Commercial product source code
« Reply #111 on: May 05, 2014, 01:13:42 pm »
how do you compare open source with a closed sourced? its closed right?

Presumably by being given access to said source under an NDA for the purpose of it being scanned.
 

Offline Mechatrommer

  • Super Contributor
  • ***
  • Posts: 9204
  • Country: my
  • reassessing directives...
Re: Commercial product source code
« Reply #112 on: May 05, 2014, 01:38:06 pm »
scanned what? by eye, by the said mumbo jumbo analysis tool? or by scanner? :P
if something can select, how cant it be intelligent? if something is intelligent, how cant it exist?
 

Offline HackedFridgeMagnet

  • Super Contributor
  • ***
  • Posts: 1938
  • Country: au
Re: Commercial product source code
« Reply #113 on: May 05, 2014, 02:13:01 pm »
Sorry wasn't talking about comparing the source. Though it would be nice. As the original poster asked.

Just comparing the software. There are plenty of metrics people can use to do this without seeing the source.
Obviously impossible to be objective but still people have a good idea of what is going on underneath by the way the software performs.

Windows vs Linux.
Firefox vs Chrome, Safari and IE.
IOS vs Android
GCC vs IAR
Apache vs IIS
MySql vs Oracle, SQLServer
Visual Studio, XCode vs Eclipse, Netbeans ...

Anyway its clear to me that neither is winning in all cases, so it must be possible to produce industry leading code under either regime.

 

Offline mrflibble

  • Super Contributor
  • ***
  • Posts: 1947
  • Country: nl
Re: Commercial product source code
« Reply #114 on: May 05, 2014, 03:02:59 pm »
scanned what? by eye, by the said mumbo jumbo analysis tool? or by scanner? :P

"For this latest Coverity Scan Report, the company analyzed code from more than 750 open source C/C++ projects as well as an anonymous sample of enterprise projects."

http://www.zdnet.com/coverity-finds-open-source-software-quality-better-than-proprietary-code-7000028514/

That was mainly to answer the "omg it's closed, however shall it be scanned?" question. Simply, by the owner of that code making it available for scanning. Or more likely by spending $$$ for the license and run it locally on that proprietary code. And probably then upload those metrics, under whatever usage agreement I didn't take the time to find out about. :P
 

Offline jaxbird

  • Frequent Contributor
  • **
  • Posts: 767
  • Country: 00
Re: Commercial product source code
« Reply #115 on: May 05, 2014, 05:58:36 pm »
Quote
Thanks, yeah, most people don't realize how much work goes into writing a single line of production worthy code.
Easy to think if you know a bit of programming you can easily do 1000s of lines of code a day, but that will change once you need to get every single line of code reviewed.
And knowing everything you write will be included in your yearly review, where the bottom x% gets the pink slip:D
So yeah, production code quality is by definition much higher quality than open source.

So no, production code quality is not by definition much higher quality than open source.  FTFY.

How can production quality code be better if it is written by people who cant apply logic correctly to an argument?

Your logic assumes a few things that clearly are not correct.
    One is that every production house does things the same formalised way as you.
    Another is that no open source projects do apply quality controls to the same degree as you specified.
    Another is that the quality controls you specified equate to higher quality code.

Maybe I am being pedantic but I am guessing that is the nature of high quality production code. So it should be second nature to you.
I agree that more reviewing and more care helps create better coding but to paint all OSS as lower quality than commercial source code is a crock of shit.

There are probably better ways of measuring code quality,including things such as
what the user thinks of the code.
the complexity of what the codes does.
bug/issues currently open.
new bug/issue rate.
test coverage.
etc etc but you get the picture.


I think these are so much more important than just a code review. In the heartbeat bug the code was actually reviewed and signed off on.
And the vice president signing off, well that would be a joke in some companies.

@Jaxbird. I am not saying that there is anything wrong with your companies methodology just that your argument is flawed.
I am also fairly certain that if you say your company produces top quality code then I am sure it does.
It's just that I have seen such crap come out of big and small companies with all the QA in the world that I don't believe a corporate culture actually produces code as good as the top OSS projects.


And here is the one that gets me.
Quote
And yeah, 3rd party libraries, not allowed unless full source available, and full source passes the same security standards required for internally produced code. Any exception requires director level management approval.

We should trust your companies code even though it is almost certainly closed source?
HYPOCRISY writ large.

My previous post is just a rough description of how the largest software companies in the world deal with quality control. There are many details I have not covered, such as detailed workflows etc (not trying to publish a whitepaper), but trust me, the largest companies do everything within their power to produce the highest quality code possible for a release. And they usually make sure to hire/acquire leading subject area experts in the fields they are working. Both theoretical and practical experts.

