[pp.int.general] Significance of use of Free and proprietary software in a political context

Per von Zweigbergk per.von.zweigbergk at piratpartiet.se
Sun Feb 1 11:50:43 CET 2009

1 feb 2009 kl. 07.30 skrev Richard M Stallman:

>    True, but I happen not to believe that proprietary software equals
>    subjugation,
> Proprietary software keeps the users divided, or helpless, most often
> both.  Divided because they are forbidden to share it.

I agree that proprietary software keeps users divided, and at least  
the copyright reform that the Pirate Party of Sweden wants to put into  
place fixes that by allowing the duplication of any program for non- 
commercial purposes, and outlaws the use of DRM software.

> Helpless because they can't have the source code, so they can't  
> change it, or check it for
> malicious features or bugs.
> This helplessness allows the developer to engage in nasty practices
> you objected to, and others as well, such as spyware and back doors.
> While DRM is at least visible -- you can see that the program refuses
> to do what you ask for -- spyware and back doors can easily pass
> undetected.

It's entirely possible to have a program that whose source code is  
plainly visible which performs some kind of malicious task, whose  
malicious behavior can be explained away by an unintentional bug.

It's possible that as a programmer you know about the Underhanded C  
contest. If not, you should take a look at http://underhanded.xcott.com/?page_id=9 
  which contains the 2007 winners which you'd probably find amusing if  
you haven't seen them already. It's actually a bunch of very clever  
hacks and abuses of C and they can all be explained away as  
unintentional bugs. (Who knows, the next bug of the impact of the  
infamous Debian OpenSSL bug might actually be intentionally malicious.)

That's esoteric though. A much more common phenomenon: use Google to  
search for something like Firefox, and you're bound to find a few  
"unofficial" download sites which bundle all sorts of malware. After  
all most users are just that -- users. They run their Windows Vista or  
XP (well, most of them do), and when they want a better web browser,  
they fire up their Internet Explorer 7, use a web search engine to  
find a copy of Mozilla Firefox which is distributed not as source  
code, but as a pre-built binary which might contain all manner of  
spyware goodness.

And you can't really use copyright law to get to these people either,  
because either what they're doing is permissible under the GPL, or  
because they're criminals anyway. A spammer, phisher or other kind of  
fraudster probably doesn't care if he happens to step on copyright law  
while committing his crimes.

In fact, even most users of a GNU/Linux distribution, like Ubuntu or  
Fedora, use pre-built binary packages, and I vaguely recall incidents  
of repository poisoning with malicious binaries. (This is made harder  
now that GnuPG signatures are commonly used to sign binaries.)

In the end, it's all a matter of trust. Do you trust the guy who built  
your binaries? If you don't, it doesn't really matter if the source  
code is available or not. You have no way of knowing whether the code  
is built from that particular code. (To be sure, you'd have to build  
it yourself, which kinda defeats the purpose.)

And do you trust that whoever gave you that copy of the source code  
didn't include any nasty surprises? I certainly haven't read every  
single line of code on my machine, and I probably couldn't unless I  
ran something like Minix and only used it to run some very basic  
software. (A modern web browser would be right out unthinkable.)

And many people (I'm certainly not one of them) would place more trust  
in a company like Apple, Microsoft, Skype or Adobe not to futz with  
their software than they would in the contributors to Free Software  
counterparts. People have a tendency to look gift horses in the mouth  
-- that gift horse might be a trojan horse, and sometimes is in the  
case of gratis proprietary software.

To summarize, the helplessness doesn't magically go away with Free  
Software. Not everybody is a programmer, and even a programmer can't  
be expected to have read every single line of every piece of software  
they use. In the end you still end up trusting *somebody* to know what  
that dang software does, whether it's proprietary software or Free  

And in terms of malicious behavior, it's often easier to determine  
that a program is doing something bad by examining what it does, not  
how it does it. That's how anti-virus software makers everywhere work,  
whether they're ClamAV or Symantec.

When it comes to making changes to software -- I agree. That's a  
limitation of proprietary software. But if a user is perfectly fine  
with how their proprietary software operates as it is, they aren't  
necessarily helpless because they can't change it. But as long as the  
software is interoperable with a Free alternative, they can switch to  
that and change it instead.

In the end, I believe the greater helplessness is in not having any  
software available to do what you want to do *at all*. If you're were  
a musician a few years ago, and you want to write music scores, you  
could either use a proprietary program like Sibelius or Finale, or  
you'd have to get out a pen and paper to do your actual composing and  
then use something like LaTeX with Lilypond to typeset it. (That's  
changing now, with the MuseScore project.)

Same thing -- if you want to edit video on your computer, you can  
either use something proprietary like Apple's iMovie, or you can try  
to use one of the Free Software alternatives. At least a few years ago  
(when I last investigated editing video with Free Software) the Free  
alternatives were simply not there. I haven't investigated this very  
recently though, but I'd be pleasantly very surprised if Free video  
editing software has reached the functionality of some of the better  
proprietary video editing software.

> The existence of a free program you could use instead does make a
> difference: it gives you the option of rejecting the proprietary
> program.
> such as secret formats, DRN, etc.

Yes, that's exactly my point. Free Software *does* make a difference.  
It holds everyone to a high standard of not just openness and  
interoperability, but also *functionality* which in the end is a good  
thing for everyone except those that would want to have a monopoly on  
their software.

Finally, don't get me wrong. I think Free Software is a great idea. I  
use Free Software, and use the fact that the software is Free as a  
major factor in deciding what software to use for a task. When  
recommending software, I'll recommend a Free alternative unless  
there's a good reason that a proprietary program would work better for  
what they need to do. And even then I'll also mention a Free  
alternative if one exists.

I just don't share the view that users should reject proprietary  
software when it's the better tool (or even the only tool) for a  
particular task.

Per von Zweigbergk

VARNING: E-post till och från Sverige, eller som passerar servrar i  
Sverige, avlyssnas av Försvarets Radioanstalt, FRA.
WARNING: E-mail to and from Sweden, or via servers in Sweden, is  
intercepted by the Swedish National Defense Radio Establishment.

More information about the pp.international.general mailing list