They've got it all wrong. Users are vastly better protected from the kind of network surveillance they mention with Apple products, thanks to their curated, controlled approach to third party software distribution.
This is backed by hard data on malicious attacks from the Dept. of Homeland Security and the FBI. 79% occurred on Android, and just 0.7% on iPhone.
I'm also 100% positive this will have no effect on the reasoning of the FSF.
> Users are vastly better protected from the kind of network surveillance they mention with Apple products, thanks to their curated, controlled approach to third party software distribution.
You have got to be kidding.
For an ecosystem where its been the 'norm' to slurp users entire address books[1], NOTHING about Apple's 'curated, controlled' approach protects users.
Yes, and what else we don't know about, thanks to their closed software?
Yes, Apple just told us your fingerprint will be stored locally. So? Does that mean Apple si telling the truth, or couldn't leave a backdoor for NSA to get the data? No it doesn't, and we wouldn't know if they did do that. That's the problem with closed software.
I'm not going to say that your fingerprints won't fall into the wrong hands, but it's incredibly simple to monitor network traffic from the device, and it's a guarantee someone will do this just to see.
It's also a guarantee that Apple knows this, so why bother lying?
For all practical concerns, downloading FOSS in binary form is not that worst compared to source code, unless you are willing to audit thousands of lines of code before compiling (and is competent enough). The exploit can even be hidden into the compiler itself, not in the source.
I don't have a solution for this problem, I'm just commenting the fact that it is more complex than "compile from source" and that you have to draw a line somewhere unless you assemble your hardware from raw materials and write your own software.
This is really stretching the point, because it's implying that not only is a single breach proof of complete insecurity, but also that even a temporary breach is proof of complete insecurity.
If one is going to reason in black and white, then the only answer is that everything, absolutely everything, is susceptible to being compromised. In such a black and white world, there's no security benefit for open source software, because it is also possible that you could be tricked into running something that compromises your security, as it is also possible to have a design flaw in the architecture of open source code, as it is with closed source code.
It is only when one allows the concept of risk that a coherent security picture can emerge. Leave absolutes to mathematical proofs, and trust and risk assessments to the real world, at least until we can prove code correctness for an entire computer system.
> This is really stretching the point, because it's implying that not only is a single breach proof of complete insecurity, but also that even a temporary breach is proof of complete insecurity.
Not stretching the point at all, because this isn't the only case of a security or trust breach, and once that is broken, you have no reason to trust them again.
OP's post made the ridiculous claim that somehow Apple's 'controlled' approach protects users. I provided evidence which proved that false.
Totally stretching the point. Apple had to make stands as to where to trust developers and where not to trust them. Certain developers broke that trust with Apple, and Apple had to regain the trust with users.
Blame Path &c., not Apple, for abusing a feature that was originally provided for the convenience of developers and users together.
> Not stretching the point at all, because this isn't the only case of a security or trust breach, and once that is broken, you have no reason to trust them again.
This is foolish. Every non-trivial piece of software will eventually succumb to a security flaw. This does not mean the software is untrustworthy in toto.
Everywhere people talk is a battleground, called "civil, reasoned debate." One of the rules of that battleground is that when someone pokes a hole in the evidence you've used to draw your audience toward a conclusion, you can't put new evidence in its place to support the same argument; you have to make an entirely new argument, because the new evidence might lead you somewhere entirely else when looked at on its own.
The goal post here isn't about the address book API issue.
It's about the fact that having a curated experience doesn't automatically imply better privacy.
And when did Android fix it?
Oh wait, they didn't did they?
Open source software freedom means the freedom to write software that slurps up whole address books.
And it's the user's responsibility to read the source code to ensure it's not doing that. Because obviously most people are capable to do that and also have the time to do that for every piece of software they install, right?
At the end of the day, I'd rather Apple and the NSA have my data than some random hacker in russia.
Sorry, but since 2.3 i can install cyanogen mod, which allows me to deny any permission an App asks for.
I'm running swype (a keyboard) without access to the network (it crashes if it tries to update) and it works just fine for its intended purpose.
And 2.3 is OLD!
oh, and no, google android and operator/major brand abused android sucks and should be left out of this discussion. Buying locked phones (and by locked i mean the boot loader being blocked) is the same as buying an iphone. sadly.
You don't understand what free software means. It means freedom respecting software; something that you control. Apple could still have audited free software into its appstore as it does for nonfree software currently.
I know what "Free Software" means. Your definition has no connection to what you assert here: "Apple could still have audited free software into its appstore as it does for nonfree software currently."
So, unless you're suggesting that apps be distributed as source code, and compiled locally on your phone, there's no way to determine if the binary the App store distributes is an accurate uncompromised representation of the original source. Furthermore, expecting normal users to examine source code for security holes is an unreasonable burden. The security of iPhone apps is based on how much we trust Apple to maintain that security, and to review the apps. Not in our personal freedom to examine the source code, which we can do already, for many apps.
You confuse developer control/freedom with user control/freedom. They are very different things. A user doesn't have programming skills, and their personal interests are in freedom from malware- freedom from developers that have the ability to do whatever they feel like with the user's data. They have no interest in being able to compile their own apps and run them on their own hardware.
On the other hand, developers are interested in having the freedom of not being in a sandbox. not having to go through an app review/approval process. The freedom from security restrictions. The freedom to slurp address books. The freedom to override any hardware button, use any API, without limit.
Do you not see how developer freedom and user freedom are in conflict?
> So, unless you're suggesting that apps be distributed as source code, and compiled locally on your phone, there's no way to determine if the binary the App store distributes is an accurate uncompromised representation of the original source.
That's simply not true. If Apple opened its distribution process, and everything was cross compiled (which is already the case) none of what I quoted above would be true. This is nothing for or against free software, it is about correctness.
I'm just not sure how that would work, without Apple, or the Developer having the opportunity to introduce malicious code. Signature or not, known process or not, there's no way I can think of to compare a clean compile of source, to the binary that you get on the app store since Apple retains a private key that is used to molest the binary in some way.
