Open source

Wednesday, August 22, 2007

Open source code is open for anyone to examine for flaws or bugs.

"Open source" is a rallying cry among hackers and information libertarians everywhere, as well as some security professionals and programmers. But what is it?

Source code is code that a programmer types into the computer. Most of it is indecipherable to the non-programming eye, but even non-programmers can pick out statements like IF and THEN and ELSE or RUN. Your computer, however, needs object code to run; object code consists entirely of zeros and ones. The computer compiles the source code, which the programmers typed, into object code, which looks like gibberish, and links it all together so your computer can function.

The operating system of a computer is the heart and brain of the computer. It is written as source code, meaningless to the computer until the computer compiles it into object code and ones and zeros. For decades, Microsoft and Apple kept their source code secret. The code is proprietary. This caused problems for programmers, who needed to know what is in the source code, what subroutines they can take advantage of to make their application code (things like Word and Excel) easier. So parts of the source code were exposed by necessity to certain people - what's the point of the brain of a computer if it is never allowed to think?

Then Linux appeared as an operating system that, unlike Apple and Windows, made its code open course. All programs written for Linux, with few exceptions, are open source. A user who finds a problem with Linux posts a message to a computer bulletin board. The problem is discussed, the programmers look at the code, and the solution is coded and distributed, often free of charge. A call for all software to open source began.

This call was made even louder when cryptography, the act of encrypting or making secret certain data, became popular. There is a debate raging between open source and closed source supporters as to which is the better method of security. Those in favor of closed source cryptography say that since potential malicious hackers don't even know what kind of code they're trying to break, they will be unable to break it. Those in favor of open source cryptography say that the method of cryptography is not as important as its implementation, and, in fact, the source code for a given cryptographic system should be posted online for all to see, so that anyone can test the program. When weaknesses in the security are found, they can be fixed. Closed source cryptography does not benefit from this massive amount of testing.

The debate loomed large in the American 2004 election, when many voting districts decided to use voting machines with closed source code. Political activists and security programmers from all political parties were angry, because without seeing the code, there was no way to tell if there were errors. Errors could be as innocent as an unprotected connection to the internet, though which hackers could enter the system and affect the vote. Or the errors could be more malicious - the program itself could be rigged in favor of one candidate or another. With a closed source system, the public will never know.

Author: Written by Janine Peterson
Source: essortment.com
See Also