What is free software (FOSS)? Licensed and freely distributed software products. Legal norms related to information, offenses in the information sphere, measures to prevent them

As the computer industry introduces more and more security tools for systems and networks, users are becoming more interested in free software to see if its potential benefits outweigh its potential disadvantages.

Although freely available security systems have been around for a long time, they have never been used as widely as operating system Linux and Apache Web server. John Pescatore, Gartner's director of Internet security research, noted that freeware now accounts for 3-5% of security deployments, but that this figure could rise to 10-15% by 2007.

The main reason for this potential is the quality of the numerous freely available security packages. , - noted Eugene Spafford, director of the Center for Education and Research in the field information security Purdy University.

Free software products include free tools that can be downloaded from the Internet, packages for which manufacturers offer commercial support services, and additional tools that are included with commercial products.

The most popular tools include Netfilter and iptables; intrusion detection systems such as Snort, Snare and Tripwire; security vulnerability scanners such as Kerberos; firewalls, in particular T.Rex.

Some enterprises have even begun to use freely available security systems to secure their critical infrastructure.

Growing interest

IT professionals have been using freely available security tools to varying degrees for about 15 years. There is now increasing interest in such tools from large companies, security consultants and service providers who can tailor such software to the needs of specific users. For example, EDS began using Astaro's freely available security tools to secure the front-end component of the Web sites of several credit unions that offer transaction processing capabilities.

Integrators of information security systems recognize that users are attracted by the low price of freely distributed tools. For example, Richard Mayr, managing director of R2R Informations und Kommunikations, noted that his company has been offering its commercial firewall for many years. However, the collected data shows that 75% of the company's clients prefer freely distributed analogues. Guardent offers a $1,500-per-month Internet security subscription based on its Security Defense Appliance. The solution combines commercial components, such as Cisco Systems' PIX firewall, with freely available components, including iptables, Nessus, and Snort. A similar service that relies solely on commercial products can cost around $10,000.

At the same time, C2Net Software, which was recently acquired by Red Hat, has developed its commercial Stronghold Secure Web Server based on Apache and OpenSSL - a freely distributed toolkit that implements socket-level and transport-level security protocols, and also contains a common cryptographic library appointments.

According to security consultant Paul Robichaux of Robichaux & Associates, organizations with specific legal security requirements, such as those in healthcare and finance, are unlikely to use freely available tools. Instead, they will likely continue to be dependent on manufacturers to whom they can hold responsible for security breaches. Robichaux believes that freely available security systems will be more likely to be used by consulting and service firms that already know and trust the tools, as well as by companies whose IT departments have already tried such solutions.

Freeware Security Tools: Pros and Cons

Let's compare free and commercial tools in terms of cost, quality and technical support.

Expenses. One of the main advantages of freely distributed tools is their lower cost compared to commercial products. Such systems are distributed free of charge or at very low prices, and, in addition, they either do not provide for licensing payments at all, or these payments are significantly less than for commercial products. However, some users have learned from their own experience that the statement is fully applicable to freely distributed tools.

However, Buddy Baxter, EDS technical manager for infrastructure solutions for credit unions, believes that just because a product costs more doesn't mean it will be more secure. According to him, EDS can install a security system based on the Astaro software tool, which will cost four times less than a commercial product from Check Point Software Technologies.

Quality. Guardent's chief technology officer, Jerry Brady, confirmed that some freely available security tools are as good as, if not better than, their commercial counterparts. For example, he said, the Nessus security vulnerability scanner provides better distributed processing, remote triggering and scheduling capabilities than many commercial products. , he emphasized.

However, Marcus Ranum, a security expert and head of NFR Security, objects to him: .

Spafford agrees with him: .

Proponents of open source solutions argue that there are so many people studying open source code that they can find problems much faster than the limited number of developers who create a commercial product for a given company. , said Mike Curtis, director of research at information security services company Redsiren Technologies.

Additionally, as Curtis noted, open-source software developers can respond more quickly to security flaws than commercial companies simply because they are less busy and bureaucratic. , he thinks.

However, Ranum disagrees with him: “he said.

Many closed source proponents believe that the quality of a program, not the number of people studying it, is more important in finding bugs in a program. They argue that the company's software experts working on their own products produce better work than those studying freely available packages.

Spafford also joins his opinion. , he noted.

Support. Proponents of commercial software argue that their vendors, unlike free software vendors, offer support and other resources to help customers run into problems. However, this approach also allows those who offer support services to users of free security software to strengthen their positions.

Brady noticed.

Other questions. Some closed source advocates believe that the availability of free code makes it much easier for hackers to figure out how to overcome such protections. However, apologists for freely distributed solutions argue that this is not the case, since hackers are able to break through the protection organized using commercial products. At the same time, they note that freely available security tools are easier to set up because the source code is available.

Known freeware projects

Let's look at some important freely available security tools.

Kerberos

Kerberos authentication and encryption technology ( http://www.mit.edu/kerberos/www) was developed at the Massachusetts Institute of Technology in 1987. Since then, this technology has become the standard used by working group Common Authentication Technology Working Group, formed under the Internet Engineering Task Force.

Freely available versions of Kerberos are available for the Macintosh, Unix, and Windows platforms. Commercial implementations have been created by Microsoft, Oracle, Qualcomm and a number of other companies. Microsoft drew criticism from those in the market by integrating a version of Kerberos into Windows 2000 that was not fully compliant with the standard.

Snort

Snort ( www.snort.org) is considered one of the most popular freely available security tools. According to Marty Reusch, lead developer of Snort, this application is used by 250-500 thousand people. This software has a group of active supporters and very detailed documentation.

Snort is a simplified network intrusion detection system capable of performing real-time analysis of traffic and packets recorded on IP networks. Released in 1998, Snort helps identify potential security breaches by performing protocol-based packet analysis as well as pattern-matching searches on content. This system is capable of detecting probe activity and detecting various security violations such as buffer overflows, stealth port scans, and common gateway interface attacks.

Snort runs on a variety of platforms, including FreeBSD, Linux, MacOS, Solaris, and Windows.

Snare

System Intrusion Analysis and Reporting Environment is a hosted intrusion detection system designed for Linux systems. InterSect Alliance ( www.intersectalliance.com), which brings together consultants specializing in security issues, developed and released Snare in November 2001.

Snare uses dynamically loaded module technology to interact with the Linux kernel at runtime. By using only those modules that are needed to perform a specific task, Snare reduces the load on the host system. And because Snare loads dynamically, users don't have to reboot the system or recompile the kernel, as is the case with some Linux enhancements.

Tripwire

Purdy University's Spafford and then-student Gene Kim developed the Tripwire Academic Source intrusion detection system, which has been downloaded by more than a million users since its release in 1992. Tripwire Company ( www.tripwire.com), which Kim founded, later completely redesigned the program, turning it into a closed-source commercial product. Tripwire offers a free version for Linux, but sells commercial versions for Unix and Windows NT platforms.

Nessus

Nessus ( http://www.nessus.org) is a security vulnerability scanner that allows you to check the security of a Web site remotely. The Nessus developers released this toolkit in April 1998. Nessus supports servers that comply with POSIX requirements and work with Java, Win32 and X11 clients.

Saint

Security Administrators Integrated Network Tool is a security vulnerability scanner (see Figure 1) that works with most flavors of Unix, including Linux. The scanner was created on the basis of freely distributed tools for analyzing security defects Satan (Security Administrator's Tool for Analyzing Networks). Saint company ( www.saintcorporation.com) has discontinued older versions of the scanner, but sells the latest version, as well as SAINTwriter for generating custom reports and SAINTexpress for automatic update signatures of security defects.

Rice. 1. Saint - a scanner that checks systems for vulnerabilities. Given a particular configuration, the control mechanism determines whether (and to what extent) Saint can scan a set of network nodes. The target selection subsystem creates a list of attacks for tests launched on scanned nodes. The data acquisition subsystem collects facts about the results of the probes. Using a rule base, the interaction engine processes facts while collecting data and defining new addressable hosts, probes, and facts. The results subsystem displays the collected data as a hyperspace that users can interact with using a browser

Netfilter and iptables

The free software team has prepared Netfilter and iptables for integration into the Linux 2.4 kernel. Netfilter ( www.netwilter.org) allows users to track feedbacks associated with a network intrusion, thereby making it possible to identify the fact that the system is under attack. Using iptables ( www.iptables.org) Users can define the actions that the system should take if an attack is detected.

T.Rex

T.Rex() is a free software firewall released by Freemont Avenue Software in 2000. It runs on AIX, Linux and Solaris platforms, and is currently used by about 31 thousand users.

Prospects

The widespread use of freely distributed security systems is hampered by a number of difficulties and problems.

Fear of open texts

Some companies are wary of purchasing free software because it is not developed by a specific company and is not supported by the software they are used to purchasing. Because of this, as predicted by David Moskowitz, director of technology at the consulting company Productivity Solutions, many freely distributed tools begin to be used only after IT specialists try it out on their own initiative and gradually implement it in the enterprise.

Fear

Because the code is open source, some companies fear that hackers will create freely available tools that they can use to infiltrate systems. Robichaux remarked about this: , without any ready-made or downloaded packages>.

Certification

Certification of a product by authorized government organizations can give a serious impetus to its widespread use. The US government requires security systems and other information technology products to be tested to meet the Federal Information Processing Standard by the National Institute of Standards and Technology (NIST) before they can be purchased by US government agencies.

The cost of compliance testing can range from tens to hundreds of thousands of dollars. All this can prevent organizations that create free software (and usually have a very modest budget) from certifying their technology. In fact, as Annabel Lee, director of the NIST Cryptographic Module Validation Program, noted, she is not aware of any freely available products that have been certified.

Ease of use and management

Free software vendors tend to prioritize functionality over ease of use and management. As a result, such applications are sometimes difficult to deploy and manage. For example, as Reusch noted, .

Pescatore explained the situation this way: .

All of this creates a small but rapidly growing market for defense system integrators and service providers such as Guardent, Redsiren and Silico Defense. These companies can offer management tools and thereby hide the complexity of freeware products from users, while also providing a guaranteed level of service and support.

Astaro strives to create a complete security infrastructure that integrates numerous freely available technologies into a single, easy-to-use interface. Ernst Kelting, President of the American branch of Astaro, emphasized: .

Conclusion

Simon Perry, vice president of security systems at Computer Associates, believes that the use of freely distributed security tools will increase, although not in large corporations. Organizations that develop open-source software don't have the resources or management tools needed to achieve the integration required to provide security across multiple platforms, as large companies do, he said.

An interesting trend in the open-source security market may be the development of business models that combine open source with specialized hardware, commercial front-end tools, and/or service-level guarantees. For example, Brady noted that manufacturers could combine their knowledge of hardware optimization with freely available technology to create products such as network set-top boxes that support secure, fast connections.

Cox emphasized that.

However, Pescatore believes that the share of revenue from all security products coming from the sale of commercial support services for open-source tools will rise from 1% to just 2% by 2007. This is partly because many companies will use free tools rather than commercial open source packages.

One of the dangers associated with tools distributed in source texts, is due to the fact that users can succumb to a false sense of complete security, counting on the fact that many specialists have analyzed this code. According to Dan Geer, Kerberos developer and chief technology officer at security services company @Stake, .

Free software

Free software is a free program that provides the end user with greater freedom of action. Also called open source software.

