I’m curious about this - what do you mean by “renting” vs “owning” the software and how is it a problem? And would open source software or another solution meaningfully address that? I haven’t thought about it in this way before
I suppose he is referring to banking apps (and all security-critical apps) relying on Google and Apple for attestation of device integrity (i.e. that nobody, including you yourself, tampered with the device operating system).
This almost surely could be solved with open-source, public-owned code, although I’d have to research that to be sure.
Ive seen it first hand in “mission critical” software stacks. The major difference between software proprietary software is that it is at the end of the day their ball. That can pick it and go home if they want, maybe there is a penalty for doing so. They can say how they want you to use and how they don’t. They choose how clean it is how dirty, etc etc.
FOSS code is yours, you can redistribute it, modify it, study it, or run it how ever you want to, and important for big orgs, you can whoever you want do those things for you. Like owning a house you get to pick your contractors. DIY to SLA contracts it’s all on the table depending on the needs and budgets involved.
If it doesn’t matter, renting can be fine, but if lives (and livlyhoods) depend on it, its crazy to rent it instead of
Obviously they should regulate in a way that does promote free choice as far as FOSS goes. There is no technical reason to rely on third party apis, one could even argue that the banks are neglecting best security practices by doing so.
They need to regulate banking apps first, currently almost all banking apps rely on proprietary apple or google apis to work.
I cannot even use my banks website without an android or ios app that is needed for authorization. It does not work without play services on Android.
Honestly needing to rent (we don’t own the code) software to use the basic functions in our banking systems is a serious problem
I’m curious about this - what do you mean by “renting” vs “owning” the software and how is it a problem? And would open source software or another solution meaningfully address that? I haven’t thought about it in this way before
I suppose he is referring to banking apps (and all security-critical apps) relying on Google and Apple for attestation of device integrity (i.e. that nobody, including you yourself, tampered with the device operating system).
This almost surely could be solved with open-source, public-owned code, although I’d have to research that to be sure.
Ive seen it first hand in “mission critical” software stacks. The major difference between software proprietary software is that it is at the end of the day their ball. That can pick it and go home if they want, maybe there is a penalty for doing so. They can say how they want you to use and how they don’t. They choose how clean it is how dirty, etc etc.
FOSS code is yours, you can redistribute it, modify it, study it, or run it how ever you want to, and important for big orgs, you can whoever you want do those things for you. Like owning a house you get to pick your contractors. DIY to SLA contracts it’s all on the table depending on the needs and budgets involved.
If it doesn’t matter, renting can be fine, but if lives (and livlyhoods) depend on it, its crazy to rent it instead of
Do you think they would regulate it in our favor or shut down the few apps that work without play services for being insecure?
Obviously they should regulate in a way that does promote free choice as far as FOSS goes. There is no technical reason to rely on third party apis, one could even argue that the banks are neglecting best security practices by doing so.
Do you think they would regulate it in our favor or shut down the few apps that work without play services for being insecure?