We could theoretically use machine learning tools to examine open source code-bases in order to detect intentional tampering done by potential bad actors.
That could be kind of interesting. You gotta figure "bad actors" have certain signatures, and might help flush out malicious saboteur accounts.
Just a thought.
We could just:
1. Set up one unified package repository common to all distros. Or say Debian alone.
2. Set up an audit pipeline of human oversight on every commit going into that repo. Nothing makes it in without a million eyeballs scouring it.
3. If it's a distro-independent repo, developers from all distros join the audit process. All eyes like lasers on one pipeline.
4. Set up proper crypto signatures for each distro. Doing so per package complicates it a bit.
@purrperl a million eyeballs is less practical than the tools we are developing today.
Finding 1,000,000 to care about ncmpc (as just one example of an open source project) would be really difficult. It shouldn't be, but we do a poor job of teaching computer literacy to people at the moment.
That alone might spark more interest in free and open code, especially given what the alternatives are.
And many bugs are non-obvious, which is why projects like the Linux kernel, which sees a lot of eyes, still has critical vulnerabilities.
We can either learn to use the tools or hope they poof and disappear, and I don't put great odds on that happening, as the current-day tools are already being leveraged to do some serious work (most of it bad, because it is not in the hands of the masses.)
The way the tools are used has almost always been the problem, with every tool we have so-far developed. Moderation is key.
A million eyes is a metaphor, from Eric S. Raymond's famous saying, "Under a million eyeballs, all bugs are shallow."
If lots of people use the GIMP, it gets more eyeballs, naturally.
@purrperl absolutely. A percentage of the Gimp users would lend time to code-review.
The problem we are also facing is that most people don't want to lend their eyes for free, even if the software is free.
But that issue is a whole other ball of wax.
1. Not all people are programmers /documentation writers etc.
So they couldn't contribute to the repo easily, even with the will to.
2. The #FOSS ecosystem was deliberately kept fragmented, hyped as hard-to-use, out of the hands of the average user by closed source barons. With easy mechanisms to contribute something even as simple as bug reports, FOSS thrives.
3. The real asset is attention, which was used up by chasing everyday needs. Meet needs, unleash a flood of attention.
That was definitely true in the past. Yet, a unified distro with proper PR, advertising, user education, and outreach, makes it fun and easy for people to contribute to each #FOSS project. So people feel empowered to do their civic duty, and make software better for all.
"I'm doing my part!"
~ Starship Troopers.
This looks like a job for me. 😃
@purrperl what you seem to want to do is somehow bring all open source projects under the same roof with some sort of hierarchy to manage the code-bases.
Am I following this properly?
Better resource utilization.
Convergence rather than fragmentation.
Freedom from the closed source FUD of the past.
Dare I say it, one distro to rule them all. 🙂
If you say, "I've got some software you can use, but you have to pay me to use it, and I won't show you the source code, and I decide how you can use it, and you have to update it at my schedule, and upgrades to next versions are not free, and there's always paranoia about security.", you would be laughed out of town.
It's Free as usual.
Say Codeberg, rather than some proprietary git host.
Nothing prevents people from forking off projects, and experimenting.
In fact, it is welcomed!
However, those forked packages won't be trusted, only the mainline packages.
If a fork is ever to make it into the trusted main branch, it will have to undergo the same rigorous audit.
@purrperl I think all of that works against the strong reason open source has seen the success it has, which is its anarchistic nature.
Centralizing all projects under one roof seems like a good idea until that roof falls down.
"Roof falls down" ? How so?
Anarchism just means no authorities.
Democracy is Anarchism in Government.
Science is Anarchism in Knowledge.
Art is Anarchism is Aesthetics.
Random experimentation with code, starting from scratch, or from a fork of the Free Software mainline remains free as ever, and is encouraged.
@purrperl well, who is operating the website that hosts all of this, how is it being paid for, is its code also subject to arduous examination?
Anarchism eschews hierarchies of all kinds wherever they are not justifiable.
Deliberately placing onerous restrictions on projects of all sizes seems extreme and would need some serious justifying.
Where is the hierarchy?
We have been brainwashed with the idea that "anarchy" is a bad word.
Say "anarchy" to the average person, and their mind emotionally pulls up images of rampant lawlessness, looting, arson, vandalism, murder, rape and robbery in the streets.
A True Democracy really is an Anarchism.
As Alan Moore said, what happens in an Anarchism, is that the most powerful faction takes over. And that is what happened in the Untied Snakes of Armored Cars. With good PR.
Again, you have seized upon the million eyes as a literal number.
A small group of core maintainers runs Linux and has definite authority over what goes in.
In the new model, even their power is dissipated. It's more programmatic and democratic.
It's a priming / bootstrapping problem to transition. It takes land-based vehicle to tow an engine-less glider and generate the lift to get it off the ground. Once launched, it can cruise on thermal currents, and solar energy, practically indefinitely.
In the new model, the current core programmers, whom we deem to be honest, code up a mechanism setting up a number of sign-offs required for new code to make the final cut. That number becomes subject to the same audit process.
"We the People...", means everybody.
GNU/Linux wasn't born yesterday.
There's a sizable crowd of people behind it.
They all trust it.
Once the new decentralized model is up and running, it is radically transparent and democratic.
People in the continent of North Vespuccia didn't choose to become a democracy ( republic ).
