5 Replies - 1083 Views - Last Post: 13 May 2009 - 07:04 PM

#1 NickDMax  Icon User is offline

  • Can grep dead trees!
  • member icon

Reputation: 2250
  • View blog
  • Posts: 9,245
  • Joined: 18-February 07

Grinch stole our Perfect Objects

Posted 04 May 2009 - 08:12 PM

So I read, "How the Grinch stole our vision of perfect objects" and I found it interesting but I wonder...

I have always had a problem with trusting pre-built & packaged libraries because you don't really know what is in the black box. Now my biggest concern has always been the building upon an un-solid foundation -- or just an old foundation (what good does it do you to have the latest and greatest optimizing compiler compiling for the newest processors if you libraries are all old).

Anyway... this is one of the reasons why I think that open source is so important... and yet... Is it easier to hold a company responsible if their proprietary libraries are tainted? Or does it just become my "due dillagence" to review every line of code in Boost if I choose to use that library?

Is This A Good Question/Topic? 0
  • +

Replies To: Grinch stole our Perfect Objects

#2 KYA  Icon User is offline

  • g++ jameson.cpp -o beverage
  • member icon

Reputation: 3093
  • View blog
  • Posts: 19,139
  • Joined: 14-September 07

Re: Grinch stole our Perfect Objects

Posted 04 May 2009 - 08:14 PM

I think that, in non mission critical systems, a little bit of trust is needed if you're using software that you don't have source access to. Depends on the situation of course.
Was This Post Helpful? 0
  • +
  • -

#3 NickDMax  Icon User is offline

  • Can grep dead trees!
  • member icon

Reputation: 2250
  • View blog
  • Posts: 9,245
  • Joined: 18-February 07

Re: Grinch stole our Perfect Objects

Posted 05 May 2009 - 05:07 AM

If you don't have the source, then, as I understand it, you have some legal recourse if the library contained malicious or grossly incompetent code -- so long as you used the library according to how it was designed (which you probably didn't but...)

Open source seems different though. I mean, you always have the ability to look at what is there, so if you use malicious code (because you didn't review it line by line) then it would seem that the fault is all yours.

Yet, I can tell you now that although I am learning, I can not understand all of boost. It has too many levels of abstraction for me to just quickly scan for potential plot holes. Someone could easily encode just about anything in there and so long as it worked then people like me would be clueless -- I have to rely upon the idea that others are reviewing that code.

Same with Linux. The number of people who could possibly be entering malicious/faulty code goes up, but accountability goes down.

But if I loose 100,000 medical records because of my choice to use Linux as my OS -- I am accountable. At least if I use AIX or Solaris I have someone I can turn to and try to recoup some of my losses.
Was This Post Helpful? 0
  • +
  • -

#4 c0mrade  Icon User is offline

  • D.I.C Regular

Reputation: 20
  • View blog
  • Posts: 412
  • Joined: 16-November 07

Re: Grinch stole our Perfect Objects

Posted 05 May 2009 - 05:44 AM

Disclaimer: I have not read the article referenced.

Because of the way open source works, when you use open source libraries, you are almost always using a well known and respected collection of code. The logic is, that if it was malicious or dangerous, everyone would not be using it.

With a purchased closed source library, you hold a contract with the provider, and therefore should be able to trust the library.

I would be suspicious of any free closed source library.

Quote

But if I loose 100,000 medical records because of my choice to use Linux as my OS -- I am accountable. At least if I use AIX or Solaris I have someone I can turn to and try to recoup some of my losses.

It is probably your fault regardless of whether you were using Linux or Solaris. Sun cannot guarantee it's software will have no bugs. It would be your fault for not designing for failure. ;)
Was This Post Helpful? 0
  • +
  • -

#5 NeoTifa  Icon User is offline

  • Whorediot
  • member icon





Reputation: 2586
  • View blog
  • Posts: 15,618
  • Joined: 24-September 08

Re: Grinch stole our Perfect Objects

Posted 05 May 2009 - 10:18 AM

Good poem. It was entertaining. I made a shot at making a custom library.... ugh....
Was This Post Helpful? 0
  • +
  • -

#6 mikeblas  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 43
  • View blog
  • Posts: 390
  • Joined: 08-February 08

Re: Grinch stole our Perfect Objects

Posted 13 May 2009 - 07:04 PM

View PostNickDMax, on 4 May, 2009 - 07:12 PM, said:

Anyway... this is one of the reasons why I think that open source is so important... and yet... Is it easier to hold a company responsible if their proprietary libraries are tainted? Or does it just become my "due dillagence" to review every line of code in Boost if I choose to use that library?

Well, where do you draw the line? There are lots of things you don't have source (or the equivalent) for, yet you use them every day. Even if you have an open-source development environment, compiler, and OS, what about your BIOS? What about the microcode on your LAN adapter? What about the BIOS and microcode on the drive controller you're using, or the source for the ASIC and FPGAs on your motherboard and video card? In your modem?

How about the firmware in your MP3 player, or in the dozens of embedded controllers in your car? In the elevator you took upstairs? In your microwave?

Where do you stop? These may sound like extreme examples, but you trust your life to code you've not seen every time you take some conveyance of transport; code in systems that control trains or elevators or busses, or the ABS system in your own car. The article brings up a point you don't bother to address--the microcode in the Pentium. Did you review it?

Say you do have the source. Do you really take the time to analyze it? There are tens of millions of lines of code in Linux distributions, and tens of millions more in applications like MySQL or Open Office . Do you really purport to have read, studied, and understood even a millionth of that code?

To be blunt, I think you've become paranoid from too much open source rhetoric.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1