Without Stallman's foresight of the need for public domain open source software, there would only be proprietary software, all subject to PRISM.
Without the foresight of potential Government's to come the US founding fathers would not have written in such protections as still exist today.
Before Snowden there were many that suspected but now everyone knows.
>Um. Who thought this?
Snowden himself:
"I had too much faith that the government really would do no wrong. I was drinking the Kool-Aid in the post-9/11 moment. I believed the claims of government, that this was a just cause, a moral cause, and we don't need to listen to these people who say we broke this law or that law."
pre Snowden this was unopposable, the NSA's James Clapper lied to Ron Wyden in Congress about mass surveillance.
I kid you not. Stallman looked crazy in my eyes before Snowden. Even my "paranoid" perspective on all these things pre-snowden where never close to true Stallman "crazy" (or so I thought before..)
Now I want to use Emacs. I want to use everything FSF if possible. I'm no where close. There is a lot for me to do to get there. But I'm hoping I will because soon that may be our only hope.
> NSA's James Clapper lied to Ron Wyden in Congress about mass surveillance.
And isn't that crazy? Try lying in front of congress and not go to jail. Such corruption. Completely institutionalized corruption of the processes and the power of congress to check the power of the NSA.
"Without Stallman's foresight of the need for public domain open source software, there would only be proprietary software, all subject to PRISM."
Or proprietary, shared-source software provided by nonprofits or companies in jurisdictions that aren't surveillance heavy. No, you don't need FOSS to avoid PRISM lol. It has its advantages in resisting totalitarianism for sure but you don't actually need them. More of author or organization's intent and licensing that really matters. Many models available.
Btw, the first, secure-ish mainframe OS (MCP of Tron fame) was sold in source form by Burroughs with fixes/updates allowed to be submitted. In 1963. High-assurance stuff under Orange Book similarly had to deliver source that was reviewed and provided a way to know you had same copy. Just to support my claim that there's proprietary models for it but most just wanted money instead. ;)
There was a cultural change when Bell was broken up and UNIX became less laissez-faire, a paradigm shift. Software became valuable and not just bundled with hardware.
Stallman saw it coming early enough that he had completed his GNU Free toolchain in time for Torvalds to use it.
A developer community is less likely to arise when your modifications can be closed and you cannot fork. If your business runs in someone elses walled garden it can be taken away.
Without the GPL's four freedoms we would not have the rich public domain of code we have today - a legally protected commons.
Before the GPL the public domain suffered from the tradgedy of the commons, a fantastic legal hack.
I mostly agree with that. It's not what you said, though, which went further and is what I responded to. Stallman and FOSS fans like to go from those contributions to unsopported claims where no proprietary can have a single property of OSS. Yours implied only FOSS could've resisted a secret, US directive which was 100% untrue given existence of closed, non-US products. I preempted your likely counter by pointing out proprietary can come with source too for anti-subversion and actually reached highest form of security possible.
We're still waiting on FOSS model to do that. Nobody has. Fortunately, the cathedral builders in industry and good CompSci are sometimes open-sourcing stuff after the fact. RISC-V, GenodeOS, seL4, NaCl, etc.
Fair point and well preempted. Proprietary software can offer some freedom but it does not ensure it will remain, nor does it offer the full 4 freedoms required.
What you say is not technically incorrect, but practically Google, Apple & Microsoft were all secretly in NSA's PRISM. A large corporate entity is subject to state pressure in a different way than a public good. A corporation must profit, new markets must be entered, their regimes placated at the expense of users. Ownership is a single point of failure.
A proper security audit is only possible if one can compile that source with ones own toolchain or get the binary from a source you trust. One must test and make modifications, otherwise the binary only purports to be from exactly that source.
So you must in the end trust the companies, and trust them to release patches promptly, not delay them at the behest of the NSA (as per Snowden).
PGP and SSH are both provably secure. Security is dynamic, FOSS is faster at releasing patches and not removing features while updating security.
If a patch removes an essential feature and security is bundled with it, this is problematic. If you cannot use distributed community modifications then you are often out of luck.
Companies change hands, policies change, you may be secure today but they sell your data tomorrow. Free software forks at disagreements so everyone is happy. Free software cannot be taken from you by law - it is public domain.
Ownership can be a single point of failure but someone owns copyright to GPL code, too. Trick is protections in licensing. A recent conversation found that the real issue, if you get down to it, is in distribution: free distribution and network effects is strongest benefit of FOSS over proprietary, shared-source model which may have every other benefit.
"A proper security audit is only possible if one can compile that source with ones own toolchain or get the binary from a source you trust. One must test and make modifications, otherwise the binary only purports to be from exactly that source."
Realize that I said proprietary, shared source. You have the source of whatever you need. One can also do something like Wirth's Pascal/P where runtime is P-code and some I/O shims. Everything else in toolchain was compiled to it. Result was amateurs ported whole thing to 70+ architectures while having to reimplement just one, tiny part. Interesting enough, System/38 design did same thing at microcode or asm level with successful port to POWER with many apps needing no source recompile.
"So you must in the end trust the companies, and trust them to release patches promptly, not delay them at the behest of the NSA (as per Snowden)."