It took a cohort of slaveholders to declare themselves the Founding Fathers ( Mack Daddies with slave girls to entertain them in their private quarters. 😂 )
Who said anything about removing anyone?
It's the Linux OGs giving love to the street, handing over their co-creation to the people.
Helping people unify, empower themselves, and become involved easily.
@purrperl my bad, I misread what you had written and thought you were proposing that we the people would determine who the core contributors of a project would be.
So... from what I'm understanding, nothing regarding the Linux kernel changes.
Since they already have mechanisms set up for sign-offs of code and whatnot.
I'm not understanding what exactly is changing.
The process is more hands-off, and programmatic in governance.
More checks & balances.
Right now, the control is wielded by a core group. So it's more like a republic.
We switch to radical democracy.
One bad prez cannot take the country to war.
Everyone gets to vote on how their money is allocated.
The National Budget is an average of individual allocations.
Education gets say 23%
Healthcare, 34%
And the "Department of Defense" gets $13 total ( from some gun nut ).
Fork Debian / nixOS and do the same.
Replace the nix language with Raku / Perl / Ruby to drive adoption of nixOS.
Some fussy, talented UX designers ( ala macOS ) make it super sweet, and ready it for the masses.
Nobody is axed or excluded.
Code is code. Contributors cannot be smeared and shunned.
Anyone can commit, even if they are an unpopular human, a 🤖 , an 👽 , or something else.
"Hey, did you hear that RMS is a creep, and ESR is a pervert?"
"A study funded by Microsoft found that most Open Source developers have unresolved issues." 😂
@purrperl everyone _CAN_ currently commit and make changes to a local clone of the kernel source code.
Whether their patches are approved is up to existing developers of the Linux kernel project.
Yes, and it was fragmented into distros, mired in confusion.
One repo, one distro mainline, one audit pipeline, one easy way to report bugs.
@purrperl what was fragmented into distros and mired in confusion?
Are you saying Debian and RedHat maintain their own forks of the kernel?
My issue is that Linux was for and by nerds.
The new Linux is more akin to macOS, beautiful eye-candy, elegant design, except Free.
@purrperl oh. You aren't complaining about the "new Linux"...
What are your issues with the eye-candy heavy desktop environments like KDE and Cinnamon?
@purrperl see, my issue is I liked Linux more when it was for and by nerds. I don't like eye-candy. So I don't use it.
That is one of the lovely things about open source and the world of GNU/Linux.
As proposed in the article on Apple ]|[ I just linked, you would choose the Expert Mode, and a minimal theme without eye-candy ( or create one if it doesn't exist ).
The problem was that they were "too customizable".
macOS did not ask you to choose a Window Manager & Desktop out of the box.
The Golden Path, "just worked".
Linux required you to know a lot to be workable.
You could make it laden with eyecandy, or use something as spartan as fvwm.
In the new Linux ( working title: Red Gnome ), the Golden Path just works out of the box, without asking thorny questions of the user.
The choice is not either/or:
https://rant.li/ashwin/apple
Since 1995, I have distro-hopped, ( Yggdrasil, Slackware, SuSE, Red Hat, Mint, Ubuntu, even OpenSolaris, FreeBSD & OpenBSD etc. ), and finally settled on Debian+GNOME, which is less customizable than KDE, therefore less confusing.
Now, I am drawn to nixOS, except I'd like to nix the nix language.
@purrperl Linux in 1995 was very different from Linux in 2025.
Have you installed Linux Mint recently? Or Ubuntu? Or Fedora?
The Linux install process from 1995 was DRAMATICALLY different from the install process today.
Much like installing Windows in 1995 had a different feel than installing it today.
@purrperl here's my proposal to you: start your own Linux distribution.
ONLY include open source projects that have the required rigorous commit approval you are looking for and deem 'safe'.
Make your installer just automatically blast away the partition and install the desktop environment YOU think is
"The Best(tm)" and make it extremely polished with others' help.
Whatever your issue is with Debian or whatever other distro you've tried -- do it differently and fix it.
My friend, that has exactly been my plan for a couple of years.
Linux done right. Linux for the masses, not just the nerds.
As user-friendly as macOS. As hackable as, well, Linux.
Unlike macOS though, it's Free, in the #FreeSoftware sense.
Encourage user participation. Make it fun.
Like Tom Sawyer painting a fence.
Working name: "Red Gnome".
It will be based off Debian for initial UX scaffolding.
Will switch over to nixOS, after we replace the nix language with Perl / Ruby.
I have installed Debian a few times lately. Still too nerdy and technical for grandma.
My proposal:
One repo with an audit pipeline.
Developers from all Linux *and* BSD distros audit each commit going into that repo.
Convergence of the whole #FOSS community, like lasers scouring the incoming code, manually & using tools.
Each distro team sets up a workflow to bundle code from that repo for their Linux/BSD distro ( deb, rpm, pkg, nix, * )
"Truly Trustworthy Computing" (TM)
Just look at that page. Does it make you want to jump in and contribute?
Compare that to Apple's web site.
Each word is carefully chosen.
The language is minimal.
The aesthetic is good.
We're talking distribution not kernel.
@purrperl which distribution? There's hundreds.
If you want less eye-candy, it is an option.
If you want to be free of systemd, there's other kernels and operating systems.
In one post you complain about eye-candy, then you critique the aesthetic of plain text being used to convey information.
Do you want Linux to be like macOS or not?
Pope Bob the Unsane
Ashwin Dixit
Cy