Open, free and with no warranty


The article The kernel of the argument has been published on November 5th on the The Washington Post online journal.

It’s about linux kernel security… but also Linus Torvalds and the warranty that comes with the linux kernel. I really suggest you to read it.

There are three main themes in the article:

  • first: the linux kernel “warranty”
  • second: concerns about the kernel security
  • third: the way Linus Torvalds behaves towards contributors

From my perspective they are reported in a way that describe open-source software as insecure and lead by despotic leaders, making the linux kernel an example of that. I don’t believe this is true and making assumption like that is a way too generic approach to the problem of secure software.

The first point seems somehow misinterpreted. It seems that who is contributing and building the linux kernel should be legally responsible for it, when it’s clearly stated that it comes with no warranty. The linux kernel has always been open-source and free for anyone to use or modify.

Making open source software the base of your company is a choice. With that choice, as with using closed-source software, comes a trade off. Usually with closed-source software you are outsourcing knowledge on how something works. With open-source software you are betting on the opposite: you will always have access to the code you use.

I see advantages in both sides. With closed-source software  you don’t need to have people in house, you can have external support, etc. With open-source software you don’t have any fee, you can get help from a community or hire people already knowing the software.

It’s just a tradeoff. Linux is in a lot of servers and devices today because it was chosen for those tasks over other systems. Its copyright and warranty are just another way of releasing software. They don’t make linux less secure.

The second argument is the core argument of the article and it is very important and should be taken into consideration.

I think that after Snowden, Hacking Team and other stories of governments spying on people, the topic is going to have a lot of impact on linux kernel and linux in general.

I would really like to see big companies using linux contributing to produce a viable hardened linux kernel. But my guess is that they are hardening their systems instead of the kernel, as suggested by Torvalds, because it’s way simpler and less costly*, making sure that reaching the kernel or taking complete control of a machine is very very difficult.

The third point is something that polarize the linux community and the open-source community at large (or at least the part that I know).

I don’t like the way Torvalds sometime answers to people, and I think that being the lead of a big (the biggest?) open-source project is not an excuse. I can easily name leaders in big open-source projects that I’ve never seen answering like Torvalds sometime does. It’s a shame, because it drives people away from a project that is the base of linux and the open-source ecosystem.

* Let’s stay positive and avoid conspiracy theories 🙂

Ready Player One – book review


Spoiler alert! I may spoil something you don’t wanna know, keep reading at your own risk.

I’ve finished reading Ready Player One a few days ago, and I feel this book is… “strange”.

On the one hand I think it’s a really good book, I read it in a few hours in 2 or 3 days. Every time it was very difficult to stop reading it and wait for the next reading session!

On the other hand I feel that the conclusion of the story isn’t well connected with the rest. It seems it’s ending because it has to and not because it reaches a real end.

The whole book is a complex web of connections, discoveries, relations and mysteries. But I felt that the end was too simple, there wasn’t the same atmosphere the rest of the book has.

My suggestion is: read it because it’s a good book, but do not expect much of the end 😉


Installing nodejs and npm without root privilegies



Yesterday I released a short bash script to help with installing nodejs and npm from source without having to do it as a root user: nodeinstall.

My script is just an automation of the instructions that you can find in this blog post from Tom Novelli.

The idea is that having to use the root user permission to install nodejs packages can be a security risk. Moreover it’s a pain to insert your root password every time you install a nodejs package as global 🙂

Pull requests and any other feedback are welcome!

P.S.: if you are looking for something way more powerful and complete than my script you can check out NVM 😉