Re: Doh

Forums » Do you run a Movabletype blog? » Doh


Share Topic:	RSS topic:	toggle: flat / full normal / watch	Post a:	Post a:

What I want to know »
« What the spamers deserve.

DSLDUDE Got The Folding Farm Itch Premium join:2002-01-07 Norcross, GA clubs:	Re: Doh said by Theo2002 : Who's to blame more, the lazy programmers or the "ingenious" spammers? Hard to call them lazy when they post their software free for public use. I don't care if it had 100 security flaws, if it's FREE, then one should not complain... -- »www.fnort.com
	permalink · 2003-11-26 18:50:14 ·

RadioDoc 58ef2c0 Premium,ExMod 2000-03 join:2000-05-11 ·AT&T Midwest 1 edit	Re: Doh said by DSLDUDE : I don't care if it had 100 security flaws, if it's FREE, then one should not complain... Tell that to the thousands of Internet Explorer complainers... Seems like any mechanism which allows what is essentially an open relay is a horrible idea in this day and age, no matter what it costs.
	permalink · 2003-11-26 19:12:50 ·

koitsu Premium join:2002-07-16 Mountain View, CA	The fact something is free doesn't automatically void the authors from being responsible for flaws in their code. Open-source should NOT be used as a way for programmers to get around having to take responsibility for something they've created. The more it becomes such, the more crap software we're going to see in times to come. -- Making life hard for others since 1977.
	permalink · 2003-11-26 21:57:43 ·

justin Australian join:1999-05-28 Brooklyn, NY	Re: Doh who says they are not being responsible? seems to me, they take at least as much an interest in a quick fix as any for-cash software company does. And try asking microsoft or oracle for damages when their software has a problem!
	permalink · 2003-11-26 22:17:13 ·

koitsu
Premium
join:2002-07-16
Mountain View, CA

In the case of the MT folks, they've been generally pretty responsible when it comes to providing patches and being up-front with users about the impact of bugs or security flaws. It's good to see that some open-source developers still believe in taking responsibility for their code.

My statement was more general than it was specific to the MT authors; the majority of my experiences with OSS authors has been "since we give you the code, you can fix the problem yourself." It's that kind-of excuse which makes me wonder how many people live in hobbit holes...
--
Making life hard for others since 1977.

permalink · 2003-11-26 22:26:05 · Print ·

justin Australian join:1999-05-28 Brooklyn, NY	Re: Doh really? that doesn't sound like any OSS projects I can imagine. Are you sure you are not confusing requests for features you want, which may of course be ignored, with notification of important bugs and security problems?
	permalink · 2003-11-26 23:07:09 ·

koitsu
Premium
join:2002-07-16
Mountain View, CA

Re: Doh

I've spent too many years working with OSS to confuse the two. The response I speak of I've received from members of the Apache team (re: RFC931/1413 flaw which could lead to a buffer overflow and still exists today, re: zombie processes caused on many systems in 1.3.29), developers of SpamAssassin (re: spamd leaving zombie processes around on BSD systems), BIND 8.x (re: potential security hole: zone transfer tempfiles put in main root dir only when using key-based authentication, requiring the daemon to have full rwx access to /etc/namedb, rather than putting them in the appropriate zone directory from each zone directive), GNU screen (re: code checking for ~/.nethackrc despite "nethack off" being specified in .screenrc), PHP 4.x (re: returning status code of 200 regardless of what Apache says is a legitimate command; still exists today), FreeBSD sendmail updates (re: expanding etc/mail/Makefile to support sendmail's "cidrexpand" script so one can use CIDR notation in etc/mail/access; this is more of a feature, but the response was a real let-down) and numerous other mainstream applications.

I've been trying to keep a list of all the issues I've reported which go either unresponded to or illicit the standard "You have the source, fix it yourself" response, but I run into stuff too often to maintain a coherent list...

I'm just one guy with very interesting experiences with the OSS community, most of them negative. But it still warms my heart (honestly) when I see an OSS developer step in and say "Thanks for reporting this! I'll provide and commit a patch in a few minutes," or simply push out a new release.

Anyways, without getting too off track, my point is that peoples' responsibilities shouldn't be nullified whether or not the application is free or commercial.
--
Making life hard for others since 1977.

permalink · 2003-11-26 23:38:44 · Print ·

Rambo76098

join:2003-02-21
Pataskala, OH

said by justin :
who says they are not being responsible? seems to me, they take at least as much an interest in a quick fix as any for-cash software company does. And try asking microsoft or oracle for damages when their software has a problem!

Yeah but the last time i checked this was free and all the microsoft products i have i paid out my ass for. If im paying as much as i did for windows or office then im expecting it to be a good, quality, error free program(which windows is not!) but if something is free i will be happy if it works at all b/c i paid nothing for it and as long as my comp is not damaged or compromised, then i could care less.

permalink · 2003-11-28 21:24:06 · Print ·

your comment..

Forums » Do you run a Movabletype blog?

What I want to know »
« What the spamers deserve.


Thursday, 10-Dec 18:17:50	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF