> None of this inspires confidence that the code can be trusted.
It's a shame this code isn't so good out of the box, but for all we know there are proprietary devices purporting to do the same job which also have poor code. The difference between the devices is we can review, edit/improve, share, and run the improved code for this device. The software freedom is a feature unto itself. So one is still better off with this device (or another device that runs on entirely FLOSS) over any proprietary device that purports to do the same job.
You have no access to hardware schematics. You have no idea what hardware defects are present that may compromise security no matter how much code you write. FLOSS means shit here.
This is incorrect, a schematic only shows what electronics should contain. It doesn't provide any proof of what hardware actually contains. For that the best way to verify is to visually look at the hardware, we made OnlyKey hardware easy to verify with a clear transparent coating. When you look at OnlyKey you will see one Freescale K20 MCU, you can read the manufacturer number on it and know exactly what is in your key.
The microcontroller isn't the only thing that matters in your design. For example, since you're dependant on the ADC for seeding the RNG, it'd be nice to know what is connected to those pins, which a schematic would reveal. I can't tell that just by looking through your clear epoxy.
Even if I did drill holes in the casing and probe components, I have no way of knowing if what I'm seeing is expected or not without a schematic.
Because a lot of GPL'd software is best of breed and (contrary to other threads here) apparently integrates quite well. It says a lot about Apple's view of their customers (none of it good) that they'd rather distribute a badly broken proprietary SMB replacement for Samba than continue with Samba until a suitable replacement that meets with Apple's licensing desires could be found. GPL-licensed software helped get MacOS X to where it is; Apple has been a GPL licensee for most of MacOS X's existence (and still is for some programs).
And as for that tired slur about the GPL being a "viral license", Robert Chassell's essay (reproduced below) still applies. Software freedom is good for us all, and being treated with equal rights to run, share, and modify the program was apparently very useful to a lot of people (apparently including people at Apple).
When others hurt me, I try to defend myself. But some tell me that this makes them sick. They tell me that I should permit people to rob me of my work. They tell me that I should never try to defend myself.
They tell me that I should stop using the GNU General Public License, a license that vaccinates me against hurt. Instead, I should adopt a license that permits other people to rob me with impunity. They want me to adopt a license that forbids me from fighting back. They want me to give up my right to benefit from a derivative of my own work, a right I possess under current copyright law.
Of course, the language is a little less feverish than this. Usually, I myself am not called “infectious”. Rather, the legal defense that I use is called “infectious”. The license I choose is called “viral”.
In every day language, words such as “infect” and “virus” describe disease. The rhetoric is metaphorical. A legal tool is not a disease organism; but it is popular to think of the law as an illness, so the metaphor has impact.
The people who want to rob me use language that says I make them sick when I stop them from robbing me. They do not want to draw attention to the so-called “disease” that makes them ill: my health and my rights, and the health and rights of other people. Instead, they choose metaphor to twist people's thinking. They do not want anyone to think that I am a good citizen for stopping crime. They want the metaphor to fool others into thinking that I am a disease agent.
The GNU General Public License protects me. The connotation of “virus” and “infect” is that my choice of defense gives an illness to those who want to rob me. I want freedom from their robbery; but they want the power to hurt me. They get sick when they cannot hurt me.
To use another health and illness-related metaphor, the GNU General Public License vaccinates me; it protects me from theft.
Note that the theft about which I am talking is entirely legal in some situations: if you license your work under a modified BSD license, or a similar license, then others may legally take your work, make fixes or improvements to it, and forbid you from using that code. I personally dislike this arrangement, but it exists.
Not according to the Ziff-Davis article they haven't:
- Microsoft's Mark Russinovich presumably heard what Stallman said at his talk (which was said to be a "mostly standard talk"). Stallman's talk usually includes a clear description of how the free software movement he started predates the open source development methodology by over a decade and stands philosophically distinct as well. Yet Russinovich claims Stallman's talk is "OSS-related" which is right in line with why the open source development methodology was started: corporate cooption of a social movement that was posing a real threat to proprietary software.
