Felix Stalder on Tue, 4 Feb 2003 22:27:11 +0100 (CET)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: <nettime> anti-piracy goons considered harmful


At 03.02.03 19:14, Morlock Elloi wrote:

>The only way to benefit from openness is to use it and verify yourself, 
>insteadof delluding yourself that someone out there will spend days 
>doing that for ...what ?

There are certainly advantages to doing things yourself (just ask all the 
guys hanging around 'home depot'), but there are also clear limitations to 
it. In how many areas can one be truly proficient? In very few, at best. I 
think it was said of Goethe that he was the last person to be able to 
command the entire (scientific) knowledge available at the time. The 
Germans even have an expression for this: "Universalgelehrter." This, 
unfortunately, was nearly 200 years ago and the amount of knowledge 
available has exploded many times to a degree that there is probably nobody 
around who fully understands even a clearly circumscribed domain such as a 
computer.

I have no idea of aviation (beyond stretching my arm out of the window of a 
speeding car) but I still have a couple of frequent flyer accounts. Does 
that make me a naive fool? Not necessarily, since there are social 
institutions around, say the FAA in the US, whose mandate is to ensure 
aviation safety. They verify the safety of airplanes, airports etc. Now, 
the trick for such institutions to work is that a) there need to be the 
resources around to get the job done, and b) the conditions need to be 
right so that the job is doable at all.

In respect to software, if you do not have access to the source code, there 
is very little you can do, no matter what your resources are, in order 
check the specifics of the program, particularly not in regard to hidden 
features or bugs. In effect you are forced to blindly trust the vendor of 
the software. The vendor, of course, has an interest in maintaining the 
reputation of the product, so he will never tell you that something is 
wrong with it (particularly since there is no liability). Opening up the 
source code, at the very least, provides the conditions under which the job 
of verifying the software becomes doable.

Of course, that does not mean necessarily that someone with a keen eye is 
actually doing it. Which gets us to the question of where the resources 
come from to do the checking. This clearly is a tricky problem. What are 
the social institutions supporting OS development in the long run? While 
much needs remains to be developed, it's not that we are standing at the 
beginning of the process. The way OS projects are organized -- 
collaboratively and open -- optimizes the chances that bugs are found and 
minimizes the possibilities that someone is able to hide a feature in it. 
Furthermore, only one person has to find the bug (and fix it) for it to 
become available to all users. On the other hand, even if you find a bug in 
an M$ program, chances are, your neighbour will never know it, because you 
are not allow to tell him and M$ won't do it.

Note that I say "optimizes the chances" and "one person has to find the 
bug" both are strong conditionals. There is no guarantee here. But also 
doing it yourself is not really one, since how do you know that you fully 
understood the code? IBetter assume you don't. I guess there were a lot of 
intelligent people looking at the source code of PGP and still, a bug 
eluded all of them for a long time. Chances are nobody found the bug nobody 
could exploit it. But once the bug was found, it was published readily 
increasing the chances of it being fixed.

The answer to the imperfections of OSS is not to verify yourself, after 
all, the answer to the difficulties of writing good software is also not to 
write it yourself, but to distribute the process to those willing and able 
to do it. What we need to find now, are institutions capable of sustaining 
this process. So far, OSS hasn't done badly on this front either.

Felix





----------------------|-----------------
http://felix.openflows.org

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: [email protected] and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: [email protected]