Re: [ProgSoc] UTS ISP

[Roland Turner <raz@nospam.arrakis.com.au>]

Christian Kent wrote:

> Hmmm.  As for being protected from my own innocence, let's talk to your
> local husband & wife SOHO operation who happily run a business on
> Win3.1/Win95/Mac.  Each of those platforms has its share of ease,
> reliability, and usefulness, but stick them in front of a Linux box and
> say "Here, now compile your kernel" ... pffft.

Granted, the need to compile kernels in some situations is extremely
annoying. This is diminishing gradually.

> Oh yes, let them download source code too.  "Pssst, here's a clue, compile
> your applications before installing them".  Hey, wow, they can modify the
> C code if anything crashes or needs to be fixed!!  That is WAY much better
> than Windows!

Actually it is. Discover a critical security bug in an MS product, and
here's the drill:

- Spend 45 minutes on the phone explaining to a support stooge that you
have this reproducible bug and having him/her insult your intelligence
as politely as possible by asking you to install irrelevant patches or
asking to call back in a week when the next "service pack" is available
because maybe that will fix the bug that you don't have.

- Other people find out about the bug and start talking about it.

- Microsoft vehemently denies the existence of the bug. Time passes.

- Microsoft says that the activities of crackers using "illegal
networking commands" (yes, I am quoting a Microsoft press release) may
impact the security of a small number of sites. (Interesting that
Microsoft should refer to all NT boxes on the public Internet as "a
small number".) Time passes.

- Microsoft, master of FUD, indirection and outright lying releases a
service pack which allegedly fixes the bug. Guess what? It doesn't. Now
people who were slightly unsettled by the possible existence of a
security flaw will ignore all future reports of this bug, because hey,
they've installed the patch. A small number of illuminati will be aware
of the problem, but by a masterful stroke of reverse-FUD, Microsoft has
rendered it almost impossible for people to be made aware of the fact. A
month passes.

- Microsoft releases another service pack, which actually fixes the bug.
Two months pass.

- Microsoft releases service packs for non-US versions.


What is disconcerting about the scenario above is that, whilst it's
parody, it relates to events that actually occurred last year.

My point: when you are deeaing with closed-source, vendor-controlled
software, if you encounter a bug, you're stuffed. The vendor's support
stooges will patronise you, the bug will be denied, it will be put on a
"wish-list" and maybe just maybe, a fix will eventually see the light of
day. When you deal with open-source software, this problem does not
arise.

By way of example, a single critical TCP-related bug WAS recently
discovered in production releases of Linux (contrast the dozens that
have popped in Microsoft implementations). A fix was available less than
12 hours later. No commercial vendor in the world can match this sort of
response.

The availability of the source isn't a direct advantage to many users,
but it isn't a disadvantage to them either. If bugs are discovered
however, far more people are able to act to fix them then if you are
locked in to vendor-controlled software. At worst, if you REALLY need a
bug fixed in a piece of open-source software, you can find a programmer
somewhere and hand him/her money and get a fix. If you use
vendor-controlled software, you'll just have to wait.

- Raz
--
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@nospam.progsoc.uts.edu.au.
If you are having trouble, ask owner-progsoc@nospam.progsoc.uts.edu.au for help.

This list is archived at <http://www.progsoc.uts.edu.au/lists/progsoc/>