You can distribute, use and modify them absolutely free. The biggest advantage of these programs is that they can be used free of charge in organizations, schools, universities, including at home. Most of the programs presented are distributed under licenses GNU GPL v2, GNU GPL v3, GNU LGPL, BSD and MIT.

Why should you switch to free software?

Some people think that free software cannot be a worthy replacement for a paid analogue. In fact, there are software categories in which there are simply no paid applications left, for example, Internet browsers. Today, the average user does not even know that browsers can be paid, but such were once upon a time. The direction of open source programs, that is, free ones, is moving and developing, and perhaps over time will displace paid programs.

There are free analogues of programs for virtually any paid program, they just don’t always know about them. In some cases free analogue has a smaller set of functionality, and some significantly more, than in a paid application.

The “Continent of Freedom” website offers to your attention free software, and not just free programs. This is due to the fact that the majority free programs It is prohibited to use in an office, that is, in an organization or company. You can find out whether use in the office is prohibited or permitted by reading the license agreement for this software. It will state that it can only be used for home or home office use, or it will say that it cannot be used for commercial gain. A home office is when you come to work with your personal laptop, and you have this program on it. This laptop should not be registered with the organization. This should not be confused with your personal computer, which is stationary in the office - this will not be considered a home office.

What are the benefits for free software developers?

WITH 1980 years, software developers began to actively resort to licensing their products. A license is a contract between the developer and the buyer that provides various restrictions on the use of the software. The use of such licensing agreements has made it possible to adopt legal tools that regulate the relationship between copyright holders and copyright users. National copyright laws have barely kept pace with the new economic relationships that are emerging today between developers and users. As a result, license agreements play a decisive role in the rules of use intellectual property on software.

A logical question may arise in your mind: since the program is free for everyone, and even more so, it can be modified, then what benefit can there be for its developer? Indeed, at first glance this may seem at least strange. First, let's list the types of developers:

• Enthusiasts;
• Commercial companies;
• Students.

Now let's look at each type of developer. Enthusiasts They develop such free programs as long as they are interested in it, but here is the point that since the source code is open, then one enthusiast will definitely be replaced by another. Freely distributed programs usually do not contain advertising, such as the free version of Avast antivirus, where at every corner it offers to buy a paid version. Although we must admit that there are rare exceptions. Commercial organizations can write programs under free licenses so as not to maintain it. This is one of the options. They can also distribute the program itself freely, as well as offer services for its installation, configuration, maintenance, or simply ask for money for recording it on disk for you, but not for the program itself! Sometimes companies develop two products in parallel. One product is a minimal version of the second. And they distribute this minimal product under a free license. This is usually done to attract attention to the second product. Students- Linux was originally born as a course project for one student.

Free software There can be three main types: publicly available, freely distributed (freeware) and open source software.

Publicly available software is not protected by copyright and can therefore be used, distributed and modified without restrictions. However, it cannot be used by anyone to create a new software product, which, being subsequently protected by copyright, will thereby change the social status of such software. Since copyright is an integral attribute of any distributed software, it is necessary to directly indicate to the author that his program belongs to the public domain, that is, that it is alienated from the rights of the author and is common property. Many of the Internet standards, including TCP/IP and HTML, are public domain software. When distributed, it may or may not be accompanied by source codes.

Freeware is a type of software whose creator retains his copyright. These programs can be copied and used free of charge, but cannot be modified. It is also necessary to obtain the prior consent of the author to use the code. As a rule, authors release computer programs in freeware format with limited functions in order to assess how popular they will be, and if successful, change its status to commercial. Sometimes the developers of such programs do not want to spend money on them in the future. technical support. Some types of freeware can only be found in personal use- their use for commercial purposes is not allowed; others require pre-registration. In this case, the user must send his data to the author in order to gain access to the computer program. Often freeware (and sometimes even shareware) is mistakenly classified as public domain software. In fact, only a small portion of these programs are classified as publicly available. There is no need to pay for such programs, but the copyright for them remains with the author. It follows from this that the author continues to monitor the fate of the program and may even transfer it to the status of shareware or commercial software.

Open source software characterized primarily by free access to source texts. Its users have the right to freely perform the following operations:

• run the program for any purpose;
• study how the program works and modify it;
• distribute copies of the program;
• modify the program and transfer its improved version to third parties.

Combining the benefits of free access to source code with basic rights provides the user of such software with significantly more high level freedom compared to those who deal with other types of computer programs. Open source software (OSS) gives the user the ability to manage, copy, distribute, study and change software without any restrictions. The intellectual property model for such software is different from that on which most commercial software products are built. The commercial model in most cases assumes only the right to run the program and the user's right to make a backup copy for himself.

When it comes to free software, what we primarily mean is the freedom to use it, not the price. The General Public License was designed to guarantee the user:

• the right to distribute copies of free software (and the ability to charge for this service if desired);
• the ability to obtain software source code;
• the right to modify the software or use its components in new free programs.

Regardless of the type of developer, they can make money from their program through donations. In some countries, the state provides financial support for such projects. And some organizations may need to expand the functionality of the program. Who will they turn to first in such cases? Of course to the author.

Free software (SPO, English free software, also software libre or libre software), free software- software, the users of which have the rights (“freedom”) to its unlimited installation, launch, free use, study, distribution and modification (improvement), as well as distribution of copies and the results of modification. If there are exclusive rights to software, then freedoms are declared using free licenses.

Initially, creating computer software was primarily an academic pursuit. For computer scientists, each program represented a result scientific research, in some ways similar to publishing an article. This means that the source code of the program was necessarily available to the entire scientific community, since any scientific result must be verifiable, that is, confirmed by other researchers and be open to criticism. Thus, the software development process is more fundamentally similar to the scientific process: the scientist took existing programs, corrected them in accordance with his ideas and published the corrected programs - a new result.

