Frontends for Windows

Wed Nov 21 00:00:01 2001

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From: Gerd Ewald [mailto:gerd.ewald@pro-privacy.de]
>If so (let's assume I'm an ordinary citizen with no
>extraordinary skills in programming), don't I have to
>rely on those who can read it and tell me "Yes, you
>can be sure, that's ok"? What is the difference to a
>programmer?

>I agree with what someone said: read Bruce Schneier
>"Secret and Lies" It is true, you might change your
>attitude. But in the end, Nick is right: isn't it
>always a matter of trust?

The difference is trusting a community of hundreds or thousands who
approve of a piece of software, and the code's open-source disclosure,
versus trusting a few dozen developers and their secret code.

In a commercial development environment, even the company's management
often has no idea about what's in the final code. As "Secrets and
Lies" mentions, there's an entire flight simulator hidden in Excel 97.
A small part of the development team (maybe one guy?) snuck that in,
just for fun. A developer with lower morals could sneak in code that
copies www.citbank.com passwords and passes them to a free mail site
where he can download them. There's no review process to stop him.

Just as it's better for us to trust an entire congress than an
authoritarian politburo, it is better for us to trust a large
community of developers and code reviewers than a closed development
team. Democracy, while imperfect, produces infinitely better
government than autocracy, and I think the analogy extends to the open
source movement when it comes to reliability and security.

Note that the analogy doesn't apply to the functionality of software -
it's easier for a small group to nimbly reach decisions and rapidly
produce feature-rich, user-friendly software. Sales are their
motivation; features and ease-of-use are what sell software. Software
companies also have no - that's zero - liability for insecure or buggy
software, so they can add features without worrying about anything
else.

If features are your only concern, commercial software is definitely
the way to go. But as security and reliability become more and more of
an issue in the networked Internet environment, I think open-source
software will flourish. I believe people will eventually make money
supporting and setting up open-source systems for clients, and will
contribute to the open-source code base as part of that process. While
a bit less friendly and harder to install and maintain, open-source
software is going to become more and more attractive to those who have
been burned by viruses, hackers, and mysterious crashes so prevalent
these days in commercial software.

And hopefully, someday, commercial developers will see this dip in
profits, and take active steps to produce more reliable and secure
software. And the lines between the camps will blur, and we'll have a
great spectrum of choice in network software - feature-rich and new,
the trusted, tried and true, and everything in-between.

Regards,
    -ryan-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iD8DBQE7+t9y9wZiZHyXot4RAtAoAKCydtwLGzLzOMjb2k5xiJXBFCnAWgCcC/ru
nJyC90mQtbYad1Ylgx57kJg=
=9jWo
-----END PGP SIGNATURE-----