SkyWlf77 . . .
QUOTE: Per usual, you are making the claim that open-source software is not inherently dangerous and does not compare to peer review.
Ah, so you're claiming that open source software is "inherently dangerous". Apparently, you believe that releasing software under an open source license somehow creates a situation where closed source software would necessarily be much safer. That's a big effing claim to make, and I hope you have an argument to back it up, because it seems pretty ludicrous from where I'm sitting.
You're also claiming that it is "usual" for me to say that open source software "does not compare to peer review", which is in fact not very usual for me at all. I am, however, saying that the specific, explicit claim dcolbert made about open source software being equivalent to unleashing a deadly, virulent bioweapon upon the world is incorrect and, to the extent that might be the case with this particular bioweapon (and I don't actually think that's the case in this particular instance for this particular bioweapon -- that it is being unleashed upon the world -- but, like dcolbert, I am not actually qualified to make that judgment), the peer review contemplated here is not at all comparable to open source software development methodologies in general. I have no idea where you're getting the idea that it's "usual" for me to pretend there's nothing in common between peer review and open source software development in the genereal case. I suspect you just don't know what "usual" means, particularly when my objection to his comparison is very specific and unusual in that it refers solely to a single, very egregious case of overgeneralization from a specific, abnormal example.
QUOTE: Open-source software is no less dangerous than a scientific release of information such as the one mentioned in this article.
It's easy to make dramatic claims. Now, back it up.
QUOTE: If one takes a piece of open-source software and designs a very nasty virus into it and releases it onto the web as a new version of a popular piece of software, they are inherently risking hundreds of thousands or millions of individual's computers, credit cards, bank accounts, and much more.
Are you one of these woefully misinformed people who for some reason thinks that setting up a MySpace page with a link to a RapidShare download will somehow convince everyone in the world to install a maliciously modified Debian GNU/Linux installer on their computers? Do you think that, somehow, this kind of trickery is more likely to affect people trying to install open source software than people trying to install closed source software? This example of yours in no way, at all, whatsoever makes a strong argument that open source software is inherently more dangerous than closed source software.
QUOTE: This is akin to this release of scientific data that could be use to terrorize the population.
No, actually, it isn't. In one case, you're talking about lying to people about what software contains while providing the source code so that someone can actually discover the lie very easily; in the other, you're talking about telling everyone the truth about how something works and watching people apply that information in a way that results in deaths for large numbers of people. If anything, these two examples are just about diametrical opposites of each other, rather than analogous situations.
QUOTE: Scientific peer review is no different than using the knowledge base of each individual that works on an open-source project to develop a piece of software.
While peer review is definitely a part of the overall set of benefits of open source software development it is by no means the entirety of that process -- and what you just said makes no sense, because peer reivew is about getting others to confirm your results are correct while "using the knowledge base of each individual that works on an open-source project to develop a piece of software" is getting multiple people to contribute to different parts of a system. In the former case, one person does some work and everyone else looks at it; in the latter case, everyone does some work, and the results are integrated into a whole. So, while (as I mentioned) peer review is certainly among the opportunities for improving software quality on a grand scale when dealing with open source software, the specific mechanism of open source software development you just described is in no sense the same thing as peer review.
QUOTE: Before you go around saying others are wrong, maybe you should examine your own incorrect ideologies so that you don't make incorrect analogies and statements.
I'm not sure you understand the word "ideology". You just used it like you think it means "technical knowledge". It doesn't mean anything of the sort.
QUOTE: You may disagree with Mr. Colbert - and you have that right - but going around spreading misinformation purposely to detract from Mr. Colbert's articles is morally reprehensible.
I can't figure out whether you're playing the part of an ideologically motivated character assassin, a shill, or a comically misinformed member of the peanut gallery who decided to display ignorance for all the world to see. Maybe there's some fourth possibility, but whatever it is your words here amply demonstrate that what you are not is capable of mounting a well-supported argument to the effect that I said anything incorrect.
dcolbert . . .
QUOTE: I think I've been transparent in admitting that there is a gulf of difference in the potential impact of liabilities in the case of bio-engineered diseases in an open-source scenario versus the kind of impact we might see in an abuse of FOSS as it relates to information systems and platforms.
Alas, what you still have not done is issue an apology to the effect that your presentation in the article was trollish, misleading, and sensationalistic to an absurd extreme (accidentally or otherwise). In fact, to the contrary, you have argued at some length for the very impression the article gives while at the same time disclaiming any possibility that anyone should have read your words as meaning exactly what they literally say.
QUOTE: I think that a great example for weighing the benefits and liabilities of a FOSS approach to systems would be electronic voting machines like those made by Diebold. . . . Their ballot machines in particular have met with particular criticism because of perceived opportunities to circumvent the democratic process by manipulation of those systems . . .