However, computer production technology has developed no less actively than software for them. In the 1970s, there was a huge variety of different computing architectures that also differed in performance and price. Naturally, a separate set of software had to be developed for each architecture. Since the mid-1970s, most American universities have used PDP-10 computers for academic research, allowing staff at different universities to use each other's designs on their machines. Employees at the Artificial Intelligence Laboratory (MIT) in the late 1970s developed their own ITS (Incompatible Timesharing System) operating system and a very large set of programs for it for the PDP-10. The source code of programs written at MIT was publicly available, employees of other universities used their source code and sent them corrections, all the software in these laboratories was completely academic.

Introducing software restrictions

Given the huge variety of computer architectures, software was an integral part of the machine itself, and not the most expensive part. Computer manufacturers supplied them with basic software - at least [ ] with the operating system. Computer manufacturing was a knowledge-intensive but fundamentally commercial enterprise.

In a situation where [ clarify] software is an object of sale on a par with household items; it is no longer subject only to the laws of scientific development, but also to the properties material items, which can be traded, exchanged, the right of ownership and use of which should be protected by law. [ neutrality?] So the software fell into the category of intellectual property: that is, the source code of the program began to be considered as a work.

To protect [ unknown term ] their interests, computer and software manufacturers use licenses - a type of agreement between the copyright holder and the user (buyer) of the software. Similar agreements were concluded with universities: for example, the university was given the source codes of programs and the right to change them, but it was prohibited to distribute them outside the university. Such restrictions meant that the texts of the corresponding programs could not be openly discussed in the community, that is, they did not exist for scientific development. There were also buyers for computers and software outside the academic environment - for example, banks. Such users [ ] It is not so important to obtain the source codes of the programs; they are interested in the software as a finished product and are willing to pay money for reliable and convenient programs.

However, computers developed very quickly, and the PDP-10, which was quite modern in the 1970s, was already outdated by the early 1980s and significantly lagged behind more modern machines in performance. However, for none of the new architectures there was an operating system and other software developed exclusively in an academic environment and according to its rules. Now universities had to buy new computers with new software and comply with the terms of the license, which limited their rights to develop and distribute software - in other words, limiting the ability of the scientific model of software development and distribution.

At this time, so-called LISP machines were developed at the MIT Artificial Intelligence Laboratory, which were able to interpret a programming language at the hardware level, similar to LISP - a developed and promising programming language. The operating system for such machines and all the software for them were written in LISP. In the early 1980s, some employees of the artificial intelligence laboratory bought the rights to LISP machines from MIT and mathematical system Macsyma and founded their own commercial companies to further develop this area. Many laboratory employees went to work for these companies, after which all their further developments became closed to the scientific community. New LISP machines were distributed with licenses that prohibited users from modifying and redistributing the source code of the programs. Software that used to be the equivalent of scientific publications to MIT employees has become a proprietary product.

To one of the remaining staff at the MIT artificial intelligence laboratory, Richard Stallman, this state of affairs seemed an unacceptable violation of the open scientific process of software development. He single-handedly tried to develop LISP machines within the previous academic model and openly implement changes similar to those made within the closed commercial development so that MIT LISP machines could compete with their analogues. Of course, this attempt to keep up with the active development of an entire company was doomed to failure.

Then, in search of like-minded people, Richard Stallman creates the non-profit organization “Free Software Foundation”. The Foundation's main goal is to preserve software, the development process of which will always be guaranteed to be open, and the source code will always be available. The Foundation's larger goal is to develop an operating system consisting entirely of open source software. By declaring such a goal, Stallman, in fact, wanted to return to what seemed to him an ideal state, when MIT worked on its own operating system for the PDP-10.

The operating system developed within the Foundation was to be compatible with the UNIX operating system. By the early 1980s, UNIX was used very widely, including in academic environments. There were many programs for this operating system that were freely distributed in the scientific community, so I wanted these programs to work in the new - free - operating system. This future operating system was named GNU.

The Free Software Foundation has in the past divided unfree Semi-free software (one that differs from free software only by a ban on commercial use) and proprietary (proprietary, English proprietary) (which does not have all four freedoms, even if commercial use is permitted); but this division is no longer used.

Sometimes all “commercial software” is also classified as proprietary software, considering free software to be a type of free software, but this is incorrect: you can benefit from a program not only by selling proprietary licenses.

Free Software Definition

In order to preserve the model of scientific collaboration between developers, it was necessary to ensure that the source code of programs written by developers remained available for reading and criticism by the entire scientific community, while preserving the authorship of the works. For this purpose, Richard Stallman formulated the concept free software, which reflected the principles of open software development in the scientific community that emerged at American universities in the 1970s. Stallman clearly formulated these principles, and they are free software criteria. These criteria specify the rights that free software authors grant to any user:

• The program can be freely used for any purpose (“ zero freedom»).
• You can study how the program works and adapt it for your purposes (“ first freedom"). A condition for this is the availability of the source code of the program.
• You can freely distribute copies of the program to help a friend (“ second freedom»).
• The program can be freely improved and its improved version published - in order to benefit the entire community (" third freedom"). The condition for this third freedom is the availability of the source code of the program and the ability to make modifications and corrections to it.

The ability to correct errors and improve programs is the most important feature free and open source software, which is simply impossible for users of closed private programs, even if errors and defects are discovered in them, the number of which, as a rule, is unknown to anyone.

Only a program that satisfies all four of these principles can be considered a free program, that is, guaranteed to be open and available for modernization and correction of errors and defects, and without restrictions on use and distribution. It must be emphasized that these principles stipulate only availability source codes of programs for general use, criticism and improvement, and the rights of the user who received the executable or source code of the program, but do not in any way stipulate monetary relations associated with the distribution of programs, including They don’t mean it’s free either.. In English-language texts, confusion often arises here, since the word “free” in English means not only “free”, but also “free”, and is often used in relation to free software, which is distributed without charging for use, but is not available to changes by users and the community because its source code has not been published. Such free software is not free at all. On the contrary, free software can be distributed (and is distributed), charging a fee, but at the same time observing the criteria of freedom: each user is given the right to obtain the source code of the programs without additional fee(except for the price of the media), change them and distribute them further. Any software that does not grant users this right is proprietary software, regardless of any other terms.

