Hacker News new | ask | show | jobs
by zepto 3771 days ago
I understand the general argument about transparency - without it you have to trust the person who holds hidden component.

The false premise here is that any argument that can be applied against free software can be applied more strongly to non-free software. Here are two contradictions to that:

1. The resources dedicated to securing non-free software may be far greater than those dedicated to free software because of the business interests in maintaining security. Google has done a lot to improve the security of a variety of open source projects, but only because they form part of a non-free core that would otherwise be compromised. The same holds true for Apple albeit to a lesser extent.

2. A free system can much more easily be compromised by the injection of cloaked vulnerabilities by actors such as the NSA.

You actually haven't shown anything. You have simply stated that transparency trumps everything else. This is false. Transparency simply diffuses the trust model.

More importantly, as I keep saying, nobody has ever produced a transparent system that can be substituted for Apple's system. Until they do, these arguments that a theoretical alternative would be better are imaginary. If it was as simple as you suggest, why hasn't it been done, or at least demonstrated?
2 comments
pixl97 3771 days ago
>2. A free system can much more easily be compromised by the injection of cloaked vulnerabilities by actors such as the NSA.

I can't see how that is possibly the case. With a non free system the NSA just has to show up with a national security letter and a gag order and the system is compromised.

With the free system the NSA has to push, or get a submitter to push an update that gets missed by anybody that looks at the code.

link
mikegerwitz 3771 days ago
> The resources dedicated to securing non-free software may be far greater than those dedicated to free software because of the business interests in maintaining security.

My argument is about confidence---you cannot trust a system that you do not have confidence in.

Yes, a proprietary system may have had much more development and research. But that doesn't make it "better". With a free system---even if it's more poorly designed---you gain confidence in being able to observe _exactly_ what it does, faults and all. You know what to expect, and what not to; that's far more important than not knowing either of those.

Further, the general recommendation among cryptographers and security experts is to use public algorithms that have been torn apart by cryptanalysts for years---all security should be in the key, for example, _not_ secrets in the implementation.

> Google has done a lot to improve the security of a variety of open source projects, but only because they form part of a non-free core that would otherwise be compromised. The same holds true for Apple albeit to a lesser extent.

This is security through obscurity, and is antithetical to actual security.

> A free system can much more easily be compromised by the injection of cloaked vulnerabilities by actors such as the NSA.

I don't follow. This is one of those situations where you _always_ have more transparency in a free system than a proprietary one---you are able to see _every_ patch that makes it into the system. That doesn't mean that you'll catch everything, but you have the opportunity to do so. And not just you---everyone.

> You actually haven't shown anything. You have simply stated that transparency trumps everything else. This is false. Transparency simply diffuses the trust model.

You cannot have confidence in an opaque system.

> More importantly, as I keep saying, nobody has ever produced a transparent system that can be substituted for Apple's system. Until they do, these arguments that a theoretical alternative would be better are imaginary. If it was as simple as you suggest, why hasn't it been done, or at least demonstrated?

Which system, in particular?

Apple's system should not be used and cannot be trusted---it is proprietary and designed to control the user in countless ways. Apple may take measures to protect their users' privacy and data, but ultimately, users are at Apple's mercy, and Apple has the final say in everything. Apple is historically one of the most opaque, secretive tech companies in existence.

So any free system is an improvement over Apple's.

link
zepto 3771 days ago
"Any free system is an improvement over Apple's"

It's hard to take that seriously.

I challenge you to name a single such system. It should be trivial since the class is so large.

link
mikegerwitz 3770 days ago
This is simply by default, from both a free software and security perspective. I've made my security point already.

What is your argument in favor of Apple, specifically?

From a free software perspective, no non-free program is ever better than a free alternative, even if that alternative is poor, because it robs you of your freedoms.

link
zepto 3770 days ago
Right - I can see that's the belief you hold.

The part that I disagree with is the 'even if the alternative is poor'.

I understand that tolerating non-free software could be seen as moving us further away from a world where free software is the norm, but I also disagree with this.

You are arguing against Apple when the problem you are actually facing is a failure of the free software ecosystem to produce a viable alternative.

From an ideological perspective I would prefer free software too. My argument 'in favor of Apple' isn't really in support of Apple. It is against trying to tear down the current best option in favor of an alternative that doesn't exist.

There is a real fight going on right now, and favoring the government over Apple in this because you prefer free software seems like an extemely counterproductive move.

A free alternative can just as easily be outlawed as the non-free ones can. What matters is the legal and social precedents.

link
mikegerwitz 3770 days ago
> favoring the government over Apple in this because you prefer free software seems like an extemely counterproductive move.

I'm not sure where you got that impression. I apologize if I was unclear.

It's essential that Apple fight this order, and essential that everyone do everything they can to ensure that this precedent is not allowed.

My comments were about the OP's comments about tradeoff between freedom and security.

As I summarized elsewhere:

https://social.mikegerwitz.com/notice/6552

We shouldn't agree with Apple's position on many things.

But it is _essential_ that this precedent---government-mandated backdoors---not be allowed. The stage on which we fight the crypto wars is shared by what would be our enemies in many other respects. So yes, we should choose our own shoes: we can stand with Apple in resisting this order while at the same time standing _against_ them for all of their other evils. This issue does not somehow legitimize all of their other evils.

link
zepto 3770 days ago
Thanks for the clarification - it does help.

However I still disagree with you on the point of standing against Apple for their 'evils'.

Apple is simply exercising their freedom. I agree that there may be better ways of doing things, but the failure of free software to produce these alternatives is nothing to do with Apple.

If anything, I'd say that standing 'against' Apple, works against the cause of producing a free alternative because it focuses people's attention on misplaced anger towards Apple, rather than on the constructive effort needed to build what is required.

I find it hard to see how someone reconciles a belief in freedom with an agenda that involves standing against Apple.

link