The Cathedral and the Bazaar (1997)

41 points by kesor 4 months ago | 30 comments
  • tptacek 4 months ago
    An evergreen subject. I could write a long comment here, but I'd just be recapitulating what I've already wrote, which is that this is probably the single most overrated piece of technical writing since the advent of the public Internet. What was true in it wasn't new, and what was new wasn't true. All you have to do is read _Peopleware_ (which arguably has had a rough going itself) to see why.

    https://news.ycombinator.com/item?id=35939383

    Raymond's personal and political inclinations always complicate this, but my fascination with his downright weird role in our professional culture long predates an understanding of his ideology. I think the case I made in the preceding paragraph is easy to make on the merits. It's why there was a comic called "Everybody Loves Eric Raymond". He's a figure of fun, and a lot of people haven't caught up with that.

    • Hooray_Darakian 4 months ago
      Give Working in Public by Nadia Eghbal a read as well. Its much more up to date and much more observational on the topic of open source development.
      • EarlKing 4 months ago
        I always found it amusing that he made sendmail the centerpiece of his argument. Sendmail, the veritable swiss cheese of software. Don't get me started on his so-called Linus's Law that, after decades, I think we can firmly say was never correct (and if in doubt, just go look at how many projects have decades-old bugs still lurking in them despite having many eyes on them).
        • Freakwater 4 months ago
          "With enough eyes all bugs are shallow."

          Well, we know now how untrue that is.

          • DonHopkins 4 months ago
            He made up the ridiculous "many eyes" quote himself, then misnamed it "Linus's Law" to avoid personal responsibility and shift the blame to innocent Linus Torvalds, who never said such a stupid thing, and which HeartBleed and many other eyeballable bugs proved terribly wrong and misguided. About which the salty security expert Theo de Raadt famously said "Oh right, let's hear some of that "many eyes" crap again. My favorite part of the "many eyes" argument is how few bugs were found by the two eyes of Eric (the originator of the statement). All the many eyes are apparently attached to a lot of hands that type lots of words about many eyes, and never actually audit code."
            • notfed 4 months ago
              Perhaps "...slightly shallower" would have been more appropriate, but that isn't as catchy.
              • DonHopkins 4 months ago
                The term "many eyes" is certainly doing a lot of work, because practically nobody (beyond the exceptionally qualified but justifiably abrasive Theo de Raadt), and ESPECIALLY not ESR, ever bothers to actually read or is actually qualified to understand and audit source code. And the few that are qualified usually have other things to do with their precious time, because all the Big Tech FAANG MegaCorps and venture funded startups that exploit their hard work never bother supporting them in any way.

                Ironically the one time he did try, he beclowned himself by totally misunderstanding and misrepresenting it, due to his illegitimate preconceptions, extremist political agenda, intellectual dishonesty, lack of expertise, quote mining, gullibility to conspiracy theories, and cultivated misconceptions.

                https://rationalwiki.org/wiki/Eric_S._Raymond#Climategate

                >Climategate

                >During the Climategate fiasco, Raymond's ability to read other peoples' source code (or at least his honesty about it) was called into question when he was caught quote-mining analysis software written by the CRU researchers, presenting a commented-out section of source code used for analyzing counterfactuals as evidence of deliberate data manipulation. When confronted with the fact that scientists as a general rule are scrupulously honest, Raymond claimed it was a case of an "error cascade," a concept that makes sense in computer science and other places where all data goes through a single potential failure point, but in areas where outside data and multiple lines of evidence are used for verification, doesn't entirely make sense. (He was curiously silent when all the researchers involved were exonerated of scientific misconduct.)

            • 4 months ago
            • DonHopkins 4 months ago
              https://news.ycombinator.com/item?id=35944771

              phkamp on May 15, 2023 | prev | next [–]

              A counter point:

              https://queue.acm.org/detail.cfm?id=2349257

              ACM Queue: The Bike Shed, August 15, 2012, Volume 10, issue 8.

              A Generation Lost in the Bazaar

              Quality happens only when someone is responsible for it.

              Poul-Henning Kamp

              https://en.wikipedia.org/wiki/Poul-Henning_Kamp

              [...]

