Hacker News new | past | comments | ask | show | jobs | submit login

What's next, cracking and reverse-engineering? Debugging? (Anti-authoritarian) programming?

As usual, Stallman tends to be quite prescient: https://www.gnu.org/philosophy/right-to-read.en.html (perhaps more like "right to watch" in this context.)




I always think he’s mostly right, but a little too uncompromising, but then everything he says comes true. I don’t know how he predicted so far ahead at the time, it’s humbling.

As a software author working at startups, am I part of the problem? I don’t understand how to make a good living without locking down the code to some extent, with few exceptions (it’s hard to found red hat)


> I don’t know how he predicted so far ahead at the time, it’s humbling.

As I cast my eye over the FSF's basic definition of free software [0] I can't spot much of a mystery.

If a user don't have those freedoms, then someone else is in control of their software. It is inevitable that sooner or later the situation will change and the person who does have control the software is going to do disagree with what the user wants to use the software for - and at that point the user is the one with the problem.

Stallman isn't using a genius level of insight, but he is avoiding some very common shortcuts people take where they assume that because people are on 'their side' today that they will remain on 'their side' even if the incentives change. They are then shocked to discover that when the incentives change that nobody was ever actually on 'their side', it was just that the shark swimming placidly alongside wasn't hungry before.

I'm usually with Stallman's theories, it amazes me people keep being surprised that liking someone doesn't mean that the person is immune to the incentive structures that surround them. People have a remarkable and underappreciated capacity to make decisions that are good for them rather than good in the abstract.

[0] https://www.gnu.org/philosophy/free-sw.en.html


It's intriguing to witness this phenomenon live, for example with Google: first we were all in love with it, so refreshing, fast, humble when compared with Yahoo, Lycos et all. We loved their "do no evil" mantra. When they started to offer their free e-mail, we were queueing to migrate. Then the phenomenon you're describing started to happen and people are struggling to de-googlify their lives only to discover it's already too late to do it 100%.


It happens everywhere - similar concerns raised for cloudflare. Diversity is a good thing, big monolithic providers of services CAN be good as long as leadership is aligned, but once they start optimizing towards less altruistic goals it’s scary. You could argue government works the same way.


> ... first we were all in love with it

People commonly seem to express this idea. That's not actually true.

Plenty of people haven't believed the PR from day one. What you're seeing now, is the reason why.


This.


I think he was a bit off with regards to source code/open source, because while having source code helps in understanding and modification, it's not essential; you could similarly imagine a world in which open-source wasn't a huge movement but instead the right to reverse-engineer (or basically, understand) software was guaranteed, and it would have as great an effect on freedom; perhaps even more so, because now it'd be the norm for people to disassemble/decompile anything they wanted, and the lack of any "chilling effects" would greatly increase advances in program analysis in general. It could even be argued that the rise of open-source lead to a decrease in interest and skills of RE.

In fact, PC magazines of the 80s and early 90s used to contain articles specifically about patching software to do interesting things, complete with instructions of the form "change byte at X to Y"; AFAIK they didn't violate any copyrights because they didn't distribute copyrighted material. Then there's the whole series of "undocumented DOS/Windows" books written by people like Matt Pietrek, Andrew Schulman, and Mark Russinovich; all of which required substantial amounts of reverse-engineering and analysis, but instead of them being persecuted, two of them now work at Microsoft.

"If you outlaw freedom, only outlaws will have freedom."


Sometimes I wish people had developed an expectation that commercial software should come with the source code, rather than as (only) a binary blob. Licensing terms could be the same, but people would look at you funny and feel cheated if you tried to sell them a binary blob.


The only domain where I have seen this is with commercial scientific software that is designed to be run on supercomputers. This is mostly due to the difficulty of producing high performance binaries that work with the MPI implementation.

One interesting implication is that since people can view and modify the source code, patches and modifications to the software are shared.

This has always lead me to wonder if a diff file violates copyright as it includes some of the original source as context.


I'm not a lawyer but this reminds me of how game mods are shared for old games. They are shared at patch files to avoid sharing the copyrighted original binary/rom file.

My understanding is that use a patch file as long as your patch doesn't include any copyrighted material it is fair to share.

