What is Free and Open-Source Software?

Software programs, like other creative works, are released to its users under certain terms and conditions called licenses. When a license gives its users the rights/freedoms to use, study, copy, modify, improve, and redistribute it, then the software is considered free, or libre, and open-source software (FOSS).

Background: In software development, companies and developers write software as a collection of many files called the source code or the code base. When the software is ready for use, they compile the source code into executable files. For example, applications on Windows and macOS typically have the file extensions .exe and .app, respectively. These executable files are usually unreadable and recovering the source from them is usually impossible.

  • If the developers keep their source code private, then the software is said to be proprietary or closed-source.
  • If the developers publish the source code for the public to study it, but do not grant them the all freedoms of open-source software, then software is called source-available.

In conventional software development, companies release proprietary software and they require you to purchase a license or subscription in order to use it. This sometimes works well for consumers, but there are important restrictions to be aware of when using proprietary software. If a software program prevents you from exporting your data and using it in another compatible program, then you are forced to maintain a subscription for it in order to maintain access to your work. This tactic, known in economics as vender lock-in or consumer lock-in, is a way for technology companies to make it difficult for you to stop using their services.

Free and open-source software avoids locking-in consumers and instead provides them with several valuable rights:

  • Users of free and open-source software are permitted to use it for any purpose (except for those prohibited by law).
  • Users and third-parties can independently study and inspect FOSS programs to verify the authenticity of claims regarding its privacy and security. By making the software transparent, it has the potential to be safer and more trustworthy.
  • After obtaining copies of the source code, users can modify it to fit their needs. These modifications may include improvements on the original code or removals of existing features (e.g., those that invade privacy, create security vulnerabilities, or are simply unnecessary).
  • Users of FOSS can choose to redistribute their software, modified or not, to other people without fee or for profit. The right to redistribution allows users to share their modifications and improvements with others.

Some FOSS licenses require that any redistribution of the software must also be licensed with the same license as the original software or at least be licensed in a way that does not revoke any of the rights granted by the original license. These licenses are known as copyleft licenses and are meant to guarantee that any modifications of FOSS remain part of the community as FOSS.

Example: The strongest copyleft license for FOSS is considered to be GNU Affero General Public License Version 3.0, or AGPLv3, because it requires that anyone who uses the software to provide a service over a network must also provide its complete source code, even if it's modified.

Standard Notes publishes the source code for its web, desktop, and mobile apps as well as its syncing server and extensions under AGPLv3. This means that any individual or company can legally use all our free and open-source software for their own commercial purposes and therefore potentially drive us out of business. However, the AGPLv3 license requires that they must also release their software under AGPLv3, so any improvements that they make to it ultimately return to the Standard Notes community. This means that if Standard Notes were to disappear for whatever reason, then the community would be able to maintain the service and your notes would continue to be safe.

Further Reading:

Thanks for reading ✓

What is a pull request?

One of the main ways software developers contribute to free and open-source projects is by creating pull requests to fix bugs, add features, clarify documentation, and to address other issues. A pull request is a proposal to make specific changes to the source code of a project.

Projects usually have multiple versions of their source code, and one of them is the main version. The maintainers of the main version often encourage other developers to contribute to their projects by creating pull requests.

How do pull requests work?

Pull requests typically have five parts: the issue, changes, discussion, approval, and merge.

The first step to creating a pull request is to identify an issue with the existing source code for a project. Pull requests are meant to be reversible, so developers are encouraged to make each pull request focus on one issue or topic. For example, fixing a website's styling and updating its content can and should be separated into two separate pull requests.

After identifying the issue, a developer creates a complete copy of the project's source code on their own computer. Since their copy is derived from another copy, their copy is known as a fork. The developer then proceeds to change their copy of the source code to address the issue they identified.

When the developer is finished with their changes, they write a summary of their changes. The summary may include details about which issue the changes are meant to fix, an explanation for their approach to the issue, and a description of any testing they performed to ensure that the changes worked as intended.

