Recent Events, FOSS and Security, Gaming Personalities

[tcpip]

Somehow I neglected to mention in my last post two excellent events which I recently attended. First was John Foxx's Tiny Colour Movies. I shouted dukeofmelbourne to the event as it was he who introduced me to early Ultravox some twenty years ago. It was excellent, an arthouse-style archive of movie fragments from disparate sources, combined with the Foxx providing backing music. The second was a more intimate affair, but one by a person who has probably affected more people indirectly; dinner with arjen_lentz who regularly visits Melbourne to provide MySQL training and do more work for OpenQuery. As usual it was excellent technical and friendly conversation and I quite enjoyed the contributions by laptop006.

Free and Open Source software is one of the areas where, it seems to me, the morally right policy is also the best technical approach. Widely reported, for example, has been a serious OpenSSL exploit which has affected Debian and Debian-derived systems (e.g., Ubuntu), which of course was widely discussed on Slashdot. Now despite the seriousness of the problem, it was found and patched remarkably quickly. Would this even have been discovered in a closed source model? Would the company holding the patents and copyrights admit the problem? Would they release a patch? With those questions in mind - and given the general usability of FOSS desktop UNIX-like systems, it never ceases to surprise me that people, every day, are still using MS-Windows and other closed-source solutions. It's morally wrong, and it's technically dangerous.

Over the years, I have realised the people who are attracted to roleplaying games are an interesting bunch. Many are people with either an incredibly systematic knowledge (it seems that every second sysadmin is a RPGer). Many (such as patchworkkid, artbroken, drzero for example) are people of significant literary merit and talent. But some however are special and not in a good way. For example, one has to be a "very special individual", to start an abusive tirade because an observer comments that a regular gaming schedule might work better than an inconsistent one. Such a "special individual" would include Ian Bouch (yeah, top-posting, start from the bottom *sigh*). Congratulations Ian; I don't often condemn people on my journal for their personal behaviour but you sir, are an arsehole.

Comments

[cluebyfour.livejournal.com]

While I'm not oblivious to the security issues surrounding closed-source operating systems, I must admit to taking some offense at the implication that it's morally wrong for me to support my family as a .NET developer. Limiting myself to only FOSS products would severely limit my earnings potential, and quite frankly would be irresponsible given my obligations to myself and others. I do what I gotta do, IOW.

That said, I'm equally distressed when I point out security problems with either code or application configurations and they're routinely dismissed by the PHBs as not worth fixing. (Sometimes I'll fix them anyway.)

[zey.livejournal.com]

Now despite the seriousness of the problem, it was found and patched remarkably quickly.

You've got to love a system where the fix for an OpenSSL exploit issue is... *drumroll* apt-get update ;-). The same command you'd be using normally anyway to collect security and other software updates.

Would this even have been discovered in a closed source model?

Possibly. The source might have fewer eyes looking, but, the people looking are doing it for a living and their livelihood depends on their being dilligent.

Would the company holding the patents and copyrights admit the problem?

I think you might be mistaking the slow going of a giant effective monopoly for standard behaviour at all proprietory firms, large and small. Larger companies have all the turning circle of a battleship. Smaller companies are more nimble.

With those questions in mind - and given the general usability of FOSS desktop UNIX-like systems, it never ceases to surprise me that people, every day, are still using MS-Windows and other closed-source solutions.

Most people out there will use the UI they're comfortable with, especially if it took them a while to learn it in the first place. That's the profile of your average (non-techy) office computer user. They'll also have this or that app they can't live without. Add the two together and they're never going to contemplate moving.

That's why I think the Linux desktop is a bit of a pipe dream (it's been the year of the Linux desktop for how many years now?) and why ReactOS is such an exciting prospect. It's Windows, GPL and without the bloaty extraneous cruft.

It's morally wrong [...]

At some point, even a FOSS programmer wants a job where his skills will help him pay the rent. Donations are irregular and won't cover it.