A patch file does not necessarily have any of the original code, just the location info and the new value.


This is still how custom themes for the switch are distributed since the menu file is considered copyrighted they distribute a file and a tool you can use to apply the file to the menu file on your system.


YLLMV (Your Local Legislation May Vary), but reverse engineering and subsequent modifications are completely legal here, if they're more for compatibility than competition.


I also wish everybody would install adblock on all their devices etc.

It's one of those problems that are solved only at the individual level but because of that are not going to be solved at all.


This was a shift in viewpoint -- earlier in the life of computers, the hardware was seen as the really valuable part of a computer. So companies would provide the source code because that was simpler (the software was "just a toy"). But then software became the valuable component, and so businesses (as is a recurring theme in capitalism) didn't want to give away something that might be potentially profitable. And so we now have proprietary software. This shift in viewpoint by users was an intentional move, pushed by soon-to-be proprietary software businesses.


I think you may have missed my point. I want businesses to profit off of their software... I just also want them to provide customers with the sources used to produce the software they just paid for.

Copyright law can still apply. Just because I have your sources doesn't mean I can go and use them in my own software, or re-implement your patented algorithm.

"But how can I be sure that my customer isn't stealing my work?"

Well, ask someone to look at the source code they provide to their customers. Remember, we're in an imaginary world where source-included is the normal way to sell software, and anyone peddling binary blobs is seen as shady.


You having the sources does not change the incentive of the software’s creator. The unwanted functionality (which the software creator is pressured to include) will instead be put in:

1. Obfuscated code. This is a classic, employed back in the day when raw machine code wasn’t quite as much of a barrier like it is nowadays. Less common now since its importance has lessened, but still ever-present, and could be re-employed instantly.

2. The very design of the software. For instance, the software might require a phone number for every user, and this is baked in at the very fundamental design level, making it impractical to change. Other design choices might encourage you to share your contact lists, for say, backups, and your data is now leaked.

3. The software is merely a collection stubs calling a cloud service. Very common now with so-called "apps" for phones. This design has come to its pinnacle with “web page apps”, where only the front-facing UI portion sits on the user‘s control, and the rest runs remotely.

This is why “shared source” and the like is not enough. The end user must have the practical ability to, reasonably easily change the software, either by themselves or by hiring anyone they like and/or trust to do it for them.


Kinda how commercial game engines often came with the source code. Not open source, heavily restricted with license, but available for the user (licensee) to look at and make modifications to it required.


[flagged]

cyphar 50 days ago [flagged]

I find it interesting you are harping on an aside I made in the middle of an accurate (though very abdriged) description of the history of proprietary software.

But, to your point -- yes, companies can do altruistic things. That doesn't mean they always do altruistic things, nor does it mean that they tend to do altruistic things. This should not be surprising -- companies are designed to maximise profit and altruism is rarely as profitable as other avenues. Companies which contribute to or sell free software are in the overwhelming minority today, let alone 30 years ago.

I didn't mention socialism, nor redistribution of assets. More importantly though, if you feel the need to protect the concept of capitalism whenever there is even the hint of criticism, then you should take a page out of Hamlet -- "the lady doth protest too much, methinks".

Also, free software isn't socialist. If you feel the need to tie to it a political ideology, it's much closer to anarchism.


> while having source code helps in understanding and modification, it's not essential

It technically isn't, much like having an excavator isn't essential to digging up ground for a new mall, when you can technically do this with a shovel too.

I get your point, but right now, I'm sitting in front of a 22-years-old game I spent a great deal of time even trying to get to run. I want to restore it. There's no source leak of it that I know of, it has no clear relation to prior titles and there wasn't any reversing effort I could find either. Half of the formats used by it are obscure, and from causal inspection seem to be dumps of in-memory structures.

Having source code, my main problem would be to build it - but it's essentially a straightforward task of finding and patching or mocking various 1990s-era peculiarities, until the whole thing builds correctly with an reasonably current compiler. The source code would assist me with reversing the data formats too. However, I don't have the source code, just a barely-32bit application with a 16bit installer. The game plays really weird tricks with your screen, so attaching a debugger will be a PITA (unless I figure out how I can run a debugger on a different machine and remotely debug the game on the one computer that it manages to run in half-broken fullscreen mode). Best I can do now is poke it and see what changes.

