Posts Tagged ‘free software’

Announcing libestream

May 10, 2013

Block ciphers, like AES, are not the best thing around for secure communication, for they require an mode of operation in order to be properly used — which adds complexity, thus is itself a source of problems, see, for instance, the BEAST attack. Also, block ciphers are designed with reversibility guarantees that makes their execution cost very high compared to specialized solutions for communication: the stream ciphers.

But the only stream cipher algorithm in widespread adoption by 2013, called RC4, is old and broken in many ways. Due to its weakness, WEP WiFi protection is broken. While many cryptosystems relies on it for security, RC4’s shortcomings are rendering these systems increasingly fragile, specially due to its recent surge of popularity when people could not count on AES on SSL anymore due to BEAST attack, exposing RC4 to even more cryptanalysis.

To offer an alternative to RC4, European Union’s ECRYPT launched the eSTREAM project in create/find, analyze and select the next generation of stream ciphers suitable for widespread adoption. The project was concluded in 2008 and recommended 4 stream cipher algorithms suitable to be implemented efficiently in software: HC-128, Rabbit, Salsa20/12 and Sosemanuk.

Despite the time since initial publication of eSTREAM, their adoption goes at very slow pace, with very few implementations besides the reference one. In a modest attempt to encourage the adoption and facilitate the usage of these algorithms, I have developed libestream. It is a free pure C library featuring all the eSTREAM software profile algorithms written from ground up based on the specifications. It provides a clean interface directly to the algorithms output and a more general interface that buffers their outputs and apply sequentially to stream chunks of any size.

It also features, for sake of completeness, a partial implementation of UMAC, a message authentication code (MAC) algorithm, that together with any of the ciphers are sufficient to sign/authenticate the chunks of (or the whole of it) encrypted stream, considering that stream ciphered messages should not be transmitted without a secure authentication method.


The Cost of Free Software

October 6, 2010

So you have heard of free software? The kind of software you can download and use for free, like Linux and Firefox… Well, maybe you even heard that the software is free not because of its price (or lack of it), but because of the freedoms they allow, that is why some call them Software Libre, libre as in liberty.

If so, then have you ever thought about the cost of free software? I am not talking about price, the fee you pay to get your hands on a copy, I am talking about cost: the resources consumed so that software could be built. From resources it is easy to think about money, because it is the most generic form of resource invented in our society. Closely tied to money, there is another, most precious, resource: time. I dare to say that time is much more precious than money, because with time you can make money, so working for some hours is worth some dollars, but the inverse is not always the true. With money you can speed-up the building of a bridge, but there is a limit on how much this speed-up can be achieved with money, and with exponentially more money you can only speed-up the building linearly, saving you much less time than the money you spent. This is not the worst case: no money at all can bring back the weekend you missed far from your family while working for money, thus I may say that time is the most precious resource available.

So, what does it take to build free software? Well, pretty much what takes to build any software. First, it requires highly specialized professionals, that takes years to train in a painful process full of math, super complicated codes, languages and stunning logical puzzles. Well, it is so from the standpoint of most people, i.e. it is not so painful for the software developers, because they like it. The fact the developers like to be developers does not change the fact that it is not everybody that can stand their training, making these professionals a rare resource by themselves.

Secondly, it requires time. Only someone who has seen ten thousand lines of source code can have a glimpse of how complicated and time-consuming it is to build a software. It is a manual art, with each line of code requiring attention and care. I compare programming to any craftsmanship, like carpentry or masonry, that can take very big proportions, depending of the software being built. An average software takes pretty much the same numbers of workers and the same time to be built as an average building. The care needed in laying each brick manually is the same care needed to write each line of code. Give not the needed care, and we have bad buildings and bad software, if at all.

Summing up the time and work needed to build a software, we end up with very expensive products. Buildings have another cost software usually does not have: the materials (the cost of a computer is irrelevant if compared to the cost of the programmers), but on the other way, given the social injustice and the complexity involved in programming, it is far more easy to find qualified construction workers than qualified programmers. Since some nature law states that what is rarer is more expensive, getting workers for a software is very expensive.

