RMS Immature, Slashdot and Community Arrogant?

Non-Newtonian Fluid writes "There's an article over at ZDNN that claims RMS is "immature politically" and "insists on a reward for [himself]" for claiming Linux should be called GNU/Linux. Furthermore, in a lengthy talkback article, Slashdot and the Linux community as a whole are accused of the same arrogance. Perhaps this merits a discussion of the way our community deals with outsiders.... " Now, before everyone turns on the flamethrowers, let's think about the matter-is this true? The problem with most of these situations is that they do have some inherent truth to them. The question, of course, is how much?

I just don't post.

[Tsu]

I, for one, have opted to keep quiet rather than make a fool of myself and make the Linux community look bad. ]=)

It's worked so far.

But now I've said something.

Ahh.

Help.

Why on earth was Mettler given forum on here?

[Wakko Warner]

Has anyone read his absolute pathetic criticism of Open Source security? It basically amounts to "open source is bad because anyone can install a new version of the kernel and become root." I am not making this up.

It really would be a good idea to remove the Talkback link up above.

- A.P.
--

"One World, One Web, One Program" - Microsoft Promotional Ad

Idealism vs. Whining

[Skyshadow]

Idealism in this case would be explaining why you think it ought to be called GNU/Linux, then asking reporters to please call it such.

Immature whining is refusing to answer questions unless they use the term GNU/Linux. RMS might just as well have yelled "You must respect my authoritah!" at the top of his lungs for all the effect his little tantrum had.

Remember: Just because someone does some cool things doesn't mean that they're not also capable of acting like a complete nimrod.

----

RMS & Mr. Mettler, "Esq."

[opus]

Okay, so RMS is getting annoying. He's right that we should be thinking more about freedom, and it's true that without the GNU project we'd be nowhere: but unilaterally trying to change language is not only a waste of time, it pisses people off.

Just like it's true that women are discriminated against in almost every culture, but spelling it "wimmin" just makes you look stupid.

I'll call it GNU/Linux if the maintainers of the distro do. So it's "Debian GNU/Linux" and "Stampede GNU/Linux", but it's "Slackware Linux" and "RedHat Linux".

As for Mr. Mettler, "Esq.", I can't figure out what the hell he's talking about in his article. Does he mean that because the source code is available, it's easier to for an attacker to create a /bin/login with a back door? There are plenty of rootkits out there for proprietary systems! And has this guy never heard of MD5 checksums and hardware-locked volumes?

When it comes evaluating the security of a system, you should look at real-world track records. And if you'll do, you'll see that while Linux doesn't come out on top, another open-source OS does, viz. OpenBSD.
--

Absolutely true

[dmiller]

I am afraid that this criticism is well founded. For a community supposedly predicated on 'Freedom', it is very intolerant of dissenting views.

Witness the flamefest that ensues whenever a slashdot poster dares state that they like commrecial software, or preferrs M$ products.

IMO 'the community' should realise that bludgeoning people with your attitudes is not an effective way to change their minds. Quite the reverse, in fact.

Some thoughts...why RMS doesn't get credit

[Enry]

Take a picture of Linus. Nice clean cut boy. Short hair, no beard, no pocket protector. Wife and kids. Soft spoken, very modest.

Take a picture of RMS. Lived in his office for years. Typical "MIT nerd". Outspoken in his dislike of commercial (proprietary) softwate. Known (in our circles anyway) to incite people to the verge of riot (take the Tcl/Tk flamewars).

Now, if you were an editor of a major publication, who would you put on the front?

Let's be honest here. RMS has the right idea, but he's going about it wrong. To go around changing the name is just whining. Somehow, I don't think the press likes to be corrected that much.

Linux, Slashdot & arrogance...

[Special J]

FUDmeister Charlie's article was really nothing more than fluff. Its nothing we didn't already know: RMS has done some great things but he makes a lousy spokesperson. What is signficant is people are starting to notice.

The talkback article deserves more attention however. Some people are too quick launch flames before they examine what someone has to say...And you can see its starting earn us a bad reputation.

If someone points out a shortcoming of Linux, it isn't necessarily FUD; When someone points out a legitimate problem, it actually helps make things better. One of the reasons a certain other OS is so crappy is because its creators won't listen to its users. If every person who says something about a problem with Linux gets shouted down, they're not going to be very inclined to mention any other problems. Not to mention earning ourselves a reputation of being arrogant, foul-mouthed, wackos.

Remember...There's criticism and there's FUD. Know the difference.

It's okay to be a Win95 user

[J. J. Ramsey]

As for myself, I like Linux. It does what I need it to do, and exposure to it has helped me learn things that I might not have learned otherwise.

Linux is an OS, though, not a religion. Linux is not the One True Way (nor any Unix per se), and its acceptance by a user should depend on whether it fits the user's needs. You have decided for yourself that Linux doesn't meet your needs and Win 95 does. So be it.

I may not like the OS you use, but I'll contend that it is your privilege to use it.

arrogance

[gavinhall]

Posted by wadageek:

When you are a memner of a special community there is almost a need for some arrogance otherwise you would not feel that it is a special community. People from outside see it as arrogance while people inside see it as something special, and incidentlty, something to treasure.

Knowing and using Linux is a little bit like knowing and using Latin. It is unique and special and not everyone does it.

Does the knowledge of Latin make doctors and Catholic priests arrogant? No, but it does cast them in a special class. Does being a member of a boy scout troop make a boy arrogant? No, but some may argue that it makes him a better person, someone who is willing to apply himself for personal growth.

Being a member of the Linux community when viewed from outside makes you a member of a special club. One that has a special language and is a society onto itself. In some ways, even though there is nothing to hide, it looks like a secret society to those who do not know the language. No wonder they see an arrogance.

RMS

[gavinhall]

Posted by Mike@ABC:

I like RMS. We've traded e-mails about GNU and Linux and this whole debate after one of my Linux stories ran and I didn't reference "GNU/Linux" throughout. He tried to convince me to change my site's entire style, but I can't and won't. People know it as Linux, and I won't confuse them because someone feels he's been given short shrift.

I think RMS does indeed feel left out, in a way, because of Linux' rampant popularity. But he shouldn't. The FSF did a great job with GNOME 1.0, and he's definitely got something with his views on intellectual property. I don't think RMS is any kind of has-been looking for his fair share of past glory.

THAT having been said...Linux is Linux, and trying to relabel the damn thing is counterproductive. Everybody wants Linux to succeed, but having RMS snipe at people for forgetting to place the GNU in front just won't help.

I fully believe in credit where credit is due. RMS and his GNU project have done some pretty incredible things. But this whole name game just makes him look like a cranky has-been rather than the dynamic, thoughtful visionary that he was, is and should be.

As for accusations of arrogance...well, yeah. The folks on here, and to a certain extent, programmers in general, are very proud of their abilities, and rightfully so. But for some, that ability also brings out a disdain for those who don't have it. If y'all want Linux to succeed, you will, at times, be forced to look at ineptitude in the face...and smile. Then help the people learn.

Again, this is just my opinion. I could be wrong.

ok. so i went and read this guy's 'article'

[belial]

um.
he's got some serious flaws in his thinking.

here's the scenario. it took me a bit to figure out what the hell he was talking about.

1. you're a company.
2. you install open source desktops.
3. your employees are bad, evil and write hax0r patches into their machines' OS. consultants do it too.
4. there's no way to detect it.
5. your company goes down the toilet.

here's my problem with this.
if i'm going to roll out unix to all the desktops in a company, I'm not going to give users root.
that's just asking for trouble. Also, unless maintenence (patches, upgrades) is done on the machines (any machines, even wintendos), there will be security problems.
If my employees want to be screwy, and start finding out secrets by installing bad software, I'm much better off running unix where they dont have access to promiscuous mode and only run applications that are company standard. Windows is much more of a hole in this regard.

although he points out a scenario that 'could' possibly happen, it's unlikely that it would in a well managed shop.

there is always a chance that your employees will steal from you. I really doubt they're going to hack their OS to do it.

addition

[belial]

if you're worried about people changing your binaries, install tripwire.
If you're worried about people sniffing your network, install a switch.
If you're worried someone is going to steal from you, dont hire them.
If you're worried that people are going to hack your OS to get a company secret, you're worrying far too much.

ok. so i went and read this guy's 'article'

[belial]

right. I'm assuming he gives them all root and says 'have at it, i trust you'

Mettler

[Omegaman]

Mettler's argument is akin to that of a child math prodigy who has just independently stumbled across pi. He thinks he has discovered some great new property only to learn that his "discovery" has long been known.

What is disturbing is that Mettler is unable or unwilling to accept that his premise is well known and not entirely completely thought out. A regular user cannot install code. Nor can he run code that, say, directly accesses the hardware unless he is already root. A regular user cannot spoof /bin/login unless he has access to /bin/login in the first place.

Even worse, Mettler believes that closed-source is less vulnerable to this sort of trojan attack. Perhaps he should visit http://www.rootshell.com . Actually, it would be nice if Mettler would do any research at all.

His position is based on apparent willful ignorance. Consequently, I, for one, am not inclined to feel sympathetic towards him.

It wasn't Microsoft who patented XOR.

[Paul Crowley]

Factual error. IIRC the XOR cursor plotting trick was patented by a company called "CADTRAK"; in any case it definitely wasn't Microsoft.

I disagree with pretty much everything you say, BTW.
--

Erm, no, GGI was damn near bullied into changing

[Brian Knotts]

Sadly, that doesn't surprise me. As opposed as the BSD people are to the GPL, I am as opposed to the BSD license, after seeing what can happen to BSD-licensed code. X11R6.4, anyone?

GPL keeps the software Free, which is what really counts in the end. IMHO, of course. I just hate the idea of people proprietarizing others' contributed code. Something doesn't smell right about that to me.

What the...?!?

[Brian Knotts]

It is, in my opinion, stable enough for non-critical work; it runs more software than Linux, most of which is of better quality, strictly because it has commercial support.

I work with a lot of Free/Open Source software every day, and quite frequently, with proprietary Windows software (usually on a few NT servers I deal with). The Free/Open Source software is solid, dependable, and generally works like it's supposed to. Most of the Windows stuff is shoddy, unstable, and unpredictable. And since it doesn't come with source, you don't have much of a chance of trying to hack/recompile.

Some of us don't like that sort of thing, even for home use. I prefer to use software that is not rubbish, even if it doesn't have "Wizards." I prefer decent logging, so that when something does go wrong, I have some hope of pinpointing it and fixing it. Not much chance of that with the "black box" that is NT.

Linux might not be ready for *your* desktop, but it's certainly ready for mine.

GNU is asking for credit where credit is due

[Brian Knotts]

I think you are absolutely right. I used to be of the view that RMS was just trying to horn in on the fame surrounding Linux, but now I think it's just that he is just trying to use Linux's popularity to advance the cause he's been working on for many years: freeing software.

I won't call Linux "GNU/Linux," just because it's kinda silly, and there are plenty of others (yes, the BSD and X11 people, even if I don't like their licenses), who are responsible for significant portions of what people commonly refer to as "Linux." Still, I am more and more sympathetic to RMS's plight, and am convinced that he's just trying to do the right thing, as he sees it.

You also have a good point.

[pohl]

Your point, that secret political battles within companies usually don't lead to division-of-effort, is also a good one. The flip-side is that the company will often end up doing the wrong thing. With open, public development a lone wolf who happens to be right doesn't need to be held back by management decisions.

Sooner or later the press is going to have to come to terms with the fact that the "leaders" of the community are fallible because they're just people and they don't get to hide behind the PR team. To put too fine a point on it: my reaction to the article is "No shit, Sherlock. That's humanity."

True to an extent

[DaBuzz]

The arrogance of this community obviously exisits and in many respects is out of control. However, you must also factor in the "ZD" effect. Here's the equation:

Community Arrogance * 2 - ZD FUD + # of comments on this article = True Community Arrogance Factor

heh.

arrogance is a UNIX tradition

[TedC]

UNIX has a very steep learning curve, and a lot of us dont have the time to learn it.