- ZDNet's article continues on this theme at the top and bottom of the article (as to be expected of corporate news which makes up the majority of computer news coverage and repeater/pointer sites like this one): "Each time Microsoft makes another open-source-related move these days, there are still always folks on Twitter or in comments on blog posts who caution that Microsoft hasn't really changed and never will be a true friend of open source. This change in Microsoft didn't happen overnight, but the momentum is growing.". Microsoft like "open source" instead of "free software" because open source doesn't question proprietary software, and thus doesn't question delivering proprietary software to OSes that respect a user's software freedom (the freedoms to run, inspect, share, and modify published computer software). The same opposition is as it was before, only the PR campaign has changed from namecalling ("Linux [sic] is a cancer that attaches itself in an intellectual property sense to everything it touches") to appearing warmly welcoming ("Microsoft [heart symbol] Linux [sic]"). They dare not call a complete OS GNU/Linux (which it most likely is in both quotes) because that might bring software freedom to mind (I'll bet Stallman mentioned this as this too is part of every talk he's given for many years).
What Ziff-Davis calls Stallman's "distaste for Microsoft" is clearly-explained and principled objections based in the facts of how computers work and an ethical examination of how we ought to treat each other with computers. But in corporate media it's necessary to downplay principled examination and explication in order to diminish the severity of the objection.
Microsoft wants users to run a GNU/Linux system as a VM on top of Microsoft's system as that helps Microsoft collect payments (licensing or rent, depending on the details of hosting) and, perhaps more importantly, spy on literally every bit of data that the user's OS deals with. Spying is big business and directly tied to proprietary control over the user. Microsoft offers a service to help users host their VM on Microsoft-owned hardware (so-called "cloud computing") too. Just to show the stark difference: Stallman, by comparison, explains what "cloud computing" actually means in https://www.gnu.org/philosophy/words-to-avoid.html#CloudComp... and why you should only run VMs on free software systems you own and control.
No, Microsoft hasn't changed. In fact, nothing of substance has changed because ethics are too deeply rooted for any change and computing has only really altered in that more people are being offered computing services more than ever before. Software proprietors are still unmotivated by the same principles that software freedom activists are. Microsoft's change is quite superficial and PR-related: Microsoft has shifted their campaign from more honest but harsh terminology to more deceptive terminology which appears friendlier. The social harm of proprietary software continues apace.
> A lot of things I use everyday are BSD licensed.
> Stallman cannot really make any such demands.
That those programs are licensed under one of the BSD licenses doesn't have anything to do with Stallman's use of the term "GNU/Linux" and recommendation that others join him in using the term "GNU/Linux". This is not a "demand" as you claim. Stallman explains his position in brief in https://www.gnu.org/philosophy/words-to-avoid.html#Linux , at length in https://www.gnu.org/gnu/why-gnu-linux.html and there's a FAQ as well.
In fact the specific point you raise has been raised before and is addressed quite well across multiple questions in the FSF's FAQ on the term GNU/Linux:
https://www.gnu.org/gnu/gnu-linux-faq.html#others -- Many other projects contributed to the system as it is today, but they don't insist on calling it XYZ/Linux. Why should we treat GNU specially?
For a while Debian has distributed multiple systems where GNU was the predominant OS atop other kernels--GNU/Linux, GNU/kFreeBSD, and GNU/Hurd. It helps people understand the major components involved by naming things according to what they are. Such naming is also fair to those who ask for a share of the credit for their major contribution to the overall work, as the GNU Project asks people to give them a share of the credit for their major contribution.
According to the article, "Apple said the update does not require any user interaction and is deployed automatically.". There's nothing moral about using "silent updates" (updates the user has no opportunity to decide whether to adopt).
Apple certainly wasn't looking out for their users' privacy and security when they let an iTunes bug go unfixed for 3 years (see http://www.telegraph.co.uk/technology/apple/8912714/Apple-iT... for more). That bug was said to allowed government spying. Apple's iPhone back door lets Apple delete a user's apps (per http://www.telegraph.co.uk/technology/3358134/Apples-Jobs-co...) but Steve Jobs said it was okay because we can trust Apple ("Hopefully we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull."). Back doors aren't moral, they exist to grant another party over the device the user bought and should own.
The root of all of this is the power of proprietary software (software the user can't inspect, share, or modify, and in some particularly restrictive cases can't always run). Proprietary software is unjust power over the user. There's nothing moral about proprietary software.
Requiring user confirmation for updating malware signatures would make them a lot less effective.
And in any case, there is a checkbox in the software update preferences labelled "Install system data files and security updates" which presumably allows you to opt out of these critical security updates.
And if you really wanted to have the zoom backdoor server run on your system, you could probably just strip the code signature and run it manually. Apple isn't stopping you from running whatever software you want on the Mac. Apple is helping all those users that don't follow Hacker News to keep their Mac safe.
>Requiring user confirmation for updating malware signatures would make them a lot less effective.
That seems highly unlikely to me. Do you have evidence to support that assertion.
On first use "Do you want us to automatically remove apps we think might damage your system: Y/n."
Don't users need a notification, at least, to inform their choices when installing software.
I guess Apple Computers would rather you just mindlessly relied on them, however, so anything that lets users know that Apple's system exposed them from risk is going to be avoided.
Every relative who never installs updates. I ask them why they are on an old version with major security holes that were on the news, but they just don't care. They always click "later".
> There's nothing moral about using "silent updates"
Sorry, but this is absurd. Automatic security updates are necessity. And no user read through all changelogs of all updated software (except extremely critical systems).
Maybe you wanted to argue for ability to downgrade and disable updates?
There's no call to write in such patronizing ways.
It should be up to the user to decide whether to take on updates, regardless of what you think because that's their computer and not yours and you each deserve control over the computers you own. Just as freedom of speech means sometimes people will say things you disagree with, free software computers means not everyone will keep up with the updates. But not offering software freedom is unethical and neither Zoom nor Apple are distributing software freedom. Apple has a clear record of using the power of a proprietor to expose their users to harm (more examples at https://www.gnu.org/proprietary/malware-apple.html ) and this story is an example of how Zoom apparently does as well.
What you and other posters are tellingly refusing to address is the immorality of software nonfreedom. As I wrote before, this is the core of the issue.
> It should be up to the user to decide whether to take on updates, regardless of what you think because that's their computer and not yours and you each deserve control over the computers you own.
Which is why the user can CHOOSE to have automatic updates. Or not to. The default when buying a new Mac is that automatic updates are enabled, because that’s the product Apple wants to sell and that they believe most of their users want to buy. It’s secure, it’s practical, it’s fun.
If you want to be your own IT department you simply deactivate all or some automatic updates. If you want a secure computer and trust Apple you leave it on.
I don’t see how this is a big moral question at all. Let people organize their computing needs in a way that’s safe and practical for them, not in the way that’s safe and practical for you.
>There's nothing moral about using "silent updates" (updates the user has no opportunity to decide whether to adopt).
There's nothing accurate about this description.
The user can turn off all update checking, or use the granular permissions to just turn off silent security updates.
>To allow macOS to update automatically, go to System Preferences > Software Update, then check Automatically keep my Mac up to date. The Mac offers some more granular update options than iOS. If you click Advanced…, you see a number of options:
Neither the MIT X11 license (one should be careful to identify which MIT license is being talked about as MIT has used many licenses for software) nor the modified (or 3-clause) BSD license look out for patent treachery. For all the user knows, perhaps your organization holds patents which read on the software you're distributing and this program is a means to give them something that tempts users to run, modify, and share software landing them in a patent infringement lawsuit. It's great that you write and distribute free software, but if you insist on using a non-copylefted free software license the Apache 2.0 license is a better choice for users of your software.
But it is also in user's interests to look out for derivative works because that means users of those derivative programs get software that respects their software freedom. Proprietary derivatives of non-copylefted free software means software that doesn't respect a user's software freedom.
The public domain isn't recognized everywhere and licenses like Creative Commons Zero (CC0) which has a fallback of being all-permissive for regimes where a public domain won't work doesn't look out for patent treachery.
The FSF warns against using CC0 for software (see https://www.gnu.org/licenses/license-list.html#CC0 for the full comments): "For works of software it [CC0] is not recommended, as CC0 has a term expressly stating it does not grant you any patent licenses."
If you really want people to be free to use the software as they wish, you can't ignore software idea patents. That naivety actually works against the users as they would be lured into dealing with the software believing it to be free but then trapped by a patent infringement lawsuit.
> But at a certain point you just have to realize that there are
> differing points of view, that is just the way things go, and
> "progress" includes all of them.
No, this is too broadly accepting and not carefully discerning as reality requires to make sage judgments nor will it help us understand the ethical underpinnings of the software freedom movement (very much related to one of the major problems in the essay -- the author frames the issue around "open source", a developmental methodology which eschews ethics and is therefore of great use to proprietors. See https://digitalcitizen.info/2019/05/10/how-free-software-and... for more on this). Proprietary software is a "differing point of view" and your statement tries to get us to accept that it is merely another acceptable alternative among many. Seeing proprietary software as some form of social progress means accepting the inherent harm of proprietary software, the very reason why the free software movement was founded in the first place. I will call proprietary software harmful and in no way progress for anything worth defending. The goal isn't to maximize one's ability to have power over someone else, it's to ensure specific and well-identified freedoms for all. Strongly copylefted free software where license terms are defended does this.
Because Mozilla (unlike most other web browser publishers) publishes free software -- software users are allowed to run, inspect, modify, and share at any time for any reason. This is known as respecting a user's software freedom. Programs that don't respect a user's software freedom are called non-free or proprietary.
That's the saving grace of Firefox. That's what makes Firefox better than any of the other currently widely-used browsers. A program's technical problems can be fixed, a program's speed can be improved (Mozilla recently proved this in the most recent versions of Firefox), but software freedom cannot be added to a proprietary program.
Therefore if you don't like how Mozilla treats add-on programmers or Firefox users, you have the software freedom needed to make a free derivative of Firefox which behaves in a better way (where "better" is up to you to define, it's purposefully vague). Perhaps you want your Firefox derivative to let its users easily install whatever add-on they like that will persist across restarts, or get add-on updates without hassles by checking multiple sources for updates, or installing add-ons signed with unfamiliar keys after getting a user's approval. I'm sure there are plenty of other ideas you could come up with to implement.
But with software freedom the limits of what you can implement are limits you impose on yourself.
This doesn't make Mozilla or Firefox evil and distributing free software is respectful of the users. Don't confuse unrewarded labor (complaining that Mozilla doesn't make Firefox do what you want) with respect for the users.
The Dissent add-on, similarly, is really just another single point of censorship forum. We can't evaluate whether it is better at respecting user's free speech until they are challenged in a serious way (such as the implicit threats to big social media firms when they are given vague inactionable requests to 'do better' when their CEOs are brought before Congressional hearings and told to respond favorably to Russiagate lies). Already on this forum we see some posters confusing freedom of speech with reading something that echoes their views. One post, for instance, claimed "[Dissent's] audience is primarily folk on the far/alt-right". As George Orwell said, "Freedom is the right to tell people what they don't want to hear". Or as Noam Chomsky reminds us, "Goebbels was in favor of free speech for views he liked. So was Stalin. If you're really in favor of free speech, then you're in favor of freedom of speech for precisely the views you despise. Otherwise, you're not in favor of free speech.".
So both Firefox's add-on repo and Dissent's forum are singletons that don't liberate users so much as they establish their respective admins as censors. Perhaps you could come up with a way to let users more easily distribute comments from their own comment database so that all comment threads on a website come from multiple servers, and no censor power exists because no single user has admin control over all of the comment servers. Dissent is also free software (licensed under Apache License 2.0) so even if you believe Gab or Dissent aren't to be trusted, you could choose to improve Dissent to make it decentralized.
> This is still user-hostile bullshit and some people
> at Microsoft really need to be beaten with a rubber
> hose until they get it through their heads that they
> don't own our devices.
If you run proprietary software on a computer, the proprietors have far more say in what that computer does than you do. This is true regardless of which proprietor is involved, the user's ostensible control over updates, and the ostensible high-level purpose of the software (an OS, an application, a word processor, a flight simulator, etc.). This particular proprietary software gives Microsoft a universal back door through which Microsoft can impose any change they wish (see http://www.informationweek.com/microsoft-updates-windows-wit... for an example).
Even if update control were respected in full, update control does nothing to change the fact that what's running is proprietary software -- user-subjugating software.
The frequency or UI of updates is a minor detail. It's the least the proprietor can get away with to give the simulacrum of user control. Microsoft has tried other means to do less but they were discovered and news reports effectively outed Microsoft (for instance, there's the time Microsoft had Windows send reports even when configured not to per http://arstechnica.com/information-technology/2015/08/even-w...)
So rather than engaging in harsh language or threats of physical abuse, I think a more productive way to address your understandable frustration is to switch your remaining proprietary-driven computers to a fully free OS running on fully free hardware (such as an FSF-approved free software distro -- https://www.gnu.org/distros/ -- running on a "Respects Your Freedom" device -- https://www.fsf.org/ryf ) and then install only free software on top of that.
I agree; I think this thread and a couple similar threads (basically repeating the same objection) are vastly overrated. Not spying + hardware and software under user control is far more important than whatever someone considers lagging video or anything that animates, particularly for a device people insist on calling "phones". I might prefer no animated GUI.
It's a shame this code isn't so good out of the box, but for all we know there are proprietary devices purporting to do the same job which also have poor code. The difference between the devices is we can review, edit/improve, share, and run the improved code for this device. The software freedom is a feature unto itself. So one is still better off with this device (or another device that runs on entirely FLOSS) over any proprietary device that purports to do the same job.