pith.org

Open Source: Not actually that ugly,

published at 6:09pm on 09/03/06

I’m no open source zealot, but when someone decides to talk shit about the methodologies that make up the core of open source software development to further an argument that really has nothing to do with open source at all, it kind of makes my blood boil. That was the reaction I had when I read “Open Source Gets Ugly” in Red Herring last month with this lead-in:

Proponents may believe that the movement can do no wrong, but could open-source tools and techniques be doing more harm than good?

A slightly inflammatory introduction, but one that I could probably have lived with, if it didn’t continue with this gem later in the piece:

Malware writers are using open-source development models and software to share malicious code and collaborate on projects, increasing the efficiency of the malware creation process… For example, cyber criminals are making available source code with documentation so that viruses can be easily modified to create more variants. They are also using open-source project management software, such as a Content Versioning system, to keep track of their nefarious projects, says the report.

The fundamental flaw I have with this entire line of thinking (and this applies both to the quotes from McAfee as well as the general tone of the article) is the implication that without open source (the general philosophy), the world would be a much better place because things like CVS and sharing of source code wouldn’t be around. How is most malware licensed? I’m actually curious about this one, because I really have no idea. But if I would have to take a stab, I suspect that the code for most viruses and malware is in the public domain, the code released to the wild to make sure that the virus writer is able to get credit for their work. Are virus writers really going to be the first to start suing over a misuse of their copyrighted code? For some reason I can’t see that happening.

I would argue, instead, that the code sharing in virus writing circles and the philosophy of code sharing in open source actually stem from the same root – that is the early, curious days of computing, where hackers, those with an innate curiosity for the things that they could get their computers to do, would share their thoughts, their ideas, their techniques and their code with each other, out of a pure pedagogical imperative. To mention that virus writers are using CVS to “keep track of their nefarious projects” is like saying that money launderers are using banks to handle their nefarious activities. It’s true, but completely irrelevant.

In fact, buried in the middle of the article is the actual point that the author was trying to make, which is that those people who find flaws in existing software should show restraint before releasing those flaws into the wild, perhaps giving companies a heads-up before making their findings public. This is a fine argument to make, and one worthy of its own discussion of pros and cons, but to wrap everything up under the umbrella heading of “open source software” just smacks of poor journalism and FUD. This is an article about responsibility, not software development, and should have been presented as such.

Filed under: Observations