The break of news raising doubts over the security of open-source software sent shockwaves through the technology realm, more specifically for the communities developing it. Open-source code is sacred for such communities, made of millions of people that work for free in the name of a highly hippish, nearly Marxist ethos of equality, where sharing things is not an act of goodwill but a mindset. The episode, which has not yet brought the full consequences expected, is a reminder of how societies depend on something that cannot be bought or sold, cannot be enforced, and once it’s gone, there is no turning back: trust.
One might question why an open-source incident arrives at a disinformation newsletter. It’s simple: the planet Earth news boards are not the only place where disinformation takes place. It happens everywhere, from the IoT devices that allow you to prepare the coffee before you wake up to the automatic dam levers that avoid catastrophes. Disinformation is the corrosion of the foundations of a system, and it can show up at any of them.
For a transaction to operate, there are a few primary conditions that cannot be spared. In the news industry, the foundations are the elements that allow the building of the discussion. You have the languages, with their words and meanings (the material for the Italian expression “Traduttore, Traditore”), the carefulness to treat any quote as a court affidavit, the agreement to accept official sources as trustful. For the open-source community, the trust-atom is the commit, the acceptance of a change to the system that a member of the maintenance team has verified.
In the scandal of the open-source community, the problem was about a University of Minnesota researcher who managed to have a faulty commit approved by the team developing the Linux kernel. If you are not into tech, a very superficial hint: the kernel is like the very centre of an operating system. Nothing is done without it. After doing so, Kangjie Lu, the researcher, published a paper explaining how he was able to “plant” a bad seed into the core of Linux, whose security and reliability are inextricably linked to the open-source ideal. The world came down because the community felt the event like treason. In the view of those involved with Linux development, Lu abused the good faith of all Linux maintainers for his individual goals.
Linux won’t be stopped by that, and it remains very secure. But the system cracked. Lu alleges that he was trying to expose the risk and how bad actors could exploit it. Playing the Devils’ Advocate, even if the most egotistical motives have driven Lu, he should not be slashed. If he had done the same in the news industry, he would become a hero, a whistleblower, but the news industry’s ethics is very different from the open-source code. It’s also true that now it is impossible to deny that where there are people, there is a risk. Open-source code is not infallible, and to an extent, must be critically analysed. All the rage against Lu is driven by the questioning of something that was given for certain.
The event in itself will reverberate for a long time, but it is very telling of the zeitgeist of the moment we are living. Like the open-source community, other information systems are also seeing the trust that keeps them together dismantle. Without the sometimes unspoken contracts that lay the basis of everything, everything will crumble at some point. The increasing gaps caused by disinformation are all consequences of the rupture of the social contracts keeping journalism together. Once, we all agreed the sky is blue until someone came and said the sky is red. There is no discussion possible with someone that truly believes that the sky is red. We can go even further and say that there is no discussion between two people if one does not want to discuss. And that is precisely what is happening.
Like science is the only chance for humanity to beat the health crisis in the world (Covid is likely to be the precursor of a trend), technology and reason are the only chances to bring societies together — if these societies really want so. Some of them already have a hole between the two sides that seem impossible to heal. However, in most of them, it is still possible for all parties to sit together and acknowledge that profound changes are needed and that none will leave the table with the prize if there is nowhere to go.
Even with reason and technology, the solutions for the disinformation epidemic will not come from people, companies, institutions, countries, politicians et al that do not want to understand why some people believe the sky is red. Until we do not understand that inequality pushed droves of people to the left or the right, to social justice or alt-right up to the point that they do not follow the current Cartesianism sustaining the last centuries, no change is possible. We need to start by there — find consensus about the colour of the sky. And keep a step after the other…