Open source software

Open access to the source code of programs is a key feature of free software, so the term proposed somewhat later by Eric Raymond (open source software) seems to some to be even more successful in denoting this phenomenon than “free software” originally proposed by Stallman. Stallman insists on the difference between these two concepts, since the words open source indicate only the presence of one, not the most important (although necessary for the implementation of two of the four freedoms), in his opinion, of the properties inherent in free software - the ability to see the source code.

GNU General Public License

Community of developers and users

The main condition for the existence of free software is not a license, but people who are ready to share the texts of their programs for free and improve the texts of others. Free software inherited the model of open scientific development, and with it the academic model of interaction between scientists, which resulted in a specific organization of the community of developers and users.

Mutual aid

Any user of software certainly has questions when he tries to use it to solve his problems. The user of a non-free (proprietary) program pays for it to the manufacturer, who Sometimes in return, it provides him with some guarantees, one of which is to answer questions about the operation of the program. Especially for this purpose, the manufacturer organizes Customer Support who is on the phone, e-mail and other means of communication answers user questions.

The user of a freely distributed program does not receive any guarantees with it: the author made its source code open to the public, but did not undertake to explain to everyone how the program works. Although, in fairness, it is worth noting that any proprietary program in 99% of cases is also supplied “as is” and without guarantees. Since the user community of most programs is distributed throughout the world, to organize interaction within it, the most active users (and often the authors themselves) organize (less often, use existing) mailing lists, forums and other means of communication on the Internet. To accumulate and categorize information on the program (in particular, lists of frequently asked questions (FAQ - frequently asked questions), as well as organize more complex forms of interaction (joint development, bug tracking systems), websites dedicated to programs are created.

Error correction

Any sufficiently complex program is bound to have errors and defects, the number of which is usually unknown. Many large software manufacturers create and pay for the work of a quality assurance department (QA - Quality assurance), which monitors the compliance of the software development process with certain requirements, the implementation of which reduces the likelihood of errors in the software (for example, the requirements of the DO-178B standard, which is used in software development for aviation systems). However, there are currently no methods that can completely guarantee the absence of errors in fairly complex software (there are formalized criteria for software complexity).

A user of a closed private program, faced with an error, cannot always identify its cause and correct the errors (since neither the source code of the program nor even debugging information is available to him), but, most likely, he is able to describe the error and the conditions under which it occurs.

The user can report an error to the program manufacturer (usually by contacting the same support service), and if they decide that the error is really in the program and not in the user's work, it will be reported to the developers.

As a result, the user may wait a long time for the error to be corrected in subsequent versions of the program. Often, updating a proprietary program is equated by the manufacturer to purchasing a new copy, which entails associated costs and a violation of consumer protection laws.

Diagnosing an error that has occurred on a user’s computer is not an easy task, since support staff (and especially the company’s programmers) do not have access to this computer. Therefore, support departments widely practice programs that provide a variety of information about the user’s computer, and in difficult cases, the notorious debugging information (an employee asks the user to run the program in “diagnostic mode” (usually using an undocumented setting, or the user is sent a debug version of the desired module) and send him the resulting report file).

A typical free program (that is, non-profit and/or developed by a small company or individual) usually does not have a paid quality control department. This means that the user may encounter more big amount errors than in a typical commercial proprietary program. All the more important is the opportunity for him to report an error to the program developers. Previously, it was customary to indicate in the documentation accompanying the program email address, which developers used to receive bug reports. Some introduced a stereotyped form for such messages to facilitate and automate their processing. This alone requires significantly higher community connectivity throughout the world, significantly more than is sufficient for closed development.

Developers and testers of a proprietary product may work in the same office and exchange information there, or spend a certain amount of their time writing and analyzing rigorous reports containing error messages and troubleshooting reports. This organization of work is effective if the circle of developers is small, and it is relatively easy to introduce general discipline. For an open project, the circle and relative positions of potential developers are not limited in any way, so the effectiveness of development depends to a much greater extent on how easy it is for all members of the community to agree with each other, as well as on the “consciousness” of users.

A simple and orderly reception and redirection of error messages is provided by bug tracking systems, the most famous of which were developed by participants in large projects for themselves, and thanks to free licenses they are used everywhere. These are GNUTS (developed by GNU), Bugzilla (Mozilla Foundation), JitterBug (Samba project) or Debian BTS. Earlier versions are email oriented, later versions include a web interface. For example, with the help of Bugzilla, a website is organized on the Internet where the user can fill out a form to report an error. Each message has its own number, by which you can get to the “personal” page of this error, which reflects all the events that occur regarding it, from the initial message (opening) to correction (closing). Whenever there is a change in the error state, Bugzilla sends out interested parties(including, of course, those who reported the error and the developers involved in this program) letters by e-mail. Since Bugzilla allows you to leave comments and attach files, it is a complete means for the user to communicate with the developer about a bug in the program.

The fundamental advantage of a user of a free program is that, unlike users of proprietary programs, he always has the opportunity to look into the source code. Of course, for many users, source texts are no more understandable than machine code. However, with a sufficient level of knowledge in programming, the user can independently determine the cause of the error in the program, or even eliminate it by correcting the source text accordingly. And if the user is interested in the development of the program, then it would be reasonable for him not only to inform the author about the error, but also to send him his corrections to the source text of the program: the author will only have to apply these corrections to the program text if he finds them correct and appropriate. It is impractical to send the entire corrected program text to the author: it can be very large (tens of thousands of lines), and it will not be easy for the author to figure out what has been changed (what if the changes were made illiterately?).

