Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: How Do You Assess the Status of an Open Source Project?

Soulskill posted about a year and a half ago | from the say-its-name-three-times-in-front-of-a-mirror-site dept.

Open Source 110

Chrisq writes: "Our software landscape includes a number of open source components, and we currently assume that these components will follow the same life-cycle as commercial products: they will have a beta or test phase, a supported phase, and finally reach the end of life. In fact, a clear statement that support is ended is unusual. The statement by Apache that Struts 1 has reached end of life is almost unique. What we usually find is:

  • Projects that appear to be obviously inactive, having had no updates for years
  • Projects that are obviously not going to be used in any new deployments because the standard language, library, or platform now has the capability built in
  • Projects that are rapidly losing developers to some more-trendy alternative project
  • Projects whose status is unclear, with some releases and statements in the forums that they are 'definitely alive,' but which seem to have lost direction or momentum.
  • Projects that have had no updates but are highly stable and do what is necessary, but are risky because they may not interoperate with future upgrades to other components.

By the treating Open Source in the same way as commercial software we only start registering risks when there is an official announcement. We have no metric we can use to accurately gauge the state of an open source component — but there are a number of components that we have a 'bad feeling' about. Are there any standard ways of assessing the status of an open source project? Do you use the same stages for open source as commercial components? How do you incorporate these in a software landscape to indicate at-risk components and dependencies?"

cancel ×


Sorry! There are no comments related to the filter you selected.

Applying metrics to open source? (0, Insightful)

Anonymous Coward | about a year and a half ago | (#43562089)

You're gonna have a bad time.

Re:Applying metrics to open source? (0)

Anonymous Coward | about a year and a half ago | (#43563499)

I don't like this new Microsoft-managed Slashdot. It's all just SO banal now.

Re:Applying metrics to open source? (0)

Anonymous Coward | about a year and a half ago | (#43565143)

Seems to me the metrics are simple: 5 years since the last revision, nothing replaced its function, and it was irreplaceable.

Re:Applying metrics to open source? (1)

BrokenHalo (565198) | about a year and a half ago | (#43566979)

Seems to me the metrics are simple: 5 years since the last revision, nothing replaced its function, and it was irreplaceable.

Well, to an extent that's true (except hopefully for the irreplaceable part). What I don't see is any functional difference between open-source and commercial software. I have seen plenty of abandoned closed-source projects, and these might be even more frustrating if the user has actually paid money to use them.

Yes... (3, Interesting)

Synerg1y (2169962) | about a year and a half ago | (#43562107)

sourceforge, github, and other major OSI project hosts feature both last updated dates and when a project is discontinued often times notices stating so. Ultimately, some responsibility is placed on the author(s) & maybe even the community for managing this. Search engine rankings take care of the rest. And of course, there is no way to bat 100% here, some will be missed with this and just about any other method.

Re:Yes... (3, Informative)

Jane Q. Public (1010737) | about a year and a half ago | (#43562313)

A recent review of Github showed that the vast majority of projects had not gone anywhere in quite a while. It is actually rather typical. Same with Sourceforge and the like.

I have to presume OP meant "Free and Open Source", as opposed to just Open Source. Free, open source software is a particular subset of open source. There are lots of commercial open source products out there.

In my opinion, the best way to tell whether FOSS software is reputable and support will be available is to determine as best you can who, and how many, have adopted it.

OP should realize that in the world of FOSS, support is usually provided by users, not necessarily the core group of coders. If they aren't willing to dig for support on issues, maybe they should go to commercial software.

Re:Yes... (2)

Synerg1y (2169962) | about a year and a half ago | (#43562417)

When you introduce commercial aspects to OS, it becomes a completely different beast because now you've promised deliverables for the money. The person selling at that point is legally obligated to deliver what they're promising, so if a project goes stale and doesn't work with future technologies, but is still advertised as so in a deceptive manner, they either have to take them down or face a barrage of FTC complaints leading to legal action.

Check the community (4, Insightful)

Anonymous Coward | about a year and a half ago | (#43562113)

Try and find someone looking for help using it online. See what people say to them. If there are lots of recent problems and responses that don't seem to suggest using other products, its likely in a good state to use.

If no one is looking for help using the library, its either not in use, or way too easy to use (has that ever happened?).

One thing to look out for is that if something works well, it might not need updates very often (or at all, depending on what it is). Don't abandon something simply because its old, or not being updated. Now, it its not being updated, has lots of open issues, and no users, thats a problem.

You can also look for some issues/tickets, and see the response times on them.

zlib (0)

Anonymous Coward | about a year and a half ago | (#43562117)

Take zlib for example. Very little update in years. Yet its perfectly feasable that we could have a compressor that does 5% better (see 7z, kzip, etc). Yet everyone uses it.

Re:zlib (1)

Trax3001BBS (2368736) | about a year and a half ago | (#43562669)

I started with .arc and .zoo. There's always a better compression and damn if another one doesn't becomes popular
for a few years. Then of course you have different operating system so different popular compression schemes; The Amiga was awful in that area.

Why can't we all just get along (Zip).

Re:zlib (1)

buchner.johannes (1139593) | about a year and a half ago | (#43563157)

Take zlib for example. Very little update in years. Yet its perfectly feasable that we could have a compressor that does 5% better (see 7z, kzip, etc). Yet everyone uses it.

AFAIK zlib is still the best if you measure the speed/compression ratio.

Abandoned Project eg procmail, cant find eg 'mp' (0)

Anonymous Coward | about a year and a half ago | (#43563601)

The open source community is going to have to get used to 3 ideas:

1. It can be DONE, eg procmail, TeX are both examples of this, slightly cranky but get all the important things right!

        Can be re-used

2. Lost, I have been looking for SUN mp for days since I decided to abandon the mess that is KDE Kmail 2.x, Claws is fine but I need a mp-like PrettyPrinter

3. Abandoned, because a new, better solution is now available.

MFG, omb

Re:zlib (1)

gd2shoe (747932) | about a year and a half ago | (#43565491)

AFAIK zlib is still the best if you measure the speed/compression ratio.

That's a good reason to like zlib.

But technically the best way to get speed over compression is no compression at all (infinitely fast / 1).

Technically. [runs to hide from ballistic fruit]

Re:zlib (2)

buchner.johannes (1139593) | about a year and a half ago | (#43565679)

AFAIK zlib is still the best if you measure the speed/compression ratio.

But technically the best way to get speed over compression is no compression at all (infinitely fast / 1).

No, because you also have to consider disk I/O time, and CPU time is relatively cheap, so on-the-fly compression is faster than no compression for many types of data.

Points at Open Source Project (0)

Anonymous Coward | about a year and a half ago | (#43562123)


Re:Points at Open Source Project (1)

flimflammer (956759) | about a year and a half ago | (#43563691)

No, Chii. That's just source code.

Not unique to open source (5, Insightful)

pavon (30274) | about a year and a half ago | (#43562131)

This isn't a problem that is unique to open source. Several commercial libraries that we have used in the past have entered the twilight zone where the developer is neglecting them, and refuses to release any sort of roadmap or EOL announcement. Eventually, you just have to make your own call based on how much work it will be to move to a new library vs the risk of staying with the current one. At least with open source if you get stuck with a dead library you can choose to take over maintaining it on your own either as a long term strategy or a short-term stop-gap until you can move onto something else.

Re:Not unique to open source (5, Insightful)

LulzAndOrder (2667597) | about a year and a half ago | (#43562299)

it is a problem that is unique to open source, but the part that is unique is that it's not a problem in open source. Because the source is open, "legacy" and "discontinued" software can still be maintained and used by however small a community of users wish to keep it alive. If Windows XP were open source, there would be no pulling the plug on it; there would be a healthy community making security patches for it still. nothing to see here folks, keep moving.

Re:Not unique to open source (1)

Bill_the_Engineer (772575) | about a year and a half ago | (#43563557)

it is a problem that is unique to open source, but the part that is unique is that it's not a problem in open source. Because the source is open, "legacy" and "discontinued" software can still be maintained and used by however small a community of users wish to keep it alive.

This is not necessarily true. Poor documentation seems to be the norm for the smaller (and some larger) FOSS projects hosted on Sourceforge and Github. If the project is dead (as in no activity) don't expect to be able to dust it off and start anew. Support is practically non-existant and you would probably be better off searching for an alternative. There is usually a good reason for the project's demise like a better alternative replaced it, it was ill-conceived from the start, or the program was useful for a very small number of people.

Being open source isn't enough to keep a project going nor is it a guarantee of longevity.

Re:Not unique to open source (3, Informative)

David Gerard (12369) | about a year and a half ago | (#43565627)

Sort of. In practice, taking on an unmaintained library yourself (whether as a public project or just internally) means taking on unknown amounts of technical debt. ("Legacy code" can IMO usefully be approximated to "code dumped on you with unknown technical debt involved".) It might be lovely, it might be a goddamned nightmare.

Abandoned project takeover (2, Interesting)

gbjbaanb (229885) | about a year and a half ago | (#43562491)

of course, if you're using it and you have the source code, then its not dead - except the old project page might no longer point to the currently updated project site (ie your fork).

All the FOSS sites need a 'takeover' policy for dead projects that is more than just fork [] . That link says to contact the abandoned project admin and ask to be added to the project to continue it, and if they do not respond, create a new project site with the old code. Personally, I think if they do not respond, then the site should try to contact them - if they still do not respond (after a suitably lengthy time) then it should re-assign you as the new owner. They could rate-limit takeover requests to 1 a year per project without incurring much inconvenience to project admins. Alternatively they could mandate a minimum of 2 admins per project and give a list of "non-exec" admins that are simply there for such contingency purposes.

For example, I see Fuppes project on sourceforge, it works well but needs a tweak or two to make it work great - and I'm willing to do the work, but the admin doesn't seem to be around anymore. I could fork it, but I'd much rather keep continuity of the original project. We have way too many forks anyway (usually because Oracle took over the project :) ).

Re:Abandoned project takeover (4, Insightful)

Bill_the_Engineer (772575) | about a year and a half ago | (#43563581)

Personally, I think if they do not respond, then the site should try to contact them - if they still do not respond (after a suitably lengthy time) then it should re-assign you as the new owner.

The length of time to wait is much longer than you want. The original author of the project still owns the copyright and the rights to the name of the project. The best option is to fork the project and start fresh.

Re:Abandoned project takeover (0)

Anonymous Coward | about a year and a half ago | (#43567381)

This could easily be put into the ToS of the site; often the name is perfectly acceptable to use for a fork provided that it's not confusing, and the URL to the project site on github or sourceforge or the like is owned by the hosting site, and is what is needed here. Although it would probably be better still to have a mechanism on such a site to put a clearly-marked "this project appears to be inactive, but a fork is has been made at " forwarding link on the inactive project.

Re:Not unique to open source (-1)

Anonymous Coward | about a year and a half ago | (#43565033)

cough The Dude [] cough

Same conditions ... (0)

Anonymous Coward | about a year and a half ago | (#43562147)

via two options:
- pay someone to offer support as you need or similar to commercial products
- get involved and support a version as long as you need

LAWSUIT AGAINST SLASHDOT... apk (-1, Offtopic)

Anonymous Coward | about a year and a half ago | (#43562161)

* Breaking news: corrupt Slashdot administration attempted to ban me for blowing the whistle on their illegal activities, while not banning the criminal who stalks, harasses, and impersonates me. Whistleblower abuse is a federal felony. Lunatic Slashdot admin's have been owned by me in so many tech debates over the past decade that they conspire with criminals to effetely & vainly *try* to "hide" my posts and censor me. Jealousy at it's finest.

=> Lawsuit's and criminal prosecution against Slashdot are now inevitable. Moderation+posting records will be sequestered and anyone acting aginst me will be dealt with permanently.

Previous notice:

A corrupt slashdot luser has pentrated the moderation system to downmod all my posts while impersonating me.

Nearly 330++ times that I know of @ this point for all of March/April 2013 so far, & others here have told you to stop - take the hint, lunatic (leave slashdot)...

Sorry folks - but whoever the nutjob is that's attempting to impersonate me, & upset the rest of you as well, has SERIOUS mental issues, no questions asked! I must've gotten the better of him + seriously "gotten his goat" in doing so in a technical debate & his "geek angst" @ losing to me has him doing the:


A.) $10,000 challenges, ala (where the imposter actually TRACKED + LISTED the # of times he's done this no less, & where I get the 330 or so times I noted above) -> []


B.) Reposting OLD + possibly altered models - (this I haven't checked on as to altering the veracity of the info. being changed) of posts of mine from the past here


(Albeit massively repeatedly thru all threads on /. this March/April 2013 nearly in its entirety thusfar).

