Fellows/mk/TalkUniversalComputing

Talk about General Purpose Computing

Moon landing

First of all thank you very much for your invitation. My name is Matthias Kirschner, I work for the Free Software Foundation Europe, and here in my hand I have more computing power than the whole world together when humans landed on the moon. So this is an extremely powerful machine.

We can do things with that machine, which people at that time, would not have imagined.

Today computers are not just in space shuttles. You do not need a large room for a computer anymore. Today we have them at each office desk. We have them at home as TVs and wifi routers. We have lots of them in cars or planes. We carry them around in our pockets. Some of use even have them inside our bodies, like hearing aids, or as defibrillaters directly attached to our heart.

It is a single machine we can use for all different kind of tasks.

Millions of Possibilities

And even if today, we would sit together and brainstorm about the craziest ideas what we could do with this devices in future; all of that will just be a fraction of what will be possible in future.

Because it is a universal machine, which is not limited by the imagination of a few; but just by the imagination of all people around the world who have such a device.

But who will decide?

In future:

Nuclear Chain of Command 1

For example: Who will control computers which can be dangerous to us?

Will it be like this?

Nuclear Chain of Command 2

Or more like that? And would the president be able to ask another engineer to check what the red button does?

Salami

Unfortunately IT manufacturers have discovered that they may have an economic interest to arbitrarily limit what these machines can achieve. Slice by slice they destroy this powerful machine, and they limit what we can achieve with them. Often those slices are so thin we might not even realise at the moment that we lost something.

I want to give you some examples how general purpose computers are threatened. I want to share ideas what we can do to defend the computer as a general purpose machine. And I am very much looking forward to discuss this topic with you during the last part of my talk and later during the day.

Meditating GNU

The first cut is obvious for you. In old days, you were able to do everything you want with the software. But people found out that they can make more money if they restrict software.

That slows us down. Imagine how fast we would be able to solve problems if all software would be Free Software.

They restrict us legally with their licenses, and also technically by not providing the source code. All of this restrictions make our computers less powerful than they could be.

DRM

Other restrictions are often summarised under the term “digital restriction management”. Companies invest resources to make devices worse than they have been before. They introduce functions the users do not want. Often they restrict our computers to preserve their business model.

Phone

A widely known one, is the SIM card lock in mobile phones. Most people heard about that. Companies invested lots of effort to make sure that SIM cards by other providers will not work with your device.

So those computers, most people call phones, were made worse on purpose. If you have the choice to get a phone for the same price, you would always choose the phone without the SIM card lock functionality. People really do not like this feature, especially when they are on vacation. It is making this device less useful, when you are in another country.

(TODO: But convinience isn't the big problem here. The problem is that by restricting one functionality, they restrict other things on those computers as well.)

Unauthorised copying

Most of you are probably in the lucky situation that you do not know such signs. Because you use software which ignores it. But many people, when they want to play a DVD they see such notices, and they cannot fast forward them like you could with your computer. In those unskippable tracks the movie industry tells you what you are NOT allowed to do, e.g. copy the DVD. Every time people want to watch a DVD, they had to watch this.

What would have happened if nobody would have seen those notices? People might not know that they are not allowed to copy the DVD, and what the punishment would be. Some people *might* loose money because of that.

But how should something like that look like for other devices? How should it be for my car? When I drive my car, and I don't know the rules, I can do much more harm. I could kill people. How long does the notifications list has to be, before I am allowed to start my car?

First of all: drive on the right side of the street, in cities your are not allowed to drive as fast as on the highway, a red light does not mean drive as fast as you can, but “stop”, an all the sentences you could get, ... How long would we have to sit there every time before we would be able to drive to the supermarket.

But DVDs do not just force you to read legal information every time, they also introduced a restriction called the "region code". Companies divided the world in five parts, they added a code to the DVD, and depending on that code you can just watch it in the corresponding part of the world. So you buy a DVD during your vacation, and when you are back home you cannot watch it with your computer. Although without the modification your computer would be able to play it.

