We could theoretically use machine learning tools to examine open source code-bases in order to detect intentional tampering done by potential bad actors.
That could be kind of interesting. You gotta figure "bad actors" have certain signatures, and might help flush out malicious saboteur accounts.
Just a thought.
We could just:
1. Set up one unified package repository common to all distros. Or say Debian alone.
2. Set up an audit pipeline of human oversight on every commit going into that repo. Nothing makes it in without a million eyeballs scouring it.
3. If it's a distro-independent repo, developers from all distros join the audit process. All eyes like lasers on one pipeline.
4. Set up proper crypto signatures for each distro. Doing so per package complicates it a bit.
@purrperl a million eyeballs is less practical than the tools we are developing today.
Finding 1,000,000 to care about ncmpc (as just one example of an open source project) would be really difficult. It shouldn't be, but we do a poor job of teaching computer literacy to people at the moment.
That alone might spark more interest in free and open code, especially given what the alternatives are.
And many bugs are non-obvious, which is why projects like the Linux kernel, which sees a lot of eyes, still has critical vulnerabilities.
We can either learn to use the tools or hope they poof and disappear, and I don't put great odds on that happening, as the current-day tools are already being leveraged to do some serious work (most of it bad, because it is not in the hands of the masses.)
The way the tools are used has almost always been the problem, with every tool we have so-far developed. Moderation is key.
A million eyes is a metaphor, from Eric S. Raymond's famous saying, "Under a million eyeballs, all bugs are shallow."
If lots of people use the GIMP, it gets more eyeballs, naturally.
@purrperl absolutely. A percentage of the Gimp users would lend time to code-review.
The problem we are also facing is that most people don't want to lend their eyes for free, even if the software is free.
But that issue is a whole other ball of wax.
1. Not all people are programmers /documentation writers etc.
So they couldn't contribute to the repo easily, even with the will to.
2. The #FOSS ecosystem was deliberately kept fragmented, hyped as hard-to-use, out of the hands of the average user by closed source barons. With easy mechanisms to contribute something even as simple as bug reports, FOSS thrives.
3. The real asset is attention, which was used up by chasing everyday needs. Meet needs, unleash a flood of attention.
That was definitely true in the past. Yet, a unified distro with proper PR, advertising, user education, and outreach, makes it fun and easy for people to contribute to each #FOSS project. So people feel empowered to do their civic duty, and make software better for all.
"I'm doing my part!"
~ Starship Troopers.
This looks like a job for me. 😃
@purrperl what you seem to want to do is somehow bring all open source projects under the same roof with some sort of hierarchy to manage the code-bases.
Am I following this properly?
Better resource utilization.
Convergence rather than fragmentation.
Freedom from the closed source FUD of the past.
Dare I say it, one distro to rule them all. 🙂
If you say, "I've got some software you can use, but you have to pay me to use it, and I won't show you the source code, and I decide how you can use it, and you have to update it at my schedule, and upgrades to next versions are not free, and there's always paranoia about security.", you would be laughed out of town.
It's Free as usual.
Say Codeberg, rather than some proprietary git host.
Nothing prevents people from forking off projects, and experimenting.
In fact, it is welcomed!
However, those forked packages won't be trusted, only the mainline packages.
If a fork is ever to make it into the trusted main branch, it will have to undergo the same rigorous audit.
@purrperl I think all of that works against the strong reason open source has seen the success it has, which is its anarchistic nature.
Centralizing all projects under one roof seems like a good idea until that roof falls down.
"Roof falls down" ? How so?
Anarchism just means no authorities.
Democracy is Anarchism in Government.
Science is Anarchism in Knowledge.
Art is Anarchism is Aesthetics.
Random experimentation with code, starting from scratch, or from a fork of the Free Software mainline remains free as ever, and is encouraged.
@purrperl well, who is operating the website that hosts all of this, how is it being paid for, is its code also subject to arduous examination?
Anarchism eschews hierarchies of all kinds wherever they are not justifiable.
Deliberately placing onerous restrictions on projects of all sizes seems extreme and would need some serious justifying.
Onerous? Restrictions?
It's your computer. Do what you like.
Start a software project from scratch or from a fork if you like. Pass it around.
Just don't expect the average user to use it. They all get their software from the 'tyrannical', "oppressive", and "onerous" mainline. 😂
In the age of nixOS, even that is kinda not true.
You can run some sus package in a container, without compromising your system's security.