              Today's Unix/Posix-like operating systems, even including IBM's z/OS mainframe version, as seen with 1980 eyes are identical; yet the 31,085 lines of configure for libtool still check if <sys/stat.h> and <stdlib.h> exist, even though the Unixen, which lacked them, had neither sufficient memory to execute libtool nor disks big enough for its 16-MB source code.

              How did that happen?

              Well, autoconf, for reasons that have never made sense, was written in the obscure M4 macro language, which means that the actual tests look like this:

                ## Whether `make' supports order-only prerequisites.
  AC_CACHE_CHECK([whether ${MAKE-make} supports order-only prerequisites],
    [lt_cv_make_order_only],
    [mkdir conftest.dir
     cd conftest.dir
     touch b
     touch a
  cat >confmk << 'END'
  a: b | c
  a b c:
         touch $[]@
  END
    touch c
    if ${MAKE-make} -s -q -f confmk >/dev/null 2>&1; then
      lt_cv_make_order_only=yes
    else
      lt_cv_make_order_only=no
    fi
    cd ..
    rm -rf conftest.dir
  ])
  if test $lt_cv_make_order_only = yes; then
    ORDER='|'
  else
    ORDER=''
  fi
  AC_SUBST([ORDER])
              Needless to say, this is more than most programmers would ever want to put up with, even if they had the skill, so the input files for autoconf happen by copy and paste, often hiding behind increasingly bloated standard macros covering "standard tests" such as those mentioned earlier, which look for compatibility problems not seen in the past 20 years.

              This is probably also why libtool's configure probes no fewer than 26 different names for the Fortran compiler my system does not have, and then spends another 26 tests to find out if each of these nonexistent Fortran compilers supports the -g option.

              That is the sorry reality of the bazaar Raymond praised in his book: a pile of old festering hacks, endlessly copied and pasted by a clueless generation of IT "professionals" who wouldn't recognize sound IT architecture if you hit them over the head with it. It is hard to believe today, but under this embarrassing mess lies the ruins of the beautiful cathedral of Unix, deservedly famous for its simplicity of design, its economy of features, and its elegance of execution. (Sic transit gloria mundi, etc.)

              [...]

              Poul-Henning Kamp (phk@FreeBSD.org) has programmed computers for 26 years and is the inspiration behind https://bikeshed.org . His software has been widely adopted as under-the-hood building blocks in both open source and commercial products. His most recent project is the Varnish HTTP accelerator, which is used to speed up large Web sites such as Facebook.

              • entropicgravity 4 months ago
                Musk is the Bazaar.
                • bitwize 4 months ago
                  Amongst his other odious views and dubious hacker cred, lately ESR has been cheerleading the ongoing fascist coup of the U.S. government, and dickriding Elon (and even Trump) so hard that he should probably at this point be considered a Nazi sympathizer, and his work considered -- how did dang put it? -- "not to foster the kind of discussion we want to see here at HN".
                  • giraffe_lady 4 months ago
                    Interesting ideas here. I wonder what other ideas its author has written about.
                    • fifilura 4 months ago
                      I saw ESR once in a NY venue around 2000 in the middle of the bubble.

                      He was waving with a CD with newly open sourced banking software of some sort and raving about how all developers overarching goal will be to open source their work because don't care about money anymore, they already make so much.

                      Not very impressive then and not very impressive today.

                      • jonstewart 4 months ago
                        I wonder, too, how has fetchmail held up over time? Was it a good program?
                        • DonHopkins 4 months ago
                          Nope.

                          UUCP must stay; Fetchmail sucks (2001) (freebsd.org)

                          https://news.ycombinator.com/item?id=25671258

                          https://mail-archive.freebsd.org/cgi/getmsg.cgi?fetch=585008...

                          >[...] Unfortunately, ESR would not accept patches for the mistaken MX problem, nor for the preference order problem, nor for the tunneled envelope information stripping problem. He seemed to be too busy with speaking engagements, and has since declared fetchmail to be in "maintenance mode", in order to demonstrate a recognizable commercial software lifecycle for an Open Source project, to give business the warm fuzzies.

