Sujet : Re: OT: Linix goes politics
De : blockedofcourse (at) *nospam* foo.invalid (Don Y)
Groupes : sci.electronics.designDate : 28. Oct 2024, 23:22:13
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vfp2qp$16m3q$1@dont-email.me>
References : 1 2 3 4 5 6
User-Agent : Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2
On 10/28/2024 3:06 PM, Lasse Langwadt wrote:
On 10/26/24 20:15, Don Y wrote:
On 10/26/2024 6:18 AM, Lasse Langwadt wrote:
And to some extend it also protects Russian contributors from being the target of being forced to add "bad things"
>
The problem with FOSS is the naive belief that "lots of eyes"
looking at the code *will* discover errors, bugs, etc. This
is just wishful thinking.
>
From "KLEE: Unassisted and Automatic Generation of High-Coverage
Tests for Complex Systems Programs":
>
"We also used KLEE as a bug finding tool, applying it to 452
applications (over 430K total lines of code), where it found
56 serious bugs, including three in COREUTILS that had been
---> missed for over 15 years. Finally, we used KLEE to crosscheck
purportedly identical BUSYBOX and COREUTILS utilities, finding
functional correctness errors and a myriad of inconsistencies."
>
So, folks have been looking at that code for "15 years" and still
didn't notice the bugs?
>
The failure is in thinking that someone ELSE will have found the bugs
and taken action on correcting them.
>
A "bad actor's" actions are, thus, largely innoculated from discovery.
And, as there is no easy way of tracking down who/what may have
already incorporated them, no easy way to "recall" those defective
products. (closed source would have such a provision as the owner
of the source will likely know which products contain which bits
of code)
have you seen some of the closed source code that has tried to go open source?
It doesn't have to "go open source". I've seen a shitload of closed
source code to comment on *its* quality.
But, that doesn't conflict with the assertion that a closed source
project is more easily tracked through deployment (instantiation
into specific products with specific serial numbers).
it usually fails because no one remembers what code was outright stolen, what was taken from open source and in violation of licenses, and what was bought from 3rd party with no right release, under NDA or violating patents
Like any product, OWNERSHIP is an important contributor (but not
guarantor) to quality. If it's not "yours", how much pride of
ownership will you exhibit? How much effort will you expend
to "grok" the design and implementation?
Likely, you adopted the software because you saw it as an expedient
to "writing all that code, yourself". So, how much "free time"
do you have to devote to exploring and learning what others (plural)
have done in the inherited codebase? :<
Note that "employees" aren't guaranteed to have a vested interest
in the code they develop -- or maintain. It's a mindset that you
can't "buy", hence the value of good interviewing and BETTER
management (turn someone into a grunt and their efforts and
attitude will follow commensurately).
OT: Linix goes politics
Re: OT: Linix goes politics