FOSS and the Fear Factor

In a world that’s been dominated for far too long by the Systemd Inferno, Linux fans will have to be forgiven if they seize perhaps a bit too gleefully upon the scraps of cheerful news that come along on any given day.

Of course, for cheerful news, there’s never any better place to look than the Reglue effort. Run by longtime Linux advocate and all-around-hero-for-kids Ken Starks, as alert readers may recall, Reglue just last week launched a brand-new fundraising effort on Indiegogo to support its efforts over the coming year.

Since 2005, Reglue has placed more than 1,600 donated and then refurbished computers into the homes of financially disadvantaged kids in Central Texas. Over the next year, it aims to place 200 more, as well as paying for the first 90 days of Internet connection for each of them.

“As overused as the term is, the ‘Digital Divide’ is alive and well in some parts of America,” Starks explained. “We will bridge that divide where we can.”

How’s that for a heaping helping of hope and inspiration?

Windows as Attack Vector

Offering discouraged FOSS fans a bit of well-earned validation, meanwhile — and perhaps even a bit of levity — is the news that Russian hackers apparently have begun using Windows as a weapon against the rest of the world.

“Russian hackers use Windows against NATO” is the headline over at Fortune, making it plain for all the world to see that Windows isn’t the bastion of security some might say it is.

The sarcasm is knee-deep in the comments section on Google+ over that one.

‘Hackers Shake Confidence’

Of course, malicious hacking is no laughing matter, and the FOSS world has gotten a bitter taste of the effects for itself in recent months with the Heartbleed and Shellshock flaws, to name just two.

Has it been enough to scare Linux aficionados away?

That essentially is the suggestion over at Bloomberg, whose story, entitled “Hackers Shake Confidence in 1980s Free Software Idealism,” has gotten more than a few FOSS fans’ knickers in a twist.

‘No Software Is Perfect’

“None of this has shaken my confidence in the slightest,” asserted Linux Rants blogger Mike Stone down at the blogosphere’s Broken Windows Lounge, for instance.

“I remember a time when you couldn’t put a Windows machine on the network without firewall software or it would be infected with viruses/malware in seconds,” he explained. “I don’t recall the articles claiming that confidence had been shaken in Microsoft.

“The fact of the matter is that no software is perfect, not even FOSS, but it comes closer than the alternatives,” Stone opined.

‘My Faith Is Just Fine’

“It is hard to even begin to get into where the Bloomberg article fails,” began consultant and Slashdot blogger Gerhard Mack.

“For one, decompilers have existed for ages and allow black hats to find flaws in proprietary software, so the black-hats can find problems but cannot admit they found them let alone fix them,” Mack explained. “Secondly, it has been a long time since most open source was volunteer-written, and most contributions need to be paid.

“The author goes on to rip into people who use open source for not contributing monetarily, when most of the listed companies are already Linux Foundation members, so they are already contributing,” he added.

In short, “my faith in open source is just fine, and no clickbait Bloomberg article will change that,” Mack concluded.

‘The Author Is Wrong’

“Clickbait” is also the term Google+ blogger Alessandro Ebersol chose to describe the Bloomberg account.

“I could not see the point the author was trying to make, except sensationalism and views,” he told Linux Girl.

“The author is wrong,” Ebersol charged. “He should educate himself on the topic. The flaws are results of lack of funding, and too many corporations taking advantage of free software and giving nothing back.”

Moreover, “I still believe that a piece of code that can be studied and checked by many is far more secure than a piece made by a few,” Google+ blogger Gonzalo Velasco C. chimed in.

“All the rumors that FLOSS is as weak as proprietary software are only FUD — period,” he said. “It is even more sad when it comes from private companies that drink in the FLOSS fountain.”

‘Source Helps Ensure Security’

Chris Travers, a blogger who works on the LedgerSMB project, had a similar view.

“I do think that having the source available helps ensure security for well-designed, well-maintained software,” he began.

“Those of us who do development on such software must necessarily approach the security process under a different set of constraints than proprietary vendors do,” Travers explained.

“Since our code changes are public, when we release a security fix this also provides effectively full disclosure,” he said, “ensuring that the concerns for unpatched systems are higher than they would be for proprietary solutions absent full disclosure.”

At the same time, “this disclosure cuts both ways, as software security vendors can use this to provide further testing and uncover more problems,” Travers pointed out. “In the long run, this leads to more secure software, but in the short run it has security costs for users.”

Bottom line: “If there is good communication with the community, if there is good software maintenance and if there is good design,” he said, “then the software will be secure.”

‘Source Code Isn’t Magic Fairy Dust’

SoylentNews blogger hairyfeet had a very different view.

“‘Many eyes’ is a complete and total myth,” hairyfeet charged. “I bet my last dollar that if you looked at every.single.package. that makes up your most popular distros and then looked at how many have actually downloaded the source for those various packages, you’d find that there is less than 30 percent of the packages that are downloaded by anybody but the guys that actually maintain the things.

“How many people have done a code audit on Firefox? LibreOffice? Gimp? I bet you won’t find a single one, because everybody ASSUMES that somebody else did it,” he added.

“At the end of the day, Wall Street is finding out what guys like me have been saying for years: Source code isn’t magic fairy dust that makes the bugs go away,” hairyfeet observed.

‘No One Actually Looked at It’

“The problem with SSL was that everyone assumed the code was good, but almost no one had actually looked at, so you never had the ‘many eyeballs’ making the bugs shallow,” Google+ blogger Kevin O’Brien conceded.

Still, “I think the methodology and the idealism are separable,” he suggested. “Open source is a way of writing software in which the value created for everyone is much greater than the value captured by any one entity, which is why it is so powerful.

“The idea that corporate contributions somehow sully the purity is a stupid idea,” added O’Brien. “Corporate involvement is not inherently bad; what is bad is trying to lock other people out of the value created. Many companies handle this well, such as Red Hat.”

‘The Right Way to Do IT’

Last but not least, “my confidence in FLOSS is unshaken,” blogger Robert Pogson declared.

“After all, I need software to run my computers, and as bad as some flaws are in FLOSS, that vulnerability pales into insignificance compared to the flaws in that other OS — you know, the one that thinks images are executable and has so much complexity that no one, not even M$ with its $billions, can fix.”

FOSS is “the right way to do IT,” Pogson added. “The world can and does make its own software, and the world has more and better programmers than the big corporations.

“Those big corporations use FLOSS and should support FLOSS,” he maintained, offering “thanks to the corporations who hire FLOSS programmers; sponsor websites, mirrors and projects; and who give back code — the fuel in the FLOSS economy.”