Probably the biggest shortcoming of UNIX is also it's greatest strength: it contains a lot if different ideas from a lot of different people. The command syntax varies anywhere from elegant simplicity to unfathomable complexity, but in general it's not particularly hard to use once you learn it. After a while the frustration of not knowing how to perform a certain task will be replaced by the satisfaction of getting more out of your computer with less effort.

TedC

Linux vs. NT information

[TedC]

Anyway....anyone know where I can find an UNBIASED comparison of WinX/Linux.

There are three chapters covering BSD UNIX, Linux, and Windows NT in detail in "Operating Systems Concepts" fifth edition by Silberschatz and Galvin. The material is pretty good, but you should either have prior experience in operating systems, or time to read the entire book.

TedC

unfettered criticism

[TedC]

If you can survive honest, open, unfettered criticism, you must be doing pretty dang good.

I'd rather have that than spend my days playing the tactful-nice game and not getting anywhere.

Wouldn't you?

Larry Wall has some good things to say about this in the O'Reilly Open Source book that was just published -- I wish that I could remember what they were. :-) Something about being liberal on your input, and careful about what you output...

Does anyone have that book handy?

TedC --

arrogance is a UNIX tradition

[TedC]

I guess a lot of us picked it up in school, but arrogance seems to be part of the UNIX tradition. I'd even say that it's more of a hinderance to the mainstream acceptance of Linux than any of the perceived shortcomings of the software itself.

If we're going to get more people using Linux, then we're going to have to quit calling them clueless!

TedC

arrogance is a UNIX tradition

[TedC]

And are the reasons important enough that we should lie to people and pretend they're not clueless?

The problem with calling people clueless is that everyone is clueless about something, and of course don't even realize it. :-)

TedC

Arrogant, me?

[pb]

Preferences aren't religion. Prostheletyzing is. RMS preaches, I'd rather teach.
I love Linux, and Windows pisses me off, but I'm
not about to force anyone to change, and I don't
think I have an immortal soul at risk here. I'm
quite happy to show dissatisfied Windows users
the power I have in UNIX, but I can do this with
facts. UNIX has a split command, and joining
files with cat is simple. DOS can join files
with copy, but it's really ugly. Macintosh and
Windows GUIs have no support for these basic file operations. It just depends on what you want.

"steep learning curve"?

[Phil Gregory]

Hmm. I always thought that the "learning curve" was had amount of work you could do on the x-axis and amount of stuff you had to learn on the y-axis. (Come to think of it, that's bad--the knowledge is the independent variable.) With that setup, things like UNIX have a steep learning curve for many people, i.e. there is a lot that they must learn before they can use it well. The point I often make is that Linux often has a longer learning curve than other OSes, like NT. IOW, if you're willing to put the time into learning it, you can do more with Linux, even to the point of rewriting portions of the kernel (or the GUI, or your editor, or your favorite game, ...). Thus a graph for NT might look like this:

| *
K| *
n| *
o| *
w| ****
l|****
e|*
d|*
g|**
e|****
|***
+---------------------
Usefulness


Whereas Linux might be:

| ****************
| ********
| ***
| *
| *
| **
| **********
| ****
| *
| *
K| ***
n| *****
o| **
w|****
l|***
e|**
d|*
g|*
e|*
|*
|*
|**
+------------------------------------------------- ---------------------
Usefulness


(Pardon my lack of artistry)

Each OS has its own features. NT is easy to pick up (point, click), then you have to learn about networking and such to use it well, and there are a lot of things you can't do with it. Linux, being more unfamiliar to more people, takes more effort to learn, but the usefuless extends far past that of NT.


--Phil (Graphs not necessarily to scale.)

Proof of things

[Phil Gregory]

I'd just like to address a couple of points you mention.

1. I am not a programmer, so having the source code does absolutely nothing for me. While I took programming courses in college, and I can hold my own READING code, I probably couldn't even write a "Hello World" in any language except BASIC anymore. (At one point, I could code in BASIC, Pascal, and FORTRAN. I've been meaning to learn C for awhile, but I'm too lazy) So if I download a piece of Linux software, and it doesn't compile on the first try, I give up on it. I don't know enough to dig through and find the error. And if I get more errors than on an equivalent Windows program, I'm not going to use it.

You make some good points here. If a program doesn't compile and you can't program, it's pretty worthless to you. However, just because you can't program doesn't mean that having the source does nothing for you. Because the source is available, anyone can play with it, even if you don't. And when someone else finds that bug keeping the program from compiling and submits it back to the author, you benefit from it. Just because you can't program doesn't mean that having source available does nothing for you.

Of course, it does help if you try to contribute to the program. If you can't program, you can usually at least give bug reports. I often don't have time to fix errors in the programs I use, but I generally submit bug reports, which can range from "The program segfaults. I tried to do this, and here's the output leading up to the problem," to "The program seems to be choking on my input in fuction derf(). It's being called from asdf() on initialization of the main widget.

2. I do actually use Linux. I'm not just a Linux-bashing Microsoftie. My main computer may run Win98, but I have 2 other computers that both run Linux. An old 486, and a Mac Powerbook running MkLinux. I think it's great, but not for my main computer.

Keep going. I started with Linux on a 386 I picked up cheaply. I played with it and learned Linux there. Now, I use Linux exclusively on my main computer, and the 386 serves as an internet gateway for our home LAN.

Basically, complain all you want, but for non-programmers, any *nix isn't quite ready for the desktop. Yes, if you write code for a living, it makes perfect sense, but for Joe User (me) being able to open the computer for the first time, hit the power button, and be ready to go is good. Your average user should never have to go through any manual process to recompile the kernel.

Linux isn't ready for everyone's desktop yet, but it's getting there. I use Linux primarily for writing papers and analyzing data from my labs. (I'm a physics student.) Web browsing, too. I think that Linux is rapidly approaching the point where the average person can easily use it. Compiling the kernel isn't really even necessary any more. Debian and Red Hat both compile stock kernels with modules for everything. Just tell it what hardware you have (and people are working on autodetection), and it'll install the necessary modules.

--Phil (Keep working at Linux--we'll make you a convert yet.)

This particular "discovery" is nothingness

[hawk]

I've never heard of him before, either, but I read the "article" on his webpage, and it is consistent with what cranks tend to put out.

His rant is that whoever most recently installed the system could compromised security, particularly by modifying the source for the kernel to change root privilidges or something similar.

He is upset that Slashdot and elsewhere won't "discuss" this "problem" he's found.

But it's far from news. Physical access is an absolute breach of security. Pull the hard drive; anything but an encrypted file system has already been defeated. Boot from floppy (if not disabled). Whatever.

THe "problem" has nothing to do with open source. If the system isn't open source, the same thing can be done, either by a custom program, or even splicing in open source programs, installing a trogan, etc. The "problem" is that someone has root access.

hawk, esq.

Media is one of the better places to extol GNU

[Viper]

I'd say that most if not all the people on /. know about (not necessarily agree with) the GNU project, the FSF and Free Software. The people who don't know about these things are the "sound bite" reading masses and their reporters. If RMS, or anyone, can get the media to use GNU/Linux then every new GNU/Linux user, every initiate, every PHB will ask what GNU is.

What is the GNU part of GNU/Linux?

It means GNU is Not Unix. It is Free Software created by the FSF.

What is the FSF and Free software?

*grin* Glad you asked!

This way the ideals of the FSF are made known to the masses.

Media is important in informing the masses.

-Viper

Did anybody read Mr Mettler's paper?

[C.Lee]

No,Mettler whole viewpoint come from the Windows world where *ANYONE* can slip in a hacked program with little or no trouble. His whole line of reasoning falls apart when he tries to apply it to Unix/Linux and it infurates him to no end whenever anyone points it out to him Hence his ZDNET postings....

The best way to scare potential users

[jedidiah]

However, this fellow was not labeled aprori at all. He was labeled a crackpot purely on his personal merits and conduct. He EARNED the title of net.crackpot and continues to live up to it.

Erm, no, GGI was damn near bullied into changing

[bkosse]

Let me quote (from the IRC talk you were on, I remember you :)

"If it's not BSDLed, it's not going in FreeBSD. That's all there is to it."

Aweful damn pissy, IMNSHO.

Twas a very old chat

[bkosse]

It happened almost a year ago, I believe, but the occasionally happened on irc.ggi-project.org (I forget the real name of the server).

Naivite is in the eye of the beholder.

[X]

I'm sure people thought Jesus was naive. I'm sure people thought the American revolutionaries were naive. I'm sure people thought Steve Jobs was naive. ;-)
The truth of the matter is, whenever you try to change the fundimental perspective of things, you look naive to the people who have accepted the status quo. Richard is a "fundamentalists free software advocate" in the sense that his views are driven by what he sees as being the right way for the world to be, and traditional pragmatic arguments don't make a lot of sense in that case.
If you want to change Richard's mind about his ideas, you have to show him how they'd be harmfull to society. Keep in mind though, his perspective turns traditional notions of what's good for society on it's head.

The comment about Slashdotters thinking it doesn't matter what they do is fair, if you are looking at the barrage of postings that appear on this site. What you have to keep in mind is that a lot of those posting are from people who are largely NOT contributing to the direction of Linux or OpenSource beyond their small little worlds.
If you talk with the Linus Torvalds, RMS's, ESR's, and Alan Cox's of the world, they all have well developed perspectives on what they're doing and where they intend to go with it. They don't all have the same idea, but I'm sure fate will sort the good ideas from the ones that aren't as good.
The irony of all this is that news.com had an article on the APSL debacle, and it talked about how intelligent and sophisticated all the various free software/open source people were when evaluating the license.
It's all about how you spin it I guess. ;-)

GNU is asking for credit where credit is due

[X]

I honestly think that Richard would be ok with GNU not getting all the headlines if he thought that the message about the name "Linux" were freedom. The problem is, he feels it isn't, so by forcing "GNU/Linux" on the table, it gives GNU some name recognition, and he hopes it will get people talking about freedom?

Lewis Mettler

[X]

I've debated stuff with him through e-mail as well, and I think a lot of people talking with him are missing the point. The guy definitely has a lot of experience with secure systems, although he doesn't have a lot of experience with security theory.

He's talking about what I refer to as SOHO security: the kind of security that a small business can afford. Yes, software security could be cheap, but hardware security is never cheap, and as such, provably secure software systems frequently don't do the average SOHO users a lot of good (because the hardware is insecure). Instead, they rely on making it cumbersome to crack their systems. In such an environment, a binary only system is helpfull, because an attacker has to work just that much harder to introduce an unobtrusive security hole.

This in no way improves the actual, proveable security of a system, but it does make a difference.

Hmmm.

[Drel]

As has been said by many (perhaps most notably by ESR), the primary motivation for many free software developers is recognition. In many ways, RMS has been short-changed of the recognition he deserves for his work. I think it's perfectly reasonable for him to be upset that he, and the FSF / GNU, receive very little recognition for their work. I would be--wouldn't you?

As for many Slashdotters being arrogant, no argument there.

GNU is asking for credit where credit is due

[mha]

> If Chippindale built a table we all liked to do our work
> on should we be required to also recognize the suppliers
> of the tools used to build the table?

??? Linux never created a single distribution. People did it themselves (private or Debian) or (small startup) companies did it. Linus didn't even contribute the majority of current kernel code, he's just the maintainer mostly managing the input of many. The kernel is only a small part of the entire system. Your comparison is BS.
--
Michael Hasenstein
http://www.csn.tu-chemnitz.de/~mha/ [tu-chemnitz.de]

Truth, but only half-truth

[Thandor]

I think that there is obviously a lot of truth in this. However, it's really only a half truth, in that while the observations may be correct, the conclusions the writers have drawn from them are less so.

For the RMS article, one has to agree that at times things do get sidetracked on to silly issues like the GNU/Linux one. However, the writer of the article fails to realise that to a lot of people, the political (ie freedom) aspects of open source/free software are just as or more important than the code itself. Thus it's neither surprising nor counter-constructive that a good proportion of discussion about such software is spent discussing these sorts of political issues.