It's not just perceived. There have been many cases where Diebold voting machines had security failings technically inclined teens would have found if they had access to the source and testing during development (and in some cases actually did find without the source after deployment), and even cases where accounting discrepancies in the Diebold digital voting systems were discovered that looked incredibly like what one would expect from an intentional effort to subvert the electoral process. This is far from hypothetical in the case of Diebold systems, which is why the divisions responsible for a lot of this stuff have been spun off, renamed, or simply shut down in some cases. When a brand is caught in a series of scandals like this, it's time to change the brand name.
QUOTE: At the same time, I'm not sure I'd want my local electoral process or my personal banking running on a machine that had an open-source code base.
. . . because of FUD, evidently.
QUOTE: But at some point I think a thresh hold is reached where regardless of the origins of the code - the final code base should be removed from open-source accessibility.
. . . because you disagree with principles of security first laid down centuries ago, independently formulated over and over again over hundreds of years, and supported by actual practice and observed effects constantly during all of that time.
QUOTE: In fact, I imagine that is the case. I believe it was China, but probably some other regimes, too - that developed their own Linux based state information systems and platforms.
Of course they have. They don't want people to know what their software is doing, because they'd object to that behavior, and it would encourage them to find other, less trackable ways of doing things contrary to the interests of an oppressive regime in places like China. You're using the case of a government using secrecy to enhance its security FROM the best interests of the public as a way to argue that the secrecy of closed source development offers security FOR the best interests of the public. I'm not saying there are never any cases where some secrecy is a good idea: I'm just saying that your arguments are fundamentally broken, as presented.
QUOTE: Google Android is a great example of a platform built on FOSS foundations where the developer has effectively closed their branch or fork of the code because of corporate competitive concerns.
That hasn't happened at Google. What has happened is that Android OS code (actually open source, as required by law "thanks" to the GPL -- a license with whose philosophy I actually disagree) provides a platform, while applications that run on top of it may at times be closed source software (as allowable not only on Android, but also on Ubuntu and other more traditional, general-purpose Linux-based systems).
QUOTE: Whenever we get into this part of the discussion, I think of AMD and Nvidia and the controversy surrounding their historical reluctance to make open-source drivers for the Linux platform. I'm positive a huge part of that foot-dragging was related to concerns about exposing code-based advantages, perceived or real, that gave one manufacturer or another a performance, reliability, security or other advantage over the other.
Oh, I agree that this is the likely reasoning for at least some of the reluctance and foot-dragging. There is also a significant matter of law at play, though, because the "state of the art" for some 3D graphics technology has for a long time depended explicitly on designs patented by Intel. Intel licensed those patents to these two graphics adapter vendors (AMD's graphics adapter development was, for most of that time, the independent entity ATI that has subsequently been bought and absorbed by AMD), but did not give them license to share any details of the implementation of that technology with others, thus legally preventing them from opening the source for certain parts of the drivers. The decision for a long time was made to simply not open anything or, in some limited cases, only offer largely uninteresting snippets of code (or perhaps even barely functional drivers; I'm not entirely sure about that), though AMD/ATI eventually started working on the process of trying to clearly identify what they could get away with sharing and support open source development of drivers with extensive (though slowly produced) documentation.
QUOTE: Secrets like this drive corporate advantages that have a direct impact on our economy. Our discussions fundamentally come down to *this* difference of opinion.
I'm not sure what difference of opinion you think you've identified here. Do you think I'm incapable of noticing that sometimes businesses like to keep secrets to prevent others from competing with them?
QUOTE: I don't see how closed-source, for-profit businesses can logically change their business models to embrace open source while still protecting their proprietary trade secrets.
Obviously, it's a bit ridiculous to expect a business to share all its secrets and still keep them secret. Do you somehow think that's what I'm suggesting they should do?
QUOTE: Meanwhile, the FOSS based corporations who maintain strict FOSS philosophies all remain relatively minor players in corporate profits and market mind-share, at best.
You have made exactly zero arguments that actually establish this as fact, or even strong probability. In fact, going forward, I suspect that any company that substantially relies upon keeping secrets for (anti)competitive advantage to remain profitable is going to increasingly find that model is more a hindrance than help. There are distinct engineering benefits to a properly leveraged open development model that cannot be had without opening at least substantial portions of one's core product codebase in a manner that gets a user community invested in the success of the codebase, and where some businesses take that approach others take the opposite approach, increasingly drawing ire for customer-abusing behavior encouraged by secrecy (Why not secretly gather usage data when nobody will know you're doing it?) and end up with their code leaked, binaries copied and shared without permission, and software duplicated by increasingly savvy and capable open source development communities who offer prices you can never match (free). In fact, part of the problem is the entire idea of selling a non-scarce resource (freely copyable bits) as discrete product units; the big customers (from major enterprises all the way down to massively distributed popular end users with wildly varying levels of technical aptitude) are eventually far more likely to want to collaborate on providing better software than a single software "product" vendor ever could at a price such a vendor can never match than to keep throwing money at the vendor to underserve their needs.
When your massive enterprise has a choice between $40M per year in licensing fees across the worldwide enterprise on one hand, and $400K in developer time per year on contributing to a community managed open source development project that provides software better suited to the enterprise's specific needs, the choice is pretty easy. It will take time for this to become the obviously dominant model, because it takes time for such products to evolve to such a state, but the signs that this is happening are numerous, widespread, and visible if you look for them.
