From owner-freebsd-chat Thu May 13 9: 6:10 1999 Delivered-To: freebsd-chat@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 59C1A14FAA for ; Thu, 13 May 1999 09:06:00 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id KAA14539; Thu, 13 May 1999 10:05:55 -0600 (MDT) Message-Id: <4.2.0.37.19990513095524.04429440@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.37 (Beta) Date: Thu, 13 May 1999 10:05:44 -0600 To: Jamie Bowden , chat@FreeBSD.ORG From: Brett Glass Subject: Re: BSD, GPL, the world today. (fwd) In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:50 AM 5/13/99 -0400, Jamie Bowden wrote: >Now that I have your attention, let me continue. The biggest problem I >see with software today, as an admin (read, bridge between users and >vendors), is the refusal of vendors to take responsibilty for their >products. Microsoft seems to be the biggest practitioner of this, but >they didn't start it. Actually, Jamie, this reflects a still larger problem. The way coding is done today, companies CAN'T take responsibility for their products, because they HONESTLY DON'T KNOW HOW TO EVALUATE QUALITY OR BUILD IT IN THE FIRST TIME. Programming today is done with poor and rusty tools that admit themselves to all kinds of errors -- yet we haven't replaced them with tools that prevent those errors. We're still slicing off our fingers with rusty circular saws without blade guards. That's why new buffer overflow exploits, for example, are discovered daily -- even though the problem has been known for decades now. Open source tries to solve this problem by brute force: Apply enough eyes to the source code, and hopefully the problems will be caught by the White Hats before the Black Hats exploit them. But the Black Hats are more motivated to win the race, so they often do. The White Hats are motivated by pride in their work (the existence of a bug or exploit doesn't REALLY seem to damage peoples reputations in the open source world so long as they fix it), which isn't as strong a motivation. Of course, the correct solution to the problem is to build proper tools for crafting and analyzing code (goodbye, C and C++!) and to train our programmers in good coding techniques. (Most bugs can be boiled down to the same dozen or so common programming or architectural mistakes.) Will it happen? Not the way things are going. But software quality is not a licensing issue. Open source is, again, one way of attempting to brute force the problem rather than solving it ab initio. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message