Originally published at: https://boingboing.net/2018/06/21/digital-enclosure.html
Originally published at: https://boingboing.net/2018/06/21/digital-enclosure.html
Android does not come with the usual Linux userspace tools. i.e. The GNU part of GNU/Linux.
tl;dr It wasn’t greed, it was fear.
The intent of free software proponents was to be every bit as compulsory as the “markets” are. Licenses like the GPL forbid anyone from distributing other software that incorporates the licensed work except under the terms of the same license. Many, perhaps most, programmers who were interested in freely available software rejected that notion, as did the companies they worked for, because using such licensed software was just asking for a lawsuit.
For example, a lot of software is written for embedded systems, used for controlling hardware devices. Under the GPL, device manufacturers would have to keep track of exactly what versions of free programs, with what modifications, went into the device, and be prepared to provide that exact version of the device software for years afterwards. Now imagine doing that for automobiles, which themselves aggregate many other smart devices, from many different suppliers.
The attraction of Open Source, or licenses like Apache and BSD, was that it made available a great deal of software that programmers could use to get their work done without having to deal with the redistribution requirements and restrictions of Free Software.
Imagine knowing what exact software went into shipped devices that could literally kill their users if something goes wrong…
Software development is changing as more and more code is opened and part of the standard starting code base. Open source community needs to get policy changes in place to handle the data AI is built on and make it so you can’t have strategic openness or closeness with this data.
That’s not true. from the moment the iphone launched, Apple intended to have an app store for it but the SDK was not ready for the first year. Jobs’s obsession with secrecy and his tendency as a marketer to sell even the most interim, certain-to-be-obsolescent-in-a-year thing as the greatest invention since sliced bread obscured the facts at the time. But if you listen to his interview with All Things D (done after the Iphone announcement and before it went on sale), with hindsight, it’s clear that an SDK was in the works.
You know, I am getting really sick and tired of tech industry pundits expounding on the unique importance of software to life, the universe, and everything. I have a corollary to Sinclair’s law. Just as “It is difficult to get a man to understand something, when his salary depends upon his not understanding it,” so too, it is certain that a tech nerd’s estimation of the importance of software by far exceeds anything like its actual importance.
I’m my career as a developer, anything GPL has been treated like a cancer to be avoided at all costs.
Imagine hordes of lawyers hiring programmers to look for flaws in software so that they can file class-action lawsuits.
In a sense, this is the same thing that “GMO labeling” advocates want. They say “imagine knowing what exact ingredients go into the food you eat.” But food contains ingredients that contains ingredients that contains ingredients (ad infinitum, or maybe ad nauseum). So in practice, GMO labeling would be used to hound companies into not using GMOs at all, because those same hordes of lawyers would find someone in the supply chain that had used GMOs and whose labels hadn’t made it to the final product.
It’s totally different for a company to be able to provide the source for every bits of software in their devices than to make these software open-source and their production process transparent. It’s the same in the food industry. They may not announce it and expose it on their labels, but food producers knowns pretty well what goes inside their products. I’m no expert, but I’m pretty sure food producers have much more legal responsibilities and control over what goes into their products than most softwares companies.
Oh noes these terrible “markets” let’s get some central planning to the rescue! Wasn’t GPL an attempt to use copyright law to effectively kill copyright? It never seemed like an idea offered in good faith. Better to focus on undoing the ridiculous retroactive copyright extensions (Mickey Mouse UNprotection act, anyone?).
So, yeah, much better to keep those liabilities secret then and wait until people start getting killed before filing the lawsuits.
It can be a little difficult to grasp the issues that were extant when the need for protected free software became apparent. This was back when all a software developer who wanted to build and make something free had was the public domain - no protection at all.
Free Software released into the public domain initially is Free, and perhaps some who modify the software choose to place their work into the public domain as well. However, over time, some entities will choose to proprietarize their modified versions. The public domain body of software feeds the proprietary software. The public commons disappears, because fewer and fewer entities have an incentive to contribute back to the commons. They know that any of their competitors can proprietarize their enhancements. Over time, almost no interesting work is left in the public domain, because nearly all new work is done by proprietarization.
I fail to see how it is much of a problem.
It is the job of corporate lawyers to protect their company from potential problems. They are understandably reluctant to offer up the rope with which they will be hanged. Furthermore, while “security through obscurity” gets derided on nerd forums, enough hacks have been accomplished through exploits in open source to discredit the notion that “many eyes” will make programs secure.
Because you’ve done it yourself?
If anyone claims their program is “secure”, ie. invulnerable, then they’re either dumb or lying.
The claim is that OSS programs are more secure, because they’ve been vetted publicly, and this is about the best we can do. Of course there will always be exploits for open or closed source, but that’s not a good argument for keeping the code secret.
In every industry I know, it’s SOP to keep track of what you put in the stuff you sell.
Maintaining a database associating devices with their software, version and all, is almost trivial, especially since the information is necessarily available during production, so it can be automated rather straightforwardly.
So, no, I don’t see how much of a problem it’s supposed to be.
That sounds like exactly the sort of tedious, but quite amenable to automation, diligence that you would really, really, want from your embedded systems vendor; even more so from the manufacturer of a safety critical mass of moving parts and firmware, regardless of your position on software licensing.
GPL 2 compliance only requires 3 years of availability after binary distribution; and the idea of an embedded systems vendor not knowing what’s in their firmware in 3 years or less is more than a trifle alarming. Probably helps explain why embedded systems are as…robust and secure…as they are; but that’s not exactly an endorsement.
For something like a vehicle attention to detail and traceability is also valuable (even if you don’t find the savings on the supply chain side to be worth it; detecting parts failing prematurely and being able to recall affected units without recalling all units are nice perks; which occasionally come in rather handy in cases like the ‘some airbags may feature anti-personnel fragments’ incident).
Given the severe security and reliability issues arising from software problems “we don’t actually know what we were doing 3 years ago” is not what you want to hear from a vendor where ‘support’ is part of the equation; while the ‘we just shovel it out the door as soon as it compiles, feel the savings!’ crowd isn’t likely to be held to the same standards; but the GPL doesn’t require clean, sane, non-awful source; so just dumping a snapshot of whatever hideous state things were in just before you compiled the release binary on GitHub qualifies as compliance.
I certainly respect the rights of the developers of BSD, MIT, WTFPL, etc. software to do as they see fit with their work; but I would(if I had the knowledge and the option) run screaming from anyone whose reason for GPL avoidance a strong disinterest in(or known incapacity for) doing relatively basic traceability and record keeping stuff while manufacturing software, not exactly a good known for its simplicity, ready comprehension, and tolerance of operator error and ad-hoc procedural tweaks.
This topic was automatically closed after 5 days. New replies are no longer allowed.