                          https://pyropus.ca./software/getmail/faq.html#faq-about-why

                          Why did you write getmail? Why not just use fetchmail? Short answer: … well, the short answer is mostly unprintable. The long answer is … well, long:

                          I do not like some of the design choices which were made with fetchmail. getmail does things a little differently, and for my purposes, better. In addition, most people find getmail easier to configure and use than fetchmail. Perhaps most importantly, getmail goes to great lengths to ensure that mail is never lost, while fetchmail (in its default configuration) frequently loses mail, causes mail loops, bounces legitimate messages, and causes many other problems.

                          When people have pointed out problems in fetchmail's design and implementation, it's maintainer has frequently ignored them, or (worse yet) gone in the completely wrong direction in the name of "fixing" the problems. For instance, fetchmail's configuration file syntax has been criticized as being needlessly difficult to write; instead of cleaning up the syntax, the maintainer instead included a GUI configuration-file-writing program, leading to comments like:

                          The punchline is that fetchmail sucks, even if it does have giddily-engineered whizbang configurator apps.

                          As an example, Dan Bernstein, author of qmail and other software packages, once noted to the qmail list:

                          Last night, root@xxxxxxxxxxxxxxxxx reinjected thirty old messages from various authors to qmail@xxxxxxxxxxxxxx

                          This sort of idiocy happens much more often than most subscribers know, thanks to a broken piece of software by Eric Raymond called fetchmail. Fortunately, qmail and ezmlm have loop-prevention mechanisms that stop these messages before they are distributed to subscribers. The messages end up bouncing to the wrong place, thanks to another fetchmail bug, but at least the mailing list is protected.

                          --D. J. Bernstein

                          The maintainer also ignored dozens of complaints about fetchmail's behaviour, stating (by fiat) that fetchmail was bug-free and had entered "maintenance mode", allowing him to ignore further bug reports.

                          [...]

                          https://pld.cs.luc.edu/courses/412/spr20/mnotes/bazaar.html

                          But this is not the strongest language. Perhaps the most snarky response to fetchmail comes from Terry Lambert (docs.freebsd.org/cgi/getmsg.cgi?fetch=585008+0+archive/2001/freebsd-arch/20010218.freebsd-arch):

                          >As to fetchmail: it is an abomination before God. If someone in the press ever paid for an audit of the source code, the result would refute the paper "The Cathedral and the Bazaar" to such an extent that it could damage the Open Source movement, which has pinned so much on the paper, in ill-considered haste.

                          >ESR has constantly maintained that fetchmail is "not an MTA", and he is right: it could be, but it's not.

                          >When mail is delivered to a POP3 maildrop, envelope information is destroyed. To combat this, you would need to tunnel the envelope information in headers. Generally, sendmail does not support "X-Envelope-To:" because it exposes "Bcc:" recipients, since fetchmail-like programs generally _stupidly_ do not strip such headers before local re-injection of the email. Without this information, it can not recover the intended recipient of the email. The fetchmail program delivers this mail to "root".

                          >The program has another bug, even if you elect single message delivery (in order to ensure a "for <user@domain>" in the "Received:" timestamp line. The bug is that it assumes the machine from which the download is occurring is a valid MX for your domain.... [pld: the end result is misaddressed replies]

                          ...

                          >Unfortunately, ESR would not accept patches for the mistaken MX problem, nor for the preference order problem, nor for the tunneled envelope information stripping problem. He seemed to be too busy with speaking engagements, and has since declared fetchmail to be in "maintenance mode", in order to demonstrate a recognizable commercial software lifecycle for an Open Source project, to give business the warm fuzzies.

                          Ouch.

                        • science4sail 4 months ago
                          When I hear about ESR nowadays, it's usually in the context of extreme right-wing politics. I'm not sure whether that's an accurate description of the man or a smear campaign against him.

                          That said, if you dig into the Jargon File on catb.org, you can find some interesting descriptions of how ESR perceived his hacker[0] community.

                          [0]Notably, his "hackers" are computer programmers from the ARPANET, USENET, and 1990s Internet cultures. Not cybercriminals or Silicon Valley startup founders.

                          • DonHopkins 4 months ago
                            I've known ESR (aka "Eric the Flute") and RMS (Richard Stallman) since the early 1980's, and batshit crazy smarmy arrogant self-aggrandizing sexist racist anti-black homophobic Islamophobic neocon interventionist libertarian gun nut is a fair and accurate description of ESR's politics. "Yonder Racism" is an ironically accurate anagram of his name.

