letters: Stupid Editor Tricks

• 07/19/1999

Linux is not the most technically advanced solution. It's just FUN and it works seriously well.

Linux does not accept changes from anybody. If you want to get a code change in, you have to:

Get it to somebody Linux trusts enough to screen out obvious rubbish and who is responsible for that section of the code base

Make your changes so small and so crystal clear that they'll get past that person, who knows the code area like the back of his hand

Make the changes so small and crystal clear that they'll get past Linux, who rejects anything and everything on the grounds that it's not necessary, not obvious, not strategically correct, or any of a half dozen other reasons.

Even accepted changes generally have been resubmitted 3 times. Then to survive, they have to survive everybody's scrutiny. By everybody, I mean the thousands of hackers.

Peter T. Breuer MA CASM Ph.D. Ing.,

Assoc. Prof. Area de Ingenieria Telematica

Universidad Carlos III de Madrid

That argument may work in the faculty senate, but I seriously doubt that many CEOs care how much fun Linux is, or trust the thousands of hackers to guarantee the quality of an OS their enterprise uses to host mission-critical applications.

* * *

I have been developing for and using S/36, S/38, and AS/400 my entire career, been reading MIDRANGE Systems for years, and have never read such unsupported ranting as your "Stupid Linux Tricks" article

As a consultant in the applications and security fields concerning AS/400's I can assure you that the AS/400 is as vulnerable as any other system when connected to a network. Your assumption that security holes result from published OS source code illustrates your ignorance on the subject.

I have been installing Linux systems right along AS/400's for the past 5years. They run extremely well as HTTP servers, FTP servers, Proxies, Firewalls, etc. Do you really want to open up yourAS/400 directly to the 'Net? All of my own web sites run on Linux servers and run for months on end without me having to touch them. You pick the tool appropriate for the job. Many AS/400 users are also avid Linux users and supporters.

Rich Rijnders

Firstsys Solutions

Amaru replies:

Of course security holes don’t “result” from published source code. What an absurd idea! What I said was that open source publishing serves to make obscure security holes known to the public. If it is spotted by a “friendly observer” it gets fixed. If it is spotted by a malicious observer, you get hacked. Open Source is a two edged sword and not the magic wand that Open Source zealots would have us believe.

As for Linux systems running along side AS/400s---this is all very nice, but totally irrelevant to my point: would you run mission-critical applications on Linux? And why would you not run Domino on an AS/400. For an IT manager who does use Linux, is the cost of the PC running Linux PLUS the integration costs really cheaper than running on an AS/400?

* * *

As an IT professional, I find it unfortunate that you chose to deride Linux in the way you did. We use Linux for a variety of mission- critical applications.

Linux isn't about competing with MS or any other OS. It's not about being closed and proprietary versus open and free. It's just another operating system.

Your arguments that 1) Linux users advocate the use of Linux because of its status as Open Software, and 2) that Open Software is more vulnerable to attacks than closed software are demonstrably false.

No, you do not "get it". Thankfully, many people are waking to the realization that they are not tied to one platform. Now that a frame of reference exists (Linux), many people are seeing the performance limitations of more universally used operating systems and [reaping] the performance and cost savings that can be enjoyed by using an alternative.

Brian Talley

betalley@servtech.com

Amaru replies:

Thank you Brian for proving my point that Linux missionaries are long on fervor and short on corroborative evidence.

* * *

I'd hate to be the only "rabid dog of the Linux lunatic fringe" to miss pointing out your misconceptions of the Linux OS.

Your assumptions fly in the face of real-world data. Because of the open nature of Linux, many security threats are fixed before they're ever exploited (with thousands of pairs of eyes reviewing source code, somebody's bound to hit the bugs). The ones that are exploited are fixed within hours, literally. I don't know about IBM, but I know it takes HP days at a minimum to put out fixes for HPUX. I suspect IBM is even worse.

If you're talking about which application requires which Linux “distribution” [as being a problem] then I would agree. But that's changing, and developers are starting to figure out how to make their applications distribution independent.