Then, the developer requests the maintainers to review and accept their changes. The developer and maintainers discuss any remaining questions about the pull request, such as whether the changes can be optimized or need further improvements.

If the maintainers think that the pull request is ready, they can approve it and merge the changes into the main copy of the source code. The developer’s pull request is granted and the developers “pull” the changes into the main copy.

Why do people create pull requests?

Each developer has their own reasons for contributing to free and open-source software. Here are a few common reasons:

  • Prestige. When the maintainer of a project merges a developer's pull request into the source code of a project, the developer is permanently attributed as a contributor to that project. For example, the Standard Notes web app repository has 23 contributors at the time of this writing. Developers can accumulate fame and prestige within the developer community by making significant contributions to important and valuable open-source projects. This can help them build an audience and find more employment opportunities.
  • Experience. Junior developers can gain experience and build their resumes by contributing to open-source projects with pull requests, and experienced developers can use them to practice their skills. This can also help developers find future employment.
  • Generosity. Software developers are problem-solvers at heart and often enjoy sharing solutions for others to use. By sharing the solutions, more people can benefit from them. Contributing to free and open-source projects with pull requests is a way to give back to a community or project.
  • Compatibility. Developers can create new features and fix bugs by modifying their own copy of a project to suit their own needs. However, they can ensure that the new features and bug fixes are compatible with future versions of the project by implementing them into its main source code. Pull requests also allow their feature to receive more critical review and attention.

Further reading:

Thanks for reading ✓

What is DNS-over-HTTPS?

In February 2020, the Mozilla Foundation announced that it would enable DNS-over-HTTPS by default for all Firefox users in the United States. In this post, we'll explain what that is and why it matters.

Background: You and your computer need to take many steps in order to connect to a website. At some steps, there's a possibility for your privacy or security to be vulnerable.

  • When you use a web browser such as Firefox to connect to a website, you are viewing files on a remote computer. These computers are usually set up to serve the website files and are also known as web servers. These servers are usually assigned a series of numbers and letters known as IP addresses. You can think of these IP addresses like phone numbers for computers.
  • In order for Firefox to know which website to connect to, you usually need to tell it by clicking on a link or by typing the domain name of the website at the top of the browser.
  • If the website is properly set up, then the domain will correspond to an IP address. When you connect to the domain in your browser, the domain automatically sends you to its corresponding IP address, which then sends you to its corresponding web server.
  • Once you've connected to a web server with your browser, you can send and receive files to and from the web server. These files are collectively known as your traffic, or web traffic.

For example, when you click on app.standardnotes.org or type it into your browser, you will automatically be sent to the IP address 34.228.118.242, where you can access the Standard Notes web app.

If you connect to app.standardnotes.org over https, as in https://app.standardnotes.org, then your traffic to and from your web browser and the web server will be encrypted. Nobody will be able to read or tamper with your files while they're in transit.

However, your connection to app.standardnotes.org and other websites will be known to your internet service providers and anyone else who is watching your network. They won't know what you're writing in your notes app, but they'll know that you're using it.

DNS over HTTPS is the technology that encrypts the domain names and IP addresses that you're connecting to in a similar way that https encrypts your web traffic.

Why it matters: With DNS over HTTPS, your internet service provider and anyone else listening to your internet connections won't be able to know where you're connecting to anymore. If you use DNS over HTTPS with the Standard Notes web app, then you can be private about being private.


Next steps:

  • Standard Notes forces https on all its connections, but if you want to encrypt all your web traffic, you can use the browser extension HTTPS Everywhere by the Electronic Frontier Foundation.
  • In Firefox, visit Options > General > Network Settings and click "Enable DNS over HTTPS". You can also search "DNS" in the "Find in Options" bar or visit the official tutorial by Mozilla.