To facilitate and automate the process of making corrections, Larry Wall in 1984 developed the patch utility, which in a formalized (but human-readable) form describes the editing operations that need to be performed to get new version text. With the advent of this utility, a user who discovered and corrected an error in the program could send the author a small patch, from which the author could understand what changes were proposed and automatically “attach” them to his source text. With the advent of the patch utility, many more users began to get involved in the development of programs with accessible source text, and the Usenet network played a significant role here. Eventually, this method of correction became commonly used and applied not only to the source code of the program, but also directly to the compiled executable code in the case of closed software, and the word “patch” became a common noun. Patches (patch files with corrections) are a mandatory attribute of today's development of any programs of any complexity.

If the user of the program lacks some function in it, then with the proper qualifications he can easily program it himself and include it in the source code of the program, or pay someone else for it. Naturally, it is beneficial for him that his addition ends up in the “main”, author’s version of the program (it’s called upstream) and appears in all subsequent versions: he can also arrange it in the form of a patch and send it to the author. The user of a proprietary program is deprived of this opportunity, even if he is sufficiently qualified. The only way to include the function he needs in a program is to contact the manufacturer (if the program is proprietary) with a corresponding request and hope that the manufacturer considers the proposed function really necessary.

The more active users a free program has who are willing to make corrections and additions and share them, the more reliable the program is and the faster it develops. Moreover, such a free model of tracking and fixing errors for a program that has thousands of active users can be much more effective than any proprietary program: no company can afford such a huge staff in the quality control department. Therefore, a truly popular free program can turn out to be much more reliable than its proprietary counterparts.

Writing a large program alone is quite difficult and not always possible, especially if the author does it in his spare time. Most modern free software is written by a group of developers. Even if one person started writing the program and it turned out to be interesting, active users can join the development. So that they can not only make individual corrections, but also conduct the entire development together, special tools are needed. In addition to patches, version control systems are used to organize joint software development. The functions of a version control system are to organize access to the source code of a program for several developers and store a history of all changes in the source code, allowing changes to be merged and reverted, etc. The earliest free version control system, RCS, was used in the early days of free software subscribers of the Usenet network, then it was replaced by the more developed CVS, but today it is considered largely obsolete and is increasingly being replaced by Subversion, Git and others.

It should be noted that the benefits of free development for the user should not be exaggerated. Not all free software is equally available for modification by users, and this has nothing to do with the distribution license. An important factor here is the size of the program: if it has tens of thousands of lines (as, for example, in OpenOffice.org), then even a skilled user will take too long to figure out what's what. It is also impossible to count on the fact that the developers will respond to all the user’s comments and suggestions by immediately correcting the program, since they do not bear any obligations to the user regarding the quality of the program. In this regard, the user of proprietary commercial the program may be in a better position (although the obligations of its developer are usually also determined only by laws, and not by his will).

So many of the properties of a free software community stem from the fact that all of its members tend to engage with the program out of interest or because the program is a tool they need (for example, to make money or for some other reason). The time they spend on the program is not paid, so there is no hope that circumstances will not change and development will not stop altogether. There are often cases when the development of a program begins thanks to one enthusiastic author, who attracts many to participate in the development, and then the leader’s enthusiasm fades, and the development fades along with it. Today there are thousands of programs that never reached version 1.0, although leadership burnout is not the only reason for this. In addition, the program may be necessary, but “uninteresting”, and therefore there will be no free developers.

The place of free software in today's software market is very significant, and many commercial and government enterprises use free software directly or indirectly. Actually, indirectly, all Internet users use, for example, the free program BIND, which provides the DNS service. Many organizations, especially those providing services via the Internet, use the free web server Apache, on the operation of which their profits directly depend, not to mention servers on the Linux platform. The main disadvantage from the point of view of a commercial user: free software developers do not have any obligations regarding the quality of the program, except for moral ones. Therefore, today large corporations, such as Intel or IBM, find it necessary to support free software development projects by paying employees who work on these projects.

Philosophy

European culture has long developed rules of ownership in relation to material values. And it is quite logical that these rules were extended to intangible values ​​- including software products when they began to have independent value. [ neutrality?] However, software products have a fundamental difference from material objects - they can be easily copied. Creating a copy of a material product is often almost equal to the cost of creating the original.

Because of this difference, the principle “only one person can use a thing at a time” does not apply to software (and using it by someone else automatically causes damage to the first person due to not receiving benefits from it), which is why the concept of “owner” exists. Therefore, an attempt here to act according to this principle - to assign the right to use a program to one person - is intuitively perceived as contrary to the nature of things. It is not surprising that many troubles arise, each of which has to be solved by artificial and often unnatural methods.

The classic method is to de jure retain the rights to the software for the manufacturer, who, as it were, gives the software to its users for temporary use. In this case, the use of unlicensed software is essentially equivalent to the concept of law in English-speaking countries, known as theft of services. But this concept has no analogues in other national cultures, for example, Russian, and precisely for the reasons given 2 paragraphs above (the owner is not deprived of the opportunity to use the thing, which is the main negative consequence of theft). In Russian law, theft of services of any kind is nothing more than an administrative offense, while criminal liability is provided for unlicensed software, which sounds dissonant in Russian culture.

But sometimes, for example, it is necessary to simulate “damage due to non-receipt of a benefit” that is “inflicted” on the “owner” of the program when copying it without damage or returning money when errors and defects are discovered in the programs. Usually this is “lost profit,” that is, the profit that the owner could have received, but did not receive due to the fact that the product was copied. It is necessary to invent ingenious equipment that interferes with copying or causes damage. It is necessary to introduce into legislation a special category of rights - let's call it a “patent” - limiting abuses - and freedom - of all mankind in favor of the owner of the patent. Moreover, the owner of the patent and the author of the invention are not always the same person (in such cases, the unnaturalness of these measures only worsens).

