The 25-Year-Old BSD Bug 213
sproketboy writes with news that a developer named Marc Balmer has recently fixed a bug in a bit of BSD code which is roughly 25 years old. In addition to the OSnews summary, you can read Balmer's comments and a technical description of the bug.
"This code will not work as expected when seeking to the second entry of a block where the first has been deleted: seekdir() calls readdir() which happily skips the first entry (it has inode set to zero), and advance to the second entry. When the user now calls readdir() to read the directory entry to which he just seekdir()ed, he does not get the second entry but the third. Much to my surprise I not only found this problem in all other BSDs or BSD derived systems like Mac OS X, but also in very old BSD versions. I first checked 4.4BSD Lite 2, and Otto confirmed it is also in 4.2BSD. The bug has been around for roughly 25 years or more."
Re:Many eyes make bugs shallow... (Score:3, Insightful)
Re:Many eyes make bugs shallow... (Score:5, Insightful)
Re:Many eyes make bugs shallow... (Score:5, Insightful)
Re:They actually do... (Score:5, Insightful)
Re:See? SEE? (Score:5, Insightful)
In comparison, Microsoft has been around for what... 20 years? And who knows what bugs in Windows are there, lurking, just waiting to bite us?
Re:more proof (Score:2, Insightful)
Unless you present some proof that this never happened in a Microsoft product, you have nothing.
I'm not saying it did, but you have to take Microsoft's word that it didn't, and no more evidence than that.
I'd rather go with the more transparent option, thank you.
Samba knew, but didn't pass it on? (Score:5, Insightful)
Surely both the samba communities and the *BSD communities are active enough that this could have been passed on for further investigation by the *BSD crowd? (Sure, samba probably would still need a workaround, particularly given the long uptimes and widespread deployment of *BSDs)
I know nothing of the devs at Samba and *BSD, but seems a bit strange. Perhaps they did try..
Meanwhile, congrats to Marc on fixing a bug. One of the most touted benefits of open source (whatever your license) code.
--Q
Old Code (Score:3, Insightful)
Re:Many eyes make bugs shallow... (Score:5, Insightful)
Re:Many eyes make bugs shallow... (Score:5, Insightful)
A quick googling of "many eyes make all bugs shallow" brings me the more complete statement that adage is simplified from: "Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone." (Linus via ESR). Clearly this 25-year-old bug is one of the exceptions that calls for the 'almost'.
Re:Now it's time for a little housekeeping (Score:3, Insightful)
Re:Many eyes make bugs shallow... (Score:5, Insightful)
Well. Just reading the source is part of it, but not all.
Fact is, if I run into odd behaviour when testing/using - if the source is available I can read it, I can breakpoint.
I cannot do that with a binary.
So yes. Things did occur as they were supposed to. Someone found something odd, they were able to look at code in question, and fix it.
The shallowness is the fact that there is a direct connection between the thousands of testers/users and the code in question.
Instant turnaround. No "user reports behaviour in detailed fashion, including testcase, to some corporate e-mail address, and maybe it eventually gets a to a developer three layers down who may be able to figure it out and fix it if he has the time"
Should it be fixed? (Score:5, Insightful)
Re:Samba knew, but didn't pass it on? (Score:3, Insightful)
Re:Would this be a "Critical" or "Important?" (Score:3, Insightful)
Re:Many eyes make bugs shallow... (Score:5, Insightful)
Re:Should it be fixed? (Score:2, Insightful)
Re:Many eyes make bugs shallow... (Score:3, Insightful)
"many eyes make bugs shallow" is equivalent to the "infinite number of monkeys..." thing.
In my experience it's better to have quality than quantity when it comes to the eyes used for finding bugs.
Any idiot can tell you about obvious bugs, and it's kind of waste of time to see 1 million duplicate bug reports, because it's too slow to search through 100 million other bugs (with dupes) for dupes
For UI stuff, you get the naive (as in not yet unexposed to your evil software
Re:Many eyes make bugs shallow... (Score:2, Insightful)
However... You are mistaken. Clearly that DID happen here. That is exactly what happened. It took a long time, granted, but it was found, it was fixed, and (seeing as no one was really bothered by it too much) it was even done in a "timely manner." (Albeit a very long time but it didn't seem to impact anyone to any great length.)
The bug was found, the code was open, the bug was fixed. Hell, it isn't even newsworthy. It's just a squished bug that had no real impact in the majority of people's experiences. The impact was so small that people coded around it, so be it. Open source doesn't even demand that it be bug free. Coding around an existing bug is perfectly okay (I think). Fixing the bug may have taken valuable developer time away from their core projects for all I know. Either way, it was found, it was fixed, and because of the open source nature of the software these two things were possible.
This couldn't have happened with Linux... (Score:3, Insightful)
Re:Many eyes make bugs shallow... (Score:4, Insightful)
Heck, how many other bugs have been fixed over the years?
These detracting arguments smack of FUD mongering...
Re:yeah, sure (Score:4, Insightful)
This is touted as a slip up (or flaw) in the Open Source model of doing things, yet a proprietary software developer, and one of the largest mind you, failed to spot this completely.
