Skip to content
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Tech Crunch)   The end of open source is nigh   (techcrunch.com) divider line
    More: Scary, Free software, Linux kernel, Open source, Operating system, important open-source project, Unix, Linux, University of Minnesota researchers  
•       •       •

1833 clicks; posted to STEM » on 19 Jul 2021 at 2:35 AM (2 weeks ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook



34 Comments     (+0 »)
View Voting Results: Smartest and Funniest
 
2021-07-18 10:51:09 PM  
Welp.
 
2021-07-18 11:04:18 PM  
Boolsheet.
 
2021-07-18 11:07:07 PM  
No
 
2021-07-19 12:23:05 AM  
Open source is nice for OS issues. In 20+ years in software not one company I've worked for has ever contributed to any open source anything.
 
2021-07-19 12:23:13 AM  
Darn it! And it was The Year of the Linux Desktop too!
 
2021-07-19 2:24:31 AM  
Putin.
 
2021-07-19 2:43:01 AM  

b0rscht: Boolsheet.


Sorry, all I have is a duvet and a pair of cushions.

Fark user imageView Full Size
 
2021-07-19 2:56:31 AM  
Again?
 
2021-07-19 3:14:13 AM  
Troll. This writer uses lots of buzzwords to obfuscate any real meaning. It's just trying to raise the reader's hackles. While it is true that open source can be a target for coordinated and sophisticated attacks, those who contribute to open source are not slackers. Despite the use of new terms (blue and red team) white hat and black hat actors are still playing the same back and forth game as always. The tools and methods both use are evolving, which is the real point. Just because the details are getting too complicated for the journalist to follow doesn't mean those 'in the trenches' aren't capable of dealing with the latest advances.

Fake intelligence via extravagant verbiage is annoying. Don't feed the trolls.
 
2021-07-19 3:14:51 AM  
Open source doesn't mean open commit.
 
2021-07-19 3:47:45 AM  
Fark user imageView Full Size
 
2021-07-19 4:54:38 AM  
If everything software developers do is made open source and posted online, then what's to stop someone inventing a program and making their jobs obsolete by just doing copy and paste much more quickly?
 
2021-07-19 5:42:49 AM  

bostonguy: If everything software developers do is made open source and posted online, then what's to stop someone inventing a program and making their jobs obsolete by just doing copy and paste much more quickly?


Lots of programmers put themselves out of a job by permanently solving the problem they were hired to deal with. It just means they have that on their resume to do it for the next company. Closed or open, we only need so many OSes, so many office suites, etc... these are important programs, but only a very small percentage of developers are ever going to be making a living making them. However, every company has a website. Most companies have specific tasks that need custom programs - or at least modifications when the off-the-shelf product doesn't quite cut it. There's all sorts of automation scripts. Robot code is specific to the thing the robot is making. You also get into things like game engines, where an enormous amount of games may use one well-written engine, but the actual game is unique.

Everything also has to be updated. New security holes are found - or invented. New accessibility devices appear - and need to be coded for. That company's task changes enough that the code needs to change with it.  That game was successful - now people want an expansion, or a sequel. The company that made your robot went tits up, and now you need code for a different model. A company eats another company and their code has to talk to the new stuff.

In short, even if you can grab an open source program that does most or all of what you need in specific cases, there's still a looooooooooot of code that needs to be written professionally.
 
2021-07-19 7:14:51 AM  
WTF did I just read?

On that note, I'm wondering if the whole systemd debacle was one giant attack on everyone's sanity.
 
2021-07-19 7:57:57 AM  

spaceman375: Troll. This writer uses lots of buzzwords to obfuscate any real meaning. It's just trying to raise the reader's hackles. While it is true that open source can be a target for coordinated and sophisticated attacks, those who contribute to open source are not slackers. Despite the use of new terms (blue and red team) white hat and black hat actors are still playing the same back and forth game as always. The tools and methods both use are evolving, which is the real point. Just because the details are getting too complicated for the journalist to follow doesn't mean those 'in the trenches' aren't capable of dealing with the latest advances.

Fake intelligence via extravagant verbiage is annoying. Don't feed the trolls.


I dunno. This mirrors the arguments I've had to combat from our risk and compliance office.

Windows open source apps were forbidden for YEARS. We literally PAID for thousands of Attachmate seats rather than use Putty because the lawyers said so. It's better now, but this will bring it all back again.

They don't worry so much about our Linux servers because they are a big black box to them.
 
2021-07-19 8:25:52 AM  

bostonguy: If everything software developers do is made open source and posted online, then what's to stop someone inventing a program and making their jobs obsolete by just doing copy and paste much more quickly?


Some people are already on it.

Considering scaffolding has been a thing for some time, I suppose we were already down that road.  But it does seem nice for arbitrary boilerplate crap until there's 2000 bug work items assigned to it.
 
