The more I learn about Linus Torvalds, the more I like. I like that he’s “just” an engineer (and near as I can tell a very good one).
As he is just an Engineer, he is prone to clear, logical thinking, and thus also prone to clear logical statements. Here is an oldie, but a goodie where Linus essentially tweaks the noses of an entire generation of wankers, erm, make that “opinionated people who have no place making real engineering decisions” by essentially declaring that DRM is a perfectly reasonable security model and as such by itself it can’t be evil. (Clearly my interpretation, you are welcome to interpret it yourself.)
People who aren’t engineers, or at least aren’t very good ones, often try to argue with these kinds of statements as if they are religious issues. This approach doesn’t work so well with engineers or logicians. It’s kinda like trying to convince an engineer he should build a truck bridge out of wet sand instead of steel because “ironz is teh evel!”.
Yeah, not such a good argument. But sometimes these arguments actually work! And when they do, the world isn’t a better place. This brings us to my Third Law of Trust: The Perception of Trustworthiness Can Be as Important as The Reality of Trust Itself.
A great case study in the phenomenon of perception is a recent post from Linus, here. Imagine, for just a second, that this statement came not from Linus, but instead from either Steve Jobs or BillG.
If Steve Jobs had said this, people would say “well der, Jobs is all about the user experience”. It might not even make headlines.
If Bill said it, even though he’s now retired from his role at MSFT and so it shouldn’t matter, there may well be massive coverage, the gist of which would be “see! MSFT doesn’t give a crap about security! I knew it! M$ is teh evel!”.
This is perception. The notion that this is true should come as no surprise to anyone. But if we dig a little deeper we find that this perception issue has significant implications.
Implication 1: Perception allows mediocre or even bad ideas to be treated as if they are good.
Example: The public seems to believe that the security precautions which are currently in place in major airports in places like America and Europe are good and make sense. We can assume this because they continue to fly. Do I think for a second that if 50% of the planet stopped flying tomorrow to protest the stupid fluids ban that the ban would last even a week? Of course not.
But people think that the people in charge must know what they are doing. That’s their perception. And so they tolerate it when someone won’t let them fly with an extra ounce of toothpaste, or when they are told they must drink their own breast milk to prove it’s not pure hydrogen peroxide.
This is in spite of the fact that not a single competent security engineer has ever come forward and made the claim that the fluids ban actually works. (Not that I am aware of, at least.)
Perception, rather than reality, is ruling the day and letting a bad idea continue on.
Implication 2: Perfectly reasonable ideas which are offered up by people or groups who are perceived as being un-trustworthy may be lost in the ensuing maelstrom of idiotic public wankery and flagellation.
Example: Something called Palladium (even when it was named NGSCB “it’s pronounced Palladium”). The general perception of Palladium was, well, bad. Very bad. It was very bad for a variety of reasons, but the biggest perception was that it was very very evil because some people thought that MSFT was very very evil.
Linus posted his bit about DRM in April of 2003. In September of 2002 I posted this, which you can see is part of a larger thread. Re-reading my posts, I can’t find any major faults anywhere.
But clearly that wasn’t enough. The perception of MSFT was that it was evil, and if MSFT was evil, that made Palladium the hellmouth from which pure, unadulterated evil would pour forth.
Here’s an interesting quote from this page: “XenSE is designed to allow desktop users to create securely separated compartments to run applications that contain highly confidential information. The system would prevent such data from overflowing from one compartment to another.”
Replace XenSE with “Palladium” and you have, well Palladium. Note the lack of public outcry about XenSE, however. Clearly NOT Palladium in that sense. Of all the things that “killed” Palladium, negative perception was the most important factor.
When I look around I find lots of examples of things we were doing in Palladium being done in the open source community. Linux has TPM drivers, people are looking at secure boot, there are complete Palladium near-clones in a number of universities.
This makes me happy, actually. I still believe in the principles of Palladium and I think that they are required to make the world a better and safer place. If it takes smart people in the OSS community to make it happen, well you go.
If you are right and you have time on your side (like Linus does) then sooner or later people will come round to your way of thinking, and that will, over time, significantly improve perception.
It takes a community with both the best technical expertise AND good public perception to best make the world a significantly better place. If I have to choose between the two I know that I will always place my bets with the former, but I really appreciate just how important the latter is.
In the case of Trustworthy Computing at least this stuff is happening. Maybe that’s the most important thing.