This has been an amusing, if for the most part useless, debate. Phill is
undeniably pompous, and takes himself far too seriously. "Reese" seems to
share these same affectations, and in addition appears (based on the
limited sampling of posts I've read) likes to shower the cpunx list with
usually-incomprehensible gibberish, inventive grammar, and a snarkily
juvenile attitude to match.
But although Phill has been intentionally obtuse in this debate, most
likely for his own amusement, he also has the substantial advantage of
knowing what he's talking about on at least this narrow point. "Reese"
responded with open-source dogma straight from slashdot, and wasn't
prepared to engage on the general principles.
Phill upped the ante with an apparent libel threat, with prompted "Reese"
to back down. That's unfortunate on both sides. "Reese" could have
challenged Phill on details and used some of the recent Linux collaborative
developments to bolster his own argument. Phill didn't need to resort to
what appears to be a vacuous legal threat: Calling him "undeniably
pompous," for instance, might be actionable in the UK, but not in the US
where truth, fortunately, remains an absolute defense against libel. :)
Recommendation: "Reese" should pick up judgement-proofing tips from Duncan.
Score: "Reese" 3, Phill 5
-Declan
At 17:29 3/6/2000 -1000, Reese wrote:
>Fine, you win, whatever.
>
>Now go away - and next time, don't threaten (offlist) a writ of libel, go
>for it. Put your money where your pompousity is or shut up.
>
>Reese
>
>At 09:40 PM 3/6/00 -0500, Phillip Hallam-Baker wrote:
> >The speech by Brian Valentine was well reported at the time.
> >If you needed to verify the statement you could have done
> >so yourself at the Microsoft site.
> >
> >The only reason that the statement required confirmation
> >in your view is that you have such a fixed world view that
> >your mind is not capable of processing data that conflicts
> >with it - the appearance of which causes an ABEND and core
> >dump.
> >
> >
> >The definition of 'peer review' has nothing to do with the
> >definition of 'open source'. The two terms are in fact entirely
> >orthogonal, most open source software has not been reviewed,
> >most peer reviews are closed.
> >
> >Just because peer review is good and open souce is good does
> >not mean that peer review = open source.
> >
> >
> >The issue is the quality of the peer review, not the context in
> >which it takes place. I perform peer reviews for real companies,
> >I also design internal processes to ensure that thorough
> >reviews take place. It is a time consuming and very costly
> >process.
> >
> >If nobody with a white hat actually does any peer review on your
> >open source code and tells you the problems you have weakened
> >your security, not strengthened it.
> >
> >With the exception of a handfull of very frequently used programs
> >such as Apache, the mere fact of putting code in the public
> >domain does nothing for security since the number of experts
> >qualified to perform a peer review is vanishingly small (perhaps
> >a few hundred) and they charge significant fees for their
> >services.
> >
> >Most times the review is not of consumer oriented software at
> >all but an installation where there are particular security
> >issues that must be examined. I very much doubt that the
> >average reader of this list is prepared to donate their
> >services for free to a random bank.
> >
> >
> >Ten years ago a bunch of folk were putting out the idea that
> >'neural nets' and 'genetic algorithms' were a means of solving
> >any problem at all without doing any actual work. The idea
> >that 'open source' is a panacea for security is equally bogus.
> >
> >
> >Revising my ealier statement, security through bogosity is
> >no security at all.
> >
> >
> > Phill
> >
> >Attachment Converted: "C:\Eudora\Attach\smime12.p7s"
> >