There is also a point of view that opposes the above. So, for example, the consistent legalization of theft of services means that all services are free, which most likely means the maintenance of this entire area by the state budget, and in this case, firstly, all taxpayers pay for the services from their taxes, and without a market mechanism of influence of the consumer on the producer (“eat what they give”), secondly, it diverts government funds from tasks of national importance, thirdly, the lack of market competition will lead to the leveling of the quality of all services to a certain cheap and not very high-quality minimum (it is even possible to assign part of the provision of services to the consumer in the form of “finish it yourself”). The same applies to the idea of ​​total free software.

Non-free programs are called “proprietary” (from the English proprietary) or “proprietary”. Sometimes they are incorrectly called simply “commercial”, which is incorrect: you can benefit from the program in various ways, and many successful free projects confirm this.

Migration to free software

The process of switching to specific free software, as well as the general trend of a gradual increase in the level of prevalence of open source software in general among users, is often called migration to free software.

Prevalence of free and open source software

Media that do not specialize in computer topics tend to equate open source and free software and use them as synonyms. Therefore, data on the prevalence of open and free software are usually presented together.

Open source software is actively used on the Internet. For example, the most common web server, Apache, is free; Wikipedia runs on MediaWiki, which is also a free project.

Open source software is used by the Belgian Ministry of Justice, in which half of the computers already run Linux, and by the French police, which plans to completely switch to Ubuntu Linux by 2014. The Dutch Patent Office also announced a move to open source software. It is planned to transfer all computers of this institution to free software by the end of 2009.

The open source software transition program was successfully implemented in Munich. A similar program took place in Berlin, but the decision was subsequently made to use a hybrid infrastructure of commercial and free software.

Free software in Russia

Free software, in any case, can be freely installed and used on any computer. The use of such software is free everywhere: in schools, offices, universities, on personal computers and in all organizations and institutions, including commercial and government ones, in Russia and the CIS countries.

The institutions of the Russian Ministry of Defense, as well as Russian embassies in other countries, use the MSWS operating system. This OS, based on Red Hat Linux with minor changes, is not free software; its source code is closed.

At the beginning of 2012, about 22 thousand jobs in Moscow clinics were planned [

For a wide range of gamers, sympathizers, or just curious people, role-playing games are almost certainly associated with colorful, beautifully designed books. Their glossy pages are lavishly decorated with illustrations, and their covers are works of printing art. At the sight of colorful rulebooks, the heart of a true roleplayer trembles, his eyes burn, but his mind remains calm. After all, these magical books, which open the way to the world of wonders and adventures, cost a pretty penny.

Bourgeois and pirates
Rulebooks of the most popular role-playing games, which include D&D, GURPS, Vampires: The Masquerade and some others, published abroad, taking into account the tastes and wallet of the Western role-player. And even his prices are Role-playing games sometimes make you brooding. For the Russian amateur, who is often a schoolchild or student, purchasing only the Player's Guide D&D, costing $30, can mean a lot of sacrifice.
At the same time, as you know, for commercial systems a situation is typical when one book with the rules is not enough to start the game. In case of D&D It quickly turns out that two more books are essential for a full-fledged game: the DM's Guide and the Monster Manual. If you think about it, it's not a bad idea to shell out money for an excellent official module, and then for the setting in which this game is based. the module has been written.
With other commercial systems, the situation may differ in detail, but is identical in essence: “Don’t hide your money in banks and corners!” Of course, there is another way to achieve ownership of at least some semblance of a rule book - piracy. We won’t even consider it, since we believe that all our readers respect copyright and intellectual property. Reproduction of rulebooks on photocopiers or printing scans of poor quality are realities of the long-standing role-playing past, when there were practically no other ways to obtain the system, and the slogan “Freedom of information!” taken too literally.

Abroad
However, stop! We write "commercial role-playing games" here.

Are there others? It happens, and probably some of the readers have already smelled the sweet smell of a freebie. Where do free role-playing games come from? Firstly, these could be developments from companies that produce commercial games. Secondly, these may be the fruits of the selfless creativity of enthusiasts.
Why would a commercial company create something for free? The reasons can be very different. Here is the most famous example: the company Wizards of the Coast , who created the Third Edition D&D and many other games, developed and published a free role-playing system on the Internet d20 system. You can freely download it from the official website and play it. Freebie d20 represents something of a skeleton of a commercial D&D. Its texts contain everything you need for the game.
Having released d20 even before sales start D&D, WotC killed two birds with one stone. Firstly, it served as a “demo” for fans of the Second Edition AD&D, excited by rumors of revolutionary changes in the native system. Secondly, d20 was adopted by a large number of independent companies as a standard, a unified metasystem, for which they began to write a myriad of modules, settings and other accessories. Nowadays the label "d20-compatible" means familiar mechanics, well-known rules, supplemented something new. In addition, you yourself WotC consistently used d20 as a standard, releasing on its basis not just expansions, but full-fledged role-playing games. For example, on the platform d20 found a new life Star Wars RPG.
Another example of a free role-playing game created by professionals is the system Fuzion, written jointly by the companies R.Talsorian Games And Hero Games . It can also be freely downloaded from the official website Hero Games. Unlike d20, which currently exists in the form simple texts in RTF format, Fuzion are well-designed PDF files suitable for printing. The reason for the appearance Fuzion served by the same desire to create a unified mechanics of the series role-playing games. Moreover, this project was a clear success, although the circle of companies producing products under Fuzion, significantly narrower than in the case d20.
However, for numerous fans Fuzion in everythingin the world this is not so important. After all, the Internet contains many different additions and extensions to Fuzion, and completely free. This simple and concise system is built on a modular principle. Having mastered the “core” of the system, you can choose to play almost any genre, from fantasy to space opera. You will almost certainly be able to find an extension under Fuzion, which has most of what you need.
Finally, the system is very well known FUDGE. Simple, not overloaded with details, it is well suited for playing at the “half-word” level, when the rules are used only where they are desperately needed. Simple mechanics FUDGE allows you to widely change the detail of the game. For example, the outcome of a battle can be decided either by a single throw or during a long round of play - your choice. Unlike the systems mentioned above, FUDGE- author's development of an enthusiast named Stefan O'Sullivan . And its success shows that a professional and popular role-playing game can very well be the result of the work of amateur designers.

