Slashdot Mirror
RMS On Why Free Software Is More Important Now Than Ever Before
jrepin points out an article by Richard Stallman following up on the 30th anniversary of the start of his efforts on the GNU Project. RMS explains why he thinks we should continue to push for broader adoption of free software principles. He writes,
"Much has changed since the beginning of the free software movement: Most people in advanced countries now own computers — sometimes called “phones” — and use the internet with them. Non-free software still makes the users surrender control over their computing to someone else, but now there is another way to lose it: Service as a Software Substitute, or SaaSS, which means letting someone else’s server do your own computing activities. Both non-free software and SaaSS can spy on the user, shackle the user, and even attack the user. Malware is common in services and proprietary software products because the users don’t have control over them. That’s the fundamental issue: while non-free software and SaaSS are controlled by some other entity (typically a corporation or a state), free software is controlled by its users. Why does this control matter? Because freedom means having control over your own life. ... Schools — and all educational activities — influence the future of society through what they teach. So schools should teach exclusively free software, to transmit democratic values and the habit of helping other people. (Not to mention it helps a future generation of programmers master the craft.) To teach use of a non-free program is to implant dependence on its owner, which contradicts the social mission of the school. Proprietary developers would have us punish students who are good enough at heart to share software or curious enough to want to change it."
I dare anyone, especially after mr. Snowden's revelations, to contradict mr. Stallman's points.
Thank you rms, for fighting for our freedom for 30 years!
assignment != equality != identity
> To teach use of a non-free program is to implant dependence on its owner
Does this mean the author is also anti-State?
The State enforces (non-free) the use of a number of services (police, benefits, military, etc) which implant dependence upon citizens (who also *have* to pay for it - in that sense it's worse than non-free software, because with non-free software, you have a choice as to whether or not you buy).
>free software is controlled by its users
In practice, free software is controlled by a technocratic elite. Sure, you CAN control it, but the vast majority of the users do not care and will simply accept whats handed to them. The hacker ethic is for hackers only.
It's not enough for software to be free - it has to be good for the masses. You have to think of and for the poor sods, or they will microwave the cat, so to speak.
One thing the FSF's licences haven't dealt with properly is the problem of Free software being used to TAKE control rather than GIVE it. Most of the huge SaaS providers are running Free software, adapted as they will - but with code not distributed, because it doesn't need to be as long as they're not distributing their proprietary platforms - and with all your data on their systems. Should the GPL be adapted to deal with that? Could it?
Maybe the FSF need to prepare a set of terms to explain what counts as adequate vs inadequate control over systems and data - to be more clear about e.g. how one could prepare a 'phone ecosystem which leaves control in the hands of the user. For "server" to be a person's home computer rather than Google's cloud would perhaps be a start.
Every time I read an RMS opinion, it seems to start at a good position and consistently attempts to be more and more idealistic to the point that he seems to be arguing a strawman
.
So schools should teach exclusively free software, to transmit democratic values and the habit of helping other people.
Malware is common in services and proprietary software products
To teach use of a non-free program is to implant dependence on its owner, which contradicts the social mission of the school.
Proprietary developers would have us punish students who are good enough at heart to share software or curious enough to want to change it.
I know he defines Malware differently from the common way (he considers DRM as malware, for example), but democratic values are less likely to be transmitted if I use Office? Proprietary developers want to punish students? I guess he means the corporations - and again, they don't generally give their source for modification, so they might be preventing students from modifying other people's work. Is that punishing them? I won't even claim to understand what the social mission of schools are supposed to be - prepare students for functioning in society? Prepare them for jobs? Prepare them for college? Prepare them to develop free software? Prepare them for ignoring copyrights?
The biggest threat to computing today is walled gardens and web appliances which build their walled gardens on top of free software. Apple's iOS, Google's Chromebook, and others take free software and build a crippled platform on top of it to create a locked-in walled garden. Did anyone in the 80s even imagine such a thing was possible? There should be some way to stop free software from being exploited like this. Apple, Google, and others are using free software to create the very thing free software is meant to prevent.
Crypto is what stops 'them' getting to see your data
End-to-end cryptography won't stop "them" from seeing with whom you communicate, how often, where, and when.
Of course, in practice there might be issues with trusting them to be running the code they say they're running.