That brings the question: if it is so expensive, where do the resources needed for developing free software come from, since I do not pay for it? For large and important free software projects, it is easy to answer: Linux is base for dozens of other system and products of very large corporations, so they pay full-time developers to work exclusively on Linux. Java is a core technology inside Oracle’s business model, so most of the effort in improving Java comes from them. This development model is the so-called Open Source, where the costs of developing a software is shared among business and individuals interested in it, by making and maintaining that software free.

Now we must not forget the force of great importance pushing forward the free software, the same force that made Linux prominent: the individuals. We would not have free software as we do today if it were not for the contribution of uncountable individual programmers, who spent their spare time working for no money in software, just for the fun of doing so. Many of these programmers are not concerned about ideology or economics of free software, and they do not develop free software for anyone but themselves. Even those individuals programmers need to eat, so many of them have full-time jobs, completely unrelated to their work on free software, that they use to pay the bills. As a hobby, they create free software.

These schemes of funding, both the corporate and individual, brings a disadvantage to free software in general: it is too developer-centric. In one side, we have corporate creating consumer goods using free software, being theses goods themselves not free, so there is no interest at all in making the free software friendly for the general public. In the other side, we have individual programmers developing for themselves, what, obviously, will not result in friendly software as well. As general rule, free software is not friendly for non-computer geeks. Some people try to overcome this limitation, like Canonical with Ubuntu. Although successful, it is not as successful as we would like it to be. Others truly were able to overcome this limitation, like Mozilla Foundation with Firefox. How? If you ask me, I would say that it is because that their founding is directly tied with the number of users of Firefox, using Google services through it, giving Mozilla some revenue.

So, the funding scheme of free software leaves it with a fundamental flaw, a flaw that disable us of gaining critical mass: end-users have no voice. Free software is not created for them, and if they do not want to use it, fine, go pay for Windows. To overcome this flaw, we could try to involve the end-user into the development process, and Ubuntu was able to do it at some extent, but it is a painful process, too. Since end-user has very little to contribute in practice to the development of the software, there is no incentive for them to take part in it, nor to the technical community to welcome them.

How to solve this problem? How can a non-programmer users be made an active and important part of the free software development process, as they are in non-free software? Well, I am not completely sure, but I have some ideas. Me and some friends are working on it, so far it is called Project Alvarium, and we hope to deliver something some day, preferably soon…

Para que serve o software?

August 12, 2010

Atualização: O nome desse post faz com que algumas pessoas cheguem até aqui procurando por uma explicação mais objetiva do propósito de um software, e não a baboseira pseudo-filosófica que constituem o resto desse post; se você for um desses, por favor tente este outro post: Para que realmente serve o software?

De alguma postagem que eu fiz em algum fórum a muito tempo atrás… as alternativas são:

  1. Encher a barriga do programador.
  2. Ser pirateado.
  3. Fazer o computador funcionar.
  4. Facilitar a vida das pessoas.

Todas as alternativas têm seu fundo de verdade, mas prefiro acreditar que as primordiais são 3 e 4. Veja só, o software não foi inventado para deixar o Bill Gates rico, ele nada mais é do que o acessório maior do computador, que no final das contas foi feito para aumentar produtividade/facilitar o trabalho (depende de qual ponta você está enxergando). Daí tiramos a idéia básica de que software é uma ferramenta.

Analisemos as ferramentas em geral: alguém inventa uma ferramenta. Projeta, fabrica em série e vende. O preço final cobrado é, em sua maioria absoluta, o preço da matéria prima e dos custos de produção; o preço do projeto é um investimento cujo o retorno é completamente diluído no preço do produto final. Se você vende muito caro, alguém compra sua ferramenta, copia e vende mais barato (ou mesmo lê a sua patente, que é um documento publico).

Agora ao software: o único custo em se desenvolver o software é o “projeto” (em um sentido mais amplo, não “projeto de software”), pois o custo da produção em série é nulo, ou quase nulo. Software, em sua forma básica, não pode ser vendido, pois não é físico; uma cópia do software é vendida, e seu custo é ínfimo. É desse custo que deriva o preço do software pirata vendido nas ruas. Neste contexto, pela sua natureza especial como ferramenta, um software poderia ter alguma legislação própria, algo como alguma lei de propriedade intelectual específica que regulasse sua exploração por tempo determinado por seu fabricante.

