Friday, December 23, 2005

Open source: a primer.


More times than I've cared to count, I've suggested (at no charge) to someone in the corporate world that they should really consider replacing their hideously-expensive, proprietary, virus-laden, bug-ridden, crappy (read: Microsoft™) software with open source alternatives.

One of the benefits, I invariably point out, is that, because the source is openly visible to everyone, it's much more secure since it's virtually impossible to hide backdoors in the code, to which their inevitable response is, "Holy crap! Everyone can see it? We can't have everyone in the world being able to see our corporate data! Forget it!"

Sigh
.

Let me explain how this works. And as an example, I'm going to use an issue that's getting a buttload of media coverage south of the border -- electronic voting machines (EVMs). There have been numerous accusations that some of the EVMs have been producing noticeably suspicious results in some elections, accusations that are fueled by the fact that that many of the EVM companies in the U.S. are affiliated with the GOP.

In many cases, there's absolutely no way to verify that these machines are acting honestly since those companies refuse to reveal their internal code. In short, there is absolutely no way to verify what the EVMs are doing and, if there's no paper trail, you're pretty much screwed in terms of accountability.

Open source to the rescue.

If the code that ran the EVM was publicly available, then anyone would have the right to look at it and tell if it was fudging the numbers. Let's start with a simple program written for the upcoming Canadian elections. For the sake of brevity, I'll assume three parties -- what the code is doing should be self-evident:


/* Start everyone at zero. */

libs = 0 ;
cons = 0 ;
dips = 0 ;

for (each person voting until all done) {
if (vote == "lib") {
libs = libs + 1 ;
} else if (vote == "con") {
cons++ ; /* just a shortcut to add 1. */
} else if (vote == "dip") {
dips++ ;
} else {
print "Spoiled ballot, rejected." ;
}
}

Print results here.

There. Now, ignoring picky details like, say, additional parties, or spoiled ballots because people voted more than once, any imbecile could look at that code and think, yeah, that looks reasonable, I don't see a problem. In short, there would be no way to sneak evil code into the EVM as long as every man and his ferret is entitled to see the actual source.

Now, let's say the code looked, like, say, this:

libs = 0 ;
cons = 0 ;
dips = 0 ;

for (each person voting until all done) {
if (vote == "lib") {
libs++ ;
} else if (vote == "con") {
cons++ ;
} else if (vote == "dip") {
dips = dips + 2 ; /* Oooooh ... sneaky. */
} else {
print "Spoiled ballot, rejected." ;
}
}

Print results here.

Uh oh. I'm pretty sure this wouldn't be a fair election but, as long as the code was open source, those kinds of shenanigans would be exposed faster than Kate McMillan could say something stupid and racist. If, on the other hand, no one was allowed to peek inside the box to see its actual processing, who knows if that sort of thing would ever be detected.

Well, OK, something that blatant would almost certainly cause suspicion since the machine's published results would deviate wildly from the inevitable exit polls. What to do if you still wanted to game the system? Do it subtlely:


/* Start everyone at zero. */

libs = 0 ;
cons = 0 ;
dips = 0 ;

for (each person voting until all done) {
... same stuff as before ...
}

libs = libs + 100 ;
cons = cons - 75 ;
dips = dips - 25 ;

Print results here.

Ooooooh ... isn't that clever -- the totals printed will still match the number of registered voters, the results won't be so badly out of whack that the exit polls will raise suspicions, but there's just enough fudging to throw a close race to one party. And if you have no access to the source, you'd never realize what happened.

And that, kids, is how open source works. Yes, this will be on the final exam.

BY THE WAY, if you have companies that insist on keeping the internals of their EVMs secret and proprietary, this is the sort of shitstorm that ensues.

1 comment:

Zorpheous said...

CC, stop making sense, it only confuses them ;-)