Things like "trusting trust" are why David A. Wheeler invented diverse double compiling. Take two or more independently developed compilers, preferably Free ones such as such as GCC and Clang, and bootstrap a compiler in all of them. If the end result of both bootstrap processes is the same binary, the resulting compiler is overwhelmingly unlikely to be booby-trapped.
Free-Software-as-a-Service gives you the freedom to choose which Service to trust, or to run your own Service if you wish.
Which doesn't help if the Service is a social network whose value lies in allowing users to communicate with other users of the same Service. Nor does it help when telcos have a blanket policy of not letting home users run their own Service. Let me know when Diaspora and some federated alternative to Twitter are ready for inexperienced end users.
Android runs on open source kernel (Linux) similar to just announced SteamOS Linux distro that might dominate the desktop like the bat out of hell soon.
Why should the school itself not be in charge of it's own stuff? Should we give the students the admin password to the grade-tracking software?
I didn't see anything in Mr. Stallman's essay implying that students should have administrative privileges on the school's authoritative instance of the grade-tracking software. But students should still have the opportunity to obtain a copy of the software to study and possibly share with other schools that friends and family attend. Besides, software to administer a school is not the only software used in a school. Mr. Stallman used the example of Adobe Photoshop. Schools shouldn't teach particular proprietary software packages. Instead, they should teach skills, and skills can be taught in free software such as GIMP.
While proprietary software won't always do things the way you want them for normal applications you could always restrict their permissions, firewall their network and most importantly unless you had a very serious leak built in the data stayed on your own computer, it might be locked up in a proprietary format with software that has forced obsolescence but I always felt the hyperbole was a bit thick. If you buy a CD you buy the mix the artist wanted you to have, you don't get the raw tracks to remix it the way you wanted it to be. Likewise when you buy a closed source game you get the game experience they wanted you to have, not all the source and assets to remake it the way you wanted it to be. All other things being equal it'd of course be desirable, but it's doesn't make it worthless or immoral to buy it without that possibility.
With "Service as a Software Substitution" as RMS calls it or as web services and the cloud as I'd call it you've got no control at all of neither the software nor the data. You can't even do the slightest change in how it works. When they want it to change, it changes and there's nothing you can do to stay on an old version the only thing you could do is to go nuclear and stop using it at all. Getting the data out and over to a competing service is often far worse and more locked up than a proprietary format. And again, they control your data. I'd be far more concerned about all my documents being on a Google Docs server somewhere than in a MS Office document on my disk under my control.
The worst part is really the way you're tied not technically to their service though, but legally. When the iTunes app store tells me they've updated their Terms of Service and asks me to answer yes or no, it's basically "Would you like to continue using your phone as normal or totally cripple all access to new software and updates?" I don't even bother reading it, it's accepting at gunpoint anyway. And I really don't feel it'd be much different with Android and the Play store. It didn't concern me much when it was primarily so I'd have a phone to play Angry Birds on (see above) because I totally don't care where my scores go, but as you start wanting to use it for more serious things it matters but there's really no opting out.
The stupid thing is that I really do like advantages of cloud syncing, I'd just like it to be against my own private server or at least in a local colo of my choice. I don't want to route it through Apple or Google or Facebook or any of the other big megacorporations. But what we need is a solid alternative, not the wailing song of RMS. He could have complained about the lack of a free kernel forever but as long as HURD wasn't an alternative it just didn't matter much until Linux came along and became usable. Give us a real alternative, based perhaps on AOSP or Ubuntu Touch (ugh) and maybe we can turn the tide. P.S. There was a poll here, 90% wouldn't change their online habits one bit after the Snowden revelations - don't assume the general public is with you.
Live today, because you never know what tomorrow brings
But that Linux kernel is at the complete mercy of the wireless carrier and the handset manufacturer. Not to mention the hundreds of app developers to whom you are willing to surrender systems level access in order to use their services. An open source kernel is useless when the rest of the infrastructure is being broadcast to the waiting world. Plus... getting the Linux kernel to load proprietary kernel modules is trivial. You don't think the Linux kernel on Android is already doing that?
Brought to you by Frobozz Magic Penguin Fodder.
http://xkcd.com/1228/
On phones: Android is Apache-licensed free software on a GPLv2 kernel. Otherwise, there could be no CyanogenMod.
