Saving the earth from anarchy by eliminating the weakest link

 
This article is copyright free. Anyone is permitted to use, link
and publish it.
 
 
SAVING THE EARTH FROM ANARCHY BY ELIMINATING THE WEAKEST LINK
 
 
Finland, 2003-8-24
By Santeri Kannisto, SOT
 
 
The recent massive failure of the US electrical grid has got me thinking.
I've come to realize that our civilization is really quite vulnerable to
events that are completely beyond our control and influence. It didn't
make the international news, but the same kind of catastrophe happened
yesterday evening at an amusement park in Helsinki, Finland.
 
I was enjoying the fun-filled atmosphere with my 4 and 8 year old kids
when suddenly the electricity was cut off in Helsinki. In the space of
a few seconds, amusement rides became torture devices. Innocent kids and
adults hung upside-down, 10 meters in the air, without any means of
escape. What causes a failure of this magnitude?
 
Last week I lost my banking card on a hunting trip to northern Finland.
The cash machine accepted the card greedily, considered my transaction for
a disturbingly long time, and then decided to shut itself down...with my
card inside. Later, I learned from bank the reason: their cash machines
had become infected with a Windows virus. I couldn't help wondering what
effect this kind of thing might have had in the US, if it happened on
a larger scale, and for a longer time. No electricity, no cash --- it
could drive a country to anarchy! How is this sort of thing even possible
in the 21st century?
 
I've been working in the software industry for the last 12 years. I
started out as a software engineer, programming and designing various
systems. Then I moved on to managing projects and finally ended up running
a software house. One of realizations I have come to during my time is
that when it comes to software, problems will happen. It doesn't matter
how skilled people are, or what quality control processes are established.
 
Software problem can arise from so many causes --- from misunderstandings,
miscommunication, changing requirements, or simply because today's vast
and complicated computer systems are beyond the understanding of any
single human being. The basic weakness is people and the fault always
originates between the chair and keyboard. This is what makes it
impossible to achieve 100% fail-safe and foolproof software, despite
everything we do to reduce risks. Bug-ridden software is the weakest
point of modern society, posing a greater threat than even terrorism or
crime.
 
What can we do to shore up this weakness? Can we remove the danger
completely? No, unfortunately we can not. We have grown too reliant on
software, trusting it to control all aspects of our lives, even if we
know nothing about it. Airplanes fly with software, banks use software
for handling our money, power plants use software for configuring and
monitoring electric grid, hospitals need it to keeping people alive.
Isn't that scary! We use trust this thing called software to handle
matters of life and death.
 
We could reduce our vulnerability by employing armies of software
engineers, constantly on-call to deal with problems as they occurs.
We could subject software's source code to the scutiny of thousands of
eyes, alert for every possible flaw. We could ensure that systems are
designed with a thought for security. Are these ideas at all feasible?
How could they be implemented, and what would be the impact on
the software business?
 
The answer to these questions is Open Source. Open Source software
provides all these benefits and makes it possible for anyone to fix the
faults as fast as they are discovered. Open Source means that software is
being constantly examined by multitudes of people, letting us detect
faults before they risk lives. This new method of software engineering and
business makes customers and users independent of any particular company,
programming team or organization. It does this by giving anyone --- not
just the maker --- the right to fix faulty software. This reduces the risk
of bad software significantly. It's not enough just to be allowed to look
at the source code. What's the point of looking, if you're not allowed to
fix the problems you find?
 
It has been argued that Open Source will destroy the software industry,
because it makes software free (as in "free beer"). In reality, Open
Source just requires a different approach. It may well destroy or weaken
companies who cling to outdated models, but it creates opportunities for
new, forward-thinking companies who are willing to make the change for
the sake of humanity.
 
Here's the deal. You don't sell restrictive licenses and patent
everything in sight. Instead, you charge for tailoring software to
individual needs and you sell maintenance, support and development
services for the kind of software that is by nature risk-reducing.
 
From the business side of things, companies like ours are already
profitable, making nothing other than Open Source software. Whether
Open Source is a viable and sustainable business strategy is no longer
in question. It's just about having sane management, who understand
the concept of Open Source, and who don't expect too much, too quickly.
 
In my humble opinion I would feel much safer if I knew that the airplane
I fly with used Open Source software, if I knew that power plants relied
on systems they can review by themselves and that banks could fix
emerging security holes right away instead of waiting and hoping for
some third party update. It is my great hope that in the near future,
before it's too late, we will be able to eliminate modern society's
weakest link. We would be that much safer from anarchy caused by
innocent little software bugs.
 
 
 
Santeri Kannisto
tel. +358 440 833 982
e-mail sk@sot.com
 
[http://www.sot.com/en/press/2003-09-08_Article.txt]