> I prefer to license most works as Apache 2.0, and this ensures people can do whatever they need to get the use-case solved in whatever legal obligation they are encumbered within.
I prefer copyleft licenses, because they ensure that the end user has access to my code :-). I don't do release free work on the Internet to help companies make money out of my work; I want to protect the users.
The great, great thing about Linux being GPL is that Android manufacturers have to share their modified sources, which helps mainlining a lot of hardware.
> I prefer copyleft licenses, because they ensure that the end user has access to my code
Now that so much software (the majority?) is used over a network standard copyleft licenses (GPL etc) no longer ensure this. If you want that you need AGPL.
I take it from another angle: I don't care so much about what people do with my code. It's not that I don't want others to make money with it (not at all).
It's just that as a user, I'm always happier when I get access to the sources of the product I buy. So I release my code under a copyleft licence for the sake of the other users like me.
To push the idea to the extreme, imagine a world where all the open source software that was ever written was under the GPLv3? Maybe most software would be open source in one way or another (and GPLv3 gives you a way to update the software). So you could buy a smart TV, get access to its sources and to tools that would allow you to upgrade it. I think it would be pretty amazing.
I'm not as sure as you that it would work out that way.
Let's take your TV example. I bought my TV from the local store, or Amazon, or perhaps second hand from some random guy on ebay.
Naturally I connect the TV to my home wifi, use the built-in Netflix app etc.
Assume I'm like your aunt. I barely have the skills to plug it in, much less read the code.
In this scenario is it OK that every previous owner, distributer, retailer, had the ability to add to, or change, the code in the TV? Do you think a highly skilled person, such as yourself, can audit the code to see that nothing nefarious has been added?
Today I have "limited trust". I have to assume Samsung is gleaning at least some data from my TV. But I'm reasonably sure it doesn't have malware on it.
Your optimism about how secure network-connected devices are against e.g. being added to a bot net in the status quo seems misplaced.
I agree with your concern not just for the future but for today. Something like TPMs could help attest that that example TV is running the software you think it is.
Of course, that would require manufacturers to care about security for their customers, which they currently don't. And the average person doesn't care enough, so the only way to change this is legislation/regulation.
Very true, even cellphones get deprecated very quickly.
However... from the well worn car analogy at some point the warranty must expire.
In general, if software was designed correctly, it should have minimized the attack surfaces. Note if someone has physical access, than one must assume the stack is already insecure by intent or incompetence. =3
> In this scenario is it OK that every previous owner, distributer, retailer, had the ability to add to, or change, the code in the TV?
...yes? If you own something, you can modify it. That's certainly better than a world where the vendor can put in spyware and the user can't fix it.
> Today I have "limited trust". I have to assume Samsung is gleaning at least some data from my TV. But I'm reasonably sure it doesn't have malware on it.
And how would you distinguish their behavior to date from "malware"?
I prefer copyleft licenses, because they ensure that the end user has access to my code :-). I don't do release free work on the Internet to help companies make money out of my work; I want to protect the users.
The great, great thing about Linux being GPL is that Android manufacturers have to share their modified sources, which helps mainlining a lot of hardware.