You would have to mean something else by "open its distribution process"
Or just blindly trust that Apple knows what they're doing and that it has its customer's interests bound to its own commercial interests.
This is why I mentioned the public keys. You can do the parts of the process short of the signing, then go the other way from the published binary with the public keys.
Sheesh, does everyone on HN need everything spelled out for them?
How does it still stand? Maybe the curated system doesn't protect users, but the only example you provided of it failing to do so has apparently been fixed.
>For an ecosystem where its been the 'norm' to slurp users entire address books[1], NOTHING about Apple's 'curated, controlled' approach protects users.
Well, for one, that doesn't happen anymore without specific user approval.
Second, even with that hole, still SOMETHING protects the users more, hence the huge disparity in attacks and malware between the two platforms.
For example, what you described is your adress book data taken by the company whose app you use without your consent. That's bad, but not as bad as your whole data (and device) being taken by malicious software you never even intended on using.
Actually, 26% of Android apps have permission to slurp your contacts, including many that have no business doing so. Apple's current approach is much better at protecting your address book, because it makes apps ask permission at the moment they want access, not upfront when installing (which most users grant blindly).
This of course has little to do with curation -- except that curation helps too, in that malicious apps can be blocked. Apple's curated approach is why it literally has 1/100th the malicious attacks of Android. It chokes malware at the distribution point.
This is silly. The free-software folks doesn't want phones to be like Android; they want them to be like Debian (or gNewSense or whatever).
That is, where users have a choice of a curated package repository maintained by middlemen who have the users' interests at heart. And where packages and the changes to those packages have an audit trail.
The Google Play store is a disaster from the GNU perspective -- zillions of nearly-identical closed-source programs, most of them pretty lousy, no curation by a trusted third party, no access to source anyway (so not so easy to curate even if you wanted to), no ability to fetch an old version or see what has changed, no way to "take over" an abandoned package and bring it up to date or improve it, no way for a distributor to make programs play nicely together, and no way for a distributor to modify programs to make them less privacy-invasive or battery-intensive or whatever users might want.
They don't even want Debian, since it has optional binary blobs and hosted repositories of commercial software.
FSF isn't complciated - don't give your users anything without including the source. And don't restrict the users ability to modify and run said software however they want.
The FSF refuses to "approve" something just because they point out nonfree software that you can use.
Fedora fails for this reason - it's 100% free software with some firmware blobs kept aside that are, yknow, necessary to make some hardware work.
It's dogmatic to the point of absurdity. A piece of software is free software because of what it is, not because of what its makers suggest/allow you install on it.
> A piece of software is free software because of what it is, not because of what its makers suggest/allow you install on it.
And so, if its a binary with a license that prohibits redistribution, modification, ships without source, or is just a series of hex values in a struct, I don't see how its free software?
Fedora, by providing blobs, promotes the usage of non-free software. If you want those blobs you should have to seek them out yourself, your provider should not saddle you with potential ignorance to you running software no one can audit. If your computer can't run without binary blobs, yet you are a free software proponent, you should not want to use that computer because the manufacturer is taking away your freedom to use the device you purchased how you want.
Though that gets into the mess that is open EE technical documents on firmware, chipsets, mainboards, circuit layouts, etc - pretty much none of which exist, because so few companies offer them, it is nigh impossible to get an open platform.
Which sucks, and is something I'd throw money at to see fixed.
>If you want those blobs you should have to seek them out yourself
Untenable position. A user should not be forced to jump through hoops to make their hardware work just for what is essentially an ideological reason (and indeed, an average user would rightly reject such software.)
>If your computer can't run without binary blobs, yet you are a free software proponent
If the goal of the FSF is to make people care about the free-ness of their operating system, they could certainly go about it a better way.
The problem with the whole "approval" thing is that the very name of the organization combined with that action is misleading. Example, if I ran a group called the Cool Software Foundation and maintain a list of cool software, and I made it a point to single out your $application as not being approved, that carries the connotation that your app is not cool.
s/cool/free or any other objective adjective.
In other words, the distro itself very much is free software, and the FSF by their dogmatism is being misleading. I'm with BSD on this one.
This says nothing of NSA sleeper agents sneaking backdoors into Apple products, which seems pretty likely given the recent disclosures.
The more centralized you build a system, the easier it is to completely own.
Also, there's a massive confound in that Android phones come a lot cheaper than iPhones, making them far more accessible for the typical targets of active government surveillance.
Given that the USCIS (and so, presumably, the NSA) already has the fingerprints of every visitor to the USA, and (as I understand it) any US citizen with a drivers license, I'm not sure I understand what harvesting fingerprint signatures from the iPhone would achieve.
It goes the other way around. Because the government has almost everyone's fingerprint on file already, it is important to them that fingerprint scanners become a widespread method of authentication.
Making sure the new locks fit all these old keys we have lying around, basically. Standard government cost saving measure.
Not true about drivers licenses in most ( I really want to say all) state. Even covertly, I doubt they could collect them. You don't, at least in any state I've dealt with, give them documents they could keep and pull fingerprints off.
In the US, the only one gets fingerprinted are by being arrested or for certain back ground checks( e.g ones for teachers, some bank employees, and security clearances).
You could be an NSA sleeper agent, using HN to launch false-flag propaganda operations. Go ahead and prove otherwise, if you can. Until then I'm going to treat everything you say and do as an attempt to spy on me.
You could be an NSA sleeper-sleeper agent, using HN to launch false-false-flag propaganda operations. Go ahead and prove otherwise, if you can. Until then I'm going to treat everything you say and do as an attempt to spy on me.
I suppose so, but the NSA budget would have to be awfully big to fund me. It's high-cost, and low-gain.
In contrast, owning Apple would be a massive win.
But you're free to treat everything I say and do as an attempt to spy on me. How will that change your behavior? Or are you being deliberately obtuse for the sake of disrupting discussion?