This problem exists for FOSS, too, so don't kid yourself. The vast majority of FOSS isn't Linux: it's barely maintained and many ignore bug reports for long periods. The average is in favor of FOSS if it's major projects vs proprietary software but individually it ranges from total shit to excellence. Totally dependent on contributors or maintainers.
"PGP and SSH are both provably secure. "
They're not due to their CVE history. They just got really good with GPG foiling NSA after years of improvements with a narrow focus for GPG. GEMSOS, PSOS, and seL4 are provably secure. World of difference in how they're built. None were created with a FOSS model.
"If a patch removes an essential feature and security is bundled with it, this is problematic. If you cannot use distributed community modifications then you are often out of luck."
" Free software forks at disagreements so everyone is happy. "
It's a risk but can be countered. The counter I did in another discussion was a shared-source license that allowed fixes, modifications, and even distribution to other customers. You perpetually keep what you licensed if you keep paying optionally with a limit on per organization charges. You and a group can do anything you want with that commercial code if you're paying. Btw, the real hacker OS was provided with some (but not enough) of those attributes with features UNIX still can't fully match:
"cannot be taken from you by law - it is public domain."
It's actually not: it's copywritten software licensed with specific terms that enforce things on you. Public domain has no copyrights or restrictions. This is a problem or a feature of GPL vs public domain depending on who you ask. Only thing both protect almost 100% is widespread distribution which any paid model might... might... always reduce.
While you are technically not incorrect in your points, you also miss the entire point: if you can take it from me tomorrow I am not free. Paraphrasing Whedon "You can backdoor Google & surveil the net but you can't take my GNU PGP from me."
Your 'Network Effects and free distribution' are benefits of the efficiencies of freedom. But paltry when it comes to legal freedoms in the face of tyranny, the topic of this post-Snowden thread.
A Good Monarch or Wise & Benificent Dictator is a great form of government and historically golden ages & enlightenments record this. It is not the 'do no evil' CEOs, or good kings but those that might follow that Free Software offers legal protection against.
GPL is public domain 2.0, not a poor tragic commons starved by ever extending legal protectionisms or over grazing and undersharing.
Technically you are right, a company could stand up for our rights, but they didn't recently and they had to keep it secret. Discretionary, temporary freedom is illusory - it vanished when needed most. Like the constitution of a democracy the GPL seeks to enshrine natural rights in law. Like Democracy it must be actively defended and abuses policed. The GPL ensures freedom cannot be taken back easily, it is a legal hack that protects itself and the 4 freedoms with copyright.
Historically it revitalised the public domain in the software sphere and practically protected it against decades of well funded attacks and FUD - creating billions of dollars in value that didn't mainly go to rent-seeking intellectual landowners but developers and users.
Yes, your proprietary shared source model has given some freedoms & verifiability; Snowden shows how illusionly this was. The four freedoms: to Run, Compile, Modify & Share are all needed to ensure (not merely offer or promise) continued freedom.
FOSS & Shared source are one thing; Free GPL Software is quite another.
Is CVE french for FUD ? Because this is nonesense, security is an arms race. Under a panopticon even TOR is weak. Since Snowden millions have been spent & volunteered auditing, patching & shoring up our commerce & the individual against state level actors & fifth column code. Pre-Snowden no-one imagined the elliptic curves were a lie or our own governments funded & coerced weaknesses into ssh - freedom is playing catchup. Our own governments paid to make us all vulnerable to intrusion. Everyone technical was dumbfounded at the scale of the hidden betrayal of trust.
Security by obscurity & secrecy is weak. Published source alone is not free nor verifiably safe, the distributed binary's hash and compiled binaries hash may coincide but malicious code hash collisions are trivial for states to produce. Your scenario offers hypothetical freedom but Snowden's slides show backdoor concealement is actively pursued by states coercing companies, e.g. Lavabit CEO (and noone knows how many who merely complied and distributed the backdoored binaries rather than face jail.) Furthermore if the toolchain isn't free the Ken Thompson backdooring compiler hack applies.
GPL is owned by all. Coders retain their personal copyrights - that is its genius not a quibble. Again if you can't make a change you alone believe is necessary or receive it from & share it with with your community yous aren't free. GPL forks ensure every party has the same rights. Owners & Licensee's legal asymmetry can & has prevented this. Forking requires all 4 freedoms.
Yes GPL can license crap & democracies have elected theocracies & dictatorships. Magna Carta states If the Executive is not subject to the rule of law, it is nothing less than tyranny.
In final answer I quote Vonnegut & Churchill who both witnessed true horror: "So it goes. All is Foma.", & “Democracy is the worst form of government, except for all the others”
Without Stallman's foresight of the need for public domain open source software, there would only be proprietary software, all subject to PRISM.
Without the foresight of potential Government's to come the US founding fathers would not have written in such protections as still exist today.
Before Snowden there were many that suspected but now everyone knows.
>Um. Who thought this?
Snowden himself:
"I had too much faith that the government really would do no wrong. I was drinking the Kool-Aid in the post-9/11 moment. I believed the claims of government, that this was a just cause, a moral cause, and we don't need to listen to these people who say we broke this law or that law."
pre Snowden this was unopposable, the NSA's James Clapper lied to Ron Wyden in Congress about mass surveillance.