We have

All of the above are freeRPGs were created abroad and published on the Internet in English. Knowing that the industry of tabletop role-playing games is gradually beginning to develop in our country (" The Art of Magic", "Age of Aquarius"), the question is quite logical: what is the situation with free RPGs in our country?
If we are behind our foreign colleagues here, it is no more than in the field of commercial games. There has been a domestic role-playing game on the RuNet for more than two years" Great Dragon World" ("Ministry of Internal Affairs"). The system was developed by a team of enthusiasts, which is not surprising - three years ago no one in our country was involved in the professional development of role-playing games. But everything was done seriously, at the level." Great Dragon World"is a beautifully designed book in PDF format, which has become almost a standard for non-commercial systems. On the official website you can get the “Rules”, “Leader’s Guide” and various applications, such as monster hunting and descriptions of magic spells. Role-playing software is also posted there (programs for creating characters), modules, articles to help the presenter and a lot of other useful material. On the official forum you can always get advice from developers or advice from system experts.

Commerce vs. Altruism

If you have already felt the possibility of choosing between a commercial and a free system, let's see how to do it right. The fact is that an experienced role player can clearly see principled difference between paid and free systems. Any commercial role-playing game is first and foremost a product. And therefore, their main priorities will be product quality, breadth of coverage of customer needs and profit. Profit is the main thing, because people do business. The result of this approach is perfectly designed books of high printing quality. The material required for the game is divided into several books - the more books you buy, the more profitable the business. Any of your whims in terms of variety in the form of the game can be satisfied - with one more book. On the other hand, your attempts to create something of your own within the commercial system will turn out to be a very time-consuming and difficult task. It’s easier to direct the same efforts to making money, which you can then spend on buying another rule book, where will be approximately what you needed for the game.
The situation is completely different with free systems. Their common feature is versatility. If you've played enough fantasy D&D and you want space opera - welcome to the store where you can buy a rulebook for Star Wars with a separate system. Both systems have the same base ( d20), but with only the Player's Handbook in hand D&D, you won’t be able to play the confrontation between the Jedi and the Sith.
In the same time Fuzion with all its applications covers the entire spectrum of adventure genres. But at the same time it represents one single system. And this is also the logic of life. Developers of free systems are often driven by altruistic, creative motives. But they also don’t want to do extra work. And it’s easier to write a universal system once than one for every occasion.
The price for versatility, of course, is detail anddetails of the rules of the game. And here we can discover another feature of free systems. They are, as a rule, also very convenient for modification. It is impossible to write a system so universal that it can be used to play absolutely anything. But you can make the system so that independently adding new features to the game will be simple and easy.
For a commercial system it is very important to approach as much as possible more role players. Therefore, 80% of her rulebook contains something that you personally will never need, but without which some Vasya Pupkin cannot imagine a normal game. It turns out that the lion's share of the hard-earned money you paid for the book goes to satisfy Vasya Pupkin's requests. In a free system, as a rule, you will find only those 20%, without which it is basically impossible to play. What you, Vasya Pupkin, and any other roleplayer need. And if the system is missing something, add it yourself, there are all the conditions for this.
And this is a completely conscious approach. For example, in the "Presenter's Guide" for " Great Dragon World“An entire chapter is devoted to ways to improve the game: how to create a new race, a new class, skill or type of weapon, and not upset the balance of the system.

Making a choice

Free systems are most often liked not by freebie lovers, but by creative leaders who tend to embody some of their own ideas in the rules. For this reason, a person, even having money for commercial rulebooks, often prefers a rustic, but flexible and universal free system. This is not a question of financial gain, but of your character and your goals in the game. Some people prefer to spend hours leafing through a beautiful rule book, looking for details and nuances of the rules in it. But some people prefer to sit and think about how to write it down according to their system. If you tend to see an RPG system as a product that should have everything you could possibly need for your money, you'll be happy with a commercial RPG. And if you look at the system as a constructor from which you yourself can build whatever you want, think about a free system.
Free RPGs in English:
D20 - www.opengamingfoundation.org
Fuzion - www.herogames.com/fuzion
FUDGE - www.io.com/~sos/fudge.html
Free RPG in Russian:
Ministry of Internal Affairs - www.dragonworld.rolemancer.ru
The article uses illustrations made by Princess Dragon for Game " Ministry of Internal Affairs".
On our compact you can find everything you need to play at domestic RPG" Great Dragon World":
- Rules of the game . Role-playing game basics; description of the characteristics of heroes, races, classes, skills. Rules for character development, rules of combat, the effects of magic.
- Presenter's Guide . Basics of driving, creating a group of heroes, consideration of basic game situations, system modification, game psychology.
- Magic . Descriptions of spells for magicians and priests, additional rules.
- Bestiary . Application to the "World of the Great Dragon" system. Examples of descriptions of monsters, monsters, animals.
- Character Sheet , designed for convenient recording of character characteristics.
- Character creation program . Allows you to create a character in full accordance with the rules, store data about him, and export the character sheet to MS Excel.
- "Mad Troll" . Scenario (module) with a classic plot for novice presenters and players.