Dear President Rousseff, you are listening, but not enough....
Paw Prints: Writings of the maddog
Dear President Rousseff,
You may remember that I wrote to you last October and gently scolded you for not listening to me over the past eighteen years and moving your country to software and hardware freedom, helping to ensure the security and privacy that I know you want your citizens and government to enjoy.
In that article I even invited you to have some of your people talk with me and I was willing to offer advice to you on this topic for gratis, but alas, no official came to talk with me about the issues.
Since last October I have seen that you had one of your people start to design a secure email system, one that my government would find harder to break, and that you are thinking about installing an undersea communications cable between Europe and Brazil to skirt my government's spying on you.
I am therefore puzzled when I find out that some of your educational system is actually moving backwards, and removing courses in Free and Open Source Software, teaching Microsoft products instead.
The Sao Paulo State Technological College, a part of FATEC, used to teach courses in GNU/Linux. Now they have dropped the GNU/Linux part and only teach Microsoft products.
Of course, when I say they taught GNU/Linux, it was hampered by the fact that the machines the students were using had only 512 Mbytes of RAM, and the professor was required to run GNU/Linux in a virtual machine on top of Windows XP instead of natively or using a "Live CD", because the administration of the school would not let them install GNU/Linux on the hardware since the “authentication” of the students was only done through Active Directory.
I find it interesting that the school is using Active Directory for their authentication, since that is a binary only program, and Brazil really has no idea who that program is allowing to have access to your machines.
I am also dismayed by some of your universities teaching languages such as Visual Basic and C#, when they might be teaching more portable languages such as Python or Haskell and still teaching MySQL (now a product of Oracle) instead of teaching PostgreSQL, NoSQL or Hadoop.
Speaking of Windows XP, when are you going to update all the government and school Windows XP machines to new hardware that is capable of running Windows 7 or Windows 9? If you leave the older machines running Windows XP, what are you going to do for security after April of this year?
After April Microsoft will not be sending out any security patches unless you become a “special customer” and pay a lot of money for special patches for security. This will become interesting for Brazil, of course, since 84 percent of all Brazil's PC software is pirated, and I doubt that Microsoft will be sending out patches for pirated software. So your people will become more and more exposed to security holes.
I know that Windows XP will not become more “massively insecure” overnight just because support is dropped by Microsoft, but there are other issues too. Right now analysts are advising customers of Windows XP to upgrade from the Microsoft web browser Explorer to Firefox or other Open Source browser to head off security issues in older Microsoft software running on Windows XP. If you had been running GNU/Linux you could continue to apply security patches to your older systems, or you could have incrementally updated your software over the years instead of staying on Windows XP to avoid paying the "Microsoft Tax" of upgrades.
As other companies and governments upgrade to newer versions of Microsoft Office, you will find inconsistencies in being able to exchange documents, which will force you to upgrade to a more current version of Microsoft Windows, which will need new hardware to run. The problem will be (and is) that you have no choice. You purchased your software from a monopolistic company that is a single-source supplier. You have to do what they tell you do to. People who used closed source products are software slaves, and I am surprised that a woman of your intelligence and national pride would allow her country and people to be made slaves to a United States company.
Instead of paying local, Brazilian programmers to help you tailor Free Software to your needs, you are paying closed-source companies royalties which (for the most part) go out of your country. If you had used GNU/Linux and one support company did not meet your needs, you could go to another support company. Because all of the support companies working with GNU/Linux have access to the source code, any one of them could fix your problems assuming they have the experience level and expertise.
Recently I gave a talk at CeBIT in Hanover, Germany about security and privacy. Unless you are doing much more than updating your email system, you have done nothing to stop my country or any other country from spying on you. Sorry, to have to tell you that, but it is true. Notice in my third paragraph I said your efforts would make it harder for my country to break in, but not impossible. They can be very determined, and your efforts so far are minimal.
At this point it will take a huge and concerted investment to create the security and privacy that your government and citizens need. That is the bad news.
The good news is that with the use of Free and Open Software, Open Hardware and Open Culture, you can share that investment with other countries who are concerned about security and privacy and that investment comes back to Brazil by creating new jobs and stopping the flow of money to monopolistic companies outside of Brazil. You create local jobs, who buy local food, local housing and pay local taxes.
Madam President, I ask you to treat this issue with more than just words, but with understanding of the issues. You can either take this opportunity to start your country to software and hardware independence, or you can continue to walk the path of slavery to another country.
That path is yours to choose.
Jon "maddog" Hallcomments powered by Disqus
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.
Should you trust an online service to store your online passwords?
New B+ board lets you build cool things without the complication of a powered USB hub.