Music CDs

One thing the universal machine, the computer, can do very good is to copy. It is one command, and instead of one file, I have 10, 100, or 1000 of them. And with the internet I can with very little effort copy files from one computer to any another computer around the world. I do not have to press a CD, or sent them to shops. I can distribute music to many people around the world for almost no costs.

So you would think that the music industry was very happy when computers and cheap internet connections where widely available; tools which make it easy to distribute music.

But their thought was: how can we achieve it, that our customer's computers cannot copy music files anymore. How can we make sure the computer cannot do the thing it is very good at? First they introduces technical measures for CDs to prevent copying. So people were not able anymore to copy a music CD for their car, or to make a backup.

It was badly implemented at that time: the CDs often did not work, e.g. older players or car CD players. So the bought product was worse than if you illegaly downloaded music, and burned you own CD. That did not help to make those CDs popular.

The advantage for consumers was, that the music industry had to print a label on the disk to inform people that it is one of those CDs. That's why people who made bad experience with those CDs before, could decide not to buy such CDs in future.

But it did not stop there. Imagine you buy a CD, go home and put the CD in your CD drive, then without any notice a program is installed, and controls your computer: It checks if there are any running programs who could copy the CD, and if so, it kills those processes. Beside that it makes your computer slower, and it opens security holes---which could be used by others to attack your computer.

That is what you got from Sony for giving them around 20€.

They did that on more than 50 million music CDs. It did not only concern individuals, but in the end 200.000 governmental and military computers where effected by that rootkit. They attacked our computers to remove some of the functionality.

Books

Who of you lent a book to a friend? Who of you sent a file by e-mail to friend? Was that difficult? I lent a lot of books, and I sent a lot of files to others. Then at one point, I read that Amazon now offers the possibility to lent ebooks. So I thought: wait this books are digital files, and it is easy to sent them around. Why was that not possible from the beginning?

Because Amazon and others first invested time to remove the feature on their readers to copy books from one location to another. Vendors of ebook readers designed those computers, to make sure you cannot copy certain files with them.

Imagine: you buy a book in a store, go home read a few pages, and put it in your bookshelf. During the night, the book seller sneaks into your room, and steals the book from you? Does that sound unrealistic?

Amazon did that with e-books, and as some of you might remember, the book 1984 by Georg Orwell was amongst them. It was removed from all computers of their customers. Without their consent.

That was possible because their customers were not in control of this computer. They could not decide what happens with their data on those machines. Not the owner of this computer, but the vendor controls this computer.

So with ebook readers the attack on general purpose computers was already deeper. Companies controlled large parts of your computer; not just the applications, but the whole software stack. They make it hard to install other software on this computer.

This is also the case with lots of gaming consoles, mobile phones, tablets, and it is coming to Laptops and Desktop computers as well.

Secure Boot

Who of you has heard about UEFI Secure Boot? And who about the Trusted Platform Module (TPM)?

While in the old days it was difficult to install GNU/Linux, it got better and better.

I spent one day with the help of a friend until I had a command line, but no working X. After two weeks, telling it is ok, because the command line is cooler, I managed to set up X. A few weeks later you might have had a working sound system. The Free Software community heavily improved that, so that you could install a new distribution within 30 minutes, and you have a fully functional operating system.

But if we are not careful, it might again be very hard---or almost impossible---to install a Free Software operating system on our laptops or our desktops.

Chain of Trust

Back to the idea of Secure Boot and TPMs. The idea is to secure your computer against attacks with a chain of trust. In a nutshell: The hardware only starts a trusted operating system; so an operating system is signed with a key and this signature is checked before executing it. The operating system can then only allow trusted applications to start, and the applications can protect your data.