Agora o que ocorre no mundo real. Software não tinha nenhuma regulação legal até que algum infeliz conseguiu inserí-lo na lei de “Copyright” estadunidense. A partir daí, da decisão de algum juiz estrangeiro que não ponderou as diferenças cruciais entre um software e uma obra literária qualquer, a idéia se espalhou pelo mundo e impregnou a nossa consciência: a lei de propriedade intelectual desenvolvida para obras literárias e artísticas também vale para software.

Começaram os abusos amparados pela lei: um software que tem um certo custo para ser produzido e mantido passou a ser vendido muitas vezes mais caro que o seu próprio custo, de modo que mesmo que 80% do software utilizado no mundo fosse pirata, o que foi pago já era suficiente para tornar os donos das empresas de software as pessoas mais ricas do mundo.

Bem, o software livre surgiu concomitante à aplicação da lei de direito autoral ao software: era um movimento dos desenvolvedores de software que viam o absurdo do que estava sendo feito: o software, ferramenta fundamental ao progresso da humanidade, sendo tratado de forma mesquinha para a criação de fortunas particulares, tudo isso amparado pela lei.

Chegamos no estágio que é hoje: as pessoas se esqueceram dos primórdios, a maioria nem tem idade para se lembrar ou não tomou conhecimento/deu a devida importância na época. É óbvio, está na cara, todos vemos que o modo de lucrar com software é patológico. A pirataria é estrutural, necessária e economicamente inexplicável. O software livre, que antes era restrito aos desenvolvedores mais antigos e não passava de birra, na última década contagiou usuários e novos desenvolvedores, na minha humilde opinião, como indicador social da falência do modelo econômico atual do software.

Planned Obsolescence and Linux — A Real Case

June 30, 2010

Today I had to repair my sister’s PC. After more than 5 years, its internal clock battery ran out and needed to be replaced. Looking at it now, it made me consider: why do most people would want (or need) a computer better than that?

From observation and interview, I found that this how my sister uses her computer: chatting in MSN Messenger, reading emails, web-browsing, social-networking, viewing photos, watching You Tube videos, storing photos from her camera, listening to music, video-chatting with Skype, reading and writing USB sticks and occasionally doing some homework with OpenOffice. To complement that, she could also sporadically use it to watch a DVD.

In the interview, I asked what she thinks about the speed of her computer. She said there is nothing remarkable about it. Compared to my laptop (not one year old), she says it is a little slower. I asked how much, in numbers, and she said: “about 10%”. When I was leaving, she gave me a bonus info: “the slowest is my father’s laptop on Windows”. That is the only computer in house with Windows, it has 1 GB of RAM and a dual processor AMD Turion X2, the first 64 bits in the house, bought in 2007.

Her computer is an AMD Sempron 2200+, with the bizarre RAM count of 640 MB. It dates from 2004 and until today suits all her needs. Some parts were replaced later, and it has an 80GB SATA hard disk, and a 15” LCD wide-screen monitor, but the main internal parts are the same. The cooling fan is hang on green yarn because the old fan was destroyed by dust and the new one is too big to match the screw holes.

As you can see, it can not be considered to be in its best conditions, but it is working very well. Also, I can not say its average failure rate is greater than a new computer, after all, fans are often the first part to be replaced. Fact is, most computers do not get old enough to have its internal parts replaced. These parts do not age fast enough so to age faster than the software they run, what demands the whole computer to be replaced.

This old computer had Microsoft Windows XP installed until 2 years ago, and no new Microsoft product could fit comfortably in it, due its low amount of memory for those days standards. One day it stopped working due to natural Windows worn out, a fact Windows users are familiar with, and believes to be normal, that requires periodical system reinstall. That time I did not reinstall Windows. Instead, I installed Ubuntu 8.04. Since that time, it had no more viruses and the performance did not start to decrease with time. It got through 3 on-line system wide upgrades and is now running Ubuntu 9.10.

As many already knows, Ubuntu is a zero-cost free-as-in-freedom open source and easy to use flavor of GNU/Linux operating system. It came by default with all the software my sister needed to perform the aforementioned tasks, and much more is available on-line. Everything free as in beer, most of them free as in freedom. She can click on every virus and bad site links she wants without getting infected. As long as she does not type her personal info in the bad sites, she is safe.