I think there is a point at which mindlessly yelling "WHAT ABOUT THE NSA" at, well, basically everything stops being useful, because it offers no insight whatsoever, and provokes no thoughts that hadn't already been provoked. In fact, past a certain point it becomes counterproductive, as it enters "Old Man Yells At Cloud" territory and opens up the commenter, and by connection the content of the comment, as a subject of ridicule.
Also, you've still not proven to me that you don't work for the NSA.
Well, the insight I was going for here is that a walled garden is only as safe as the gardener, and whatever trust we as humans could have in that gardener should be totally shattered in the post-NSA leak world.
If you think that isn't a legitimate insight, or if you're so blazing-fast that you'd already made that inference, I suppose you're entitled to think that, but it's very difficult for most humans to re-compute all of their cached thoughts in the light of new information, and the NSA leaks aren't any different.
Throwing the NSA thing at Apple is ridiculous frankly. It seems that the vast majority of tech companies were involved, including the likes of Google and all seemed to be far more embroiled is the sordid affair than Apple. So why are they more likely to be sharing stuff that anyone else? It's all very disingenuous from where I'm standing.
> Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals.
>Users are vastly better protected from the kind of network surveillance they mention with Apple products, thanks to their curated, controlled approach to third party software distribution.
I'm a strong proponent of free software, but I do see your point, that there's safety for non-technical people in a walled garden, as long as you trust the gardener.
I'm wondering if the concept of free-software and a walled garden are really that incompatible.
Let's say the garden has a gate, that a user has to go through a clear process in order to allow to install non-recommended software.
This would give a similar level of protection for non-technical people, but will still be free-software, and allow technical users to install whatever they want.
One effect would be that, if the gardeners decide not to recommend some popular software, then many users would be inclined to disable the safety features, thus reducing overall safety, so there will be a penalty if the gardeners are too strict.
>I'm wondering if the concept of free-software and a walled garden are really that incompatible.
They are defiantly compatible. Consider the way Debian (and many others) approach the problem. Almost all software is installed through the package manager, which gets the software from a set of repositories. These repositories can be as much of a walled garden as the repository owners want them to be.
The main difference is that, it is possible to add third party repositories, and/or remove first party repositories (or sidestep the package manager entirely).
I disagree. FSF's usual complaints are not about who protects whom, but rather about knowing what your device is doing, which is impossible in the case of Apple.
I actually think you have it all wrong. For while malicious applications can do all sorts of nefarious things they are still individual actors. I think at this point while we all detest the extremes of marketing the more pressing concern has to do with state sanctioned surveillance which would be much more feasible with such a centralized service as provided by Apple.
I truly find your comment disingenuous and suspect as you only mention apparent malware and virii while the tone I infered from the article seemed a little more nuanced.
You are so far from the point, the light from the point will take billions of years to reach you. It's the platform and the platform vendor that can't be trusted to keep you safe, that's before you even start talking about attack vectors from third parties a.k.a. Apple Partner Companies. And seriously, you're ready to get in bed with the DHS and FBI? They're the ones after your data!
and the "average" user, not some hyper-educated tech savy never needing support person, has not much of a choice. Standard Android solutions will become just as bad in terms of unfree software.
Sadly, but understandingly, user will value the niceties of iOS and alike more than the potential damage to their privacy.
Thank you for pointing this out. While a "walled garden" approach is less than ideal, it is clearly somewhat more effective from a security standpoint.
Perhaps not your "NSA backdoor" variety of security though...
I don't know why other comments are being so snarky or dismissive and apologetic in response to this.
It doesn't matter whether or not you like the FSF, agree with Stallman, prefer Android, think the problem is rogue apps, the NSA, or think it's all irrelevant anyway due to the secret and proprietary nature of mobile firmware, baseband or hardware.
The FSF have made a very astute observation about the implications of having a finger print scanner in a personal device which you can probably not trust with your secrets. Can't we talk about that specifically instead of flogging the same old dead horses?
Do we really want to wait a few years until we discover that the authorities have been downloading fingerprint profiles from phones (like they're already known to do with messages and contacts) to acknowledge the insight here?
Why is harvesting fingerprints such a catastrophic possibility? The government already has your fingerprints if you've ever left or entered the country, and they've likely been taken during other periods in your life as well. Hell, even the Cambodian government decided to scan my fingers when I passed through.
DrCube's counter-argument [1] is logical: that with these existing databases, the government can now access your phone. But really, is this feature being touted as a impenetrably secure way to unlock your phone? It seems to be positioned as "a way to make accessing your phone convenient for you and non-trivial for others," and I think this feature does exactly that.
If you can't trust the phone vendor, why are you not more paranoid about entering your username/password on the device? What about ___location data? I really can't fathom why decrying fingerprint technology is the nexus of your argument here.
> The government already has your fingerprints if you've ever left or entered the country, and they've likely been taken during other periods in your life as well.
So, because it's pervasive, it's absolutely fine to allow it to become more pervasive?
Fyi, I'm approaching 30, have travelled widely, and to my knowledge have never had my finger imprints taken. I see no reason to find this acceptable. Not all countries are as fucked as the US in wanting your biometrics.
> is this feature being touted as a impenetrably secure way to unlock your phone?
That's not the issue, it's the fingerprints themselves that the FSF and many of us are concerned with. Sure, you do leave your fingerprints everywhere you go... but I really can't see a team of spooks dusting down the counters in McDonalds or the handrails in the subway to establish a national database. On the other hand, I can totally see the Facebook mobile app using fingerprints for remote authentication and then the authorities gaining access to that data store.
> If you can't trust the phone vendor, why are you not more paranoid about entering your username/password on the device? What about ___location data?
1) I can use a password that's unique to the device, my account, my app, or the the colour of my underwear. My fingerprints don't change.
2) Location data is less avoidable because it tends to be a by-product of optimal operation of a mobile device. Even excluded GPS, cell towers can be used to triangulate your position well enough to be useful to advertisers, for example, but that same raw data is totally needed for hand-off between cells and managing network coverage.
