In week 4 we asked you to familiarize yourself with some arguments for openness, and some reasons for concern about openness. Please reflect on what you read/watched/heard, here. You can give comments, raise questions, explain what was new/interesting/surprising to you, add your potential benefits and issues, or whatever else you’d like to discuss.
Hey all - just a reminder to read through https://p2pu.org/en/courses/2314/content/4534/ and respond here!
An issue with openness in software is that it is simultaneously more robust and more vulnerable. It is more robust because others look at it, try to improve it and generally return back to the community. This is true for security fixes as well, but it is CRITICAL that the security fixes be made quickly.
The vulnerability here is that by fixing a bug you also reveal it right away, and pretty much reveal the attack. As a consequence, if users don’t update, for whatever reason, they are immediately at harm.
In my understanding, it is a tad less time sensitive to update for security fixes in commercial software: it will take time to attackers to reverse engineer the patch and figure out the attack.
A similar issue with openness arises everywhere. If you release something in the open, it is there for others to criticise / scrutinise. If for whatever reason you can’t defend in the open what has previously been released (coercion, for instance), it leaves your release more vulnerable.
I’m not sure I quite get it. If one reveals the attack, is that a problem? I can see if people don’t update right away they are harmed, but it seems that might be true even if the bug isn’t revealed? I think maybe I’m not quite understanding here!
I’ve been thinking about this question all week, and I meant to write a longer blog post about it. But classes have started for me (I teach at a university), and I’m back to 12-14 hour days and little time for anything but work.
I’ve been doing my work in the open for a couple of years now–blogging and tweeting about my teaching, posting teaching and learning materials with open licenses. And so far I’ve had nothing but good things result from this. I’ve met and collaborated with amazing people that I have been connected to through open courses, Twitter, and blogs; I’ve gotten really useful feedback on my ideas and practices; I’ve gotten even more useful ideas from learning what others are doing; I’ve been invited to speak at several workshops at my university; and more I can’t even think of at the moment.
So when it comes to thinking of drawbacks to openness in my own line of work, I’m having a hard time. But I can mention some things that other university instructors have said to me in the past, or that I’ve heard through our faculty union.
(1). Some faculty members are concerned about having much of what they do be out in the open, available to scrutiny, especially when they are untenured or looking for a job. It’s one thing to have your research published and openly available (say, in open access journals or institutional repositories) when those documents represent polished work. It’s quite another to have all your teaching activities on display, the good as well as those days when things just didn’t go well or you didn’t have enough time to prepare. But your lecture notes, or the video recording of your class, are still available.
Usually, when we are evaluated by peers who write letters about our teaching, for job applications or tenure and promotion, we know ahead of time that they’re coming and we often try to put on our best (or at least not our worst) class. But if everything you do in terms of teaching is in the open, all your slides, all your lecture notes, even video recordings, then you don’t get to pick and choose what people who are evaluating you see. It’s all there for them to see. Which, of course, gives a broader picture of one’s actual work rather than focusing in on the best work, but it can put one at a disadvantage in comparison with others who are only putting forth their best work in their files.
(2). Another concern came up when my university passed a policy requiring that if any instructor shares teaching materials with any other faculty member at the university, then that is to be taken as giving permission to any other faculty member at the university (not outside it) to reuse, revise, redistribute those materials. I wrote two blog posts about this earlier this year, here and here.
There were numerous concerns brought up about this policy, including that some were worried that the university was trying to be able to use teaching materials, whose copyright rests in the faculty members who create them, for free in things such as MOOCs and continuing education courses for which they can charge a good deal of money. The concern was that they wanted to build up a stock of teaching materials they could use for free and then make money from them. Of course, until MOOCs have a viable business model there is no money being made off them. This concern is one shared by a number of people who don’t want what they’ve given away for free to be the source of profit for others (and is one reason for the CC-NC license; the university was not offering a similar sort of option for this policy.
(3). Finally, a number of faculty members in N. America are concerned about open educational resources being used, eventually, to cut down on the number of faculty positions. If we can just reuse materials created by others (e.g., video lectures), then we could run courses just with teaching assistants facilitating discussions and marking assignments, for example. Why do we need to repeat the same material over and over for small groups of students face to face when much of it can be given online to a very large group of students, one might ask.
I think there are very good reasons not to go this way, such as that different learning contexts require different approaches, responses to student needs in lectures, etc. And I think of the increased availability of online lecture material as a way to cut down on my own lecture time and to increase the time I spend doing more activities in class (eventually; I haven’t gotten there yet). But I can certainly see that some, including lawmakers, might think otherwise and that so it’s not inconceivable that this could be a danger someday.
The point is that it will take more time for malicious hackers to reverse engineer the fix and deduce an attack for closed source software than for open source software, leaving a larger window where regular users can do the required updates.
agreed, those are all valid concerns. they can be mediated if a culture of trust with the administration/funding bodies exists, but this seems hard to maintain