Once you get close to a release, things are tightened up even more. A lot of fear of regression bugs making it into the code, usually you have a ship room manned by senior lead developers, architects, general managers, leading subject area experts and sometimes even marketing people. Their job is to triage all incoming requests for features/changes/bug fixes and decide what will be included and what will postponed to next version/patch etc.

Personally, with these very large companies, I've spent time both on the floor doing development, but also leading teams and coaching developers, plus numerous long hour days in ship rooms leading multiple teams of developers.

Sure the very large companies might not have the initial motivation and spirit of a few guys getting together on an open source project. Instead they run things more like a factory, it's important not to rely on too many individuals, so part of the HR teams job is to make sure they always have someone else to take over if a key employee decides to leave. (if you are in a senior/lead whatever position, it's quite normal that you must maintain an updated list of who are most qualified to take over your position) But there is still room for creativity as long as it passes all the reviews.

In my experience, except for the open source stuff done purely by corporations anyway, such as Android, Chrome, many Linux dists etc. you don't generally have this level of quality control in open source projects.

Of course the production quality from smaller companies can be much lower, as it's often driven by a single (or a few) "know it all/my shit doesn't smell" developers who've been key to a product since it was created. This is very typical, and the quality they produce is usually much lower.

Analog Discovery Projects: http://www.thestuffmade.com
Youtube random project videos: https://www.youtube.com/user/TheStuffMade
 

Offline jaxbird

  • Frequent Contributor
  • **
  • Posts: 767
  • Country: 00
Re: Commercial product source code
« Reply #116 on: May 05, 2014, 06:18:40 pm »
I think you might have mistakenly posted this in the wrong forum. I might be mistaken, but I fail to see any relevance to the subject being discussed.

BTW: MS is still updating XP even they said it would be the end of it. (but no guarantees for how long)
He didn't post on the wrong forum, he was replying to me having still XP, well I'm not too worried about the security of my systems.
I do prefer windows 7 by all means, just have a system stuck with XP because of an expensive license for a product that is not supported, so, that will be my XP machine until I don't need that software anymore. I guess since I have a license I could download and install a cracked version but no reason to do so.

My bad  ::) apologies..

Fully understand, MS just want to pressure all their enterprise customers still on XP after the Vista failure to switch to Windows 7 or 8.

But I understand lots of legacy (but still used in production) hardware requires XP to function. I guess last resort is just to cut it from any internet connection and keep a backup image of the OS.

If you have access to Technet you can still download all versions of Windows back to the old 16bit v3.1 or something like that :D

Analog Discovery Projects: http://www.thestuffmade.com
Youtube random project videos: https://www.youtube.com/user/TheStuffMade
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: Commercial product source code
« Reply #117 on: May 06, 2014, 12:03:37 am »
Of course the production quality from smaller companies can be much lower, as it's often driven by a single (or a few) "know it all/my shit doesn't smell" developers who've been key to a product since it was created. This is very typical, and the quality they produce is usually much lower.
^this

If they lump those into commercial source then by all means close source is more broken than open source.

Same with large open source projects, if big companies depend on it, they pay their employees to maintain the open source projects, bringing the quality higher than your average open source project.
 

Online hamster_nz

  • Super Contributor
  • ***
  • Posts: 2133
  • Country: nz
Re: Commercial product source code
« Reply #118 on: May 06, 2014, 05:35:31 am »
Code quality has so many dimensions that it is hard to assess without knowing the constraints that the original authors were working under... budget, timeline, speed, maintainability, performance, manpower, changing requirements. SOmetimes a person operating alone can acheive things in a night that would take a large company a year.

However, I think some people have are just able write better code than others...
Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.
 

Offline Rigby

  • Super Contributor
  • ***
  • Posts: 1476
  • Country: us
  • Learning, very new at this. Righteous Asshole, too
Re: Commercial product source code
« Reply #119 on: May 06, 2014, 12:48:46 pm »
Code quality has so many dimensions that it is hard to assess without knowing the constraints that the original authors were working under... budget, timeline, speed, maintainability, performance, manpower, changing requirements. SOmetimes a person operating alone can acheive things in a night that would take a large company a year.

However, I think some people have are just able write better code than others...

Yep.  People fill open source development roles, and people fill commercial development roles.  The code quality depends almost entirely on the skill of the programmer(s) involved and any restrictions placed on them.  software development is the same as anything else in this regard.  Talent counts, and talent is clearly evident in the finished product.  Peer review counts, and can make any really good software into great software.
 