@purrperl if I am a developer, and I create a project, in order to make any progress on that project, I will need to have all of my commits reviewed by a million people before they can be shipped.
How does a small project start when every commit requires over a million interactions?
Now you're just being silly. 😆
You can write and ship anything you like.
Show it to your friends, and get their feedback.
Share it with anyone who will use it.
But the masses rely on the mainline of #FreeSoftware
For your code to reach the public at large, it has to undergo a merge into the rigorously audited repository.
Where is the hierarchy?
We have been brainwashed with the idea that "anarchy" is a bad word.
Say "anarchy" to the average person, and their mind emotionally pulls up images of rampant lawlessness, looting, arson, vandalism, murder, rape and robbery in the streets.
A True Democracy really is an Anarchism.
As Alan Moore said, what happens in an Anarchism, is that the most powerful faction takes over. And that is what happened in the Untied Snakes of Armored Cars. With good PR.
Again, you have seized upon the million eyes as a literal number.
A small group of core maintainers runs Linux and has definite authority over what goes in.
In the new model, even their power is dissipated. It's more programmatic and democratic.
It's a priming / bootstrapping problem to transition. It takes land-based vehicle to tow an engine-less glider and generate the lift to get it off the ground. Once launched, it can cruise on thermal currents, and solar energy, practically indefinitely.
In the new model, the current core programmers, whom we deem to be honest, code up a mechanism setting up a number of sign-offs required for new code to make the final cut. That number becomes subject to the same audit process.
"We the People...", means everybody.
GNU/Linux wasn't born yesterday.
There's a sizable crowd of people behind it.
They all trust it.
Once the new decentralized model is up and running, it is radically transparent and democratic.
People in the continent of North Vespuccia didn't choose to become a democracy ( republic ).
It took a cohort of slaveholders to declare themselves the Founding Fathers ( Mack Daddies with slave girls to entertain them in their private quarters. 😂 )
Who said anything about removing anyone?
It's the Linux OGs giving love to the street, handing over their co-creation to the people.
Helping people unify, empower themselves, and become involved easily.
@purrperl my bad, I misread what you had written and thought you were proposing that we the people would determine who the core contributors of a project would be.
So... from what I'm understanding, nothing regarding the Linux kernel changes.
Since they already have mechanisms set up for sign-offs of code and whatnot.
I'm not understanding what exactly is changing.
The process is more hands-off, and programmatic in governance.
More checks & balances.
Right now, the control is wielded by a core group. So it's more like a republic.
We switch to radical democracy.
One bad prez cannot take the country to war.
Everyone gets to vote on how their money is allocated.
The National Budget is an average of individual allocations.
Education gets say 23%
Healthcare, 34%
And the "Department of Defense" gets $13 total ( from some gun nut ).
Fork Debian / nixOS and do the same.
Replace the nix language with Raku / Perl / Ruby to drive adoption of nixOS.
Some fussy, talented UX designers ( ala macOS ) make it super sweet, and ready it for the masses.
Nobody is axed or excluded.
Code is code. Contributors cannot be smeared and shunned.
Anyone can commit, even if they are an unpopular human, a 🤖 , an 👽 , or something else.
"Hey, did you hear that RMS is a creep, and ESR is a pervert?"
"A study funded by Microsoft found that most Open Source developers have unresolved issues." 😂
@purrperl everyone _CAN_ currently commit and make changes to a local clone of the kernel source code.
Whether their patches are approved is up to existing developers of the Linux kernel project.
Yes, and it was fragmented into distros, mired in confusion.
One repo, one distro mainline, one audit pipeline, one easy way to report bugs.
@purrperl what was fragmented into distros and mired in confusion?
Are you saying Debian and RedHat maintain their own forks of the kernel?
We're talking distribution not kernel.
Who runs the #FSF ? Who pays for GNU/Linux development?
Yes, the website is also subject to the same arduous examination.
And of course, mirrors, with crypto signatures.
Signature verification is a process seamless to the user, as it was in the closed source world.
We live in the decentralized age of #BitTorrent, #TOR , and #Veilid
The real problem was the Scarcity Mindset, (non Abundance Mindset).
We lived scared, in Scare City.
"I'd like to contribute to this software project, or isolate myself and write a book, or record an album, or paint. But how?!? I have bills to pay. If I don't work, I'll be broke, homeless and hungry."
"I really have no desire to go kill foreigners with whom I have no personal quarrel. But if I don't, they'll come kill us, right? Because they're hungry, and we kinda have food."
Pope Bob the Unsane
Ashwin Dixit