                            The only "smear campaign" is his own long term war against the FSF institutionally, RMS personally, and the concept of Free Software itself: he's built his entire career on trying to tear down RMS's life work, while misappropriating and corrupting RMS's original ideas as his own.

                            But the code ESR has written himself is mediocre and lackluster at best, and trivial and unimportant in comparison to RMS's. (Ask him why he never shipped let alone shared the source code of his unfinished magnum dopeus Teenaged Mutant Ninja Turtle NetNews Reader, which he would drone on and on about endlessly and insufferably to people he cornered at science fiction conventions in the 80's, but never finished or released or shared with any bazaar or cathedral.)

                            He certainly doesn't deserve to be called a hacker, let alone presume to define the meaning of the term. Real hackers from the MIT-AI lab where it originated consider his revisionist politically slanted rewriting-for-profit of the Hacker's Dictionary to be disrespectful parasitical vandalism that doesn't represent the actual hacker culture, just a tool he hijacked, corrupted, and abused to spread his right-wing political ideology.

                            He made up the ridiculous "many eyes" quote himself, then misnamed it "Linus's Law" to avoid personal responsibility and shift the blame to innocent Linus Torvalds, who never said such a stupid thing, and which HeartBleed and many other eyeballable bugs proved terribly wrong and misguided. About which the salty security expert Theo de Raadt famously said "Oh right, let's hear some of that "many eyes" crap again. My favorite part of the "many eyes" argument is how few bugs were found by the two eyes of Eric (the originator of the statement). All the many eyes are apparently attached to a lot of hands that type lots of words about many eyes, and never actually audit code."

                            Anything good you've heard about him comes from his own mouth shamelessly and braggadociously bloviating about himself. You can set your watch by his flying monkeys, GamerGate incels, and bulging-at-the-seams electroluminescent spandex clad Tron Guy Jay Maynard swooping in to defend him and downvote brigade any criticism. (I shit you not, Tron Guy is literally and figuratively his biggest fan: https://www.youtube.com/watch?v=y0avXmif6Ts )

                            If that video didn't make you throw up in your mouth, then I could sicken you by linking to examples and posting pages of his reprehensible racist quotes, but I'll leave it at that, and anyone else who cares can google it and find out for themselves. Thanks to our own hn contributor ptacek, people have actually donated tens of thousands of dollars to charity NOT to see his many quotes like "what’s keeping women in general from occupying the vast middle of the programming field is not general intelligence. On the other hand, the average black American has an IQ about 85 and that is pretty much a disqualifier right there. Only the cohort of their bell curve above 3 STDs from median has much hope of matching the capability of the average white programmer", so you'll thank me later for not posting more of them here.

                            >Raymond has claimed that "Gays experimented with unfettered promiscuity in the 1970s and got AIDS as a consequence", and that "Police who react to a random black male behaving suspiciously who might be in the critical age range as though he is an near-imminent lethal threat, are being rational, not racist." A progressive campaign, "The Great Slate", was successful in raising funds for candidates in part by asking for contributions from tech workers in return for not posting similar quotes by Raymond. Matasano Security employee and Great Slate fundraiser Thomas Ptacek said, "I've been torturing Twitter with lurid Eric S. Raymond quotes for years. Every time I do, 20 people beg me to stop." It is estimated that, as of March 2018, over $30,000 has been raised in this way.

                            If you really must know more:

                            https://rationalwiki.org/wiki/Eric_S._Raymond

                            https://news.ycombinator.com/item?id=20383916

                            • EarlKing 4 months ago
                              Hey Don? I've seen this post of yours more than once, so I'm assuming you've got it saved somewhere, ready to go whenever the Flute gets mentioned. I don't disagree with anything you've written here, but I am curious if there was a last straw for you that makes you post this every time his name comes up.
                              • sillywalk 4 months ago
                                From both the Rational Wiki, and from vaguely remembered Slashdot comments from 20+ years ago, I thought that ESR's 'The Art of Unix Programming' was regarded as pretty good.

                                I'm curious if this is accurate, because it would seem to be out of character.