Then I had, inside home, the best illustration on how Windows and many proprietary software contribute to early obsolescence of computer hardware. None of newer versions of Windows can run in my sister’s computer. Newer Windows uses at least 15 GB of disk, while Ubuntu fits into a CD and installed uses no more than 5 GB, counting the default applications, that includes an office package. This size can increase if install too many programs, but you do not count applications as part of the system, do you?

There are some tasks, like gaming and playing HD movies that do require newer hardware, but that old hardware is perfectly capable of performing any task most of the people need. The only need for a bigger hardware is to run new Windows and its accompanying must-have anti-virus. The tasks people actually perform in their computers are irrelevant to the hardware, compared to the bogus operating systems over it. See, it is not the nature of computers to slowdown over time. They should keep the same speed while the usage pattern of the user is the same. Also, for a set of functionality available in a software, it’s newer versions must perform at least as well for this same set. This means that there is no acceptable reason for newer Excel to need more resources than the older Excel if you will use them in the same way.

The practice to make things seems older without they actually being old is called planned obsolescence, and it is a disgusting practice in view of sustainability, not to mention human quality of life. My sister’s keyboard is horribly dirty. It would take me about 2 hours to clean in completely. Considering a new keyboard costs less than 10 dollars and my specialised work hour may cost more than that, it is more worthy to buy a new keyboard. But I will not do that. I prefer to clean my keyboard, as new ones are only cheap because there are semi-slave workers in China building them for less than 10 dollars a month.

Why I Prefer GPL

June 28, 2010

A few days ago a discussion started on the MSL-TM mailing list about how we choose the license to use on Castaneum, a software project we are developing (at least, we should be developing).

The MSL-TM is a regional group (from Triângulo Mineiro) of people interested in the using and spreading of free software. I like to define free software as any software product that is patrimony of humanity, thus, every human being has the same rights over it. This is my definition, but there are many definitions of it, seen by many different perspective. The definition regarded as the official is the one given by the Free Software Foundation (FSF), the ones who created the term.

Castaneum is a software system aimed to ease control over who uses the computers from university’s library, that we, from MSL-TM, are developing as an effort to remove, or at least lessen, the use of Microsoft Windows in campus, what, I must say, at least 90% is pirated. I heard from the Data Processing Director himself that the university is overwhelmed by Windows viruses, and our highly restrictive firewall is to refrain the spreading of those viruses to the Internet.

I do not know who first choose to license the project under the GNU General Public License (GPL), but I do know that was me who confirmed this choice, when I submitted the first bit of code into the source code repository, and replaced the notice that said we would be using GPL with the license text itself. Some members of the group where not satisfied with the choice, what started the aforementioned discussion.

To summarize the problem (and those who are familiar with free software may be have heard about it), GPL was not free enough. Every written software is property of its author, due to the copyright law, existing in every country I know. For a software to be free, the author must grant some of its rights to everybody who can get the hands on the software, and the ordinary method of doing so is distributing the software under preëxisting free software license. The problem of GPL, a free software license written by the FSF, is that it prevents anyone who gets the software to changes the terms of how it can be distributed. For instance, if I get a software product and create some other software by modifying the original, what is perfectly OK, since it is free, I can only sell my resulting software under the same GPL terms I got the original. It would actually make my new software free, like the one I got. This kind of restriction is ironically called copyleft: while copyright restricts copying, copyleft ensures possibility of copying.

The voices against GPL says that it is a viral license, because every free software that derives something from a GPL’d software must become GPL’d, so it spread like a virus. These people usually prefer licenses like BSD-style and MIT-style. These free software licenses are much smaller and simple than GPL, and have the important distinction of allowing a software distributed under it to be licensed by another person under other license, provided that their little restrictions are met. The big and relevant practical effect is that one (lets say, Apple) may take a free software (lets say, FreeBSD), change it into something else (lets say, MacOS X) and sell it under its own restrictions, disallowing anyone to have the same rights one had when got the original free software. This practice is known as “closing” the software, what is not a very fortunate choice of words.