Relying on support contracts for your FOSS software has problems: (a) The aim of a good programmer is to make your software intuitive and bug-free enough that the users shouldn't need support, and, (b) programmers hate doing end user support.

That's the paradox of FOSS, really. It needs proprietory software development contracts around in the system to keep their FOSS programmers in a financial position where they can keep programming for free on those FOSS projects they're interested in.

[reddragdiva]

Asshole Personality Disorder.

[(Anonymous)]

OK ... If that linux president guy isn't socially inept then just what is his problem?

[noneuklid.livejournal.com]

Given the severity and commonality of flaws in (early, especially) builds of Windows, it's almost a miracle the Internet is still running, seeing how that is by far the most common client OS and makes up a reasonable proportion of server OSes.

When something seems to be almost a miracle, I look for other causes.

I'm not going to claim that there's any sort of moral high ground to be had in the sort of IP protection that goes on for closed-source type companies, but I do feel that for being the brightly lit, golden-walled house on the hilltop, Windows has done an amazing job of handling security.

[richardjones.livejournal.com]

Just for the sake of argument, is it reasonable to say that this particular source of flaws wouldn't exist in a closed-source world because an ignorant downstream developer can't break an upstream's product in such a way?

[dputiger.livejournal.com]

tcpip,

I homed in on this post as something interesting when I saw you say: With those questions in mind...it never ceases to surprise me that people, every day, are still using MS-Windows and other closed-source solutions. It's morally wrong, and it's technically dangerous. I'm going to table the "technically dangerous" bit, but I think you've hit on something very important when you define the use of closed-source software (specifically Windows) as "morally wrong."

Upon consideration, I think FOSS users can be thought of as generally belonging to at least one of three camps. Placing oneself in one of these groups does not exclude membership in the other two, and some people (including you, I think) are a member of all three. Economic FOSS users are those people and companies who use open-source software because they believe doing so makes financial sense, delivers a competitive advantage, or both . Members of this group can be users (IT departments, individuals, etc) or developers, and the corporate-backed efforts of companies like IBM or Sun would also fall into this category.

Next we have what I'm calling the Philosophers. Users in this group may or may not think FOSS is the best economic decision, but they put enough of a premium on the ideas, goals, and overall position of FOSS to use it even in situations where it may not be the best financial choice. A simple example of this group would be an individual who buys an OEM system with Vista pre-installed. Instead of using Vista, he deletes the OS and loads a Linux distro of his choice, even if the distro in question requires substantial configuration tweaking in order to run properly on his hardware. Put another way, this is the person who is willing to sacrifice a "reasonable" amount of time, energy, and in some cases, functionality, in order to have an FOSS-based system.

Finally, there are the Moralists. For this group, FOSS solutions aren't just a preference, they are a component of moral living. Some members of this group will view the situation more practically than others, and may accept the use of closed-source code as a necessary evil, but for the more "devout" members, anything less than absolute devotion represents ideologically unacceptable compromise. Richard Stallman is, I think, an excellent example of an extreme Moralist.

Having defined my terms, I'll actually say something. ;)

After reading your original post and considering the issue, I think that there's a definite tension between Economic and Moralist developers/users that actually ends up benefiting the closed source (i.e. Microsoft and Apple) camp. I throw Apple in here, by the way, because while the OS X kernel may be open-source, Apple's overall design methodology is, in my opinion, as closed-source as it gets.

Microsoft solutions don't ask any uncomfortable questions (with the possible exception of "Where the FUCK is your license key, user BitTorrent79?!") and they don't attempt to turn one's computing preferences into a referendum on personal morality. People all over the 'Net debate Vista vs. XP, but no one asks whether one solution is spiritually or ideologically purer than the other. Even when we bring Apple into the picture, such debates are muted, and tend to be anchored in economic terms (MS is a monopoly!) rather than moral ones.