Why American Corporate Software Can No Longer Be Trusted

jrepin writes "There is a problem with proprietary, closed software, which makes Rick Falkvinge, the founder of the first Pirate Party, a bit uneasy: 'We get a serious democratic deficit when the citizens are not able to inspect if the computers running the country's administrations are actually doing what they claim to be doing, doing all that and something else invisibly on top, doing the wrong thing in the wrong way at the wrong time, or doing nothing at all. ... In the debate around the American Stop Online Piracy Act, American legislators have demonstrated a clear capability and willingness to interfere with the technical operations of American products, when doing so furthers American political interests regardless of the policy situation in the customer’s country."

The Era of Linux is at hand

[DadLeopard]

Well if you deal out Microsoft, Apple And Google, you are left with not much but Linux as an alternative! I for one would love to see this happen as resources and money would have to be poured in to make Linux distributions and applications that were world class!

Re:The Era of Linux is at hand

[Presto+Vivace]

I am increasingly of the view that Richard Stallman is correct, living in freedom means using free software.

Re:The Era of Linux is at hand

[Pharmboy]

you are left with not much but Linux as an alternative!

FreeBSD, (and other BSDs), FreeDOS, Darwin, Haiku, Plan 9, Solaris just to name a few. FreeBSD in particular is quite competitive with Linux, since many of the same GUI elements and applications will run on both.

Re:The Era of Linux is at hand

[houstonbofh]

That was FUD. Oracle is moving Java from the Java6 sdk to the openjdk, and this Ubuntu upgrade move you from sun java to open jdk... If you can live without update, don't do the upgrade. Upgrade Manager even tells you what it is doing.

Re:The Era of Linux is at hand

[sjames]

Had The Oracle/Sun JVM been free-er, that move would have been unnecessary.

Re:The Era of Linux is at hand

Yes I'm sure Haiku will come up first on their list of OSes that people actually give a shit about. They'll probably implement the backend in Haiku, the frontend on Plan 9, and the supporting software on Solaris so that every one of you chucklefucks can jack off about the fact that someone actually uses your OS.

Re:The Era of Linux is at hand

[CAIMLAS]

FreeBSD in particular is quite competitive with Linux, since many of the same GUI elements and applications will run on both.

Not quite true.

For a very narrowly defined subset of hardware, FreeBSD is quite competitive with Linux assuming you're using DragonFly and not FreeBSD due to the erratic and insecure nature of ports maintenance.

FreeBSD lacks the accessibility and support that Linux does. By "support" I not only mean community support and end-user documentation (or kernel architecture documentation which is correct/consistent/current, for that matter), but hardware support, which is spotty on quality even when the hardware is "supported". ("That's the vendor's responsibility", someone will say. Since when has that been fully accurate? Even MS has taken great efforts to make sure that there are good drivers for Windows.)

Never mind that most applications which work on FreeBSD do so through a Linux compatibility layer which is kludged together, at best, and a maintenance and security nightmare at worst.

It'd be nice to have an alternative, but FreeBSD proper is not it.

Re:The Era of Linux is at hand

[pla]

That was FUD. Oracle is moving Java from the Java6 sdk to the openjdk, and this Ubuntu upgrade move you from sun java to open jdk.

Yes and no... Given the more-or-less equivalence of the two JDKs, it means a minor nuisance for most people as they search the forums to figure out why Random App X inexplicably broke, and how to point their favorite toys at Open instead of Sun. Should they ever have needed to do so?


Upgrade Manager even tells you what it is doing.

To most people, an official "update" amounts to a calm reassurance that some geek-deities somewhere far away, perhaps Silicon Valley, perhaps Finland, perhaps Mars for all they know, have cast a spell that will make everything work out alright. Even among lower-tier tech-savvy people, very few would know whether or not they wanted to let the updater make the indicated change. Hell, even as a seasoned developer, I wouldn't necessarily know (prior to the change) what, if anything, would break as a result.


I don't disagree with you in spirit, but the issue still boils down to having changes made semi-unwittingly to your system, for political rather than technical reasons. Not because it will give you the best long-term outcome, but because an agreement has expired between parties you don't even recognize as even remotely relevant to the state of "your" PC.

And that I take as the heart of the FP's argument - We can't trust proprietary software because we can't know when a distribution agreement may retroactively expire, or a court may waves their wand-o'-justice to make P2P magically illegal overnight, or some government wants to censor any mention of Pastafarianism. None of those, except by my decision to play ball, should have any effect whatsoever on my PC that worked just fine the day before.

