Microsoft, Palladium, Security, Trust

Perception (or, Linus gets away with being honest again)

The more I learn about Linus Torvalds, the more I like. I like that he’s “just” an engineer (and near as I can tell a very good one).

As he is just an Engineer, he is prone to clear, logical thinking, and thus also prone to clear logical statements. Here is an oldie, but a goodie where Linus essentially tweaks the noses of an entire generation of wankers, erm, make that “opinionated people who have no place making real engineering decisions” by essentially declaring that DRM is a perfectly reasonable security model and as such by itself it can’t be evil. (Clearly my interpretation, you are welcome to interpret it yourself.)

People who aren’t engineers, or at least aren’t very good ones, often try to argue with these kinds of statements as if they are religious issues. This approach doesn’t work so well with engineers or logicians.  It’s kinda like trying to convince an engineer he should build a truck bridge out of wet sand instead of steel because “ironz is teh evel!”.

Yeah, not such a good argument. But sometimes these arguments actually work! And when they do, the world isn’t a better place. This brings us to my Third Law of Trust: The Perception of Trustworthiness Can Be as Important as The Reality of Trust Itself.

A great case study in the phenomenon of perception is a recent post from Linus, here. Imagine, for just a second, that this statement came not from Linus, but instead from either Steve Jobs or BillG.

If Steve Jobs had said this, people would say “well der, Jobs is all about the user experience”. It might not even make headlines.

If Bill said it, even though he’s now retired from his role at MSFT and so it shouldn’t matter, there may well be massive coverage, the gist of which would be “see! MSFT doesn’t give a crap about security! I knew it! M$ is teh evel!”.

This is perception. The notion that this is true should come as no surprise to anyone. But if we dig a little deeper we find that this perception issue has significant implications.

Implication 1: Perception allows mediocre or even bad ideas to be treated as if they are good.  

Example: The public seems to believe that the security precautions which are currently in place in major airports in places like America and Europe are good and make sense. We can assume this because they continue to fly. Do I think for a second that if 50% of the planet stopped flying tomorrow to protest the stupid fluids ban that the ban would last even a week? Of course not.

But people think that the people in charge must know what they are doing. That’s their perception. And so they tolerate it when someone won’t let them fly with an extra ounce of toothpaste, or when they are told they must drink their own breast milk to prove it’s not pure hydrogen peroxide.

This is in spite of the fact that not a single competent security engineer has ever come forward and made the claim that the fluids ban actually works. (Not that I am aware of, at least.)

Perception, rather than reality, is ruling the day and letting a bad idea continue on.

Implication 2: Perfectly reasonable ideas which are offered up by people or groups who are perceived as being un-trustworthy may be lost in the ensuing maelstrom of idiotic public wankery and flagellation.

Example: Something called Palladium (even when it was named NGSCB “it’s pronounced Palladium”). The general perception of Palladium was, well, bad. Very bad. It was very bad for a variety of reasons, but the biggest perception was that it was very very evil because some people thought that MSFT was very very evil.

Linus posted his bit about DRM in April of 2003. In September of 2002 I posted this, which you can see is part of a larger thread. Re-reading my posts, I can’t find any major faults anywhere.

But clearly that wasn’t enough. The perception of MSFT was that it was evil, and if MSFT was evil, that made Palladium the hellmouth from which pure, unadulterated evil would pour forth.

Here’s an interesting quote from this page: “XenSE is designed to allow desktop users to create securely separated compartments to run applications that contain highly confidential information. The system would prevent such data from overflowing from one compartment to another.”

Replace XenSE with “Palladium” and you have, well Palladium. Note the lack of public outcry about XenSE, however. Clearly NOT Palladium in that sense. Of all the things that “killed” Palladium, negative perception was the most important factor.

When I look around I find lots of examples of things we were doing in Palladium being done in the open source community. Linux has TPM drivers, people are looking at secure boot, there are complete Palladium near-clones in a number of universities.

This makes me happy, actually. I still believe in the principles of Palladium and I think that they are required to make the world a better and safer place. If it takes smart people in the OSS community to make it happen, well you go.

If you are right and you have time on your side (like Linus does) then sooner or later people will come round to your way of thinking, and that will, over time, significantly improve perception.

It takes a community with both the best technical expertise AND good public perception to best make the world a significantly better place. If I have to choose between the two I know that I will always place my bets with the former, but I really appreciate just how important the latter is.

In the case of Trustworthy Computing at least this stuff is happening. Maybe that’s the most important thing.


5 thoughts on “Perception (or, Linus gets away with being honest again)

  1. Linus is definitely a real engineer, and not just someone who participates in open source as a political mass movement (a la Eric Hoffer). It’s amusing to see how his honestly bumps up against political correctness, as in his criticism of GPL 3.0. I’ve always thought he was the anti-Stallman.

    Talking about how open souce is copying Paladium, in general I think there is no decent history of operating systems now. It’s simply too political at this point. Linux started out as something like V6 UNIX ported to the PC, and a lot of the improvements over time had been features that seem borrowed from NT. DLL’s, the DDT, journaling file system, async I/O, even kernel threads. The guy who did Bonobo was actually honest in saying it was an attempt to replicate OLE automation.

    I guess what I’m trying to say, but not very well, is that the discourse on software is badly damaged by politics. It just isn’t possible in the hacker or the academic community to suggest that any ideas originated with “M$”. There is a famous postmodern architecture book called “Learning from Los Vegas”, but nobody talks about how much was learned from Microsoft.

  2. I think that part of the problem is immaturity – namely the immaturity of the social networks, which is even more profound than the immaturity of the participants. You get smart people and idiots together on the internet, and sooner or later the idiots start to take their toll.

    People who would otherwise refuse to let idiots anywhere near themselves in real life wind up closely associating with them in teh interwebz.

    Imagine if the guys building a medieval cathedral had crowds of thousands of people hanging around and “helping” them by commenting on everything from their choice of shoes to the stone they were using, and objecting the entire time to the building because it was clearly going to be used to oppress the masses…

    Re: politics, I recall a paper written in the late 90’s by someone which basically said “code is political policy”. I can’t find it anymore.

    They were unfortunately correct at least insofar as people treat it that way now.

    This kind of thinking would have lead to early car inventors being pilloried and designs scrapped because they couldn’t answer the question “what does your car design do to prevent it from being used as a getaway vehicle?”

  3. Based on my experience, trustworthy behavior is clearly a critical component, but sometimes it isn’t enough.

    And there are plenty of cases where un-trustworthy behavior carries the day becuase of perception.

  4. Idiots are a problem on the net. Talk to any scientist or historian who has tried to contribute to the wikipedia. It starts out seeming to be fun, and after a few bad interactions with wiki-apparatchiks, they flee, never to return. Wikipedia is amazing, but so flawed and no sign that they will ever vet contributers in a meaningful way.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s