On Security
Brian Behlendorf thinks that computer systems are going to be
understood in far more biological terms in the future. We talk about
viruses and anti-viruses. How about vaccines? He points out that many
viruses and worms are not harmful but they could be. In this way they
are like vaccines, where an infectious agent spreads and causes an
immune response. Perhaps the best way to provide security is to send
out harmless but annoying viruses to keep the computing immune system
well-primed.
Linus thinks if you are paranoid about security, as one foreign defense
force person in the audience asking the question was, you would feel
safer examining the code for trojans. While a lot of work, in open
source it is always possible, while with proprietary systems, it is not
always. Also, in terms of stupidity in coding he points out that a lot
of corners are cut where the developer knows no one can see the code.
In open source “if you see someone has a comment that it does not
work in a particular case, you ask yourself What drugs is he on?”.
On the Communities Surrounding Open Source
Brian says Apache does not have leads. Decisions are made by concensus.
One nice thing is the graceful gradient of contribution: user ->
expert user -> bug submission -> patches -> committer ->
maintainer. This makes it easy to move up.
Mitch wonders about the right level of control. Too open and you get a
babble; anarchy. Too closed and you turn contributions away. The
Firefox leads think they have been too tight. For the last two years
they have not admitted anyone to their group. A key is to decouple
systems. This allows parallel development. The project lead should have
good judgement more than anything else. What to leave out and what to
leave alone.
Andew Morton manages the 2.6 kernel through 50 maintainers of each
subsystem. Repository management becomes a key skill.
Open Standards and Open Source
Brian believes that they are two sides of the same coin. He points out
that Apache was formed to implement a server for HTTP.
Linus thinks that some companies pay lip service to standards but
deliberately seek to add proprietary features when implementing
standards. These companies are not motivated to improve the standards.
He thinks all open standards should demand an open source reference
implementation. Standards are not always set by standards bodies. Open
source projects can become defacto standards. These are accepted by the
public as standards, because no one can take the implementation away,
so it is always safe to build on.
On Software Patents
Linus has thought this has been on the open source radar for the past 5
years. It is bad for open source. It is just as bad for proprietary
software. He despairs at the special interests in Europe who keep
trying to get software patents in. A light at the end of the tunnel is
the patent grants given by IBM, Sun and others. He thinks many other
companies will follow suit, but not Microsoft.
Mitch Kapor wrote a paper in 1990 entitled “Why patents are bad for
software”. He goes way back. The big problem is that tens of thousands
of bad patents have been issued. 15 years ago the Patent Office changed
policy. Until then they checked for prior art and the other rules. Then
they decided to grant anything and let it be fought out in the courts.
This could create a future Patenet Bhopal, with toxic stockpiles of
patents waiting to explode. He thinks that Microsoft’s last stand will
be to use their toxic stockpile as a Patent WMD, a weapon of mass
destruction. He says we need patent reform. Which will happen first? He
does not know.
5 Years From Now
Linus does not predict the future. He says those who look into the
distance at Utopia stumble on the rock in front of them. He looks at
the rocks. He wants to fix things today, and then fix things tomorrow
and so on. He says he is an anti-visionary.
He has no visions.
Andrew sees open source as inevitable.
Mitch sees irreistable force in open source meeting immovable objects.
He thinks interesting things will happen. He cites Wikipedia as
an example of what can happen with decentralised self assembling
systems. An invaluable resource created far more cheaply than their
closed source counterparts.
Brian sees open source as an emergent property of the Internet itself.
The software lives in an ecosystem where many parallel experiments with
different forms take place concurrently. This causes super-fast
evolution and survival of the fittest. He likens closed source to the
failed centrally planned economies of the communist countries. The
market won. Microsoft has criticised the lack of a central authority to
take responsibility. Brian asks “Does Microsoft see out lack of a
single point of failure as a problem?”
The Nature and Culture of Open Source Developers
Linus thinks that cooperation is not motivational. Its more fun to
compete. Lets not cooperate too much. Bad coders do not get their
contributions accepted. Good programmers do. Good programmers are
almost never politicians. It is insufficient to want a career path to
do open source. You need another motivation. You do it because you
would do it anyway.
Andrew thinks that politics is dealt with by developers getting
subverted. They end up more loyal to the open source project than to
their companies.
Mitch notes that most open source developers are in the US and Europe.
(He seemed to miss the fact that Andrew Morton, an Australian was
sitting next to him and that per capita, Australia contributes
the most to open source.) Developers from other countries use
open source but do not contribute as much. Maybe language? Maybe
culture? Brian avoids developers who want to make a pot of gold. He
thinks developers over 30 are likely to recognise that they need enough
for a home and to care for their children. From their it is about
feeling good about what you do, about contributing, seeing your code
live and not be yanked out a week before release by a “deranged Venture
Capitalist”.
Brian thinks open source developers have to be good communicators to
succeed. They need to be able to debate and defend themeselves. They
also need good judgement. An open source programmer will usually be a
good hire.
Personal Observations on the Panel
The panel was an amazing assembly of open source talent. Looking at
them I came up with some descriptions:
Linus Torvalds – Glowing with goodness, happiness and calmness. He
projects it like the Dalai Lama.
Andew Morton – The dour realist. Linus’ right hand man as he calls him.
Mitch Kapor – The wise old owl. He is really from another time, which
gives him perspective on the current time. Though look out for
Chandler, a PIM. He is cooking up a killer app. Also check out the new
calendaring standard CalDav.
Brian Behlendorf – He reminds me of a friend of mine. He seems to be
the archetypical Californian (not sure if he is), from pony tail
to Zen views. The biological perspective he has is very appealing.