Basically, the author looks on from the outside and percieves a problem that is only there because of his ignorance of the people and issues involved. Yes, it may look bad to him, but what would be worse is that people who don't know about free software never got the chance to hear about what the free is really supposed to mean.

Are some elements immature politically? Again, probably true, you can't expect everyone in a group as large and diverse as those who write/use/advocate open source software to all be informed or even interested in politics. In RMS's case, I believe this is true, he is politically immature in that he desperately clings on to the idea that he's a capitalist when all his writings on GNU's philosophy page are far more compatible with a socialist system. But he's not the only one guilty of this, or other contradictory political thoughts.

As for the second article, well, that is the nature of the beast that is the internet. If you speak out in a forum where there are enough people, you're bound to get flamed by at least a few. It wouldn't matter if it was Linux, MacOS, Windows, BeOS, FreeBSD, or something non computer related. He even acknowledges that he did get help, so I'm not quite sure what his problem is. He should just ignore the flames, and use the useful information, rather than taking them personally.

And it hardly takes a genius to point out that zealots of all OS religions are pretty much the same. That's why they're called zealots, dammit! If he's going to judge the usefulness of the software, or even the quality of the "community" based on the rantings of a few quick to flame zealots, then he's going to come up with the wrong answer every time.

As for his thoughts on slashdot, well, since he calls it a Linux site (It's news for nerds: stuff that matters - which is a whole lot more than just Linux), I think he shows himself to be so ill informed that it doesn't even need a response.

There are things we can take away from these articles, but nothing that wasn't already known by a lot of people - that some people in the open source/free software community are too quick to flame, and also that some of our "celebrities" aren't perfect, and don't necessarily know everything about everything.

I'm OK, you're OK.

[Daverz]

I think the Linux community handles "outsiders" just fine. After all, I think just about anybody could be a potential Linux user.

I think this editorial was just about a "journalist" feeling free to insult people who don't have a lot of industry clout. Tyranny? Gimme a break.

what exactly is an Esq?

[shine]

According to my dic, and esquire is a candidate for knighthood e.g. an attendant to a knight or a shieldbearer

or

a member of english gentry ranking just below a knight

or

and english gentleman

or a womans escort

it didn't say a thing about lawyers, etc

--shine, software bumpkin

Imature is good.

[Jaer]

Is it really such a bad thing.

Linux kernel was developed by Linus because he thought he could do it better than a computer science professor with years of experience what arrogance.

The whole GNU project was founded on the permise that there could be something better. What development tools are you currently using ?

Most open source software was designed to be better than another piece of software.

To be able to do this you need to be arrogant, and a few other non flattering personal attributes assosiated with youth.

The secret is that the open source (actually open development) environment allows for this and rewards you if you where right and flames you if yo where wrong. But you still need to try.

RMS made a major contribution GNU is the license that most of us use and of course this comes up at least once a week.

The answer is very simply who cares. Whether it's called GNU/LINUX or Linux (Linux being just the kernel) I can setup a linux system with no GNU tools. Again something like GNOME runs on top of Linux on top of GNU software on top of X. But something like a router can easilly be setup to just run on top of Linux.

Msg to /. moderators

[Matts]

I've started testing reading /. at threshold=+2. It's an interesting read - better than before, especially with many posts like this topic. But I'd like to see more moderation of the replies too - When I switched to +2 there were only about 10 replies to this entire topic! (OK, so that was exhagerating a bit - but not much)

Thanks.

Broad brushstrokes are never accurate...

[mill]

No, there is no security issue with "Open Source". L.A.M.E. is a first class moron and should be ignored.

Read what Bruce Schneier has to say about obscurity vs security and then apply that on what L.A.M.E. is saying and you will see L.A.M.E for what he is - a moron.

/mill

what exactly is an Esq?

[Erskin]

According to the 16th edition (75th annuversary at that!) of Emliy Post's Ettiquette (written by Betty Post who married into the Post family) Esq. is a trailing title which indicates lawyer.

It's is never used verbally in introductions or such, and is somewhat fading out of use.

--

FUD for HIt counts

[Erskin]

This whole thing smakcks of the ZDNet standard of raisling light-weight FUD it increase deabte to increase hits to th web page.

Bah!

--

OS -- the religion

[Jamuraa]

Of course the whole linux community and slashdot are arrogant. Usually when people are going from one majority to a minority, they believe that it's because ther minority is better. I seem to remember a Dr. Seuss about some strange yellow bird-type things on the beach which preached alot of the same point. Once you switch, you don't want any part of what you came from.

We become heretics because we're still a minority. It might be that when the majority becomes Linux, we might be a little less arrogant about it. Of course then there will be some other arrogant minority...

Slashdot Moderation OUT OF CONTROL

[burnsbert]

I posted a comment about renaming GNU/Linux to GORE/Linux (since he probably invented it) and it got down graded to -1. Now, I would not object to a 0 rating, but a -1 rating smacks of either political bias or out of control moderators. Jokes that are not in bad taste and at least slightly topical should not receive a rating lower than zero.

Moderators (I feel) are using their power to up the ratings for posts they agree with and lower the ratings that they disagree with. Look at the Utah/censorship discussion for some perfect examples. Anti-censorship posts often received a 5, while pro-censorship (or posts perceived as pro-censorship) could hope for a 2 at best.

It is ironic that a community so anti-censorship is working to silence and hide posts they consider unpolitic. I have no doubt that this post, if noticed, will be quickly downgraded to a -1, but hopefully a few people will read it before it disappears. I would appreciate honest rebuttal from moderators if they disagree with me. If you have a defense of what is happening I will read it with an open mind, but I AM SUSPICIOUS.

-Eric

I read the article...

[Dr. Evil]

I read the article,

I read the talkback,

I read the essay on the "security hole" in open source.

By the same token this fellow should watch his back. His mechanic might put a bomb under his car just in case he doesn't pay up. His banks can be robbed by their employees, and his system administrators may design back-doors in his trusted networks.

After all the IE security holes, backorifice, the PGP exploits etc... this fellow has the gaul to say that a closed source system is immune to malicious backdoors? The only peer review closed-source seems to get is in backdoor exploits!

Excuse me while I kill my locksmith. He knows too much.

If he wants to make a point, he should at least place emphasis on the kind of subtle attacks which are possible. Unfortunately, I don't think he knows enough about computers to be able to recognize them.

I think I'll go put a floppy in my drive and "comprimize" my "top dog" access on my NT box. It is certainly harder to prevent than slipping backdoors into Linux.

(Damn, I've just wasted a half-hour of my life... oh well.)

Oh no, not L.A.M.E. again

[cthonious]

Please don't pay attention to LAME (Lawrence A Mettler, Esq)

His major point was that someone with root access to an open source system could install a trojaned program. Duh.

I remember him from the infoworld forum he was talking about. Everyone was paying attention to what he was saying, but he wouldn't argue, he would just repeat the same thing over and over, even though several people were refuting everything he had to say.

Can't help but think about something...

[edgy]

What if this is part of the attack on Linux by M$? Certainly, this is one area that has enough truth to it for people to come out with examples of how mean and nasty we are. Then again, maybe I'm paranoid about everything, since I would hate to see Linux coopted so late in the game.

OTOH, Free Software also has some of the best support out there, and that is another reason it has done so well. So, while we may have our little brawls, we still support our users, as a community.

So what if there is infighting. The same thing happens in any community. The people that make this community possible are the doers, not the talkers.

Remember Compute! Magazine?

[edgy]

Regarding that last paragraph:

I'm only 21 now, but I remember Compute! magazine, with my trusty TI 99/4A, and then my trusty Commodore 64 computer, where I would type in programs from the magazine and learn programming by doing that.

Maybe I was naive those days, but I didn't know anything about marketing or corporate control, or how patents ruin things, or how the world was screwed up, so I always look upon those days fondly.

Then Compute! stopped printing programs, and stopped publishing, but I always seem to have come back to the programming community.

For some reason, I've always identified with them and their ideals. Maybe it's just that programming makes me intrinsically happy, but programming is always a discovery, a way of taming the world and understanding it in new ways. And when you're respected for your ideas and your contributions, by a large community, that has got to be a great intrinsic motivator (although I've never experienced it).

What I'm trying to say is that programmers are greedy for knowledge and for understanding. We're arrogant when we feel we have understanding and are trying to share it. But it's the same character traits, in many cases, that also make for good programmers.

RMS also calls the kernel (by itself) "Linux"

[MenTaLguY]

His intent is that GNU/Linux be used to refer to a primarily GNU toolset running on top of a Linux kernel. I.e. Linux = kernel, GNU/Linux = kernel + GNU utilities.

As long as it's understood that GNU/Linux only applies to the GNU tools + Linux kernel combination, I think the title is appropriate. It has to do with the relative importance of the GNU component of the system.

Take your average Linux distribution, and try each of these in turn:

Try removing X11. You don't get your GUI.

Try removing the BSD-derived tools. You don't get much of your network software anymore, as well as missing ps and df and some other genuinely useful things.

Try removing all of your GNU tools. _NOTHING_ will work anymore.

That's also why something like cygwin32-compiled GNU utilities don't make GNU/Win32 -- you take the GNU stuff away in that case, the system still works fine.

Ironically, if the Daemon Linux folks have their way, we'll _need_ to use this appellation to differentiate "normal" Linux environments from a pure BSD toolset running on top of the Linux kernel. The latter would -- suprise -- need to be termed something like BSD/Linux.

(as an aside, I think that Daemon Linux is dangerous; do we really want to reintroduce the BSD/AT&T split that was the first wedge in the original fragmentation of Unix? Before you answer, see what something basic like $ does in an AT&T-style make(1) [i.e. GNU make], then try it in a BSD-style make(1).)

In a similar manner to the GNU/Linux being used to differentiate toolsets, this distinction also serves to differentiate a Linux-based GNU system from a GNU toolset running on top of the HURD.

For instance, Debian has both GNU/Linux and GNU/HURD distributions now.

Anyway, personally, "GNU/Linux" as a term isn't that important to me at this point; all of the current Linux distros use the GNU toolset, so differentiation isn't important (yet) -- I generally just say "Linux".

The GNU/Linux label is perfectly fair and valid when applied to a compound GNU/Linux system, so don't criticize anyone for using it correctly. I personally don't have any qualms about using it when I need to.

Why does RMS feel this way?

[Pulver]

I have a theory that explains why RMS feels this way. The original goal of the GNU project was to create a useful kernel. RMS has been working on this for well over a decade, and then this young guy from Finland pops out a kernel. RMS's original goal of creating a GNU kernel becomes redundant. GNU tools were added and a usable system was there.

RMS had his life's work pulled out from under him and I imagine that he resents that. I can understand that. He basically accuses Linux of riding on his coattails, though he didn't seem to care until it became popular. Now he wants to ride on the coattails of Linux. Keep in mind that in the early days of GNU, RMS said that the utilities were only a sideline that was needed for creating the GNU OS.

GNU does not make Linux. I beleive that if the GNU tools hadn't been available that tools would have been written. The GNU project has created many, many useful tools and RMS/GNU deserve credit for that. However, I do not beleive GNU deserves credit for Linux. There's more to Linux than GNU tools.

Lewis A. Mettler, Esq

[rcooper]

I have read Mr. Lewis's posts on the PCWeek forums and let me tell you this guy made a complete fool out of himself in the process. He is a known Linux AND open source basher. Mr. Mettler mistakeningly believes that Open Source itself is a security risk. He calls himself a programmer, yet he's not produced one single line of code showing how Open Source, I.E. Linux itself can or would be insecure because their sources are available. In the end, this individual is a Microsoft Troll. He wants to make a name for himself by spouting non-existant security flaws in Linux and OSS in general, without offering one single bit of evidence to back up his claims. He can be safely ignored as being yet another sleazy attorney trying to ride on the coat tails of Linux and OSS, backstabbing it for the duration of the ride. This individual is best left ignored and he will go away.

