Freemors Blog

Musings of an East Coast Techie
Posts tagged as free software

Why Open Source

2018-04-17 by Freemor

Ok, I'm going to attempt to explain why open source software is better then closed source. For the libre-software folks in the crowd I'll be addressing copyleft and the four freedoms in a following post.

I'm going to explain this using an analogy and what I hope is an apt one- that of a recipe. This is something everyone is familiar with and has probably worked with at one point or other.

Source code is a recipe for how to make a program. Depending on the language it is either "baked" (compiled) or "eaten as is" (interpreted).

Like a recipe the source code is just a list of things to use (resources) and instructions on how to use them (the program).

Just as many recipes need to be baked and one can't easily identify what went in to the recipe after baking, many modern programs are compiled and what comes out of the compiler looks way more like cake then eggs, flour, sugar, vanilla, etc. Therefore it is very hard to work on a program after it is compiled. Just imagine trying to add more oil to a cake that came out too dry after it's baked. It just won't end well.

Ok, now that we have the analogy established, imagine a world where recipes were all legally protected secrets. The only food you could buy was pre-cooked or ready-to-eat. Hate the flavour? Too bad. Want to add blueberries? Sorry can't do that, or at least not in a meaningful way. Ovens would be for heating alone just as most people's computers are just for using a browser.

Worse still, if you did figure out how to make a brownie, somehow found the ingredients and tools to use them and then, GASP! used your oven for cooking, you'd probably promptly get sued by the local big brownie concern for stealing their secrets. And because they are secrets you couldn't prove that you didn't or it would be very hard to.

In this world almost no one could help you with your brownies as only a select few know how to cook or what cooking even is, other then "That thing specially trained people do for big companies".

This is the world of closed source. This is the world of the late 80's and early 90's before the open-source movement. There were a few small pools of hobbyists keeping programming for fun alive but mostly all the recipes had disappeared or were very old and stale.

Now imagine a world where everyone publishes their recipes. And because of this the tools to use the recipes are readily available. If you didn't like Magoo's chocolate cake, you could download the recipe and fix it and bake your own. Now depending on the license that Magoo attached to the recipe you may or may not be able to tell anyone about how you fixed it, and may or may not be able to sell the better cake you made. This is where software freedom and copyleft comes in which I'll talk about in a later posting.

In this world there would be lots of people cooking, sharing ideas on how to cook, how to cook better, coming up with new and interesting things. Also people could look over Magoo's recipes and say "Too much salt in cake #3, it should be 1 teaspoon not 1 tablespoon". Also people could make sure Magoo's wasn't including rat poison, or making a frosting of raw eggs, sugar and lard that'd go off in a day and lead to people getting sick and dying, thus making everyone safe.

Just imagine if VW's emission control software had been open source. People would have looked at it and said "WTF! What are you doing?" Now I know some of you are saying "Ah, but they could publish a good recipe and then bake the bad one". True, but it'd still be a lot easier to catch them as you could bake the recipe they published and then compare it to the pre-baked version. In the VW example the pre-baked version would somehow, mysteriously have way better mileage. And because people know how to cook, they'd know there are only a couple of ingredients that could be fiddled with to achieve that result.

VW is not the only one hiding things in their closed source software. Most programs that you find in "App Stores" are closed source and many of them do their best to take your personal information, often without permission. These activities would be plainly visible if people could look at the source code, as would many vulnerabilities or things like back doors in the program.

This is where we are hopefully heading. Many programs are now open source; many are still secret. We will probably never get to a 100% open source world. But as people learn more about the open source movement, and realize that programming is just a learned skill like cooking, instead of seeing it as a magical "something" that only rare geniuses can do, there will be more and more pressure for companies to open their source code, or for software repositories like "App Stores" to include a way to also download the source code for a program.

He who controls the server and software 'owns' the device

2016-04-05 by Freemor

With recent articles like this and this, I felt it was important to point out the golden thread running through these. Which boils down to one thing. "He who controls the software and/or server controls the device" at least in devices like these.

When buying a product that is Internet ready or Internet connected it is very important for people to ask the question "What happens if the Internet part goes away?"

For some products it's no biggie, like say a media player that downloads from a specific site, but also let you put your own music on. In this case the Internet part is more of a "Value added" piece then an mandatory one.

Then there are things like the Google Chromecast. If the Internet back end goes away because Google decides to move to ChromeCast V3.0 and not support earlier ones, then the device will become a brick. useless. And due to the lack of software freedom in these devices there is nothing the owner can do.

This same thing is true of an ever increasing number of products. Especially as we move into the whole "Internet of Things" (IoT) world. One of the reasons that businesses are so hot on the IoT idea is the reach it gives them over the product. This was seen with Kindle when amazon reached into thousands of devices and Erased the book 1984.

There are two separate issues at play here:

The "ownership" of the device hinges on these two things. Lets look at each of them.

Who controls the software

If you do not control the software on the device, then it controls you. You do not own that device. The person that controls the software owns it.

When I talk about control I am not talking about how "Usable" the software is. I'm talking about the users ability to Change, modify, study, etc. the software on the device.

If you can't change the software at all them you have absolutely no control.

If you can swap one opaque mass of software for another opaque mass of software you have the limited illusion of control

Only when you can Study the software to see how it works, Change it to work the way you want it to, Share the changes you've made and have the freedom to use the software in any way you choose do you truly control the device.

Sadly an ever decreasing number of devices fall into this category. Even many devices that appear free, like the Raspberry Pi, are actually Not truly so due to the fact that they can not work without some opaque bit of software. In the case of the Raspberry Pi it is impossible to boot the device without software that is not in your control.

Who controls the server

This question is either of slightly less or equal importance to the "ownership" of the device based on what the server bit does.

If the server bit is strictly "Value added", as in the device will continue to function completely without the server. Then the question is a minor one.

However increasingly, and by design, devices will not function if the server is gone.

Now if you have freedom in the software as mentioned above. It wouldn't be an issue. You or someone else could study the software, change it to use a different server or to not need the server and then share that change to the world. Problem solved.

Sadly as mentioned above it is a rare device where that can be done. Partly because most software licenses prevent you from doing any of those and thus from using the software any way you want

So lacking freedom in the software and being tied to a server that you don't control means that not only can you not fix, or modify the device, you are now entirely at the whim of the person that controls the server. What if the server says to delete all your stuff? Nothing you can do. The device wont work without the server so you can't prevent it from connecting and once it does bang your stuff is gone.

It goes well beyond just deleting your stuff. The server could push out an update that kills the device. Now it wont even turn on. Or they could just shut down the sever, Again you're stuck with a useless device. It is also important to remember that the connection to the server is a two way street and can be used to spy on anything you do with or near the device, as Windows 10 does and it looks like Occulus Rift will.

As the whole IoT thing takes off this is going to become a huge issue and one that customers need to pay attention to. An IoT fridge that you do not control could be remotely told to not keep food cold anymore when the manufacturer decides it is time for you to buy a new one.

Think that is far fetched? There have been printer out there for years now that decide to stop working based on a software counter in the printer. There is absolutely nothing mechanically wrong with them the software just decides "Sorry I'm done.. go buy a new printer". If manufacturers are willing to screw with you like this how much more so when they can reach over the network and do what ever they like to your device?

So the next time you buy an electronic device ask, Who controls the software? Is the server part "Value added" or mandatory? Can I change the software? Can I run my own server? And ultimately, Do I want to buy a device I will not "own or control".