On consoles: Perhaps Mr. Stallman might accept a Free engine with non-free mission packs, as those are works of art, not works of productivity. There do exist free engines, such as the engine of many Id games more than five years old, and they work fine on general-purpose computers such as GNU/Linux PCs and Android phones. The problem with running them on consoles is artificial, nearly equivalent to tivoization: console makers have historically been opposed to free engines, Nintendo in particular banning anything copylefted. This dates back to 1985 when Nintendo had to reassure retailers that its games would be of higher quality than the me-too crap that was plaguing the Atari 2600 in order to get its NES consoles and (physical) game media in their stores. Such demand for quality control is why very few consoles even allow the use of software obtained from unknown (to the manufacturer) sources. But in the 2010s, the need for this reassurance becomes somewhat less necessary as physical media gives way to widespread broadband and web reviews. Thus OUYA (which runs Android) and the Steam Machine (which runs SteamOS, apparently based on GNU/Linux) can start turning this around.
Sure, if you don't have any programming skill then you can't hack on Free code, but you can still pay someone else to add features/fix bugs/remove Bad Things.
Exactly. Here's how I explain it to people: Free software means you get the blueprints and are free to hire anyone to make the software do what you want.
Competition between FOSS projects can alleviate this. If/when Gnome make a bunch of unpopular user-interface decisions, its users generally have the option to move to KDE or one of its other rivals.
Competitors in this sense need not even be as different as GNOME and KDE products. MATE and Cinnamon are forks of GNOME 2 and GNOME 3 that have gained a following.
GPLv3 anticipates tivoization and requires distribution of "Installation Information" that allows use of a particular program with its intended platform. As for Chromebook, I thought Chromium OS was free software and that the hardware gave the end user the power to reimage the device and and unlock its bootloader.
But that Linux kernel is at the complete mercy of the wireless carrier
Only in North America. Most of the rest of the world uses GSM and doesn't price a handset subsidy into the phone bill. If (like me) you happen to be stuck in the United States, switch to T-Mobile, the only carrier among the major carriers that respects hardware freedom.
The free software principle is sound but the implementation leaves something to be desired. The issue as I see it is one of resources and the ability effect change. Without a complete plan to deal with the pressures outside the scope of free software it is sand castles and it ignores the larger issues which are integral in maintaining any advance made. It is more a statement that describes a vector direction without the means to generate force toward the goal.
Stallman offers no solution to the core problem which is that any system must be able to be at least self supporting or generate more energy than it consumes to be effective and grow. The principle of shared technology works better if you start with the ability to collect and apply energy.
An army marches on its stomach and a general that calls you to battle without a plan to feed the troops is just asking you to bring what food you have and join them in a battle against opposition that is well provisioned and has first considered that they must eat if they are to continue to fight.
Car analogy: great map, great engine, no gas.
Not always. In my country, and many others, the state requires you to conduct all correspondence with them in Microsoft Office format
Then the leaders of your country, and many others, are intellectually disabled for insisting on a format controlled by a foreign company, especially one based in the country with a notorious NSA.
or not conduct business in the only country you are allowed to live
You appear to reject seeking asylum from a proprietary software regime.
get dragged off to jail
Can the state imprison 100% of its population?
End-to-end crypto
Please see replies to Wootery's comment.
Cool. Then I want to be a software engineer, make something cool, and charge everybody who wants my product to pay a certain amount of money for my time and effort. Real money. I don't want to sell t-shirts to 1% of the users.
Oh wait. I have to live in poverty.
Personally, I'd like a Star Trek like society where money is irrelevant and everybody is cool. I want it, I want it! --- Dreaming child. Dreams are so cool when you don't have any solutions and ignore the collateral damage.
Federation citizens do live in poverty, or hadn't you noticed? Sounds like you'd prefer to live as a Ferengi.
In real life, you can buy plenty of hot Earl Grey tea on the dole.
Why is it that you think that if the entire chain is open that means it has to be zero cost to you the customer?
They don't follow on.
Free has more than one meaning. You're a free man, yes? Does that mean you work for zero wages?
Think on it.
If you can.
Re The collateral damage?
Not sharing a codebase with purveyors of fine DRM? Not helping the big brands who decrypt for govs without a court order, users bulk plain text just given out.
People will be looking into ideas like the Loongson processor, the quality of OS code and software they select to use. Not seeing much "collateral damage", just good quality code on well understood CPU's.