Leiws A Mettler: Just go away. You have lost your credibility. No one takes you seriously. And by the way, so that you know: Unix/Linux people might seem arrogant to you because of the way you carry yourself in public forums. Everyone seems arrogant to a simpleton.

RMS and GNU/Linux

[John Fulmer]

Although I don't agree with all of RMS's political agenda's, you do have to respect the man for sticking to his guns and principals.

GNU/Linux? Well, Red Hat, Debian, SUSE, etc.. are definately a large percentage, so I would agree that they should probably be called GNU/Linux Distributions (tm).

The kernel is Linux. Period.

Fascism

[tomblackwell]

Many slashdotters feel the need to shift discussion into one of their favourite few topics. Some of the top ones include:

1) Bill Gates is evil. Jon Katz is utterly worthless. Linus Torvalds is the messiah. CmdrTaco cured cancer.

2) People who can't (assemble a computer from a stick of gum and a piece of string\compile kernels\install Linux\get rid of ?s in their posts) should be burned alive

3) I know a lot and you don't. I have always known this much and was never a novice. You don't deserve my help.

This is a very unfortunate state of affairs, because there are always gems of wisdom amidst the normal Slashdot effluvia. The moderation does wonders in banishing some of the worst of the drivel, but I think many new users would rather go somewhere and be treated more civilly.

Let's not confuse things - give RMS the credit

[pathos]

So RMS's has a deficit on social and communication skills (at least when seen from a 'mainstream' frame of reference)... Well?

Myself, i do hold as RMS a spiritual father in many ways, despite all the personality 'quirks' he might have (and seems to even treasure), like them or not. We are all human after all, and we all have our naughty sides that other people might not like (or even ourselves!).

I don't think it makes his ideals, work and contribution to make this world a better place for all of us less valid.

Let's give him the credit for that.

RMS contradicts the GNU philosophy

[Zagadka]

I find it strange that RMS keeps demanding that Linux be called "GNU/Linux". It seems he wants recognition. But that goes against the GNU philosophy:

Those who benefit from the current system where programs are property offer two arguments in support of their claims to own programs: the emotional argument and the economic argument.

The emotional argument goes like this: ``I put my sweat, my heart, my soul into this program. It comes from me, it's mine!''

This argument does not require serious refutation. The feeling of attachment is one that programmers can cultivate when it suits them; it is not inevitable. Consider, for example, how willingly the same programmers usually sign over all rights to a large corporation for a salary; the emotional attachment mysteriously vanishes. By contrast, consider the great artists and artisans of medieval times, who didn't even sign their names to their work. To them, the name of the artist was not important. What mattered was that the work was done--and the purpose it would serve. This view prevailed for hundreds of years.

This is straight from Why Software Should Be Free [gnu.org], by RMS, under "How Owners Justify Their Power".

Why can't RMS be like those great artists and atrisans? Why can't he merely be content with the fact that "the work was done--and the purpose it would serve"?

Actully, I agree that RMS should want recognition. But then that goes against some of his arguments in the GNU philosphy. If RMS wants recognition, then shouldn't all developers? And if that's the case, how does one reconcile this with the fact that GPL lets others take your code and then sell it?

True or false...

[Signal 11]

I think some slashdotters are arrogant. Comes with the territory, like it or not. But while there is a kernel of truth here, in true ZDnet form, this is more FUD than Fact.

I think it would be more accurate to say that many in the technical community are looking for the Right Thing, both in coding practice, and in social convention. This doesn't suprise anyone one bit - except people new to the way things work around here.




--

Lewis Mettler

[Anonymous Coed]

This Louis Mettler person (who wrote the post mentioning slashdot) is surprisingly clue-free in regards to security. You should read his site if only to discover how not to structure a security analysis. Actually I wrote him a brief note explaining that he presented no logic or evidence explaning why open source was less secure than closed source.

The essence of his argument runs like this: the bad evil hackers can change system binaries because they have the source! ph34r them! Closed source systems such as NT are perfectly safe, because the evil bad hackers will never be able to install any malicious software.

I got news for you: your gate is only as secure as your gate-keeper. If you're afraid of your admin and how he might be corrupted by having all that source code lying around, you need to find a new admin. Here is the letter I sent him.

I must say respectfully, sir, that you have only a dim illumination of what you are talking about. As far as I can tell, the crux of your arguement against open source is that a person can recompile and install software with hidden trap doors. Please correct me if I am wrong.

To be able to install software (especially system software such as a kernel) on any normal Unix-like system, one must already have root access. How did one get that access? One is either already a trusted administrator (most likely) or one has "hacked" into the system by whatever method.

Let's look at the first scenario, and the one you seem to address most directly in your article. A person is able to modify critical system binaries because he or she already "legal" root access (they are the designated administrator of the system.) It is no big surprise that the administrator is able to easy do a wide variety of damage, both overt and subtle, on *any* machine, including closed source systems such as Windows NT. They do not need source code for this. They can just walk over to the machine hit it with a hammer, or simply rm -rf /. Or they could install their own version of sendmail that cc's everything to their inbox. Why? They are root. They can already do *anything* they want, read every users' files, and so on. Sure, having source code availible greatly simplifies some of the more subtle tricks. But not having it availible certainly doesn't mean the system is now secure even against a malicious administrator.

Regular users cannot do any of this kind of damage unless the particular system is hopelessly buggy or malconfigured. In which case they deserve to be hacked, as it will teach them a lesson. So, besides administrators and regular users, that only leaves outsiders who gain root access to worry about. Never mind how he got access ... maybe your sysadmin talks in his sleep, or maybe he just guessed passwords, or maybe he exploited a hole in network software. All systems, closed and open source, are vulnerable to "social engineering" hacks. And it has been well demonstrated that open-source systems are much more likely to get security holes patched in a timely and efficient manner. No matter what kind of system you have, if it is mission-critical, it pays to keep up with security announcements and updates.

Do you think not having source code availible will prevent a stranger who has root access from being able to do harm? Let's say I gain root access on a closed source system such as Windows NT. I then proceed to install my replacement login program that I wrote & compiled on my own system to *appear* to be the NT login manager. I now have everyone's passwords forwarded to my hotmail account. How is a closed source system more secure because the kernel source isn't availible?

You say:
How do you attack an open source OS? Find the rule that gets into your way and change it. Compile the program. And, install the new build. Simple and unlimited. And, possibly not detectable.

If someone can "install the new build" of system software, or install a hacked Windows explorer.exe they can F*CK you over no matter what. And if you don't trust your own system adminstrator, who can you trust? Find someone trustworthy or do it yourself.

You present no convincing arguements whatsoever. I wonder if you have ever administered a real system in a production environment. Your lack of insight into the way security works in the real world is astounding.

Thank you for your time,
Anonymous Coed (I sent him the email under my real name.)

Language

[Yohahn]

Maybe I'm just a little wacked out, but I can understand where RMS comes from.

Language shapes how we think. By insisting on saying GNU/Linux RMS creates a mindset in the people who do it. I don't think it's an ego thing for RMS, I actually don't think he cares if he get's the credit, but he does want The Free Software Foundation and GNU Project to get credit, if for no other reason than to help promote their cause. (he dosen't want to call it RMS/Linux)

People do this sort of thing in general. We teach children not to swear. We in trying to promote equal rights take offense to the term Nig*er. We are right to do these things, for it is a positive change to be made in the society.

RMS is an idealist. Frequently people confuse idealism with immaturity. I think this happens because people start out more idealistic when they are young, and then become more cynical when they get older. When people encounter an idealist, they confuse if with youth (and immaturity).

I like RMS for his being idealistic.
This SHOULD NEVER be confused with his being immature. (just because the press is cynical dosen't mean that RMS should stop trying)

I find it quite humorous that RMS is frequently refered to waging a holy war, as he is an atheist.
But I can understand where he is coming from, he sticks to his principals.

So, if you agree with him, change your language. If you don't, be vocal in not saying GNU/Linux.
But stick to what you believe. Thats what's amazing about this group.. you stick to what you belive and focus on being productive, and working together on common goals. This is exactally what Christian Churches are unable to do, Ironic isn't it. Don't end up where the christian churches are!

In short: Stick to what you believe and go code!

("I am Religous, but I frequestly find my self respecting those who aren't, and what they say."
-Play on an RMS quote)

Not sure what to make of any of this.

[Eric Hillman]

The TalkBack article, while I won't go so far as to dismiss it as FUD, strikes me as whiny, at least... 30 posters flame poor Mr. Berst, and suddenly the Linux community is a bunch of immature brats. Heck, if a news agency can't get 30 flames out of an article, it's not doing its job.

The security problem that this article refers to (http://lewismettler.software- engineering.webjump.com/ [webjump.com]) seems accurate, but obvious. The gist of it is, with totally open source, there's nothing stopping Bad People from rewriting the code to do Evil Things. However, this just isn't all that startling a revelation. If an intruder can't get into your system, it won't work. If it's someone who already has access, Open Source is irrelevant to the issue -- anyone with the time and know-how can patch or introduce malicious software to any OS, open or not. In short, this seems to me like a rather shallow observation. Maybe I missed something.

As to the other article, I'm not sure whether Stallman is becoming a crank in his old age, or if the media is simply overeager to paint him as such. Obviously, a breakdown of the cooperative culture of Open Source is just the sort of thing any number of journalistic doomsayers would love to see -- not to mention The Redmond Menace. On the other hand, Stallman's behavior of late bespeaks an individual with a dire need to chill out a little. I guess my perspective is, I don't care what Stallman wants to call it, I'm just happy that it works.

This is to be expected

[Knight]

In any unorthodox movement such as OSS is, there is going to be a wide variety of people involved, from the overstating zealot to the timid, level-headed thinker. The problem we see here is not one of an overzealous and arrogant community, but one of perception. Because those who speak the loudest are heard the most, they are assumed to represent the whole, when they really only represent a small portion. I love Linux. I love it a lot. I probably love it more than I should, but I am not going to condone the actions of RMS simply because of who he is. He is human. He has done a great amount of good for the software world, but he makes mistakes. The biggest fault of the OSS movement that this exposes is not arrogance. It's that we are to ready to jump onto whatever bandwagon certain persons in the community create.
No matter what the world thinks of the maturity of the OSS movement, it's here to stay, and we all know that. Let's stop talking and prove it.
------------------------------

Stallman, Jihads, and general incivility

[JohnnyX]

I met Richard M Stallman at last year's Linux Expo. Not a horrible person, not evil (not many people are really). He reminded me a lot of a SysAdmin that I know. Long hair, scraggly beard, technical knowledge that seemed to have replaced most social skills.

As I recall, He, ESR, and Brue Perens were giving a panel discussion about the Open Source movement. Mr. Stallman did waste about 15 minutes of the discussion harping on the GNU/Linux thing, which if you've ever been subjected to experiencing it personally, you know is even more annoying and childish than people make it sound.

What I remember the best is him standing up and yelling at me for making the point that while I appreciated the work of the GNU/OSM/etc., I believed that proprietary software had many advantages, including more money for me as a developer of said software.

That background being given, while I respect Mr. Stallman's work, I don't have much respect for Mr. Stallman outside of a very narrow segment of Computer Science, or stated another way, he is a socially inept, annoying, whiny man who vaguely resembles a street person, but he's really smart/talented (at least the MacArthur Foundation thinks so).

As to the general incivility/close-mindedness of the Linux community to non-free/open/GNU/Unix software and its creators, I have experienced it. It makes me a little sad really. I remember Bob Young getting up to do a presentation at the aforementioned Linux Expo, and stating loudly that he was using Applix Presents(?) as a presentation tool, as he unsuccessfully tried to get it to work. Most of the other presenters had used PowerPoint. What frustrated me was the way people applauded him settling for software that didn't work (which is just a tool for filling up HDs), in lieu of using a Microsoft product that did the job. I turned to the my friend and said, "I'll clap when it works". Sometimes MS software is better, and when I need something done, I don't want an ideology/religion, I want a workable tool.