3) Again, existing concerns don't make new concerns OK.
Because the implication is that your identity can eventually be physically tied to every action you take. If everyone were to adopt fingerprint scanners as their method of transaction, there would be no way to uncouple who we are from what we do.
It's an implication that may not be soon realized, or even ever, but to me that's the component of this that's a bit worrying.
Not to mention it would be fairly trivial for a dedicated opponent to obtain fingerprints for most people, as long as they don't wear gloves everywhere.
Dusting and lifting all the prints to be found in public spaces is infeasible and the results can't be correlated with identities. The move to mobile phone scanning opens the door for more cheap, mass digital data harvesting.
In effect, you're making the same argument that claims it's OK if the government track every car in the country by optical plate recognition, across a vast camera network, because "Hey! you're out in public already!"
The difference in both cases is only a matter of difficulty.
"I don't know why other comments are being so snarky or dismissive and apologetic in response to this."
Because if you didn't already know what the FSF thought about <closed source software> you are the cancer killing HN by upcritically upvoting this (along with every NSA comment in every thread not remotely related to the NSA).
"The FSF have made a very astute observation"
No they haven't. They've made the same observation they always make -- closed is bad, proprietary is bad.
I think the FSF's caution is reasonable, but Thinkpads have had fingerprint scanners in them for years and it doesn't seem to have significantly impinged the privacy of people who use those devices.
Did they make the same astute observation when Motorola Atrix was released?
How about phones having microphones?
Funny how people freak out about fingerprint scanner which is optional and may not send any data anywhere, but don't care about Google Now.
I see the statement as not a re-iteration of FSF's take on Apple but rather re-establishing the meaning of free software and its importance to people while the tide is high.
I think this is the problem exemplified, especially the last one -- that was plain embarrassing. The FSF just cannot tactfully spread their (quite wise and forward-thinking) message. To any average Joe, the guy outside the Apple Store protesting the iPad is no different from the local drunk schizophrenic who lives on the alley corner yelling "REPENT, SINNERS!" until he passes out again.
Their concept of professionalism is flawed -- actually, a more apt predicate adjective would be "completely nonexistent." Just look at their website. 2003 wants its two-tone website design back.
I love FSF and RMS and I'm glad they exist, but they really do have terribly disturbing design and PR. Geeks like to pretend that isn't important, but to the average Joe it matters.
That's all very nice in theory, but if I am not a ___domain expert in a subject and the book's cover is made of clip-art and Comic Sans, human nature will lead me to trust it less.
Humans are not rational animals, no matter how much we'd like it otherwise. Rather than shouting down the tide, it's wise to invest in a little design/marketing - even if it rankles.
Stallman, et. al are also against anyone making any money from building software. He's said as much, that he thinks software engineers should work as waiters rather than work on anything which isn't entirely free.
So, naturally he's against Apple which happens to make a lot of money from building software.
"Stallman, et. al are also against anyone making any money from building software"
This is utter non-sense. I think you are confusing "free as in freedom" with "free as in free beer". Stallman openly says free software can be commercially developed and supported. Just that the users should have certain freedoms to use it. The developers can sell copies of their free software if they choose to.
In a NYC talk, Stallman readily said that software developers should absolutely never work for any company developing closed source software (ie. the vast majority of software companies) and should instead work as waiters, developing free software in their free time.
You apparently think that "commercial" and "making money from software" must, must mean "proprietary" and "closed source" software.
RMS and the FSF disagree strongly with this and see no inherent conflict between the two. Either you didn't know and were honestly ignorant, or you were deliberately trying to confuse the issue.
I know they disagree with this, but the fact remains that it's very challenging to make money off open source software. Few companies are able to sustain such a business model, particularly if the target market is consumers with no interest in retaining consulting services.
Now you've changed the subject from "Stallman, et. al are also against anyone making any money from building software" to "[...] it's very challenging to make money off open source software", which is a separate point entirely.
A case could be made that Apple and FSF are on the same page there. Apple’s revenues from software sales pale in comparison to its total revenue.
Apple makes software in order to sell more hardware, that’s why they make so little software for other platforms. Apple either gives its software away or it sells it for way less than similar products by competitors.
Today, Apple announced it will start giving its iLife and iWork apps away for free with all new iOS devices.
Currently, Apple sells its OS X upgrades for $20 and it’s not unthinkable that they will start it giving it away, as they already do with iOS upgrades.
Other examples are Apple’s Pro apps. It would acquire those apps from other companies and then discontinue the versions for other platforms while slashing the prices for OS X.
> A case could be made that Apple and FSF are on the same page there.
Not really. Apple is very big into free software, but only free as in beer.
As you note, they build that software (and give it away effectively for free) in order to sell more hardware. The second they make it free as in speech every competitor can pick it up and put it on commodity hardware, destroying a major strength of Apple.
Apple says the info stays on your device. "They're lying." Ok, but is there ANYTHING that could possibly convince someone of this mindset otherwise? I'm guessing the answer is along the lines of, Open source the whole thing. Oh well. Like I said, points scored.
It seems like even within the text of your comment that yes, there is SOMETHING that could possibly convince someone of this mindset that they aren't lying - they could open source the whole thing.
Apocryphal, but funny story about Calvin Coolidge: After returning from church one day,
his wife is supposed to have asked him, “What did the preacher talk about?” Mr. Coolidge is reported to
have tersely replied, “Sin.” Still insistent, Mrs. Coolidge probed, “Well, what did he say about sin?”
That is when Silent Cal responded, “He was agin’ it.”
What did the FSF talk about? Proprietary software. What did they have to say about it? They're agin' it. And like the sorts of preachers who love to talk about sin, there's never room for subtlety or tradeoffs.