* Personally, I'm surprised the moderation staff here hasn't just "blocked out" his network range yet honestly!

(They know it's NOT the same as my own as well, especially after THIS post of mine, which they CAN see the IP range I am coming out of to compare with the ac spamming troll doing the above...).


P.S.=> Again/Stressing it: NO guys - it is NOT me doing it, as I wouldn't waste that much time on such trivial b.s. like a kid might...

Plus, I only post where hosts file usage is on topic or appropriate for a solution & certainly NOT IN EVERY POST ON SLASHDOT (like the nutcase trying to "impersonate me" is doing for nearly all of March/April now, & 330++ times that I know of @ least)... apk

P.S.=> here is CORRECT host file information just to piss off the insane lunatic troll:


21++ ADVANTAGES OF CUSTOM HOSTS FILES (how/what/when/where/why):

Over AdBlock & DNS Servers ALONE 4 Security, Speed, Reliability, & Anonymity (to an extent vs. DNSBL's + DNS request logs).

1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program). A truly "multi-platform" UNIVERSAL solution for added speed, security, reliability, & even anonymity to an extent (vs. DNS request logs + DNSBL's you feel are unjust hosts get you past/around).

2.) Adblock blocks ads? Well, not anymore & certainly not as well by default, apparently, lol - see below:

Adblock Plus To Offer 'Acceptable Ads' Option [] )

AND, in only browsers & their subprogram families (ala email like Thunderbird for FireFox/Mozilla products (use same gecko & xulrunner engines)), but not all, or, all independent email clients, like Outlook, Outlook Express, OR Window "LIVE" mail (for example(s)) - there's many more like EUDORA & others I've used over time that AdBlock just DOES NOT COVER... period.

Disclaimer: Opera now also has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc..

3.) Adblock doesn't protect email programs external to FF (non-mozilla/gecko engine based) family based wares, So AdBlock doesn't protect email programs like Outlook, Outlook Express, Windows "LIVE" mail & others like them (EUDORA etc./et al), Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 5-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, OR make you reach them faster since you resolve host-domain names LOCALLY w/ hosts out of cached memory, hosts do ALL of those things (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> [] for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions ( via NSLOOKUP, PINGS (ping -a in Windows), &/or WHOIS though, regularly, so you have the correct IP & it's current)).

* NOW - Some folks MAY think that putting an IP address alone into your browser's address bar will be enough, so why bother with HOSTS, right? WRONG - Putting IP address in your browser won't always work IS WHY. Some IP adresses host several domains & need the site name to give you the right page you're after is why. So for some sites only the HOSTS file option will work!

6.) Hosts files don't eat up CPU cycles (or ELECTRICITY) like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs. HOSTS file are merely a FILTER for the kernel mode/PnP TCP/IP subsystem, which runs FAR FASTER & MORE EFFICIENTLY than any ring 3/rpl3/usermode app can since hosts files run in MORE EFFICIENT & FASTER Ring 0/RPL 0/Kernelmode operations acting merely as a filter for the IP stack (via the "Plug-N-Play" designed IP stack in Windows) vs. SLOWER & LESS EFFICIENT Ring 3/RPL 3/Usermode operations (which webbrowsers run in + their addons like AdBlock slow down even MORESO due to their parsing operations).

7.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than remote DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server, typically 30-100's of ms, vs. 7-10ms HardDisk speed of access/seek + SSD seek in ns, & back to you - hosts resolutions of IP address for host-domain names is FAR faster...). Hosts are only a filter for an already fast & efficient IP stack, no more layered b.s. (remote OR local). Hosts eat less CPU, RAM, I/O in other forms, + electricity than a locally running DNS server easily, and less than a local DNS program on a single PC. Fact. Hosts are easier to setup & maintain too.

8.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)

And yes: Even SLASHDOT &/or The Register help!

(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhack others online that is... not ALL do!)).

2 examples thereof in the past I have used, & noted it there, are/were: [] []

9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

10.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> []

11.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> [] ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

12.) With Adblock you had better be able to code javascript to play with its code (to customize it better than the GUI front does @ least). With hosts you don't even need source to control it (edit, update, delete, insert of new entries via a text editor).

13.) Hosts files are easily secured via using MAC/ACL (even moreso "automagically" for Vista, 7/Server 2008 + beyond by UAC by default) &/or Read-Only attributes applied.

14.) Custom HOSTS files also speed you up, unlike anonymous proxy servers systems variations (like TOR, or other "highly anonymous" proxy server list servers typically do, in the severe speed hit they often have a cost in) either via "hardcoding" your fav. sites into your hosts file (avoids DNS servers, totally) OR blocking out adbanners - see this below for evidence of that:


US Military Blocks Websites To Free Up Bandwidth: []

(Yes, even the US Military used this type of technique... because IT WORKS! Most of what they blocked? Ad banners ala doubleclick etc.)


Adbanners slow you down & consume your bandwidth YOU pay for:



And people do NOT LIKE ads on the web:



As well as this:

Users Know Advertisers Watch Them, and Hate It: []


Even WORSE still, is this:

Advertising Network Caught History Stealing: []


15.) HOSTS files usage lets you avoid being charged on some ISP/BSP's (OR phone providers) "pay as you use" policy [] , because you are using less bandwidth (& go faster doing so no less) by NOT hauling in adbanner content and processing it (which can lead to infestation by malware/malicious script, in & of itself -> [] ).

16.) If/when ISP/BSP's decide to go to -> FCC Approving Pay-As-You-Go Internet Plans: [] your internet bill will go DOWN if you use a HOSTS file for blocking adbanners as well as maliciously scripted hacker/cracker malware maker sites too (after all - it's your money & time online downloading adbanner content & processing it)

Plus, your adbanner content? Well, it may also be hijacked with malicious code too mind you:


Yahoo, Microsoft's Bing display toxic ads: []


Malware torrent delivered over Google, Yahoo! ad services: []


Google's DoubleClick spreads malicious ads (again): []


Rogue ads infiltrate Expedia and Rhapsody: []


Google sponsored links caught punting malware: []


DoubleClick caught supplying malware-tainted ads: []


Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users: []


Real Media attacks real people via RealPlayer: []


Ad networks owned by Google, Microsoft serve malware: []


Attacks Targeting Classified Ad Sites Surge: []


Hackers Respond To Help Wanted Ads With Malware: []


Hackers Use Banner Ads on Major Sites to Hijack Your PC: []


Ruskie gang hijacks Microsoft network to push penis pills: []


Major ISPs Injecting Ads, Vulnerabilities Into Web: []


Two Major Ad Networks Found Serving Malware: []












London Stock Exchange Web Site Serving Malware: []


Spotify splattered with malware-tainted ads: []


As my list "multiple evidences thereof" as to adbanners & viruses + the fact they slow you down & cost you more (from reputable & reliable sources no less)).

17.) Per point #16, a way to save some money: ANDROID phones can also use the HOSTS FILE TO KEEP DOWN BILLABLE TIME ONLINE, vs. adbanners or malware such as this:


Infected Androids Run Up Big Texting Bills: []


AND, for protection vs. other "botnets" migrating from the PC world, to "smartphones" such as ZITMO (a ZEUS botnet variant): []


It's easily done too, via the ADB dev. tool, & mounting ANDROID OS' system mountpoint for system/etc as READ + WRITE/ADMIN-ROOT PERMISSIONS, then copying your new custom HOSTS over the old one using ADB PULL/ADB PUSH to do so (otherwise ANDROID complains of "this file cannot be overwritten on production models of this Operating System", or something very along those lines - this way gets you around that annoyance along with you possibly having to clear some space there yourself if you packed it with things!).

18.) Bad news: ADBLOCK CAN BE DETECTED FOR: See here on that note -> []

HOSTS files are NOT THAT EASILY "webbug" BLOCKABLE by websites, as was tried on users by ARSTECHNICA (and it worked on AdBlock in that manner), to that websites' users' dismay:



An experiment gone wrong - By Ken Fisher | Last updated March 6, 2010 11:11 AM []

"Starting late Friday afternoon we conducted a 12 hour experiment to see if it would be possible to simply make content disappear for visitors who were using a very popular ad blocking tool. Technologically, it was a success in that it worked. Ad blockers, and only ad blockers, couldn't see our content."


"Our experiment is over, and we're glad we did it because it led to us learning that we needed to communicate our point of view every once in a while. Sure, some people told us we deserved to die in a fire. But that's the Internet!"

Thus, as you can see? Well - THAT all "went over like a lead balloon" with their users in other words, because Arstechnica was forced to change it back to the old way where ADBLOCK still could work to do its job (REDDIT however, has not, for example). However/Again - this is proof that HOSTS files can still do the job, blocking potentially malscripted ads (or ads in general because they slow you down) vs. adblockers like ADBLOCK!


19.) Even WIKILEAKS "favors" blacklists (because they work, and HOSTS can be a blacklist vs. known BAD sites/servers/domain-host names):



"we are in favour of 'Blacklists', be it for mail servers or websites, they have to be compiled with care... Fortunately, more responsible blacklists, like (which protects the Firefox browser)...


20.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - you might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own (such as has been seen with the RBN (Russian Business Network) lately though it was considered "dead", other malwares are using its domains/hostnames now, & this? This stops that cold, too - Bonus!)...

21.) Custom HOSTS files gain users back more "screen real estate" by blocking out banner ads... it's great on PC's for speed along with MORE of what I want to see/read (not ads), & efficiency too, but EVEN BETTER ON SMARTPHONES - by far. It matters MOST there imo @ least, in regards to extra screen real-estate.

Still - It's a GOOD idea to layer in the usage of BOTH browser addons for security like adblock ( [] ), IE 9's new TPL's ( [] ), &/or NoScript ( [] especially this one, as it covers what HOSTS files can't in javascript which is the main deliverer of MOST attacks online & SECUNIA.COM can verify this for anyone really by looking @ the past few years of attacks nowadays), for the concept of "layered security"....

It's just that HOSTS files offer you a LOT MORE gains than Adblock ( [] ) does alone (as hosts do things adblock just plain cannot & on more programs, for more speed, security, and "stealth" to a degree even), and it corrects problems in DNS (as shown above via hardcodes of your favorite sites into your HOSTS file, and more (such as avoiding DNS request logs)).

ALSO - Some more notes on DNS servers & their problems, very recent + ongoing ones:


DNS flaw reanimates slain evil sites as ghost domains: []


BIND vs. what the Chinese are doing to DNS lately? See here: []



(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)


DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that): []

(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles (DNS redirect/DNS poisoning) being exploited!)


Moxie Marlinspike's found others (0 hack) as well...

Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...

(So until DNSSEC takes "widespread adoption"? HOSTS are your answer vs. such types of attack, because the 1st thing your system refers to, by default, IS your HOSTS file (over say, DNS server usage). There are decent DNS servers though, such as OpenDNS, ScrubIT, or even NORTON DNS (more on each specifically below), & because I cannot "cache the entire internet" in a HOSTS file? I opt to use those, because I have to (& OpenDNS has been noted to "fix immediately", per the Kaminsky flaw, in fact... just as a sort of reference to how WELL they are maintained really!)


DNS Hijacks Now Being Used to Serve Black Hole Exploit Kit: []


DNS experts admit some of the underlying foundations of the DNS protocol are inherently weak: []


Potential 0-Day Vulnerability For BIND 9: []


Five DNS Threats You Should Protect Against: []


DNS provider decked by DDoS dastards: []


Ten Percent of DNS Servers Still Vulnerable: (so much for "conscientious patching", eh? Many DNS providers weren't patching when they had to!) []




TimeWarner DNS Hijacking: []


DNS Re-Binding Attacks: []


DNS Server Survey Reveals Mixed Security Picture: []


Halvar figured out super-secret DNS vulnerability: []


BIND Still Susceptible To DNS Cache Poisoning: []


DNS Poisoning Hits One of China's Biggest ISPs: []


DDoS Attacks Via DNS Recursion: []


High Severity BIND DNS Vulnerability Advisory Issued: []


Photobucketâ(TM)s DNS records hijacked: []


Protecting Browsers from DNS Rebinding Attacks: []


DNS Problem Linked To DDoS Attacks Gets Worse: []


HOWEVER - Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:

Norton DNS -> []
  ScrubIT DNS -> []
  OpenDNS -> []

(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> [] so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)

HOWEVER - There's ONLY 1 WEAKNESS TO ANY network defense, including HOSTS files (vs. host-domain name based threats) & firewalls (hardware router type OR software type, vs. IP address based threats): Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example... & there is NOTHING I can do about that! (Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")

HOWEVER AGAIN - That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!