Domestic spying is now "Benign Information Gathering"
if the NSA/CIA/FBI forces companies to put backdoors and hand over master-keys to encryption methods for both internet connections and locked files & disk drives then if the Government can get in them i am sure criminals can find them and break in too
Politics is Treachery, Religion is Brainwashing
if EVERY SINGLE photo you post on facebook has a 2048 byte sample of /dev/random shoved inside of it, they will never know that the photo of the shaved cat actually holds a 2048 byte encrypted message in it.
Which is part of why the telcos have introduced capped data plans. If it takes a 204800 byte page with a photo on it to send a 2048 byte message, you've just reduced your cap by 99 percent.
than such hack could be in essentially all the CPUs you'd purchase.
I don't see how such a hack could be embedded in a computer built out of discrete gates, such as the Apollo Guidance Computer or Kevin Horton's NANDputer. A chain of bootstraps starting at this sort of discrete logic could provide even stronger evidence that your compiler and login executables aren't boobytrapped. Besides, major revisions to the compiler would likely break the backdoor detection in existing CPUs.
Now we're working on a really big (noisy) Tetris game with contractors and LEDs
I wonder what Henk Rogers and Alexey Pajitnov would think.
But it was the best straw the idiot could manage to make out that he's far more intelligent than that stupid hippy RMS, who is entirely out of touch with reality, unlike AC here.
Sounds like you need to switch to a good ISP
I imagine that most people in my country don't care enough about their rights to move the family to a city served by said good ISP. And given the state of immigration laws throughout the world, I doubt Australia would even let them.
Is that a dare?
Imprisoning the whole population would certainly be a physical challenge.
Google cloud print SAAS offers an innovative and deceptively convenient way to circumvent the printing/scanning problem from ARM phones/tablets running android. It comes at the price of privacy because you are sharing what you print with google. Are you really sure you want to share all that you print with google? Wouldn't you prefer to always keep your printouts private?
HP/EPSON/CANON designed their printers/scanners to usb connect and print/scan from INTEL/AMD desktops/laptops running windows and NOT from ARM devices running Linux nor Android. You can't usb connect/print/scan from an ARM phone/tablet at present. VENDOR lock-in anyone? Will USB plug and play firmware in printers and scanners ever directly support connectivity to ARM/Loongson/MIPS devices? Firmware from these scanner/printer companies isn't typically open-source which makes it difficult to introduce recently identified new requirements. It's about time that they do become open-source because it's starting to be a real mess for printing/scanning connectivity from legacy printers/scanners with mobile devices. While the manufacturers are at it, it would be a good idea to implement support not only for ARM in ANDROID, but also Loongson/MIPS/ARM in android and GNU/LINUX while they are at it. It would go a long way to preserve everyone's digital privacy.
No... as per GPL3 BS that was tried to be pushed on the open source communities. You basically have two types of people
a) those that don't care
and
b) those that do, but are helpless to change the minds of those who don't
In the case of proprietary closed devices, they exist because because the average person is an imbecile, who thinks their 600$ smartphone magically costs 0$ to make when they get it for 0$ from their wireless carrier. These devices need to be locked down otherwise we're be in even worse shape had Microsoft just gone off and abandoned Windows XP and made no more versions of windows. The fact that Windows is open enough for malware to get into it speaks much about how targeting the target with the largest surface area. That being Android on the Mobile phone/Tablet market.
As for Cloud software, no this these things are no more secure than the effort one takes into securing their own machine, which is barely anything. Go look at your "netstat -a" dump and tell me how many connections are SSL port 443 instead of HTTP port 80. Suffice it to say that yes storing your stuff on someone elses machines IS inherently unsafe, but people always pick convenience over safety (gawds I've been having this goddamn argument on the FFXIV forums every day since it launched) unless incentives to use the safer option. FFXIV provides a free iOS or Android authenticator app (basically a second one-time password generator), and there are loads of people who are getting "hacked" because they aren't using it or the hardware version. Here's a great example of why you want a platform to be closed, because in this case, someone could just snarf the data used for the authenticator if their device was compromised, and they'd never know about it. Only jailbroken devices on iOS have ever been compromised. Android likely has been compromised even without being Jailbroken, but even then, there's "official-but-not" jailbroken firmware for all android devices, so using this app on a jailbroken device is no more secure than having none at all.
It all boils down to support cost. If you can lower support costs by locking down the platform, then you lock down the platform. If people want to unlock the platform, you just turn a blind eye to it and don't support it, but you don't really have to do anything unless you're an intermediary affected by it (eg ISP)
Could you imagine a situation where ISP's do not allow Linux machines on the internet? Their hosting customers would simple go somewhere else.