> It could even be argued that the rise of open-source lead to a decrease in interest and skills of RE.

I think so too - simply because being able to ask decreases interest in and skills of figuring stuff out yourself. Has its good and bad sides.


The game plays really weird tricks with your screen, so attaching a debugger will be a PITA (unless I figure out how I can run a debugger on a different machine and remotely debug the game on the one computer that it manages to run in half-broken fullscreen mode). Best I can do now is poke it and see what changes.

Two suggestions for you: 1, VMs are your friend. 2, decompilation technology has gotten very good. I'd "statically analyse" the binary in a disassembler/decompiler for a while first and figure out what it's doing before actually trying to run it.

I don't think source is necessarily always making things easier either --- I've had a few times where, even with open-source software, it's easier to find the right bytes in the binary to patch than to figure out where in the (huge) source that would be, and then how to build the rest of it (along with all its hairy web of dependencies) completely unmodified from the original binary.

Especially if it's a fundamentally trivial change (like a string constant somewhere, whose desired value is the same or smaller in size), and I don't expect to make any more complex changes, I'll definitely choose opening the hex editor for a few minutes (at most) over spending perhaps hours downloading a few hundred MB of source and dependencies and figuring out how the original was built and how to reproduce that.


> because while having source code helps in understanding and modification, it's not essential

You're right that it's not essential -- and he does mention this in most of his talks. But reverse engineering is very time-consuming and difficult, especially if you need to do it for every program you use.

So his view that software freedom requires the source code to be available to users is much more of a practical requirement than a philosophical one. This is why the GPL requires the preferred form of modifying the program be provided -- to ensure it's just as easy for users to modify the program as it is for the developers.


in the US DMCA did infact make alot of Reverse Engineering a violation of Copyright

Most EULA's prohibit Reverse Engineering and companies like Oracle have entire legal teams dedicated to prohibiting reverse engineering going as far as prohibiting people from reporting security vulnerabilities discovered using "reverse engineering techniques"

Further the wide interpretation the courts have allowed under CFAA can easily be applied to reverse engineering as well, i.e "Exceeding authorized use" making reverse engineering of software a felony under US Law


Unfortunately for Oracle if you prohibit people from reporting security vulnerabilities they will just sell them in the black market.


It's harder to argue that reverse engineering is harmed by open source, in a world of software patents and copyright protection that occasionally permits interop, but always prohibits competition

The alternative to working on favorably licensed OSS that you posit, is roundly illegal, unless you had no designs on modification and/or redistribution of a derivative work.

https://reverseengineering.stackexchange.com/a/73


He is always right because his predictions about companies are as cynical as possible. He assumes every company acts entirely in its own interests and will do whatever they can get away with to make the most profit.

And of course this ends up being true almost every time.


I thought at first that he was a pompous ass who was out of touch and mostly wrong.

And slowly, I noticed that he was still a pompous ass, but he was right. And longer I observe, I notice that he wasn't wrong, but ahead of the curve. And instead of being an ass, he was calling these issues out before they reared their ugly heads... but lo and behold they did eventually.

That's why I'm a proud member of the FSF.


>>> but a little too uncompromising,

You can not compromise on freedom, for once you allow a single exception that allows authoritarians to take your freedom in "limited" situations, they will quickly invent more and more situations to take more and more of your freedom until none remains

If you value liberty, uncompromising protection of that liberty is the only way to secure it


The system that prevents you from making a good living without locking down code is most of the problem. To the extent you support that, you are likely a part of it. No different from most people nowadays I think, myself included.


Its refreshing to see the sentiment among HN crowd has shifted and embracing RMS. Few years ago the comment section was dismissing RMS outright as not being practical.


We need people like him. He's the anchor that keeps the ship from floating away at sea. If it were entirely left to the more practical people, GNU wouldn't be a thing and the ecosystem would suffer. We would all be worse off.


He is literally a genius.

The question you should be asking yourself is “why do I have to take freedom away from others to earn a living?”


