It’s been a while since the last post. I plead flu. It has advantages, though: I lost 10 pounds in 2 weeks.
I’m several conferences behind in writeups. Back at Linucon, I chatted a bit with
author of The Hackers Dictionary, The Cathedral & the Bazaar, and The Art of Unix Programming.
Of those books, the most relevant to this post is The Cathedral & the Bazaar.
Its thesis is pretty simple, but let me paraphrase it and oversimplify it: software built to elaborate specifications by teams of programmers,
with flying buttresses and fancy rose windows isn’t necessarily better (more capable, more robust,
more user-friendly, more sales, etc.) than software built by loosely knit teams of people building the
parts they want to use. Closed source vs. open source. Back when I published the first printed
version of Eric’s paper on this subject, this was a radical thesis. Not to its practitioners, of course, since the Berkeley Unix system for example had been produced by such methods back in the 1980s, and Linux was already spreading rapidly in the 1990s. Yet radical to those not familiar with it. Nowadays many companies are
using it, and much open source software has become quite popular.
However, the idea extends beyond software, and it appears that many people have worked out aspects
of it from different directions. For example, David Weinberger’s Small Pieces Loosely Joined deals with many of the same ideas related to the World Wide Web.
Eric’s most recent book is also relevant, since the Unix philosophy has always involved small
pieces connected together in various ways instead of large monolithic programs.
John Robb’s Global Guerillas blog has explicitly cited
the Bazaar open source idea in relation to ideas of assymetric warfare. Robb had previously cited a long
list of books that are more obviously about warfare, the most seminal of which is probably
Boyd:The Fighter Pilot Who Changed the Art of War
by Robert Coram. This is a biography of John R. Boyd, who started out as a fighter pilot
(never defeated), wrote a manual on aerial jet combat that is apparently still in use, “stole”
a million dollars worth of computer time in order to develop his theory of why he never lost,
which led to designing airplanes including the F-15 and F-16, and eventually via intensive
reading of history to a theory of warfare that has since been adopted by the U.S. Marine Corps,
as well as by other, less savory, parties. It is known by various names, such as “fourth generation warfare,” “assymetric warfare,” or “highly irregular warfare.”
Someone else approaching many of the same topics is Albert-László Barabási
in his book Linked, about scale-free networks; I’ve mentioned his book a number of times
already in this blog.
What do all these things have to do with one another? They’re all about organizing loosely joined
groups without rigid top-down command and control. They all also have to take into account how
such organizations can deal with more traditional c-and-c organizations; which has what advantage;
What does this have to do with Internet risk management strategies? The Internet is a loosely
coupled non-hierarchical distributed network. No single organization can control it. Any organization
that wants to use it would do well to accept that the Internet introduces sizeable elements that cannot
be controlled and therefore risks that must be managed without direct control.