Recent Events, FOSS and Security, Gaming Personalities

[tcpip]

Somehow I neglected to mention in my last post two excellent events which I recently attended. First was John Foxx's Tiny Colour Movies. I shouted dukeofmelbourne to the event as it was he who introduced me to early Ultravox some twenty years ago. It was excellent, an arthouse-style archive of movie fragments from disparate sources, combined with the Foxx providing backing music. The second was a more intimate affair, but one by a person who has probably affected more people indirectly; dinner with arjen_lentz who regularly visits Melbourne to provide MySQL training and do more work for OpenQuery. As usual it was excellent technical and friendly conversation and I quite enjoyed the contributions by laptop006.

Free and Open Source software is one of the areas where, it seems to me, the morally right policy is also the best technical approach. Widely reported, for example, has been a serious OpenSSL exploit which has affected Debian and Debian-derived systems (e.g., Ubuntu), which of course was widely discussed on Slashdot. Now despite the seriousness of the problem, it was found and patched remarkably quickly. Would this even have been discovered in a closed source model? Would the company holding the patents and copyrights admit the problem? Would they release a patch? With those questions in mind - and given the general usability of FOSS desktop UNIX-like systems, it never ceases to surprise me that people, every day, are still using MS-Windows and other closed-source solutions. It's morally wrong, and it's technically dangerous.

Over the years, I have realised the people who are attracted to roleplaying games are an interesting bunch. Many are people with either an incredibly systematic knowledge (it seems that every second sysadmin is a RPGer). Many (such as patchworkkid, artbroken, drzero for example) are people of significant literary merit and talent. But some however are special and not in a good way. For example, one has to be a "very special individual", to start an abusive tirade because an observer comments that a regular gaming schedule might work better than an inconsistent one. Such a "special individual" would include Ian Bouch (yeah, top-posting, start from the bottom *sigh*). Congratulations Ian; I don't often condemn people on my journal for their personal behaviour but you sir, are an arsehole.

Comments

[zey.livejournal.com]

Now despite the seriousness of the problem, it was found and patched remarkably quickly.

You've got to love a system where the fix for an OpenSSL exploit issue is... *drumroll* apt-get update ;-). The same command you'd be using normally anyway to collect security and other software updates.

Would this even have been discovered in a closed source model?

Possibly. The source might have fewer eyes looking, but, the people looking are doing it for a living and their livelihood depends on their being dilligent.

Would the company holding the patents and copyrights admit the problem?

I think you might be mistaking the slow going of a giant effective monopoly for standard behaviour at all proprietory firms, large and small. Larger companies have all the turning circle of a battleship. Smaller companies are more nimble.

With those questions in mind - and given the general usability of FOSS desktop UNIX-like systems, it never ceases to surprise me that people, every day, are still using MS-Windows and other closed-source solutions.

Most people out there will use the UI they're comfortable with, especially if it took them a while to learn it in the first place. That's the profile of your average (non-techy) office computer user. They'll also have this or that app they can't live without. Add the two together and they're never going to contemplate moving.

That's why I think the Linux desktop is a bit of a pipe dream (it's been the year of the Linux desktop for how many years now?) and why ReactOS is such an exciting prospect. It's Windows, GPL and without the bloaty extraneous cruft.

It's morally wrong [...]

At some point, even a FOSS programmer wants a job where his skills will help him pay the rent. Donations are irregular and won't cover it.

Relying on support contracts for your FOSS software has problems: (a) The aim of a good programmer is to make your software intuitive and bug-free enough that the users shouldn't need support, and, (b) programmers hate doing end user support.

That's the paradox of FOSS, really. It needs proprietory software development contracts around in the system to keep their FOSS programmers in a financial position where they can keep programming for free on those FOSS projects they're interested in.

[tcpip.livejournal.com]

I think you might be mistaking the slow going of a giant effective monopoly for standard behaviour at all proprietory firms, large and small.

Hmmm... I did consider that but considered the behaviour more appropriate not to the size of the company but the way that information is held. Not to say that that large companies do have a slow turning circle. Indeed, one of their main strengths is stability.

(Although Ralph Nader's famous book "Unsafe at Any Speed" does come to mind in this discussion).

What you say about the desktop user interface is very true as well, which is why each incarnation of MS Windows has been less and less of a success for the end user (remember the end-user wails when MS-Windows 2000 was transformed to the new XP interface? and now - technical considerations aside - with Vista?).

At some point, even a FOSS programmer wants a job where his skills will help him pay the rent. Donations are irregular and won't cover it.

Sure. Many FOSS projects are sponsored by large companies as a result (IBM and Novell are two that immediately come to mind).

The model we discussed with arjen_lentz was the "skim off the top" model, which I think does have a degree of economic legitimacy. Basically value-add to an existing OSS project, make it worth your while in recompense, and then make it public. Indeed arjen pointed out that many organisations he ecounters are insisting on use of FOSS.

[zey.livejournal.com]

The model we discussed with [info]arjen_lentz was the "skim off the top" model, which I think does have a degree of economic legitimacy. Basically value-add to an existing OSS project, make it worth your while in recompense, and then make it public.

Ah, I wish I shared your optimism ;-). What's most likely to happen is the FOSS project eats its own: new participants notice that great add-on and cherry picks its functionality as their new contribution to the original project.

Indeed arjen pointed out that many organisations he ecounters are insisting on use of FOSS.

I suspect the success/failure of that strategy will depend on the industry you're in (ie, how specialised the software is). It'd work great if you're in software development, a real estate clerk needing plain jane office apps, etc. Good luck if you're in mining, oil and gas, accountancy or graphic design ;-).

[tcpip.livejournal.com]

Ah, I wish I shared your optimism ;-). What's most likely to happen is the FOSS project eats its own: new participants notice that great add-on and cherry picks its functionality as their new contribution to the original project.

That indeed is a risk; however there is very good incentives in releasing a good product into the public domain, as it encourages others to contribute to the development.

I suspect the success/failure of that strategy will depend on the industry you're in

Absolutely. I am very fortunate to be involved in the sort of work I am as result. The arts is probably one of those industries where open source content is perhaps not the best methodology, although I do notice many do so - or something similar by disposition (e.g., Cort Doctrow, Nine Inch Nails etc).

Overall, I think that the world is moving towards a variety of differing licensing structures (GPL, Creative Commons etc) which are orientated towards an FOSS model as a general trajectory.