In general, the Linux community needs to be just a little bit more civil to the larger Computer Science/Computer Industry/Software/Internet community.

Peace

Different social norms

[Davorama]

From where I'm sitting, this fellow just outlined what any outsider sees apon entering our world. Anybody who's spent any time here or in the news/mail/chat groups knows that the our community prefers to use a bit less tact, diplomacy, and/or social grace than most folks. It was disconcerting to me the first time I saw Linus and the EGCS team flaming each other to black soot in public too. This community is mostly a bunch of engineers, programmers, and scientists who are trying to get things done the right way and to do that, you can't pull the punchs or let something like the APSL slide without trying to change it.

So, now that we are faced by an influx of PHB types, press, and other assorted newbies who aren't used to this sort of behaviour what should we do? Nothing. They will get used to it. In the meantime, the heated debate that goes on will shape our policies and make our world (and our software) better places to live and work in.

You do have a point here, however

[FallLine]

You do have a point here. However, one major difference is that a difference in opinion isn't going to result in a division of efforts in a corporation. Atleast not under normal circumstances. There is always ONE person in charge, and a direction will be settled on. While it is true that occasionally this may result in a key individual leaving the firm, it will not result in a division of efforts.

I'm sure some of you will say that this is not true. That with Linux, Linus has the final say. While this may be technically true, there is nothing stopping say Alan Cox leaving the effort and forking the code. I think this would be damaging.

My point, here, is not that one is neccessarily better than the other. But that there are differences. There are advantages and disadvantages to both.

LAME on InfoWorld.com

[Paranoid]

Wow. Following the link, I've never seen someone so blatently ignorant in my life. I know he won't be reading this but this piece of flamebait is WAY too smelly not to say something...

Assume you wrote an application from scratch. How many ways can I modify your program so that it fails? One way? Two ways? Fifty ways? A million ways? Endless ways.

Yeah. And if I had access to your autoexec.bat I could do the same thing.

You have to do something to minimize the chance of attack. You have to do something to minimize the chance of attack when they have the code you used to build your last version.

Thats what root passwords are for. And thats also what putting a # in front of the in.telnetd line of /etc/inetd.conf is for. Compared to back-oriface or any of the seemingly endless java/IE/ActiveX/virii/whatever exploits, this seems a bit easier to do.

Who is the attacker? The guy you hired to build it. The keeper of the code.

Wow. What a pleasant thought. Linus Torvalds is going to h4x0r r0oT.

On Windows, if you don't want a virus, don't run unscanned programs. On opensource, if you don't want to get a backdoor (which are very few and far-between, as far as I've seen), don't run it. This is why I at least lightly glance over stuff as I'm compiling it. That and seeing what possible features I can make use of.

And I'd just as rather the 'keeper of the code' NOT be Microsoft. That way they might do a halfway intelligent job of 'keeping the code', not increasingly breaking it with each new release for the sake of forcing people to upgrade.

One possible solution is to not have the source code available. No source code means that attacks that come from having the source no longer exist.

This sort of development model, in my humble opinion, has more bad sides than good ones. My poor box saw windows for quite a few years, and while I was temporarily involved in coding for a mud, I was amazed by how efficiently and easily new features could be added and old bugs squashed. This is why I originally tried Linux, and this continues to be why I've never looked back.

Besides, if someone DOES manage to sneak a trojan onto a 'trusted site' (which I've heard of happening only once), people tend to notice. Doesn't take very long either. Besides, having the source code means trojans are much easier to see, and people ARE looking. Try busting out a hex editor on an .exe and telling me if its infected with a virus.
--
Paranoid

A serious problem for widespread acceptance.

[BDaniels]

"arrogance?" "some inherent truth..."

More than some. A quick look at the /. archives shows that the community of Linux users is devolving.

Not that long ago, a new user could expect to find help with a problem, and a welcome to the world of Linux. After all, none of us were born with the ability to compile kernels - we needed a teacher.

That has now changed. A newbie is likely to meet a majority of what I call 'cool doods'. These people are born Linux users. They never ran anything from MS and disdain anyone who did. They use Linux because it makes them badass and cool. You won't see them organizing an installfest -- they have no time for mere mortals looking for a better operating system.

In short, they are insecure nusiances. Unfortunately, in many forums they are the main face of Linux - and it's ugly.

They don't see that they just provide ammo to the forces of FUD. I'm getting Linux accepted where I work, but you can be damn sure I don't direct mangement to look at SlashDot. All their fears that Linux is an unsupported os for 'haxors' would be confirmed in a few pages of comments.

If Linux cannot overcome these isolationist tendencies, then it will never achieve World Domination. We've got to welcome and help new users, not flame them for having the misfortune to discover Linux later than we did.

Write the code. Use the OS. Spread the word.

Luck,
Brian

Personal prejudice...

[theyman]

There are always zealots in any forum that deals with a radical sociological change and the 'free' software/open source/linux community is just such a forum.
It's something to beware of how ever (as indicated by the subject...) personal prejudice run both ways the talkback article the post refers to has a reply which might put that in perspective:
http://www.zdnet.com/talkback/22_33604_139914.ht ml

Ta!

Community Spirit?!?

[DLG]

One of the things that I always appreciated about the 'hacker' community, was that you simply couldn't establish yourself in it without the respect of your peers. The general perception that there was a desire for knowledge and a desire to share knowledge, along with a certain lack of respect for those who did not have that ideology, made for a place where one was judged by ones contributions and not by ones status.

The development of Linux and the free software movement has always seemed to me to be a culmination on the kind of G-File hacker/phreaker of the 80's, with the benefit of resources that allowed an international and inexpensive media upon which to frame our world-view. The end result has brought a commercially sound status to what was never truly a business concept. Political skill was NEVER a benefit in this case. You can be an asshole but if you are right, someone is going to know. If no one knows you are right, well you tried.

Now alot of people are "NAMES" which is often a dangerous position. I remember associating with NAME hackers and knowing that for some of them, the NAME was all they had. This is true in ANY community, where past achievement is rewarded. The person who founded X or created X or did X is remembered with respect no matter WHAT they contribute recently.

Not so with Hackers. Respect for knowledge and skill is always there, and we worship some of the same idols, but to sustain a name in a world in which anyone can take your intellectual contribution, and modify it and make it theirs, requires a certain sense of promotion either by ones own effort, or by others.

The fact is that when I choose a product, I rarely base my opinion on that product on the specific person who invented it or the person who made it. We rely on umbrella organizations, corporations, research institutes, to give a mark of quality.

In the case of the Slashdot world, the people arguing over such things as the merits of different licenses to some extent are a rarefied breed. The majority of linux users don't care about the legal ramifications of using software because they would have taken it whether the license permitted it or not. By showing source code, it is all over. The license be damned. The fact that the corporate world needs those licenses to contribute to the movement, and the fact that the corporate world is BUYING the concept that those licenses have some value and that equivalent licenses (Apples) with certain restrictions, will be honestly followed, is a bunch of SHIT. Once I have your source code, you have to prove I have it. The hacker outside of the US doesn't have any obligations. The only thing that prevents abuse is HONOR, and that is a case in which any LEGAL effort is immediately suspect.

Control of information is not truly possible. Just as Microsofts patent on use of XOR to allow proper rendering of an onscreen pointer is absurd, so is the licenses. Those who create this show of legalese with terms like free or open as the adjective are marketing. The news sees the marketeers, they see the hype, then they realize that those 'hyping' are not really altruistic, despite the common sense that says that NO ONE who fights for abstracts is truly altruic, then they are offended by arrogance, aggressiveness, a sense of cockiness, that was part of our community when the term hacker wasn't even used in movies, let alone in boardrooms...

Every piece of software I design I provide legal protection for MY right to reuse code I developped. I attempt to avoid stealing other peoples code, but I often learn techniques of coding by looking at source code. In the end, I protect myself.

That is the goal of most of the public voices, as far as the press is concerned. Most of us are just taking advantage of every resource we have, and our interest in being a public face on a community so self-interested is not there. We are too busy...
We contribute to the movement because when we find a solution to a problem, we contact others and let them have our fix. When we take someone elses work and make it prettier, we thank the person who gave us that original work by returning the effort. But it is all self-interest. We are all arrogant thieves, stealing from each other, and happily calling it freedom and openness. If the walls came down, we would grab all the free software before it stopped being free and would hide it and share it more carefully, but we wouldn't lose a step. We would simply develop technical methods of protecting ourselves where legal methods failed...

A bizarre little rant cause I think it is time to stop patting ourselves on the back. I have been programming for 20 years and I want to remind folks that Apple ][+ came with a reference manual with the entirity of the intellectual property of Apples chip design, rom design, and listings for their OS, and basic. Open source isn't new. I used to type in programs from magazines. We aren't special. We are lucky to have seen in 30 years a transformation of computers into community builders, from corporate slaves.

Lucky... Not better or special...

Any sense of arrogance was there from the begining. It isn't new, and it isn't controllable.

GNU is asking for credit where credit is due

[feedle]

While Linux was created largely with the fine toolset built by FSF/Gnu, that dosen't give Richard, or anybody else for that matter (save a young gent from Finland), the right to tack the letters "G-N-U" in front of it. In fact, such labelling seems to me to be sour grapes, because the FSF could never find time / interest to develop their OWN operating system (anybody else remember HURD?). It seems to me that they, in a way, want to capitalize on somebody else's work.

I don't think the issue is whether or not they have the right to call a particular Linux GNU/Linux. But, Linux is (and remains) the trademark for a POSIX-compliant kernel developed by one Linus Torvalds et. al., and until The_Man (tm) says otherwise, Linux will remain Linux in my opinion. If Stallman and company want to build their own Linux distribution, fine. They encouraged SPI to call Debian "Debian GNU/Linux", and if that is the Linux they so bless, so be it.

But, to insist that Linux as a whole be perpetually known as "GNU/Linux" is an insult to Linus Torvalds. He managed to do something in a matter of months that FSF has yet to do: and that is produce a functional operating system using their own tools, and they've been working on it since 1991.

It's a strange thing. Stallman/FSF releases all this fine code under a progressive license. Now they want to change the terms of the license, and insist that we now refer to our operating system as GNU/Linux. Sorry guys, it dosen't work that way. Nowhere in the copy of the GNU GPL does it state that I necessarily have to insert the word "GNU" in any program or trademark I create in conjunction with the licensing requirements. In many ways, this runs contrary to how many people view the GPL.

Let FSF put the countless hours of development into producing a real operating system that the Linux community has done. A compiler and tools are great: but they are no good without the operating system to run them on. Where's HURD? Huh guys? *shrug* Nine years later, and all we have to show for HURD is about where Linux was when Linus posted the first announcements regarding Linux to Usenet ("...Remember when men were men and wrote their own device drivers?...")

Mr. Stallman, welcome to the future you helped create. Thousands of programmers and hobbyists writing millions of lines of code, around an operating system that got it's start from a few of your tools and a desire to make things better than they were before. Linux is so much more than the GNU toolkit ever was. Granted, Linux may not have been much without your toolkit. However, it's so much more than that now, and to insist FSF/GNU get equal credit is unfair to the thousands of others who embraced the free software ideal that Linux was created with and gave you a platform to speak in the first place.

My Reply to Lewis Mettler

[pwb]

This is my reply to Lewis's post on security issues.

Lewis A. Mettler,

You have once again gained quiet a bit of notoriety on Slashdot. And while the charge that Slashdotters are arrogant, might be true for many, I wish to take you to task for your original post on Open Source and security issues.

In your document (http://freehosting.at.webjump.com/le/lewismettler -software-engineering/OpenSource.html) you talk about the security risk on open source operating systems of someone changing the OS source code and then compiling a new kernel to give them as much access as they want.

However you gloss over a few issues and I will explain how they are BIG details you leave unmentioned.

1) You fail to mention that on these systems you must already have root ("top dog") access to the machine to edit the source code in the default installation configuration. And if you already have root access, there is not much need for you to recompile the kernel to do pretty much anything you want to do. I feel that this already gives Unix (or Unix like) operating systems more security than most PC operating system environments where there is very little any user sitting at the machine can't do.

