Originally posted by Luke_Wolf
View Post
Announcement
Collapse
No announcement yet.
FSF Issues Statement On Shellshock Bash Vulnerability
Collapse
X
-
Originally posted by steveriley View PostHm...here on Ubuntu 14.04 it would appear otherwise...
Code:steve@t520:~$ [B]cat /sbin/dhclient-script[/B] #!/bin/bash # Explicitly set the PATH to that of ENV_SUPATH in /etc/login.defs and unset # various other variables. We need to do this so /sbin/dhclient cannot abuse # the environment to escape AppArmor confinement via this script # (LP: #1045986). This can be removed once AppArmor supports environment # filtering (LP: #1045985) export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin export ENV= export BASH_ENV= export CDPATH= export GLOBIGNORE= export BASH_XTRACEFD= ...
Comment
-
Originally posted by Luke_Wolf View PostAFAIK dash is linked to /bin/sh but bash is still the default login shell for debian and ubuntu
What is sh? Let's look:
Code:steve@t520:~$ [B]ls -al /bin/sh[/B] lrwxrwxrwx 1 root root 4 May 10 12:46 /bin/sh -> dash
What is the login shell? Let's look:
Code:steve@t520:~$ [B]ps -p $$[/B] PID TTY TIME CMD 9972 pts/1 00:00:00 bash
Comment
-
Good points, Luke_Wolf! But we really can't be entirely sure what led to Linux's widespread adoption. As for your points, they might not be so strong:
Originally posted by Luke_Wolf View Post1). Linux was first to market in terms of a freely and publicly available open source UNIX-like kernel on the internet
Originally posted by Luke_Wolf View Post2). The AT&T vs Berkeley CSRG lawsuit, this lawsuit created legal uncertainty about BSD during a key period of adoption and while the case was eventually settled in Berkeley's favor, it set BSD back enough that Linux was able to remove much of BSD's edge against it.
Originally posted by Luke_Wolf View Post3). Red Hat, and to a much lesser degree SUSE. These two companies are responsible for the successful commercialization of Linux, and the creation of the support industry that built up around them. This caused Linux to establish itself in enterprise and everything else has trickled down from there.
So, bottom line is that there are probably many factors leading to the success of Linux. There was definitely a need for a new Unix-like OS that was unencumbered by the uncertainties of the past (both a kernel and a userland were needed). There was the enthusiasm that Torvalds himself attracted as a person: as a talented, committed upstart, and as an increasingly mature project manager, who seemed to understand very well the challenges of a dispersed programming community. He inspired confidence.
But, I would argue still that the license was a crucial factor. Part of the uncertainty with the BSDs, and the idea of "open source", was that hard work would be stolen. Even if it was merely pyschological, the GPL gave individual programmers and companies (RedHat) a boost of confidence that their efforts would remain free.
The jury is still out (literally!) as to whether the GPL can really be enforced to do what it intends to do. But, more than a legal document, it is a social one. It changed people's opinions as to what is possible, and moved the idea of FLOSS out of the nerd's den and into the world.
Stallman, by the way, is not such a fundamentalist freak. He's on record many times (read the GNU FAQ) that he's not opposed BSDs or the "open source" movement, he just didn't see them as capable of making the socioeonomic changes he was hoping for. If social structures were different, the GPL would not be necessary at all, and he's totally fine with that, because only the end result is the only thing that's important. He always, always keeps his eye on the ball. But we're not ready at all to get rid of the GPL quite yet: see what Apple is doing with BSD software, see how hard it is for the free software community to work with NVIDIA (Torvalds' famous "finger" to them...), see the issue of DRM and "Tivoization" that GPL3 tries to address. We still have a long way to go, and we still need GNU.
Comment
-
Originally posted by emblemparade View PostGood points, Luke_Wolf! But we really can't be entirely sure what led to Linux's widespread adoption.
Originally posted by emblemparade View PostYes, but it took a very long time until it started to be taken seriously. And of course there was MINIX, which Torvalds was playing with at the time. We both didn't mention it, but Torvalds' little OS of course needed a userland: he could have used the BSD userlands, but then of course we have the issue of your next point. So, the fact that there was an alternative, clean-room written userland -- GNU -- free from the taint of AT&T code, was crucial.
Although the "Taken Seriously" aspect of things is also an interesting historical point. BSD at the time had a serious reputation, whereas Linux was just that hobby project that some guys were doing. This would have meant that if it had won instead of Linux that Microsoft et al couldn't have just pretended that it didn't exist. At the same time it also meant that the fact that Linux won out is all the more incredible, and how that broke down is something I need to research more into.
