Archive for June, 2014

Open policy for a secure Internet-N-Life

Saturday, June 28th, 2014

(In)Security in Home Embedded Devices Jim Gettys says software needs to be maintained for decades considering where it is being deployed (e.g., embedded in products with multi-decade lifetimes, such as buildings) and the criticality of some of that software, an unpredictable attribute — a product might become unplanned “infrastructure” for example if it is widely deployed and other things come to depend on it. Without maintenance, including deployment of updates in the field, software (and thus systems it is embedded in) becomes increasingly insecure as vulnerabilities are discovered (cites a honeymoon period enjoyed by new systems).

This need for long-term maintenance and field deployment implies open source software and devices that users can upgrade — maintenance needs to continue beyond the expected life of any product or organization. “Upgrade” can also mean “replace” — perhaps some kinds of products should be more modular and with open designs so that parts that are themselves embedded systems can be swapped out. (Gettys didn’t mention, but replacement can be total. Perhaps “planned obsolescence” and “throwaway culture” have some security benefits. I suspect the response would be that many things continue to be used for a long time after they were planned to be obsolete and most of their production run siblings are discarded.)

But these practices are currently rare. Product developers do not demand source from chip and other hardware vendors and thus ship products with “binary blob” hardware drivers for Linux kernel which cannot be maintained, often based on kernel years out of date when product is shipped. Linux kernel near-monoculture for many embedded systems, increasing security threat. Many problems which do not depend on hardware vendor cooperation, ranging from unintentionally or lazily not providing source needed for rest of system, to intentionally shipping proprietary software, to intentionally locking down device to prevent user updates. Product customers do not demand long-term secure devices from product developers. There is little effort to fund commons-oriented embedded development (in contrast with Linux kernel and other systems development for servers, which many big companies fund).

Gettys is focused on embedded software in network devices (e.g., routers) as network access is critical infrastructure much else depends on, including the problem at hand: without network access, many other systems cannot be feasibly updated. He’s working on CeroWrt a cutting edge version of OpenWrt firmware, either of which is several years ahead of what typically ships on routers. A meme Gettys wishes to spread, the earliest instance of which I could find is on cerowrt-devel, a harsh example coming the next week:

Friends don’t let friends run factory firmware.

Cute. This reminds me of something a friend said in a group discussion that touched on security and embedded in body (or perhaps it was mind embedded in) systems, along the lines of “I wouldn’t run (on) an insecure system.” Or malware would give you a bad trip.

But I’m ambivalent. Most people, thus most friends, don’t know what factory firmware is. Systems need to be much more secure (for the long term, including all that implies) as shipped. Elite friend advice could help drive demand for better systems, but I doubt “just say no” will help much — its track records for altering mass outcomes, e.g., with respect to proprietary software or formats, seems very poor.

In Q&A someone asked about centralized cloud silos. Gettys doesn’t like them, but said without long-term secure alternatives that can be deployed and maintained by everyone there isn’t much hope. I agree.

You may recognize open source software and devices that users can upgrade above as roughly the conditions of GPL-3.0. Gettys mentioned this and noted:

  • It isn’t clear that copyright-based conditions are effective mechanism for enforcing these conditions. (One reason I say copyleft is a prototype for more appropriate regulation.)
  • Of “life, liberty, and pursuit of happiness”, free software has emphasized the latter two, but nobody realized how important free software would be for living one’s life given the extent to which one interacts with and depends on (often embedded) software. In my experience people have realized this for many years, but it should indeed move to the fore.

Near the end Gettys asked what role industry and government should have in moving toward safer systems (and skip the “home” qualifier in the talk title; these considerations are at least as important for institutions and large-scale infrastructure). One answer might be in open policy. Public, publicly-interested, and otherwise coordinated funders and purchasers need to be convinced there is a problem and that it makes sense for them to demand their resources help shift the market. The Free Software Foundation’s Respects Your Freedom criteria (ignoring the “public relations” item) is a good start on what should be demanded for embedded systems.

Obviously there’s a role for developers too. Gettys asked how to get beyond the near Linux kernel monoculture, mentioning BSD. My ignorant wish is that developers wanting to break the monoculture instead try to build systems using better tools, at least better languages (not that any system will reduce the need for security in depth).

Here’s to a universal, secure, and resilient web and technium. Yes, these features cost. But I’m increasingly convinced that humans underinvest in security (not only computer, and at every level), especially in making sure investments aren’t theater or worse.

“Open policy” is the most promising copyright reform

Thursday, June 26th, 2014

Only a few days (June 30 deadline) for applications to the first Institute for Open Leadership. I don’t know anything about it other than what’s at the link, but from what I gather it involves a week-long workshop in the San Francisco area on open policy and ongoing participation in an online community of people promoting open policies in their professional capacities, and is managed by an expert in the field, Timothy Vollmer. Read an interview with Vollmer (wayback link to spare you the annoying list-gathering clickthrough at the original site, not least because its newsletter is an offender).