Now I ask myself is there a way around this issue? Why yes you could build your own kernel on floppy disk (or burn it on a CD) and reboot the machine if you have physical access to it. Then you could effectively install your kernel on the machine. However this is not really any different from reboot the machine and reinstalling ANY operation system. Allow me to repeat a story told to me a few years ago by a friend of mine.

He was at a company party with a friend. During the middle of the party they went into their manager's office with an old MS-DOS floppy disk. They inserted the disk into their manager's PC and rebooted it. It booted off the floppy and into MS-DOS which most computer literate people know has no concept of security. They walked back out of the office with a spreadsheet containing the salaries for their division. What division might that have been, you may ask? My friend worked in the computer system security audit division of one of the US's largest Banks!!

Does having a proprietary closed source operating system give people a false sense of security? Based on the above story I would say that yes it does, even among those that should be very paranoid about security.

2) You fail to mention or perhaps are unaware of the fact that the security issue you describe has been taken very seriously. And that almost 10 years ago solutions to it for large networks of computers in a corporate setting or even worse, a university setting. Now you may say hold on a University is academia, that not the real world. But let me tell you when it comes to computer security academia is worse than the real world. Because in the university setting the administrators can be absolutely sure that some of the students will be VERY creative about trying to break into the computing systems.

Starting probably 10 or more years ago, CMU and MIT were looking into very much the same security issues you raise. Namely how to set up a large functioning network of computers when you can not trust the authenticity of the user or the OS running on machines on the network. The result of that research is AFS and Kerberos.

It has been more than 6 years since I have paid much attention to such security issues, but you and your readers could learn quiet a bit spending an afternoon surfing on these two topics. And they will allow a company to set up a network of computers with a reasonably high degree of security from the type of attacks you describe.

Lewis A. Mettler, Esq.

[Industrial Disease]

As somebody who reads ZDNet Commentaries on a fairly regular basis (whether I agree with them or not) I wouldn't worry too much about what Lewis A. Mettler, Esq. says. I see him as the ZDNet equivalent of the grumpy old men who write daily 10-page letters to the editor of the local newspaper, complaining about Those Darned Kids and describing how Things Were Better In Their Day. He posts long-widned responses to what seems like the vast majority of commentaries on Microsoft and Open Source. I rarely read his comments (or those of Robert "Boycott Crashware" Flash) because he seeems determined to say the same thing over and over again, every time he gets a chance. He seems to be carrying a grudge over a disagreement several months ago about the idea of "security through obscurity," which drew a few flames among the relatively civil debate. The idea of Lewis A. Mettler, Esq. having room to call anyone arrogant is amusing.

That's what's great about open source!

[sterno]

Generally I like the motives of Richard Stallman, but he wreaks of arrogance and an absolute belief that he's right and everybody else is wrong. But what makes open source such a wonderful thing is that it doesn't matter one bit what Richard Stallman thinks about Linux or Emacs or anything else because they are open and he has no control over them.

Just think of what would happen if you had such an egomaniac in charge of a software company that lived off closed proprietary code. Well, I suppose we don't have to imagine this since we have a shining example in the industry, but I'm not going to mention any names *cough* Microsoft *cough* :)

---

GNU is asking for credit where credit is due

[Supermathie]

From what I see, Richard is asking for credit for the tremendous amount of work that many developers have put into the GNU project, often with little or no reward. All they ask for is recognition! Is this so hard to give?

Richard's job is writing GNU code, with proceeds from talking. He gave a presentation on the GNU project a short while at my school (University of Waterloo) and he did come across as a very driven man. Driven by GNU? Driven by his ideals? Driven by his war against proprietary software? Driven insane? I'll not make that judgement. But I respect his views.

Personally, I view the name "Linux" as a short form for GNU/Linux. It means GNU software running under a Linux kernel. The name "Linux" is also easy to throw around verbally. Short and quick.

As to the opinion that many people in the {Linux,FSF,etc} community, /.'ers are arrogant, isn't that just the case of the pot calling the kettle black? I mean, often those reviewers aren't worth a grain of salt.

I wouldn't say arrogant. I'd say looking for recognition. After all, who would want to get recognition for writing that Windows crap? :-)

There's Some Truth But...

[mr2¢]

I've read the talkback bit and a couple of his paragraphs in the "security hole" issue. There is some truth to what he's saying, but he also needs to take a step back and review both the situation he's getting into and his article.

There's a saying that someone who knows the best is usually the worst at teaching it. Why? Because they forget what it was like to learn it. To them it's second nature. What sounds like an obvious or stupid question to them is something new or profound to someone just starting out.

Yes there's arrogant, malicious posters on /., however I don't believe any more so than any other area that has a dedicated following (in regards to vocal antagonists). It may seem like a lot, but the Internet is where the majority of us are most comfortable (it's where we work, learn and play) so it's going to be where we're most vocal. Therefore it would seem there are more flaming displays by the Linux/OSS movement. I believe it's all relative. Hey, we're not taking out doctors at *cough* abortionist *cough* clinics with high-powered rifles.

There are a lot of irrelevant (flames, ramblings, off-topic) posts to /., so yes Newbies are probably turned away from this site believing that that's what /. is trying to foster (you guys aren't however, it just comes with the territory).

As for Lewis A. Mettler, I've read his piece on ZDNN and agree somewhat, but, after reading his prose off his site I can see why he got broiled. If I understand his point (I just skimmed through a bit of it), he's saying that if you *rebuild* the source code (the system) then you can do whatever you want including granting yourself SU status. Well hell yeah.

The OS can simply be changed by altering the source code and preparing a new build of the OS.

By rebuilding the OS you need su rights or you format the machine and reinstall (rebuild) it.

Can a similar attack take place without the source code? The short answer is "No, it can not".

Yes, you can. I can format a drive w/NT and give myself any privs I want. And if it's about su status, there are other issues instead of rebuilding here. There's a major flaw in his argument, and one he doesn't address: a system's security is only as good as the administrator who runs it.

You can take any software, OS or otherwise, magnify a weakness of it and create any hypothetical reason you want to point out that it's a Bad Thing. And you're probably right, but only in that particular scenario (however implausable it may or may not be). But to take that conclusion, shoot up to 25,000 feet and make a broad generalization of the OS as a whole, based on that conclusion, is poor deduction.

His article is also populated by a lot of questions and assumes little knowledge on the end user of what Linux, source code and su status is. That, my friend, just won't fly with this crowd. It's going to come off as demeaning to /. readers. You need to know your audience, and he apparently didn't do his homework.

Proof of Linux arrogance.

[Anonymous Freak]

Why do you say that? After reading his reply, he goes to say that this response is all that he gets. Admitedly, I haven't seen any other posts from him, so as far as I know, he could think that Martians are responsible for the sinking of the Titanic, but his referenced article does seem to have valid points.

I, for one, use Windows 98 at home, and Windows 95 at work. At work I have no choice, but at home, I use W98 because for my uses it has what I want. It is, in my opinion, stable enough for non-critical work; it runs more software than Linux, most of which is of better quality, strictly because it has commercial support. I do graphics editing, and I feel that Gimp is just as good as Photoshop, but there isn't a single good Illustrator clone for Linux, so I use Windows.

And, with all the furvor over how integrated IE is in Win98, why is everyone complaining? I like having it integrated. I like the address bar next to my Start button, I like having the same look and feel for web browsing as I do for looking at local files, as I do for ftp sites, etc... Heck, even though it's obscenely huge, I even like the integration Office 2000 adds!

But, what do I get for this opinion? I get flamed and ignored! Yes, I think the spirit behind Linux and other Open Source products is great, but up to now, for my uses, there just isn't the software I need.

Yes, Linux has it's place, and for now, that is in the server room. Until there is a window manager that has the refinement of Windows/Macintosh/Be/OS2, and powerful, easy to use software that is more than just a web server, I will continue using non-Open Source software.

If Open Source boosters can claim to be so freedom oriented, why do you go to the opposite extreme of Bill Gates and feel that everyone should boycott Microsoft products (which happen to be perfectly good products for use on the desktop) just because they don't meet your standards?
</rant>

Is the world ready?

[ToyKeeper]

The Linux movement isn't just about Linux. It's not just about open sources and free software. It's a major change in the way information is perceived, in a social and political (as well as technical, of course) sense.

Technology changes fast. But social issues take decades to change, and political movements can take hundreds of years. We can't seriously expect human culture to keep up with technology... but people like RMS can help speed things up, and make change less painful.

Information wants to be free! (but is the world ready to let go?)

Re: Hmmm.

[Yohimbe]

I join you in your opinion that RMS has been short changed, but with an addition: RMS's output has been short on CODE and long on Rhetoric lately. The community is just saying What have you done for us lately? to RMS.

Linus and Alan and Dave and the rest of the kernel team get TONS of hacker points, because they are long on code and short on rhetoric.
The media keep asking Linus for sound bites, and he's very understated. That one of the things that the community loves about him.
ESR's output is historically high on code (I use fetchmail every day), but lately his code output has been overtaken by his rhetoric output. Word to the wise: In your own document, that points to people who have less respect in the community. Same goes for Bruce P. Guys, don't damage your rep like RMS has.
While I am very appreciative of all that RMS has done, his holier than thou attitude is getting a bit thin. RMS: Code some more.
Before you jump on my ass, NO I have not done major Open source works. A line or two in the kernel and 10 lines in xkeycaps.

GPL does not ensure recognition - community does

[dillon_rinker]

The GPL places NO limitations on further distribution. Nothing in there says I can't distribute the code without crediting the author. In fact, if there were credits, I could change them all to my name and redistribute the software.

However, while the GPL would let me get away with it (and rightly so - free is free; there are no partial freedoms), the hacker community wouldn't. Anyone who became aware of my actions would shun me. I would gain no recognition from them - and who else cares about what was in the source code?

This is great. What a treat...

[Soko]

Does everyone realize that this very discussion proves that OSS works? Do you think for a second that any place full of suits would be able to carry on about this? Wow, people holding thier social mores and ideas up to a mirror, and asking if they like what they see - no matter whom they are. Cool. A pat on the back all around ;-|.

Disscussing one's arrogance tends to soften it a little. Saying "I'm good at what I do" is somewhat arrogant, but if you've got the experience and accomplishments to back it up, people don't mind. Saying "I'm BETTER at what I do" tends to alienate people.

As far as RMS is concerned, he does seem to be immature politically - he should drop the GNU/Linux crusade, especially around corporate types (like reporters whose job it is to sel papers/magazines/web site hits etc.) who can readily ( and perhaps willingly) take him out of context. If he, actually any one who's extoling the virtues of OSS, is going into a pit of vipers, he'd better have some fangs too.

Hacker Arrogance as a Problem to Solve?

[SeanNi]

Warning: This is probably going to be a bit long-winded. This is because I have a number of related things that I want to say, and they are all sort-of jumbled up. So.

Yes. Hackers are arrogant.

Why? They just are. It's the so-called Nature of the Beast. Asking whether or not a hacker is arrogant is akin to asking whether or not a fish can swim.

And the arrogant hacker, as with the swimming fish, has been brought about by necessity.

There are two main contributions to this arrogance. The first is the much-vaunted "gift culture" that is so predominant. In the absence of "real" money, reputation counts as currency. How many times reading a day's worth of Slashdot, do you come across the phrase "show me the code!"? This phrase is somewhat of a double entendre (excuse me for iterating through obvious concepts; I'm just trying to be thorough). The first meaning refers, obviously, to the notion of code/source being open to the community. The second, and more relevant meaning is that a person's reputation is built almost entirely on what they have done. This point is important; I will return to it later.

If a person has not written code, they have zero reputation. For this reason are people such as Linus, Alan Cox, RMS and so on so highly respected. They have contributed a lot of very useful code to the community. For the same reason are people such as ESR, Tim O'Reilly and so on -- people who have coded, but are known more for other things -- somewhat less respected. Are they respected? Yes, but less so, especially in the Linux/Slashdot/Open Source community.

