jump to navigation

The Power of the Bazaar December 20, 2009

Posted by Peter Varhol in Architectures, Strategy.
trackback

As I read the many stories (here and here, for example) of terrorist hackers intercepting the video feed from US drones being used in Afghanistan and Pakistan, I take away a much different message than those who conclude that additional security measures are needed on our systems to be able to combat all possible threats.  In this case, that conclusion dictates that the video feeds must be encrypted.

Well, yes, that’s the obvious answer.  But there is a deeper meaning when we see hundreds of millions of dollars of technology foiled, or at least compromised, by a $26 hack.  Stories like this remind me of the essential timelessness of Eric Raymond’s seminal work, The Cathedral and the Bazaar.  Raymond deftly makes the claim that proprietary software is analogous to a cathedral, where it is developed using a closed cohort of developers working in a traditional development lifecycle.

In contrast, open source software, developed in a dispersed manner by hundreds of different programmers (mostly volunteers), works in at best a loosely organized meritocracy, with initiative and fitness of code being the primary criteria for inclusion in the build.  Raymond claims, with some justification, that the latter approach produces superior software more quickly.

How does this apply to hacked drones?  Drones are developed in a cathedral – traditional, and very expensive dedicated development teams with a long design cycle employing comprehensive specs and discrete design, development, and test cycles.  You end up with pretty much the system that a very small group of acquisitions personnel specified and paid for.  If you didn’t happen to specify an encrypted video channel, it will cost a lot more, and take a lot longer, to do so.

On the other hand, those who are attempting to compromise such a system, terrorist or not, represent the bazaar.  Many across the world, for a variety of different motivations, are attempting a number of different ways of affecting the success of the drones’ missions.  One or more of them is bound to succeed.

This is not to say that defense systems should be open source, with contributions from a worldwide community.  And capturing the drone’s video in real time can’t be much more than marginal help in determining where it is heading, so this particular flaw was not particularly egregious.

But surely we’ve learned that while the cathedral can produce some very good systems and software, its flaw is one of vision.  You can spend a boatload of money, take years in development, get exactly the system you want, and it can still fail.  The bazaar, on the other hand, has strengths such as a more flexible development model that can likely be applied to complex and large-scale system development.  If we applied some techniques that make open source successful, we may discover that our systems can be more resilient.

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: