The Legend of Hypocrite Commit

While there are many horrors when it comes to open source, as we approach Halloween, I bring you terrifying tale of The Legend of Hypocrite Commit!

"In the bosom of one of those spacious coves which indent the eastern shore of the Vantaa, at that broad expansion of the river denominated by the ancient Swedish navigators from ?H?lsingland, and where they always prudently shortened sail and implored the protection of St. Nicholas when they crossed, there lies a small market town or rural port, which by some is called Helsinge fors, but which is more generally and properly known by the name of Helsinki.?

In this by-place of nature there abode, in a remote period of Finnish history, that is to say, some thirty years since, a worthy wight of the name of Linus Torvalds, who sojourned, or, as he expressed it, "tarried," in Helsinki, for the purpose of instruction in computer science.?The student is generally a man of some importance in the female circle of a rural neighborhood; being considered a kind of idle, gentlemanlike personage, of vastly superior taste and accomplishments to the rough country swains, and, indeed, inferior in learning only to a professor. He was, moreover, esteemed by the women as a man of great erudition, for he had read several books quite through, and was a perfect master of Richard Stallman's "The GNU Manifesto", in which, by the way, he most firmly and potently believed.

He was, in fact, an odd mixture of small shrewdness and simple credulity. His appetite for the marvellous, and his powers of digesting it, were equally extraordinary; and both had been increased by his residence in this spell-bound region. No tale was too gross or monstrous for his capacious swallow. It was often his delight, after his school was dismissed in the afternoon, to stretch himself on the rich bed of clover bordering the little brook that whimpered by his schoolhouse, and there con over old Stallman's direful tales of copyright, until the gathering dusk of evening made the printed page a mere mist before his eyes.?

Another of his sources of fearful pleasure was to pass long winter evenings with the old Finnish programmers, as they sat coding by the fire, with a row of apples roasting and spluttering along the hearth, and listen to their marvellous tales of bugs and viruses, and hacked networks, and hacked programs, and hacked operating systems, and hacked computers, and particularly of the first multipartite virus, or?Ghostball, as they sometimes called it. He would delight them equally by his anecdotes of copyleft, and of the direful omens and portentous sights and sounds in the air, which prevailed in the earlier times of Finland; and would frighten them woefully with speculations upon copyrights and patents!

But if there was a pleasure in all this, while snugly cuddling in the chimney corner of a chamber that was all of a ruddy glow from the crackling wood fire, and where, of course, no copyright dared to show its face, it was dearly purchased by the terrors of his subsequent walk homewards. What fearful shapes and shadows beset his path, amidst the dim and ghastly glare of a snowy night! With what wistful look did he eye every trembling ray of light streaming across the waste fields from some distant window! How often was he appalled by some shrub covered with snow, which, like a sheeted spectre, beset his very path!

All these, however, were mere terrors of the night, phantoms of the mind that walk in darkness; and though he had seen many hacks in his time, and been more than once beset by Satan in divers shapes, in his lonely perambulations, yet daylight put an end to all these evils; and he would have passed a pleasant life of it, in despite of the Devil and all his works, if his path had not been crossed by a being that causes more perplexity to mortal man than bugs, viruses, and the whole race of malware put together, and that was--a hypocrite commit."

Allow me to pause here dear reader from my "open source" retelling of Washington Irving's The Legend of Sleepy Hollow to regale you with the disturbing, terrifying and horrific nature of the hypocrite commit and why the progeny of our heroic protagonist is particularly susceptible to its dreadfulness; effectively ending any and all reasonable debate on the "security" of Linux and the efficacy of open source. To any lucid reader, it shall become imminently clear that the use of open source in one's systems is a fool's decision of disastrous proportions.

The hypocrite commit is simply the stealthy, purposeful introduction of bugs into code with the express intent of exploiting these bugs for nefarious purpose at a later date. The hypocrite commit is so vastly terrifying because it attacks the basic premise of open source software itself, that effectively anyone can contribute to the code. I must stress here that any and all open source software is susceptible to the horrors potentially unleashed by hypocrite commits. Even more alarming, Linux is more susceptible than most.

The reason Linux is so susceptible to hypocrite commits is because it was written by an amateur. Torvalds was a student when he first wrote Linux and its monolithic design was a relic of 1970's operating system design. Linux was already obsolete when it was published in the early 90's. There is no reasonable debate that microkernels are a superior architecture when it comes to the security and design of operating systems. Not to rekindle the flame war, but Torvalds was wrong and Tanenbaum was right. Because Linux is monolithic there is no minimal, isolated kernel to which minimal or no code changes are applied. Effectively, the kernel comprises the entire operating system so any bug in the entire operating systems is essentially a bug in the kernel itself.

Linux is also more susceptible because it presents an immensely valuable target to cybercriminals. Too many foolish mortals have been wooed by free software that they have ignorantly disregarded the fact that Linux is an inherently insecure and obsolete operating system that shouldn't be trusted to run an informational website, much less underpin the software running something as important as a supply chain. Open source governance models cannot possibly hope to contend with the hyperscale threat of large, well-funded, cybercriminal organizations. And since cybercriminals have routinely proven themselves to be more innovative and smarter than any researcher, all the University of Minnesota's hypocrite commit researchers did was expose something that has likely been occurring for a fairly long time.

As equally terrifying, the exposure of Linux's astoundingly informal model of suggesting, accepting and committing code changes should strike fear into the heart of the most stalwart open source zealot. Email. Really? This is how the governance structure works for kernel commits to Linux? And you hope to even have a fighting chance against cybercriminals? Not likely. Criminal organizations have far too much to gain economically and politically than a creative commons approach to governance can possibly handle, particularly when the governance process is a complete and utter joke. Email. Unbelievable.

In conclusion, if my other writings have not made my position evident, let me be perfectly and explicitly clear. If you use open source or believe in open source in any capacity then you, like the menace of The Legend of Sleepy Hollow; you too, have a pumpkin for a head.