By [your] logic, we should all just cave and standardize on Microsoft. Then there would only be one OS, and everyone would be happy. Well maybe there is a good reason to have a plethora of “choices.” All the ranting and raving of the Linux and Open Source Community “is” going to change things. Linux distributions are the fastest growing operating system in the world.

Companies like IBM are freeing their source code and openly embracing Linux. Companies like Red Hat, who make money selling a free operating system, are going public. Companies getting behind Linux read like a Fortune 100 list--Intel, Compaq, Novell, Oracle, and let us not forget IBM. Linux is here for the long run.

Kirk Rafferty, Director of Operations

Fairplay Communications

Amaru replies:

Personally I find the concept of all of these two-hour bug fixes far more disturbing than soothing. This implies sloppiness in either the original code or the associated bug fix testing that should not be tolerated. In either case the underlying assumption is that none of those eye are malevolent.

Every code cracker on Earth must have taken a shot at Linux by now, and will probably continue to do so as long as it’s available to them. If you look at this ‘problem’ from another perspective, you’d see that this is a good thing.

Not only is the current stable Linux kernel available to all, but so is the current development version. Everyone has the code available to them from the earliest stages of its development. This lets them find and offer fixes to bugs early on as hundreds of people watch it. A lot of the people out there care about the quality of the code on their computers, so why would they want bugs in it? With so many normal programmers keeping an eye on the code, they’re bound to find most of the bugs, even if the crackers don’t tell anyone about something they can possibly use later on.

The bottom line is that unlike the big, proprietary operating systems, the users can offer suggestions about future features and actual code as well. That makes their idea a lot more likely to be added because the majority of the work is done already. If a company direly needs something, they can always add that functionality themselves because they have the full source code at their fingertips, very much unlike NT or OS/400.

As for different versions of the Linux source code, or ‘forking’ as it’s usually called, this is being worked on. Linus retains rights to the name Linux and the code he releases under that name. ‘Linux’ is only the kernel for the operating system. As a result, there is only one true Linux kernel at any one time.

Compatibility problems among different distributions aren’t the big problems that they seem because the distributors have to stick to certain standards that are in place. The differences are there because many things have not been standardized yet, such as certain parts of the X Windowing System and how the system settings are set up. These are being addressed, but the market has been demanding features faster then everyone can agree on how they should be done.

Non-GUI applications can be created that function with most, if not all, of the distributions out there because of the standards and documentation in place for the kernel. If a company changes the kernel enough so that programs based on these standards no longer work, the kernel is no longer true ‘Linux’ and cannot be sold as such. Standards are something the big businesses you prefer would love to see disappear if they could.

Many people are not that wasteful with their money. If they want to use Linux exclusively and do not know how to assemble their own systems, then they get screwed by the Microsoft Monopoly™. Besides, even having a Microsoft product around makes some people I know nauseous. Think of it as self-preservation in their case.

Stuart Hicks

Systems Admin, EDS

Bravo! How does it feel to be a martyr? There must be quite a sizable mob outside your office with torches and pitchforks.

Your observations about Linux are right on the money, quite a sore spot for many in the Linux crowd. For open disclosure, Network Trust Intl. writes gloriously proprietary software for the dark side—the Windows NT environment. As you lucidly pointed out, we chose this market for the same reasons that IT managers choose to centralize around the AS/400: stability and consistency. Unfortunately, those are not the first characteristics that come to mind when describing the many distributions of Linux.

While Linux aficionados shudder at the U-word, dealing with Linux distributions is Open Software Foundation (OSF) dèja vu. Being voracious capitalists, Network Trust Intl. takes on many "special projects." We just ported a string-interpretation language from VMS to what started as "all" Linux distributions. Unfortunately what compiled and ran on one distribution would not even compile on another. For a software company intent on making a profit, that makes the cost of Linux support a problem. A problem that redoubles for an IT manager for whom bountiful software is far more important than the coolness of an OS. 

Jack Fegreus, Ph.D.

Consulting Architect

Network Trust International

+

MIDRANGE Systems welcomes letters from all interested parties. Please E-mail, fax or mail to the attention of Chris Amaru (amaruc@midrangesystems.com; fax 215-643-3901). All letters must include name, title, company, address, and phone number or E-mail address. Letters will be edited for clarity and length.