Originally posted by emblemparade View PostThis does seem very important. However, Torvalds' little OS had similar concerns, and was plagued with uncertainty from the very begginning. It seemed risky for vendors to invest in it, and indeed most stayed away. The worst moment was Ken Brown's report (2004), funded by Microsoft, claiming that some of Linux's intellectual property actually belonged to the MINIX programming community, making the copyright/copyleft claims invalid. This has been thoroughly debunked, but still caused damage. In spite of all this, Linux succeeded. So, why didn't the BSDs succeed under the same uncertainty? I don't have an answer: I'm just saying that this factor may not be so crucial. Another example is the legal concerns surrounding Qt for so many years, that still didn't stop its wide-spread adoption on so many platforms.
AFAIR Qt has never had any lawsuits surrounding it, and it didn't have so much legal issues as license issues in that Qt was originally released under a license that wasn't palatable to Stallman, Miguel de Icaza and a few other key figures, which led to the creation of GNOME and GNOME absconding with GTK, and those license issues eventually got resolved and Qt has been winning back market share on it's technical merits, and more importantly it's API stability while GTK3 was undergoing a lot of churn.
Originally posted by emblemparade View PostYes! But there's a chicken-and-egg problem: they invested in Linux because Linux was already proving successful. Why didn't they choose BSDs?
That said BSDi (now iXSystems) has been growing and thus able to begin to push FreeBSD to develop faster, but it's still no Red Hat (yet...)
Originally posted by emblemparade View PostSo, bottom line is that there are probably many factors leading to the success of Linux. There was definitely a need for a new Unix-like OS that was unencumbered by the uncertainties of the past (both a kernel and a userland were needed). There was the enthusiasm that Torvalds himself attracted as a person: as a talented, committed upstart, and as an increasingly mature project manager, who seemed to understand very well the challenges of a dispersed programming community. He inspired confidence.
Originally posted by emblemparade View PostBut, I would argue still that the license was a crucial factor. Part of the uncertainty with the BSDs, and the idea of "open source", was that hard work would be stolen. Even if it was merely pyschological, the GPL gave individual programmers and companies (RedHat) a boost of confidence that their efforts would remain free.
On the other hand would Linux have had a better chance under a permissive license?... probably not, and unlike with BSD there's a very valid argument that it being copyleft gave it a certainty about things to help give confidence in an unproven hobbyist project.
Overall it's something of a wash in my opinion, I will readily concede that it may have been a factor to Linux's success but I don't see it as as big of a factor as people make it out to be and it certainly wasn't the only one in play.
Originally posted by emblemparade View PostThe jury is still out (literally!) as to whether the GPL can really be enforced to do what it intends to do. But, more than a legal document, it is a social one. It changed people's opinions as to what is possible, and moved the idea of FLOSS out of the nerd's den and into the world.
Of course you also had Apache which was literally A-Patchy web server in reference to it's open source nature, and so on. I think that Apache, BSD, and Linux, were all just as important as GNU/FSF in shifting open source out into the world.
Originally posted by emblemparade View PostStallman, by the way, is not such a fundamentalist freak. He's on record many times (read the GNU FAQ) that he's not opposed BSDs or the "open source" movement, he just didn't see them as capable of making the socioeonomic changes he was hoping for. If social structures were different, the GPL would not be necessary at all, and he's totally fine with that, because only the end result is the only thing that's important. He always, always keeps his eye on the ball. But we're not ready at all to get rid of the GPL quite yet: see what Apple is doing with BSD software, see how hard it is for the free software community to work with NVIDIA (Torvalds' famous "finger" to them...), see the issue of DRM and "Tivoization" that GPL3 tries to address. We still have a long way to go, and we still need GNU.
23.6.1 Why GNU su does not support the ‘wheel’ group
(This section is by Richard Stallman.)
Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn't know how to do that in Unix.)
However, occasionally the rulers do tell someone. Under the usual su mechanism, once someone learns the root password who sympathizes with the ordinary users, he or she can tell the rest. The “wheel group” feature would make this impossible, and thus cement the power of the rulers.
I'm on the side of the masses, not that of the rulers. If you are used to supporting the bosses and sysadmins in whatever they do, you might find this idea strange at first.
I don't know about you but that kind of behavior and philosophy is not that of one I want in charge of the building blocks for an OS that I'm running. In fact I'm willing to take less features to avoid it.Last edited by Luke_Wolf; 28 September 2014, 04:55 AM.
Comment
-
Originally posted by Luke_Wolf View Postor in short, he seems to believe that anyone should be able to do anything on any computer system that they want. Apparently he does things like having a blank password to this end, and I'm sure we've all heard his MIT password story where he hacked into the password system to learn everyone's passwords and went about convincing them to all not use one. There's also a statement by him somewhere (I believe it was in reference to the GCC) about how he puts his personal philosophy first, and things like code quality are an afterthought.