You can't talk about tradeoffs without a firm understand of the two (or more) things you're trading off. There are a million PR agencies evangelising benefits of proprietary software and the drawbacks of Free software, and that viewpoint has been vehemently expressed for over 35 years (Bill Gates' "Open Letter to Hobbyists" was written in 1976, 37 years ago), so that side of the equation is very well understood. Meanwhile, the benefits of Free software and the drawbacks of proprietary software are much less frequently expressed. Sure, if you're a Linux user or subscribe to the nerdier-end of tech-news sites like HN, you've probably heard it all before, but that's still a small percentage of the IT industry, let alone the huge number of people considering updating to the iPhone 5S.
There's room enough for blog-posts and multi-page articles debating where the author wants to draw their personal line between proprietary and Free; we shouldn't complain about the FSF trying to fit their message into a soundbite for their target audience.
I had a friend bring this exact thread up over dinner. The reaction of pretty much everyone else at the table, myself included, was "Okay, and? How is this different from what the FSF does every day? Are they planning on releasing some silly PR flack every time a company comes out with a new device?"
Meanwhile, the benefits of proprietary software are more immediately obvious (the professional content creation market, for instance, is completely unserved on Linux last I checked), while the benefits of free/open source software are much more subtle and more ideological than functional.
The recent NSA shenanigans have (rightly, IMO) elevated the priority of that ideological fight, but it still is what it is.
(Note that I believe the FSF is fighting a good fight, but their organization and leadership appears to be dogmatic and often unrealistic)
Not to be a jackass, but "regular" people don't want open source. They want things that "just work."
And there's no such thing as secure, unless you build your own software, that only talks to your own servers and that only uses your personal telco and your own infrastructure.
>Not to be a jackass, but "regular" people don't want open source. They want things that "just work."
By what logic do you come to the conclusion that these things are mutually exclusive?
Firefox "just works." 7zip "just works." There are innumerable things (like ssh) that "just work" so well that you don't even know when you're using them half the time.
The difference is that with free software you can do the things that don't just work. With Apple if you want to do X thing and Apple deigns to provide X thing then you can do it without any futzing around. But if you want to do X thing and Apple deigns to neglect it then you will not be doing X thing whatsoever, regardless of how much you need it.
So for example if you want to install the latest version of Debian on a PowerMac, you boot the install CD and press enter until it's installed. Generally speaking it "just works." And in the event that it doesn't, chances are that you yourself can make it work. By contrast, if you want to install the latest version of OS X on a PowerMac, you can't. Enjoy your paperweight. The end.
Are you trolling? If you don't read the post's first paragraph to say that regular people want software that "just works" rather than open source (thereby implying said conclusion), it would turn the paragraph into gibberish. Reading the two statements as unrelated makes the statement about regular people not wanting open source into a baseless conclusion without explanation and makes the statement about wanting things that just work into an irrelevant tangent having nothing to do with the topic of discussion. I prefer to give the poster the benefit of the doubt that the post was intended to convey a coherent meaning rather than an arbitrary amalgamation of unsubstantiated opinions.
The argument is that regular people do not care about open source.
You're reading too far into posts or something. I never said the statements were unrelated. They're definitely related, just not in the way you thought they were.
Compare to: "Regular users don't look for 'health' food, they want something purple." Nowhere is it concluded that something can't be both healthy and purple.
Let me put it this way: If the post I responded to didn't conclude that open source doesn't "just work" then using the same logic, my post didn't say it did. All I did was point out that healthy food can be purple, and that "regular" people may benefit from retaining their ability to choose to eat food of more than one color.
Your post did a good job of showing examples of software that does both, and making an argument that open source improves the chances of working.
But your very first line, the line I quoted, directly states that davidedicillo was calling them mutually exclusive. That line is what I was objecting to.
Yes, they want things that "just work", but not against them. Most people realize that security is not perfect, but then most probably did not expect that that meant extensive and chronic surveillance.
Haven't seen a phone that would "just work" if this term means "do what I want it to do". It's always tons of "you can't do it that way" and "you're not supposed to want this." And sometimes it "just works (but not in a way you think it does)".
Indeed, it's applicable to many things (although not any kind of not custom-built products, only those with high complexity and use possibilities), not exclusive smartphones by any means. But this discussion is about very particular matter, so I wrote the word "phone".
I've never understood the idea that there's all these "regular" people out there with "regular" concerns. Sounds absurd to me.
They "just want it to work" is a lazy generalization that comes from lack of effort in finding out what the real concerns, motivations and thoughts are of the people in our communities.
I'm quite sure it was "regular" people behind the class action lawsuit against Apple for allowing misleading or rip-off practices around in-app purchasing in otherwise so-called "free" games targeted at children. Slow clap for the "curated" protective measures from Apple on that one.
In the end, it turns out that "regular" people are not passive drones, wanting nothing more than for something to "just work". Regular people are complex. Try having a conversation with a regular person, you'll soon find they have all sorts of interesting and complex opinions and concerns about the world they live in
Sometimes, even people who love open source and can code themselves still want things that "just work." I'm one of those people, and I enjoy being able to hack a lot of my electronic equipment, but my phone is something I'd rather have "just work."
We can't imagine a more hostile reaction to the wave of privacy concerns sweeping the world right now than debuting a proprietary, network-accessible fingerprint scanner as your new 'feature'.
I can't imagine a more short-sighted view of product development than to assume that new hardware is a reaction to events which occurred only a few months before the first shipment of that new hardware.
They could have canceled the feature and launched the product without it. They could have referenced the privacy implications and their role in it, but they chose not to. The fingerprint scanner is clearly not a reaction to recent events, but we can't honestly pretend it has an existence outside their context.
No matter how ineloquent the FSF may be, we need some people out there leading our introspection, driving us to answer questions for ourselves about the potential tradeoffs. We need multiple groups out their stirring people like us to communicate to "regular people in restaurants" and whatnot what the tradeoffs and technical capabilities are.
This goes double for the new Google phone announced in the wake of the NSA scandal. One if it's new features? A single core is listening 24/7 for key phrases. We have to tell people why this is could be hazardous to their well-being.