So far we have: use BSD if you do not mind having your software “closed” and sold by others. Use GPL if you do not want any “restrictive” software product to be derived from your own software. This later is often misinterpreted. Many do think that GPL will refrain others from selling a software, what is very wrong. Anyone can sell GPL’d software, provided that it continues to be GPL’d. The confusion is justifiable since the prevailing business model of software industry requires that, if a software is sold, the buying part is prohibited to copy and redistribute it. Otherwise, it would make no sense selling it at high prices when anyone could get a legal copy from someone who have bought it before. Obviously, GPL’d software is unsuitable to this business model, because it allows the buyer to redistribute the software freely.

BSD and less restrictive licenses are often used in free software projects supported and developed by big corporations, like Google’s Chromium, that is behind Chrome, Apple’s Darwin, that is behind MacOS X. It would allow them to benefit from the free workforce that can develop around a open source project — as described in The Cathedral and the Bazaar book — while giving them the possibility to use it in it’s own non-free products. The term open source can be regarded as the best methodology available on developing free software.

We can put the matter in another perspective: do you believe non-free software is immoral? If so, use GPL, otherwise, use BSD. This question may sound absurd for people outside free and open source community. One may say: “of course it is moral, it is perfectly legal under copyright law”. If so, I may fell tempted to question the morality of this law in regarding of software, and I am not the only one to do so.

I will not get into details on how copyright law got perverted in regard to artistic works, what somehow motivated the creation of Pirate Party and linked Creative Commons and free culture to free software. I will attain to utilitarian software, what every software, besides games, are.

It was a very dirty trick to fit software into the old copyright law, created to protect the rights of artists over their books, plays, paintings and music. The purpose of the law was to give incentive to authors of such artistic and cultural works to create more. Imagine you are a book writer, if anyone could publish your book without paying you anything, you would feel very bad, and would need another job in order to live, so you would write much less than you would if you could earn money by writing.

While the similarities between software and artistic works were taken into consideration when they decided to include software in that law, namely, that they are easy and cheap to copy, but hard and expensive to create, they left outside one difference of most importance. People consume artwork because they want, but consume software because they need.

From an economic point of view, no one systematically order general artwork, like books, from artists, but people do consume them when they are done. On the other hand, people systematically order software from software makers, in a way that is enough to refrain a programmer from starving. Copyright law has little use in this scenario. Actually, most of the small software companies do survive by creating specific programs for specific clients, and selling software in boxes are distant realities.

From a more human point of view, suppose you are a programmer and created a software that is useful for you. Your neighbour asks you to have it, and costs you nothing to give it to him. Would you give? I am pretty sure most of the people would simply give away. Some may say it is part of human nature: if it costs nothing to help, we simply help. Imagine you have a lit candle, and someone besides you have an unlit candle, would you lit his candle for free?

This simple and intuitive concept is reversed in the corporate “software-in-a-box” business model, where already created software, which has cost virtually zero to reproduce, is sold by obscenely high price compared to its reproduction cost. Why is it so? Why our organizations do such things while individuals tend behave in the opposite direction? Everybody knows that corporations do not abide to morals, but instead to profit. While it is permitted by law and by consumers to do immoral lucrative deeds, they will do. And you can hardly imagine how lucrative, compared to the costs, can be to sell a box containing a copy of a software. It is so lucrative that Microsoft employees need to stop playing golf in the corridors when the money for replacing broken windows is over (and I heard this from a Microsoft employee). It makes me wonder: how many times more rich than the second richest man Bill Gates would be if everyone who uses a pirated copy of Microsoft Office paid what is due to him?

This is the reason I prefer GPL over less restrictive licenses, because the only good reason to choose BSD in place of GPL is to endorse a business model I believe to be immoral. But it is idealistic and unpractical to attain too firmly to this resolution. In an ideal world, every software should be free, thus copyright, if existed, should not apply to software. But we have copyright for software, and now days, to believe software should be free is much more weird than to believe software should not be. It can be very difficult to convince someone that free software actually works until he or she sees, with their own eyes, that it works.

Since the development model of free software relies on external contribution from the parties interested in the software, it may be preferable, in some cases, to have the software distributed in less restrictive licenses. A software under BSD license would give some guarantees to a potential contributor, who would not be afraid of investing in it, as the software could be at any time incorporated the his old business model. Even if the contributor has no plans of “closing” the software, he feels much more incline in helping if there is this possibility.

I would say that our economy is not “psychologically” ready to embrace the idea that, once the software is given to people, it can not be brought back into chains.