Taking the rough with the smooth

Computer users are a passionate lot, and I wouldn't have it any other way. I would be loath to give up my BBC Model B computer and you'd have prize my Sinclair ZX81 out of my cold, dead fingers before it left my possession.

Other computer users are just as passionate. What does it say that years after the OS/2 operating system was commercially retired (or stabbed in the back, depending on your viewpoint) a group still meets regularly in a London pub to discuss its pros and cons.

But there's something slightly unnerving about one group in particular: Apple enthusiasts. They have thinner skins than someone on their fifteenth facelift and any article that could be perceived as criticising their beloved gadgets or the software that runs on them brings howls of protests and accusations of being in Microsoft's pocket or worse.

After I reported on four flaws in QuickTime our message boards were soon filling up with such accusations, and frankly abusive stuff some of it was too.

No matter, it's par for the course with journalism and nothing to complain about. But with this kind of volume of mail we thought we'd recheck and had the story confirmed.

As I said at the start, enthusiasm for technology is a wonderful thing. But you have to see the good and the bad side of these things. No complex application, or operating system, with millions of lines of code and complex architecture can ever be perfect. If one person can find flaws in it and write exploit code you can bet your bottom dollar someone else will too; it's happened all throughout history.

When Charles Darwin made his historic voyage in the Beagle he didn't immediately come up with the theory of natural selection. Instead he pondered, refined, worked on other things entirely and may never have published at all. Then, when he got the news that Alfred Russel Wallace had come to exactly the same conclusions, he published, albeit naming Wallace as a co-originator in his presentation.

So when a researcher finds a hole in some software, especially a critical hole or four, what then? They could keep quiet and hope no-one notices or let people know, once a cure has been found.

The first choice is folly, because if a hacker does exploit the hole users won't get a warning and will be left exposed. The researcher has a duty to publish responsibly, and so do we.