Lots of folks probably don't know who the Gnuru is (Richard Stallman). The dude who's code has been in every open source operating system since before most of the noobs running around musing themselves with nonsense rhetoric about why close source programs make sense for anyone besides the people who make money off of it. This man has been talking himself half to death trying to carefully explain very simple reasons why closed source programs do not benefit users; and of course his argument extends beyond security and into the realms of civil liberties and privacy.
Essentially Stallman's position is that close source non-open and free software has malicious features in them - these claims are not those of a man who has lost his mind or is being overly paranoid. People will think that maybe because they are deluded by his capability as a reverse engineer - I have no such delusions about his skill; pretty sure he can reverse engineer the shit outta anything; pretty sure he has been doing that for a while now; pretty sure I have nothing to teach him about this craft; pretty sure most of the people who are reverse engineering things today do as well. Why does he say these things? Saying MacOS and Flash has malicious features- because they do! The chief malicious feature is that they limit the user's ability to understand their own software and control who it is run. Essentially any claim I make about your non-open software is completely unprovable (under the laws of proof) if you cannot control and change the software for yourself. The special property of software is that unless you can control the instructions you have no means to claim what they are or will be. So saying a piece of software does something; while you are not able to test whether it does or does not - immediately makes you a liar. Further more; it must an even more profound evil to force this on other people while claiming things they must just believe about their software - and then even more profoundly making sure you cannot be blamed when those claims are shown under proof and demonstration to be completely wrong.
User Blame Theory
One on hand security folks proudly claim how well they can reverse engineer things; how their amazing intellect allows them to introspect software and divine profound mind blowing truths about it and then save the innocent masses from their security flaws (I have been amongst these ranks for years now). On the other they want to make sure the users cannot do that for themselves and worship the close source software in its non-openness (I have never been in these ranks ever - or tried very hard to make sure I am not); this makes absolutely no sense to me. If understanding software helps security for security engineers how can it be bad for users?
Well very simply because of another disgusting culture in security - user blame theory. Essentially :
"the user/developers are so stupid because they do this and that; they get the security wrong"
Some security folks still seem to think its cute to blame user's for choosing bad passwords; configuring software incorrectly and being a wrong user - when they are in fact only using the software according to how its designed. Some security folks still think user's are stupid for not understanding software - I think they are stupid for thinking their stupidity is not due to the stupidity of software design. Most notably a design that disallows user's from understanding and changing software according to how they want it to run - instead of imposing the way they postulate it should run on a computer they have absolutely no information about that runs on a non-deterministic operating system. I mean it is two fold unknowable - on one hand its not an operating system they are running, and two by an unshakable theoretical property of operating systems - they are non-deterministic entirely.
You might not know what non-determinism is; essentially it means it is impossible to predict or claim you know (given the state of a system is at a given time) what it will be in future. Of course in a theory of computation course you will study non-determinstic automata until they come out of your ears (I am still haunted by the epsilon in my dreams - just kidding I loved the study of non-determinism it was like a cheat code for making an automata work for anything lol MORE BRANCHES FOR THE EPSILONS)
The "neo-Nietzschian"* decadence of choice
Not allowing user's to change and fully understand their software is profoundly wrong - essentially because everyone is always making empty claims about how their software works. Even when you choose an operating system you choose it about what was postulated or claimed to you (or under the claims you have made) about the contents of the source code. Or alternatively completely other nonsense equally useless in helping you properly choose the one that most suits you. Now if that is true you choose based on what you hope or can claim is in the source code; does that stop after you have now chosen the one you want? Should the process of choosing things in the software you have chosen not continue when you use it? When it is updated? I claim when you are using the software it is in fact an entire practice of choosing based on postulations of the source code! Clicking buttons; listening to sounds and setting settings - happens sensibly because you can hope it is given accurate representation in the deeper levels of the software. It is only that in closed source non-open and free software that this postulation decays in to complete guess work, and not only that - it is forced on users to suffer unchallengeably!
*seemed like a cool enough sounding term that reflects the frustration and rage in in the cynicism of my writing - while playing also on the nietzchian idea of empty ritual decadence.
In Conclusion ... for now
In open and free software your ability to claim based on the truths of the software follows so deeply that it allows you to choose the very instructions of the software itself! What on earth could make more sense? Not only does the user have a practical awareness of the weaknesses of their subjective view of the software - it means actually the logical connection between action and re-action in the software is not entirely correlative and potentially complete coincidence - the reality of not being able to understand and control the software means all reasoning and logic is entirely correlative! What his means is when you click a button; what happens next you even if it makes sense as a response to the button is a pure correlation and not a causation! People just think it is - but if there is no means to strictly establish it as causation there is then no sensical way to claim it is anything other than pure correlation - unless I miss understand something here about how logic works. We see direct exploitation of the pure correlative reasoning users suffer from in exploits like click jacking and basically the entire malware/ransomeware industry.
But anyway I hope that gave you folks enough to think about; hopefully you gained a means to interact withy our software in a little more sober minded non-ideologically hypnotized way ;)
Comments
Post a Comment