Keeping Open Source Safe
Written by Kay Ewbank   
Friday, 15 August 2014

While large open source software projects benefit from having thousands of people contributing, that openness also leaves them open to problems, as a recent spate of patches for the Linux kernel shows.

The Linux kernel is the granddaddy of open software projects; it’s the largest software project being written cooperatively and has thousands of conscientious developers working to improve it. The tricky bit is what happens if someone isn’t attempting to be helpful, but to actively (or possibly incompetently) harm it.

A case in point has been causing problems recently. A developer called Nick Krause has been sending lots of patches; unfortunately, none of them work. At first the other developers assumed he was just a not-very-good programmer, but the fact he’s been ignoring everything the other more experienced developers have told him makes it increasingly likely that his motive is malicious.

The main developers of the kernel have been remarkably patient with Krause’s patches, but their patience is increasingly running out; in response to Krause ‘apologizing’ for yet another non-working patch with a comment of “Seems I need to have tested this code first”, Dave Airlie replied:

“For all that is sacred, STOP.

Go and do something else, you are wasting people's valuable time,

Don't send any patches you haven't tested ever. If you aren't capable of setting up a VM to run compressed btrfs volumes in, what makes you think you can patch the code.”

More recent responses have been more irate, and the contributor's motives are increasingly being questioned. oN Dave Airlie suggested that Krause “sends random broken patches to random subsystems in the hope that one will slip past a sleepy maintainer and end up in the kernel.”

In a recent thread on lkml.org Theodore Ts’o pointed out that Krause has tried to insert non-working code into the ext4, btrfs, scsi, and usb subsystems and tried to come up with an explanation for his behavior. Among the suggestions is one from Airlie that Krause is trying to write a University Thesis on trolling the kernel development process. Other theories are that he's a badly written AI chatbot, or just a clueless high school student with more tenacity than one usually expects at that age. Or maybe he's trying to win a bet, or is trying to get extra credit or to complete some course assignment by getting a patch into the kernel.

Or maybe this is just the universe trying to demonstrate exactly how true the Dunning-Krueger effect really is.

Whatever the motives, the problem is slowing down the work of development, and shows that open source doesn’t necessarily mean angelic developers working for the common good. The fact that Krause’s code just doesn’t work makes its problems obvious; but raises the question - would better written but actually malicious code be as easy for the kernel team to spot?

 

Banner


Couchbase's Coding Assistant Goes GA
11/03/2024

Capella iQ, the AI coding assistant for developers that makes interacting with Couchbase using natural language possible, has gone from private beta to being generally available.



Microsoft Introduces SharePoint Embedded VSCode Extension
22/02/2024

Microsoft has released a preview version of a SharePoint Embedded Visual Studio Code extension, describing it as a new tool for developers who want to get started with SharePoint Embedded application  [ ... ]


More News

 

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Friday, 15 August 2014 )