Index Home About Blog
Newsgroups: fa.linux.kernel
From: Alexander Viro <viro@math.psu.edu>
Subject: Re: Funding GPL projects or funding the GPL?
Original-Message-ID: <Pine.GSO.4.21.0207261642500.21586-100000@weyl.math.psu.edu>
Date: Fri, 26 Jul 2002 21:24:06 GMT
Message-ID: <fa.mjaptbv.nkkrjq@ifi.uio.no>

On 26 Jul 2002, Federico Ferreres wrote:

[sigh... I shouldn't be doing that, but...]

> Idea 1: You do have $10 and you are trying to free-ride (honest answer).
>
> Idea 2: You don't have $10 or $20 a year to "spare"? Then probably you are using
> (old and) already supported hardware. And because past years developements
> are free as in beer. If you ARE a developer, you get a free permament
> membership so you shouldn't care about all this.
>
> Idea 3: Make bugfixes and hardware support are always GPL and not fGPL. The fGPL
> will force you to distribute under GPL (or fGPL, at your choise).
>
> Idea 4: Write your own drivers if nobody else would.
>
> Idea 5: You are a student and as such are granted a free membership
> until you finish your studies.

What you and the rest of armchair generals do not get is that "adding
features" is _not_ the hard part of work.  Doing that in a way that
wouldn't be a permanent source of bugs afterwards and cleaning up the
existing sources of bugs _IS_.  So is doing infrastructure work.  So
is auditing code.  So is removing crap code.

None of that is covered by your "model".  99:1 that your "working driver
for card" is going to contain a bunch of root holes.  _And_ be unmaintainable.

I had seen quite a few vendor drivers.  Every time I'm looking at one of
them, I'm reminded of MST3K.  Yup, Mistery Science Theater 3000.  With
guy being forced to watch crap selected to drive him mad.

And it's not just vendor drivers.  Example: recently a new version of
cpio(1) had been released (after 6 years of inactivity).  It still
contains idiotic holes reported (with fixes) years ago.  Many times.
Some of these holes going back to 1993 (first report I'd been able to
find, followed by ~5 rediscoveries of the same bug).  Who should be
paying to whom in cases like that?

The thing being, absolute majority of software is crap.  That has nothing
to getting paid for it and everything with average quality of programmers.
For how many years did the (well-paid) rogering tosspots in SGI ship IRIX
with sendmail choke-full of known root holes? (not to mention that
it was configured as an open relay effectively hiding the IP of submitting
host - spammers' dream come true).  For how many years did Sun ship
systems with mind-boggling default configuration? (NIS holes galore)
For how many years does Microsoft ship what they are shipping?

As long as crap software is considered acceptable and people who write
crap - employable, the things will be bad and job market - overcrowded.
It's that simple.



From: viro@weyl.math.psu.edu (Alexander Viro)
Newsgroups: comp.os.linux.development.system
Subject: Re: Linkable Modules
Date: 18 Aug 2002 17:44:00 -0400
Message-ID: <ajp4f0$3s3@weyl.math.psu.edu>

In article <3D600AC9.5960EB58@daimi.au.dk>,
Kasper Dupont  <kasperd@daimi.au.dk> wrote:
>
>The manufactures might think supporting some
>versions should be enough, but I don't think
>it is. If different manufactures does not
>support the same versions you will have a
>problem if you have more than one hardware
>component in your computer. (Most people do.)
>And my kernel with my 11 favourite pathces is
>never the one hardware manufactures choose to
>compile their drivers for.

So you have 11 patches of varying quality atop of the kernel with spots
of different degrees of brittleness _AND_ on top of that you want not
one, but several pieces of code from people who seem to be chronically
unable to hire a half-decent C programmer?  Wow.

Guess what?  You are buggered.

Vendor drivers are crap.  They don't magically become better when they
get merged into the tree, but there's at least _some_ barrier keeping
more outrageous crap out.  And they do get some cleanups and fixes.
And no, Windows drivers are not better.  The sad truth is, there is
a lot of programmers, but very few decent ones.  And few of those
can do asynchronous code.

So if you run vendor drivers you are running code from hell-knows-who
with priveleges higher than that of any suid-root program and you
rely on aforementioned hell-know-who to audit it.  Could you spell
"suicidally stupid"?

--
"You're one of those condescending Unix computer users!"
"Here's a nickel, kid.  Get yourself a better computer" - Dilbert.

Index Home About Blog