No, the question you need to ask yourself is 'how small of a living can I stand?'. I make a living programming audio software that's GPL-compatible (I'm using MIT license on the grounds that nobody succeeds in the music business unless they allow themselves to be exploited). Stallman can use anything of mine, I just can't use the capital F free stuff GPL users create in exchange, but I get to feed 'em if anything I do is worth having.

I do make a living, it's just a very poor and insecure living. I sleep a lot easier, though, and it's very unmistakably a 'First World' living even if it's sort of constrained. How small a living can you stand? How rich do you have to be to have 'enough', and do your 'quality of life' calculations include personal guilt over screwing people over, or not doing that? Software freedom matters to my day-to-day life, but so does the fact that my income's low enough that I qualify for Section 8 housing. Without that, I'd lose some things making it possible to be writing the free software.

Can you afford to be on the side of good, or do you have to play for team evil in order to keep the doors open? If it's the latter, can you plan for a heel/face turn and execute a dramatic betrayal of Team Evil? I did (sort of). I was selling the audio software for years and merely keeping all my code proprietary (and getting sucked into the hype mechanic, more and more) and when I made my exit and went full Patreon I executed a clear, very public transition from commercial to open source, even reserving that as a threshold for the Patreon to hit. Took a major loss in revenue right away, but made that threshold pretty soon, and now I don't have to go back. But I wouldn't have been able to do it without years of exposure as a commercial developer.

Just like doing an IPO or executing an acquisition strategy, you can execute a heel/face turn into Free Software if you handle it properly. You need to care about the values of it, that's part of the return for you, but I'm still seeing annual returns in excess of, say, index funds. I'm growing at about 34% a year (started out more, but that's over the last year and ignores launch) and I feel I can continue to expand at that rate through taking on more interesting (and costly) projects. Note that this is not passive, this is working capital and is continually funding new stuff I'm able to take on. Hey, if it works for Amazon… ;)


Using section 8 to fund cottage industry like free software is brilliant. The absurd exploitativeness of contemporary landlords in large part drives the perceived need to be a heel.

Frankly you're an inspiration, thanks for this post. Know that I hope your growth rate continues or even increases.


The free software movement is really a radical concept. It encourages us to go beyond capitalism and making a buck to more fundamental aspects of humanity.

I’m afraid we are all part of the problem, but we can also be part of a solution, particularly if we work collectively.


Honestly? Take the mentality you see in the world - the bottom line comes first, the consumer wants easy consumption, security comes first, whatever else - and try to imagine where that comes in conflict with the things you love. What would have caused that conflict? What, if anything, do you see coming out of it?

And if you think Stallman was the tinfoil-hat prophet, you gotta hear about this guy Karl Marx. He predicted the economic turmoil of automation back when the US had a war over "States' Rights" to choose whether Slavery was Legal.

I predict that the US will slide further and Further into being a 3rd world nation, until suddenly, another collapse happens. US citizens wont break right away... No, they'll suffer it for a while. They'll even go hungry for a while - and I'm not talking about Detroit or Chi-raq. Im talking Seattle, Houston, NYC looking like the Rust belt, complete with bridge collapses and deaths-via-crumbling infrastructure.

China's upcoming divorce from the US markets will insulate them from the crash, but their involvement in our real estate market will only worsen the crisis for Americans. Russia, China, and the Eurozone will finally band together with their currency-basket idea upstaging the dollar. And Americans will still think we're special.

Then, when the Hoovervilles have swollen enough to be dangerous, someone will have the bright idea to mobilize and radicalize us. Still, we'll do nothing, even in the absence of Netflix and Cable TV. But that wont stop the government from trying to herd us into camps, just like the immigrants... And in those, with the forced absence of soap, sleep, food..., something will snap, and the guillotine will be reborn in fire and fury.

The Climate Change problem? Will get so bad it starts on Xenocide before anyone does anything effective - the sole exception being economic collapse. And we're going to have to shoot a few CEOs for the rest of them to take any of it seriously.

Everything from human trafficking to drug use is going to boom.

You know slavery - just barely behind propaganda, it was the second biggest influence on modern management practices. Psychology just taught us how to sugar coat it better.

Speaking of Propaganda, 1984 aint got shit on 2019. And 2030 is gonna make today look adorable.


> ... security comes first, whatever else...