Re:The Era of Linux is at hand

[SplashMyBandit]

n00b. No one forces you to adopt the GPL. Only those enlightened souls who *actually create something* can choose to use the GPL. All the *non-creators* who want to use the stuff the creators made without giving their own users the same freedoms are the ones who whinge.

GPL is not slavery and saying it is means you have a poor grasp of it. GPL is set of copyright terms that are designed to avoid slavery/proprietary lock-in/corporate malfeasance to users. If you don't want to use/re-use GPL software then don't. The GPL creators owe you nothing so quit whinging. How about you *create* something yourself - then we'll see what the copyright infringers and software stealers (China is bad for this) make with your stuff.

Re:The Era of Linux is at hand

[SplashMyBandit]

The word 'piracy' is an attempt by Big Media to frame the debate. Let's be clear: 'piracy' is unlawfully attacking a ship on the high seas; 'copyright infringement' means unlawfully copying something. In this case 'freedom' will never equate to piracy. Freedom may mean ignoring copyright infringment if it is for the greater social good (which is my understanding of Stallman's position) - in fact in the past the USA was founded on industries that bypassed patents and copyrights held by British industry (such as automated looms etc), so such as position is not without precedent and is no less moral than the fledgling US government (the 'Founding Fathers' as they seem to be idolized as today).

Re:The Era of Linux is at hand

[vux984]

You must only use the GPL not the MIT, BSD, Apache, University of Illinois, etc... licenses.

You can choose whatever license you want if you write the software from scratch.

But if you decide to take GPL software to make your project, then you have release your project under the same license. Those were the conditions you accepted when you took SOMEONE ELSES CODE and used it in your project.

If you don't like those conditions, don't incorporate code that belongs to those people into your project.

Re:The Era of Linux is at hand

[GameboyRMH]

BSD fans are the libertarians of the software world. They want full freedom in theory even if it means serfdom in practice, rather than a system which is less free in theory but delivers more freedom in practice.

"No longer"?

[Lisias]

And it was ever trustful, in the first place?

Re:"No longer"?

I don't get the article.

What does SOPA in the USA add to the fact that closed source software cannot be trusted?

Running the numbers?

[thej1nx]

One of the major arguments for SOPA have been the trillions of dollars of theoretical losses of sales by the Media companies. As has been pointed out repeatedly ad nauseum, these losses are only theoretical.

But has someone on the senate actually done some estimation of possible loss of revenue, if the internet actually becomes splintered and USA loses its control? Or of even more foreign governments just turning to open source solutions, instead of to, say Microsoft? China, for example, is a big competitor already for the control of internet. They control a sizable part of it already. Let us say that they actually get it in their head to actually set up an alternate mechanism and act as the controlling authority? Even USA doesn't really dares to stand up to them... so all in all, we are talking of China ultimately controlling the distribution of said media/softwares, and who knows what terms they will set for the USA based companies?

I will admit that chances of above happening are remote at the moment. But what are these media folks, and their employees in the senate, smoking? Why even take the chance?

Re:Patriot Act Backlash Mk2

[Baloroth]

which is hilarious because our manufacturing base is gone.

Which is why we still have more manufacturing capability than any other country in the world, including China? Granted those stats are a bit old, it's still true. The number of jobs is down (by a lot), because US manufacturing has grown more efficient, which creates the impression that we lack manufacturing capability. Well, that and all the "Made in China" crap you find at Walmart. The reality is the US makes ~18% of the worlds manufactured stuff. And that is considered a "small fraction" of the US's economy. In an international context, the US is massive. Still by far the biggest player.

Also, the US probably should ban Chinese electronics in defense applications, but they don't.

Closed source software can never be trusted

[Hentes]

Security-critical environments are one of the few places where open source should be a must.

Brilliant!

[jjoelc]

We all know that SOPA is all about the money (I'll ignore the "everything is" argument, for now). Money the *IAAs feel they are losing, money the politicians have accepted in campaign contributions... Even the advertisements trying to drum up support for SOPA are about all the jobs (money) that will be lost if this doesn't become law...

Every argument I've heard has been about ideals and technology... We all know how politicians and corporations feel about ideals. Freedom of speech, Impossible to implement, Would break the very foundation of the web, etc... All meaningless to these people without a dollar sign attached to them.