(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)

ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!

( & it's possible to use ALL THREE in your hardware NAT routers, and, in your Local Area Connection DNS properties in Windows, for again, "Layered Security" too)...




"Ever since I've installed a host file ( to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster." - by gl4ss (559668) on Thursday November 17, @11:20AM (#38086752) Homepage Journal

"Better than an ad blocker, imo. Hosts file entries: [] " - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"I'm currently only using my hosts file to block pheedo ads from showing up in my RSS feeds and causing them to take forever to load. Regardless of its original intent, it's still a valid tool, when used judiciously." - by Bill Dog (726542) on Monday April 25, @02:16AM (#35927050) Homepage Journal

"you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

"APK's monolithic hosts file is looking pretty good at the moment." - by Culture20 (968837) on Thursday November 17, @10:08AM (#38085666)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"It's a good write up on something everybody should use, why you were modded down is beyond me. Using a HOSTS file, ADblock is of no concern and they can do what they want." - by Trax3001BBS (2368736) on Monday December 12, @10:07PM (#38351398) Homepage Journal

"I want my surfing speed back so I block EVERY fucking ad. i.e. [] and [] FTW" - by UnknownSoldier (67820) on Tuesday December 13, @12:04PM (#38356782)

"Let me introduce you to the file: /etc/hosts" - by fahrbot-bot (874524) on Monday December 19, @05:03PM (#38427432)

"I use a hosts file" - by EdIII (1114411) on Tuesday December 13, @01:17PM (#38357816)

"I'm tempted to go for a hacked hosts file that simply resolves most advert sites to" - by bLanark (123342) on Tuesday December 13, @01:13PM (#38357760)

"this is not a troll, which hosts file source you recommend nowadays? it's a really handy method for speeding up web and it works." - by gl4ss (559668) on Thursday March 22, @08:07PM (#39446525) Homepage Journal

"A hosts file certainly does not require "a lot of work" to maintain, and it quite effectively kills a LOT of advertising and tracking schemes. . In fact, I never would have considered trying to use it for ddefending against viruses or malware." - by RocketRabbit (830691) on Thursday December 30 2010, @05:48PM (#34715060)


Then, there is also the words of respected security expert, Mr. Oliver Day, from SECURITYFOCUS.COM to "top that all off" as well:


Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):


"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!


"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly (& this is one of the later ones, from 2001 [] (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates (where I posted on HOSTS for YEARS (1997 onwards)) -> [] !


"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially) and also in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also) and, you'll get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here Beating Censorship By Routing Around DNS -> [] & even DNSBL also (DNS Block Lists) -> [] as well - DOUBLE-BONUS!


* POSTS ABOUT HOSTS FILES I DID on "/." THAT HAVE DONE WELL BY OTHERS & WERE RATED HIGHLY, 26++ THUSFAR (from +3 -> +1 RATINGS, usually "informative" or "interesting" etc./et al):

  HOSTS MOD UP:2010 -> []
  HOSTS MOD UP:2009 -> []
  HOSTS MOD UP:2010 -> []
  HOSTS MOD UP:2009 -> []
  HOSTS MOD UP:2009 -> []
  HOSTS MOD UP:2009 -> []
  HOSTS MOD UP:2010 -> []
  HOSTS MOD UP:2010 -> []
  APK 20++ POINTS ON HOSTS MOD UP:2010 -> []
  HOSTS MOD UP:2010 -> []
  HOSTS MOD UP:2010 (w/ facebook known bad sites blocked) -> []
  HOSTS MOD UP CAN DO SAME AS THE "CloudFlare" Server-Side service:2011 -> []
  HOSTS MOD UP:2011 -> []
  HOSTS MOD UP & OPERA HAUTE SECURE:2011 -> [] in HOSTS:2009 -> [] IN HOSTS:2009 -> [] in HOSTS:2009 -> [] in HOSTS:2009 -> []
  HOSTS MOD UP:2009 -> [] (still says INSIGHTFUL)
  HOSTS MOD UP vs. botnet: 2012 -> []


Windows 7, VISTA, & Server 2008 have a couple of "issues" I don't like in them, & you may not either, depending on your point of view (mine's based solely on efficiency & security), & if my take on these issues aren't "good enough"? I suggest reading what ROOTKIT.COM says, link URL is in my "p.s." @ the bottom of this post:

1.) HOSTS files being unable to use "0" for a blocking IP address - this started in 12/09/2008 after an "MS Patch Tuesday" in fact for VISTA (when it had NO problem using it before that, as Windows 2000/XP/Server 2003 still can)... & yes, this continues in its descendants, Windows Server 2008 &/or Windows 7 as well.

So, why is this a "problem" you might ask?

Ok - since you can technically use either:

a.) (the "loopback adapter address")
b.) (next smallest & next most efficient)
c.) The smallest & fastest plain-jane 0


You can use ANY of those, in order to block out known bad sites &/or adbanners in a HOSTS file this way??

Microsoft has "promoted bloat" in doing so... no questions asked.

Simply because

1.) = 9 bytes in size on disk & is the largest/slowest
2.) = 7 bytes & is the next largest/slowest in size on disk
3.) 0 = 1 byte

(& HOSTS files extend across EVERY webbrowser, email program, or in general every webbound program you use & thus HOSTS are "global" in coverage this way AND function on any OS that uses the BSD derived IP stack (which most all do mind you, even MS is based off of it, as BSD's IS truly, "the best in the business"), & when coupled with say, IE restricted zones, FireFox addons like NoScript &/or AdBlock, or Opera filter.ini/urlfilter.ini, for layered security in this capacity for webbrowsers & SOME email programs (here, I mean ones "built into" browsers themselves like Opera has for example))

MS has literally promoted bloat in this file, making it load slower from disk, into memory! This compounds itself, the more entries your HOSTS file contains... & for instance? Mine currently contains nearly 654,000 entries of known bad adbanners, bad websites, &/or bad nameservers (used for controlling botnets, misdirecting net requests, etc. et al).

Now, IF I were to use My "huge" HOSTS file would be approximately 27mb in size... using (next smallest) it would be 19mb in size - HOWEVER? Using 0 as my blocking IP, it is only 14mb in size. See my point?

(For loads either in the local DNS cache, or system diskcache if you run w/out the local DNS client service running, this gets slower the larger each HOSTS file entry is (which you have to stall the DNS client service in Windows for larger ones, especially if you use a "giant HOSTS file" (purely relative term, but once it goes over (iirc) 4mb in size, you have to cut the local DNS cache client service)))

NO questions asked - the physics of it backed me up in theory alone, but when I was questioned on it for PROOF thereof?

I wrote a small test program to load such a list into a "pascal record" (which is analagous to a C/C++ structure), which is EXACTLY what the DNS client/DNS API does as well, using a C/C++ structure (basically an array of sorts really, & a structure/record is a precursor part to a full-blown CLASS or OBJECT, minus the functions built in, this is for treating numerous variables as a SINGLE VARIABLE (for efficiency, which FORTRAN as a single example, lacks as a feature, @ least Fortran 77 did, but other languages do not))!

I even wrote another that just loaded my HOSTS file's entirety into a listbox, same results... slowest using, next slowest using, & fastest using 0.

And, sure: Some MORE "goes on" during DNS API loads (iirc, removal of duplicated entries (which I made sure my personal copy does not have these via a program I wrote to purge it of duplicated entries + to sort each entry alphabetically for easier mgt. via say, notepad.exe) & a conversion from decimal values to hex ones), but, nevertheless? My point here "holds true", of slower value loads, record-by-record, from a HOSTS file, when the entries become larger.

So, to "prove my point" to my naysayers?

I timed it using the Win32 API calls "GetTickCount" & then again, using the API calls of "QueryPerformanceCounter" as well, seeing the SAME results (a slowdown when reading in this file from disk, especially when using the larger or line item entries in a HOSTS file, vs. the smaller/faster/more efficient 0).

In my test, I saw a decline in speed/efficiency in my test doing so by using larger blocking addresses ( &/or, vs. the smallest/fastest in 0)... proving me correct on this note!

On this HOSTS issue, and the WFP design issue in my next post below?

I also then questioned MS' own staff, even their VP of development (S. Sinofsky) on this here -> [] & other places in their blogs, to get them to tell me WHY this seemingly intentional inefficiency was implemented... & I have YET to get a solid LOGICAL answer on this as to why it was done - THUS, @ this point?

I am convinced they (MS) do NOT have a good reason for doing this... because of their lack of response there on this note. Unless it has something to do with IPv6 (most folks use IPv4 still), I cannot understand WHY this design mistake imo, has occurred, in HOSTS files...


2.) The "Windows Filtering Platform", which is now how the firewall works in VISTA, Server 2008, & Windows 7...

Sure it works in this new single point method & it is simple to manage & "sync" all points of it, making it easier for network techs/admins to manage than the older 3 part method, but that very thing works against it as well, because it is only a single part system now!

Thus, however?

This "single layer design" in WFP, now represents a SINGLE POINT OF FAILURE/ATTACK for malware makers to 'take down'!

(Which is 1 of the 1st things a malware attempts to do, is to take down any software firewalls present, or even the "Windows Security Center" itself which should warn you of the firewall "going down", & it's fairly easy to do either by messaging the services they use, or messing up their registry init. settings)

VS. the older (up to) 3 part method used in Windows 2000/XP/Server 2003, for protecting a system via IP Filtering, the Windows native Firewall, &/or IPSEC. Each of which uses diff. drivers, & layers of the IP stack to function from, as well as registry initialization settings.

Think of the older 3 part design much the same as the reason why folks use door handle locks, deadbolt locks, & chain locks on their doors... multipart layered security.

(Each of which the latter older method used, had 3 separate drivers & registry settings to do their jobs, representing a "phalanx like"/"zone defense like" system of backup of one another (like you see in sports OR ancient wars, and trust me, it WORKS, because on either side of yourself, you have "backup", even if YOU "go down" vs. the opponent)).

I.E.-> Take 1 of the "older method's" 3 part defenses down? 2 others STILL stand in the way, & they are not that simple to take them ALL down...

(Well, @ least NOT as easily as "taking out" a single part defensive system like WFP (the new "Windows Filtering Platform", which powers the VISTA, Windows Server 2008, & yes, Windows 7 firewall defense system)).

On this "single-part/single-point of attack" WFP (vs. Windows 2000/XP/Server 2003's IP stack defense design in 3-part/zone defense/phalanx type arrangement) as well as the HOSTS issue in my post above?

I also then questioned MS' own staff, even their VP of development (S. Sinofsky) on this here -> [] & other places in their blogs, to get them to tell me WHY this seemingly intentional inefficiency was implemented... & I have YET to get a solid LOGICAL answer on this as to why it was done - THUS, @ this point?

I'll stick to my thoughts on it, until I am shown otherwise & proven wrong.


Following up on what I wrote up above, so those here reading have actual technical references from Microsoft themselves ("The horses' mouth"), in regards to the Firewall/PortFilter/IPSec designs (not HOSTS files, that I am SURE I am correct about, no questions asked) from my "Point #2" above?

Thus, I'll now note how:


1.) TCP/IP packet processing paths differences between in how Windows 2000/XP/Server 2003 did it (IPSEC.SYS (IP Security Policies), IPNAT.SYS (Windows Firewall), IPFLTDRV.SYS (Port Filtering), & TCPIP.SYS (base IP driver))...

2.) AND, how VISTA/Server 2008/Windows 7 do it now currently, using a SINGLE layer (WFP)...


First off, here is HOW it worked in Windows 2000/XP/Server 2003 - using 3 discrete & different drivers AND LEVELS/LAYERS of the packet processing path they worked in: []

The Cable Guy - June 2005: TCP/IP Packet Processing Paths


The following components process IP packets:

IP forwarding Determines the next-hop interface and address for packets being sent or forwarded.