Really? the feeling of being secure may come first. Think of how much modems/routers/phones or any other embedded device comes with obsolete software pieces with lots of security bugs. The non-free methodology of software development, I feel, is actually killing security, and making everybody more vulnerable.

Most firms don't like giving the source code of the devices away. I understand that they have their own reasons for that (whether it is right is another thing). But at least, there should be an official way to unlock those devices and run custom software pieces (which of course, voids warranty).

These days more people are moving to "Open Source," but not "Free Software." See how Linux & busybox essentially making any hardware non-free. Hope people understand the difference and help make the world better.


I wonder what companies would be good investments to hedge for this possible future.


Amazon. Failing infrastructure that other companies rely upon and expect to function adequately, will not pose the same challenges. They deal with the logistics of delivering items of necessity to people all over the globe at enormous scale. They have their own fleets, their own delivery people, and their own automation approach. In a decade Amazon won't need the post office or UPS. The barriers to entry in taking that on are enormous to the point of near impossibility. Heck, even their ability to sell counterfeit garbage to customers without significant penalty on themselves shows they even know how to disappoint people correctly...


Good points, I wonder what a government run by Amazon would look like...


He is technically correct, idealistic, and uncompromising. Unfortunately that doesn't really work in the real world unless your name is Richard Stallman. It's not pragmatic.

I ignore him.


I don't ignore him. There's a lot to be learnt from what he says.

You may think it's too idealistic or uncompromising, but his predictions have been proven repeatedly.

You should learn from him, not outright ignore him.


You can ignore him but the reality that he has been impressively predicting won't ignore you. It will come for you, just a matter of time, if you keep ignoring it.


He has shifted the Overton window in the direction of software freedom for a long time. That has made a huge difference in how all software developers work today. He's worth listening to as long as you don't treat him as an idol.


What ever happened to "the best kind of correct?"


You know what else is technically correct, idealistic and uncompromising and works in the real world: Bitcoin.

That system requires the power of a small European country to do 7 transactions a second generating a max of 1 mb of data volume every 10 minutes. That's like 1970s transaction speeds. Who the heck is ever going to use that?


youtube is not the internet, it's a privately run silo. I think it's actually better if people stop using it for everything. We've somehow got to the point where we are demanding private companies somehow preserve our freedoms simply because we've entrenched ourselves in their commercial products and given them control over content. Let youtube curate their content, I wish they'd do it more. Then maybe we will start seeing some more diversity rather than these massive silos


Agreed. Youtube doesn't host pornography and, guess what, there are plenty of other sites that do.

I almost think the reaction to this is too pessimistic! "Oh YouTube is banning content the Internet is DOOMED". As long as we can freely connect to any service then there will always be an alternative.


Have you used Google Video Search recently? for vast majority of people internet is Google and Facebook. It is not ideal, but it is not to be ignored.


There's a real threat in Google (Youtube) controlling what is shown on their platforms. We might be informed and willing to try alternatives, but the masses don't (yet). This gives Google enormous propoganda power, and it is clear they already use this power to further their own agenda. It's not about freedom of speech, it's about deplatforming: the ability for your speech to be heard by the masses. The argument that you can just go elsewhere is like saying you can hang up your manifesto in the forest instead of on the church door.


When I was 16, back in 1999 I came to basically the same conclusions as Stallman.

I came to that conclusion trying to “fight” a (non-existant) virus that could infect any non-volatile memory onboard.

Since I didn’t actually control (really I mostly didn’t understand) my hardware it’s always seemed natural to me that, for example, the firmware of a hard drive of a networked computer could be compromised.

Since I didn’t control anything, I was at the mercy of those who did. Therefore I was always very hygienic on the internet, for example.

Stallman’s an arrogant self-righteous bastard. But he’s our bastard, damit! And I love him for it.


The best thing we could do at this stage is provide alternatives to Youtube, sooner than later.


There are lots of decentralized alternatives. People just don't use them much yet.


To paraphrase an old joke : "Nobody goes there anymore. It's too empty". What you describe there is the classic problem of Network effects. The limitation is not on the tech side of things. People don't use the decentralized services because either favourite content isn't there. Producers don't post to the decentralized service because the consumers aren't there. Unfortunate reality :-( I really don't want so much power concentrated in the Facebooks and Googles of the world.