See that's what we need, is to keep having the option to have an open device or platform, but we don't necessarily want everyone on it, because, again, the support costs would hinder development of the open platform. That's where open source is supposed to be better, people who actually know how to RTFM, do. Those that don't continue to use Windows and OSX/
First, he's explaining why freedom is important. As a weak comparison, it's like eating junk food: it looks good and tasty at one moment, but in the long run terrible consequences will probably arise.
But you have to explain it: I've seen this image elsewhere -- it's just like air, you don't miss it until you cannot breathe...
> Proprietary developers would have us punish students who are good enough at heart to share software or curious enough to want to change it. They are even drawing up anti-sharing propaganda for schools.
This is at the heart of many of the world's current problems: that's valueing tradition (i.e., rewarding those who invested) over innovation (e.g. using patents to challenge new inventors). If anyone would brainwash our children with any other propaganda, we would be enraged -- yet these guys come with such anti-social, political hogwash exactly on those which are more naïve -- like children or even the "man on the street".
How can we change ourselves for better if tradition is rewarded while revision is punished?
In spite of all that, IMHO we (and RMS) should seize the opportunity to create neutral services instead of simply discarding them -- either by doing our own personal clouds or by using a trusted one (like when we use Debian repos -- to give an example that illustrates also the need for security, as we once witnessed). After all, RMS turned a legal construct in favor of Liberty by creating copyleft.
I don't know if we can attribute the work of thousands to one person, but at least I'd like to THANK Richard for choosing to stand up and raise his voice on a problem he saw; for working (in the best sense of the word) to make this a better world.
For the record, RMS, I use the name Linux as a shorthand like many others, but as I understand it's GNU OS (with a kernel which happens to be Linux).
Bootstrapping means compiling a compiler with itself. For example, if you have compiler A and the source of compiler X, you compile X with A to make XA, then you compile X with XA to make XXA. Then you compile X with B to make XB, and you compile X with XB to make XXB. XA need not match XB, but XXA must match XXB bit for bit because they're both compiled with X.
Really wish he'd have used Microsoft Office as the example.
Mr. Stallman has been aware for years that the public is tired of free software advocates demonizing Microsoft. It pays to mix up the examples a bit, and GIMP wasn't that much harder for me to learn than Photoshop.
If there's a way to fuck consumers, it will be used. That's why I'm a gun-toting, free-speech-expressing citizen who knows what habeus corpus is along with a bunch of other Latin terms I'm too tired to list right now. And I think my fellow citizen Mr. Stallman has a damn good point nearly every time he opens his mouth. The other times, it's at least funny...
PC moderators can suck my White pierced, tattooed dick. If you think pride == hate, s/dick/Aryan meat mallet/g.
Ain't it silly how RMS embraces and extends acronyms? I was already familiar with "Digital Restrictions Management" for "Digital Rights Management", but "Service as a Software Substitute" for "Software as a Service" was new to me.
I can't hope to be as good at this sort of thing as Stallman, but let's give it a try. How about "GNU Pollution License" for "GNU Public License"? This recognizes the fact that the GPL pollutes your right to distribute software freely under any terms you like, notably by preventing you from distributing it in compiled form without source code. Then again, maybe that should be "GNU Prevention License".
Or maybe it should be "GNU Proselytizing License", because once your software has been proselytized into the GPL fold, it gets bundled with your software, presumably to go off and make other converts. May the Borg be with you.
And what about the "Free Software Foundation"? Let's turn that into the "Fear Software Foundation", since fear mongering seems to be the foundation of the movement.
Every movement needs a zealot, and every zealot needs a mantra. But RMS's new favorite form of zealotry, embracing and extending acronyms, seems a bit juvenile to me.
what big nonsense is the guy talking, there is at least just as much 'malware' in free software as there is in closed, most people just download their stuff from anywhere without checking it's source. Free software seems great, but most of the times it's not as polished as closed software and being able to just fork it so you can change what you like is great if the project already was at it's end, but else you have to keep maintaining it with the original project, and a lot of times the fork just goes dead (or the original project), which ofcourse isn't a big problem if you are a developer yourself, but as a regular user it can be a problem..
There is room for both as there is enough software which is specfic and not available as free software, and you can't tell a developer to make it's software available for free, money needs to come in..