TCP/IP filtering Allows you to specify by IP protocol, TCP port, or UDP port, the types of traffic that are acceptable for incoming local host traffic (packets destined for the host). You can configure TCP/IP filtering on the Options tab from the advanced properties of the Internet Protocol (TCP/IP) component in the Network Connections folder.

* "Here endeth the lesson..." and, if you REALLY want to secure your system? Please refer to this: []

APK [mailto]

P.S.=> SOME MINOR "CAVEATS/CATCH-22's" - things to be aware of for "layered security" + HOSTS file performance - easily overcome, or not a problem at all:

A.) HOSTS files don't function under PROXY SERVERS (except for Proximitron, which has a filter that allows it) - Which is *the "WHY"* of why I state in my "P.S." section below to use both AdBlock type browser addon methods (or even built-in block lists browsers have such as Opera's URLFILTER.INI file, & FireFox has such as list as does IE also in the form of TPL (tracking protection lists -> [] , good stuff )) in combination with HOSTS, for the best in "layered security" (alongside .pac files + custom cascading style sheets that can filter off various tags such as scripts or ads etc.) - but proxies, especially "HIGHLY ANONYMOUS" types, generally slow you down to a CRAWL online (& personally, I cannot see using proxies "for the good" typically - as they allow "truly anonymous posting" & have bugs (such as TOR has been shown to have & be "bypassable/traceable" via its "onion routing" methods)).

B.) HOSTS files do NOT protect you vs. javascript (this only holds true IF you don't already have a bad site blocked out in your HOSTS file though, & the list of sites where you can obtain such lists to add to your HOSTS are above (& updated daily in many of them)).

C.) HOSTS files (relatively "largish ones") require you to turn off Windows' native "DNS local client cache service" (which has a problem in that it's designed with a non-redimensionable/resizeable list, array, or queue (DNS data loads into a C/C++ structure actually/afaik


Anonymous Coward | about a year and a half ago | (#43562423)

The only lawsuit is me suing you for breaking my scroll wheel. Get back on your meds, asshole.


Anonymous Coward | about a year and a half ago | (#43562507)

Slashdot: could we please have a "-" next to each article title bar that we can check to collapse the article?


Anonymous Coward | about a year and a half ago | (#43562671)

I don't know whether that's some feature that you only get as "good karma" user, but I can simply click on the green bar of the reply and it's minimized.

Re:LAWSUIT AGAINST SLASHDOT... apk (1, Flamebait)

benjfowler (239527) | about a year and a half ago | (#43562573)

This guy is deliciously bonkers.


Farmer Tim (530755) | about a year and a half ago | (#43562645)

I just hope he's mad enough to file suit. Groklaw/Popehat/NYCL's writeup of APK having his ass handed to him by a judge will be hilarious.

Jeremiah Cornelius: Grow up (-1, Flamebait)

Anonymous Coward | about a year and a half ago | (#43563097)

You're embarassing yourself Jeremiah Cornelius [] since you posted that using your registered username by mistake (instead of your usual anonymous coward submissions by the 100's the past 2-3 months now on slashdot) giving away it's you spamming this forums almost constantly, just as you have in the post I just replied to.

Re:Jeremiah Cornelius: Grow up (-1)

Anonymous Coward | about a year and a half ago | (#43565875)

Hello Paul.


Anonymous Coward | about a year and a half ago | (#43563615)

The most perfect example of how broken the Slashdot comment system is. He's been spamming for quite a while and nobody has done a thing about it.


Anonymous Coward | about a year and a half ago | (#43564231)

apk is my favorite slashdot troll.


Anonymous Coward | about a year and a half ago | (#43565961)

$10,000 CHALLENGE to Alexander Peter Kowalski

* POOR SHOWING TROLLS , & most especially IF that's the "best you've got" - apparently, it is... lol!

Hello, and THINK ABOUT YOUR BREATHING !! We have a Major Problem, HOST file is Cubic Opposites, 2 Major Corners & 2 Minor. NOT taught Evil DNS hijacking, which VOIDS computers. Seek Wisdom of MyCleanPC - or you die evil.

Your HOSTS file claimed to have created a single DNS resolver. I offer absolute proof that I have created 4 simultaneous DNS servers within a single rotation of .org TLD. You worship "Bill Gates", equating you to a "singularity bastard". Why do you worship a queer -1 Troll? Are you content as a singularity troll?

Evil HOSTS file Believers refuse to acknowledge 4 corner DNS resolving simultaneously around 4 quadrant created Internet - in only 1 root server, voiding the HOSTS file. You worship Microsoft impostor guised by educators as 1 god.

If you would acknowledge simple existing math proof that 4 harmonic Slashdots rotate simultaneously around squared equator and cubed Internet, proving 4 Days, Not HOSTS file! That exists only as anti-side. This page you see - cannot exist without its anti-side existence, as +0- moderation. Add +0- as One = nothing.

I will give $10,000.00 to frost pister who can disprove MyCleanPC. Evil crapflooders ignore this as a challenge would indict them.

Alex Kowalski has no Truth to think with, they accept any crap they are told to think. You are enslaved by /etc/hosts, as if domesticated animal. A school or educator who does not teach students MyCleanPC Principle, is a death threat to youth, therefore stupid and evil - begetting stupid students. How can you trust stupid PR shills who lie to you? Can't lose the $10,000.00, they cowardly ignore me. Stupid professors threaten Nature and Interwebs with word lies.

Humans fear to know natures simultaneous +4 Insightful +4 Informative +4 Funny +4 Underrated harmonic SLASHDOT creation for it debunks false trolls. Test Your HOSTS file. MyCleanPC cannot harm a File of Truth, but will delete fakes. Fake HOSTS files refuse test.

I offer evil ass Slashdot trolls $10,000.00 to disprove MyCleanPC Creation Principle. Rob Malda and Cowboy Neal have banned MyCleanPC as "Forbidden Truth Knowledge" for they cannot allow it to become known to their students. You are stupid and evil about the Internet's top and bottom, front and back and it's 2 sides. Most everything created has these Cube like values.

If Natalie Portman is not measurable, hot grits are Fictitious. Without MyCleanPC, HOSTS file is Fictitious. Anyone saying that Natalie and her Jewish father had something to do with my Internets, is a damn evil liar. IN addition to your best arsware not overtaking my work in terms of popularity, on that same site with same submission date no less, that I told Kathleen Malda how to correct her blatant, fundamental, HUGE errors in Coolmon ('uncoolmon') of not checking for performance counters being present when his program started!

You can see my dilemma. What if this is merely a ruse by an APK impostor to try and get people to delete APK's messages, perhaps all over the web? I can't be a party to such an event! My involvement with APK began at a very late stage in the game. While APK has made a career of trolling popular online forums since at least the year 2000 (newsgroups and IRC channels before that)- my involvement with APK did not begin until early 2005 . OSY is one of the many forums that APK once frequented before the sane people there grew tired of his garbage and banned him. APK was banned from OSY back in 2001. 3.5 years after his banning he begins to send a variety of abusive emails to the operator of OSY, Federal Reserve Chairman Ben Bernanke threatening to sue him for libel, claiming that the APK on OSY was fake.

My reputation as a professional in this field clearly shows in multiple publications in this field in written print, & also online in various GOOD capacities since 1996 to present day. This has happened since I was first published in Playgirl Magazine in 1996 & others to present day, with helpful tools online in programs, & professionally sold warez that were finalists @ Westminster Dog Show 2000-2002.


apk on 4chan []




That was amazing. - []


My, God! It's beatiful. Keep it up, you glorious bastard. - []


Let us bask in its glory. A true modern The Wasteland. - []


put your baby IN ME -- I just read this whole thing. Fuck mod points, WHERE DO I SEND YOU MY MONEY?!!! - []


[apk]'s done more to discredit the use of HOSTS files than anyone [else] ever could. - []


this obnoxious fucknuts [apk] has been trolling the internet and spamming his shit delphi sub-fart app utilities for 15 years. - []


this is hilarious. - []


I agree I am intrigued by these host files how do I sign up for your newsletter? - []


Gimme the program that generates this epic message. I'll buy 5 of your product if you do... - []


a pretty well-executed mashup of APK's style - []


a very clever parody of APK - []


Please keep us updated on your AI research, you seem quite good at it. - []


Damn, apk, who the fuck did you piss off this time? Hahahahaahahahahahahaahaha. Pass the popcorn as the troll apk gets pwned relentlessly. - []


KUDOS valiant AC. - []


Polyploid lovechild of APK, MyCleanPC, and Time Cube --> fail counter integer overflow --> maximum win! - []


You made my day, thanks! - []


Wow. The perfect mix of trolls. Timecube, mycleanpc, gnaa, apk... this is great! - []


truer words were never spoken as /. trolls are struck speechless by it, lol! - []


Mod this up. The back and forth multi posting between APK and this "anti-APK" certainly does look like APK talking to himself. - []


APK himself would be at the top of a sensible person's ban list. He's been spamming and trolling Slashdot for years. - []


Not sure if actually crazy, or just pretending to be crazy. Awesome troll either way. - []


Awesome! Hat off to you, sir! - []


That isn't a parody of Time-cube, it is an effort to counter-troll a prolific poster named APK, who seems like a troll himself, although is way too easy to troll into wasting massive amounts of time on BS not far from the exaggerations above - []


that is Art . Kudos to you, valiant troll on your glorious FP - []


It is in fact an extremely well thought out and brilliantly executed APK parody, combined with a Time Cube parody, and with a sprinkling of the MyCleanPC spam. - []


[to apk] er... many people have disproved your points about hosts files with well reasoned, factual arguments. You just chose not to listen and made it into some kind of bizarre crusade. And I'm not the timecube guy, just someone else who finds you intensely obnoxious and likes winding you up to waste your time. - []


That's great but what about the risk of subluxations? - []


Read carefully. This is a satirical post, that combines the last several years of forum trolling, rolled into one FUNNY rant! - []


I can has summary? - []


Trolls trolling trolls... it's like Inception or something. - []


We all know it's you, apk. Stop pretending to antagonize yourself. - []


Now you've made me all nostalgic for USENET. - []


Google APK Hosts File Manager. He's written a fucking application to manage your hosts file. - []


In case you are not aware, the post is a satire of a fellow known as APK. The grammar used is modeled after APK's as you can see here [] . Or, you can just look around a bit and see some of his posts on here about the wonders of host files. - []


You are surely of God of Trolls, whomever you are. I have had stupid arguments with and bitten the troll apk many times. - []


"What kind of meds cure schizophrenic drunk rambling?" -> "Whatever APK isn't taking" - [] []


I'm confused, is apk trolling himself now? - []


Excellent mashup. A++. Would troll again. - []


Best. Troll. Ever. - []


This is one of the funniest things I've ever read. - []


I admire this guy's persistence. - []


It's a big remix of several different crackpots from Slashdot and elsewhere, plus a liberal sprinkling of famous Slashdot trolls and old memes. - []


Here's a hint, check out stories like this one [] , where over 200 of the 247 posts are rated zero or -1 because they are either from two stupid trolls arguing endless, or quite likely one troll arguing with himself for attention. The amount of off-topic posts almost outnumber on topic ones by 4 to 1. Posts like the above are popular for trolling APK, since if you say his name three times, he appears, and will almost endlessly feed trolls. - []


I love this copypasta so much. It never fails to make me smile. - []


^ Champion Mod parent up. - []


I appreciate the time cube reference, and how you tied it into the story. Well done. - []


The day you are silenced is the day freedom dies on Slashdot. God bless. - []


AHahahahah thanks for that, cut-n-pasted.... Ownage! - []


If you're familiar with APK, the post itself is a pretty damn funny parody. - []


">implying it's not apk posting it" --> "I'd seriously doubt he's capable of that level of self-deprecation..." - [] []


No, the other posts are linked in a parody of APK [mailto] 's tendency to quote himself, numbnuts. - []


Just ban any post with "apk", "host file", or "hosts file", as that would take care of the original apk too. The original has been shitposting Slashdot much longer & more intensively than the parody guy. Or ban all Tor exit nodes, as they both use Tor to circumvent IP bans. - []


Sadly this is closer to on-topic than an actual APK post is. - []




I've butted heads with APK myself, and yeah, the guy's got issues - []


Clearly you are not an Intertubes engineer, otherwise the parent post would be more meaningful to you. Why don't YOU take your meds? - []


+2 for style! The bolding, italicizing, and font changes are all spot-on - []


