[Linux-aus] contest proposal

[Russell Stuart]

On 2/1/24 12:10, jon.maddog.hall--- via linux-aus wrote:
 > Just focusing on the problem might help.  Without focus people will 
not pay attention to the issue.

To be clear I wasn't arguing against the proposal. I was (perhaps badly) 
trying to point out that the issue has a much broader impact. To me 
those impacts are more important than the one Russell raised.

But it is true I find it hard to get excited about RAM usage when, in 
what seems like a just a few years ago I was amazed PC's were zooming 
through the 32 bit barrier, yet now I carry a battery power device with 
64bits of address space, more connectivity, screen resolution, removable 
storage than those PC's. Granted, today's problematic resource usage 
can't be relied upon to disappear tomorrow forever I guess. But I'm 
happy to delay worrying about it until it does happen.

What concerns me now is the library version proliferation thing I 
mentioned earlier. And the thing that replaced a 3270 (the browser) is 
so bloated, Debian with the resources of a 1000 developers can't 
maintain it. And at the risk of starting a flame war, if I want to use 
systemd as in init system (and you'll get no argument from me that isn't 
a very fine init system), I am forced to compile 1.9 million lines of 
intertwined code that isn't related.

These are problems created by my engineering discipline, and must be 
solved by us. We just need the motivation to do it. It is going to need 
a *lot* of motivation. Debian has almost religious level objection to 
taking code thrown over the wall, but it was forced to do it with 
Chromium and Firefox. I suspect it won't come from resource utilisation, 
partially because there are already a lot of small, open source projects 
dedicated to that role out there. The prime motivation of Alpine Linux 
is just that.

What the motivation may come from is the other problems I mentioned. 
Security in particular. There will be a lot of bugs lurking in the lines 
of systemd you don't use, and for me that is most of the 1.9 million of 
them. If that isn't motivation enough the EU New Product Liability 
Directive [0] may do the trick.

I'm pretty sure it's near impossible to make these large 
non-decomposable systems bug free, which in turn implies they can't be 
made secure either. Unfortunately I'm also pretty sure them being 
decomposable mega projects means debloating these systems in the way 
Russell wants to is near mission impossible. (I'm sorry, but re-writing 
sin and cos doesn't seem comparable.) But I also think the world at 
large isn't going to give up on wanting software that works and can be 
relied upon to not take down a fair chunk of a country's 
telecommunications network. [1]

So, it's a rock hits a hard place. Perhaps the Queen Mary hits Norfolk 
Island is a better metaphor, because these software projects are huge 
and cornerstones of the current internet, so nothing is going to change 
course quickly.

Personally, I'd give up on the Queen Mary entirely. Changing its course 
is just too hard. I'd start with the smaller projects one person can fit 
their head around, and build a system that suits your needs from them. 
That seems doable.  Put the rest in a sandbox VM (if we can ever figure 
out how to build such a thing), and put up with the resource usage until 
we an replace it.


[0] From what I can tell, the EU New Product Liability Directive is 
mostly about defanging software shrink wrap licences. They will not be 
able to disclaim liability any more. You can't disclaim liability for a 
toaster that electrocutes someone from a design flaw, so I don't know 
why software has got away with the same thing for so long. The 
implications for open source software is for a supplier to be liable you 
have to have bought the toaster from them, and then the toaster must 
have killed you. Kinda - you get the idea. Software killing someone who 
downloaded it from a public repository without your knowledge doesn't 
fit the bill no matter how much it may seem like it should. But the new 
law still can impact open source developers. If for example you were a 
log4j developer that earned money on the side by fixing bugs in it, then 
the dollar amounts of damage done makes my eyes water and you maybe just 
made yourself liable for it.  Once this passes, I wouldn’t do that sort 
of thing without getting professional indemnity first.

[1] Granted, we all know that was more of an operations issue. But it 
sure raised a lot of eyebrows, as in called before a senate committee 
for a "please explain" type eyebrow raise. To the owners of those 
eyebrows it's all just computers all the way down - don't give us any of 
this finger pointing crap.