Computer Security: Freemium paywalls – CERN

abbeycolton353
Abbey Colton November 22, 2022

At CERN, we probe the fundamental structure of particles that make up everything around us. We do so using the world’s largest and most complex scientific instruments.
Know more
Who we are
Our Mission
Our Governance
Our Member States
Our History
Our People
What we do
Fundamental research
Contribute to society
Environmentally responsible research
Bring nations together
Train, educate and engage
Fast facts and FAQs
Key Achievements
Key achievements submenu
The Higgs Boson
The W boson
The Z boson
The Large Hadron Collider
The Birth of the web
Antimatter
Latest news
News
Accelerators
At CERN
Computing
Engineering
Experiments
Knowledge sharing
Physics
Events
Webcasts
CERN Community
News and announcements
Official communications
Events
Scientists
News
Events
Press Room
Press Room submenu
Media News
Resources
Contact
The research programme at CERN covers topics from kaons to cosmic rays, and from the Standard Model to supersymmetry
Know more
Physics
Antimatter
Dark matter
The early universe
The Higgs boson
The Standard Model
+ More
Accelerators
CERN's accelerators
The Antiproton Decelerator
The Large Hadron Collider
High-Luminosity LHC
+ More
Engineering
Accelerating: radiofrequency cavities
Steering and focusing: magnets and superconductivity
Circulating: ultra-high vacuum
Cooling: cryogenic systems
Powering: energy at CERN
+ More
Computing
The CERN Data Centre
The Worldwide LHC Computing Grid
CERN openlab
Open source for open science
The birth of the web
+ More
Experiments
ALICE
ATLAS
CMS
LHCb
+ More
See all resources
By Topic
Accelerators
At CERN
Computing
Engineering
Experiments
Knowledge sharing
Physics
By format
360 image
Annual report
Brochure
Bulletin
Courier
Image
Video
+ More
By audience
CERN community
Educators
General public
Industry
Media
Scientists
Students
+ More
Voir en

|
By Computer Security team
In an open, academic environment, the use of free commercial (“freemium”) and open-source software (“FOSS”) and tools is not unusual. Actually, many researchers, software developers and students embrace the concept of free downloads from the internet. However, while we discussed in the past the risk to the software supply chain of blindly downloading, copy/pasting and incorporating any kind of third-party software, we now need to consider the word “free” – “free” as in “free speech”, not “free” as in “free beer” – and its limitations.
In fact, lots of software are provided to CERN for free, and not just FOSS. But what do they actually mean when they say “free”? Many software providers offer a free download and use scheme to promote their product, attract more users and increase their market share. The devil, as usual, lies in the detail, namely licence conditions. Licence conditions* may stipulate that such a download is only free for personal use, for small teams, for universities or non-profits, or something else – and programming for CERN may or may not fall into these categories. Indeed, reading licence agreements requires advanced philosophical thinking: what is research, in fact? An activity that results in literature published in academic journals, an activity carried out by someone with a PhD, an activity that is internal to CERN only (excluding the possibility to collaborate with universities even)? Believe us, we have seen every school of thought. Suffice to say, pinpointing how CERN’s status should be interpreted in the context of each licence agreement and the extent to which we are really permitted to use so-called “free” licences is a very slippery exercise.
Paywall #1: Beyond personal use. Teamviewer provides a download that is “free for private use”. Obviously, this excludes any professional use, including any use while at CERN or connected to the CERN network. As stipulated in their knowledge base, professional or “commercial” use applies when you provide support to colleagues, when you connect remotely from home to your organisation, for remote maintenance and support purposes, and also for non-profit organisations, if you or another person in the organisation receive a salary from that organisation.
 Paywall #2: You++. Slack allows “small” teams to use its service for free but, if you integrate that throughout CERN, “small” becomes “large”. It is probably not surprising that Slack has approached CERN several times suggesting that we may want to purchase a licence to cover the Organization’s “large-scale” use. So ask yourself this, when you use your CERN email address to sign up for Slack, are you also willing to provide a budget code to contribute to this licence?
Paywall #3: Not the full menu. Anaconda, a Python platform, provides free downloads of “thousands of open-source packages and libraries” for “students, academics, and hobbyists”. While “academics” certainly seems to apply to the research environment of CERN, the download comes with additional limitations (e.g. “mirroring rights not included”). Stepping outside what is covered in the “free” envelope can create financial obligations that you might not be aware of or ready to engage with.
Paywall #4: Embedded paywalls. And if this is not enough, Adobe has informed CERN that part of its freely available Creative Cloud software catalogue is not authorised for use any longer. Apparently, some Adobe apps contain copyrighted software or features by third-party companies, and using this software is beyond Adobe’s agreed terms with those third-party companies.
Similarly, CERN was once approached by an external company about using their copyrighted fonts. While their licensing arrangement was quite opaque, the issue arose when redistributing their fonts either as part of an app or publishing them on a website / web app. Curiously, these fonts were distributed by default with a number of different operating systems including the Oculus app development environment “Unity”.
So, if you are a software developer, system architect, programmer, webmaster or friendly hacker, beware: make sure that the software stack you use is legitimate and licensed. Ensure that the tools you employ are either really FOSS (with “free” as in “free speech”!) or that you have the appropriate licence. Refrain from “personal” use if the software/code/product is intended for professional usage. Instead, consider using FOSS alternatives like the EP-SFT group’s software repositories and CERN’s Mattermost instance. And check with us whether CERN already holds the right licence, like we do for Teamviewer: Software-License-Officer@cern.ch.
 
* Indeed, the deeper we delve into licence conditions, the more convinced we are that “licensing” deserves a new realm of scientific research: how best to obfuscate purposes and utility while maximising financial return in parallel.
_______
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.
Follow Us
v J W M 1
 

source

Categories: Uncategorized
abbeycolton353
Abbey Colton

Related Articles