This reputation is treated as currency; if there is no respect for your code, you are no-one. Alternatively, if your code is respected, people listen to you and will do things for you.

I have been derided on Slashdot for the fact that I am a "VB Code Monkey." This is not considered coding. I have no problem with that; agree with it for the most part.

Now, this contributes to arrogance. When you have coded something, you are respected (and rightly so) for it. You become arrogant. This is RMS to a tee.

I mentioned two contributions. The other is the constant tug-of-war that the hacker must play with their code. Hackers tend to be introverted -- we spend most of our time playing with code. Code that can become annoyingly frustrating at times, yet code which is our bread-and-butter, our oxygen even.

Always forefront in the hacker's mind is the realization that if their code doesn't work, there is one thing at fault: the person who wrote it. That's the great thing about computers -- if your program ain't working, you got no-one to blame but yourself. But it's this same relationship between the hacker and their code that brings out the dominant traits of the hacker. How many times have you stared at a piece of code that would not work and wished that you could rip it off the screen and give it a good smack?

Ok, I'm being a bit melodramatic -- or am I? Perhaps not in such a corporeal manner, but there have been many times when I have wanted to force the program to to what I wanted, not what I said. When I have sat, cursing, at the code. When I have all but ripped the monitor from my desk and heaved it out the window.

And yes, I am displaying arrogance toward my program.

And before you deride me for being silly and childish, actually think about the relation between you and your code. You are constantly forcing the code to your will. You are constantly making it do what you want it to. And is this not arrogance?

If not, I don't know what is.

Because the hacker is always in a dominant position over his/her code, that tends to translate to their dealings with other people. Because they have a similar relationship with other hackers (who are the people they tend to deal with), where one person always has a bigger reputation than the other, based on the code they have written, this permits them to display arrogance towards the other. Thus the behaviour pattern is further entrenched.

Ok. As I said, I'm being pedantic, and probably have said nothing that isn't common knowledge. Hackers are arrogant. Out of necessity. And it's a good thing. If we weren't, we would be far less efficient at what we did. Namely, write good code.

Unfortunately, the combination of this arrogance with the fact that non-coders are not afforded respect means that few "outsiders" are allowed entry into the ranks. Oh, sure, they are allowed to come in, but they are quickly turned off and leave.

This I'm not so sure is a good thing.

My mother uses computers; she is a chemistry college teacher, and certainly intelligent in her own right. However, she is by no means a hacker. She sent an email recently to a colleague, which got misdirected to the sysadmin at that college. Because she is not a "hacker," or even an "uberuser," she didn't know about the Reply-To line, or using a signature. So she just included within the text of the eMail where the person could reply to.

The sysadmin replied, informing my mother that the eMail was mis-addressed. When I next spoke to her, she showed me his (the sysadmin's) eMail, and I read it. He had also pointed out that it wasn't necessary to include the return address in the eMail text, and included instructions on how to set up a .sig file and how to set the Reply-To adress. I read it, and turned to my mother, who couldn't for the life of her understand what she had done to provoke this guy's ire. She was wondering why he was being so condescending and, yes, arrogant.

Stunned, I re-read the email. There was no condescension, anger or arrogance that I could see. It was just a letter, rather polite, I thought, explaining to her how to set up her preferences and stuff. Until I looked at it through her eyes -- those of a non power-user, who has no interest in computers beyond them being a tool to write her exams in Word, make her marking tables in Excel and send off email to her colleagues in Pine. All of a sudden, this email was written by some holier-than-thou guy who was demanding that she make a whole bunch of changes to some obscure file because he didn't want to see a return address embedded in the text, where he wasn't expecting it.

Now I re-iterate that I found it to be completely innocuous. It was not until I looked at it as someone who made minimal usage of computers that I saw this.

And I realized that this attitude was very pervasive in the hacker community. I wouldn't normally give it a second thought. Hell, I wouldn't even notice it for the most part. Because, as I showed above, it is not only natural, but necessary. It is a fact of life. The nature of the beast.

Imagine now that you are a regular user... a luser. Perhaps a reporter covering a Linux Expo event. Maybe even a chemistry teacher. Someone who uses computers minimally. Someone who definitely does not code. Someone who doesn't necessarily even want to know more about computers, because it is not relevant to you. Someone deserving the contempt of any hacker. Someone who... whoops! I think we see the problem.

Now we are at a dilemma. The hacker needs to be arrogant. But at the same time, the hacker's arrogance turns off other people. How do we solve this problem?

Before I continue, I recognize that there are many people who do not necessarily consider this a problem to be solved. That is your prerogative.

I argue, however, that it is. The reason why is the old world-domination thing. We can't get more users if we keep scaring them off. We can't have world domination if we don't get any new users. And I believe that world domination is necessary. At least a little bit. Does Linux need to be a Microsoft-killer? No. But it must reach "critical mass". I'll explain that in a second. I think that we are almost there. But not quite. We are approaching it, though, and it is a heady time. Linux are getting "official" recognition from Oracle, IBM, Dell, Corel, you name it. Linux is maturing. But it's also a dangerous time. If we turn people off now, we may not get this chance again. I remember OS/2 being in the same position about 5 years ago. I was strongly involved in the OS/2 community at that time. And one of the common complaints was that people involved with TeamOS/2 were needlessly arrogant toward outsiders. Exactly the same complaint as is being levelled at the Open Source community today. OS/2 almost reached critical mass, but blew it. I think Linux has a good chance, and don't want to see the same thing happen.

And I define critical mass is that point where it is self-supporting. Yes, the fact that Linux is open source is a tremendous advantage over OS/2, and all the proprietary OS'es that have either succeeded or failed up until now. But don't fool yourself into thinking that it is self-supporting. All the open source in the world won't build drivers for closed hardware interfaces. All the open source in the world won't build support for new types of hardware. Once the user base reaches a certain size, that in itself will be enough incentive for companies to either write drivers, or release the specs. That's the critical mass.

But it's not quite there yet.

It needs just a little bit of a push... if we don't stop that push before it even starts.

So what do we do? We are arrogant, because it's needed for what we do. We do what the "standard" software companies do. We get a spokesperson. Or spokespeople. It would be a bit hard to swallow, I'll wager, because such a person would not be a hacker. Such a person would not write code. Such a person would never truly "understand." Such a person would be very similar to Jon Katz, and we know what controversy he creates around here.

But he is precisely the sort of person we need. Someone who can talk to "the public" in terms that they can understand. Someone who doesn't talk code. Someone who doesn't necessarily get it all right, because there are a lot of people out there who simply don't care.

Your average user has absolutely no use for detailed knowledge of programming, or even computers in general, any more than a hacker has use for detailed knowledge of open-heart surgery. It just isn't applicable. But yet we will jump to condemn these people for not wanting to learn. Well, surprise! Some people don't want to. Does this make us better than them? Perhaps. But it's probably not a good idea to let on. Unfortunately, the hacker's natural arrogance tends to reveal these true feelings. We don't have to hide our feelings from the computer, therefore we aren't used to hiding them from people.

Which is why a hacker should not be representing hackers to the "rest of the world". Unfortunately, RMS is a hacker. He insists that other people follow his instructions, just as he insists that the computer follow his code. And he is possibly one of the worst representatives we could have.

A plea, then, for sane representation :-)

Or someone who can talk to the non-hackers in a way that won't threaten them. Yup, he (or she) will get a few things wrong. Sure, he won't totally understand. And he/she may even say a few things that a hacker would consider utterly moronic.

But better that than appealing to the hacker, and driving everyone else away.

-----

Well. I applaud you for getting this far, because I know my style can be rather pedantic. I also haven't been able to say quite what I wanted to say, but I think it's close enough. You're going to have to do a bit of interpretation there on some of the points I've made. Basically, if what I said sounded really strange, or a bit loony, it probably came out wrong :-)

Anyway, I'm just trying to give people something to think about.
--
- Sean

"steep learning curve"?

[SeanNi]

Given that time is always represented on any graph along the x -axis, saying that something that is hard for a newbie to learn has a "steep learning curve" is factually incorrect -- it's a misnomer.

If anything, it should be considered a shallow learning curve -- for a given time period (delta- x ), the gain in proficiency will be minimal (a small delta- y ). Represented thusly (note: you may have to widen your browser to see the whole graph properly):

|
|
P |
r |
o |
f | *
i | *
c | * *
i | * *
e | * * *
n | * * *
c | * * * *
y | * * * *
| * * * * *
-------------------------------------------------- --
T i m e

In reality, however, even this is somewhat misrepresentative. That's not the way people tend to learn any given product.

A "real-world" learning curve would actually have two focii, splitting the curve into 3 sections:

1. A shallow one, where the user was just starting out, and didn't know where to start. This is true of any product.
2. A much steeper one, as they gained enough proficiency and familiarity with the product to learn on their own, very quickly (as opposed to having to rely on others).
3. Another shallow one, once they have learned the most useful features, and they don't need to learn much more, except for a few one-time uses. With some, less expansive products, the curve may end at this point, and go flat, indicating there is nothing more to be learned. With others (ie: Linux) with a huge feature set, this section may be delayed for quite a ways into the curve. But it will come.

To wit:

| * * * * * * * *
| * * * * *
| * * *
P | * *
r | *
o | *
f | *
i | *
c | *
i | *
e | *
n | *
c | *
y | *
| * *
| * * *
| * * *
-------------------------------------------------- ---------------
T i m e

Obviously, in this latter case, it is of little relevance to say whether or not the curve is "steep" unless you also mention what part of the curve you are referring to.

It is not alway correct to apply a generalization (the curve for such-and-such a product is steeper/shallower) to the curve as a whole. In the case of Linux vs Windows '9[58], for example, I belive that the initial part is much, much, much shallower (ie: harder to learn) for Linux, whereas once you get far enough along the curve, the second part becomes steeper (ie: easier to learn). Also, any comparaison is totally non-applicable to the third part, which is rather short and comes early in the case of Windows, but is much longer and comes much later for Linux.

Just my $0.02 worth (or by this point $2.00...?) :-)
--
- Sean

Crack pot test

[bears]

Self replicating exploits in compilers was neither K or R, but Ken Thompson in his classic 1984 Turing Award [acm.org] lecture.

Go read it now if you never have. <Pournelle>Recommended</Pournelle>.

Trying to understand his argument

[for(;;);]

Okay, as far as I can tell, this guy posted some theories about security loopholes peculiar to opensource systems. He was flamed, and was put off by, in his eyes, the arrogance and short-sightedness of free software advocates. In his opinion, his security ideas were not given fair examination.

So I read his article. I found the prose a little clumsy, but as best I can tell his argument is as follows:

1) Having the source code allows you to alter software in very subtle ways, and recompile it
2) Installing this new software could be so subtle as to remain undetected by any administrators

At least I think that's his argument. My challenges to this theory would be: How is J. Random User able to reinstall altered software? Why would open source code pose such a security loophole, since machine code (being a programming language) can be reprogrammed by savvy coders just as easily (or easier!) than source code could?

If the author is reading this, I would recommend him to www.counterpane.com to Bruce Schneier's writings. Schneier, as far as I know, does not give a rat's ass about RMS's vision of a world free of proprietary software. But Schneier is fanatical about security systems and cryptographic protocols undergoing peer review, and the need to avoid "security by obscurity." Machine code can be reprogrammed. Machine code is a programming language. Just because code isn't easy to change doesn't mean it *can't* be changed.

I may well have misunderstood his arguments; if so, I apologize. It sounded like this dude is unused to getting flamed. (Who doesn't get mad at being flamed?) But that shit happens all the time in a public forum, and it happens to absolutely everyone who posts.

Flamethrowing

[mulley]

Now, before everyone turns on the flamethrowers, let's think about the matter-is this true?

I think the fact that flamethrowers are so regularly involved is enough to prove that it's true.
The arguments about RMS are completely true - to me, it seems as if the sprit behind the GPL is one of not arguing over names, but instead allowing code to be shared freely for the benefit of users, regardless of its creator. Not including GNU in the name of an OS that is about 18% (according to a recent calculation) FSF software, when the license under which the software was released doesn't required that it be named that and in fact seems to encourage naming it whatever you want to, is certainly not "like, extreme".

