Silly Linux Kernel Bug

Tue Dec 2 10:05:37 PST 2003

Eric Tully writes:

> I've heard that argument before (last time I heard it was a problem with 
> a PGP implementation) and I never understand what people are trying to 
> prove when they say it.

Let me simplify.  I found it startling that a Redmond-level bug was in a
mature open-source project, the result of many years of hard work and
evolution, deemed "Ready for the Enterprise."

This isn't a slap at Open Source.  It's just mild bemusement.  

> Are you saying that the Open Source model isn't as good as proprietary 
> "we'll-fix-it-if-we-feel-like-it" models? Are you saying that Open 
> Source isn't the promised land like you were... um, promised? Are you 
> saying that Open Source model shouldn't be used for anything that 
> concerns security? I honestly don't know what you're getting at.

Well, let's see.  I think Open Source is better than the Closed Source
proprietary "It's not a bug, it's a feature" model.  I've never been
promised anything by Open Source, so it's certainly not the second thing..  
While I wouldn't say Open Source should not be used for secure code, there
seems to be a bit of overconfidence in this area, particular in the lack
of realization that Open Source clones of rock solid pieces of software
like PGP and SSH are probably exploitable and buggy when they are first
released.

But all in all, I think Open Source is an excellent idea, as long as one
does not have unrealistic expectations.  I wouldn't use Open Source to run
an artificial heart, but for most of the things it is used for, it is
probably quite satisfactory.

> So Open Source is not a perfect solution. In its defense:

> - you had the opportunity to hire a team of 50 to examine the code
> - the solution was made known to you
> - you can reject this solution and write your own if you prefer

> none of which would have been true if this were proprietary code.

Quite true.

> There's so many good things about this model - it seems silly to argue 
> that Open Souce doesn't live up to the unrealistic hype that the guys on 
> Slashdot promised you.

I have not been promised anything by the "guys on Slashdot."  I simply
found the error amusing.  Let's not get our blood pressure in an uproar
simply because virtually every Linux system in the world was just
discovered to have a user readable/writable kernel.  It will be fixed, and
life will move on.

This is a dumb coding error.  Not a referendum in the eyes of God on the 
worthiness of the Open Source movement.

Chill.

-- 
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
"Do What Thou Wilt Shall Be The Whole Of The Law"