The institute and its parent Open Policy Network define:

Open Policy = publicly funded resources are openly licensed resources.

(Openly licensed includes public domain.)

Now, why open policy is the most promising knowledge regulation reform (I wrote “copyright” in the title, but the concept is applicable to mitigating other IP regimes, e.g., patent, and pro-commons regulation not based on mitigating IP):

  • Most proposed reforms (formalities can serve as an example for each mention following) merely reduce inefficiencies and embarrassments of freedom infringing regimes in ways that don’t favor commons-based production, as is necessary for sustainable good policy. Even if not usually conceptualized as commons-favoring, open policy is strongly biased in that direction as its mechanism is mandate of the terms used for commons-based production: open licenses. Most proposed reforms could be reshaped to be commons-favoring and thinking of how to do so a useful exercise (watch this space) but making such reshaping gain traction, as a matter of discourse let alone implementation, is a very long-term project.
  • The concept of open policy is scalable. There’s no reason as it gains credence to push for its expansion to everything receiving public or publicly interested support, including high and very low culture subsidy. At the extreme, the only way to avoid being subject to some open policy mandate would be to create restricted works in an IPer colony, isolated from the rest of humanity.
  • In order to make open policy gain much more credence than it has now, its advocates will be forced to make increasingly sophisticated public policy arguments to support claims that open policy “maximizes public investment” or to shift the object of maximization to freedom and equality. Most proposed reforms, because they would only reduce inefficiency and embarrassment, do not force much sophistication, leaving knowledge regulation discourse rotting in a trough where economists abandoned it over a century ago.
  • Open policy implementation has the potential to destroy the rents of freedom infringing industries. For sustainable good policy it is necessary to both build up the commons as an interest group and diminish interest groups that depend or think they depend on infringing freedom. It is possible for open policy to be gamed (e.g., hybrid journal double dipping). As troubling as that is, it seems to me that open policy flips which side is left desperately clawing for loopholes contrary to the rationale of policy. Most reform proposals at least implicitly take it as a given that public interest is the desperate side.
  • Open policy does not require any fundamental changes to national law or international treaties, meaning it is feasible, now. Hopefully a few reformists have generally grasped the no-brainer concept that a benefit obtained today is more valuable than one obtained in the future, e.g., in 95 years. It also doesn’t mean that open policy is merely a “patch” in contrast the “fixes” of most proposed reforms — which aren’t fixes anyway, but rather mitigations of the worst inefficiencies and embarrassments of freedom infringing regimes. If open policy is a patch, it is a one that helps the body of knowledge regulation to heal, by the mechanisms above (promoting commons production and discourse, diminishing freedom infringing interests).

In my tradition of critical cheering, consider the following Open Policy Network statement:

We have observed that current open policy efforts are decentralized, uncoordinated and insular; there is poor and/or sporadic information sharing.

As illustrated by the lack of the Open Source Definition or any software-centric organizations on Open Policy Network lists of its guiding principles and member organizations. Fortunately software is mentioned several times, for example:

If we are going to unleash the power of hundreds of billions of dollars of publicly funded education, research, data, and software, we need broad adoption of open policies.

Hopefully if the Open Policy Network is to become an important venue for moving open policy forward, people who understand software will get involved (by the way, one of the ways “publicly funded” is scalable is that it properly includes procurement, not only wholly funded new resources), e.g., FSFE and April. I know talking about software is scary — because it is powerful and unavoidable. But this makes it a necessity to include in any serious project to reform the knowledge economy and policy. Before long, everything that is not software or suffused with software will be obsolete.

{ "title" : "API commons II" }

Tuesday, June 24th, 2014

API Voice:

Those two posts by API Evangelist (another of his sites) Kin Lane extract bits of my long post on these and related matters, as discussed at API Con. I’m happy that even one person obtained such clear takeaways from reading my post or attending the panel.

Quick followups on Lane’s posts:

  • I failed to mention that never requiring permission to implement an API must include not needing permission to reverse engineer or discover an undocumented API. I do not know whether this implies in the context of web service APIs has been thoroughly explored.
  • Lane mentions a layer that I missed: the data model or schema. Or models, including for inputs and outputs of the API, and of whatever underlying data it is providing access to. These may fall out of other layers, or may be specified independently.
  • I reiterate my recommendation of the Apache License 2.0 as currently the best license for API specifications. But I really don’t want to argue with pushing CC0, which has great expressive value even if it isn’t absolutely perfect for the purpose (explicit non-licensing of patents).