> Even if you flash your own os, you still aren't going to know if any backdoors have been added.
CyanogenMod for example is open source. There might still be bugs, whether intentional or not, and you rely on the same hardware but I'd say that it's a definite improvement.
> Android phones aren't anymore transparent. The carrier or phone manufacture can add whatever they like to android.
Correction: most Android phones aren't transparent. But you can get a Google Experience phone (HTC One or Galaxy S4) or a Nexus device (4, 7, 10) and install a 3rd party ROM free of any closed-source software. This is also often possible with other, non-GE/Nexus phones.
> [...]and install a 3rd party ROM free
> of any closed-source software.
No you can't. I'm not aware of any commercial Android phone that doesn't need binary firmware blobs running in kernel space to work, e.g. for display drivers, WiFi, the radio stack etc.
> Hardware backdoors are a separate issue.
You don't need a hardware backdoor when you can just put a backdoor in the binary blob your users run along with some open source software they download along with it.
> No you can't. I'm not aware of any commercial Android phone that doesn't need binary firmware blobs running in kernel space to work, i.e. for display drivers, WiFi, the radio stack etc.
Using an open source operating system is a step towards a fully transparent phone, even if it doesn't solve all the problems at once. It opens a market space for a company to release a phone with open-source drivers. Consumers need to force companies step-by-step towards the solutions we want, not just expect them to be delivered in a gift-wrapped package.
So do we believe the new Firefox OS will be the way forward, as a good alternative open source OS? I haven't looked into it much yet, and the hardware of the ZTE is severely underpowered at the moment for my needs, but if this is truly open then I can see myself getting on board, even flashing an Android device with it (if the hardware allows).
Didn't know about F-Droid, that's the kind of marketplace I think that is the best of both worlds, open source but verified by community members.
After all of these NSA scandals, we really need to be pushing more for open source firmware from all companies.
I don't even think firmware is what's maintaining their "competitive advantage". That firmware needs to be matched with the hardware anyway, and it's really the hardware that offers the competitive advantage. So I think the "competitive advantage" they get from closed firmware is mostly imaginary for most companies. We should push them to "think different".
Better yet, we should demand to open source their firmware if they want our trust, after all of this.
i think you could find a niche, specialized market.. like the geek and hacker people.. and start from there.. than you can make bigger moves..
i think of course only by being open source, maybe its not enough.. dont know how your project is of course.. but its good to have something that distinguish from the other stuff around.. but it can attrack attention from the geek market..
thats what firefox-os are doing after getting late in this crowded party that is the smartphone industry..
Better yet, we should demand to open source their firmware if they want our trust, after all of this.
If Apple open-sourced their code, how long do you think it will take before a dozen cheap chinese knock-offs appear with an almost exact replica of iOS? Thus killing off a huge market share for them. At least at the moment, the user experience of those cheap knock-offs is vastly inferior.
Although a nice sentiment, but too far fetch from reality.
Most radio functionality still requires closed-source binary blobs, almost certainly containing backdoors. There's no such thing as open source CDMA drivers and the only open source GSM driver (OsmocomBB) is basically abandon-ware at this point. 4G and LTE are simply not going to happen.
Would be really awesome to see more support for OsmocomBB and similar projects though.
rms emails a program which returns webpages via email, rather than visiting websites directly. He's completely out of touch with how modern computers or smartphones are used.
If it were anyone else but RMS who did that, HN would laud it as the pinnacle of hacker excellence. I could see this in a lovingly-upvoted bio of Dear Leader^w^wpg:
> Though the YC portfolio is typically on the bleeding edge of tech trends, focused on mobile and web apps, Graham doesn't even use a web browser unless he needs to. "I find the web distracting," says Graham. His solution? A custom-coded program that downloads web pages, formats them for offline reading, and sends them to him via email. "I spend a lot of time responding to email, so this fits in with my existing workflow, and I can keep track of it like anything else in my inbox."
If pg is a bad example, pick literally any other well-known hacker.
And yet, every time the FSF or RMS are mentioned, this is thrown up as a sign RMS is "out of touch" or "anti-technology." No, RMS is a hacker, who didn't like the user experience of the web and hacked a solution.
Neither. The people that are right are the people that apply the same reasonable standards to any demagogue. They're rare among humans, but they are the least wrong.
In particular, you are wrong, since you're incapable of separating RMS's political stance on software freedom from his political stance on surveillance. If Paul Graham didn't use a cell phone, would that make Y Combinator any worse?
He has absolutely no expectation that people will follow his example in those cases.
I read my email in a terminal, and often browse the web from one too. Hell, I also code in terminals! I am sure plenty of people, probably even most people, consider all of those nutty. Am I out of touch?
I would say that you are willfully, self-consciously out of touch. This may not affect you on a day-to-day basis, but it will make you completely unqualified to make certain decisions for anybody else. Your designs will not be usable by the majority of the population.
This might be okay if you're not targeting the general population, but there's a danger of forgetting just how out of touch you are. There's a danger that, like RMS and PG, you may create a website that is visually abominable, and convince yourself that it doesn't hamper the flow of information.
I don't think that I am out of touch; what precisely do you think that I might be unaware of? What sort of designing ability do you think I am missing out on?
Before you answer, I will make this clear again: RMS does not expect anybody to follow the example of his personal computing habits. Neither do I. When I make recommendations to others, I make those recommendations with what I know of that person and what they will like, not with what I like. I know perfectly well that my preferences are eccentric, but this eccentricity is not the product of any sort of ignorance and I assert it does not induce any sort of ignorance.
(Just to real quick head you off because I sense where you are going with the PG reference: HN is actually one site that works poorly in elinks, due to how it nests comments. It is best used in a modern browser, and for it I use a modern browser)
The point is you assert that it does not induce any sort of ignorance. If you are talking about the kind of ignorance other are talking about, how can you assert this?
It's false by definition: you are ignorant of the modern experience of using the web because you have literally opted out of that exact experience.
"you are ignorant of the modern experience of using the web because you have literally opted out of that exact experience."
