[MUD-Dev] Quake II has gone GPL

Wed Jan 16 23:06:00 CET 2002

On Wed, Jan 16, 2002 at 03:18:41PM -0800, J C Lawrence wrote:

> Much of the vaunted security advantages of Open Source comes from
> the "many eyeballs" argument.  The problem with that argument is
> that it scales non-linearly with the size of the population
> using/abusing the product.  With a small user base (in the
> developer/useful-eyeball sense) it is easy for the badhats to
> effectively outweigh the benefits of the rest purely by percentage
> dominance.  Additionally in the case of a custom MUD client where
> the server side sources are not also Open Source (and thus with a
> supporting community), the incentive for a badhat versus a good
> hat is considerably larger, especially if there is the potential
> for financial gain (eg the various people running UO/EQ/etc
> auction farms on EBay).

I am a free software bigot.  I am also a good software bigot.  If
you keep the hit-points or item list of my character stored in my
client, then I can and may change it, with or without the source
code.  "If you want it done right, do it yourself." comes to mind
for when thinking about designing a system.  I don't mean to imply
that any programmer will ever do anything right.  If you want
something done securely, you should do it in a secure place.

What comes to mind as the best way to secure a system is to trust
only the code that will be under your control, and to design your
interfaces properly.  If some person can modify their client, or
write a new one, and come out with an advantage or a way to crash a
remote process (maybe one of your game servers), then something is
obviously wrong.

If I am showing my ignorance of the design of MMORPG systems, please
forgive me.  In my experience with developing distributed systems (I
mean systems where multiple processes are participating, not "peer
to peer", just to clear that up), designing with secure interfaces
and appropriatly located logic is standard stuff that happens before
any code is written.  For instance, can you imagine an on-line
ordering system where the total cost of your order was stored on the
client, and that is what got billed?  Even if the cost is stored on
the client so that it can be conveniently viewed, the server must (i
hope!) do some accounting and recalculate the cost before the
billing is done.  If a gaming system (any system) performs critical
information on untrusted data, something is wrong.

So, as a free software bigot, I respond that the only way to write
secure software is to write good code with secure interfaces.  Even
bad code with good interfaces shouldn't cause you any problems.
Security through obscurity is an excuse for poorly designed
software.

Security through "many eyeballs" is suitable for when the software
isn't so much designed as evolved (as in some open-community
projects).  I am one of many people who belive in free software who
do not participate in the open-community model of development.

I am afraid that one day a software developer may be able to trust
personal computers to keep information hidden from their users.
Obscuring a bad design only puts off the amount of time it takes to
find a flaw.  So-called digital rights management is a whole other
issue..

--
Nicholas E. Walker <new at gnu.org>

_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev