Open Letter to the Free Software Community
| ← Cool Video interview With Nels Cline | blag home | Hiromi’s Sonicbloom: Beyond Standard → |
Posted on 29 Dec 2009 1:40 UTC
The Free Software Foundation sends out occasional emails asking its members (I am one) to do various things for it, like donate, engage in advocacy, come to a fun party, et c. In the email copied below, they asked members to engage in advocacy of exclusively free software. This is my response to Holmes Wilson of the FSF.Update: I follow up this post in a later posting on 1 Jan 2010.
Hi Holmes and whoever reads this, :)
It would be easier for me to engage in this kind of advocacy if the free software developer community could commit itself to two things that matter hugely on the internet right now:
- usability
- security
These are areas where free software falls behind its competitors. For example, most peoples’ computers now are mobile computers; one of the biggest threats to mobile computers is loss or theft of the computer. A serious storage encryption solution like Windows’ BitLocker (with improved usability and functionality in Windows 7) can address that threat... where is the easy-to-use, performant, and safe solution for GNU/Linux? Why isn’t it an option in the Ubuntu/whatever installer? Why won’t Linux kernel developers take security features and bugs (such as the broken CRNG in the Linux kernel) seriously? The kernel is nothing but a security mechanism...
Similarly, as long as Google is not your threat actor (a key issue!), Gmail is probably more secure than the mail clients and servers I can get with free software distributions. And of course Gmail is a famous usability success story: the “conversation” abstraction, tags-not-folders, and powerful search are all beautiful features. Postfix and qmail are very nice and very secure, but they don’t constitute the whole picture. Mutt, Kmail, Evolution, and Thunderbird are huge blobs of nasty native code — and what about Mailman? Web mail clients? And so on. Many bug classes threaten these types of software, and I have not seen a serious, concerted effort to address them in the free software world.
When is $popular_distribution going to have native code exploit mitigations like ASLR and stack canaries turned on for all apps by default? This is basic stuff. OpenBSD started it, Windows rushed to catch up, and even Mac OS X has it. But Linux users have to go to extreme measures to get it (PaX/grsec are custom kernel patches/build options — completely unreasonable in 2010!).
Usability and security are so closely intertwined that they are almost the same thing, and both are absolutely non-negotiable features. Computers users are not free if they cannot understand how to use their software, just as much as they are not free if they cannot hack their software’s source code. Similarly, they cannot be free if their computers can be pwned by any random maniac on the internet.
The internet is where all the most important action is, and it’s an extremely hostile environment. If people can’t (a) use their software (b) safely, then the particular license terms are irrelevant. And indeed they are — I can’t recommend exclusively free software to a non-hacker or to someone who has particular security needs. Almost everyone in the world falls into at least one of those categories.
I want to be able to honestly advocate exclusively free software. I was a true believer and an EFF Staff Technologist, but I’ve found that exclusively free software cannot meet my needs.
Perhaps the free software community needs a personality like Richard Stallman or Linus Torvalds, probably installed at the currently-biggest distributor (Ubuntu? Red Hat? Suse?) to take up the usability and security helm and set technical and community standards by example. If you read Bill Gates’ “Trustworthy Computing” memo, you will see that free software has a lot of attitudinal catching up to do. Maybe you don’t like Gates, but that memo is a perfect example of the attitude all software developers, vendors, and distributors needed to adopt 15 years ago.
> On Dec 7, 2009, at 1:31 PM, Holmes Wilson wrote: > > Hi everyone, > > The FSF is putting together a group of volunteer supporters to spread > the free software philosophy in blogs, online press, and through > social networking sites. > > Find out more: > > * <http://groups.fsf.org/wiki/Community_Team> > > If you spend some time each day reading popular blogs or mainstream > press and you have a good handle on the debate around software > freedom, this could be a great opportunity. As part of the FSF > Community team, you’ll be doing things like: > > * Responding to questions and correcting misconceptions about free > software in online media. > > * Working with the FSF campaigns team to respond to big news stories > that impact software freedom, or stories that are chances for people > to understand why free software matters. > > * Making sure that important stories, about topics like fully free > GNU/Linux distributions, DRM, or the dangers of "cloud computing," get > as much attention as possible in the media and the widest possible > reach through social networking sites. > > Just to be clear, the goal here is not to get into long, drawn out > flame-wars :). Rather, this will be an organized and respectful > approach to raising awareness of free software’s importance. As an FSF > member, you’re already very familiar with the principles of free > software. This is a great chance to put that knowledge to use. > > If this is something that interests you, take the first step by > joining the discussion list: > > * <http://lists.gnu.org/mailman/listinfo/fsf-community-team> > > Thanks, and we appreciate your support! > > Holmes Wilson > Campaigns Manager > Free Software Foundation
Comments