
Stop Bashing Bash and GNU - mcfunley
http://weev.livejournal.com/409835.html
======
mindcrime
Well said. rms is still The Man as far as I'm concerned. So bash had a bug,
big whoop-do-freaking-do... I guess Windows or Internet Explorer or ActiveX or
Firefox or Chrome or Opera or Java or Flash never had exploitable bugs; oh,
wait....

The takeaway from all this, to me, is simply to acknowledge that while "with
enough eyeballs all bugs are shallow" may or may not be true, there's no easy
way to know, a priori, how many eyeballs are "enough" \- and Open Source
projects (right alongside ALL software projects) should still utilize tools
like static code analysis, fuzzing tools, should still have dedicated security
audits from time to time, etc.

The other takeway is that "defense in depth" is _still_ mantra number one for
security. You can have a hole at any level, which means that _every_ level
must work to limit access to the greatest possible extent. A hope and prayer
and expecting all software to be bug-free isn't going to cut it.

~~~
rabite
Free software accomplishes more with less. However, there's now too much code,
too few competent eyes, and all those eyes are forced to make a living
optimizing stupid shit like advertising display algorithms. If the companies
that built their fortunes on all the free software that made their empires
possible dedicated a tiny fraction of their fortunes to making sure the
software gets maintained well, there wouldn't be an issue.

Instead, however, they refuse to contribute because it is also giving their
competitors an edge. Such is the tragedy of the commons.

------
krapp
weev does no credit to Richard Stallman or his philosophy by insisting that
either must be considered beyond criticism or above reproach, or suggesting
that the controversy around things like Heartbleed and shellshock amount to
character assassination, or casting him as, literally, a Sisyphean figure who
practically singlehandedly created the modern software world, only to be cast
aside by simpletons who can't comprehend his awesomeness.

Particularly, given the position of free software advocates themselves who are
more than willing to deride, malign and condemn as immoral or evil any program
that doesn't have a GPL attached.

I agree that making fun of his weight or his eccentricities is in poor taste,
but his ideas are fair game, which is as it should be.

RMS may be right. Personally, I think he's right about a lot of things. But he
didn't come down off the mountain with clay tablets written on by the finger
of God.

------
MyDogHasFleas
Do this thought experiment. What if Torvalds (or the equivalent) had never
created the Linux kernel and put it under GPL? Where would GNU be today? And
would you be thinking RMS is The Man?