2021-07-19 8:52:07 AM  

Evil Twin Skippy: On that note, I'm wondering if the whole systemd debacle was one giant attack on everyone's sanity.


The systemd thing was just a bunch of old sysadmins who didn't want anything to change.

/fight me
 
2021-07-19 8:59:10 AM  

WhackingDay: Evil Twin Skippy: On that note, I'm wondering if the whole systemd debacle was one giant attack on everyone's sanity.

The systemd thing was just a bunch of old sysadmins who didn't want anything to change.

/fight me


As one of those old sysadmins... nah.

Y'all got what you deserved. Namely, systemd.

/Back in my day you could actually read your logs
//And why the hell didn't they base the binary log on something searchable and industry standard at the time: sqlite?
 
2021-07-19 9:05:39 AM  
If I wanted to do something nefarious, I wouldn't start with Linux because there is at least some levels of review. And if people start getting weird results, they might open up the source.

You want the best attack? NPM packages. Someone did one as a proof of concept. You find a package that's in a hierarchy that's looking for help, and you offer to help out. The owner is probably bored with it, so you then take it over. You write some code to say, capture all form inputs and send to a server. You obfuscate that code and update the NPM package with it.

Lots of developers will then just do an NPM update and introduce your code into their websites.
 
2021-07-19 9:46:38 AM  

tfresh: Open source is nice for OS issues. In 20+ years in software not one company I've worked for has ever contributed to any open source anything.


Lolzz

Apparently you have never seen the contributors list to the Linux kernel
 
2021-07-19 9:50:14 AM  

Joe USer: Darn it! And it was The Year of the Linux Desktop too!


I suppose the worldwide community of Linux users and coders are going to go away too......

And their communities too.....
 
2021-07-19 10:03:37 AM  

thehellisthis: Open source doesn't mean open commit.


No, it doesn't.  But I think what they've identified is that it's possible to spam so-called patches at whoever's doing the reviewing to commit

It might be that you flood them with crap so that you can try to sneak vulnerabilities in, but it could also be just a simple denial-of-service, so they just can't process legitimate patch submissions.  (And if you know of a zero-day exploit, maybe you do this so it's less likely to get repaired, as the maintainer is too distracted with the crap submissions)
 
2021-07-19 10:16:53 AM  
Run amuck used car salesman capitalists could never accept the fact that the open source development model for building software trumps the closed source company way of doing it.  Unless its highly specialized software wo many users.
 
2021-07-19 11:09:02 AM  

Tom Marvolo Bombadil: b0rscht: Boolsheet.

Sorry, all I have is a duvet and a pair of cushions.

[Fark user image image 400x300]


I bet some wild compiling goes on there.
 
2021-07-19 11:23:33 AM  

Evil Twin Skippy: WhackingDay: Evil Twin Skippy: On that note, I'm wondering if the whole systemd debacle was one giant attack on everyone's sanity.

The systemd thing was just a bunch of old sysadmins who didn't want anything to change.

/fight me

As one of those old sysadmins... nah.

Y'all got what you deserved. Namely, systemd.

/Back in my day you could actually read your logs
//And why the hell didn't they base the binary log on something searchable and industry standard at the time: sqlite?


Because SQLite is optimized for querying. systemd's log system is optimized for appending. Two different use-cases call for different implementations.
 
2021-07-19 12:01:40 PM  

spaceman375: Troll. This writer uses lots of buzzwords to obfuscate any real meaning. It's just trying to raise the reader's hackles. While it is true that open source can be a target for coordinated and sophisticated attacks, those who contribute to open source are not slackers. Despite the use of new terms (blue and red team) white hat and black hat actors are still playing the same back and forth game as always. The tools and methods both use are evolving, which is the real point. Just because the details are getting too complicated for the journalist to follow doesn't mean those 'in the trenches' aren't capable of dealing with the latest advances.

Fake intelligence via extravagant verbiage is annoying. Don't feed the trolls.


All this did is make it blatantly obvious that Open Sources vaunted security advantage over closed source wasn't nearly as impressive as thought (like when XP was popular which will give you root when asked nicely).  The stack is just too complex to make sure that there aren't security holes, intentional or not.

But if you have a windows print server, you really should consider wiping it and replacing it with Linux.  Same for pretty much any server that doesn't require the particularly tight client/server relationship with Windows that keeps Microsoft in business.
 
2021-07-19 12:12:17 PM  

hublan: Evil Twin Skippy: WhackingDay: Evil Twin Skippy: On that note, I'm wondering if the whole systemd debacle was one giant attack on everyone's sanity.

The systemd thing was just a bunch of old sysadmins who didn't want anything to change.

/fight me

As one of those old sysadmins... nah.

