{"id":890,"date":"2020-05-22T19:15:48","date_gmt":"2020-05-22T19:15:48","guid":{"rendered":"https:\/\/securitycurve.com\/?p=890"},"modified":"2020-05-22T19:15:48","modified_gmt":"2020-05-22T19:15:48","slug":"all-in-open-source-experiment-part-one","status":"publish","type":"post","link":"https:\/\/securitycurve.com\/?p=890","title":{"rendered":"“All in” open source experiment, part one"},"content":{"rendered":"\n
\"\"<\/figure><\/div>\n\n\n\n

I know this isn’t security related, but I figured I’d pass it along since I read this morning that the whole open source movement (or at least large swaths of it) are in financial trouble as an unintended consequence of COVID-19<\/a>. I had meant to write up this little experiment of mine eventually, but given what I read this morning, I figured I’d do a first part now to tee it up, then in a week or so do a part 2 to talk about progress so far, and then a part 3 about a year or so in. <\/p>\n\n\n\n

By way of background for this, it’s important that you understand that for almost 40 years I’ve been a “dyed in the wool” Windows guy. I don’t really get “emotional” about operating systems the way some people do since I figure your OS is a tool and whatever you know best is probably the one that will minimize hassle. That said though, I used Windows for work — a lot — and had been using it at home also a lot. <\/p>\n\n\n\n

At home I used PC DOS in the eighties, then MS-DOS, then Windows 3.x, then Windows 95… and so on down the line until Windows 10. My BBS in high school (a WWIV-net board called “The Shadow of Death”) was on MS-DOS, the computer(s) I used in college were all various flavors of DOS\/Win3.x and aside from a brief stint of using OS X (which lasted until Apple decided to change architectures to x86 and thereby make all my existing software useless) I used Windows exclusively. At work, same thing. There was a ton of different equipment I used at various jobs (HPUX, Solaris, AIX, Digital Unix, Linux… even OS\/2 at one point) but the environment I liked the best was Windows. When I was a developer, I wrote a GINA<\/a> for Windows, built PKI software on CAPI<\/a>, wrote ISAPI and NSAPI filters — even did various low level stuff. Windows and MS-DOS were so much part of my identity that I still to this day use the username “int 21h” sometimes for stuff [if you’re not familiar, int 21h was the MS DOS software interrupt for various OS services<\/a>]. <\/p>\n\n\n\n

Anyway, I was blindly oblivious in my status quo until about six months back. Then, one day I received an error on my primary laptop. The error message consisted of a system modal dialog box<\/strong> (which basically means that the user can’t do anything else in this or any other application until the user responds to it<\/a>) telling me “The parameter is incorrect”. That’s it — no information about specifically what parameter, who was supplying the parameter or why, what module it was happening in, or really any other details. <\/p>\n\n\n\n

No big though, right? “Just close the box and move on,” I hear you saying. But you’d be wrong. Because apparently there was some loop that would just cause the box to come back immediately after you close it. No way out. Take a look at the image below and imagine if it blocking everything else on your desktop or laptop with no way to get rid of it. <\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

I was irritated to say the least. I tried debugging it, researching it, digging around in the event log trying to get more information, loading in safe mode, and rolling back to the last restore point. I even tried factory resetting the machine via the control panel (“system reset” I guess they call it). The second it came back up, the alleged parameter was once again apparently incorrect. <\/p>\n\n\n\n

As a quick aside, this has to be the single worst error message I’ve ever encountered. Not only does it not tell you what parameter is at issue, what value the parameter currently has, what the parameter is supposed to be, why it’s incorrect, or what a correct value for the parameter should be instead. I mean, those would be a bare minimum compared to, I don’t know, printing a stack trace or writing to the event log about where it’s happening. And also, come on, system modal? Really? Plus there was nothing of use in the event log – whatever was causing this wasn’t logging the right way even though<\/strong> the “parameter is incorrect” bullshit is *clearly* a standard error message. It really is. It’s defined in winerror.h – error #87 (0x57): ERROR_INVALID_PARAMETER<\/strong>. So basically, some application (or more likely part of the OS) was choosing to get ERROR_INVALID_PARAMETER<\/strong>, call FormatMessage()<\/a> to render it into text, and then not write it to the event log<\/span>, but instead put up a system modal message box. I know, I know…. It makes zero sense to me either. I suppose I could have attached a kernel debugger but goddamn it, I shouldn’t have to. <\/p>\n\n\n\n

Anyway, having no Windows boot media (yeah, that’s on me for not making a restore disk), I decided to install Debian. I figured at the time that I’d “limp along” until my cheap self worked up the strength of will to buy a new machine. Turns out though that the experience was a pretty positive one. In fact, it was so painless (in fact increasing my productivity in a lot of ways) that I decided I’d try getting rid of as much commercial software from my life as I could as an experiment. Meaning, using it for as much as I can to see what the impact was. <\/p>\n\n\n\n

I knew there was some closed source software I couldn’t get away from so I decided I’d make some exceptions from a “quality of life” and “still being able to do my work” point of view. Those exceptions were:<\/p>\n\n\n\n