MediaFilter on Thu, 2 Apr 1998 11:18:45 +0200 (MET DST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Out the Windows


            OUT THE WINDOWS

Open source code development is the key to real progress and growth in the
now tired monopoly marketplace that has up till now limited the vast
creativity and innovative talents that yearn to be free from the tyranny
of overly- hyped, rushed to the marketplace, bad code. 

The first massmarket computers had DOS and today's massmarket operating
system is still trying to recover from the plagues of its legacy... and
before that, in order to meet their contract deadlines, without thinking
ahead, just to make the machines do what they promised to make them do, a
bunch of COBOL programmers saved some BYTES to speed up the power of the
banks to count money...not realizing that by the time they were entering
into retirement, they would find themselves once again in demand to come
back and clean up their messy legacy, the TWO DIGIT DATE a/k/a MILLENNIUM
BUG... 

These lessons are important to note of as we move on into a refreshed
climate of open development with the high level of enthusiasm for projects
like the free LINUX operating system and JAVA and the release of the
sourcecode for NETSCAPE--all the elements to push computing and network
communications and production of audiovisual media to a new level by
allowing independent developments of the tools and applications for
everyday use. No code should be released before its time!  If FORD or GM
sold cars with as many bugs as much Monopolycorporate Software (MS), the
repair costs from the millions of recalled vehicles would drive them out
of business. Independent developers should heed this call.... 

Better and less expensive...there is no doubt that LINUX is a far better
operating system than any brand of WINDOWS or MacOS but it is difficult
for most people to use LINUX because there is a shortage of development of
GUI's and popular applications that are otherwise widely available for
lesser operating systems.  Popular application development in JAVA is the
key to transitioning from an expensive, inferior operating system, to a
superior, INexpensive one on a mass level. Once code will run an any
platform, regardless of CPU, the OS monopoly is broken and free
development can flourish, spawning opportunities in its wake. 

But, before we get too euphoric, let's get back to the potential plagues
of legacy code that can force any development back to the drawing board... 

We run LINUX here on our net at NAME.SPACE and we love it ...and the open
development aspect of it.  However, there are many practical reasons why
we will eventually abandon LINUX on our critical servers and replace it
with netBSD (another free version of UNIX) because LINUX has too many
insurmountable security holes--legacy code--built into it. One of the most
disturbing and least likely to be fixed in the short run is the LINUX
memory management structure (referred to as "trampoline" structure) which,
due to the its executeable memory stacks, makes it succeptable to stack
overflow exploits which gives predators a rootshell and thus control and
full access to the machine.  The many security flaws in LINUX are well
known and there are many "tools" available on the net for even
unsophisticated predators to use to totally HIJACK a LINUX host. 

   [ Some of these flaws have been demonstrated to us during ]
   [ a recent security audit performed on our systems by     ]
   [ our technical team and it was a very rude awakening.    ]

As a standalone machine without outside users however, LINUX is an
inexpensive, superior OS and excellent example of open source development. 
Just make a release that is easier to install than the MS systems and
everyone will switch! 

The cautions are not meant to diminish the value and necessity of
open-source code development--quite the contrary-- but as a reality-check
on the inherent vulnerabilities to security on an individual as well as a
network level by running code that is not quality controled. (not that we
should "trust" any Monopolycorporate Software-- quite the opposite)

If open source development is to succeed, then we must encourage not only
its existance and growth, but also come up with a process of reviewing and
evaluating the "health" of the applications we run.  As simple users, most
people are unaware of the ways in which their privacy and security is
compromised on a daily basis by running the MS applications available to
them.  Recall for example the ActiveX threat revealed two years ago by the
Chaos Computer Club (CCC) in which a user of windows running Quicken could
have money transferred from their account to another without their
knowledge by a nasty implimentation of ActiveX.  Other examples abound,
and more are yet to be discovered.  In this light, it is imperitive that
an independent consortium of programmers, security experts and developers
set up a forum to freely exchange knowledge and testing of software.  This
already exists outside the corporate government structure in many forums
including publications like 2600 and the efforts of Computer Professionals
for Social Responsibility (CPSR), CCC, EFF and others, but their audience
has mostly been limited to their small communities of specialists and
enthusiasts.  It is important to create a bridge to the less sophisticated
users and non-specialists so they can increase their awareness in the
risks and benefits associated with computers and online culture. Socially
responsible and conscious programmers and technical experts should devote
a portion of their time and energy to evaluating applications and
educating the users as to the benefits and risks of running them. Making
the source-code publicly available makes all programmers accountable for
their work to ensure that users are not exploited through TROJAN HORSE
backdoors or other "Data Body Invasions" that may be coded into
applications by the unscrupulous. 

Freely available code and easy to use applications will create the liberty
to throw all the legacy MS stuff out the window... 

The next step is for all programmers who work for MS companies to quit
their jobs, and start working at home writing shareware...the world will
probably benefit with much better code, and the programmers themselves
will make a better living while leading the lives they choose to lead,
writing code in between. 

--Paul Garrin
  04011998

Footnote:  The EPOCH of the UNIX operating system (of which
           LINUX is a flavor) begins on midnight, 0.00 UTC,
           January 1, 1970 and looks forward. The UNIX
           "Millenial Crisis" will hit on Monday, January
           19 2039 03.14.07 UTC...

---
#  distributed via nettime-l : no commercial use without permission
#  <nettime> is a closed moderated mailinglist for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: [email protected] and "info nettime-l" in the msg body
#  URL: http://www.desk.nl/~nettime/  contact: [email protected]