It's gonna bite us in the ass pretty soon, because the direct consequence of this effect is that the ability to launch a successful network depends on marketing - you need to achieve a critical mass of users pretty much instantly, since each new user won't stay for more than a day or two if their friends and content aren't there. That requirement forces potential new tech to have massive backing by a strong entity like a tech giant.

I wonder if we'll end up seeing state actors (or supranational entities like the EU) promoting state funded networks as a public alternative, as is sometimes the case in industries that tend to be monopolistic due to the cost of starting - transportation, telecommunications, etc.


> I wonder if we'll end up seeing state actors (or supranational entities like the EU) promoting state funded networks as a public alternative, as is sometimes the case in industries

You make a good point but I'd like to think of it this way: If the said service is made mandatory, then it has a chance of succeeding. Else, building that critical mass entails a lot of customer acquisition costs that a Govt may just not be in a state to justify. And therein lies the beauty and danger of network effects. Once a company has them, it is very very difficult to dislodge it. Look at Visa and Mastercard: V has been around since 1958 and MC from 1966. Both are valuable as they have network effects.


The effort involved in pushing videos to one or two more platforms when you already did to one is close to zero. This is how you start while not leaving YouTube yet and making it possible for the alternative to develop progressively.


In theory you could make a json file with all the details and push it to 100 content libraries like YouTube/Vevo/Peertube/Facebook/etc. but most of them want to be exclusive, they're not there to host your content, they want your viewers. There's no way they're going to do anything to help democratise that content.

We need to stop feeding the beast.

I'm still convinced that Opera Unite, which fused distributed social + web client + web server, should have been the way forward to make the web truly owned by the people: if social sites were simply caches of content available p2p or through any social site of my choosing (that the content owner allowed) ...


Cracking and reverse-engineering DRM is already illegal with the accepted US laws, so it's not far fetched for YouTube to be forced to remove those videos as well.


But it is decidedly legal to publish materials that explain how to do so.



Kicking someone in the face is illegal too, but there a million - or more - YouTube videos showing you how to do it, and most towns in my country have more than one class you can go to to learn how to do it (TKD, BJJ, Karate, etc.).

"Well you can use it for defence ..."

White-hat hackers are a thing too.


No one here mentioned DRM, though that would be a valid subset of videos to delist under this new rule.

What if I want to reverse engineer my toaster, and make a video about it?


I'm sure there's a way the toaster company can interpret your video as a copyright or trademark infringement.


If you could figure out the order of construction of the parts in the toaster that could be considered intellectual property/trade secret.


The big thing RMS misses in that article is all the bio-identification that has been happening the last couple years.

Dan is going to get caught because the machine takes a picture of him when he logs in with a password instead of the fingerprint reader, cause you know can't have a PC without a camera pointed at the user..


On the upside, that's literally the only scenario where hackers typing on computers wearing balaklavas would actually happen.


Still waiting for a scenario where two persons typing on the same keyboard at the same time as an effective solution will happen. edit: typo


Damn, we got the fingerless gloves wrong, though. Didn't think about hiding our fingerprints.


It's more sinister than that. Dan is going to get caught because his typing frequency, style and mouse movements are unique in the whole world. Moreover, he usually works on a computer with unique hardware that can be fingerprinted by some silly W3C standards already. Camera would be a bonus "just to be sure". We will soon need typing/movements randomizers that would add tiny delays/perturbations to our typing/mouse movement to fool some advanced Deep Learning pattern extractor. Using those would place Dan on some "no loan" blacklist though.


For an article written in 1997, it's pretty damn prescient. The article also isn't focused on surveillance. I would argue that modern bio-identification was at least somewhat predicted by 1984 (though Orwell assumed that humans would be doing the identification, not computers).


Not getting caught led Dan to question if the bio-id AI was really that intelligent and helped release thousands of wrongfully convicted people 20 years later!


If only there was a way to condition users to have a picture taken of them every time they unlock their device ...


This reminds me of that Nintendo Switch game that had a ruby repl in it that was then removed from the Nintendo store. Nintendo is particularly bad in this department but it's still upsetting.


Modern day's Cassandra, unfortunately.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: