Forgot your password?

Comment: Software freedom > "fast" and "not bloated" (Score 3, Interesting) 207

by jbn-o (#46499547) Attached to: Firefox Was the Most Attacked & Exploited Browser At Pwn2own 2014

At least Firefox can be altered to become what you want it to be because Firefox respect's a users software freedom. Far more important than vagaries like "fast" and "not bloated" is how a program treats its users. Proprietary browsers leave users no opportunity for improving the program. Thus security issues in proprietary programs go unfixed and are exploited for years. This, in turn, allows others to invade people's computers and leaves users helpless. This is exactly what happened with Apple's iTunes for over 3 years. I would not be surprised to learn that software proprietors including Microsoft, Google, and Apple are doing similar things with proprietary web browser programs as well.

So while I like trustworthy programs like other computer users, I know that I can't ascertain the trustworthiness of proprietary programs like Microsoft's Internet Explorer, Apple's Safari, and Google's Chrome. The extent to which any of them are built from software that respects my software freedom is irrelevant because proprietary programs and their updates are essentially black boxes. I can't possibly inspect or fix all of the software I use, but I can put myself in a position where I stand to benefit from the improvements a lot of programmers make by exclusively running software that respects my freedom to run, inspect, share, and modify—free software—freedoms I value in their own right.

+ - Replicant developers find and close Samsung Galaxy backdoor->

Submitted by jbn-o
jbn-o (555068) writes "The Free Software Foundation reports that developers of Replicant, a fully free/libre version of Android, "discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system".

Replicant developer Paul Kocialkowski explains further in the blog post: (emphasis mine)

Today's phones come with two separate processors: one is a general-purpose applications processor that runs the main operating system, e.g. Android; the other, known as the modem, baseband, or radio, is in charge of communications with the mobile telephony network. This processor always runs a proprietary operating system, and these systems are known to have backdoors that make it possible to remotely convert the modem into a remote spying device. The spying can involve activating the device's microphone, but it could also use the precise GPS location of the device and access the camera, as well as the user data stored on the phone. Moreover, modems are connected most of the time to the operator's network, making the backdoors nearly always accessible.


Provided that the modem runs proprietary software and can be remotely controlled, that backdoor provides remote access to the phone's data, even in the case where the modem is isolated and cannot access the storage directly. This is yet another example of what unacceptable behavior proprietary software permits! Our free replacement for that non-free program does not implement this backdoor. If the modem asks to read or write files, Replicant does not cooperate with it.

The blog post contains pointers to more information including a technical description of the back-door found in Samsung Galaxy devices and a list of known affected Samsung Galaxy devices. The FSF lists more ways proprietary software is often malware."
Link to Original Source

Comment: Re:Freedom is better than dependency. (Score 1) 231

by jbn-o (#46414689) Attached to: Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk

I'm sure many serious flaws in many free programs have been around for a long time, some flaws longer than this flaw. But free software advocates make no guarantees you'll get secure code. If you'd like that guarantee perhaps you can purchase a programmer's time to get that; perhaps you should have hired a programmer to inspect this code on your behalf, looking for security issues, raising them upstream, and fixing them for you (software freedom gives you these options as I mentioned before). Your objection really stems from your belief that open source and free software are discussing the issue starting from the same underlying philosophy.

The philosophies are not the same therefore the two movements arrive at different conclusions: Structurally speaking, programmers know that malware can be easily hidden in proprietary programs yet it's rare to find malware in free software for the same reason—those who forbid users from inspecting, sharing, and modifying source code can more easily sneak malware into the code. Focusing on price and technical issues (such as features, speed, and reliability) isn't bad but doesn't go nearly far enough. More and more users understand that society needs more than framing the debate around a developmental methodology as the open source movement does. So, the more one values catching bad code early (as we all, rightly, do) the more everyone should value software freedom for its own sake. Software freedom lets us increase the odds for using better code by treating computer users respectfully through granting and securing our permission to inspect, share, and modify that free code. All computer users deserve software freedom.

Comment: Re:Freedom is better than dependency. (Score 1) 231

by jbn-o (#46404671) Attached to: Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk

Apple's code was based on something "open source" but that does Apple's users no good because of what I already said: Apple's distributed code to its users are proprietary. Better to have the alleged "mess" to track down than to know there's no point in tracking down anything because what you'll find is something you're not allowed to inspect, modify, or share. Here you're really highlighting the difference between free software and open source: open source advocates don't want to talk about how people ought to treat one another and are eager to distract discussion away from ethics by conflating freedom with hassle. Free software activists endorse freedom as a good unto itself because it lets us treat one another with decency and respect.

Comment: Re:Freedom is better than dependency. (Score 2) 231

by jbn-o (#46404665) Attached to: Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk

Apple may have known about the issue for a while and not talked about it until it could release whatever proprietary blob alleges to be a fix. Apple's users might have known Apple's software was buggy too, but not been able to do anything about fixing Apple's code, since that's the nature of proprietary software. Apple has sat on exploitable security issues before; in that case, governments used that iTunes security hole to invade people's computers (as RMS points out). So in that case, apparently multiple people knew iTunes was a security problem.

Just because your six year old hasn't been taught the value of software freedom doesn't make software freedom worthless. I'm guessing there are a lot of things a six year old has not yet come to value which they will later learn they should have valued all along. Perhaps teaching your six year old to value substantive issues like ethical understanding of how people treat one another would be a good start. And while I certainly wish anyone with a fix would have shared that fix, they're under no obligation to share in the free software world and I doubt they'll be convinced to by your namecalling. But the situation is still better that anyone could have fixed this (and possibly some did) rather than having no option but hoping the proprietor takes an interest.

Comment: Freedom is better than dependency. (Score 3, Insightful) 231

by jbn-o (#46403073) Attached to: Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk

So when Apple's proprietary encryption software suffered a problem, Apple users could do nothing but wait for Apple to deliver a fix; there's nobody else that are allowed to fix Apple's proprietary software but Apple. And when that fix ostensibly arrived, Apple users had to hope it wasn't bundled with some malware too (as is often in proprietary software).

This bug was caught during an audit—"The vulnerability was discovered during an audit of GnuTLS for Red Hat.". Nobody but the proprietor can audit proprietary software. But with free software, users have the freedom to audit the code they run, patch that code, and run their patched code; users can choose to fix bugs themselves or get someone else to fix bugs for them. And users don't have to always trust the same people to do work on their behalf. Users can also choose to wait for a fix to be distributed, and then they can choose to check that fix to make sure it doesn't contain malware. For all we know some users have long spotted and fixed this bug in GNUTLS. Since all complex software has bugs bugs are unavoidable. We're better off depending on people we choose to trust. Software freedom is better for its own sake.

Comment: Re:The market got us to the problem we face. (Score 1) 769

by jbn-o (#46402935) Attached to: The Next Keurig Will Make Your Coffee With a Dash of "DRM"

Because DRM denies Keurig owners their ability to use their devices freely. I certainly agree that buying a Keurig sends the wrong message, and we should not do this, but we can take an active role in not buying DRM'd devices and services including this coffee maker. This coffee maker is a nice entry to understanding the value of freedom; not necessary for coffee but also a teaching opportunity. History tells us that we are better off to fight for freedom for what we have and need than to idly hope that someone else will improve one's lot and eventually respect our freedoms. Ethical evaluations can't be understood as personal preferences as you're trying to do here. As has been pointed out on /. before, "arguments are always based on values" and your values and mine do not agree.

Comment: The market got us to the problem we face. (Score 1) 769

by jbn-o (#46392367) Attached to: The Next Keurig Will Make Your Coffee With a Dash of "DRM"

Letting the market handle things led to the situation we now face with DRM preventing people from making choices (highlighting how freedom of choice is so often a scam). This isn't the first instance of DRM providing no benefit to the user (eBook DRM leads to publishers and distributors taking away legally obtained copies of DRM'd eBooks like did in 2012 or making it possible to electronically enforce restrictions one could never get away with in paper books should the DRM proprietor so choose). The issue is not whether a proprietor has or hasn't used DRM to accomplish such a thing, the issue is that DRM grants someone or some organization the power to enforce restrictions like these, restrictions that should not exist. doesn't seem to have problems coming up with plenty of other examples of how customers lose with DRM. DRM examples show us that word does not "get around pretty quickly" nor do monopolies "die a miserable death". Today there are people defending the idea of making it easier to get DRM into HTML5 instead of rejecting it out of hand based on principled opposition and experience. If things were as bad as you claim no business would bother with DRM, DRM would be rejected out of hand.

I think this situation is much better understood by looking at this in terms of a minimum acceptable interoperability; something akin to environmental law (recognizing one can't negotiate everything they need on their own so we need to work together to set acceptable standards that let us get what we need) instead of a transactional basis (one-on-one interactions where each user is on their own to negotiate a better arrangement where it's likely no one user can muster the resources to effectively challenge the proprietor). Owner's rights should enter here as well: one should be able to use whatever they want with their Keurig device including less expensive beverage pods than what Keurig sells.

Comment: Nonfree+spying versus spying alone = bad options (Score 1) 480

by jbn-o (#46385229) Attached to: Interview: Ask Richard Stallman What You Will

I'm guessing that, of the two, one can't easily avoid being spied on either way. So there's no need to take on the unethical, user-subjugating proprietary software of Skype as well. But the software involved in a traditional phone call isn't under the user's control and doesn't require the caller to take on nonfree software. There's no need to restrict our consideration to just these two options, however. As Skype is perceived as a viable alternative to the traditional phone call, Skype shows us that a free software program that respects our privacy could supplant Skype. What we need is an easily-used totally free software calling program that can encrypt calls at the ends of the call so even if the call data is recorded it can't easily be decrypted for a very long time. It would be even better if there was some way of masking the parties involved the call as well so the data describing the call is unclear as well.

Comment: Originating post was needlessly off-topic too. (Score 1) 105

The difference in philosophy can have radically different outcomes seen most clearly in the case of powerful, reliable proprietary software (adoption/recommendation for open source proponents versus rejection/replacement for free software activists is a starkly different outcome). Richard Stallman's essays on this topic point out this different reaction and the difference in philosophy that leads to the different reaction (older essay, newer essay). But those essays highlight all the more that the post to which I initially responded in this subthread is attacking the messenger (Richard Stallman): the /. thread where that post would have been on-topic is still available for posts. Moderating that post up is moderating up an ad hominem attack.

There's nothing wrong with raising and defending skeptical views, but there's been no serious defense of those views even in other followups. This thread only offers more vague attacks plus a thin layer of congratulations for working together (which, as you point out in your /. post and Stallman points out in the aforementioned newer essay, "people from the free software movement and the open source camp often work together on practical projects such as software development"). Any skepticism would have been far more fruitful and honestly raised if it was raised with the one person who could have addressed the many misperceptions in the posts. I encourage the original poster to raise those issues head-on from the most authoritative source available—the man himself in his own words.

Comment: What do you mean? (Score 0) 105

Please do be specific about how Stallman is "too divisive" and somehow responsible for what you see as problems. Your claims are so vague it's hard to know if you are attacking the messenger instead of conveying that you understand what is being spoken about in the differences between the free software and open source movements. Quotes and references to published material would help you in what appears to be a vastly overrated post.

Comment: Re:Question seems to be already answered. (Score 1) 480

by jbn-o (#46354515) Attached to: Interview: Ask Richard Stallman What You Will

It seems reasonable to me to expect that any proprietor who wants to withhold software freedom from users give up that power when the program enters the public domain; code escrow as Stallman describes sounds like a viable solution to me and a perfectly fair exchange for the public. What's not reasonable is the status quo which is endless power over the user.

Comment: Re:GPL focuses on user's rights as should we all. (Score 1) 480

by jbn-o (#46354503) Attached to: Interview: Ask Richard Stallman What You Will

for most real world software houses, this doesn't happen anymore

Source? Evidence? Cygnus didn't seem to have trouble finding customers for GCC support.

As a compromise, the company I work for publishes all of our data formats (at least in my division) and nearly everything exports to XML. That means competitors and free software can create their own implementation, and people have. [...]

I don't know if that's supposed to mean the program is free software or not. If the software is nonfree, then there's no compromise that is a substitute for software freedom. Getting data out of the program won't give users an idea of what's going on when the program runs. If the program is nonfree, malware may be running. Or maybe features the users want aren't implementable by people they trust.

Someone is unenthusiastic about your work.