Submitted by “What if all software was open source? Anybody would then be able to add custom features to Microsoft Word, Adobe Photoshop, Apple iTunes or any other program. A University of Washington project may make this possible.” Yeah I know, odd headline – couldn’t find anything better.
Anyone else see, in addition to its usefulness, a massive potential for malware here? I’m sure malware authors would drool over this, think of the possibilities. They could replace word’s edit box with an identical one that forwards all data, or modify any links word displays to redirect to other malware, or change the iTunes buy song buttons to send them your iTunes account info. Being able to change any part of a program on the fly like this could be a disaster waiting to happen.
I can envision some DMCA activity here, too, from some ego-damaged company.
Wouldn’t that qualify as Malware?
I believe they called it Unixware
Or more usefully, it could hijack the login process to online banks which make you enter certain chars from your password… Aside from keylogging the entry, it could tell the blackhat which position each character goes in.
If programs were all open source it does not neccessary mean they are easier exploitable through malware. It is because of the operating system’s security model.
If you look at say Linux which is open source it does not have malware problems and that is _probably_ due to a better security model compared to say Windows which is famous for its malware. I say probably because I’m not sure of how the Windows security model exactly operates but I’m pretty sure you have the ability to install programs as a normal user which is the main reason behind the problem.
Yes, you aren’t sure of Windows’ security model. It’s similar to Unix, although a little bit more orthogonal. All kernel and system objects are protected by access control lists. Permissions cascade for hierarchical object systems. It has user, group and everybody permissions as well, just like Unix (although the UI makes it look more complicated).
As a normal user on any NT-based version of Windows, you can’t install software, unless given permission to do so. The problem pre-Vista was that the default user was usually the administrator (=root). As such, regular end users (as opposed to user accounts) could install software with out privilege escalation. Thankfully, this policy has been reversed for Vista and 7.
Nice. Thanks for clearing things up.
While this will allow some interesting tweaks and will have its uses there, it is still a LONG cry from the power that open-source yields.
Basically you get to manipulate the front-end of the application, but not the business logic or the back-end interfaces.
Let’s take a dictionary application as an example.
You’ll be able to change things at the front-end layer: the location of some widgets, perhaps even narrower search options, add ‘look up in Wikitionary’ links, things like that.
You won’t be able to extend the logic and data layers: you won’t be able to add a ‘phonetic search’ feature. You won’t be able to store an extra field of information for each word. Unless the application already has ‘add word’-UI you won’t be able to add functionality to pull new words from a website like Wikitionary. If the application is being smart about pretty-printing/marking up the text, you probably won’t even be able to reformat the text and fix rendering mistakes.
The list goes on and on.
Edited 2010-03-31 22:44 UTC
In a way though, it would be more useful. Sure, it wouldn’t be as flexible as having the source code available, but seriously… how many people do you think are going to dive into the Photoshop source code to the point where they could actually do something with it? Even if one had time to do so, how many are skilled enough at programming to be able to pull something like that off.
Didn’t we already have this feature set once?
http://en.wikipedia.org/wiki/Opendoc
Edited 2010-03-31 22:45 UTC
While you may(or may not) be able to alter a piece of software with this tool. This adds a layer of abstraction onto your application, slowing it down and adding to the complexity.
With open source you would get to mess around with the innards of the application.
It would be nice if all software was open sourced but this is far from that solution. This is in fact the opposite of open source.
Hasn’t Office supported plenty of customizations for yonks? Prior to 2007, customizable toolbars, menus, etc can point to macros.
Historically, many “macros” were simple keyboard/mouse automation scripts. Windows 3.1 shipped with a tool to do this (recorder.exe.) This enabled cross application tasks to be automated without application awareness. This functionality is available in many downloadable tools today.
This really sounds like two very established things being welded together.
Malware that subsitutes the “Credit Card Number” field on a website in Firefox for its own, coming in 3… 2… 1…
Seriously, this guy has a doctorate in Computer Science and he doesn’t realise what a dumb insecure idea this is?
Since when has a certain degree meant a person actually thought about things? Some of the people I know who had doctorates were some of the least sensible I’ve ever met, especially in the US where education largely consists of memorizing and regurgitating facts without any real creative thinking or learning involved.
The idea is naive at best.
If all software were open source, it would kill the economy.
Open source companies earn money(Red Hat,Google). Open source would never let a company like Microsoft or Apple exist. Think about where Linux would be if 10 billion dollar per year would be spent developing it?
It’s funny, what the article goes on about is not so much open source, but scriptability and themability when you get down to it: creating “custom” applications by wrapping existing bits of them with fronts to make them interact differently with the users.
Let’s see, are there some examples of where this has already been done, to some degree?
YES! I’m not going to pretend to cover all of them, as I’m wise enough to know that just the ones I know about are unlikely to be the only ones…
1. If you use hey with BeOS/Haiku, you have the scripting interface, and you can easily enough do a certain amount of integrating of things in a way that makes it functional… it may not be exactly what the author of this article had in mind, but you can make BeOS/Haiku apps do whatever you darn well please, if it previously exists via the GUI.
2. I’ve not investigated this one, but… OS/2 has a very object-oriented desktop/GUI that is scriptable, and you can extend the system to do things you didn’t have it do at the start. Rexx IIRC is the scripting language of choice.