For example I could say I trust this key by my GNU/Linux distributor. So my computer will only start operating systems signed with this key, and I am better protected against people who want to manipulate my computer. With the operating system you can decide which programs can be installed. My operating system will protect me against rootkits, like the one from Sony. I could allow the application by Amazon to download ebooks, but I might forbid this application to delete them without my approval.

Owner Protection

That is especially relevant when the user of a computer is different than the owner. If you would have to program the software for an ATM, what do you think the bank wants? That a user of this computer is able to change the software; that she can change the data on their computer?

Probably not. The bank wants to make sure that only trusted people are allowed to make modifications to software and the data on the computer.

With such a chain of trust, you can make it hard for unauthorised people to change the computers behaviour without you noticing it.

System against Owner

But the same system which could protect the owner against attackers, can also be used against her. Change one small thing, and you have a system which will work against the owner. If you as the owner of this device, are not the one who decides which keys you trust, and which of those key you do NOT trust; the chain of trust becomes a chain of control.

Chain of Control

Someone else will decide which operating systems you will be allowed to run on the hardware, someone else will decide which applications you can run on your operating system, and someone else will decide what will happen with your data.

So if the root is broken, it is not a function for your safety but a function to censor our behaviour.

Currently there are developments with UEFI Secure Boot, TPM 2.0 and Microsoft's Logo Hardware requirements to take away control from the owners towards the manufacturers of IT devices.

So people around the world might not be empowered, but restricted by their own computers.

How do we deal with it?

Companies decide more and more, what we are allowed to do with our computers. They turn general purpose computers into special purpose devices, so we can only do whatever is in their interest. So what will we do about it?

Resistance

We have to resist those developments.

The most important part is: Do not accept that this is normal! It is not good for our society, so we should not accept it. Even if you don't do anything else about it, it is still important that you do not accept it in your mind. You should not accept it, that someone else technically restricts what YOU are allowed to do with YOUR computer. You should not accept this as a normal condition. Nobody should. "That is wrong!! That's not how our society should be."

Free Software

But I think most of you want to do more than that. And you already do. All of you already use and contribute to Free Software; else you would not be here. You help others to use and share Free Software, and in your community you enable others to learn how software works and how to adapt it to their needs.

That's a crucial part to save the computer as a universal machine. You are a crucial part of a movement which enables others to control their own computers.

Right to tinker, labels, and good specifications

There are other very important things at the moment you can help with connected with Secure Boot, TPM, etc. You can:

1. Help to get rid of laws which forbid us to change software on OUR computers, or modify the hardware of our computers. We need a positive right to tinker.

2. Help, that devices which take away control from us have to be labelled, informing about the restrictions they contain.

3. Help to evaluate specifications. E.g. specifications like TPM and UEFI, should guarantee the control by the owner of the device, and not enable vendors to limit what we can do with our computers.

If anyone of you is interested to help with that, please let me know!

Small people alter the world

But we also need more people to join us in this fight. We should not just look for people who can contribute on the same level as we do. We need to find actions, with a low barrier to participate so our friends, parents, children can also take part.

I will mention a few random actions, and I hope it helps you to become creative and develop your own:

Shopping mall

Money

Bathroom

Parliament

Leaflets

Scooter

Nails

IloveFS

My point is; we constantly have to think about easy ways, so more people around us can join our movement. Every PERSON and every small action counts.

End: Free Software, Free Society

There are many people around the world who do not yet benefit from fundamental freedoms: like the freedom of the press, freedom of assembly, freedom of speech, privacy, or other freedoms some of us take as granted. They still have to fight for them every day. But once you have them, it does not stop there. As a society, we constantly have to defend those freedoms. Sometimes we have to add new freedoms in order to better protect the others. So as we live in a world in which computers play such an important role, we have to fight for---and constantly defend---software freedom, the right to control our universal computers.

Thank you! Thank you for listening, and thank you all for contributing to software freedom!

Fellows/mk/TalkUniversalComputing (last edited 2015-09-11 10:05:19 by anonymous)