For other browsers, DNS over HTTPS can be enabled using the flags feature. First, update your browser to the latest version. If you use Microsoft Edge, you may need to install the new Chromium version. Then, depending on your browser, enter the following into the navigation bar and click enable:

  • Google Chrome: chrome://flags/#dns-over-https
  • Microsoft Edge: edge://flags/#dns-over-https
  • Opera: opera://flags/opera-doh
  • Vivaldi: vivaldi://flags/#dns-over-https
  • Brave: brave://flags/#dns-over-https

You can also enable DNS-over-HTTPS on your mobile phone by using Cloudflare's 1.1.1.1 app.

Further Reading:

Thanks for reading ✓

What is Electron?

Electron is an open source software framework that software developers can use to create desktop apps that work across Windows, macOS, and Linux operating systems.

Background: Each operating system can only run apps written in certain programming languages, called native languages. If a developer wants an app to work on the system’s desktop, then they will need to write it in those languages. If an app is written in a system’s native language, then it is called a native app. For example, native apps for iOS and macOS are written in a language called Swift.

  • Developing a sophisticated app for one platform takes a tremendous amount of expertise, time, money, and effort.
  • If a developer wants the app to work across multiple platforms, they will need to rewrite it in multiple languages. This requires them to either understand the intricacies of each operating system and their corresponding languages or to hire other developers who do. Both options are too expensive or difficult for most startups and individual developers.
  • Additionally, writing an app in multiple languages results in multiple codebases, each of which requires resources to continue to maintain, debug, and improve.

How it works: The three universal languages for web browsers are JavaScript, HTML, and CSS. Developers first write their app in these languages then use Electron to package it with technologies called Chromium and Node.js.

  • Chromium is an engine that powers many web browsers including Opera, Google Chrome and Microsoft Edge. Node.js is a system that allow apps written in JavaScript to interact with the operating system. Both work across platforms.
  • Apps built on Electron are in effect specially designed web browsers that work like native apps.
  • Developers can start with building their app for just a single platform, like the web, then produce apps for all other platforms, like Windows and macOS, without expending additional resources on software development.

Why it matters: Electron makes it easier to create cross platform apps.

  • Developers can create cross platform apps without learning the intricacies of every operating system and their corresponding programming languages.
  • Developers can use a single codebase for all three desktop apps, which makes it easier and quicker for them to catch and fix bugs.
  • Users can experience lower prices for apps built on Electron because it reduces the costs for software engineers to develop them.

A possible downside of apps built on Electron is that they may use more storage and memory (RAM) than if they were built natively. However, storage and memory are becoming cheaper for consumers every year, so even the cheapest new laptops can run apps built on Electron without users noticing the added system requirements.

Examples of apps built on Electron:

  • Communications apps including Discord, Riot.im, Rocket.Chat, Signal, Skype, Slack, and Whatsapp
  • Productivity apps including Standard Notes, Ghost, and Wordpress.com
  • Text editors including Atom and Visual Studio Code
  • Password managers including Bitwarden and Keeper

The bottom line: Many companies, both large and small, build apps on Electron because it reduces the costs to develop and maintain apps. Without it, many new apps wouldn’t exist or work cross platform.

Go deeper:

Thanks for reading ✓

What is End-to-End Encryption?

End-to-end encryption is a system of encryption that allow parties to communicate in a way that severely limits the potential for third-parties to eavesdrop on or tamper with the messages. Third-parties may include government agencies and companies that provide internet, telecommunications, and online services.

  • End-to-end encryption helps people communicate securely by emails, voice calls, instant messages, and video chats. It also secures communication between devices for sharing and syncing files.
  • End-to-end encryption is most commonly used for digital communications, but it can also be used on paper.

The big picture: There are many systems of encryption. End-to-end encryption is considered an improvement upon another system called point-to-point encryption, which is a standard for transmitting credit card data.

