Open Now
Open Now
Watch now

Security is at risk because of billionaires

Elon Musk's takeover of Twitter is a great example of how to destroy something. This doesn't have to happen.

It's hard to accept that Elon Musk bought Twitter because every report of internal chaos reminds us that we may have lost the most promising way to communicate online in decades because we didn't recognize it for what it was when we had the chance. Musk shouldn't have been able to buy Twitter because it shouldn't have been an asset in the first place. Its founder, Jack Dorsey, once called it "the public conversation layer of the internet." Because of this, it has become the center of our global alert system during the pandemic. It's hard to believe that even one person can still own this. Like having your own email.

In the field of information security, there's something called a "evil maid attack" that happens when an untrusted party gets physical access to important hardware. For example, if you leave your laptop unattended in your hotel room, the maids could come in and steal it. We now have a new analog that can just as easily break systems and leak information. You can call it the "attack by evil billionaires" if you want. The weapon is money, and more specifically, the chance that you won't have enough money to make a difference when the time comes. The phone is ringing in the house.

This strategy works because most ideas that matter are owned by people with more money than you. When they can, these people connect their ideas into a network with the goal of making gravity impossible to avoid. Founders, investors, and excited technology writers like me often use the word "platform" to describe technical systems with small parts that can be used to build new functionality. Platforms are especially attractive to the people who keep the technology industry going when the bits can be sold each time they are used.

Musk begins his Twitter ownership with firings, declares the 'bird is  freed' | Reuters

The idea is that a platform is better than an app because you can use it to build multiple apps or let other developers and companies build apps, from which you could take a 30 percent cut. No matter how good the code is, the Twitter mess should be the end of the proprietary platform as a serious technical project. It is a high-profile example of how risky they are and why you shouldn't trust them. The overly cautious approach to intellectual property that makes things proprietary in the first place is also a liability that puts everything a company could make at risk because it gives billionaires the power to kill them. Musk's takeover of Twitter is a case study in how to destroy something, a guide for the next billionaire who wants to build a social media empire. This is true whether or not Musk actually destroys Twitter. Now, our way to talk about the next vaccine we might need is in danger.

There is already another platform out there, so it doesn't have to be this way. Just look in the right places.

Blockchains try to solve this problem as deeply as possible. Musk would find it much harder, if not impossible, to get rid of a blockchain as long as a few users were upset enough to keep running independent nodes. Since the data is duplicated on many computers, the chance of losing access is very low. The blockchain is its own API. There are different problems that come with this, but losing information because of an enemy is not one of them. For example, when the Hic et Nunc market for NFTs shut down in late 2021, a new version came out with the same content but a different look. The blockchain is a shared resource that forces people to work together. It's almost like self-defense for living things.

Or, think about WordPress, which was one of the first tools for blogging and has since grown into a more complex, all-purpose content management system. It now runs about 40% of the open web, and the two terms are often used interchangeably. Around it, a huge economy has grown up, with companies that make websites, developers who work for those companies, and independent developers who work for themselves. Many of these developers make plugins that can be unlocked or made bigger by paying a licensing fee. All of this is possible because the core is open source and encourages its ecosystem to do the same. WordPress has been around for a long time, and its simple RSS feeds lost to Twitter's social features in a big way. In 2022, it might be fair to say that it is getting a bit old. But now we have to see it as a bigger technical success than Twitter, just because it isn't in danger.

Even more bulletproof than WordPress is the rest of the web, which is made up of strong, open protocols that can never be owned. Without shared models like HTTP, FTP, and TCP/IP, computers could not talk to each other at all. Even the parts of the internet that we now think of as closed were built so that they could work with each other. Not too long ago, that was the main reason for building these things.

Interoperability can be lost right away if half of the handshake goes away, so the next requirement is to keep everything online. The short, messed-up story of "left-pad" made this a big lesson for developers. Most important JavaScript code ends up on a service called npm, which stores code and makes it available for other developers to import and use. In 2016, an engineer who was upset with the company that ran the npm service removed one of his projects, which was a simple function for manipulating text. This caused all the code that depended on it to fail, and then all the code that depended on that code to fail, and so on. It was such a funny mess that it made npm change its rules. Now, a piece of software that is posted on npm can never be taken down.

But npm itself might not be around much longer. Around 2019, this started to seem more and more likely as the company struggled to get money. There, we were on the edge of a disaster. The whole web development industry, from small WordPress shops to large multinational companies, had come to see a startup that wasn't yet financially stable as a key piece of infrastructure. As a precaution against npm's uncertain future, companies with the resources to do so started saving a backup copy of every package that was installed. Even though the code was free and open source, the company that ran the hosting service did not guarantee access to it.

Then, in early 2020, as the pandemic was starting to spread, Microsoft bought npm out of the blue, and everything seems to have been fine since then. (Somewhere, a stressed-out npm worker just screamed into a pillow. I'm sorry.) Since Microsoft had bought GitHub about two years before, this was a natural fit.

