Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 13 May 1999 10:05:44 -0600
From:      Brett Glass <brett@lariat.org>
To:        Jamie Bowden <ragnar@sysabend.org>, chat@FreeBSD.ORG
Subject:   Re: BSD, GPL, the world today. (fwd)
Message-ID:  <4.2.0.37.19990513095524.04429440@localhost>
In-Reply-To: <Pine.BSF.3.96.990513104700.2143C-100000@beelzebubba.sysabe nd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
At 10:50 AM 5/13/99 -0400, Jamie Bowden wrote:

 >Now that I have your attention, let me continue.  The biggest problem I
>see with software today, as an admin (read, bridge between users and
>vendors), is the refusal of vendors to take responsibilty for their
>products.  Microsoft seems to be the biggest practitioner of this, but
>they didn't start it.  

Actually, Jamie, this reflects a still larger problem. The way coding
is done today, companies CAN'T take responsibility for their products,
because they HONESTLY DON'T KNOW HOW TO EVALUATE QUALITY OR BUILD IT
IN THE FIRST TIME. Programming today is done with poor and rusty tools 
that admit themselves to all kinds of errors -- yet we haven't replaced 
them with tools that prevent those errors. We're still slicing off our 
fingers with rusty circular saws without blade guards. That's why new 
buffer overflow exploits, for example, are discovered daily -- even 
though the problem has been known for decades now.

Open source tries to solve this problem by brute force: Apply enough eyes 
to the source code, and hopefully the problems will be caught by the 
White Hats before the Black Hats exploit them. But the Black Hats are 
more motivated to win the race, so they often do. The White Hats
are motivated by pride in their work (the existence of a bug or exploit
doesn't REALLY seem to damage peoples reputations in the open source
world so long as they fix it), which isn't as strong a motivation.

Of course, the correct solution to the problem is to build proper tools
for crafting and analyzing code (goodbye, C and C++!) and to train our
programmers in good coding techniques. (Most bugs can be boiled down to the 
same dozen or so common programming or architectural mistakes.) Will
it happen? Not the way things are going. But software quality is not
a licensing issue. Open source is, again, one way of attempting to
brute force the problem rather than solving it ab initio.

--Brett Glass



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.37.19990513095524.04429440>