Preamble: This article is meant for absolute beginners. If requested, I could also write a more detailed (and serious) post about the whole idea behind FLOSS another day.
The term FLOSS stands for free/libre and open source software. FLOSS is a very important and integral part of our technological ecosystem. In order to see why it's so important we have to define its meaning first.
What is FLOSS? (for beginners)
Defining the term FLOSS in one sentence is not easy but I would like to attempt it anyways to be as gentle as possible with people who have never heard about that term: "FLOSS is software whose source code can be used, copied, studied, and changed by anyone". So far so good but what do I mean by source code?
Every computer program (or smartphone app or website) is written in a certain programming language. By using programming languages humans can directly tell computers what to do. The text (or code) of these languages making up a program contains instructions and is called source code. For example, we might use the programming language Python to print the words "Hello, Steemit!" on our screen by just typing, saving and executing the following source code:
print("Hello, Steemit!")
Real computer programs are, of course, much more complex than that but for now we don't want to care about the details too much.
Isn't FLOSS insecure?
You might ask now whether FLOSS is really such a good idea. Isn't it for example a very bad idea to let anyone have a look at the source code of your software? Doesn't that open all doors to potential hackers and crackers who want to break your system? Well, on the one hand it's true that every security flaw of any FLOSS software is plainly visible for anyone having the skills to read the underlying source code. But, this is not a bad thing at all, because opening up the source code also allows "good people" with the necessary skills to read and analyze the source code and by doing so they can actively help to make the software more secure. If the source code is closed or proprietary, there is no chance for people who would like to help out to have a look at the system and improve it.
I'm confused now. Gimme some examples
I know that it can be hard to wrap your head around these things in the beginning. Let's look at some examples to get a better grasp about these issues first. Let's take the Linux kernel as an example of actively developed FLOSS in comparison to the Adobe Flash player as an example of (more or less) actively developed proprietary software. If some evil hacker would like to hack a Linux-based system, he or she would probably attempt many attacks on the kernel until he or she succeeds. The evil hacker would do the same if he or she wanted to hack into a computer running the Adobe Flash player. But, here comes the huge difference: The Linux kernel is actively monitored by many people all over the world. You and me can (at any time) have a look at the current source code. And if there is a potential security hole, we can either fix these holes or tell the kernel maintainers about them such that they can fix those issues themselves.
But how does the situation look like for proprietary software (namely Adobe Flash in this example)? Only a few Adobe employees have access to the source code of the Adobe Flash player. That means there is no way for me and you (if we don't happen to be paid to work on that piece of software) to have any insight into the functionality and behavior of this program. That is a serious problem because people can actively exploit any security holes and thus attack any system on this planet running this program and only if the company behind the software decides to create and upload a patch, the average Joe will be able to defend himself against those attacks. You might think that this is a very theoretical problem but actually exploiting security holes in proprietary software has become a real problem. The Occupy Flash movement would agree, I guess.
Hold on! Are you telling me that FLOSS is immune against any hacking attacks?
No, of course not. There are many exploits for FLOSS as well. For example, the Wordpress software is a piece of software installed on thousands of servers all around the world. It's a very interesting target for evil people trying to blackmail others or steal data. From time to time we can read about Wordpress being attacked again and users are advised to update to the newest version. But one big advantage of Wordpress (and other FLOSS projects) is that smart people can take preemptive measures to prevent security holes from being exploited. With FLOSS people can analyze a system or software at any time while with proprietary software users can only react by installing updates once the company behind this software decides to provide a patch.
Mhm... ok. But why should I release some software as FLOSS if I don't want people to know how I implement certain security-related components?
At first glance it seems to be not a bad idea to just hide critical components nobody should know about. But unfortunately, this doesn't work out too well. The concept behind not releasing the functionality of a certain program in order to gain a security advantage is called "security through obscurity". At first glance it looks like a good idea, but let me quote from this Stackoverflow article to show you why it is not:
Security through obscurity would be burying your money under a tree. The only thing that makes it safe is no one knows it's there. Real security is putting it behind a lock or combination, say in a safe. You can put the safe on the street corner because what makes it secure is that no one can get inside it but you. [...]
If someone discovers the password, you can just change the password, which is easy. If someone finds the location, you need to dig up the money and move it somewhere else, which is much more work. And if you use security by obscurity in a program, you would have to rewrite the program.
My head hurts...
Ok, in that case I will just leave you alone for today and show you some nice kitties as a reward you read up to here. But I make no promises that I won't write another article about this important topic another day with even more background information. ;-)
Source: https://farm6.staticflickr.com
P.S: Questions are welcome!