Keeping Open Source Safe |
Written by Kay Ewbank |
Friday, 15 August 2014 |
While large open source software projects benefit from having thousands of people contributing, that openness also leaves them open to problems, as a recent spate of patches for the Linux kernel shows. The Linux kernel is the granddaddy of open software projects; it’s the largest software project being written cooperatively and has thousands of conscientious developers working to improve it. The tricky bit is what happens if someone isn’t attempting to be helpful, but to actively (or possibly incompetently) harm it. A case in point has been causing problems recently. A developer called Nick Krause has been sending lots of patches; unfortunately, none of them work. At first the other developers assumed he was just a not-very-good programmer, but the fact he’s been ignoring everything the other more experienced developers have told him makes it increasingly likely that his motive is malicious. The main developers of the kernel have been remarkably patient with Krause’s patches, but their patience is increasingly running out; in response to Krause ‘apologizing’ for yet another non-working patch with a comment of “Seems I need to have tested this code first”, Dave Airlie replied: “For all that is sacred, STOP. Go and do something else, you are wasting people's valuable time, Don't send any patches you haven't tested ever. If you aren't capable of setting up a VM to run compressed btrfs volumes in, what makes you think you can patch the code.” More recent responses have been more irate, and the contributor's motives are increasingly being questioned. oN Dave Airlie suggested that Krause “sends random broken patches to random subsystems in the hope that one will slip past a sleepy maintainer and end up in the kernel.” In a recent thread on lkml.org Theodore Ts’o pointed out that Krause has tried to insert non-working code into the ext4, btrfs, scsi, and usb subsystems and tried to come up with an explanation for his behavior. Among the suggestions is one from Airlie that Krause is trying to write a University Thesis on trolling the kernel development process. Other theories are that he's a badly written AI chatbot, or just a clueless high school student with more tenacity than one usually expects at that age. Or maybe he's trying to win a bet, or is trying to get extra credit or to complete some course assignment by getting a patch into the kernel. Or maybe this is just the universe trying to demonstrate exactly how true the Dunning-Krueger effect really is. Whatever the motives, the problem is slowing down the work of development, and shows that open source doesn’t necessarily mean angelic developers working for the common good. The fact that Krause’s code just doesn’t work makes its problems obvious; but raises the question - would better written but actually malicious code be as easy for the kernel team to spot?
More InformationVia Malevolent Developer Trolls Linux Kernel Development with Lots of Broken Patches https://lkml.org/lkml/2014/8/4/206 Related ArticlesGCC Gets An Award From ACM And A Blast From Linus Microsoft Refuses To Open Source VB6 Bribe Devs To Improve Open Source Software Open Source Better Than Proprietary Code
To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin, or sign up for our weekly newsletter.
Comments
or email your comment to: comments@i-programmer.info |
Last Updated ( Friday, 15 August 2014 ) |