Not bitten (that I can tell yet). Patched with the second round of bash package updates. Good to see that Slackware released patches back to 13.0 were released around 2 pm CST. That would have saved me a bit of time fussing if Debian / Ubuntu was that fast :-) They did come in a close second at around 4:50 pm CST, but a one man shop should probably come in second. Just kidding, I realize he has minions dedicated to testing. I appreciate all the folks doing the heavy lifting and discussions today as well. Hated that the mess existed, but loved the response and frank discussions of the patches - all in the open !!!.
Thu Sep 25 19:55:13 UTC 2014 a/bash-4.3.025-i486-2.txz: Rebuilt. Patched an additional trailing string processing vulnerability discovered by Tavis Ormandy. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 (* Security fix *) ap/lxc-1.0.6-i486-1.txz: Upgraded. Fixed bash completion file. Thanks to dunric.
Thu Sep 25 21:50:16 UTC 2014
bash (4.1-2ubuntu3.2) lucid-security; urgency=medium * SECURITY UPDATE: incomplete fix for CVE-2014-6271...
A Generation Lost in the Bazaar
Quality happens only when someone is responsible for it.
Thirteen years ago, Eric Raymond's book The Cathedral and the Bazaar (O'Reilly Media, 2001) redefined our vocabulary and all but promised an end to the waterfall model and big software companies, thanks to the new grass-roots open source software development movement. I found the book thought provoking, but it did not convince me. On the other hand, being deeply involved in open source, I couldn't help but think that it would be nice if he was right.
The book I brought to the beach house this summer is also thought provoking, much more so than Raymond's (which it even mentions rather positively): Frederick P. Brooks's The Design of Design (Addison-Wesley Professional, 2010). As much as I find myself nodding in agreement and as much as I enjoy Brooks's command of language and subject matter, the book also makes me sad and disappointed. ...
"there is no escaping that the entire dot-com era was a disaster for IT/CS in general and for software quality and Unix in particular."
Bold words. I'm not sure I would go that far. Except if I were talking about PHP. >:-P
Ford ][ would be eating that article up.
As examples of "lost in the bazaar" he cites:
* All of the baristas-turned-web-developers during the Dot Com Boom
* The FreeBSD ports tree
He conveniently leaves out all of the places where quality is present because someone is paying attention to it, or even better, because there are customers paying for it (Red Hat, Oracle, etc).
The comments were more fun than the "get off my lawn" article.
Definitely that was a lot of "get off my lawn", but he might as well have been talking about Red Hat or Ubutu or Debian instead of the freebsd ports, because the Linux userland is *exactly the same source base as* the FreeBSD ports tree. And it has many of the same dependency hell problems.
From the outside looking in ( I haven't written Windows code since toy projects in high school ) it actually looks like Windows might have ended up getting more things right (except for their appalling filesystem semantics) than Linux did, because Linux grew by accretion and Windows was kinda sorta architected.
He conveniently leaves out all of the places where quality is present
because someone is paying attention to it, or even better, because
there are customers paying for it (Red Hat, Oracle, etc).
But see he wasn't talking about the freebsd ports tree, he was talking about the upstream sources that feed into that. And now you're coming along and saying "don't worry, Red Hat will put lipstick on it."
That sounds like "no one is worrying about quality control except for the people who are paid to be responsible for quality control."
The QA toons are paid to find bugs (can we pay them by the bug? I digress.) They are not paid to ensure quality in the sense he was talking about.
It is very good at what it was designed for, which is to pad salaries of ops.
Well yes, there is that. It pains me to see a bunch of paper tigers insisting that you need half a dozen servers to provide email to a group of 100 people, because that's what they were told was "best practice." And then it has regular outages and they all blame each other.
This is not an exaggeration; I speak from direct experience. The environment in question ran Citadel for nearly seven years without a single outage. So you have a system built by hobbyists in our spare time, with quality that greatly exceeds an expensive system built by thousands of highly paid developers and QA people.
So I'm going to come to a different conclusion. Quality happens when someone is thinking about quality. It happens when delivering something that works properly is held as a higher priority than delivering something that has an ever-growing feature set. I believe that this can happen in the cathedral or in the bazaar.
Wearing my pointy-haired toupee for the moment... part of my responsibilities are tending toward team lead these days. So I think: quality happens if you lecture the junior devs until their ears bleed. ( I try to be a bit nicer about this than it sounds. ) That's more cathedral than bazaar though.
Imagine that... me, responsible.
Heh... team lead... lead developer... we're all growing up.
As long as they're legitimate competition, I'm okay.
If their supposed to be on the same team, I need to find a smaller team.
Meh... I haven't had too many dealings with those types, because I don't get hired to work in environments like that. Possibly because I'm viewed as a threat.