Linked by Thom Holwerda on Wed 21st Sep 2011 22:06 UTC, submitted by kragil
Windows After the walled garden coming to the desktop operating system world, we're currently witnessing another potential nail in the coffin of the relatively open world of desktop and laptop computing. Microsoft has revealed [.pptx] that as part of its Windows 8 logo program, OEMs must implement UEFI secure boot. This could potentially complicate the installation of other operating systems, like Windows 7, XP, and Linux.
Thread beginning with comment 490340
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Comment by OSbunny
by Alfman on Thu 22nd Sep 2011 10:22 UTC in reply to "RE[3]: Comment by OSbunny"
Alfman
Member since:
2011-01-28

lemur2,

"I repeat, it is not possible to put malware into a product using an open source development process."

I really don't want to make a fuss here, but this is the kind of overstated claim that does not take into account all of the possibilities. Could you use less absolute terminology, or at least more qualifiers?

Reply Parent Score: 7

RE[5]: Comment by OSbunny
by lemur2 on Thu 22nd Sep 2011 10:30 in reply to "RE[4]: Comment by OSbunny"
lemur2 Member since:
2007-02-17

lemur2,

"I repeat, it is not possible to put malware into a product using an open source development process."

I really don't want to make a fuss here, but this is the kind of overstated claim that does not take into account all of the possibilities. Could you use less absolute terminology, or at least more qualifiers?


I absolutely think you need to come up with some way that it would be possible, or even remotely feasible, before you start having a "holier than thou" go at someone else.

The whole point of open source is that it is a collaboration, a meritocracy. Lots of solutions are proposed and tried, and the best solution, as agreed by consensus amongst the community of developers, is adopted.

You come along and make an absolutely outrageous claim that this process can be corrupted by malware, in plain sight of everyone. You make this claim despite the fact that amongst thousands of open source projects across many years, it never has happened.

Then somehow you think I am the one who should pull my head in?

Unbelievable! Unmitigated gall. Utter balderdash.

Edited 2011-09-22 10:31 UTC

Reply Parent Score: 0

RE[6]: Comment by OSbunny
by Alfman on Thu 22nd Sep 2011 10:31 in reply to "RE[5]: Comment by OSbunny"
Alfman Member since:
2011-01-28

lemur2,

"I absolutely think you need to come up with some way that it would be possible, or even remotely feasible, before you start having a 'holier than thou' go at someone else.

The whole point of open source is that it is a collaboration, a meritocracy. Lots of solutions are proposed and tried, and the best solution, as agreed by consensus amongst the community of developers, is adopted.

You come along and make an absolutely outrageous claim that this process can be corrupted by malware, in plain sight of everyone.

Then somehow you think I am the one who should pull my head in?

Unbelievable! Unmitigated gall. Utter balderdash."


Holly crap!

Reply Parent Score: 2

RE[6]: Comment by OSbunny
by nonoitall on Thu 22nd Sep 2011 11:12 in reply to "RE[5]: Comment by OSbunny"
nonoitall Member since:
2011-09-22

An "open source project" typically has dozens, sometimes hundreds, of independent developers, in countries all over the world, pouring over the code.

Perhaps for massive projects like the Linux kernel. Not so for the tens of thousands of obscure projects where the majority of development takes place when the sole dev can steal away from his college courses and side job to hammer out a few lines of code over the weekend.

Useful malware would take many hundreds or thousands of lines of source code.

It takes less than a dozen LoC to pop up a link to the author's "You're system may be infected!!!" webpage (with included "Pay me $100 for a program to clean it up" link) in quite a few different programming languages. And not all malware is necessarily useful. It doesn't take too many LoC to delete every file in the user's home directory either.

You come along and make an absolutely outrageous claim that this process can be corrupted by malware, in plain sight of everyone. You make this claim despite the fact that amongst thousands of open source projects across many years, it never has happened.

Never say never. (Unless you've analyzed every open source project in existence yourself?) I certainly wouldn't suggest that it's likely that an open source project would be compromised. In fact, I feel much more comfortable using OSS software over closed source counterparts.

That's still not grounds to make the even more outrageous to claim that "it is not possible to put malware into a product using an open source development process" though. Anything is possible. The aforementioned college student, who is the sole developer of his software (used by 500 people and code reviewed by no one) could decide that he hates the world and include a keylogger in his next update. Is it really that inconceivable?

As far as technical ease goes, it's just as easy to put malware into an open source project as it is to put it into a closed source project. The open source case is just more likely to get caught if someone besides the malicious developer(s) is watching it. Again, I think OSS is awesome. But the phrase "not possible" was used incorrectly here. "Very unlikely without being caught" is better suited.

Back to the Windows 8 logo discussion... :-P

Reply Parent Score: 3