[Leaplist] Why Open Source won't work on "Vista computers"

Chris Chris at NeptunePCTech.com
Wed Dec 27 01:56:26 EST 2006 

Phil Barnett wrote:

>On Tuesday 26 December 2006 19:56, Chris wrote:
>
>  
>
>>As much as I'd like to agree with you, because, well, I pretty
>>much always agree with you... I have misgivings.
>>    
>>
>
><snip of points that I don't necessarily disagree with>
>
>Building an operating system that refuses to be compromised because it can 
>only run trusted software is a good thing no matter where it comes from. 
>
>  
>
Fair, and true - partially. The presumption is that the trusted
software has some degree of quality and security to start
with - which is an area that MS doesn't shine at, and whose
deficiencies in this arena are at the root of the problems that
this solution pretends to address.

>We need a way in an operating system to determine what can run and what can 
>not run before the software than should not run shows up on the doorstep.
>
>  
>
While I agree on theological grounds, I have to ask - what
problems in FOSS does this solve? And is the cure worse
than the disease? Has Linux had, for example, buggy drivers?
You bet - does today. Buggy applications? Does today. So
what? Can I download and run a shell script that says
"rm -rf /"? Well, yeah. But if you prevent that, you also
prevent the ability to download and run a script or program
that solves a problem - unless the author has jumped through
the trusted hoops. Unless I'm missing something glaring,
which, given the amount of brain cells I've lost at Grateful
Dead concerts, is a very real possibility.

There are more than a couple of flys in this soup. The first
is pragmatic. Who decides? Someone has to certify that
a piece of software be deemed trustworthy. Who? Redhat?
Novell? Linus? A yet-to-be-created blue ribbon panel? And
what criteria are used to establish eligibility for certification?
Or does each distro establish it's own certification, which
would be a nightmare for those seeking certification. MS
can pull this off - they're a monolith. Linux is the hydra -
the multi-headed beast that will not die, and will not be
tamed. The diverse tributaries that fuel Linux are it's
strength -  but also make implementing something like
this a serious challenge. I don't think Debian, for example,
would certify things the same way as Mandriva.

Fly number two doing the backstroke is this - what hardware
or software developer is going to go through the expense
of certification for Linux? And why would they? It's just one
more reason not to even develop for FOSS. Are we really
big enough that we can demand Adobe get certified as
trustworthy on a platform they can barely be bothered
with today?

>What remains to be seen is who can do it. We often blame Microsoft for things 
>they haven't done yet because it fits their MO. There's no question about 
>that. I believe that MS is fully capable of blowing their lower torso off 
>while trying to attempt this.
>
>  
>
I don't doubt that Microsoft can do it. I just doubt that it will
do any good if they persist in certifying their own buggy
software. Which they undoubtedly will. Locking your liquor
cabinet, then handing Ted Kennedy the keys doesn't really
achieve the desired effect.

On the FOSS side, I don't know. It may be technically achievable,
but I kind of think it's a cure in search of a disease. What's been
the real effect of all this untrustworthy stuff running on Linux?
I know that there are those in the kernel community who want
to certify components, but my understanding is that this is
mostly due to beliefs about licensing - beliefs Linus apparently
doesn't share.

>The question is: Who will have control of this capability? Can I as the SA 
>override 100% of the defaults? If I can, then it's not a bad system. If I 
>can't, it's extortion.
>
>  
>
Time will tell, and all we can do, as I pointed out to a couple
of members regarding the Novell/MS drama, is speculate
until events unfold.

But I don't see MS stamping certification on it's own bad
software as helping anyone but MS - and I'm seriously ignorant
of any clear and present threat in the FOSS world that this
would deal with. So, I guess I'm saying I really appreciate
being able to discuss this with someone with a clear perception
that an argument is a civilized discourse, not a fight, and I'm
grateful for your time in countering my points, which hopefully
make up in sincerity any deficits in cluefullness they may have.

Cheers,

Chris

More information about the Leaplist mailing list