Felix Stalder on Tue, 4 Feb 2003 22:27:11 +0100 (CET) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: <nettime> anti-piracy goons considered harmful |
At 03.02.03 19:14, Morlock Elloi wrote: >The only way to benefit from openness is to use it and verify yourself, >insteadof delluding yourself that someone out there will spend days >doing that for ...what ? There are certainly advantages to doing things yourself (just ask all the guys hanging around 'home depot'), but there are also clear limitations to it. In how many areas can one be truly proficient? In very few, at best. I think it was said of Goethe that he was the last person to be able to command the entire (scientific) knowledge available at the time. The Germans even have an expression for this: "Universalgelehrter." This, unfortunately, was nearly 200 years ago and the amount of knowledge available has exploded many times to a degree that there is probably nobody around who fully understands even a clearly circumscribed domain such as a computer. I have no idea of aviation (beyond stretching my arm out of the window of a speeding car) but I still have a couple of frequent flyer accounts. Does that make me a naive fool? Not necessarily, since there are social institutions around, say the FAA in the US, whose mandate is to ensure aviation safety. They verify the safety of airplanes, airports etc. Now, the trick for such institutions to work is that a) there need to be the resources around to get the job done, and b) the conditions need to be right so that the job is doable at all. In respect to software, if you do not have access to the source code, there is very little you can do, no matter what your resources are, in order check the specifics of the program, particularly not in regard to hidden features or bugs. In effect you are forced to blindly trust the vendor of the software. The vendor, of course, has an interest in maintaining the reputation of the product, so he will never tell you that something is wrong with it (particularly since there is no liability). Opening up the source code, at the very least, provides the conditions under which the job of verifying the software becomes doable. Of course, that does not mean necessarily that someone with a keen eye is actually doing it. Which gets us to the question of where the resources come from to do the checking. This clearly is a tricky problem. What are the social institutions supporting OS development in the long run? While much needs remains to be developed, it's not that we are standing at the beginning of the process. The way OS projects are organized -- collaboratively and open -- optimizes the chances that bugs are found and minimizes the possibilities that someone is able to hide a feature in it. Furthermore, only one person has to find the bug (and fix it) for it to become available to all users. On the other hand, even if you find a bug in an M$ program, chances are, your neighbour will never know it, because you are not allow to tell him and M$ won't do it. Note that I say "optimizes the chances" and "one person has to find the bug" both are strong conditionals. There is no guarantee here. But also doing it yourself is not really one, since how do you know that you fully understood the code? IBetter assume you don't. I guess there were a lot of intelligent people looking at the source code of PGP and still, a bug eluded all of them for a long time. Chances are nobody found the bug nobody could exploit it. But once the bug was found, it was published readily increasing the chances of it being fixed. The answer to the imperfections of OSS is not to verify yourself, after all, the answer to the difficulties of writing good software is also not to write it yourself, but to distribute the process to those willing and able to do it. What we need to find now, are institutions capable of sustaining this process. So far, OSS hasn't done badly on this front either. Felix ----------------------|----------------- http://felix.openflows.org # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: [email protected] and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: [email protected]