The locksmiths’ dilemma
One of my readers (hello, Dennis) complained when I saw him last that I write too much about computers and open source, so this is my reasoning behind why using open source technology is not only a good idea but really quite important.
In the nineteenth century, a debate arose in the locksmithing community about whether how locks were made and worked and particularly any vulnerabilities should be kept within locksmithying circles or released for anyone to study. In short, the argument for keeping the mechanisms of locks secret was that it would prevent people being encouraged to pick or break locks. Unfortunately, it only takes one rogue to make them all of little use. The other side contended, in the words of A. C. Hobbs, that
if a lock, let it have been made in whatever country, or by whatever maker, is not so inviolable as it has hitherto been deemed to be, surely it is to the interest of honest persons to know this fact, because the dishonest are tolerably certain to apply the knowledge practically; and the spread of the knowledge is necessary to give fair play to those who might suffer by ignorance. It cannot be too earnestly urged that an acquaintance with real facts will, in the end, be better for all parties.
To this we can add that it also allows people to improve on those locks. Indeed, Hobbs was not a rogue but a locksmith, but could his knowledge of locks to find the weaknesses in supposedly uncrackable locks.
The same debate applies to programmes for computers. Is it better that a vendor should keep the code secret and wait for someone to cause damage, or that it’s published for all to see so that people can work on problems that exist? The principle doesn’t just apply to security, but also to usability. Linus’ law is that ‘lots of eyes make bugs shallow’; if lots of people can see what’s happening and they can either make suggestions in the form of coding themselves or there is a process for making incremental changes, the end result will be closer to what people want.
xD.
