Saving the Earth from Anarchy by Eliminating the Weakest Link

Article of the month

Helsinki, 1 December, 2003 — Saving the Earth from Anarchy by Eliminating the Weakest Link

The recent massive failure of the US electrical grid has got me thinking. I've come to realize that our civilization is really quite vulnerable to events that are completely beyond our control and influence. It didn't make the international news, but the same kind of catastrophe happened at an amusement park in Helsinki, Finland.

The recent massive failure of the US electrical grid has got me thinking. I've come to realize that our civilization is really quite vulnerable to events that are completely beyond our control and influence. It didn't make the international news, but the same kind of catastrophe happened at an amusement park in Helsinki, Finland.

I was enjoying the fun-filled atmosphere with my 4 and 8 year old kids
when suddenly the electricity was cut off in Helsinki. In the space of a few seconds, amusement rides became torture devices. Innocent kids and adults hung upside-down, 10 meters in the air, without any means of escape. What causes a failure of this magnitude?

Last week I lost my banking card on a hunting trip to northern Finland. The cash machine accepted the card greedily, considered my transaction for a disturbingly long time, and then decided to shut itself down...with my card inside. Later, I learned from bank the reason: their cash machines had become infected with a Windows virus. I couldn't help wondering what effect this kind of thing might have had in the US, if it happened on a larger scale, and for a longer time. No electricity, no cash --- it could drive a country to anarchy! How is this sort of thing even possible in the 21st century?

I've been working in the software industry for the last 12 years. I
started out as a software engineer, programming and designing various
systems. Then I moved on to managing projects and finally ended up running a software house. One of realizations I have come to during my time is that when it comes to software, problems will happen. It doesn't matter how skilled people are, or what quality control processes are established.

Software problem can arise from so many causes --- from misunderstandings, miscommunication, changing requirements, or simply because today's vast and complicated computer systems are beyond the understanding of any single human being. The basic weakness is people and the fault always originates between the chair and keyboard. This is what makes it impossible to achieve 100% fail-safe and foolproof software, despite everything we do to reduce risks. Bug-ridden software is the weakest point of modern society, posing a greater threat than even terrorism or crime.

What can we do to shore up this weakness? Can we remove the danger
completely? No, unfortunately we can not. We have grown too reliant on software, trusting it to control all aspects of our lives, even if we know nothing about it. Airplanes fly with software, banks use software for handling our money, power plants use software for configuring and monitoring electric grid, hospitals need it to keeping people alive. Isn't that scary! We use trust this thing called software to handle matters of life and death.

We could reduce our vulnerability by employing armies of software
engineers, constantly on-call to deal with problems as they occurs.
We could subject software's source code to the scutiny of thousands of eyes, alert for every possible flaw. We could ensure that systems are designed with a thought for security. Are these ideas at all feasible? How could they be implemented, and what would be the impact on the software business?

The answer to these questions is Open Source. Open Source software
provides all these benefits and makes it possible for anyone to fix the faults as fast as they are discovered. Open Source means that software is being constantly examined by multitudes of people, letting us detect faults before they risk lives. This new method of software engineering and business makes customers and users independent of any particular company, programming team or organization. It does this by giving anyone --- not just the maker ---the right to fix faulty software. This reduces the risk
of bad software significantly. It's not enough just to be allowed to look at the source code. What's the point of looking, if you're not allowed to fix the problems you find?

It has been argued that Open Source will destroy the software industry, because it makes software free (as in "free beer"). In reality, Open Source just requires a different approach. It may well destroy or weaken companies who cling to outdated models, but it creates opportunities for new, forward-thinking companies who are willing to make the change for the sake of humanity.

Here's the deal. You don't sell restrictive licenses and patent
everything in sight. Instead, you charge for tailoring software to
individual needs and you sell maintenance, support and development
services for the kind of software that is by nature risk-reducing.

From the business side of things, companies like ours are already
profitable, making nothing other than Open Source software. Whether
Open Source is a viable and sustainable business strategy is no longer in question. It's just about having sane management, who understand the concept of Open Source, and who don't expect too much, too quickly.

In my humble opinion I would feel much safer if I knew that the airplane I fly with used Open Source software, if I knew that power plants relied on systems they can review by themselves and that banks could fix emerging security holes right away instead of waiting and hoping for some third party update. It is my great hope that in the near future, before it's too late, we will be able to eliminate modern society's weakest link. We would be that much safer from anarchy caused by innocent little software bugs.

Santeri Kannisto
tel. +358 440 833 982

More information
santeri.kannisto@sot.com
http://www.sot.com