Slashdot is currently running this story with the logo of the Open Source Initiative—an organization RMS has never been a part of, did not start, and which offers a different philosophy that does not agree with the philosophy of the older free software movement Stallman did start.
I don't know why someone would make the choice to run this story with the wrong logo attached to it, but I hope Slashdot will correct the error. It is still unfair to misrepresent RMS's opinion.
Digital Citizen
This is an important struggle, to educate the populace and liberate us all from the shackles of proprietary software. Schools now equate education with the the Ipad, Microsoft suite and Adobe Creative Cloud. Part of this has to do with the workplace that insist on this standard. As you see companies switch from selling the Adobe Suite to now renting it, and if you don't pay your rent you don't work--this is the height of evil. A barber would rather own a pair of scissors than rent. These proprietary companies have one purpose, to maximize profit. Free software advocates have one goal, to further the public interest. Besides, if we all share the code, we all benefit. The proprietary path seems detrimental to all, except the companies that generate it. We need to dig in, educate, and liberate.
"SO we bide our time, waiting for a purer kick to bloom and the future is still bleak, uncertain and beautiful" -GSYBE
I very much agree that SaaS is yet another strategic approach to controlling information and the software used to gather it. But it's hard to completely throw away such a useful abstraction. From a pragmatic view, SaaS is a convenient separation of concerns applied to both infrastructure and software.
Perhaps I missed it, but does RMS actually supply a solution to problems solved by SaaS? I noticed a few already in the threads here, but this basically characterizes most choices:
1. A completely decentralized approach, where everyone shares the software and information equally.
2. Every SaaS must run and share opensource code, as well as somehow opening sourcing the content (safely) as well.
3. Assume the worst about all endpoints, eventually empirically and/or contractually trust certain ones in a white list.
"Recursive bipartite matching"- try it!
So why the fuck are you choosing someone you think will put a backdoor into your code???
You DO know that you don't get to choose anyone to write for your Windows installation on your PC, right? So if you have (and can) get Microsoft to issue you a patch for something you specifically need, not only will you pay shitloads for special treatment, but you don't get to choose who does it NOR LOOK AT WHAT YOU PAID FOR.
But because you're a fuckwit, you choose Mr Hacker.
It is now 30 years since I launched the campaign for freedom in mechanical devices, that is, for mechanical designs to be free or “libre” (we use that word to emphasize that we’re talking about freedom, not price). Some proprietary devices, such as metal lathes, are very expensive; others, such as chisels and hammers, are available gratis — either way, they subject their users to someone else’s power.
Much has changed since the beginning of the free mechanical devices movement: Most people in advanced countries now own mechanical devices — and use various materials with them. Non-free mechanics still makes the users surrender control over their mechanical applications to someone else, but now there is another way to lose it: Devices as a Substitute, or DaS, which means letting someone else’s device do your own mechanical activities.
Both non-free mechanicals and DaS can shackle the user, and even attack the user. Quality issues are common in proprietary mechanical device products because the users don’t have control over them. That’s the fundamental issue: while non-free devices and DaS are controlled by some other entity (typically a corporation or a state), free mechanical devices are controlled by the users.
Why does this control matter? Because freedom means having control over your own life.
What about the freedom to decompile open source software that others will not give you the code for because they added things that take away freedoms on the most common platforms (i386, i686)? I dont see RMS standing up for our rights in that area, he just wants to create code not make sure others cant take it from him. The best decompilers are all very commercial and cost thousands of dollars a seat. in fact there was only one I could find that actually worked at all and it still sucked in ways that i really should not have. RMS doesn't have his priorities straight but its hard to belive that this is not intentional; cant help but wonder who is paying him or the rest of the open source community off not to have a really good decompiler as every time such a project starts it very suddenly stops being supported/usefull and fades into the black. If you really support open source, help get us a good x86 compiler that will at the very least convert to C; The current options just dont work and I think thats intentional.
