Ranjeet Walunj

February 12, 2009

Argument: Is open source software secure enough ?

I’ve heard this argument by many microsoft/closed source technology evangelist that Open Source softwares are not secure enough.

And any one can easily find the flaw in the software and use it for his benefit.

This week there was an argument on slashdot about the same.

According to the Linus’s Law, “given enough eyeballs, all bugs are shallow”. More formally: “Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone.” — this rule was formulated by ESR (Eric S. Raymond).

Open Source due to its very own nature of revealing all catches attention of all users/hackers/programmers across the world using that software. (Pls Note: Hackers always have good intentions.)

The source code is validated by many learned people and if any flaw is found it is quickly reported and fixed.
If a certain OSS is subject to vulnerability continuously then it looses its charm and people quickly migrate to more secure alternatives.
(For example: Most of the new installations of mail servers are based on qmail/postfix rather than Sendmail)

In case of closed source (for e.g. windows) it takes long time to report flaw and much longer to fix it.

I dont hate microsoft, infact i use windows XP for most of my day job and happy with it. But I feel much flexibility with my linux. Most importantly if something is going wrong I know where to check and what could be the reasons. (syslogs are also great friend)

But talking about security NO OSS is less secure than any closed source software just because it is open in nature or for that matter any other reason.

Lots of learned independent developers/testers/reviewers have gone through the codes/designs/outcomes of the OSS and have contributed to the security threats/bugs/potential problems.

Collective intelligence (worldwide) is always superior to a closed group of people.

As someone suggested it is easy to experience than arguing over this.

Best is to deploy for yourself and run weekly penetrative testing to see the possible results.

There is no security from stupid actions of users/administrators, however assuming security by obfuscation/closed source is nothing bu stupidity.

I’ve been personally using OSS for years now and absolutely happy with the way it has helped me in learning things.

Advertisements

August 22, 2008

Drizzle: A Lightweight SQL Database for Cloud and Web

I’ve been using MySQL since Dec-1999, and so far its been a wonderful database which works perfect for most of the Online (Web) Applications.
Few days ago when I was going through scale-our strategies for mysql and lightweight mysql discussions, I came across ‘Drizzle’.

Drizzle is a High-Performance Microkernel DBMS for Scale-Out Applications.
Drizzle is a community-driven project based on the popular MySQL DBMS that is focused on MySQL’s original goals of ease-of-use, reliability and performance.

The Drizzle project is building a database optimized for Cloud and Net applications.
It is being designed for massive concurrency on modern multi-cpu/core architecture.
The code is originally derived from MySQL.

Monty Taylor is one of the programmer of ‘Drizzle’ who works as a Senior Consultant with MySQL.
He specializes in HA solutions and MySQL cluster.  MySQL HA

More information about drizzle can be obtained from
Project details — http://launchpad.net/drizzle
Wiki — http://drizzle.wikia.com/

The project is focused on making a database that is:
1) Reliable
2) Fast and scalable on modern architecture
3) Simply design for ease of installation and management

Certainly it is looking a great database for highly scalable internet applications.

Monty was looking out for contributions to Drizzle’s i18n efforts.

I’ve taken up the Marathi Translation bit and it appears difficult than I thought initially.

Its difficult to find Marathi words for few of the database related terms.
However I’ve been trying and will try to finish as many translations as possible.

My office colleague vijay commented on my translations -saying- Marathi used by me is difficult and not used in regular use.
I’ll try to use more generic marathi words to make it look simple.

I want to contribute back to Open Source in some or other way.

Have already started giving support (Mostly free) for OpenX (AdServing platform), Apache (Webserver), MySQL,  scaling and performance tuning web applications, helping users from community.

Create a free website or blog at WordPress.com.