I am not, and I haven't. I often do use modern browsers, such as with HN (and other sites that require it), as I have already mentioned. My frequent use of elinks does not somehow make me unfamiliar with modern browsers in any way. Elinks does not induce brain damage.
If you want to talk about mail clients, where I use a terminal based client as my primary client, rather than just a frequent client, there might be more substance there. However I certainly do not consider myself unfamiliar with GUI desktop clients (particularly outlook) or web clients (particularly gmail), or GUI phone clients (particularly gmail, again). I know how to use those, just as I am sure many regular outlook users know how to use gmail and how many gmail users know how to use mutt. My personal choice, while an unusual and eccentric choice, does not render me particularly incapable of being aware and familiar with other choices. Furthermore, I consider myself perfectly capable of offering others advice. If my mother asked me what client to use, I would tell her to stick with the gmail web app and phone app. If a coworker asked me what they should use, I would recommend that they continue to use Outlook, unless I knew they were receptive to and interested in using mutt. I really don't see how using mutt could be impeding my ability to make sound mail client recommendations.
Using mutt to compose and read email does not make me out of touch and ignorant of Outlook anymore than using Windows Phone 8 makes somebody out of touch and ignorant of iOS.
Shoot, another example with some actual evidence: I use a Chromebook with Debian on it. I enjoy this setup immensely, but if you search through my comment history you will see that I am very critical of it when talking about it with others. This is because, despite my eccentric setup, I am not out of touch with how most users use their computers, and with what most users expect from their computers. I understand that the setup I enjoy is not for everybody. In fact, rather few people would find it acceptable.
RMS is basically offline most of the time and gets a crap ton of email -- from the general public, from the GNU project and from his colleages at the FSF.
He spends most of his waking time running GNU, the FSF and answering people who have questions about free software. When he's not doing that, he's giving talks or getting a little bit of sleep. He spends a lot of time on a plane.
Other than working through mail in batches, including offline copies of webpages, would you suggest he get this same amount of work done in the time he has?
The PG jab was actually at his personal site. Every time somebody links to one of his essays, I look at the layout and go "who is this clown?" And then I realize who it is and I shut up. His design sense is legendarily bad.
His design is poor, but it does nit logically follow that his design is the product of ignorance of modern browsers.
The much more likely hypothesis is that he simply is not good at design, or he has unconventional tastes in design and doesn't care that some people don't like it (and perhaps even considered it a shit filter...), or that he simply doesn't give a shit at all...
The backdoors for mobile hardware is at the hardware level. I get the feeling that Google couldn't care less what you actually run inside of the VM that it android, what matters is how it manages access to resources like bandwidth and the associated meta/data required.
I'm sure there is some kind of way to profile what the VM is doing and send it out remotely, but the real security concern is using the phone itself as a platform. People already have secure computing systems, what they don't have is secure (or insecure depending on perspective) network access.
This statement seems to be a general 'complaint' about Apple, rather than specific to the new iPhone models introduced today. How is a fingerprint scanner restricting users' essential freedoms?
That's pretty much exactly what it says: "... Instead, Apple has given us new hardware with the same old restrictions. ...". Their quip about the fingerprint scanner is mostly just an example as I read it.
No, this isn't "news". The FSF position on Apple's products hasn't changed significantly in decades. That said calling attention to that position and discussing it seems worthwhile in context to me.
Presumably the fingerprinting issue is more of privacy than essential freedoms. Even if we believe Apple when it says that fingerprint data (and authentication?) will remain solely on the device, it's potentially only one vulnerability before someone collects or accidentally exposes millions of iPhone users' fingerprints. And unlike your private keys, you can't change your fingerprints.
We could perhaps communicate this to people by way of saying that it resembles Bt corn. Bt works well as an infrequent insecticide, however, when it is used full-time, insects become immune to it and the usefulness of Bt is spoiled forever.
We could also regard fingerprints as a classic example of Security-By-Obscurity, like SSNs. They work well when used in small, obscure places like Top Secret building locks, but once the obscurity is removed by the fingerprints being compromised through accidental distribution, the technique as a resource is collapsed as a whole for everyone.
Yes, I think they failed to make a strong point in their blog post.
I will be glad if Apple makes fingerprint scanning mandatory, as it will at least introduce the concept of securing your device to the 50% of iPhone users that currently do not use a passcode. I'm really surprised Apple have implemented this before Google.
"Apple purchased fingerprint-reader specialist AuthenTec in 2012, and the U.S. government recently approved Apple's patent for its own fingerprint reader technology. The company, like other makers of fingerprint scanners, uses radio frequencies to map a finger's surface."
http://online.wsj.com/article/SB1000142412788732386460457906...
There were people in that other iPhone thread claiming that the discussion about the privacy issues of the fingerprint scanner were irrelevant to the discussion and that they'd much rather not talk about it because they were so sick of reading about the NSA. I kid you not.
In a different way, you could argue that the Apple Appstore (and similar) are protecting general computer users from malicious software.
There hasn't previously been vetting of software, so novices would download malicious programs from websites unaware. Now Apple performs helpful quality assurance.
The onus is on the consumers to demand something better. I'm personally boycotting Apple products partially for this reason. If I were to found a company & give my employees cell phones, I would lean heavily towards open/free hardware/software.
> We can't imagine a more hostile reaction to the wave of privacy concerns sweeping the world right now than debuting a proprietary, network-accessible fingerprint scanner as your new 'feature'.
That's what I call a serious failure of imagination.
"Free software empowers users to replace any software hostile to their interests."
I suppose so, but there's a much powerful mechanism: consumer choice. If a user feels a phone is hostile to them, they will buy one which is not. This replacement phone may be Free Software, or it may be non-Free. Free Software can be user-friendly software, yes, but it can also be user-hostile. Users won't use hostile Free software, but they won't use hostile closed source software, either. That's the free market at work.
