I’ve been digging, yes, literally digging through a lot of code between a few OSS projects and I’ve noticed some interesting things.
Common to popular belief, Open Source projects are not as open as they seem. Some “Open Source” project code is harder to obtain than others - in terms of the source. While you can download and install the software, you are bound by the agreement. Sveasoft is an excellent example of this.
Shamelessly stolen from Wikipedia
There are several controversies surrounding Sveasoft, involving the distribution of the software, the personalities involved and GPL-related issues. One of these issues is that Sveasoft charges a fee to download the latest binary of their firmware without releasing or providing free access to the firmware, which many believe is a violation of the GPL license.
On March 11, 2006, the OpenWrt developers publicly announced that Sveasoft had violated its GPL license terms, and that Sveasoft’s continuing distribution of OpenWrt was prohibited.[4] In return, Sveasoft claimed that OpenWrt was illegally redistributing software copyrighted by Sveasoft and Broadcom and placing them under the GPL without being authorized to do so by the copyright holders.[2] Both groups deny the other’s allegations.
The software author managed to find a loophole (I’m taking a guess that its a loop hole.) and started charging for access to the web site. In the past, Sveasoft (ie: “He”) charged for the newest version of the software AND made the software decide if it was installed on multiple routers.This way, the person in charge of the software could disable peoples accounts with multiple routers installed. Seems my account is disabled ;-P Thats what I get for supporting an OSS project eh? Of course, these days, many projects utilized the Sveasoft code (as it was GPL’d as far as I can remember) and now, it looks like I’ll be updating my 3 wirelessly bridged routers to DD-WRT, which, funny enough, has its roots in Sveasoft. Guess thats what happens when you try to screw over the OSS community.
Again, I’ve been digging inside OSS for over a month now. From what I’ve noticed inside all these projects, there are individuals that work with specific files and literally cut and paste blocks of code from other projects into their code. Granted, most of the time, they’ve given credit for who/where it came from, but I’m amazed at how much stuff is just pasted, instead of updated. There are functions from 1999 in some of the code I looked at - I’m sure with the advent of the newer versions of programming languages such as PHP, we can find a better way of doing things.
Plugins
Plugins are supposed to be completely seperate…supposed to be… Right?
Digging through the code in certain projects shows CSS styles and custom code statements, usually in the form of “IF plugin XX is here do this…” embedded into some of the files. Why in the world is the community allowing this to happen? If I design some off the wall plugin that I can’t figure out how to work any other way, it appears that I can just throw in an If statement somewhere in one of the main files and POOF, it works on any current version of the software installed. Technically speaking, that slows down load times. Sure, it may be a tad here and a tad there, but ad those tads up and you get a big portion of your processing time devoted to needless if statements. The only way to figure that these things are even in your software is to manually look at them.
Print Functions
Some projects seem to want to use a Print function, for some unknown reason. This is rather than just “echo/print … blah”. What in the world is wrong with “echo…”? Why is a function being used here?
Now, there are projects that use this so they can be translated on the fly. I understand this, but what I don’t understand is that the same projects use hard coded HTML errors, notes, and directions. Doesn’t that defeat the purpose of translation?
Security
Warning, I’m gonna pick on WordPress pretty bad…
I’m also heavily into Security, at least at work - my personal blog will be updated later. Why in the freakin’ world are the wordpress authors using the Generator tag inside the head meta’s & RSS Feeds? Is this to make it easier as sin to break into someones system since its general knowledge that there is something wrong with ver 91.4.3? I had to carve all these lines out with a Spoon. Seriously, I had to do a full site search in DreamWeaver in order to look at where these files where. (Don’t even start on the DreamWeaver vs NotePad vs FrontPage crap) They’re everywhere - in the code, in the RSS feeds, front end, back end… WHY?
Its common knowledge that allowing others to know the version of software you’re using is a security threat. Mix that with the fact that the largest threat to a business is its own employees, you’ve got a problem on your hands.
Debranding
Why in the heck is it so hard to debrand certain projects? Why is the project name and the logo embedded in almost every file? Why is the logo embedded locally some places and a remote image call in others? I understand the “be proud of what you use” issue, but sometimes, that crap just doesn’t need to be there. With a lot of projects, I already know its XX that produced the page. With Web Support, I was known for picking out FrontPage sites just by looking at the designed page, I didn’t even need to look at the source. Some made it obvious with themes, but you can still tell what software package is being used by what it looks like. You’re going to tell me its for advertising, right? ASK ME AND I’LL TELL YOU WHAT THE HECK I’M USING (note: in the interest of so many people failing Netiquette 101, yes, I was yelling.)
Comments
Some people are really good with commenting their code. Most, however, suck at it.
I’ll even admit that I’ve had some pretty nasty code without comments in the past. What I normally end up doing is start comments, end up saying “screw it” and, somewhere in the future, going back and adding them. I do it because I care, not because someone comes up behind me and checks. I also wouldn’t think of releasing code into the wild blue yonder without comments.
Some programmers start out really good, commenting every line, all variables - almost too much info (this is a good thing) then get sucked into the whole “comment nothing” mentality. You scroll through lines and lines of code that have no comments and then find an end bracket, right under and if statement, that has: “//end if” - no shit Sherlock.
The other issue I have with comments is that a heck of a lot of them are public, unprofessional, non-informative and unhelpful. For instance: “Cheatin’ uh ?” What the heck does that tell me? The only way I know this is a permissions error is by looking at the code. Later on, in the same file, we have a more helpful statement of “You do not have sufficient privil….” - why is it so hard to write comments to public users?
Ultimately, it boils down to people taking more care of their code. There will always be someone like me complaining, but if OSS is going to REALLY make it, things need to start changing. I don’t have time to look through your code to find out what X function does and where it calls X variable from. I don’t have time to dig through the whole code library to change all the embedded SQL statements to MSSQL even though you hard coded it to MySQL (I love MySQL, but my employer doesn’t).