3. MacOS (and OSX) with AppleScript, which had a start even farther back in parts with HyperCard (great fun, that: until something goes wrong with the system!) allows you to drive Mac applications to a rather high level of control: heck, I’ve used AppleScript under OSX with iTunes to create an iTunes alarm clock. I can’t remember whether or not I read that something along these lines existed for NextStep, which OSX has a lot of its API and overall structure from.
4. I remember when OLE Embedding and COM and all that were much newer, and then also such fun things as VBA (Visual Basic for Applications) where you could take all these fun controls and embed them into something else: oddly enough, it seems Microsoft has backed away from some of that in the more recent versions of Word and Office: I wonder why that is? Oh, wait: reality is that… there’s real problems with it, from such things as security, to the reality that not just anyone can do anything useful and have it work correctly. With the Windows Shell (not text, but GUI shell under Win32) there’s actually lots of things you can control via COM, and a lot of Microsoft applications as well as many other companies and their applications can be rather heavily scripted via a COM-aware language, and made to do all sorts of fun things, including… special malware. Yeah, sure is great, isn’t it? Internet Explorer with ActiveX controls is all about what this farce of a study is meant to explore: making things so-called “open source” which is a misleading title compared to what’s really being discussed, easy theming/glue logic wrapped around existing functionality. Well, what a waste of money: this has existed for more than 15 years under Windows already!
5. Unix and its brethren: sure, it’s text/command line or even perhaps some stuff via X, but if you think back to a less graphical time, aren’t you effectively doing the same thing by piping data through various utilities through some complex command line script and all the scripts run along the way?
Now, that’s not an all-inclusive listing of technologies and systems that already effectively allow for what this article refers to, but that’s more than sufficient to demonstrate that the money is wasted, as is the time, and this professor needs to get his head out of class once in awhile. But wait, there’s more!
Remember all those OCX/ActiveX controls, OLE embedding, etc. I mentioned previously? Remember VBA, or any other scripting language? Hell, what about JavaScript? At some point or another, if you must insist on things being open source (truly so) there’s something that already works, somewhere, somehow, so why hasn’t there been this massive revolution of the general public going forth and making it happen?
Simple answer: they’re too lazy to. Well, that’s one easy explanation that’s true for a lot of the general public: they could, should they choose to dedicate the time to practice at such things, but let’s be honest with ourselves and reality: most people use computers as tools to accomplish something they want to automate/make more efficient, and don’t give a crap about how a computer works, and don’t want to have to give a crap about how the computer works: they just want the damned thing to work! If they absolutely had to, and they had enough incentive, a lot of people could probably do what’s needed, after spending a lot of their valuable time to become sufficiently proficient to accomplish something they’d hate to work on in the first place. Well, that’s some unknown portion of the population right there: the percentage that, given enough time and motivation, they could eventually do it, as they have the capacity to learn and do what’s necessary, eventually. And then, of course, there’s quite possibly a far larger portion of the population we need to address: those that, regardless of their desires, or the amount of time/resources they can sink into it, simply for whatever reason, don’t have what it takes to figure out how to write code to solve problems, even simple ones, and do things in a remotely competent way that accounts for such fun things as error handling, or even working predictably. Remember HyperCard? Great way for someone that has the know-how to quickly get something going, and it allows someone to write code quickly and easily, even if they’ve never really written any code, as they can get something up and doing something (hello, world!) with little fuss. But, an easy tool to use is nothing in the hands of someone that’s clueless, and I’m sure I’m not the only one to see HyperCard stacks that appeared to work fine, until they essentially exploded with all the data they were tracking.
So, conclusion: making everything “open source” (in any sense of the word) or “easily scriptable” or “Themable” which is more like what was being discussed, is no panacea, regardless of anybody claiming that, because to create proper software simply can’t be done by everyone on a whim, no matter how much they desire it: the world will still need true software engineers/developers/programmers/whatever-you-want-to-call-them that can actually make things work sensibly and comprehend what they’re doing.
From:
http://insitu.lri.fr/metisse/index.html
That’s scary. Inconsistencies all over, slowness, GUI sluggishness, dependency hell, oversized widgets, 100s of different versions of the same thing incompatible with each other, mibsy, flibsy, wttsplash stupid names given to software, (same software renamed 100 different times to indicate ‘different’ versions)….To upgrade a software, you’d have to edit some apt-get config script to add the source, uninstall, re-install –upgrade etc etc…
NOT GOOD for the end user.
But then again, you have the freedom and no patents but we can have commercial software without patents too.
Everything open source = tower of babel ;-p
Everything incompatible with everything else ;-p
From what I recall reading, it almost became law that all software would need its source code registered for copyright protection. This was from before the US went to automatically granted copyright protection.
If the US had gone that other way, all source code would be available from the Library of Congress for anyone to read. That wouldn’t make it “Open Source” for modification and redistribution but it would have been readable.
It would have been cool.
It’s a let down that this is not the case. There is nothing naive about having access to source. Just because the access is available doesn’t mean the target audience has to be everyone. It could merely be stored in the Library of Congress under confidentiality clauses for something like 10 years. It would have made the progression of software with every revelation of source much more competitive in regards to performance, especially pushing programmers to do more at the binary level. It might even have fractured the hardware base in a good way, where there were many more options available to the public.
Edited 2010-04-02 06:18 UTC