| |||||||||||||
|
| |||||||||||||
Choosing between portability and innovationChoosing between portability and innovationPosted Mar 3, 2011 15:03 UTC (Thu) by mezcalero (guest, #45103)In reply to: Choosing between portability and innovation by josephrjustice Parent article: Choosing between portability and innovation
It's really not so simple. You cannot claim: "by having N competing but mostly identical projects a bug can only be used to take down 1/Nth of the computers". It is more like: "by having N competing but mostly identical projects you increase the number of bugs in your system N times".
And if we had 10 competing implementations than we'd have 10x more bugs. That sounds pretty bad to me.
I think nourishing this kind of competition is a bad tool to combat computer insecurity. If you have a single well reviewed implemention I think you are much better off than having 10 badly reviewed ones.
(Log in to post comments)
Choosing between portability and innovation Posted Mar 3, 2011 17:05 UTC (Thu) by nix (subscriber, #2304) [Link]
If you have ten implementations you have ten different sets of bugs: nobody will be hit by all of them at once.
Your implicit claim that a single well-reviewed implementation can somehow be free of security holes, or indeed any kind of bug, is laughable on its face. I don't know of any software product of any kind that this has ever been true of (even TeX).
Choosing between portability and innovation Posted Mar 3, 2011 17:45 UTC (Thu) by martinfick (subscriber, #4455) [Link]
10 implementation may have 10 sets of bugs. But nothing prevents a bug from being in all 10 sets. Remember ping of death?
Choosing between portability and innovation Posted Mar 3, 2011 18:06 UTC (Thu) by nix (subscriber, #2304) [Link]
Well, yes, but that was in all descendants of a single implementation, wasn't it? (More relevant perhaps is cases where buggy algorithms have been implemented out of books into lots of unrelated programs.)
Choosing between portability and innovation Posted Mar 3, 2011 18:45 UTC (Thu) by martinfick (subscriber, #4455) [Link]
If windows inherited this bug from unix, I would say that there is just as good a chance that free unix implementations will inherit bugs from each other, if not a much greater one.
Choosing between portability and innovation Posted Mar 3, 2011 22:58 UTC (Thu) by nix (subscriber, #2304) [Link]
Linux, almost uniquely, didn't use the BSD TCP stack. Windows did (for a long time, if not anymore).
So, no, unless it was an algorithmic error Linux would not have inherited the ping of death (at least not *that* ping of death).
Choosing between portability and innovation Posted Mar 3, 2011 20:11 UTC (Thu) by jg (guest, #17537) [Link]
I think N being a small integer is useful. Stifling of innovation generally occurs when N=1.
N going to infinity (e.g. 10 and greater) is insanity...
We can argue about things in the middle...
Choosing between portability and innovation Posted Mar 6, 2011 12:53 UTC (Sun) by pjm (subscriber, #2080) [Link]
>If you have a single well reviewed implemention I think you are much better off than having 10 badly reviewed ones.
That sounds good in itself. However, your advocated position is to standardize on a kernel that's featureful and consequently full of bugs (despite having so many developers contributing to it), to the complete exclusion of any kernel with fewer bugs. That's not to say that your advocated position is a bad one; but I do believe it runs counter to a goal of combatting computer insecurity.
(Incidentally, if you really did think that 10× the number of bugs is such a bad thing, then I think you'd probably use a different kernel. But most people do use Linux even if they know it has lots of bugs, and would even if they knew it had 10× the number of bugs of some other unixy kernel, even for just one or two extra features important to them. Similarly, each of the N competing implementations presumably has one or two features or attributes not present in (and not feasible to add to) the others.)
and other featureful-but-buggy software .)
|
|
||||||||||||