![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Here a patch, there a patch...
Sep. 25th, 2014 11:50 pm... everywhere a patch, patch ♫
Patched my Slackware server against Shellshock. That was an interesting one. Of course the media loses their fucking minds over this sort of thing (so many articles that were just "wow, something bad that we don't understand may be happening, and you will likely be horribly affected, but there is nothing you can do, so just sit and be afraid"), but it was a serious vulnerability in certain circumstances. I'm sure most large companies and organizations have servers that are wide open to remote attacks using these sorts of openings (15 layers of subcontractors and executives deciding on implementations makes for crappy final products using lowest-common-denominator technologies and techniques). I almost borked my system (recoverable, but it would have been a pain) by installing the 32-bit version of Bash, but I was able to download and install the correct, 64-bit, version while I was still logged in as root. Oooops, carelessness on my part, but no harm done (only took 10 minutes to fix once I realized what I had done, and went much more carefully, but a Linux system without a functioning Bash installed can be a bit of a challenge, heh).
I'm so glad that Bash and its ilk are open source: first bugs can be discovered and reported, but they are also fixed in record time (and the fixes are scrutinized by many, many eyes once they are published). When I was doing some hardcore Bash programming a few years back, I actually discovered two bugs in Bash (an edge case for one, and the other was a feature that doesn't seem to have been tested properly until I came along). In both cases, I reported the bug and there was a patch waiting for me in my inbox later the same day (and which was folded into subsequent releases). In these cases, the patch worked like a charm (in the case of Shellshock, it took two patches to fix the initial problem and a similar, but unrelated in the code, problem documented after the first "incomplete" patch had been released). In contrast, I had reported a device driver bug to National Instruments in their Labview system that prevented multiple high-performance (many thousands of dollars each) Analog-to-Digital cards from taking properly synchronized data. It took them so long to release a patch for the bug (after arguing with me for months about whether it was really a bug or not and sending me on wild goose chases to try workarounds that didn't work), that the window for the experiment we needed the equipment for came and went. They released the patch months after the experiment was over and for which we were only able to get partial data from because of the National Instruments bug. This is a specific instance, but I have had similar experiences with commercial (proprietary) software over and over again through the years. Give me open source any day!!!
Now if we could just find a funding model that worked in a robust way for funding open source developers... in many ways, they are just ahead of the curve of artists, musicians, writers, and the like in that the toils of their labours is free to share (unencumbered by restrictive copyright rules), and they have to find some other way of making a living from their work rather than restricting its copying or distribution. While those profiting from people engaged in purportedly artistic endeavours are fighting an already lost battle (the content will find a way to be free regardless of any law or attempts at preventing copying), open source software developers (and many independent artists) are trying to find models that work for everyone. Unfortunately, we live in a culture of entitlement and much of the world's societies have devolved into kleptocracies ("if it's not worth stealing, it's not worth having") and it will take generations, if ever, for people to come to the realization that they are harming themselves by not financially supporting the people that bring them wonderful technologies and entertainment. To do so will require a revamping of the way our financial systems work even (more in this in a later post, but I think I've posted about this sort of things many years ago, but I don't remember), and a concerted effort by governments and grassroots to change people's perceptions and attitudes on the matter. Part of the problem is that nobody is going to willingly give their money to a multinational conglomerate suing children for their college money for downloading Metallica songs, and until that mechanic is dead and gone, and while artists will likely receive only a pittance (if anything) from people who would honestly like to support them (because of said exploitive corporations), then little progress will be made.
Patched my Slackware server against Shellshock. That was an interesting one. Of course the media loses their fucking minds over this sort of thing (so many articles that were just "wow, something bad that we don't understand may be happening, and you will likely be horribly affected, but there is nothing you can do, so just sit and be afraid"), but it was a serious vulnerability in certain circumstances. I'm sure most large companies and organizations have servers that are wide open to remote attacks using these sorts of openings (15 layers of subcontractors and executives deciding on implementations makes for crappy final products using lowest-common-denominator technologies and techniques). I almost borked my system (recoverable, but it would have been a pain) by installing the 32-bit version of Bash, but I was able to download and install the correct, 64-bit, version while I was still logged in as root. Oooops, carelessness on my part, but no harm done (only took 10 minutes to fix once I realized what I had done, and went much more carefully, but a Linux system without a functioning Bash installed can be a bit of a challenge, heh).
I'm so glad that Bash and its ilk are open source: first bugs can be discovered and reported, but they are also fixed in record time (and the fixes are scrutinized by many, many eyes once they are published). When I was doing some hardcore Bash programming a few years back, I actually discovered two bugs in Bash (an edge case for one, and the other was a feature that doesn't seem to have been tested properly until I came along). In both cases, I reported the bug and there was a patch waiting for me in my inbox later the same day (and which was folded into subsequent releases). In these cases, the patch worked like a charm (in the case of Shellshock, it took two patches to fix the initial problem and a similar, but unrelated in the code, problem documented after the first "incomplete" patch had been released). In contrast, I had reported a device driver bug to National Instruments in their Labview system that prevented multiple high-performance (many thousands of dollars each) Analog-to-Digital cards from taking properly synchronized data. It took them so long to release a patch for the bug (after arguing with me for months about whether it was really a bug or not and sending me on wild goose chases to try workarounds that didn't work), that the window for the experiment we needed the equipment for came and went. They released the patch months after the experiment was over and for which we were only able to get partial data from because of the National Instruments bug. This is a specific instance, but I have had similar experiences with commercial (proprietary) software over and over again through the years. Give me open source any day!!!
Now if we could just find a funding model that worked in a robust way for funding open source developers... in many ways, they are just ahead of the curve of artists, musicians, writers, and the like in that the toils of their labours is free to share (unencumbered by restrictive copyright rules), and they have to find some other way of making a living from their work rather than restricting its copying or distribution. While those profiting from people engaged in purportedly artistic endeavours are fighting an already lost battle (the content will find a way to be free regardless of any law or attempts at preventing copying), open source software developers (and many independent artists) are trying to find models that work for everyone. Unfortunately, we live in a culture of entitlement and much of the world's societies have devolved into kleptocracies ("if it's not worth stealing, it's not worth having") and it will take generations, if ever, for people to come to the realization that they are harming themselves by not financially supporting the people that bring them wonderful technologies and entertainment. To do so will require a revamping of the way our financial systems work even (more in this in a later post, but I think I've posted about this sort of things many years ago, but I don't remember), and a concerted effort by governments and grassroots to change people's perceptions and attitudes on the matter. Part of the problem is that nobody is going to willingly give their money to a multinational conglomerate suing children for their college money for downloading Metallica songs, and until that mechanic is dead and gone, and while artists will likely receive only a pittance (if anything) from people who would honestly like to support them (because of said exploitive corporations), then little progress will be made.
