[Am-info] query about MS "Innovations"

[Joe Moore]

On Fri, Apr 05, 2002 at 06:27:05PM -0500, Felmon Davis wrote:
> 
> Perhaps your last question was overlooked? It's a worrisome thought: 
> why exactly wouldn't 'open source' _also_ produce a 'mono-culture'?

It does.  Or rather, it can.
Open source is completely orthogonal to a monoculture.  However, freely
modifyable source (aka Free Software) makes it possible to create enough
diversity to make the binosphere (my word) a safer place.

To see the difference, examine Microsoft's "Shared Source" license.  Certain
large, influential companies are able to examine (but not modify) the 
Windows source code.  This does nothing to eliminate the software monoculture,
even though the source is "open".

On the other hand, consider the Apache project.  Because users aren't 
generally dependant on a specific set of compilation options (For example,
some may not need the server-side imagemap extension) there is diversity
in what actually gets installed on a system.  Even though it's all based on
the same software.  In addition, what compiler you use to build it may make
a difference to what vulnerabilities exist.  For example, a bounds-checking
compiler may create a less-vulnerable executable than a standard C compiler,
and gcc v2.7.2 will create a different executable (stack in different place,
etc) than even gcc 2.95.

All these contribute to diversity even without changing the source code.

--Joe