  • When parties communicate with each other, their data is usually transmitted through a third-party service provider, which acts as a messenger (e.g., Gmail).
  • Point-to-point encryption encrypts data when it is in transit to and from the messenger, but the messenger can still read the message.
  • End-to-end encryption encrypts the data both before it’s given to the messenger, and also during transmission. Different mechanisms may be used to encrypt the data before transmission and during transmission. Transmission encryption is usually layered on top of the existing pre-transmission encryption.
  • End-to-end encryption works by encrypting the data before the third-party receives it and by preventing the third-party from obtaining the decryption keys. The encryption is performed locally on the communicating parties’ devices rather than on the third-party’s web servers.

Analogy:

  • Using end-to-end encrypted communications is like sending a physical letter written in a language that nobody else can read or translate except the intended recipient. Postal service employees can read the to and from addresses and estimate when the letter was sent, but they aren’t able to read the letter contents.

Why it matters: End-to-end encryption helps ensure the confidentiality and authenticity of communications. It protects users’ privacy and allows them to communicate with greater honesty and freedom.

Pros and cons: End-to-end encryption protects user privacy by preventing unwarranted or unwanted surveillance by governments and service providers, but it also prevents law enforcement from obtaining communication records when they have justified warrants for doing so.

Limitations: End-to-end encryption protects the content of communications, but does not necessarily protect metadata about the communications, such as who contacted whom and at what time.

  • End-to-end encryption protects data when the service providers has a data breach, but it does not always protect data when a user’s device, account, or password is stolen because they can be used to obtain decryption keys.
  • Service providers that claim to provide end-to-end encrypted services may nonetheless introduce secret methods of bypassing the encryption. These methods are known as backdoors and can be created willingly or unwillingly. Thus, users are still required to place some trust in the service providers.

The bottom line: End-to-end encryption is the new standard for service providers aiming to provide the highest levels of consumer data protection because even they are meant to be unable to decrypt their users’ data, but it does not replace lower standards, such as point-to-point encryption, which are acceptable for other uses.

Examples of applications with end-to-end encryption:

Go deeper:

Thanks for reading ✓

What is Encryption?

Encryption is the process of transforming readable text or data, called plaintext, into unreadable code called ciphertext. After the data is transformed, it is said to be encrypted. The reverse transformation process from ciphertext to plaintext is called decryption.

Background: There are many methods of encryption. Each method aims to prevent decryption by anyone who doesn’t have a specific secret key, such as a password, fingerprint, or physical device.

The big picture: Different forms of encryption have been used for thousands of years to secure communications. Modern mathematics and technology allow for widespread use of encryption methods that make it computationally impossible for third parties to decrypt the encrypted data without the secret key.

Analogies:

  • Modern encryption allows people to put their data into digital safes that have locks that are physically impossible to pick.
  • Encrypting data is like translating it into a language that only the person with the secret key can understand. This prevents unauthorized people from reading your letters even if they take it out of the envelope.

Why it matters: Encryption can be used to protect documents and information where physical security isn’t enough or doesn’t help.

  • People can use encryption to prevent third parties from eavesdropping on or tampering with their communications.
  • Businesses can use encryption to deliver digital goods to their customers and safeguard important information about their clients, employees, or practices.
  • Governments can use encryption to protect secrets about their intelligence and military operations, issues concerning national security, and data about their citizens.

Encryption is for everyone: Individuals use encryption for many of their daily activities.

  • Smartphones, personal computers, and external hard drives are often encrypted by default or by user configuration. Encrypting devices helps prevent thieves from retrieving data from stolen devices.
  • Encryption helps protect debit and credit card information when they are used in-store and online.
  • Devices that use Bluetooth, such as smart watches or garage door openers, use encryption to prevent unauthorized use.
  • People can use encryption to verify the identities of the websites they browse, the software they download, and the documents they receive.
  • Individuals can use encryption to write private notes and send private messages, emails, and calls to their friends and family.

Go deeper:

Thanks for reading ✓