Imagine that you’re a spotty 16 year-old. You’ve just discovered philosophy. You will almost certainly have a conversation like this…
Dude… DUDE! What if… What if, like, we’re all just brains in a jar and, like, a machine is projecting reality around us…? Whoa…!
I bet you’ve had that conversation with someone. Probably after you first watched The Matrix. As a philosophy, it is a lot less modern than you might think:
I shall suppose that some malicious, powerful, cunning demon has done all he can to deceive me […] I shall think that the sky, the air, the earth, colours, shapes, sounds and all external things are merely dreams that the demon has contrived as traps for my judgment.
René Descartes in 1641
How far does your doubt extend? Hyperbolic doubt is, simplified, a philosophy which insists you should question everything – including your own senses.
Philosophy, naturally, leads us on to Computer Science.
How do you know your computer isn’t lying to you? Open source code means that you can see the code your computer runs. Of course, the compiled code may be different from what’s published.
Do we trust verifiable build? Perhaps not.
OK, so we compiler our own code.
But do we trust our compiler? Same problem as above.
Let’s write our own compiler!
But what if there’s a secret chip in our computer inserting malicious code? Argh!
It’s malicious demons all the way down. But, at least, we can see the code and compare it against the binary code and compare that to the output of the computer. That’s a fairly reasonable way to dispel doubt.
Hurrah for open source licences!
But what about code that runs on someone else’s server?
How can you tell what a distant computer is doing with your data? There are some Open Source Licences which are specifically for servers:
The GNU Affero General Public License is a modified version of the ordinary GNU GPL version 3. It has one added requirement: if you run a modified program on a server and let other users communicate with it there, your server must also allow them to download the source code corresponding to the modified version running there.
Why the Affero GPL
So someone can give you the code. But that doesn’t really help, does it?
How do you know they’re running the exact same code on their server?
How do you know that their server hasn’t been hacked?
How do you know if, halfway through your session, the software is replaced?
How do you know?
This isn’t an argument against open source. More transparency is always good. But it’s important to know its limits. There are some computational tasks which are too intense for a home machine. If you want to communicate with another person, you have to trust the code running on their machine.
Computo Ergo Sum.