This is the first argument I have heard that directly turns the tables. "Pass SOPA, and we will no longer trust any software produced by a US company." This would affect many more than just MS, Apple, and Google... How many PCs will Dell, (or HP, or Acer, or...) sell outside of the US if they are not allowed to sell them with (or without) Windows? If Dell et. al. are forced into producing computers with Windows installed for the US market, and %NotWindows% for the rest of the world, how long before they decide it isn't worth the effort, and just pick their favorite %NotWindows% for the entire line? How many jobs will be lost if no one in Europe is allowed to use Photoshop, MS Office, iTunes, AutoCAD,... The list goes on and on.

Do I think this is likely to happen? Not really.. But it makes for a good advertising campaign against SOPA.

Linux won't save you

[brainzach]

Those who will be affected most by SOPA are those who rely on American billing, search and advertising services.

It doesn't matter if you are running Linux, if you are hosting content that is flagged for violating copyright law, then you risks losing your advertising revenue.

The solution to the problem is to use services in other countries than the US. Whether you are running Linux or Windows is irrelevant.

Who watches the watchers?

[shmlco]

I find this sort of thing rather amusing. You didn't trust closed source software...

So you download ten million or so lines of source code from some anonymous server, written by thousands of people you've never met and will never know. You then build it using even more software and libraries and tools running under yet another OS, and you then install it on hardware with its own BIOS and roms and controllers.

Hundreds of millions of lines of code you've never seen, and never will see...

And yet the end product of THAT result is somehow more trustworthy.

Right.

Re:Who watches the watchers?

[PaladinAlpha]

True or false: it's easier to audit software you have the source to, compared to software you only have a binary for.

True or false: the source to a piece of distributed software is in the hands of many people.

True or false: if one person finds a problem, they can find others.

How would you feel if laws were secret? Yet, how often have you read through all the laws on the books?

Re:HATE AMERICA WEEK

[flimflammer]

It's a Foster Motherland.

Let's first get this right:

[rickb928]

"Why American Corporate Software Can No Longer Be Trusted"

This should read:

"Why Corporatations Cannot Be Trusted"

And I'm not sure TFA answers that very well.

Today's global economic situation is not much different than that of 1932. After years if not decades of reckless investment, currency and market manipulation, leveraged investment, and rapacious profit-making, US corporations and banks conspired in a way that ultimately led to a economic meltdown.

In 1929 they didn't need computers and software to do this. They needed a willing and complicit Legislature, courts, and government agencies. The results then are well known, as they are today.

We started back down this path in 1999 with the repeal of the Glass-Steagell Act. Couple that with the continuous pressure to expand home ownership, a Federal Reserve inappropriately tasked with controlling inflation and economic growth, and lack of oversight into multiple industries (Accounting firms audting a corporation while their banking divisions floated the IPO, for instance) and you had the makings of a perfect storm. It came.

Corporations, by design, cannot be 'trusted' to act in the 'public interest'. They need to be at least minimally regulated, if for no other reason than to prevent the most egregious abuses.

What this has to do with software is beyond me. It's more than that, a lot more.

Re:China does the same stuff

[rickb928]

I have no such expectations of privacy at work. My duties are monitored and evaluated. If I make use of 'my' workstation for personal purposes, I am actually using the company's workstation.

I can't access web based or personal email at work - primarily to complicate transferring data to non-company storage. I can't access Facebook, Linkedin, and a host of other social systems. I can't access a multitude of sites that are either known to provide information about compromising systems, or are known to host malware of any sort. I cannot use several commenting and interaction systems such as Disqus.

Antivirus software is the least of the security measures on 'my' workstation. The corporate LAN, both wired and wireless, require certificates for me to connect. DLP processes on 'my' workstation track every read and write. Specific filters look for characteristic types of data, and prevent its transmission in emails and instant messages. Documents of al types, even text, are required to be categorized by the nature of their confidentiality, and are blocked from being stored on certain storage if they require more security than is afforded by that media.

Email can be encrypted by a method that requires the recipient to register at the corporate website to read and interact with it. Certain data cannot even be sent encrypted without specific certificates that are given only to employees for whom this is a required function.

Mind you, I have the privilege of using removable media. Not many employees do, or need to. I need to share data with non-corporate entities regularly. I assume my activities are scrutinized.

And yes, I post to Slashdot from work. Not now, but that's one reason why I share a little more info.

In the largest, most vulnerable corporations, the stakes are much higher than most people imagine. And the largest corporations are the most vulnerable.

And ultimately, everything here and in similar forums on the Internet is cataloged, analyzed, and processed. By several entities, here and abroad. It's not like Slashdot is a secret. Pretty much everything without an HTTPS in front of it is no secret, and some of the HTTPS stuff is also.

Privacy is what you do by yourself.