[techieMoe]

Quote:

Originally Posted by JVincent08

Are there other people out there who love Linux yet discourage spreading the
word?

I might qualify that description, given a particular context. Linux isn't for everyone. I despise when people accost me on the street or bring leaflets to my door espousing their religion or political views, so I don't plan on doing that sort of thing to try and "push" Linux on people.

If asked, however, I'm more than willing to go into great detail about Linux and the various distributions I've tried out. I'll burn a CD for them on the spot if I have the means. This has happened a couple of times at work.

I prefer to let people approach me about Linux. That shows initiative and at least the willingness to try something new, even if they don't end up liking it. I use Linux on my laptop, and if someone sees me using it and asks something, they're interested. I do my best to answer their questions. That's all I think anyone can be asked to do.

[MikeTbob]

Quote:

Originally Posted by fingal

I think many OSes are only as good as their end users.

I was re-reading this thread for clarity and I guess I missed this post by fingal, which seems to sum it up best all in one line. I completely agree with this statement. It even pertains to MS users to some extent.

Quote:

Originally Posted by techieMoe

I might qualify that description, given a particular context. Linux isn't for everyone. I despise when people accost me on the street or bring leaflets to my door espousing their religion or political views, so I don't plan on doing that sort of thing to try and "push" Linux on people.

If asked, however, I'm more than willing to go into great detail about Linux and the various distributions I've tried out. I'll burn a CD for them on the spot if I have the means. This has happened a couple of times at work.

I prefer to let people approach me about Linux. That shows initiative and at least the willingness to try something new, even if they don't end up liking it. I use Linux on my laptop, and if someone sees me using it and asks something, they're interested. I do my best to answer their questions. That's all I think anyone can be asked to do.

I also agree with this line of thinking, for the simple fact that of all the people that I have tried to convert to Linux, not one single person was moved to switch or even try it out. The only people that will try Linux are the ones that want to try Linux

[SagaciousKJB]

Quote:

Originally Posted by techieMoe

I'm not a lawyer either. My interpretations are just what I've gleaned off the internet and the few court cases that have upheld the GPL.



Oh absolutely. I look forward to this. Recently at a security conference there were several bugs uncovered and patched for Mac OS X and Windows Vista (or rather an Adobe product running on them), but the Linux box that was also available for cracking wasn't even really touched. I would like to see more security competitions to root out more bugs in Linux. The more we root out, the less there will be. I think perhaps our difference in opinion is that you think more exposure to crackers is a bad thing, whereas I see it as something that will improve the OS.



There's one thing that can only work in favor of Linux users when it comes to a wide-spread exploit: unless the exploit is in the kernel itself, no two Linux installations in the wild are exactly the same. If there's a bug found in CUPS for instance, it won't affect those without that package installed. There are also slight differences in the way some distributions lay out their system files. In this case, inconsistencies like this are a good thing; they keep the likelihood of a widespread attack down to a much smaller number.



I still don't understand this argument. Regardless of the number of users, there will still be just as many developers (if not more) working on bug fixes. The number of end-users has little to do with how speedy a patch is issued, aside from the fact that more users means more press, which means more exposure when a bug is found. If anything, the more users there are, the quicker the bugs will be found.



I don't buy it. You're assuming a lot here. First: that there are widespread exploits that could be used en masse to take over large numbers of Linux installs (see my point above regarding how each is different). You're also assuming that Linux users won't keep up with protecting their systems the same way they did in MS Windows. The reason most Linux users don't use malware checking software is that there simply is no malware out there right now.

When (and if) that situation changes, most Linux users will simply install an antivirus the same as a Windows user and that would be that. The only vector for attack that I can see right now is social engineering attacks, such as we've seen on Mac OS X. If you can trick the user into downloading your virus (say, through a zipped file that claims to have screenshots of an upcoming hot product) then there's little an antivirus program can do to prevent that.



I understand. You're playing the Devil's Advocate here. It's hard to do sometimes.

Well, the main idea behind what I'm proposing is that if there are more Linux users, there will be more careless Linux users. So, if for example, a small flaw in the kernel like vmsplice doesn't effet any computers in the 2.6 era, what if by the time we get to the 3.6 era that so many people are using Linux, that the same type of vulnerability is exploited more purely because there are more users to exploit by it.

So, in other words... Imagine there was a current Linux community, with mostly discerning, security-cautious users. I mean, let's face it, that's one of the most common reasons people switch to Linux, so we're not really dealing with a crowd that is naive enough to open up email attachments randomly. The likelihood of say, someone packaging a local-root exploit like the vmsplice code, and then maybe executing "rm -R /" in a email attachment now is extremely low simply because people are too cautious about what they open and execute from their email.