- d
In the future days, which we seek to make secure, we look forward to a world founded upon four essential human freedoms. The first is freedom of speech and expression—everywhere in the world. The second is freedom of every person to worship God in his own way—everywhere in the world. The third is freedom from want—which, translated into world terms, means economic understandings which will secure to every nation a healthy peacetime life for its inhabitants—everywhere in the world. The fourth is freedom from fear—which, translated into world terms, means a world-wide reduction of armaments to such a point and in such a thorough fashion that no nation will be in a position to commit an act of physical aggression against any neighbor—anywhere in the world.—Franklin D. Roosevelt, excerpted from the State of the Union Address to the Congress, January 6, 1941
The "compilers" in the first stage of Wheeler's construction need not be compilers; they can also be interpreters. Good luck making a backdoor that recognizes picoc, Ch, and CINT, which I found through Google c interpreter, especially if written in a different language following Herb Schildt's guide to writing a C interpreter. And good luck making a binary-propagating backdoor portable across CPU architectures. It's not entirely foolproof, but if one of the "compilers" is an ARM-to-x86 cross-compiler and another is a C interpreter running in an x86 interpreter such as DOSBox (to exclude microcode backdoors), I can reduce the probability of a backdoor to less than a rounding error.
I have no idea how an interpreter could be involved since it doesn't generate a binary at all.
It does when you interpret a compiler. If you have a program written in C, and you run its source code in a C interpreter, the output is the same as if you had compiled it and run it. So if you take a C compiler's C source code and run it in a C interpreter, the output is a binary version of that compiler.
I can reduce the probability of a backdoor to less than a rounding error.
I'm a bit disappointed to see you come back from your (correct) resignation that the best we can ever hope for is "reasonable doubt" to what now sounds like you are asserting as "There is a way to overcome Godel incompleteness, and Wheeler proved it.
That's not what I'm asserting at all. All I meant was that the amount of doubt, quantified as a probability of backdoor, can be brought below a reasonable epsilon value.
red hat, thus all distros based on it such as centos and SL, have refused for years to update openssl and every thing it depends on.
strictly speaking they have met their opensource requirements, while leaving millions of real world implementations of crypto exposed.
before anyone does the stupid 'but you have choice' response, tell that to the systems admin that has to patch 10,000 systems and not break any of them now or in the future. they have to stay compatable to the main distros.
Bertrand Russell's The Impact of Science on Society (1952) should probably be given another read:
Now consider when the http://en.wikipedia.org/wiki/Bilderberg_Group met for the first time (1954) and who gets to attend... ;-/
Who's still listening to this hippie's gobshite ? Only dumbasses self-congratulating themselves, how smart they are not to use Window$ or O$X. Even though they haven't done anything productive for years. Assholes
from "Free Software..." to "Freedom Software...". IMHO.
AT&T charges its customers for a subsidized phone even if they bring their own phone.
If the compiler checks for the presence of an NVIDIA card, then the check will either A. be in the compiler's source code or B. propagate through a "trusting trust" backdoor. To defeat A, use a compiler distributed as free software. This means many eyes have the opportunity to audit the compiler, whether yours or those of professionals at a major company. To defeat B, use diverse double compiling.
Yes, I know. But the financial aspect is completely orthogonal to not being tracked. If you're willing to pay for it, you can still BYOD and run your software on it to your heart's content - it's technically possible.
First of all, you don't have the compilers source code.
You have a compiler's source code and the binaries of multiple independently developed compilers or interpreters for the same language. After the bootstrap process completes, you should be several nines confident that this source code is the source code for the resulting binary, provided that the multiple independently developed compilers or interpreters don't all have an identical backdoor. The probability of all readily available compilers having the same backdoor is so small that the result of DDC is beyond reasonable doubt.
Even if you could be sure of that, the compiler was compiled with a compiler
The first Fortran compiler was written in assembly language. So was the first C compiler. So was the first Lisp interpreter. So were the 8-bit BASIC interpreters on late 1970s to early 1980s 8-bit home computers.
Option A is ridiculous. It basically says, verify the compiler is clean by looking at all of the source (an essentially impossible task)
I wonder why a widely used encyclopedia's article about an allegedly impossible task doesn't mention that it's impossible. And for programs intended to fit into a handful of kilobytes, such as the first Fortran compiler or a tiny C compiler, an audit is quite tractable.
You are always running an unvetted program unless you coded it in machine language from the ground up with custom hardware and toggle switches.
You mean like what Kevin Horton did with his NANDputer? In any case, I could take one of those 8-bit BASIC ROMs, desolder it, hook it up to toggle switches and LEDs, read it out bit by bit, and verify that it matches the disassembly. And yes, mass-produced 6502 CPUs and BASIC ROMs have been decapped and photographed to make sure no funny business is going on inside the ROM chip itself.
Where is the source code for my Android phone?