QUOTE: That isn't the same thing as having a truly open discussion about the recipe to develop an aerosol-delivered H1N1 virus - but it is a critical consideration for the firms that have made the decision to make their code closed or open sourced.
There is almost nothing at all in common between those two examples you just juxtaposed again. One is about keeping a secret for personal (anti)competitive advantage; the other is about keeping a secret for worldwide safety. Note that in neither case am I making a judgment about the efficacy of such a decision, because in the former the statement is far too hand-wavy and generalized to be able to say that the answer is always one way or the other, and in the latter neither of us is qualified to render final judgment.
QUOTE: The H1N1 virus is a rhetorical example - and I don't think it is supposed to be a *perfect* fit.
No analogy is perfect, but this one is (perhaps unobviously at first glance -- which is why I find the fact you made the analogy so credulously on behalf of your readers so distasteful) shockingly close to perfectly wrong. See above commentary (again).
QUOTE: The headline is sensationalist, no doubt about it - but it should be clear that I don't mean that FOSS software will end the world, but that the basic IDEALS of FOSS philosophy, applied to this particular case, do imply the risk of a global cataclysm.
There you go again: "FOSS philosophy . . . impl[ies] the risk of a global cataclysm." What kind of cockamamie nonsense is this? "I'm really reasonable! I swear! Open source software development principles will destroy us all! The sky is falling!"
QUOTE: So discounting MY lack of authority in speaking on this topic seems irrelevant.
It's not irrelevant when you use a technically deficient, sensationalistic, rabble-rousing line of propaganda to scare people into thinking scientists are going to destroy the world without actually knowing what you're talking about, then use that as evidence for an argument that "FOSS philosophy . . . impl[ies] the risk of global cataclysm" for actual software development by association between the two (almost completely non-analogous) situations. One could just as easily argue that patents should be kept secret using the same technique of mis-applied analogy, because otherwise napalm patents could be used to destroy the world -- and that analogy would actually be stronger than the one you chose.
QUOTE: There are lots of authorities who ARE qualified to have an opinion on this who seem to share my opinion. There are enough worried, qualified individuals that this is an ongoing debate that is still being struggled with at the highest levels.
Good. It should be considered in great depth by such people, who will hopefully have the wit to never rely on fatally flawed analogies with open source software development to make their final decisions on the matter. That is as it should be.
QUOTE: This story is still generating press, and the press is all unified in the message, "Releasing this information into the open could have globally cataclysmic consequences".
The press is mostly filled with buffoons who try to comment authoritatively on subjects about which the writers know next to nothing, mangling the message and ending up totally misinforming the public, where anything requiring any specialized knowledge is involved. There are exceptions, and they should all get Pulitzers for their restraint in avoiding making such facile, grossly inaccurate statements about things, but they should get those awards precisely because they are a vastly outnumbered minority. The fact "the press is all unified" on a matter of epidemiology, viral pathology, bioweapons research, and science in general is more a matter for concern than for confidence, if for no other reason than the fact you can be pretty certain this means a lot of people will be putting pressure on politicians to do something incredibly stupid based on half-baked fears, overriding the people who actually know anything meaningful about the subject by application of law.
QUOTE: That is *obviously* what I meant in my headline - not that Linux was going to be the harbinger of the end-of-times itself.
1. It's not obvious, considering your headline basically said that Linux was going to be the harbinger of the end-of-times itself, and the article went on to reinforce that point.
2. Your statements here seem tailored to try reinforcing that point as well, while containing just enough disclaimer to make you self-contradictory. Consider "FOSS philosophy . . . impl[ies] the risk of a global cataclysm."
QUOTE: Trying to make twist that headline into a claim that I mean that a FOSS SSH app would bring about the end of the world misses my actual argument. As long as you keep getting hung up on that semantic misunderstanding, we're not actually arguing the same thing.
It's not a semantic misunderstanding. It's "read as written". If you meant something different, perhaps you should have said something different -- and, at some point, stopped saying the same thing, such as when you said "FOSS philosophy . . . impl[ies] the risk of global cataclysm."
QUOTE: Strangely enough - it is the OPEN discussion that puts it all out in the air and lets each individual draw their own conclusion - and where you seem to think I am irresponsible and should be censored, that my opinion should be "closed", I'm all for your position being open.
1. I agree that the open discussion is useful and meaningful. In fact, I'm pretty sure that the only people who are likely to agree with your position wholeheartedly are people with biases to confirm and axes to grind, if they actually read the whole discussion rather than just reading the article and failing to note there's a counterargument worth considering.
2. I think you are irresponsible, and should be more responsible in your consideration of circumstances, of your own level of knowledge, and of the problems with the analogy you preseted, and that you should be more explicit -- retroactively, where at all possible, when it's too late to do it right the first time -- about where taking what you say as meaning exactly what you said creates unrealistic misconceptions.
3. I don't want you censored, you jackass.