Offline discomike

  • Contributor
  • Posts: 17
  • Country: se
Re: Commercial product source code
« Reply #120 on: May 06, 2014, 09:43:01 pm »
Sorry for this blatant self promotion but if you're interested in looking at some automotive code I recently started working at a company releasing an open source (GPL) RTOS and Eclipse based IDE that conforms to the AUTOSAR standard (like POSIX for cars, but waaaay overcomplicated).

Check out http://www.arccore.com/developer/ for access to the repos. We collaborate a lot with academia where the open source concept is appreciated, but also offer commercial licensing and that's how we make our money.


jaxbird: How do you get anything done, you must have worked in aerospace? =)

In automotive standardized concepts regarding functional safety (ISO26262) is just beginning to be deployed, and a lot of people claim it's not needed (mostly those who haven't implemented it yet). One insight I can give you is that quality is not something you can bolt on afterwards with more QA or testing, but a mindset that has to transcend the whole development process.

We see the same in PC software with regards to exploits etc, it's really hard to secure a system when you're reusing the font rendering code for NT 3.51 written without any design considerations on security. Even if you review it how can you "prove" that it reaches some quality goal when it hasn't been designed with that goal in mind.

The only way to "prove" it is by creating some process that you say will lead to your quality goal, and then making sure to follow this process. It's not foolproof, but it's at least something, and much better then some code analysis tool (not saying you can't use those as part of the process).
« Last Edit: April 18, 2015, 08:30:36 pm by discomike »
 

Offline vvanders

  • Regular Contributor
  • *
  • Posts: 124
Re: Commercial product source code
« Reply #121 on: May 07, 2014, 01:20:46 am »
...
jaxbird: How do you get anything done, you must have worked in aerospace? =)
..
Perhaps but that type of process is pretty standard across the board at the big software shops. Microsoft, Amazon and Google all follow these practices as does quite a few other places that I've worked at.
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: Commercial product source code
« Reply #122 on: May 07, 2014, 01:44:04 am »
...
jaxbird: How do you get anything done, you must have worked in aerospace? =)
..
Perhaps but that type of process is pretty standard across the board at the big software shops. Microsoft, Amazon and Google all follow these practices as does quite a few other places that I've worked at.

An ex coworker of mine used to work for Aerospace and now works for Nasa. We got lucky to get him in between jobs and he is brilliant in physics. They are way more strict than that.

What jaxbird mentions is not even close to that kind of scrutiny and very standard like vvanders mentions.
 

Offline westfw

  • Super Contributor
  • ***
  • Posts: 3066
  • Country: us
Re: Commercial product source code
« Reply #123 on: May 07, 2014, 07:00:34 am »
Quote
The code quality depends almost entirely on the skill of the programmer(s) involved and any restrictions placed on them
Quote
Quote
that type of process is pretty standard across the board at the big software shops.
"big" software shops have additional problems just based on the size of their code and the number of people that they have contributing.  Their "heavy" processes barely manage to compensate :-(  (no one thinks that Microsoft/etc ends up producing "nearly perfect" code as a result of these processes, right?)

And you'd be surprised how much software comes from places that are NOT "big software shops."

And EVERYONE has trouble finding good QA engineers.  They're a rare breed, unfortunately.  (Although there seem to quite a lot of people who will CLAIM to be QA experts, implement a bunch of things that the developers find distasteful and ineffective while holding up deployment of fixes AND new features (don't forget that a missing feature is a bug, too), eventually resulting in attempts at completely new development models that will magically keep developers content AND improve quality AND reduced time-to-market...  Sigh.  This is HARD STUFF.)

(There was that Ariane 5 failure, which you can more-or-less attribute to various "standard" edicts aimed at IMPROVING SW quality:
1) thou shalt write the code in Ada!
   (ok, so we write fortran-like code in Ada.)
   (except for the exception mechanism.  oops.)
2) thou shalt minimize thy changes!
   (so we'll redefine "int32" to be a 16bit integer, which means MANY fewer lines of code than changing all those "int32" variable definitions to "int16".  So the code doesn't read like what it does; we minimized changes!)
3) Reuse proven code!
   (sure, even if it's inappropriate and in fact not needed any more.)
(Unfortunately, I'm not finding my link to the video that showed/explained some of these errors.  Sigh.))

 

Offline chicken

  • Regular Contributor
  • *
  • Posts: 221
  • Country: us
  • Rusty Coder
Re: Commercial product source code
« Reply #124 on: May 08, 2014, 06:14:21 pm »
Long read, but very apropos to this discussion:
http://stilldrinking.org/programming-sucks

 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf