Keeping Open Source Safe
Written by Kay Ewbank   
Friday, 15 August 2014

While large open source software projects benefit from having thousands of people contributing, that openness also leaves them open to problems, as a recent spate of patches for the Linux kernel shows.

The Linux kernel is the granddaddy of open software projects; it’s the largest software project being written cooperatively and has thousands of conscientious developers working to improve it. The tricky bit is what happens if someone isn’t attempting to be helpful, but to actively (or possibly incompetently) harm it.

A case in point has been causing problems recently. A developer called Nick Krause has been sending lots of patches; unfortunately, none of them work. At first the other developers assumed he was just a not-very-good programmer, but the fact he’s been ignoring everything the other more experienced developers have told him makes it increasingly likely that his motive is malicious.

The main developers of the kernel have been remarkably patient with Krause’s patches, but their patience is increasingly running out; in response to Krause ‘apologizing’ for yet another non-working patch with a comment of “Seems I need to have tested this code first”, Dave Airlie replied:

“For all that is sacred, STOP.

Go and do something else, you are wasting people's valuable time,

Don't send any patches you haven't tested ever. If you aren't capable of setting up a VM to run compressed btrfs volumes in, what makes you think you can patch the code.”

More recent responses have been more irate, and the contributor's motives are increasingly being questioned. oN Dave Airlie suggested that Krause “sends random broken patches to random subsystems in the hope that one will slip past a sleepy maintainer and end up in the kernel.”

In a recent thread on lkml.org Theodore Ts’o pointed out that Krause has tried to insert non-working code into the ext4, btrfs, scsi, and usb subsystems and tried to come up with an explanation for his behavior. Among the suggestions is one from Airlie that Krause is trying to write a University Thesis on trolling the kernel development process. Other theories are that he's a badly written AI chatbot, or just a clueless high school student with more tenacity than one usually expects at that age. Or maybe he's trying to win a bet, or is trying to get extra credit or to complete some course assignment by getting a patch into the kernel.

Or maybe this is just the universe trying to demonstrate exactly how true the Dunning-Krueger effect really is.

Whatever the motives, the problem is slowing down the work of development, and shows that open source doesn’t necessarily mean angelic developers working for the common good. The fact that Krause’s code just doesn’t work makes its problems obvious; but raises the question - would better written but actually malicious code be as easy for the kernel team to spot?

 

Banner


Visual Studio 14 Another Preview
13/10/2014

CTP 4 for the forthcoming Visual Studio 14 is now available and so is the TypeScript 1.1 CTP.



Become A Web Developer With Udacity
01/10/2014

Last week Udacity opened its classroom doors on Front-End Web Developer, its first nanodegree. This credential, which is estimated to take six to nine months to complete at a cost of $200 per month, i [ ... ]


More News

 

blog comments powered by Disqus

Last Updated ( Friday, 15 August 2014 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2014 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.