Y'all got what you deserved. Namely, systemd.

/Back in my day you could actually read your logs
//And why the hell didn't they base the binary log on something searchable and industry standard at the time: sqlite?

Because SQLite is optimized for querying. systemd's log system is optimized for appending. Two different use-cases call for different implementations.


Firing up faster and light weight weight inserting is a primary objective.

But you can have inserts prioritized over seek times... By designing your table correctly, minimal indexing and stats, etc. Or by asynchronous logging. I do think log files is a very Linux way to solve things, and then so is writing tools to parse and search and display things. Start with command line utilities and then write GUI ones and aggregators. I don't think sqllite was a great option at the time, but I would be curious if it was viable now. A tiny DB for logging would be hella convenient over custom binary files.

And logging is one of the big contentious issues with systemd.
 
2021-07-19 1:04:38 PM  

Linux_Yes: Joe USer: Darn it! And it was The Year of the Linux Desktop too!

I suppose the worldwide community of Linux users and coders are going to go away too......

And their communities too.....


Is that a promise?
 
2021-07-19 3:25:52 PM  

Linux_Yes: Tom Marvolo Bombadil: b0rscht: Boolsheet.

Sorry, all I have is a duvet and a pair of cushions.

[Fark user image image 400x300]

I bet some wild compiling goes on there.


Uploading his "code"
 
2021-07-19 4:09:00 PM  

Quantumbunny: hublan: Evil Twin Skippy: WhackingDay: Evil Twin Skippy: On that note, I'm wondering if the whole systemd debacle was one giant attack on everyone's sanity.

The systemd thing was just a bunch of old sysadmins who didn't want anything to change.

/fight me

As one of those old sysadmins... nah.

Y'all got what you deserved. Namely, systemd.

/Back in my day you could actually read your logs
//And why the hell didn't they base the binary log on something searchable and industry standard at the time: sqlite?

Because SQLite is optimized for querying. systemd's log system is optimized for appending. Two different use-cases call for different implementations.

Firing up faster and light weight weight inserting is a primary objective.

But you can have inserts prioritized over seek times... By designing your table correctly, minimal indexing and stats, etc. Or by asynchronous logging. I do think log files is a very Linux way to solve things, and then so is writing tools to parse and search and display things. Start with command line utilities and then write GUI ones and aggregators. I don't think sqllite was a great option at the time, but I would be curious if it was viable now. A tiny DB for logging would be hella convenient over custom binary files.

And logging is one of the big contentious issues with systemd.


I do enjoy watching the greybeards on Slashdot foam at the mouth at the mere mention of systemd.

If SQLite output is desired, there's always Fluent Bit, which interfaces directly with journald.
 
2021-07-19 8:58:58 PM  

Linux_Yes: Tom Marvolo Bombadil: b0rscht: Boolsheet.

Sorry, all I have is a duvet and a pair of cushions.

[Fark user image image 400x300]

I bet some wild compiling goes on there.


A common compiler used in such setups:

Fark user imageView Full Size
 
2021-07-20 7:57:52 AM  

tfresh: Open source is nice for OS issues. In 20+ years in software not one company I've worked for has ever contributed to any open source anything.


The companies I have worked for have contributed, to various degrees.

One was working with the KDE kernel, way back in the day, and we submitted huge bundles of changes.  Not sure they appreciated it due to the shear volume of shiat that had to be checked, but we were trying to make the damned thing usable for a commercial market.

Last company didn't directly contribute, but when we found (and fixed) shiat locally, we would file a PR with the team, outlining the bug, and the specific fix for the library in question.  It was up to them to include it, or not.
 
2021-07-20 12:25:37 PM  
The article is bullshiat concern troll. The UM researchers acted like unmitigated assholes just to publish a paper. They were just submitting nonsense commits to the LKML and maintainers saying they are fixing some issues.  They are wasting the volunteers' time who act in good faith and take time to review all the patches.

Acting like a "Red Team" which is a malicious actor without prior agreements with the org you are working against will get you treated like a real malicious actor. the Linux guys were absolutely right to shut them down. I cannot believe that team got approval from any ethics board.
 
2021-07-20 12:28:12 PM  

bostonguy: If everything software developers do is made open source and posted online, then what's to stop someone inventing a program and making their jobs obsolete by just doing copy and paste much more quickly?


If someone comes up with a program that can read code, "understand" what it does without actually running the program without zillion inputs and use them as components to build new programs, then they will have solved the Holy Grail of computing problems.

Today, looking a program, people cannot even guarantee that a program terminates in a finite time for all possible inputs. Look up "Halting Problem" and NP-Complete problems.
 
Displayed 34 of 34 comments

View Voting Results: Smartest and Funniest

This thread is closed to new comments.

Continue Farking




On Twitter


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.