"Carry the hypothesis further, and you might get open source being fiddled with by people who don't necessarily understand the code written by others"
Dude, I'm pretty sure that Google distributed Android and that they also distribute the updates so... I don't know where you are going with this.
But they also distribute code that they did not write. And they may have distributed code that is based on code that they did not write, and may have broken some assumptions in the original. This is what happened to debian; my point is that however unlikely, it could happen in any similar system.
A) It's not MY argument, it's Eric Raymond's and it is called "Linus' Law," though I happen to understand and agree with it. It was mentioned in the article and I was explaining it to somebody who didn't understand the context and was attempting to compare it to software that wasn't even open source.
B)You seem to enjoy accusing people of speculating, and then speculating yourself that they may or may not be correct without coming to any conclusions. I'm starting to think that you just enjoy rambling out senseless accusations with weak talking points and getting nowhere. It seems to be the theme of your comments.
Nope - just you, because 1) You are particularly prone to it, 2) You're so funny when you try to flounder a response without even understanding what you're being accused of and 3) You're so consistently obnoxious towards those with whom you disagree that it pleases me to help you make an idiot of yourself. As you consistently then manage. And you still fail to recognize that "may or may not" is not speculation; it is definitively true. It would only be speculation if I chose one or the other.
"Open source opponents criticize this law, assuming that the developer base may not be big enough for it to work efficiently or simply declaring that they do not personally believe the law is true."
Read that a few times and if you still feel like arguing, go tell it to Eric Raymond or Linus Torvalds or somebody else who couldn't care less about your opinions than I could.
I do not criticize the hypothesis; I criticize the statement that when applied to large-scale open source it necessarily leads to more secure code. It has not been proved such, though it does have a reasonable probability of correctness.
BTW: Starting a sentences with "Carry the hypothesis further, and you might get," is a great way to begin a speculative argument. If you want me to speculate about something this time, I will make a reasonable conjecture that you have a sad addiction to making foolishly hypocritical accusations on the internet either because you enjoy trolling comments or because you are actually a fool.
Well done - you are correct that my extended hypothesis is indeed speculation. You fail somewhat in that you clearly didn't read the bit where I said: "This extended hypothesis is no more, but equally no less, valid than the one you presented; I state it just as an example of a reasonable conjecture as to how your model may be insufficient without doing the science to back it up." Or to put it another way, it is a speculative argument. Nothing wrong with them, so long as they are qualified as such. As I do, and you don't.
The model has been shown to be successful in a number of cases. It has not been scientifically tested sufficiently to show that it is successful in all cases. The example I quoted about debian cryptographic keys demonstrates that for nearly two years a vast number of linux servers were running with a security hole bigger than possibly any ever found. All cryptographic keys generated with debian-specific OpenSSL libraries were predictable, and that included Ubuntu as well as debian. Perhaps you don't know enough about security to know what a train-wreck that could have been had it not been found by a benevolent person.
Anyway; this grows wearisome, so let me put you out your misery and explain some debating basics. Imagine you toss a coin. Then (neglecting pathological cases where the coin fails to land), the following 3 (6) statements are definitively TRUE:
- * The coin might (might not) land heads up
- * The coin might (might not) land tails up
- * The coin might (might not) land on its edge
The following are SPECULATION correctly stated as speculation:
- * I believe the coin will (will not) land heads up
- * I believe the coin will (will not) land tails up
- * I believe the coin will (will not) land on its edge
The following are PROBABALISTIC STATEMENTS:
- * The coin will probably (probably not) land heads up
- * The coin will probably (probably not) land tails up
- * The coin will probably (probably not) land on its edge
The first 2 (4) are weak - it's roughly 50/50. The statement that the coin probably will not land on its edge is valid, as it is more probable than that it will, yet allows room for the small but non-zero probability that it will.
The following are speculation stated as fact:
- * The coin will (will not) land heads up
- * The coin will (will not) land tails up
- * The coin will (will not) land on its edge
These last are invalid. Note that the statement "The coin will not land on its edge" is highly likely to be true, but as a statement of fact it is still invalid. This is what you have been doing.
Stating that open source is more secure because of extended review is incorrect; stating that extended review gives it a greater likelihood of being secure is valid, in that it allows for those cases where the review fails to spot critical vulnerabilities, such as the one I described above.
This post has been edited by crosswordbob: 09 August 2010 - 01:39 AM