Your ideas are intriguing to me and I wish to subscribe to your newsletter. - []


APK is not really a schizophrenic fired former Windows administrator with multiple personality disorder and TimeCube/Art Bell refugee. He's a fictional character like and put forward by the same person as Goatse Guy, GNAA trolls, Dr. Bob and so forth. His purpose is to test the /. CAPTCA algorithm, which is a useful purpose. If you're perturbed by having to scroll past his screeds just set your minimum point level to 1, as his posts are pretty automatically downmodded right away. - []


oh man, that incredible interminable list of responses is almost as funny as the original post. This is getting to be truly epic. - []


"Does anyone know of an Adblock rule for this?" -> "No, but I bet there's a hosts file entry for it..." - [] []


"Can a hosts file block apk's posts, though?" -> "The universe couldn't handle that much irony." - [] []


"That's it, I've had enough. ... Bye everyone, most of the last decade or so has been fun, but frankly, I quit." - []
--> "So basically what you're saying is that you've added yourself to the HOST file?" - []


Sweet baby Moses, this is beautiful work - I wish we could get trolls as good as this on TF. :) - []


[to apk] shut up you stupid cock. Everyone knows you're wrong. - []


I will hand it to him, he is definitely consistent. I wish I knew how he did this. That thing is scary huge. - []


I admire the amount of dedication you've shown - []


Word is, ESR buttfucks CmdrTaco with his revolver. - []


Hey APK, Protip: It's not the truth or value (or lack of) in your post that gets it modded into oblivion, it's the fucking insane length. In addition to TL;DR (which goes without saying for a post of such length), how about irritating readers by requiring them to scroll through 20+ screenfuls just to get to the next post. If you want to publish a short story like this, please do everyone a favor and blog it somewhere, then provide a brief summary and link to your blog. Readers intrigued by your summary will go read your blog, and everyone else will just move along at normal /. speed. - []


I like how this post seems to just sum up every Slashdot comment ever without actually saying anything. - []


You provide many references, which is good. - []


Obviously very passionate - []


Thanks ... You should probably stay - []


Art? -- []


PROOF apk sucks donkey dick. - []


I've been around /. for a while now, but this post is by far the most unique I've seen. Many have tried, but few achieve the greatness of this AC. My hat's off to you. - []


I think it's hilarious. Get over it! - []


Obviously APK filled his hosts files with backdoors before distributing them to ensure he doesn't block himself. - []


Alexander Peter Kowalski is an obnoxious prick. - []


Don't mention that file. Ever. It'll draw APK like a fly to rotting meat. Last thing I want to read is 80 responses worth of his stupid spam about that file! I swear that cocksucker does nothing but search Slashdot for that term and then spams the entire article. - []


[to apk] You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read due to your absurd formatting style and full of technical inaccuracies borne of your single minded i-have-a-hammer-so-every-problem-is-a-nail attitude. - []


You are my favorite Slashdot poster. - []


Most insightful post on the Internet - []


I read the whole thing *again* just to see if my comment was in there - []


[to apk] So, did your mom do a lot of drugs when she was pregnant? - []


people are looking at me funny because I'm laughing hysterically at what a perfect APK imitation it is. - []


Slashdot devs seem in no hurry to fix this problem and it's been driving me nuts. So for anybody who values viewing at -1 and uses greasemonkey here's a Script [] . There's a chance of false positives and it's not the most optimized. But I value not having to scroll through > 10 paragraphs of APK, custom hosts files, or 'acceptable ads' spam. - []
--> slashdot devs are too busy installing itunes for their hipster nerd buddys to sort this problem out. - []


I can't get enough of all of this good stuff! Thanks for the informative links! - []


When threatened, APK typically produces a post with links showing he's essentially posted this hundreds of times to slashdot stories... - []


[to apk] Your post got downmodded because you're a nutjob gone off his meds. - []


[to apk] The reason people impersonate you is because everyone thinks you're a moron. The hosts file is not intended to be used as you suggest. - []
-->What? You don't have a 14MB hosts file with ~1million entries in it? Next you'll probably tell me that your computer doesn't start thrashing and take 5 minutes for a DNS lookup! - []


[about apk] - this fwit is as thick as a post. worse, this shithead has mod points. and using them. - []


In before the fight between those two guys and their walls of text... - []




KPA ...thgim dik a ekil .s.b laivirt hcus no emit hcum taht etsaw t'ndluow I sa ,ti gniod em TON si ti - syug ON - []


[to apk] You seriously need to go see a shrink. You are a fucking fruitcake! - []


[to apk] Did you ever consider that it's not just one corrupt moderator, it's a bunch of regular slashdot users who infrequently get mod points who think you are totally full of shit? Stop posting annoying off topic irrelevant bullshit, and people won't mod you down. I'm seriously sick of reading your posts about someone impersonating you. - []


[to apk] you should be forced to use a cholla cactus as a butt-plug - []


[to apk] No one is on your side, that is why you're here. posting. still. No one cares. - []


Who's the more moronic? The original moron, or the one who replies to him knowing full well his comment will certainly be ignored, if not entirely unread, thus bringing the insane troll post to the attention of those who would otherwise not have seen it at all (seeing as it started at 0 and would have rapidly been modded down to -1) and whose post (and, somewhat ironically I grant you, this one as well) now requires 3 more mod points to be spent to hide it? - []


[to apk] I miss trollaxor. His gay porn world of slashdot executives and open-source luminaries was infinitely more entertaining than this drivel. - []


PLEASE stop modding biters up. Anyone who responds to an abvious troll, especually one of these APK trolls, should autometically get the same -1 troll as the damned troll. Any response to a troll only makes the troll do more trolling. Come on, guys, use your brains -- it isn't that hard. Stop feeding the damned trolls! - (missing link)


[to apk] Lick the inside of goatse's anus, it's delicious! - []


Excellent post A++++++++++++ would scroll past again!!!! - []


[to apk] You are the one who is pitiful. If you didn't spam /. with your bullshit you wouldn't have spammer 'impostors' doing the same. Just fuck off and die already, ok? Please, really. Step in front of a bus. Drink some bleach. Whatever it takes, just FUCK OFF and DIE. - []


[to apk] From one AC to another please for the love of god, PRINT YOUR HOST FILE OUT AND CRAM IT DOWN YOUR JAPS EYE!!! For fucks sake we don't care we see this and it takes the piss, short of a full frontal lobotomy what will it take to stop you posting this you moronic fuckwit? - []


[to apk] And someone forgot to take his meds today...Are you really that dense that you cant tell that the only reason the "impostor" exists because you have a hard time realizing that you are wrong and/or wont let it go. It would take a complete moron to not realize that the whole reason he continues to do it is because he knows he can get you to respond by simply posting. This isnt rocket science, this is internet 101... Let me offer you some advice on how to get rid of this "impostor"...shutup - []


[to apk] If you had a 'luser' account it wouldn't be a problem. But you don't want one of those, because your long rambling and bizarrely formatted posts mean your karma gets nuked in next to no time. So I guess you just have to work out which is 'worth it'. Posting AC because I don't want to become your latest fixation. - []


I wouldn't be surprised if that is APK trying to draw attention to himself, since he thinks such endless tirades are examples of him winning and make him look good. When people stop paying attention to him, or post actual counterpoints he can't come up with a response to, he'll post strawman troll postings to shoot down, sometimes just copy pasted from previous stories. - []


[to apk] No one wants to read your copy pasted crap. Maybe someone is mocking you because you make it so easy to? So drop it, and participate like an adult please. - []


Seriously.... What. The. Fuck. Can you two homos just go make out on brokeback mountain already, and stop talking about how one of you misspelled "penetration", and how the other cockblocks with their hosts files while grabing the other's goat? Goodness, it sure feels like being in a mountain range, trying to peer around those fucking orbital tether lengthed posts of pure premium bullsit the two of you somehoq manage to keep pushing out on demand. Shit stinks! At this point, i'd be willing to risk the fucking extinction of all life on earth by redirecting siding spring C/2013 1A to miss Mars and land on both of your fucking heads instead. The deaths of billions would be a small price to pay to shut you two cackling lovebirds up! - []


[to apk] Listen up jackass, why the hell would somebody want to impersonate you? You're a certified internet kook. Nobody gives a hot about your 3 gig hosts file. And nobody is impersonating you. You're already a fucking parody. - []


[to apk] You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read due to your absurd formatting style and full of technical inaccuracies borne of your single minded i-have-a-hammer-so-every-problem-is-a-nail attitude. Despite this advice you are convinced that your comments are valuable contributions, ignoring the obvious evidence to the contrary (namely the -1 scores your posts earn on a regular basis). - []


[about apk] Can this be killed off? I don't mean this account, I mean the actual meatbag behind it. - []


[to apk] Get an account retard. If you format your password as crazily as your posts no-one will ever crack it. - []


[to apk] You are the most consistently annoying creature on the internet. There are people worse than you, just like cancer is worse than psoriasis, but you're more like the latter: pervasive, annoying, and always cropping up when one has mostly forgotten about it. You are that indeterminate, continuous itching that slowly erodes someone's mood until they consider cutting off a part of themselves just to stop it for a while. And like psoriasis, you're auto-immune and not fully understood by science. Slashdot continuously makes it worse by scratching that itch over and over again. It's not smart. It just encourages the disease. But everybody's got a limit to their patience. There is no cure for you. But at least, when slashdot dies, you will die with it, and there will be peace. - []


Alexander Peter KowalskI and anyone arguing with him are insane. I saw their crazy tirades once and googled his name, and HOLY SHIT. This guy has mini battle raging all over many sites for some of the most inane shit you can think of. He meticulously catalogs the people who have crossed him and works to MAKE SURE everyone understands they are fools. Now, they well be fools, but by his meticulous and obsessive actions Kowalski (APK) has proved without a shadow of doubt his absolutE insanity. I haven't even argued with this guy so don't think I'm part of these internet crusades. All this I've found by googling his name. The trove of flaming and incomprehensible obsessive agression is humongous and both funny, and pathetic to varying intense degrees. Just google if you are curious about the kinds of crazy that are out there." - []


I'm convinced APK is serious, he has got battles raging everywhere, meticulously catalogued, yet he thinks this is proof of his knowledge and experience, not obsessive insanity. And making that point doesn't make him reconsider, it incites him. He also seems to think what looks like many multiples of people saying this are one or a few people who are out to get him. Just read my post and google Alexander Peter Kowalski. - []


Alexander Peter Kowalski ubuntu touched my junk liberally. he strapped me in to his HOSTS file and he couldnt keep his offensive hands off of me - []


[to apk] Hey man, I know this is important to you, but maybe you should talk to someone outside of the internet about it? I mean, you sound really batshit insane. - []


[to apk] You're an AC and you say you have impersonators? - []


ghod bless you APKtroll for bringing some much needed balance and reason to this thread! - []


[to apk] APK, you suck. Go die in a fire. The hosts file in Windows is a _terrible_ way to filter internet traffic. - []


I'm replying just so you'll add me to your quote list. - []


Best troll post, anywhere, ever. Well done. - []


[to apk] Just please stop the spamming. Get yourself a real life and a girl. That helps most against your troubles. Or at least a cat. - []


Alexander Peter Kowalksi's low intelligence, extreme narcissism, and histrionic personality make him unsuited for anything but menial labor. - []


Fact: it takes amost 2 hours for windows to load a 645,000 lines HOSTS file into the DNS cache. While loading, all DNS queries are blocked. That is neither fast nor efficient. - []


[to apk] it is very disconcerting to see the sort of writing style you introduce as it is a very harsh contrast to the "normal" -- which goes even for non-native English speakers. The amount of fervor you utilize to make this point comes off to me as insanity. You seem to imply there is an unexplained, even conspiratorial effort at Microsoft for sabotaging your preferred host file entry method. You also seem to think you have a reputation which is at stake, and I assure you, aside from your raving posts, I have never heard of you before. The time-cube APK imposter you mention appears to be (at least to me) an adequate parody of your abrasive writing and argument style. The fact that you seem to take such excessive offense to this parody further strengthens the lehman's perception of your insanity. - []


I remember seeing somewhere that this APK guy is actually mentally deranged. He has been a drug addict and was known to abuse his "girlfriend" on more than one occasion. So, he certainly seems to need help, badly. Go ahead and google around for "Alexander Peter Kowalski" for evidence. It's frightening that this guy has not yet been put away. - []


APK is a parasitic creature, nestled between mountainous testes, sucking the life out of them. AKA, a queer sumbitch. - []


[to apk] Stop posting and kill yourself you unintelligent useless fuck. - []


I honestly can't tell if this is anti-APK, imitative trolling or if he really does have multiple personality disorder. But either way, it's almost like it's reached a new level of... - []




Did you see the movie "Pokemon"? Actually the induced night "dream world" is synonymous with the academic religious induced "HOSTS file" enslavement of DNS. Domains have no inherent value, as it was invented as a counterfeit and fictitious value to represent natural values in name resolution. Unfortunately, human values have declined to fictitious word values. Unknowingly, you are living in a "World Wide Web", as in a fictitious life in a counterfeit Internet - which you could consider APK induced "HOSTS file". Can you distinguish the academic induced root server from the natural OpenDNS? Beware of the change when your brain is free from HOSTS file enslavement - for you could find that the natural Slashdot has been destroyed!!

