Linux/Open Source and the WMF vulnerability.


Hi everyone,

No, I’m not implying that the Linux or Open Source community had ANYTHING to do with the exploits that have been released. Nor, am I implying that they are affected by this. I have no proof one way or another on either item. The title is meant to point out that both Linux and the Open Source community can use this to benefit and maybe get into the mainstream a little more.
How, I’m sure some people are thinking, can they do this? There are a few main (but surely not limited to) things that the community needs to do right now. If they’re able to accomplish these things, there’s a good chance that they can position themselves as a better contender. So what are these things, you’re asking. Here they are, in the order that I think they need to be done.

1. People need to go through every single line of code in the Linux Kernel, and then in the different programs that make up the usual distro installation. They need to find and fix every security hole and bug in it. It’s going to take time, but if they get the thousands of people who program and play with Open Source on it, they can get it done quicker. This is one of the disadvantages that Microsoft faces. They only have a small number of people who can (or are) looking at their code for bugs. Linux can (and should) have virtually everyone looking at it.

2. Once they have secured the code, the Linux Community needs to persuade some of the more mainstream software developers to port their applications over. Point out to them, that just because they’re porting it to an Open Source operating system, they don’t have to open their source (although it would be nice). They may have to open up portions that actually use code from the OS or other Open Source applications, but that’s it. Make those portions lib files, and open them up.

3. Get behind a small number of package installers (like debian, rpm, and others) and package your software in all of them. That way, end users who may not know anything about Linux or compiling programs can install them. This is one of the things that makes Windows more attractive…. People don’t need to know how to program or compile code, in order to install something. They just run an executable program, and it does the work for them. Some distros of Linux have this capability. Mainly, I’ve seen .deb and .rpm packages, but I’m sure there are others. Everyone needs to get behind the idea, and start using them.

4. Along with #3, if your package requires dependencies, then make sure that your package installs them. I tried out Xandros Linux, and that was one thing I hated. I was trying to install a program to rip CD’s into mp3’s so I could listen to them on my computer (NOT for public distribution). One of the programs required a certain library which I didn’t have. So, the installation aborted. Then, I tried to install the library. It required certain other programs and libraries to work, so the installation aborted. At that point in time, I decided to just go with one other program, which didn’t require all of the different installations. It worked out for me, but the average user will probably get frustrated. So, if you require something, make sure that your package gets it installed with as little user intervention as necessary.

5. If possible, get the distros to work on most of the older computers that are available. One report I read about the WMF vulnerability is that older versions of Windows may be infected, and Microsoft may not put out patches for them. If that happens, then Linux can position itself as a “what to do with that old computer.” operating system. Point out that it would be cheaper for them to upgrade the memory and put a free version of Linux on, then to try and upgrade the memory, and then purchase Windows XP Home or Pro. The end user may want to buy a new computer with Windows on it, but they should consider upgrading and putting Linux on the older computer– instead of tossing it in the trash. They may decide later on, to get rid of Windows altogether. They may not.

So, this is a “watershed” moment in a way for Linux and Open Source as well as older Windows users. Because one way or another, the older Windows users are realizing they can’t just keep using that version. They’ve got to upgrade, or they’re on their own. But, they also are realizing that their old computer won’t run the newer versions of Windows. So, what should they do with it? In that same token, the Linux and Open Source community is realizing that it’s in a perfect position to provide an alternative for that older computer. But, they need to do some work first. Get the security issues fixed (and other bugs) and then advertise it everywhere. “We’re safer then Windows, and we will work on that older computer with minor cost.”

It’s a “watershed” moment for the Open Source community in general, because there may be 100,000 different concepts out there for programs, but there aren’t 100,000 usable programs. So, people who are developing ideas (myself included) need to get something on the board. Either the pseudo-code and flowcharts for the program, or source-code. A running executable would be perfect. But, at least get something out for people to see. Someone else may be able to take your concept and put it into code. Or you may be able to take someone else’s concept and put it into code.

It’s a new year, and a new world. Let’s all take advantage of it. Who knows…. Even Microsoft may get into the game, and open up some of their products. Doubtful, but you never know. As I pointed out in a private newsgroup, Windows and Linux (Closed source programs and Open Source programs) could walk hand-in-hand, if only PEOPLE would let them. And, they should be walking hand-in-hand. If not, then eventually both will stagnate and die off.

Good luck everyone, and Happy New Year. Hopefully you’ll be able to keep your resolutions. 😉
Patrick.

Leave a comment

Your email address will not be published. Required fields are marked *