Stallman just has priorities. He doesn't say that software quality is not important, just that given the choice between free software that does the job and non-free software that does the job a bit better, he would always choose freedom. I think Stallman is especially annoyed by obsession over performance: his mission is to constantly remind us what our real priorities should be. I'm glad he's around! I compromise my freedom all the time (not only in software), but it's good to remember that I am, and that I make a conscious and deliberate choice after considering the very real consequences.
In many ways, quality had to be a low priority in the early days of GNU: very few people were working on it, and the enormous challenge was just to create something that works as a complete OS. Optimization could happen later. By the way, MINIX has retained that philosophy: it still places performance as one of its lowest priorities. It's generally a good idea to have clear goals and priorities: that's how you make a project succeed, rather than wallowing in rewrites and refactors forever...
Comment
-
Some more points while I'm thinking about it more as to why BSD has stayed down- Canonical, while I don't buy that they brought in as many people vs those who would have come in normally as they claim, as they didn't exactly advertise outside of what were already OSS contexts. Canonical did massive evangelization *inside* the OSS community to the point where it became the face of Linux and arguably of open source. Their CD programs along those lines were particularly important in an era where the internet was slow, and dial-up was still commonplace. Ultimately Canonical managed to grab a mindshare at the cost of everyone else.
- The "If we build it, they will come" mindset of most OSS projects, including the BSDs and most Linux distros means that you have to know to go looking for them, particularly when you've got a loud noisy group like the Ubuntu people drawing all of the attention. Red Hat and SUSE only really care about the enterprise market, and basically own it and so couldn't care less what Canonical is doing in the hobbyist space. What this means is that a project can't just sit there and expect to win, if they want to break into enterprise they have to fight Red Hat and SUSE, and if they want to break into the hobbyist market they have to take on Canonical. The BSDs (and for that matter most other linux distros) haven't been doing that.
- The BSDs up until 2006 didn't have a preconfigured distro for desktop users (PC-BSD), which meant that they were naturally limiting their target audience to the more hardcore geeks and sys admins, much the same as Gentoo and Arch do.
- While PC-BSD is doing a lot to solve the previous point, only in the past few years has it realized what it has to do and it's still working on getting there, however it's going to need a lot of work and polish. That said the direction and approach they're taking could in my opinion lead to a BSD renaissance (at least once FreeBSD catches up on hardware support)
- While ports are cool, BSD package management has until recently been absolute garbage. PBIs were there to work around it yes, but pkgng finally gives the overall system modern package management. I have no doubt in my mind that this has held them back
- BSD has lagged hard on modern graphics support, although this is in many respects a manpower issue, the BSDs are only now beginning to catch up to where Linux is, and they're still a long way off.
- The BSDs also seem to be lagging on wifi support, Broadcom AFAICT for instance appears to be completely unsupported
- Linux is wildly popular in the tech media whereas rarely anybody talks about BSD, that said the FreeBSD Foundation, iXSystems and a couple other organizations are beginning to do their own magazines to work on this problem.
In 5-6 years will BSD finally be a serious contender against Linux in terms of mind/market share? I don't know, but because they're finally working on solving some of their most pressing issues preventing them from being so, they have a chance. Just as Linux has a chance at finally competing against Windows over the next few years due to Valve. Regardless, the future will be very interesting over the next few years as we're entering another critical segment in open source history.
Comment
-
Originally posted by Luke_Wolf View PostIn 5-6 years will BSD finally be a serious contender against Linux in terms of mind/market share? I don't know, but because they're finally working on solving some of their most pressing issues preventing them from being so, they have a chance.
BSD has been "working" on their most pressing issues for 20 years now and still couldn't solve them with Linux did. Actually, They're focusing their time of things that are a wasting of time such as replacing GPL tools with under performing BSD written tools instead of contributing back and integrating with Linux, creating "Libre"SSL instead of fixing OpenSSL, using their crappy tcsh or pdksh instead of helping bash and worst of all, re-inventing systemd utilities instead of porting systemd and making it better and contributing back.
Just as Linux has a chance at finally competing against Windows over the next few years due to Valve. Regardless, the future will be very interesting over the next few years as we're entering another critical segment in open source history.
Some more points while I'm thinking about it more as to why BSD has stayed down- Canonical, while I don't buy that they brought in as many people vs those who would have come in normally as they claim, as they didn't exactly advertise outside of what were already OSS contexts. Canonical did massive evangelization *inside* the OSS community to the point where it became the face of Linux and arguably of open source. Their CD programs along those lines were particularly important in an era where the internet was slow, and dial-up was still commonplace. Ultimately Canonical managed to grab a mindshare at the cost of everyone else.