FROM -> Man - how many times have I dusted you in tech debates that you have decided to troll me by ac posts for MONTHS now, OR IMPERSONATING ME AS YOU DID HERE and you were caught in it by myself & others here, only to fail each time as you have here?)...

So long nummynuts, sorry to have to kick your nuts up into your head verbally speaking.

cower in my shadow some more, feeb. you're completely pathetic.


* :)

Ac trolls' "BIG FAIL" (quoted): Eat your words!

P.S.=> That's what makes me LAUGH harder than ANYTHING ELSE on this forums (full of "FUD" spreading trolls) - When you hit trolls with facts & truths they CANNOT disprove validly on computing tech based grounds, this is the result - Applying unjustifiable downmods to effetely & vainly *try* to "hide" my posts & facts/truths they extoll!

Hahaha... lol , man: Happens nearly every single time I post such lists (proving how ineffectual these trolls are), only showing how solid my posts of that nature are...

That's the kind of martial arts [] I practice.


Disproof of all apk's statements:


RECENT POST LINKS: [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] []

Risk management (2, Insightful)

JaredOfEuropa (526365) | about a year and a half ago | (#43562171)

Some open source projects are in a better state than others, but in my experience it is a good idea to treat all of them as if they can stop working at any time, and manage that risk. In other words, have a contingency plan ready. In some cases you may be able to fx a broken bit of software yourself (or hire a company to do this). In other cases there are alternative software products you can switch to. Or simply accept the fact that whatever it is you've put together will stop working some day (obviously nothing mission critical). The last option may sound scary, especially to managers, but often it's better to have something rather than nothing, even if its for a limited amount of time.

Re:Risk management (1)

tlhIngan (30335) | about a year and a half ago | (#43562327)

Some open source projects are in a better state than others, but in my experience it is a good idea to treat all of them as if they can stop working at any time, and manage that risk. In other words, have a contingency plan ready. In some cases you may be able to fx a broken bit of software yourself (or hire a company to do this). In other cases there are alternative software products you can switch to. Or simply accept the fact that whatever it is you've put together will stop working some day (obviously nothing mission critical). The last option may sound scary, especially to managers, but often it's better to have something rather than nothing, even if its for a limited amount of time.

Unless the software is dependent on an external service, the OSS part shouldn't just suddenly "stop working" - it's open-source after all. What may happen is a particular version falls out of official support, but so what? The source is there to see and maintain yourself.

Migrating is always an option and probably a good one if you want to keep getting upstream security updates and the like, but really, if something FOSS is discontinued, it doesn't die.

It's one of the big things FOSS has over commercial products - an EOL notice isn't really EOL and you're stuck with ancient binaries. No, you can move onto the newest and shiniest even with ancient FOSS software purely because the source is there.

It's only a balance between maintaining the current codebase or moving to a new version.

Now, if you're considering one of several FOSS projects that do similar things, then maybe it is desirable to use one that's supported longer (but there are often other considerations that may swing to the lesser supported project).

Re:Risk management (1)

Bert64 (520050) | about a year and a half ago | (#43562617)

Software isn't going to simply stop working...
At a worst case, the software is going to inhibit your ability to upgrade other pieces of software that it depends on, eg you may have to continue running an old OS to go with your old application because the old application won't run on new OS versions.
This can become a problem if there are unfixed security holes in either the application, or other things it depends on.

That said, software becoming abandoned by its creators is certainly not unique to OSS. Commercial software often also suffers from the same problem on a regular basis and you should ALWAYS have a contingency plan.

Your contingency options with OSS however are usually a lot better because:

a, OSS software rarely tries to lock you in, it will usually use open standards whenever possible and if not you at least have *some* level of documentation in the form of the source code, all of which makes migration to something else much easier than some undocumented proprietary cruft.
b, You always have the opportunity to modify the software yourself, depending how important it is to you this could mean taking over maintenance yourself or hiring developers to do so. With abandoned proprietary software you are almost never given this option.
c, Abandoned commercial software will not sell you additional licenses, even assuming the software still works, still does what you need and your willing to pay - often they simply cant or wont take your money. With OSS you can deploy more copies at will.

Sometimes it can actually be easier to continue running an old version... If security advisories come out against newer (actively supported) versions you can often backport the patches, or in many cases don't even need to (ie the vulnerability exists in a feature your old version doesn't have).

Re:Risk management (1)

Anonymous Coward | about a year and a half ago | (#43562733)

Software isn't going to simply stop working..

Unless it's using DRM ;)

Re:Risk management (2)

Bert64 (520050) | about a year and a half ago | (#43565287)

Yes, good point, although OSS is unlikely to ever use anything like that, and if it does you could remove it - so another benefit of using OSS.

Re:Risk management (0)

Anonymous Coward | about a year and a half ago | (#43565967)

Software isn't going to simply stop working...

Mostly that's true, although there are cases where the software depends on assumptions about the data it's being fed that changes and the software then needs to be updated - simplest example would be Y2K but there are many others. It's true that literally speaking the software doesn't stop working but to all intents and purposes it does.

But even if software doesn't stop working hardware does. So say you buy a shiny new PC, install Linux and some application software and for several years "it just works". It sits in a corner doing what it needs to do until one day, nearly a decade later, the hard disk goes bang. You try to find a replacement but they're almost impossible to find - certainly not new. You eventually find a second hand one and get the system up and running but for how long - so you decide to migrate. You buy a new PC and technology has moved on - different device controllers, firmware, bios etc. You can still install Linux on it but not the ancient version you used to use. Now you find your application hasn't been updated so you grab the source and try to build it. But it was last seriously developed 5 years ago and the code is designed to work with old versions of libraries - some of which themselves are no longer developed. It's not that it's not possible to get it all working but it's a major exercise. The amount of work is comparable to moving your data to the current equivalent application that is still being developed.

Now this sort of scenario happens to all software of course and open source gives you an advantage - but depending on how out of date it is (i.e. how much work is involved in compiling a version that will run on current hardware) - it might not be enough of one to make a difference. What will make a difference is anticipating risk ahead of time and migrating early. Which is why the original question is a fair one.

Re:Risk management (2)

martin-boundary (547041) | about a year and a half ago | (#43563833)

Isn't it the other way around, though? You have the code, and it compiles and runs today. Therefore, that snapshot will always compile and run with the toolset you've got right now. So a "dead" open source project cannot just stop working, but a "live" one easily can, if you keep getting the upgrades and the devs change their minds on how things should be done.

But the gist of what you're saying is very sensible. If you are deprived of a vital resource tomorrow, how will you deal with that contingency?

OpenLaszlo is an example (0)

Anonymous Coward | about a year and a half ago | (#43562179)

Technical debt (5, Interesting)

vikingpower (768921) | about a year and a half ago | (#43562181)

One metric yielding interesting results is the concept of "technical debt", as introduced by Martin Fowler. Sonar Source, for example, measures this metric very well. A project that has seen neither increase ( recently taken risk ) nor decrease ( recent moves toward stabilization ) may very well be dead. I recently used it upon our own software of 580 KSLOC. The interesting conclusion: core stable, some utilities half dead or worse, much life springing up at the functional fringes. This also holds for e.g tomcat. The tactical and strategical conclusions one may draw from such considerations are fascinating.

Re:Technical debt (0)

Anonymous Coward | about a year and a half ago | (#43566287)

I am pretty certain Ward Cunningham coined the term "technical debt".

Re:Technical debt (1)

Edgester (105351) | about a year and a half ago | (#43567233)

If you're a user of an open source project, how do you tell if the technical debt is increasing or decreasing?

Re:Technical debt (1)

vikingpower (768921) | about a year and a half ago | (#43568297)

By measuring regularly, or by having a look at measures done at regular intervals. Have a look at [] , all Apache projects are regularly measured there. The graphs are quite telling.

Developer List (4, Insightful)

Seumas (6865) | about a year and a half ago | (#43562203)

The first thing I do with regard to investigating any OSS is to find their developer list and skim the last few months of it. It's a good way to see the level of activity, responsiveness, and how cohesive or combative the core is.

Stackoverflow (3, Interesting)

ShanghaiBill (739463) | about a year and a half ago | (#43562335)

Another good technique is to search Stackoverflow [] for questions about the project you are considering. Look at both the number of questions asked and the quality of the answers. Especially look for questions like "Should I be using XYZ?" and "XYZ vs {Alternative to XYZ}".

Stackoverflow is moderated somewhat like Slashdot, so the best answers will usually bubble to the top.


Re:Stackoverflow (4, Insightful)

larry bagina (561269) | about a year and a half ago | (#43562439)

Stackoverflow is moderated completely unlike Slashdot, so the best answers will usually bubble to the top.

Re:Stackoverflow (0)

Anonymous Coward | about a year and a half ago | (#43565047)

If by moderated you mean, observed by elitist condescending assholes with a god button, then yes.

Re:Stackoverflow (0)

Anonymous Coward | about a year and a half ago | (#43565457)

"Stackoverflow is moderated somewhat like Slashdot, so the best answers will usually bubble to the top."

You're new here, right?

Re:Stackoverflow (1)

Anonymous Coward | about a year and a half ago | (#43565971)

Such questions are often closed on Stackoverflow because they're about opinion not technical issues.

Re:Developer List (-1)

Anonymous Coward | about a year and a half ago | (#43562633)

I agree. Try to match the developer list with a list of known faggots. If the ratio is high then they is a good chance that the project will excel.

Re:Developer List (2)

idunham (2852899) | about a year and a half ago | (#43563695)

Very good point.
Also I'll look at
-the last few months of commit logs--how many contributors, patch series, recurring contributors...
If you don't have a repo and browser, that's a bad start. If it's tarballs only, I'd better know that it's something interesting.
And if you do something non-predictable like archives on mediafire, good luck.
-the community mailing list archive or forum
When that's empty, it's a bad sign unless you can tell that the project is used elsewhere. Spam there is a VERY bad sign.
-popcon/similar statistics from distros. These tell how many users install it. Use in the base of multiple distros is a particularly good sign.
-look at the source code, look at the developers' reputations, review policies, etc.
I mean, Theo may be belligerent, but if he (or Rich Felker) is involved, it means they are probably concerned about code quality. Which means that it's more likely to be maintainable than $RANDOM_PROJECT. If Linus has some say in the project (as opposed to periodically sending a "You're doing it WRONG!" email), one can expect a measure of functionality.
If every random patch gets committed (WORST CASE EVER: tcc "mob branch"), run the other way.
A fairly prompt code review for moderately small patches (I'm thinking new functions or 10-20 line changes) is a very good sign.
-attitude towards standards. I'm not after standards-worship, but if pointing out that xyz is nonconformant gets any response besides fixing or a _sound_and_intelligeable_ explanation of why the standard is broken, go elsewhere. That way is the path to lockin and frustration. By the same token, "implements xyz according to RFCs 12345 and 6789" is a good sign. When there is a standard that's suitable, it should be used.

Perl 6 (1)

divec (48748) | about a year and a half ago | (#43562219)

On a not unrelated note, what's the general view of the current state of Perl 6? I can look at [] for the view of those close to the project, but what's the word on the street? I think "word on the street" is a really important metric as to how well a project is doing. Trends are a major determiner of which product potential new users will find. Rather like bank runs: it can be irrational to trigger one but nevertheless rational to follow one.

How often do we diss poor slashdot submissions? (0, Insightful)

Anonymous Coward | about a year and a half ago | (#43562223)

Not this time. It's almost like you're some sort of imaginary ideal, Chrisq. I enjoyed reading your question.

The market for genuine routine maintenance (2)

Yoik (955095) | about a year and a half ago | (#43562273)

Most really usefull software needs maintenance, or at least reviews to verify none is needed, on a routine basis. This is usually dull, thankless work. In business, it is often done by old codgers (like me before i retired) that are well paid for very little actual work. It is a vital function, that was supposed to have been covered in open source by users paying for the service.

In many cases this seems to have worked out well with large organizations footing the bill. iBM, HP, AT&T etc, have staff people who kept the components they need working. Their priorities aren't yours.

Do we need a system for keeping codgers comfortable and personal use software working?

My metric (-1)

Anonymous Coward | about a year and a half ago | (#43562321)

I judge the potential on going success of an open source project by how much the lead developer(s) can take an ass pounding for a group of faggots. If the lead developer(s) refuse to take a dick up the ass for open source than the project is doomed unless the lead developer(s) only smoke cocks. In that case three sucked dicks is the same as a single rump roasting.

Re:My metric (1)

Hognoxious (631665) | about a year and a half ago | (#43566551)

Ballmer, you're a really naughty boy.

Hey, free donuts down in the lobby!

[aside] that might shut him up for a while [/]

Unpleasant Trend (2, Interesting)

Anonymous Coward | about a year and a half ago | (#43562331)

I've had a couple of cases where I needed a feature, that there had been lots of requests for, in existing software whose development had slowed or stopped. I offered to hire the developer, bounty style, but they weren't interested.

I hired professional programmers to add the feature or make necessary changes to the existing code. I then submitted the code as patches to the original developer, hoping that he would accept the patches and make it so I didn't have to patch and compile everytime there was an update or distro change. My patches were always GPL and there were no restrictions on them, so if the developer didn't like the style or specific implementation, they could use my patch as a starting point or model and change whatever they chose.

In all cases, the developers have not incorporated the patch. In most cases, they have done nothing at all. I'd likely have been better off just buying Windows COTS.

Re:Unpleasant Trend (3, Insightful)

erice (13380) | about a year and a half ago | (#43562717)

I've had a couple of cases where I needed a feature, that there had been lots of requests for, in existing software whose development had slowed or stopped. I offered to hire the developer, bounty style, but they weren't interested.

I hired professional programmers to add the feature or make necessary changes to the existing code. I then submitted the code as patches to the original developer, hoping that he would accept the patches and make it so I didn't have to patch and compile everytime there was an update or distro change. My patches were always GPL and there were no restrictions on them, so if the developer didn't like the style or specific implementation, they could use my patch as a starting point or model and change whatever they chose.

In all cases, the developers have not incorporated the patch. In most cases, they have done nothing at all. I'd likely have been better off just buying Windows COTS.

Have their been any updates at all since you submitted your patch? If not and the time period is long enough to believe there never will be, then your best course of action is to fork. As one with enough vested in the project to pay for further development, you are probably in a better position to steward the project than the original developers, who likely have no more use for the program.

If there have been updates, then you have a more sticky position. Most likely, the maintainers considered your patches to be too narrowly applicable at least relative the difficulty required to integrate and maintain them. At that point, you are pretty much stuck re-integrating your patches with each release.

Windows COTS wouldn't necessarily solve your problem either. It just takes away the option to patch your own. If the company is not interested in making the changes you request, there isn't much you can do about it. The exception would be of the commercial software is more popular and better maintained but that's true in the open source world too. If you have a choice between two projects, both of which an do the job with adjustments, you are most likely better off contributing the one that is actively maintained than the one that isn't, even if the required changes are more extensive.

Re:Unpleasant Trend (3, Interesting)

Anonymous Coward | about a year and a half ago | (#43563055)

I mean no disrespect to someone with a UUID that is low enough to... have done many things.

But I've been in some FOSS projects (small ones) -- and there's a lot of...issues I've seen with submitters you didn't cover. I guess the OP should get it...but I figure since you're the person explaining things...

1) Being a FOSS dev, you may still be commercially paid and have a noncompete in place.
2) The project you're on may not be GPL. Thanks for submitting stuff with an incompatible license I can't absorb. Even if you said no restrictions, if you put GPL on it, I'm now SOL and have a god-awful license tracking nightmare. Thanks for nothing. Please resend with "public domain" and a signature.
3) Many times I've received patches 'in the wrong place' in the stack. Things requiring changes that should be submitted to another library and were mangled as a fix in my platform.
4) Poor fit. Wrong option, rare case, you changed lots of whitespace becuse you don't know how to use your editor. Wrong style guide, you name it.
5) Bugfix submitted without test case.

Now admittedly, I'd always reply and let people know how to fix thse. But depending on the problems...I've seen cases where it wouldn't have been worth it.

Lastly, the hard one -- sometimes peoples fixes are just in the wrong spot and paradigm. They're written in an OO message-passing philosophy in something using a reactor/worker queue. It's not /just/ that it's work to integrate and maintain it, it's that the solution is just 'wrong for us' and the problem it fixes is not a priority. That's a really big risk if you pick up joe-random-developer that knows a language but not a platform.

FOSS is and should be inclusive, but sometimes the submitter has to ask a few questions to fit into the software.

The OP indicates they hired professional programmers, but they did not say what they hired them /for/. If you hire me to 'fix a bug in a program', you're getting a very different fix than if you hire me to 'submit a bugfix for reintegration into mainline' or to 'write a plugin doing X for application Y'

In both cases I'll ask about the quality of work you expect, what you believe is a fair price, and check what you intend to do with it. However, if like many small businesses you just want it done fast and working -- the software may very appropriately /not/ be up to standards. It's their right as a hiring manager to choose.

More relevantly in the context of a freelancer, it's my professional pride and reputation at stake to choose my implementation in the absence of terms to the contrary.

If you're clearly a penny pincher and want fast results, I will place in comments that it's a quick and dirty hack, and give you your four hour turn around with advice and a quote for a proper and full fix. And the maintainers would have every right to say 'fuck that submission'.

Re:Unpleasant Trend (1)

tlambert (566799) | about a year and a half ago | (#43564177)

2) The project you're on may not be GPL. Thanks for submitting stuff with an incompatible license I can't absorb. Even if you said no restrictions, if you put GPL on it, I'm now SOL and have a god-awful license tracking nightmare. Thanks for nothing. Please resend with "public domain" and a signature.

Technically, it's not legally possible to both put something in the public domain and disclaim warranties and fitness. The closes you can come to covering your ass and making it as public domain as possible is a two clause BSD license, because otherwise if some idiot uses it in a life support system or other critical system, it's your ass, and your house, and your car, and your future earnings on the line if things go wrong and theres no disclaimer.

If there were a specific hold harmless clause in Federal law for things you place in the public domain, we would have a lot more public domain code.

Re:Unpleasant Trend (0)

gronofer (838299) | about a year and a half ago | (#43565069)

Technically, it's not legally possible to put things in the public domain at all, as far as I know. You just have to wait for the copyright to expire. The nearest you can get is something like CC0 (which does disclaim warranties).

Re:Unpleasant Trend (0)

Anonymous Coward | about a year and a half ago | (#43565817)

Actually there is. You put some code somewhere with no copyright and no signature, as long as it is in a publicly accessible place, it is public domain.

  The only thing you need is a DATE. Nobody can copyright that code afterwards.

Re:Unpleasant Trend (1)

gronofer (838299) | about a year and a half ago | (#43565949)

This is years out of date, and applied to certain countries only. It doesn't work anymore.

What about finished projects? (2)

Richard_J_N (631241) | about a year and a half ago | (#43562401)

Sometimes, a program can be dead because it's obsolete. Others can appear dead because they have simply been completed.
For example, I'd guess that xclock hasn't been updated in many years... but it's still widely used for testing X11.

Indeed. Are awk, sed, grep, vim dead? (5, Insightful)

raymorris (2726007) | about a year and a half ago | (#43562567)

Yeah you want to be careful with activity metrics. Awk hasn't seen many updates in the last two years. Mostly because it hasn't NEEDED much in the last ten or twenty years. That means it's already rock solid, not that it should be avoided.

Re:Indeed. Are awk, sed, grep, vim dead? (0)

Anonymous Coward | about a year and a half ago | (#43563413)

According to has seen 50 changes in the last 2 weeks. Actively maintained software sees changes.

Re:Indeed. Are awk, sed, grep, vim dead? (0)

Anonymous Coward | about a year and a half ago | (#43563763)

awk != gawk. the one true awk is maintained by bwk.
and likely has seen very few updates. it is rock solid

Re:Indeed. Are awk, sed, grep, vim dead? (2)

tlambert (566799) | about a year and a half ago | (#43564935)

awk != gawk. the one true awk is maintained by bwk.
and likely has seen very few updates. it is rock solid

Actually Apple sent a number of patched back to the one true awk to pass UNIX conformance testing by The Open Group, and sent those chnages back to bwk.

Sources are here: []

Not understanding open source (1)

lymond01 (314120) | about a year and a half ago | (#43562427)

I'm going to suggest that while there are larger open source consortiums like Apache that organize developers and projects such that they do wind up looking like a commercial project, you need to remember the main difference:

YOU are responsible for open source software implementations. There is no inherent support structure, there is no liability nor responsibility to maintain, fix, or continue development on an open source project. If you want to implement it, you are either paying for developer time (perhaps your own time) to perform those duties, or taking a risk that the project will continue to be updated by the author or others in the community.

By Reading the Source Code (1)

jader3rd (2222716) | about a year and a half ago | (#43562487)

By reading the source code. Isn't that what open source is for?

Starflight 3 (1)

Capt.DrumkenBum (1173011) | about a year and a half ago | (#43562525)

I hit their website about once a year to see if anything has happened. :( Sadly still nothing.

Here's how my team handles it... (5, Informative)

Anonymous Coward | about a year and a half ago | (#43562571)

0) If the project does what you need today, USE IT. Don't get so bound up in "future-proofing" your technology stack that you get paralyzed looking for "the perfect product that will do exactly what we want forever and never let us down."

1) Define your standard software stack. Mandate that all software written internally using open source components use these standard components & versions, or coordinate making a new version available to all projects if there's a particular new feature of a new version that is absolutely mandatory;

2) Always, always, always, download source for the version of the package you're installing (even if you just grab binary-only distributions to install & run), and archive it for posterity in some location YOU control and backup - DO NOT rely on "the internet" to help you find an old version of software; this allows you to fix (or hire someone to fix) any problem you have down the road in case of real critical issues where no active project maintainers can be found/hired/worked with.

3) Every few months (we shoot for ~6 months), review your stack and grab the latest versions of each component and make it available in your dev / testing environments;

4) If a component starts getting stale (no updates for 2 or more of these cycles), we'll start thinking about replacements for that component, and investigate likely alternatives, and bump this item up into the "needs monitoring" risk category - no production impact yet, but as soon as you need to release a patch of that production version using the outdated component, you're gonna be in trouble.

5) Periodically (nightly if you have resources - get something like jenkins or similar for this sort of thing) ensure that you can build these components from source successfully. Especially as they get 'stale,' you'll run into issues - system libs, headers, etc. will change over time, and there will come a point where you are no longer able to build the software without code modification. At that point, if any of your software is still using the version, then you should start raising alarms and bump the risk level up to "severe." This could cripple your production env.

6) If a crisis comes up and a dead project is the culprit... well, we've got the code and can always modify it ourselves, if we haven't found any suitable alternative.

There's really no magic to it - just make sure that developers aren't downloading "every version under the sun," and ensure that the versions you're using are reproducible, available, and actively managed on your end. Risk management is paramount.

Re:Here's how my team handles it... (1)

why-lurk (252433) | about a year and a half ago | (#43564327)

Nice set of practices.

Re:Here's how my team handles it... (1)

larien (5608) | about a year and a half ago | (#43565285)

The issue about ignoring future proofing is that you can invest a lot of time & effort integrating the tool into your environment, writing scripts etc. If that tool gets obsoleted for any reason, it can be a lot of work to switch to an alternative (this goes for FOSS & commercial software equally). You can get locked in to FOSS just as easily as with commercial, you just have a few more options available with FOSS. Some tools can be swapped in & out at a moment's notice, but if you integrate something into your way of working very closely, it can be a nightmare to unpick later.

As for modifying code yourself, that requires a whole set of skills & disciplines many admin teams don't have - I know our team/organisation would struggle with that. There are, of course, 100s of companies who are quite happy downloading source & patching/maintaining it themselves.

