Why is the ability to independently verify source code in software or hardware required?
Supporters of Free/Libre software often emphasize the benefit of being able to verify code. Why is this a big deal? Why is it a big deal now?
A key benefit of Free/Libre Open Source software and hardware is that you don’t have to trust the man behind the curtain swearing The Great Oz is, in fact, great. You don’t have to trust. You can verify.
In a closed source world, I may trust one company, for instance. I may trust another company, generally, but less. I may (or may not) trust a third company. You may trust different companies’ business models, ethics or values along a continuum. Who’s right? Who’s wrong? Who knows?
Wouldn’t it be great if, instead of figuring which of the three is less bad, I (and other vast pools of individuals with expertise working together) had a way to know if something they said was actually something they did? Wouldn’t it be great if, companies know that any hidden backdoors compromising most of their users true interests would be exposed, so they’d be less inclined to consider leaving them in the lurch? Software that is open source (or Free, Libre or Free/Libre (loosely, synonyms)) does exactly that. It allows everyone to verify everyone else’s work to make sure it does what it says it does. By relying on each other and themselves, instead of marketing or PR.
We all know now, that there’s more software burned into the ROM of a thermostat than those Apollo guys used to get to Venus. What’s in that?
Few gave it much thought since until recently, there wasn’t much information collected. It wasn’t linked. There weren’t techniques to parse it into anything useful. Now there is. That’s what the popular press refers to with “Big Data”. There’s really cool stuff we can do. There’s a lot of really bad stuff we can do. Most of us don’t. When the Snowden archive hit, we – those paying attention, at least – collectively realized our worst-case “bad” was so much more benign than what has actually been going on.
In the tech field, what a few do today, more will do tomorrow and nearly everyone will be doing next week. Even if you trust intelligence agency bureaucracies – yours or others – to not spy too much on you, your family and your friends, it’s not “just” them. It’s those that will follow that will also be able to spy on you and yours using similar techniques, for much cheaper.
These techniques and layers of software & hardware complication are going to vastly increase, not decrease. That ship’s sailed. We can’t change that. And honestly, most people want the benefits these changes bring.
So, what can we control? Verifying our software (Richard Stallman started raising this issue back in 1983). Verifying our hardware (we only recently figured out a way to make this possible for laptops about a year ago). We have a roadmap to get it all verified (the last, most complicated part concerns the CPU and how it talks to the motherboard, which we’re making progress on).
It’s this ability to verify not only the software but also the hardware, that is a really big deal. Beyond legions of crowds of people reviewing the code, just the potential of this is enough to keep the hardware and software manufacturers relatively honest. We no longer have to take the Great Oz’s word for it, we can verify. Everyone can verify Purism products in unparalleled ways – that they cannot do with Win/Tel, Google or Apple – because finally, both software and hardware are F/LOSS.
So. That’s why being able to independently verify claims made about software and hardware is both really important and is something that we created Purism to be able to do. So all of us working together can trust each other. Without having to close our eyes and leap, using blind faith. It’s a claim that no matter how much you may trust Apple, Google, Microsoft, Sony or Lenovo, none of these other companies can make.
Join us. Working together is the only way we will truly protect ourselves.