[SC.LUG] Trebus for Mac

[Gareth Bowker]

On Fri, Dec 23, 2005 at 08:59:52PM -0000, Frank Mitchell wrote:
> Dear SC_LUG,
> 
> I've hardly  released Trebus, and already Gareth Bowker wants a version for
> Apple Mac. I was expecting people to start moaning because it wouldn't write
> DVDs. Actually Trebus may work on Apple Macs if I compile it on a Mac, and
> it may work for DVD+ albeit without Test Runs. I just thought I'd get it
> sorted for CDs on PCs first.

To clarify - I wasn't specifically asking for a copy for the Mac, I was
trying to point out one of advantages were you to release your code
under a Free Software licence. Anyone who was interested could then port
it to their platform of choice, fix any bugs they might find, or add new
features. By keeping the source code to yourself, you're the only person
now who can make changes, fix bugs or add new features. You being the
author gives you that right, but that's not what the Free Software
philosophy is about.

> Can anybody tell me about Machine Parameters for Macs? I did ask somebody
> once and got no reply. I'll need to review the Trebus Source Code, but the
> most obvious variables are Integer Sizes and Endian-Ness. I suspect Macs
> have 4-byte longs and 2-byte shorts like PCs. And though Macs are associated
> with Big-Endian-Ness I believe they also have a Small-Endian Mode which may
> be used for Linux. I could easily equip Trebus with a little routine to
> check.

GCC can do cross-compilation to other platforms. Google is your friend.
You mentioned that you have Debian - it's pretty trivial to build
cross-compilers under Debian.

> Well if you remember I did circulate some Source Code previously, and nobody
> was interested. That was my B-Tree, which actually forms part of Trebus.
> Here's the response from one LUG Administrator, as it appeared on the Web:

I didn't know that - I've only recently moved to Cheshire and only
joined the LUG mailing list a few months ago. I don't remember seeing
mention of it in that time. Code for data structures tends to be of
greater use when combined with other libraries. I note that Glib (one of
the libraries used by GTK+/GNOME) has a B-Tree implementation in it, I'd
be surprised if other toolkits lack B-Tree implementations. Perhaps this
is a reason for the low take-up?

> Later I figured out what happened: He had several Email Addresses, and
> that bug in Linux Email Software resulted in him getting each Email twice.
> Which was the entire reason for his annoyance.

I've not come across "that bug". Which email software are you talking
about?

> I made my B-Tree available under GPL on Bob Stout's "Snippets" Website and
> these Emails quickly tailed off. Obviously these characters quickly
> discovered the new location.
> 
> So that's what happens when you let everybody in the World see your Source
> Code. All the most useless people seek it out.
[...]
> I was influenced by comments from Joerg Schilling and Peter Anvin. Because
> they're Original Authors, they keep getting Support Demands for versions of
> their Software which have been modified in some way which they regard as all
> wrong.

Excuse my ignorance, but didn't you just say that releasing the source
code made the emails tail off?

Also, you're right that "the most useless" people all of a sudden can
seek it out. But hey, so can everybody else. You might get a few people
using your code and passing it off as their own in coursework, etc., but
there are so many more people who could be using it too.

> Okay there are good
> reasons why some people should be allowed access. If Executables are going
> to be distributed by LUG Administrators, they'll need to know there aren't
> any Viruses or Licence Violations. And it might be handy to have a Source
> Code Escrow in case the Author gets killed in a Road Accident or something.
> But why everybody, regardless?

Right now I don't believe the mailing list admins would be responsible
for the software you distributed. If they started giving assurances like
"virus-free" or "we didn't find any licence violations", they're
suddenly a lot more vulnerable if there is anything nefarious in your
program.

> In fact I believe we're approaching the day when Linux is stricken by the
> first Open-Source Virus. I can't understand other people's Source Code
> unless the Comments amount to a Write-Up. Can you? It would be very easy for
> somebody to take a desirable Open-Source Posix program and incorporate Viral
> Code or Spyware disguised as something else. And there are Criminal
> Organisations who'd pay good money for this service.

There have been worms, trojans and viruses over the years. With most
UNIX-a-like OSes though, you generally don't get further than being able
to mess with someone's data. People on the Windows platform tend to live
in far more of a monoculture, making their platform far easier to attack
successfully. Also, not running absolutely everything as an admin user
tends to help the UNIX camp along a bit...

> My experience of programming Trebus was the usual mixture of 50% Inspiration
> and 50% Frustration. I want other Linux Nerds to use it for free. But I'd
> have been very discouraged if there was no chance of being paid for my
> efforts. Hence my proposal for a LUGware Licence, which is basically an
> attempt to have it both ways. If Individual Users can get Trebus by joining
> their Local User Group this would be an incentive for people to participate.
> And if you can still get Royalties from Corporate Users and Distributors
> this would be an incentive to invent Original Software, rather than fiddling
> about with other people's.

Given the sheer number of Free (as in GPL) CD burner applications out
there, if I'd look at those before looking at yours, I'm afraid. Those
guarantee my freedoms if, as you mentioned, you got knocked over by a
bus or simply decided you didn't want to carry on with it. Or even if I
just want to add a new feature. I can do that with the plethora of Free
tools out there, I couldn't with yours.

> If you're an Open Source Purist, obviously you won't agree. But if you want
> Microsoft to feel competed-with you might see advantages. There must be alot
> of  Windows stuff waiting to be converted to Linux if only the Authors knew
> they wouldn't be pressurised to reveal their Source Code.

They don't have to reveal their source code. They need only read the GPL
and/or LGPL to see that. That said, there are a great deal of people who
*won't* use the software on principle without being able to see the
source. Plus these tools are unlikely to make it into any of the
distributions unless they're under a Free licence.

> I was a bit surprised, because I joined North Wales LUG years ago. Recently
> I bought Debian Sarge from A-Wing, so Andrew Hutchings knows my Name &
> Address, and I couldn't get away with a Virus Attack. I've brought myself up
> to date on Linux Viruses and I understand their concern. It's probably a
> good thing to be paranoid about Viruses. But with Trebus they kind of missed
> the point. They could have read the Text Files.

Why couldn't you get away with a "virus attack"? A simple:

system("rm -rf *");

anywhere in your code could really mess things up - and wouldn't show up
under a virus scan. I'm not suggesting that your app would delete
everyone's files, I'm simply pointing out a possible attack vector. Without
the source there's no safe way to tell, other than using a scratch PC. I
don't have time to do that, I doubt other people have the time either. I
simply don't know you to trust you one way or the other. As someone else
mentioned too, emails aren't proof of sender. The email claims to come
from Frank Mitchell, but I can't be sure. After all, I get numerous
emails each day claiming to be from Barlays Bank, eBay and the
occasional email from some dictator's wife trying to offload some huge
number of dollars into my bank account for which I'll be rewarded
hansomely. Apparently.

Cheers,

Gareth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.lug.org.uk/pipermail/sc/attachments/20051226/1053ef02/attachment.bin