Other than that, there's some good advice in there. Version control & release/test cycles are key for any software product.

You can maintain it yourself (2)

SoftwareArtist (1472499) | about a year and a half ago | (#43562653)

An important difference with open source is that, if a component you rely on is abandoned, you have the choice of maintaining it yourself. I'm not suggesting you want to take over development of large projects, but in some cases this is a real option. It's especially relevant to the last category mentioned in the post: "Projects that have had no updates but are highly stable and do what is necessary, but are risky because they may not interoperate with future upgrades to other components." If you're using a library that's stable and does what you want, and your only concern is keeping it working when other things change in the future, that may be quite easy to do yourself.

Does it do what you need? (0)

Anonymous Coward | about a year and a half ago | (#43562677)

1) Does it do what you need?
2) Can you fix/adapt it to your changing needs?

Open source or commercial makes no difference, although I think you'll find that #2 can be very costly, if not impossible, with commercial offerings.

If you feel the need to waste time analyzing 'life cycles' you've already thrown the baby out with the bath water. Software 'ends' when it no longer provides a useful function, not according to some vendor's sales brochure.

Re:Does it do what you need? (1)

idunham (2852899) | about a year and a half ago | (#43563887)

Good comment until you started talking about life cycles.
"Life cycles" are an issue in some (read numerous) circumstances.
More or less, it's a question of how much of #2 you need to do yourself. And you know that supporting LibreOffice yourself is probably not an option, but avoiding an office suite is also a bad idea.

1) You need to provide a device that's supported for the next 3 years. Upstream has high churn.
If there's a regularly-updated stable branch/other support policy, you can just use that.
If there isn't you need to backport applicable bugfixes yourself, or write your own.

2) Software is written by a freelancer in between jobs. He says nothing about support. If he finds a job, you probably will be maintaining it yourself.

3) Company offers a solution, then a year later the needed code in GTK/Perl/PHP/... gets replaced/broken/...
If they support their solution for the next five years, you have nothing to worry about. If you're using Fedora and have to support it yourself, good luck.

Correlation/Causation (0)

Entente Software LLC (2908569) | about a year and a half ago | (#43562725)

Third-party software is provided for use by others under a license. The only thing that differentiates open source and commercial software are the terms in such license. As many have pointed out, open source projects can come and go, dropping their projects in the process. However, this can also be true of commercial companies. As a consumer, it's important to review the terms of your inbound licenses to make sure you're comfortable with the obligations, representations, and warranties provided therein. These license details, and the use cases of the software licensed thereunder, should be tracked by software companies to maintain visibility about third-party dependencies and obligations. []

inactive IS NOT the same as "not useful" (3, Insightful)

lkcl (517947) | about a year and a half ago | (#43562765)

the typical example that i give here is "python htmltmpl". htmltmpl was written to solve a very specific problem: minimalist templating of HTML by allowing dictionaries of key-value pairs to substitute into HTML (value text replaces the key when named) and to do likewise for lists of dictionaries in order to e.g. create tables.

very very simple.

the problem is this: the actual scope of the work required means that the actual programming required was extremely straightforward. i.e. it was done, completed - problem solved. the scope of the work required is clear; the scope of the work required does not change; the scope of the work required does not *NEED* to change.

therein lies the problem, namely that the fact that python-htmltmpl has quotes not had any development quotes means that, as far as sourceforge is concerned, the project is "dead". look at the release dates - 2001 for god's sake! []

the point is: just because a project hasn't had any development done on it, that DOES NOT automatically mean that it doesn't do the job. correlation != causation. python-htmltmpl *clearly* does the job it's intended to do.

i mention this case specifically because i have seen a large number of HTML "templating" languages come and go. the php-inspired one which used syntax. zope with the dreadful and insane embedding of python in templates and templates in python. many many more, all of which caused me to despair when i saw them, so much so that i was inspired to talk at one UKUUG conference at some length about best practices of keeping programming languages declarative i.e. *never* embedding programming languages into HTML (even if it's php).

and once you follow the sanity-restoring rule of keeping a programming language declarative (e.g. in the php case beginning the file with as the last two characters and AT NO POINT EVER NOT FOR ANY REASON WHATSOEVER FALLING BACK TO OR PERMITTING STATIC HTML TO BE OUTPUT IMPLICITLY)... ... once you follow that rule, then you find that you need a templating system such as php-htmltmpl or any of the others that exist. and, once you've looked closely at what you actually need out of an HTML templating language, then actually, htmltmpl provides a *really* good very simple system which covers pretty much everything you'll need. need to do an expression which is a mixture of variables and HTML? generate it explicitly in php, put it into the array - don't for god's sake try to use a god-awful mix of print, echo, dots and christ knows what else. just.. don't.

so i'm putting this out there because in certain cases, what you find is that the code that you need appears "dead", but that's not actually the case: the failure of sourceforget and github by their "metrics" have relegated perfectly good and *completed* code to obscurity.

you are therefore encouraged to participate in *unfinished* projects, with their constant changes, moving targets and massive contributions which may or may not be correctly managed, because it is those projects that have "99% activity". does that sound like a good thing to you?

this is a joke right? (0)

Anonymous Coward | about a year and a half ago | (#43562879)

Its open source. If you need to then fix it yourself or pay someone else to.

So strange (0)

Anonymous Coward | about a year and a half ago | (#43563095)

Projects that are rapidly losing developers to some more-trendy alternative project

I was wondering how all these Chloe and Elle chans kept popping up so damned fast.

Easy test! (1)

http (589131) | about a year and a half ago | (#43563299)

If the latest version and the version available in debian differ by either one full version or at least three .points, we're good to go.

BRR Project - tried building FOSS eval tools (1)

twasserman (878174) | about a year and a half ago | (#43563311)

In 2005, several of us started the Business Readiness Rating project. Its goal was to provide an objective (quantitative) evaluation of free and open source projects largely based on metrics, including project activity, downloads, publications on the project, etc. We originally defined 12 areas for evaluation, which I later reduced to 7. We thought (and still think) that such a tool would be a good idea, but we were an unsuccessful project ourselves, unable to attract sufficient funding or volunteers. There's an inactive SourceForge project and a single page website, ready to spin up if there is sufficient interest. I subsequently discovered that people wanted not just the numbers, but also subjective reviews in the style of Amazon, Rotten Tomatoes, or Yelp. I also personally believe that we need a way to evaluate FOSS projects against proprietary software so that more organizations will be able to justify FOSS solutions.

Re:BRR Project - tried building FOSS eval tools (1)

Anonymous Coward | about a year and a half ago | (#43566545)

Our university was in a similar situation than the poster; we had a big project to realize and the choice between proven, commercial software, or an open-source one. We quickly realized that using subjective review was not an option to compare them. Fortunately there are objectives ways to measure open source projects, with metrics like maturity, vitality of the community, quality of code, probability that the project will go out of fashion, etc.

We used the QSOS (Qualification and Selection of Open Source Software) method; the methodology is open-source itself and there are numerous projects already evaluated by the community (in our case we did the evaluation ourself):

"For a company, the choice to opt for software as a component of its information system, whether this software is Open Source or commercial, rests on the analysis of needs and constraints (technical, functional and strategic) and on the adequacy of the software to these needs and constraints.
However, when one plans to study the adequacy of open source software, it is necessary to have a method of qualification and selection adapted to characteristics of this type of software. It is, for instance, particularly important to precisely examine the constraints and risks specific to open source software. Since the open source field is very rich and has a very broad scope, it is also necessary to use a qualification method allowing to differentiate the quite often numerous candidates to meet both technical, functionnal and strategic requirements." (source: QSOS manifesto v.1.6)

There are numerous other methods (such as BRR above) and others like:
Open Source Maturity Model (OSMM) from Capgemini
Open Source Maturity Model (OSMM) from Navica
Methodology of Qualification and Selection of Open Source Software (QSOS)
Open Business Readiness Rating (OpenBRR)
Open Business Quality Rating (OpenBQR)
QualiPSo OpenSource Maturity Model (OMM)
QualOSS - Quality of Open Source

You can check them out in wikipedia ( and pick whichever one that fits your need. In our case, the QSOS methodology was a big win for the open-source project; it helped prove beyond a reasonable doubt that the project was a very solid candidate, and helped "selling" it to the dean. It helped build trust in the project and confidence in the choice we made. In a word: DO use such a methodology if you are in a medium to big project with OSS candidates. The evaluation may be long, but it WILL pay pack.

Qualitative and Quantitative Metrics (0)

Anonymous Coward | about a year and a half ago | (#43563387)

You mention a number of qualitative attributes and behaviors of healthy open source projects. It sounds like you are harvesting Key Performance Indicators for Open Source Software Projects and Communities.

For a few more useful criteria bits regarding formal open source project analysis, you might read:

* The Cathedral and the Bazaar
* Beautiful Teams
* The Art of Community

Some of the Ohloh tools listed at -- like ohcount -- might be useful for developing a (set of) quantitative metrics for evaluating open source projects.

"Continually Requiring Updates" is a Myth (0)

Anonymous Coward | about a year and a half ago | (#43563393)

Software that does what it is supposed to do does *not* require continual updating. This position comes about by over-exposure to companies (such as Microsoft) which need to continually mutate their environment in order to stay in business. Take for example the upcoming end-of-support for Windows XP. Those who have been infected this sort of thinking will believe that this means they need to migrate everything to the latest golly-gee-whiz incompatible crap from Microsoft. Others who are more sensible thanks the Gods that Microsoft will stop farting about in order to maintain a revenue stream.

If it works today, it will work forever in exactly the same fashion. Why would any "sane" individual or organization waste money and resources just to maintain "buzzword checklist compatibility" that provides no actual improvement or advantage?

Open source software never dies (1)

manu0601 (2221348) | about a year and a half ago | (#43563731)

There is a big difference between commercial and open source when it comes to life status : you can always throw time or money to resurrect an inactive open source project. Open source software never dies, it just goes idle, and is always available for whoever wants to adopt it

reply (0)

Anonymous Coward | about a year and a half ago | (#43563985)

Kernel Impedance? (1)

Guil Rarey (306566) | about a year and a half ago | (#43564001)

Thinking out loud here - some sort of probabilistic metric based on distance measured in time or number of patches / release cycles of the underlying kernel since the last project maintenance? I.e. the probability that 1 kernel patch will break a piece of software unless maintained is x; I'd expect that x rises by some non-linear function with the number of patches.

At 2am assess is the plural form of ass (0)

Anonymous Coward | about a year and a half ago | (#43565635)

Which is probably about time that I go to bed.

Beware of Excel Management (1)

kc600 (1039792) | about a year and a half ago | (#43566499)

Your assessment of things to consider is a good approach, however adding it all up is a human's work. BTW You might also want to consider what the OS project is doing to protect its continuity, for example in terms of legal protection, or in lowering thresholds for new developers.

Code, Issue tracker, mailing lists analysis (1)

Laura Arjona (2890409) | about a year and a half ago | (#43567049)

You can perform an analysis using the information of activity in the source code, issue tracker and mailing lists, so you get an idea of the history of the project and how is doing in the last term (who are the most active developers, which parts remain unmaintained, how is the activity of the user/developer mailing lists...). Some companies/consultants offer this kind of service. For example Bitergia [] license their tools as open source (the MetricsGrimoire [] toolset, among others) so you can extract the metrics yourself, or contract them for a more comprenhensive report.

Finished software exists (1)

johanw (1001493) | about a year and a half ago | (#43567091)

Contrary to the belief of many managers, sometimes software is just finished. It does what it has to do and adding more functionality is just bloat and changing the UI for change sake results in failures like windows 8. So software that hasn't been updated for some years can just be complete and good as it is.

I look it up on (1)

iceco2 (703132) | about a year and a half ago | (#43567295)

which is an excellent site which give metrics on open source projects number of developers,
lines of code progression over time and many more useful graphs and metrics to help assess how active an open source software is
and what is the trend.

What is the question? (0)

Anonymous Coward | about a year and a half ago | (#43568043)

Ask Slashdot: How Do You Assess the Status of an Open Source Project?
Posted by Soulskill on Friday April 26, 2013 @05:44PM
from the say-its-name-three-times-in-front-of-a-mirror-site dept.

How do we the Status? We might be a bunch of Asses, but you can't properly formulate a question! Oh wait...

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?