Fast forward a couple of years, imagine that you have more users that are prone to opening email attachments like that. Now, with the vmsplice exploit, that vulnerability was patched only a couple of hours after proof-of-concept code came out, and well before any code could be written to actually exploit it, but what I'm envisioning is an environment where there could be a multitude of vulnerabilities like this circulating around simply because the increased effort involved in hackiing Linux at that point. Then, if the user base has expanded at that point to include more people that aren't so security cautious, it seems likely to me that more people will be effected. I mean, for one thing, imagine if down the road desktop-linux becomes popular and people just start running under root, like they do in Windows now, you wouldn't even need local root exploits in the scenario.

Now the real part I don't really have a strong opinion on is what that would do to the developing community. I think that it would probably make it pretty discouraging for developers trying to make it more secure, if it was so popular that there were even more hackers examining the same open source code in an effort to exploit it. In an essence, I suppose what I'm saying is that when it comes to developers current security strategies, they're fighting a dormant enemy; I'm just making my best guess as to what would happen if all of the sudden this enemy awoke in greater force and numbers.

But, yeah, it's kind of hard to predict such a thing, because if Linux had gotten to that point, then the more users also means more developers. I kind of find it hard to believe there would be more people that want to maliciously attack it than those that want to make it better. I think that will be the key difference between OSs that reach that popularity through closed source and those who reach it through open source. While Microsoft is fledged against an active enemy like I mentioned, they're limited by the fact that their source is closed and they're pretty much limited to the amount of developers they want to hire. If it were Linux in the future, there could be thousands of more developers that were able to contribute for free.


Oh, also, I know I must be really annoying when I do it: But any time someone complains to me about pirating Windows, I say, "Hey, Linux is free," and raise my eye-brows up and down. :P

[elija]

You're not a developer are you?

Most of us, especially those of us who love what we are doing and I figure
that most if not all Open Source developers fall into that category, take things
like that very personally.

I think the more bugs and exploits found, the more the developers will step up
to the plate to fix them.

[SagaciousKJB]

Quote:

Originally Posted by elija

You're not a developer are you?

Heh, is it really that obvious?

[Santa's little helper]

Quote:

Originally Posted by SagaciousKJB

Now the real part I don't really have a strong opinion on is what that would do to the developing community. I think that it would probably make it pretty discouraging for developers trying to make it more secure, if it was so popular that there were even more hackers examining the same open source code in an effort to exploit it.

No , it wouldn't make it discouraging , on the contrary the developers would love the challenge and the attention. (By attention I mean that more people would be studying their code.)

[SagaciousKJB]

Quote:

Originally Posted by Santa's little helper

No , it wouldn't make it discouraging , on the contrary the developers would love the challenge and the attention. (By attention I mean that more people would be studying their code.)

Well, I think it's probably a whole different argument, but if I were a developer, I think I would probably not like the attention if say, it was my code that had a vulnerability, and after a while I kind of wonder if the challenge would become far too tedious to be enjoyable.

That's just speaking for myself, though. :P

Though, that's not really 100% true. I have a program written for encryption, and I"ve been eagerly awaiting even the revelation of some security flaw, for someone to hack it, etc. just like you said for the attention to it and the challenge of it. However, I guess what I'm thinking, is that when it comes to things a little more serious, it wouldn't be as fun.

[Santa's little helper]

Quote:

Originally Posted by SagaciousKJB

Well, I think it's probably a whole different argument, but if I were a developer, I think I would probably not like the attention if say, it was my code that had a vulnerability, and after a while I kind of wonder if the challenge would become far too tedious to be enjoyable.

I wouldn't call correcting bugs enjoyable but I'm sure that every developer would like to be able to brag that they produced application XYZ which is bug free and their best chance to achieve such an ideal is as much people as possible using XYZ and studying the source. The only exception I can imagine is for developers who did such a piss poor job to begin with that it seems hopeless that they will ever be able to correct all the bugs. If incompetent developers get disheartened that's obviously a good thing

[Santa's little helper]

Quote:

Originally Posted by techieMoe

I'm not a lawyer either. My interpretations are just what I've gleaned off the internet and the few court cases that have upheld the GPL.

So there have been court cases involving GPL ? Do you have any more info ?

[SagaciousKJB]

Quote:

Originally Posted by Santa's little helper

If incompetent developers get disheartened that's obviously a good thing

Heh, I think we can all agree on that.

I wonder if more people would be really geeky if Linux was in the norm, or if Linux's geekiness would sort of mellow out... Or if it would just sort of assimilate, to the point where the "geeky" characteristics of Linux being normal. That seems most likely...

Damn, I can't wait until you can use "man" jokes at a social outing...

Speaking of which, is anyone else every amused when they type "man mount" or "man date"?