[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ProgSoc] UTS ISP
Christian Kent wrote:
> Hmmm. As for being protected from my own innocence, let's talk to your
> local husband & wife SOHO operation who happily run a business on
> Win3.1/Win95/Mac. Each of those platforms has its share of ease,
> reliability, and usefulness, but stick them in front of a Linux box and
> say "Here, now compile your kernel" ... pffft.
Granted, the need to compile kernels in some situations is extremely
annoying. This is diminishing gradually.
> Oh yes, let them download source code too. "Pssst, here's a clue, compile
> your applications before installing them". Hey, wow, they can modify the
> C code if anything crashes or needs to be fixed!! That is WAY much better
> than Windows!
Actually it is. Discover a critical security bug in an MS product, and
here's the drill:
- Spend 45 minutes on the phone explaining to a support stooge that you
have this reproducible bug and having him/her insult your intelligence
as politely as possible by asking you to install irrelevant patches or
asking to call back in a week when the next "service pack" is available
because maybe that will fix the bug that you don't have.
- Other people find out about the bug and start talking about it.
- Microsoft vehemently denies the existence of the bug. Time passes.
- Microsoft says that the activities of crackers using "illegal
networking commands" (yes, I am quoting a Microsoft press release) may
impact the security of a small number of sites. (Interesting that
Microsoft should refer to all NT boxes on the public Internet as "a
small number".) Time passes.
- Microsoft, master of FUD, indirection and outright lying releases a
service pack which allegedly fixes the bug. Guess what? It doesn't. Now
people who were slightly unsettled by the possible existence of a
security flaw will ignore all future reports of this bug, because hey,
they've installed the patch. A small number of illuminati will be aware
of the problem, but by a masterful stroke of reverse-FUD, Microsoft has
rendered it almost impossible for people to be made aware of the fact. A
- Microsoft releases another service pack, which actually fixes the bug.
Two months pass.
- Microsoft releases service packs for non-US versions.
What is disconcerting about the scenario above is that, whilst it's
parody, it relates to events that actually occurred last year.
My point: when you are deeaing with closed-source, vendor-controlled
software, if you encounter a bug, you're stuffed. The vendor's support
stooges will patronise you, the bug will be denied, it will be put on a
"wish-list" and maybe just maybe, a fix will eventually see the light of
day. When you deal with open-source software, this problem does not
By way of example, a single critical TCP-related bug WAS recently
discovered in production releases of Linux (contrast the dozens that
have popped in Microsoft implementations). A fix was available less than
12 hours later. No commercial vendor in the world can match this sort of
The availability of the source isn't a direct advantage to many users,
but it isn't a disadvantage to them either. If bugs are discovered
however, far more people are able to act to fix them then if you are
locked in to vendor-controlled software. At worst, if you REALLY need a
bug fixed in a piece of open-source software, you can find a programmer
somewhere and hand him/her money and get a fix. If you use
vendor-controlled software, you'll just have to wait.
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to email@example.com.
If you are having trouble, ask firstname.lastname@example.org for help.
This list is archived at <http://www.progsoc.uts.edu.au/lists/progsoc/>