Re:Many eyes make bugs shallow... (Score:4, Insightful)
BSD has been checked over by 'quality' eyes--when it was used as the basis of NeXT/OSX, for example. They missed it too.
If the code wasn't open (i.e. if there weren't many eyes), this bug would have remained forever, or at least until the code was dumped.
Re:Many eyes make bugs shallow... (Score:2, Insightful)
That, or the individual who discovers it would be fired, blacklisted, and possibly be arrested and charged with some criminal act.
Re:Many eyes make bugs shallow... (Score:5, Insightful)
You sound like those people that don't like evolution. The concept of shallow bugs is an approximate description of how things work, not a methodology. Also, if enough people stare at the code and use it, they will find the bugs that matter.
Re:Old Code (Score:2, Insightful)
Seems like a strawman arguement to me (Score:3, Insightful)
I don't believe that many in the open source community dogmatically accept the shallow-bugs arguement as a universally applicable rule of software development. It seems to me that any reasonable person would agree that
Re:Many eyes make bugs shallow... (Score:3, Insightful)
Re:Excuses Excuses... (Score:3, Insightful)
Nobody's saying that - that would be retarded. What's said is that there would be fewer undiscovered bugs, and more rapid and complete fixes. Notice how he began his investigation by looking at the SAMBA source code. You might also note that he was able to look into the second issue as well, making both SAMBA and FreeBSD a tiny bit better along the way.
If this fix had happened at a closed shop the biggest difference is that you probably wouldn't be reading about it.
Re:Long live the Code (Score:2, Insightful)
Demonstration of the bug (Score:5, Insightful)
Re:Many eyes make bugs shallow... (Score:5, Insightful)
Re:Many eyes make bugs shallow... (Score:3, Insightful)
Why would I write a fix to give to you when I know you wont be adding it to your program at all?
Why would I write it at all? Specifically in this case, its usually considered 'bad' for a user level application to require you to patch your kernel, and only on a certain OS but none of the others. I realize this is done, but no one likes it.
Especially when you can replace 'if you are on bsd, you must patch your kernel' with the current 'you do nothing, the software will figure it out and it will just work'.
The samba team can not force the BSD team to change bits of their software. All the samba team can control is their own code, which they used to code the work around so it would still work, without having to tell bsd users "sorry, a feature of your os (that every other os calls a bug) prevents our software from running". Someone else would patch samba to work around this non-bug 'feature' and then you get the same situation as now.
Of course of the original bsd dev would have dropped his ego and code-political agenda for a minute and just admit it was a bug, none of this would have happened, and it would have been fixed right after it was reported the first time.
Don't click that link!!! (Score:5, Insightful)
Here is why (Score:5, Insightful)
That is why they are still around and still popular. They are K.I.S.S., work as they are supposed to, and the modular code that is plugged into them can just be sloughed away when it becomes out dated, and newer, better code plugged in to modernize the OS as you go.
That's also why Windows has had so many problems over the years. Windows was designed to be everything you need in a single package. That means everything is all tied up together. So, unlike BSD and the *nixes, when part of the OS becomes out dated, MS can't just unplug the old stuff and plug in new stuff. It's all interlinked from the ground up. That means a large portion of development time getting is spent fixing bugs caused by new additions, which then cause even more problems down the line when you go to update again. It also makes it bloated as legacy code ends up stuck in the mix because without it the patched together additions wouldn't function right.
And, unfortunately for MS, their market dominance is based on the windows "feel" being familiar and backwards compatibility. If they could, I'm sure they'd re-write windows from the ground up, but now they are in a catch 22 where doing so might significantly kill their market share.
I'm guessing Bill and company sometimes look back and kick themselves for not having the guts to go for broke and re-do the OS from the ground up for Windows XP. Because, back then MS was still king, Apple was at its low point with a very small and stagnant market share, and the *nixes were still primarily a hard core enthusiast hobby. Today, if MS were to completely change Windows, they'd probably lose a significant amount of market share to a variety of alternatives.
OpenBSD is good at fixing this kind of bug (Score:4, Insightful)
Re:Many eyes make bugs shallow... (Score:3, Insightful)
And even more important, they would have to code a workaround anyway, to unbreak older BSD systems running Samba.
Extremely complex systems cannot be perfect. (Score:1, Insightful)
Operating Systems are extremely complex and created by man. It is therefore impossible for any of them to be absolutely perfect.
For a bug to be hidden for 25 years (the bug itself and not the symptom), it would have to be obscure and occur only in fringe cases. Well, this bug was obscure and only occurs in fringe cases!
If this were happening in closed source software, the bug would be near the bottom of priorities, since it only occurs under rare conditions. Nobody will bother going to the trouble of analyzing the binary, so to be fixed it would need to be taken seriously by the company behind to closed code.
In this OSS case, it only had to be taken seriously by one talented person.
BSDi and Apple didn't find it. Some person who was empowered with the code being open found it and fixed it. In fact, this fix to Apple's OSX, comes courtesy of the O in OSS.
Proof that OSS works, from one of the oldest OSS bases around. You would expect a bug to be pretty obscure in such old OSS code and that is exactly what this bug is. Is it any wonder that the BSD's are so incredibly stable?