The FSF's position here is akin to: "Buy open source toasters, so you can easily modify it if it's a design which spontaneously explodes!" No thanks--I'll just buy a different toaster.
I know everyone thinks this is nuts, but these people are the one who stand their ground and defend our freedom when it is almost crazy to do so. I admire them for pointing up obvious freedoms that people routinely give up.
Rather than telling me not to use iOS (which I think is probably the best overall package right now), FSF should build something better. I'd probably tolerate Android 2.x-level quality if it were actually secure (i.e. I pick my own root of trust for all services, which might be a server I own), and ideally could run modern Android apps in nice little partitions. Neither Apple nor Google is really committed to building something like that, and I doubt Microsoft or Blackberry will, either.
Wait, what? You can't coordinate a protest on WP7/8 (or with dumbphones)? Why?
And what's so bad about the camera flash on Android phones (or is it unpopular in Syria)? This comment sounds like a bad advertisement, and is completely meaningless.
Did they just jump the gun and issue a statement on something they did not even touch? If fingerprints are network accessible is their main complaint, should they not wait till its out, check it and then issue a statement?
At some point this whole exercise gets rather silly. No matter how open and secure the phone is, there's the software that runs on the towers and in the telco system that tracks personably identifiable data and metadata.
The solution is simple, though: if you really want to make sure your mobile device isn't spying on you just don't use one. A bit inconvenient, but it's not the end of the world. Unless you're a mobile developer. ;)
I really hope that what gets stored and transmitted is a hash or some sort of meta-data generated using my fingerprint and not a scan of the actual print.
This made me curious, so I found things like this:
www.cse.unr.edu/~bebis/UdayFingerprint.pdf
and
www.csis.pace.edu/~ctappert/dps/IJCB2011/papers/200.pdf
The features themselves are somewhat of a hash of the image, and as quantizable elements, they could be further hashed.
the big majority of the people in this thread seems to lack the understanding that whats is really bad by this new wave of walled gardens created by apple, is not only about inly closed software anymore.. its against to let someone to decide by you what is good or not.. if they dont like something, or is politically incorrect, you will never have the chance to choose for yourself! im not talking about virus, and malware.. but political matters..
we got several problems with this approach.. one is the monopoly of one.. the centralization.. this is bad economically and politically .. since the bad guys the ones who have the apple in their pockets already could own whatever apple has..
the other big implication, something unnaceptable for me.. is the fact they can do whatever they want remotelly from their central with something that you bough with your own money and SHOULD BE YOURS, its your property.. you do whatever you want with it... do you wanna sell a music you bought to somebody else.. can you? can you choose a app with artistic nude , because its your choice??
its not just about now, its about the future.. its about the freedom of the future generations.. i think all of this moves from any company ridiculous.. and by paying for this you are paying for the society failure in stand against something will take our liberties away..
its a pretty phone with a big trap inside of it... corporations are taking a ground they should not trespass
and the problem is that others big companies just follow..
dont worry, they are your friends.. they will protect you!
while this community in 100% in terms of technology wisdom , its visible the lack of critical thinking of so many people is this thread.. its pretty sad
No, iOS is based on Darwin (which is free), which is partially based on NeXTSTEP, which in turn was partially based on a mix of the Mach microkernel and BSD4 userland. There’s no telling how much BSD code is actually part of iOS, but stating that ‘iOS is based on BSD’ is like stating that humans are based on fish.
Amit Singh[1] created a good presentation[2] about OS X’s innards. That was back in 2006, when OS X contained more NeXTSTEP code than it does now. According to him, the OS X kernel contained 25% BSD code at that time.
A good example to bring up when picking a license. Would the author of a software package be happy having apple using the software, but never receive any attributions back. If the software is good, the CEO of apple get the praise, and the author get forgotten. If its bad, you get the bug reports.
We all here know that iOS is built on BSD, but how many can name a single author of that code? How many know the author of the linux kernel?
How many people know anyone besides Linus Torvalds? FreeBSD for example is a project that was co-founded by Jordan Hubbard, who incidentally also worked at Apple for a long time on OS X...
So named a single author, as requested. Linus may be known better, but when you are practically synonymous with badly behaved/child like/tantrum throwing behaviour you may want to rethink why you are well known...
I believe both sides have valid arguments depending on who you think the threat is. If you expect complete control over your data then you would want the system to be open source and transparent. To protect an average smartphone user from malicious apps, a closed and curated system like Apple's appstore makes sense.
The FSF folks always come off as little more than crotchety old men. Right or wrong, their message obviously isn't being heard or perhaps few people actually care. People vote with their wallets, may e it's time the FSF evaluates their approach as they are completely ineffectual.
They'll be heard only by those who choose to hear them. It's pretty difficult to explain to a layman why they should value free over proprietary software, because most of the benefits aren't really noticeable to the average user who just sees a shiny GUI that does things.
Not to mention the major players are doing a fine job of keeping people in a matrix, unaware of the alternatives. But really, most don't care. Perhaps if the public school system started using *nix in their curriculum, but with Microsoft funneling cash (like they did with the University of Waterloo and C#) that's unlikely.
... or maybe it's time for the people should stop voting with their wallets and start listing. Then maybe their message would be heard and more people would start to care about what they are saying and realize that they ARE actually right.
> We can't imagine a more hostile reaction to the wave of privacy concerns sweeping the world right now than debuting a proprietary, network-accessible fingerprint scanner as your new 'feature'.
And serious failure on facts. iPhone is not the first phone to have fingerprint scanner, and "network-accessible" is false is Apple is telling the truth. Unless FSF know better than Apple.
Why is this the big deal? Apple stands for everything that the FSF fights against. Same goes for Microsoft and all the usual others. Just the usual statement in case you didn't know already.
This is backed by hard data on malicious attacks from the Dept. of Homeland Security and the FBI. 79% occurred on Android, and just 0.7% on iPhone.
I'm also 100% positive this will have no effect on the reasoning of the FSF.
Source: http://www.bbc.co.uk/news/technology-23863495