?

Log in

No account? Create an account
log f-list backlog .nfo weev.net back back forward forward
Dear clueless assholes: stop bashing bash and GNU. - Andrew Auernheimer
Oðinnsson. Market abuser. Internationally notorious computer criminal.
weev
weev
Dear clueless assholes: stop bashing bash and GNU.
This is a defense of the most prolific and dedicated public servant that has graced the world in my lifetime. One man has added hundreds of billions, if not trillions of dollars of value to the global economy. This man has worked tirelessly for the benefit of everyone around him. It is impossible to name a publicly traded company that has not somehow benefitted from his contributions, and many have benefitted to the tune of billions. In return for the countless billions of wealth that people made from the fruits of his labor, he was rewarded with poverty and ridicule. Now that the world is done taking from him, they are heading to the next step of villifying him as incompetent.

I speak of Richard Stallman, progenitor of the free software movement and creator of GNU (as in GNU/Linux, the most widely deployed operating system in the world, and GNU bash, the tool that has caused so much shellshock lately). He's a hero to me, and anyone that honestly evaluates the landscape of computing's history would conclude that there's few whose contributions may equal his in importance. I place only Ken, Ritchie, and Turing by his side. It is shameful that anyone need to write an essay telling people to stop bashing this man who has worked for free to provide us with some of the greatest software ever written, but I see a number of people who I normally respect defaming the man. Beyond that, irresponsible publications such as the Guardian take the chance to talk shit on Stallman and spew some anti-free software garbage. Over the past few years hating Stallman has become somewhat trendy among the Silicon Valley crowd, and every HN thread involving Stallman spews childish insults about him.

I have, for years, used bash as a central tool in my kit. I have written bash one-liners to spam millions of people with subversive messages and shift the market cap of publicly traded companies by the billions in intraday trading. Like many other GNU tools offered to us at no cost by the Free Software Foundation, I use it frequently to wonderful effect. It is more often than not the first tool I consider when confronted with a problem. It is seriously that useful.

Shellshock is not a critical failure in bash. It is a critical failure in thousands of people who knew a tool so useful that they decided to deploy it far beyond its scope. A tool so resilient that it it did not fall over when everyone deployed against best practices. Everyone knew in the nineties that when you execute a UNIX command with untrusted input, you clear away the environment variables first. Anyone that has untrusted input embedded within a shell script does not know what they are doing. The fact that there is a way to get bash to execute untrusted code is unsurprising. The thing that surprises me is the sheer number of developers who thought it would be otherwise in complete contrast to UNIX parables and common sense.

The real story here, if there is one beyond a piece of software having bugs like all software does, is the Sisyphean responsibility that was placed on one man's shoulders. The world took and took from Richard Stallman thanklessly. All the financiers and tech moguls that made hundreds of billions of dollars off of his work never once wrote him a single check to help him maintain the software their fortunes relied on. After decades of thankless service, a mob of people finally turn upon him like the jackals they are, deriding him as incompetent for a small series of bugs. Richard Stallman accomplished more than any paid developer. They also deride him as a senile fool for his eccentricities. He's always been eccentric. I've talked with him rather recently and guarantee he can code any of his pitiful critics under the fucking table. The world should have given the GNU project some money to hire developers and security auditors. Hell, it should have given Stallman a place to sleep that isn't a couch at a university. There is no fucking justice in this world.

This is a bit of theatre that has played out over and over again. Large and critical pieces of code are heavily relied on, and nobody wants to support them. OpenSSL anyone? Just as print and broadcast technologies were stolen from the people that invented them, the Internet is being hijacked by a bunch of sniveling international bankers that profit off of the effort of those before them. The brave and brilliant men and women who laboured for the Internet's creation will never see a dime for themselves or their offspring. Parasites having the nerve to insult and deride those they leeched from infuriates me.

I, unlike some people, haven't made billions from Stallman's work. That doesn't mean I won't remember what he's done, and what he continues to do for general computation and the Internet. Not a single day goes by that I will not be thankful for his work. You people are pieces of shit. I am disgusted, and you can pry my Emacs from my cold, dead NANDs.
66 comments / leave comment
Comments
Page 1 of 3
[1] [2] [3]
From: (Anonymous) Date: September 27th, 2014 10:16 am (UTC) (link)
Really well said. He's like the lion being nipped at by jackals.
weev From: weev Date: September 27th, 2014 11:19 am (UTC) (link)
also please read this post on Medium by maradydd perfectly explaining this tragedy of the commons.
officialdannyb From: officialdannyb Date: September 27th, 2014 01:45 pm (UTC) (link)
thank you for this
wasdely From: wasdely Date: September 27th, 2014 11:25 am (UTC) (link)
If LJ had a "like" button I would mash it for this post.