As to the Talkback article, I do agree that the poster seems to be living on another planet. In his article on his website (which I only skimmed through, couldn't make myself read the whole thing, but I think I got the gist) he says that the danger of an open source system is that someone could introduce some malicious code into the software. Huh? This, obviously, makes no sense, particularly as it certainly isn't restricted to open-source: infect COMMAND.COM with a virus. That open source allows people to find security holes by examining code is certainly true, but also fairly obvious, and proven wrong by years of experience with Apache and Linux, which have had virtually no major security bugs when compared with NT/IIS. Not acknowledging this argument, and insulting the proponent of it, isn't arrogance but rather justified condescension towards the crackpot who brought it up.

There are always a few...

[twoflower]

Of course, there are a number of Slashdotters or open-source zealots or whatever flavour of strongly opinionated people out there, and unfortunately it is their opinions which get the most coverage in the popular press. This undoubtedly has helped keep the "Linux is for students and crackpots" mentality around longer than it deserves.

Perhaps the Linux/free software community needs a few more level-headed and persuasive people who go out looking for FUD and rationally breaking down the walls, rather than flaming against an immovable marketing machine.

Oh no, not L.A.M.E. again

[mkramer]

People like this can cause a FUD snowball picking up people who know even less than he does, unfortunately.

The fault behind his premis is that no where does he acknowledge that in order to install your altered version of the OS, you need to be root. Or bypass the BIOS security and boot from an alternative device.

If a would-be hacker can establish super-user access to install his/her modified kernel, a serious security flaw is present. One that IS best correct in an open-source model. Such flaws will always exist, but sure as hell shouldn't be trivial.

If said hacker could bypass BIOS security, that is a non-OS issue, completely unrelated to open or closed source models. If you want to take this into consideration, any "hacker" could easily bypass the currently installed OS and install their own, be it NT, Linux, or MS-DOS 2.11.

Requesting recognition.

[Masker]

And I thought that one of the points of the GPL was to ensure that the original developer of software would get recognition. Isn't it a trade off of monetary gain for recognition?

And by-the-way, doesn't any company that enforces trademarks or copyrights demand recognition for product names or work performed? Who does NOT request recognition for work that they have performed? (Unless that work was illegal or immoral...)

Recognition is all that the developer gets (in most cases) from the greater Linux community for writing a GPL'd piece of software. While it is not generally the main incentive, it's still there.

What is the argument here? Demanding money AND recognition for software is more mature than demanding recognition? I don't think so. By what standard of maturity is this to be gauged by?

I don't agree with Stallman's statement that Linux should be called GNU/Linux (although I do so from time to time). I think that is taking things a bit too far. However, so is building a distribution that is 100% GNU free (in fact, I think that the latter is a sillier suggestion).

Anyway, I think that the two extremes of demanding recognition above what other people have contributed (calls for GNU/Linux) and calling the practice of requesting recognition for a job well done (what this article does) are equally wrong.

Perhaps I can suggest two things which would make people happier: 1) Give recognition to people's hard work where it is due, and 2) Don't demand proportionally greater amounts of recognition than other people who have contributed to the greater effort.

Truth?

[JEP]

I would say that there is definitely some truth to the accusations. However, there are a LOT of posters on slashdot. If you just go by the ones that make the most noise or post the best flamebait, you're bound to get a bad impression. I think we're a lot more of a diverse community than that. Shoot, some /.'ers even like Windows!

--

No immature, just.... unique

[Bob-K]

I have to admit, when I first started reading about RMS, I thought he was sort of a left-wing flake. BUT... On further reflection, I see how a passionate attitude such as his is a crucial ingredient to making something like GNU work.

At the same time, the way he has implemented the GPL is largely derived from practical considerations (at least that's how he describes it on fsf.org). No intellectually honest libertarian can find any fault with that document, or with the time and effort that he has devoted to the cause. In fact, much of the beauty of the GPL is that it relies on intellectual property rights to be enforceable.

He's really a living contradiction, and perhaps that's why I admire the guy so much. His leftish message rings true with a lot of people, it recognizes the inherently stressful relationship between a proprietary software publisher and their customers. But his solution for the perceived problem avoids the simplistic leftish approach of "pass a law to make it better."

The fact is, GNU needed somebody passionate and idealogical to get off the ground, and RMS filled that role perfectly. And to a certain extent, I feel for him, now that Linus is the new poster boy, the guy everybody (including me) would love to share a beer with. Linux without GNU would be fairly irrelevant, but RMS's eccenticities have pushed him and his GNU colleagues to the background, and, let's face it folks, that's gotta hurt. Shoot, fifteen years of creating software and giving it away, and this is the thanks he gets?

And you know, I'm as much a born-again capitalist as anybody, but I have to say, when I first went to install Linux on a second computer, it dawned on me... I don't have to enter a unique CD code to make it work, I don't have to buy a second license, I don't have to register in order to read the Knowledge Base, I don't have to accept a hundred license agreements everytime I update something. After years of reflexively worrying about that stuff, it's a *very* liberating feeling. I don't begrudge MS and such for doing things that way, but when it's not there, you suddenly realize just how nice it is not to have to deal with it. It has nothing to do with "freedom" in the way the word is used in the Constitution, but it *is* about freedom in a sense that the average person can relate to.

RMS in London, supports slave-labour

[Shadowhawk]

I severly doubt that RMS supports slave labour. But, more to the point, he probably doesn't think about it much. You can't even assume that he knows about it... and he might not care. He has one agenda: free software.

If you're going to pick on RMS's morality or lack of it, stick to what he talks about...

Some thoughts

[segmentation fault]

I don't think fame is the reason Richard Stallman keeps telling people to call Linux GNU/Linux.

First of all, the FSF is the initiator of the GNU/Linux project, so they have the right to name it whatever they want.

Secondary, I think the reason for repeating the GNU/Linux phrase is that RMS don't want the GNU project to drown in the current Open Source Hype Wave. GNU is near equivalent with the FSF, the political organization. It is the political message, not the GNU software, which is FSFs and RMSs preferred product. The GNU project was, AFAIK, not only an Operating System project, but also the horse in front of the FSF wagon.

Now, the Open Source people are disconnecting the wagon, and keeps selling the Open Source idea. The GNU/Linux phrase is RMSs way of connecting the wagon to the horse.

Personally, I don't understand the Open Source people. They are selling Open Source big, but it doesn't look to me like they care about product quality, Right Ideas[tm], political messages or anything. So why do they sell Open Source? Do they just want to be part of something big? The "Hey, ma, I'm in the history books" attitude?

I think that might be the case. If you ask a standard Linux luser what kind of application to write, one that makes you work more effective and helps software evolution, or one who will kill all resistance and double the number of Linux users, he would go for the latter.

I like Richard Stallmans attitude; "It's better to go in the right direction than to go somewhere fast".

arrogance is a UNIX tradition

[segmentation fault]

Why should we get more people to use Linux? And are the reasons important enough that we should lie to people and pretend they're not clueless?

I think linux has enough users for a while. Currently Linux has a lot of potential for incompability. Take a look at GGI and stuff. Does that compile on FreeBSD, Solaris, Irix?

Compability and following standards is a far more important issue than open source. We must not sacrify the first one for the second.

Open debate makes it seem louder

[DonkPunch]

I think the fact that Free Software isues are debated openly makes disagreements SEEM larger.

Has anyone ever worked for a software company where there weren't serious disagreements over direction, features, etc.? Of course not. Can you imagine if members of the press where privy to every meeting in some of these companies? There would be non-stop articles like, "Serious battle at Abobe over licensing", "Microsoft divided over corporate direction".

The Free Software Community does not have one official designated spokesman to give reporters nice quotes that say everyone agrees and is happy. Instead, our discussions are open in forums such as slashdot. Any reporter (especially ones with FUD in mind) can grab an uninformed flame and quote it.

It's important for the public to understand that free software means input from EVERYONE. Of course there will be disagreements. That's a strength, not a weakness.

Mettler? hahahahahahahahahaha

[spectecjr]

This is the same Lewis Mettler who terrorized the MSNBC Tech BBS for 4 months before he was banned. He seemed to have this idea that IE was worth 70% of the price of Windows 98, so he should be able to buy Win98 for $30. Not only that, but as he'd bought it at full price, Microsoft should give all their users a $140 refund.

I mean, WTF?!?!?!?!?!??!

You can read more wonderful Mettler-isms at http://www.lamlaw.com

he still reckons he's being censored by the MSNBC tech admins. Which isn't true - he's just being prevented from engaging in his wonderful "cut & paste" style of debating.

Who is arrogant?

[Ix]

Although I did not read the article referenced, I do have a few things to say about the supposed arrogance of the linux community.

I have heard many people that the linux community is closed to outsiders. I spent a fair amount of time on irc in #gimp or #e whilst trying to figure out CVS and the hows and whys behind getting CVS code to compile (and work). Having little knowledge of C, it sometimes was duanting, but I always found help. I also saw many people looking for help and not getting it. Instead, they often got a response that, taken out of context, might seem quite arrogant. I have no special standing in the linux community, nor have I made any real contributions, besides helping new users along where I could. So why did I get helped where others got snubbed? The answer, of course, is in the phrasing of the question. If someone comes in and spams a whole channel with rude, persistant demands for assistance, they are not likely to get anywhere. On the other hand, a polite manner, a willingness to read documentation, and a sense of humour, in my experience, are almost always met in kind. I work in the technical support industry, and this is true across the board: rude, arrogant people get treated rudely and arrogantly. On the other hand if it seems that someone is trying to be a part of the solution, I'm more than happy to give them a nudge in the right direction.

The linux community has something to be proud of, and that pride, looked upon by someone who doesn't know how special linux and the community is might misconstrue that pride as arrogance. Part of that pride comes from the gradual mastery of what can sometimes be a quite unruly beast. Those who want a quick-fix solution every time the click on something and what they were expecting doesn't happen isn't going to get too much respect from a community that takes pride in finding solutions and learning for the future.

Many people have fallen into the mindset that if something doesn't work you immediately call someone and ream them out. This mentality doesn't fit too well into the GNU style (obviously) and this sort of approach will be immediately classed by those used to fixing their own problems as arrogant and not worthy of time. Who wants to put up with the abuse, especially if they are not getting paid?

Well, I suppose I've made the same point in a few different ways by now. Having said all that, I should point out that I have come across a few people that truly deserve to be called arrogant, immature, and closed-minded. Judging the linux community by these people is a bit like judging a style of music by one band. In anything there are always some gems, some coal, and everything else in between. We are all responsible for how we look to "the outside", and as such, we as a community should take care; I'm sure that we'd rather be looked upon as a gem than a lump of coal.

---

This is ridiculous!

[Dr. Gonzo]

No. Everytime I refer to that sucky piece of crap from Redmond, I don't have to call it Microsoft Windows 98. I call it windows. I don't have to call my mother by her full name either. I call her mom. I call my dishwasher a dishwasher, not Maytag Dishwasher model XEr74. Do you see my point here?

This is getting to be like the situation with hyphenated Americans, for crying out loud. No! He's not an Italian, or an American, he's an Italian-American! If you call him an American you are dishonoring his heritage and the contribution Italy made to his genetic makeup!

The fact that RMS thinks I need to call it GNU/Linux to pay homage to GNU and the FSF, that's just ridiculous. I have a great amount of respect for the GNU project. It's done more for computing than Microsoft ever has or will do. But I'm not going to call Linux GNU/Linux. First of all it's a mouthfull. Second of all, it sounds like a disease. Thirdly, there's no reason for me to do this. This is the computer equivalent of political correctness.
Every second he devotes to this little diatribe is a second he could be using to do something more worthwile. Even if he succeeded in getting people to start calling it GNU/Linux, what would be the point? It wouldn't accomplish anything.
This is all a huge waste of time.