- The "If we build it, they will come" mindset of most OSS projects, including the BSDs and most Linux distros means that you have to know to go looking for them, particularly when you've got a loud noisy group like the Ubuntu people drawing all of the attention. Red Hat and SUSE only really care about the enterprise market, and basically own it and so couldn't care less what Canonical is doing in the hobbyist space. What this means is that a project can't just sit there and expect to win, if they want to break into enterprise they have to fight Red Hat and SUSE, and if they want to break into the hobbyist market they have to take on Canonical. The BSDs (and for that matter most other linux distros) haven't been doing that.
- The BSDs up until 2006 didn't have a preconfigured distro for desktop users (PC-BSD), which meant that they were naturally limiting their target audience to the more hardcore geeks and sys admins, much the same as Gentoo and Arch do.
- While PC-BSD is doing a lot to solve the previous point, only in the past few years has it realized what it has to do and it's still working on getting there, however it's going to need a lot of work and polish. That said the direction and approach they're taking could in my opinion lead to a BSD renaissance (at least once FreeBSD catches up on hardware support)
- PC-BSD has been "solving" these problems and "polishing" since 2006 (8 years) and has only made things worse. I know this because I tried out PC-BSD on a regular basics. And their project management is a failure and lately, they can't even decide on what type of release and development style they will go with. Bad decisions are made. lately with PC-BSD 10, they actually removed PBIs. Now when you use app-cafe, you are just using GUI front-end to the crappy PKGNG. They still call it PBIs because that is whats keeping their shrinking user base from going to 0 in 24 hours.
- Please look at link again, there is not going to be any BSD renaissance. Renaissance is brought about by new ideals, invention, innovation and adapting to change all of which BSD is opposite to so BSD and renaissance are contradictory. it impossible to have a BSD renaissance. Rather according to w3techs, there will be BSD extinction.
- Oh please. Hardware advancement progresses faster then BSD could catch up with hardware. BCM4313 and RTL8188CE have existed for years but there's still not BSD driver.
- While ports are cool, BSD package management has until recently been absolute garbage. PBIs were there to work around it yes, but pkgng finally gives the overall system modern package management. I have no doubt in my mind that this has held them back
- Ports are not cool. They are a waste of time using. That's a fact.
- Correct, BSD package management was garbage and today it still is with pkgng
- PKGNG is slower then yum or apt-get, it too often removes dependencies that are needed, updates too often results in conflicts caused by the fact that PKGNG cannot recognized that XY-1.5 is an updated version of XY-1.0 not a different software with the same binaries, a pain to configure, infexible (YX-1.2 cannot be installed because you have DF-1.1 not DF-1.2) and worst, /var/db/pkg/database.sqlite gets corrupted by simply doing pkg update (happens regularly on DragonflyBSD).
- BSD has lagged hard on modern graphics support, although this is in many respects a manpower issue, the BSDs are only now beginning to catch up to where Linux is, and they're still a long way off.
- The BSDs also seem to be lagging on wifi support, Broadcom AFAICT for instance appears to be completely unsupported
- Linux is wildly popular in the tech media whereas rarely anybody talks about BSD, that said the FreeBSD Foundation, iXSystems and a couple other organizations are beginning to do their own magazines to work on this problem.
Many people mistake the BSD developer theo de Raadt's hyperactive for brilliance and his obsession with crapware for competency. In truth, He and other BSD jerks/devs are mediocre programmers who can never innovate only initiate just like their master Apple. Remember USL vs BSDi? USL sued the crap out of BSD and they had to rewrite their code.
As the great Linus Torvalds said:
I think the OpenBSD crowd is a bunch of masturbating monkeys, in that they make such a big deal about concentrating on security to the point where they pretty much admit that nothing else matters to them
I claim that Mach people (and apparently FreeBSD) are incompetent idiots.
Comment
-
Originally posted by endman View Post*SNIP*
Originally posted by W3TechsLinux 54.9%
BSD 1.4%
Darwin less than 0.1%
HP-UX less than 0.1%
Solaris less than 0.1%
Unknown 43.6%
BSD has at least 1.4% of the market up to ~Half (45%)
and the same statement as BSD for the rest of the options including the unmentioned AIX
Comment
-
Originally posted by chuckula View PostAll I see is a bunch of political spin about how having GPL3 somehow magically fixes Bash. Well, any other even semi-open source license would be just as effective. They also don't mention that this bug *was in Bash for 25 years* and publicly available to organizations like the NSA/Russian mob/Chinese Govt./etc. who could easily exploit it without going out of their way to be nice and tell the rest of us about the issue.
Comment
Comment