Stallman is, and has been, my personal hero ever since I learned, some 10 years ago, who he was and what he did. Getting to bring him to my last employer and introduce him before a speech where he literally trolled half of our board might be my greatest joy to date.
atomly From: atomly Date: September 27th, 2014 12:52 pm (UTC) (link)
fuck yes. thank you for this-- rms is one if the few truly awesome people in the world.
From: darmund Date: September 27th, 2014 01:09 pm (UTC) (link)
If this software is free why the fuck should anyone write this dude a check for creating it? Doing so completely and utterly defeats the purpose of it being free, you doltish shitcrumple. Oh, how's your vaunted hedge fund doing?
From: (Anonymous) Date: September 27th, 2014 01:43 pm (UTC) (link)
Dear darmund,

You appear to have difficulties grasping the subtle difference between various connotation of the word "free". Let me help you understand:

"Free" can mean several things, including "requiring no payment", "free-standing", "recently released", "not a slave", and most importantly "free from undue interference" (think free speech, free press or similar). You appear to think that the only valid interpretation for "free" in regards to code is the first, whereas the one used by GNU, rms, weev and countless others regarding so-called "Free Software" is the last ("free as in speech"). This means that the code in question is free to be inspected, modified and redistributed (among other things). The code is not free in the sense that no money or effort is required to produce, maintain and use it. Thus, getting compensation for producing a piece of code used by others is no contradiction, unless one is overly focused on the monetary aspects of life.

To summarize: please learn how to read, learn how to hack, and learn how to be a decent human being. Who knows, you might even enjoy not being an entitled asshole.

Best regards.

/P
(no subject) - (Anonymous) - Expand
(no subject) - (Anonymous) - Expand
(no subject) - (Anonymous) - Expand
(no subject) - (Anonymous) - Expand
From: (Anonymous) Date: September 27th, 2014 06:11 pm (UTC) (link)
I mean I'm sure rms meant well but tbqh gnu software kind of sucks

iggy azalea is widely deployed but I don't see you sucking her dick on livejournal
From: (Anonymous) Date: September 27th, 2014 10:36 pm (UTC) (link)
I do not know enough about the true history or motivation of the GNU way of doing things. Over the years I have observed an acceleration of free and open "things" that might owe it's velocity to GNU. But then there was a lot going on in those days. Any number of projects could and would have usurped GNU with simple mindshare had the timing been right.

But that's not my reason for the comment. I take issue with the comment "Shellshock is not a critical failure in bash. It is a critical failure in thousands of people who knew a tool so useful that they decided to deploy it far beyond its scope." Eric S Raymond wrote a book called "The Art of UNIX Programming". (ESR is no less important to the Open Source and Free communities).

In section 1.6 titled "Basics of the Unix Philosophy" he writes 17 rules. The first 2 or 3 seem to immediately contradict Andrew's conjecture.

Rule 1) Rule of Modularity: Write simple parts connected by clean interfaces
Rule 2) Rule of Clarity: Clarity of better than cleverness
Rule 3) Rule of Composition: design programs to be connected with other programs

Frankly; who is to say what exactly the scope of bash was? I have read much of the man pages and some of the code and I do not recall anything that would suggest "don't do because bad things will happen". That's just silly.

That this exploit exists in BASH cannot be debated, however, to defend RMS by suggesting "free" trumps "responsibility" is nonsense. It looks like someone, could be RMS, added a "clever" feature to bash which is now being composed into the exploit which we all now fear.

As I hinted. I do not think his income or quality of live has anything to do with the argument.
From: (Anonymous) Date: September 28th, 2014 03:47 am (UTC) (link)
srsly.
From: (Anonymous) Date: September 28th, 2014 06:16 am (UTC) (link)
I agree, Google,FB,Red Hat made lots of money from GNU software they now must support the consequences of not putting some money in auditing,refactoring and cleaning up old code bases.
From: (Anonymous) Date: September 29th, 2014 01:00 am (UTC) (link)
http://googleonlinesecurity.blogspot.com/2007/10/auditing-open-source-software.html

Up through Heartbleed 7 year later. Google has been doing plenty of auditing and patching.

Oh right, I need to hate Google, I forgot. Nevermind.
From: Tom Gundersen Date: September 28th, 2014 09:06 am (UTC) (link)
I agree: leave RMS alone, bugs happen, we fix them and move on.

However, I also strongly disagree with your view on his importance. The GPLv2 is a nice license, and we should thank him for getting that started, but it seems very naive to think that no one else would have done something similar in his absence. Be that as it may, cheers to RMS for the GPLv2!

When it comes to actual, real, useable code, his contributions have been much more modest (there are probably hundreds, if not thousands of open source developers who have contributed things of greater importance and utility). A few of the projects under the GNU umbrella are crucial still (noteably GCC and glibc, though the former probably less and less so), however, RMS is not contributing meaningfully to these any longer (for a very long time) and the fact that these are at all associated with GNU is mostly historical accidents (there are plenty of important contributors to both who strongly oppose RMS/FSF/GNU).

