Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Software Design (was: Re: [tlug] Confessions of a closet OpenBSD user)

On Fri, Jun 28, 2002 at 05:55:59PM -0400, Josh Glover wrote:
> Jack Morgan wrote:
> >On Fri, Jun 28, 2002 at 01:42:01PM +0900, Stephen J. Turnbull wrote:
> >
> >>My point is just that (1) as developers we need to aspire to standards
> >>higher than "talented amateur," and (2) as users and admins we need to
> >>_demand_ higher standards from the development _process_, if we want
> >>open source to continue to grow healthily, both in the market and
> >>overall.
> >
> >
> >So how can we demand higher standards? Well, for starters as Matt as 
> >indirectly
> >suggested, just don't use the product.
> Or, as I proposed, get involved in the projects upon which you depend 
> and see how things work behind the scenes.
> I am going to pull on my asbestos trousers here and let you know what I 
> think about OSS in general:
> Many Open Source projects are complete shite. So are many commercial 
> ones, but one thing that the commercial environment *has* foisted upon 
> some professional coders is formal and careful design.
> Now, before I launch into what might be a very messy thread, let me 
> offer these disclaimers:
> 1) I am a big proponent of Open Source, but I am not willing to pretend 
> that it has no problems.
> 2) I make no claims that all commercial software is carefully designed 
> and that OSS never is.

> My contention is simply that the design of a lot of OSS is, to quote a 
> co-worker, "sloppy". And this sloppiness can exhibit itself in bad ways, 
> as was the case with the recent OpenSSH vuln. I am not calling the code 
> sloppy here, just the design.
> Elegant and efficient code *is* very important to a successful piece of 
> software, but so are design and *gasp* documentation.

It doesn't matter how elegant your (userland) code appears. If Linux's
(and *BSD's) overall security model contains significant flaws in its 
design, then attempting to create the fix in the userland isn't the
best answer. The answer lay with the kernel itself. Design, especially
security, begins with the kernel. Blaming sloppy userland development 
seems to me to be a red herring. IMO what Linux, *BSD, and UNIX need 
are innovative ideas incorporated at the kernel level; not at the
userland level. Plan 9's IL protocol is a good example of out of the 
box thinking.

I believe that if Linux fails as an OS, it will be due to too much 
"in-the-box" thinking; not from "sloppy" code. 

-- Uva Coder

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links