I subscribe to both the Debian Security and Gentoo Security lists. I’m one of those concerned sys-admins who wants to make sure I’m not running a vulnerable copy of software. Well, is it just me, or has the amount of security vulnerabilities increased over the past few months?

Open-source software had been widely accepted as some of the most stable, trusted, and worthwhile software to use. This was because there were very few security vulnerabilities, production versions of the software were rock-solid, and most of them were easy to administrate for a Unix admin. But, in the past few months, the sheer amount of security messages leads me to one of two conclusions. Either:

• OSS is taking on individuals who are less capable of programming good code.
• OSS and the community are starting to find new vulnerabilities that they didn’t know existed before - and at a rapidly involving rate.
• Competent progammers are getting lazy, not checking their code, and are acting like Microsoft - wanting to get the end product out quickly, regardless of the number of broken things and vulnerabilities.

If it is the foremost one, then I’m starting to question what is being taught to our Computer Science students in universities around the world. It’s reasonable to believe that more and more recently graduated, if not within the past 5-10 years graduated computer science / engineering majors are joining OSS projects - and rightfully so. The community is always in need of volunteers, and sometimes the volunteers are looking for experience on projects that have well founded roots and structure to them so they can better themselves (and their peers) at whatever programming job they get. But, if they are the ones contributing sloppy code, then how can our Universities and Colleges get away with not teaching good coding techniques? That IMHO is a critical aspect for a computing science student to learn at the beginning of their school work, not in the middle, at the end, or (heaven forbid) never at all.

If it is the second choice, then I applaud the OpenSource community for actually finding, fixing, and releasing these vulnerabilities. I certainly don’t want to be helping to maintain a customer’s website with 500K credit card numbers in a database only to find that one of the most blatent security holes in the database software has let 5 hackers through to obtain most, if not all, of those credit card numbers. I’m sure the rest of the community feels the same way with this. For the second choice, it would render this whole argument useless as it’s simply an applause rather than a rant anyways.

If it is the final choice, then my message to the open source community is wake the f*ck up. As Admiral Adama from Battlestar Galactica puts it, “You’ve lost sight of the true goal.” The true goal of OpenSource software is not to be first-to-market, is not to have the most features that pleases everyone, is not to make a quick fix to a problem and move on. It’s working with your peers on projects, deciding which features will take time to develop and truly developing the ones that benefit the community the most. It’s making sure that your code is rock solid. Above all, it’s making a product that everyone around the world can utilize, come to trust, and will turn to for the solution you’re providing again and again.

So, OpenSource community, will you make sure you’re writing the most efficient code?

A wonderful birthday to be had, December 3rd of this year held the date of Dickens on the Strand at Galveston, TX. I was accompanied by my wonderful fiancee, her best friend and a couple of our other friends, Brent and Lori. We had spent the night in a hotel close to downtown Houston and made our way down the long but not so treacherous drive that is I-45. Once there, we were blasted by furious gusts of cold wind which gave chills down everyone’s back. But, once through the gates, we had a good time watching everyone in costume, including taking lots of pictures, which I have graciously posted here:

http://www.chrisweldon.net/photos/Dickens/index.html

For those unfamiliar with Dickens on the Strand (and those too lazy to go to their website), Dickens is set in middle to late 19th century Britain. The festival is considered a global festival, so many individuals were dressed not only in british-style clothing, but also Japanese, Indian (no, not native american), etc. There were plenty of bums (as you can see in the photos), but also plenty of others out of period.

In addition to seeing all the elegant, sophisticated, and cute costumes, we also managed to go aboard the Elissa. This was a sail ship (yes, really old fashioned boating) that was a trading vessel for many years, that was recently given an overhaul to keep it alive. I took many interesting photos of it, but I think for anyone going to Galveston they should drop by and check it out for themselves. Oh, and for those looking at the photo of the ship through the window: Yes, that is a Carnival Cruise ship almost a 100 yards away from this boat. Scary sight, no?

Anywho, please give me some feedback if you like the pictures or not. Thanks!