Within a standard Linux [0] distribution, the GNU project is far from being the most significant, and within the GNU project RMS is far from being the most significant (code-wise), so let's stop the worship of this power-hungry egomaniac. Salute him for his contributions, but admit that he, like the rest of us, is just one among many, who does not deserve any special god-like status, and the fact that he is demanding this status reduces him to nothing more than a clown.

[0]: Yeah, not GNU/Linux. The idea that anyone can dictate the language we should use, to the extent of trying to force groups of people to change how they refer to themselves shows how completely removed from reality these clowns are. Case in point, I am involved with the distribution "Arch Linux", which is the name wo chose for ourselves. We could have chosen anything, including "Arch GNU", "Arch GNU/Linux", "Arch Software Collection", or anything else, but for whatever reason we chose "Arch Linux". No offence intended. I noticed on the FSF website that they referred to us as "Arch GNU/Linux", so I dropped them an email very politely informing them about the mistake. I receieved an arrogant and absurd answer telling me that we had "made a mistake" in chosing our name, and they were simply correcting our mistake.
From: (Anonymous) Date: September 28th, 2014 12:33 pm (UTC) (link)
Hey Tom ,

Pardon the language deficiencies . English is not my native tongue .

Your rant is out of place and badly timed . This is a time where freesoftware community should be united . I am glad they have made themselves arrogant against you .

It is not anybody's concern what he is contributing NOW . rms has started the whole "free"software movement . Without that , even if he's still contributing today , would not have been beneficial to the whole IT community .

GNU project certainly is significant , since "Linux" is a kernel . Too bad Torvalds hasn't invented the GNU stuff he has embedded his kernel with . I pity those who can't give way and give credit to the organization that certainly has earned it .

So people at GNU has every right to let you know that it should be GNU/Linux . You are more arrogant , than you being informed that Arch has made a mistake . Because Arch really has mad a mistake .
From: (Anonymous) Date: September 28th, 2014 11:05 am (UTC) (link)
Thank you so much for this <3

(Also commenting doesn't work under https, not sure if you can fix that but might be something to pass on to livejournal)
MichaelTunnell From: MichaelTunnell Date: September 28th, 2014 11:37 am (UTC) (link)
Yes, most people who are reporting this are idiots and say things that couldn't be farther from the truth but you are also spreading misinformation.

Sorry to be the barer of bad news but RMS did not make Bash. Brian Fox made it. Saying RMS is the one to thank for everything in GNU is like saying every piece of code Canonical makes is credit to Shuttlesworth.

Without RMS and FSF Bash would have been less likely to be made but RMS has nothing to do with the actual making of it. Same things goes for Shuttlesworth and Canonical contributions.
From: (Anonymous) Date: September 28th, 2014 03:59 pm (UTC) (link)
I think there are several main points here:

1. Stop bashing RMS and GNU. If RMS didn't contribute directly to Bash, all the more reason not to criticize him on account of shellshock. Stop bashing GNU, too, since it's one of the greatest families of software, ever, regardless of whether bash is in its toolshed.

2. Stop bashing bash. Bash is awesome, even if it has bugs. It's unfair to criticize it on the basis of it being used in some ways far beyond how its designer could have intended. Just as with many security breaches in the past, we pay the price when we casually use a piece of software in a completely novel way without considering the security implications. This has been true of raw CGI environment variables since forever, with or without shellshock.

3. Give RMS credit where it's due. Even if he didn't write bash himself, it's clear he has been an author, designer and proponent of some of the most valuable software and software movements ever.

Though it is not bad to make sure people know that bash wasn't written by RMS, I don't think anyone here ever said that he did. Further, I don't think anyone ever said that RMS deserves the only credit for GNU or the software in it -- I think everyone has been saying he deserves a great deal of credit for it, though, which I think is fair. I think the main points are the ones I've suggested, and these points seem to me worth defending.

0a
From: Richard McFarley Date: September 28th, 2014 11:50 am (UTC) (link)
Thank you! Everyone at work calls me a zealot because I get annoyed when they won't accept RMS's contributions to what we all do with software.
From: (Anonymous) Date: September 28th, 2014 04:08 pm (UTC) (link)
WEEV FOR PRESIDENT!

WEEV FOR PRESIDENT!

WEEV FOR PRESIDENT!

WEEV FOR PRESIDENT!

WEEV FOR PRESIDENT!
From: (Anonymous) Date: September 29th, 2014 01:40 am (UTC) (link)
You sir, deserve a medal for this. Thank you!
66 comments / leave comment
Page 1 of 3
[1] [2] [3]