About five years after it was created, GitHub had become the most important website for software development ever. It is basically a web-based interface for Git, a standalone tool for managing codebases that was first released in 2005 as a way to work on the Linux operating system and has since become the standard for almost all modern software development. Open source code is GitHub's bread and butter, the main content on the site, and the most important thing it does for most people, with the exception of its few enterprise customers. Git, the site's heart, takes this love of open source code to the next level.

The "remote" is any copy of the code that is somewhere else, like in another folder on your computer, on a server, or even on GitHub. This is one of the most innovative parts of Git's design. Or on an alternative to GitHub. GitLab is the most popular, and Keybase gives all of its users remotes. You can also set up your own privately on most servers and computers, but it's a lot of work. Git acts as a go-between for interactions with remotes, and no remote is ever inherently more important than another. Because of this, a codebase stored in Git doesn't have a single, official location, so it can move around freely to avoid threats.

I've been using Git to make software for a long time, and it has changed the way I think so much that I now couldn't live without it. Still, sending your code to a new remote for the first time still feels like magic. You can copy years of work and gigabytes of code to a new host with just one command. Almost all of the context, notes, information, mistakes, and jokes will stay the same. It feels like you hired professional movers to take all your stuff to your new home, which is a feeling I've rarely had with other tech products. On the contrary, the person who made WordPress recently said that Twitter responded to users leaving by making it impossible to export user data via API on request. Because of the work of the annoying free software nerds who make Linux, switching is so cheap in the Git ecosystem that it makes the success of GitHub even more impressive. Because it has to be, GitHub is the best in its class. Its product is built on a tech stack that says another company must be able to come along and eat its lunch. One could even say that the market can never be truly free without this mechanism.

Even though he bought Twitter and fell off the list of the world's richest people, Musk still has enough money to cover the valuations of npm, GitHub, GitLab, and Keybase all together. He could buy them all and shut them down. He couldn't kill the codebases they hold, though, because each project could just move to a different remote. Git was made so that bad people can't get to it no matter how much money they have, and this powerful property is passed on to all the code it touches. Not only is Git free and open to everyone. It was made in a way that makes it impossible for it to be something else. At this point, the only way to stop it is to replace it with something even better. Best of luck!

Even if you started building your replacement from Git, you'd still have a problem. Git is licensed under the GNU General Public License, which is a very strict license used by open source software projects. This license says that all work that comes after Git must be shared openly under the same license. Since Git's source code is open source, anyone can add to it and make changes, but it's against the law to treat that work as your own intellectual property. This property has a ripple effect: Free open source software released under this license tends to make more free open source software released under this license.

All of these stories of success are great, but none of them come close to Wikipedia, which is the greatest collection of human knowledge ever made and the most important thing ever made on the web. In its early days, it was often laughed at as silly, but now it's a big part of our lives. It's always in your pocket, and you can pull it out at a bar to talk about an article with a friend or date. We don't think about it. It's hard to say how much it's worth. It is also free in some way.

So, in fields like medicine, finance, and art, we should try to make something like Wikipedia that does whatever the field needs. Math, cooking, and remembering people who have died. Maybe computers, too? Git might count, but not GitHub. The "sharing economy," which is now a whole layer of professional life in every way imaginable, started with a bunch of new companies that tried to be like rideshare companies, like Uber for everything. It turned into a joke. Enough. Get big. Nobody cares. Instead, go make a Wikipedia for something.

Open source software has always been driven by the vague idea that it will make the commons better, that showing and sharing your work leads to better projects, successful businesses, more ambitious ideas, and better futures. If we all stand on the shoulders of giants, some of us will find things up there. And sure, that's fine. That's the kind of utopian dream we could all use a little more of, especially after what's happened recently. Dorsey's thoughts on Twitter's problems last week led him to say, "We did the right thing for the public company business at the time, but the wrong thing for the internet and society." There is a tension there, no doubt. But I'm going to go one step further: In a world full of bored billionaires, lack of open access becomes an existential risk that could suddenly wipe out everything.

Technology has been measuring success for decades with things like funding rounds, company valuations, potential markets, active users, downloads, and yes, stock prices. But all of these things are part of capitalism. If you want to dig deeper, you'll find that the platform for the platform is just money. So what? We know how this story ends.

Capital can kill code. Capital can kill anything. So, if what you've made is important, you'll need to make it into something that can't be bought as long as there are billionaires. An idea that can't be killed is worth more than one that can, and the only thing that billions of dollars can't kill is something that doesn't have a price tag to begin with because there are so many of them and they keep copying themselves as they spread around the world.

The good news is that, given enough time, we will get the better, stronger, more resilient world we need because the groundwork has already been laid. Twitter might not fail in the end, but even if it does, ActivityPub, Bluesky, Mastodon, and good old RSS feeds are ready to take over. Smart people will make amazing things in JavaScript, save them to GitLab remotes, and put them on npm. Some of them have started already. These are the reasons why, even in the worst case scenario, Musk's leadership of Twitter would not be a total disaster for communication around the world. All of these pieces are already out there, so we'll be fine. We'll be fine because we didn't make the same mistakes the last time around when we used Twitter as a platform. That's because Twitter was built on a different generation of technology, which is the one we should try to use again. We'll be fine because we still have access to the internet.

Follow us on Google News