Re: The Spirit of Free Software, or The Reality
Mike Hommey glandium.org> writes: > I'm saying you can't derive any knowledge from that debian-legal post > about screenshot of games. Mhm. AIUI the messages, the base for the reasoning is that the imagery is the product of the game code, which is not the fact here. //mirabilos -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/loom.20150721t184713-...@post.gmane.org
Re: The Spirit of Free Software, or The Reality
On Sun, Jul 19, 2015 at 12:36:15PM +0200, Florian Weimer wrote: > * Bas Wijnen: > > > I have some experience with safe browsing, but indeed I have not > > looked up how it works. I do know that it continuously sends data > > to Google, and I have quite a bit of confidence in their capability > > and willingness to use that data for tracking. From your > > description it sounds like that is not trivial, but there are smart > > people at Google, and they have near infinite resources. > > One aspect that could be fixed fairly easily: Iceweasel sends your > Google cookies along those requests (and accepts new Google cookies if > you do not have them). That's not really required by the protocol. No, it doesn't since version 27. https://bugzilla.mozilla.org/show_bug.cgi?id=897516 Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150719222149.ga10...@glandium.org
Re: The Spirit of Free Software, or The Reality
[Resending to the list, sorry.] On 2015-07-17 16:03, Thorsten Glaser wrote: Ian Jackson chiark.greenend.org.uk> writes: The problem is simply that the icons are non-DFSG-free. You could make a screenshot from where the original icons are shown, then re-encode those tiny 16x16px thingies into new *.ico files with GIMP. This is sorta like taking a photograph (if in doubt, take an actual photo), I guess taking a photograph doesn't change a copyright status of a thing in most jurisdictions (or make things even more complex if there is creativity in the photo itself etc.) or a bitmap font (where neither the font nor the indi‐ vidual glyphs fall under copyright law), Fonts are special in that their creative form serves a functional role at the same time. Hence they are frequently protected by patents or some such. In practice, the copyright situation in US for bitmap fonts is mostly clear but for non-bitmap fonts it is kinda surreal. so only trademark law matters, and Don already said Debian can “probably” use them to refer to the sites in question. -- Alexander Cherepanov -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55abf2f0.7010...@openwall.com
Re: The Spirit of Free Software, or The Reality
Philipp Kern writes: > But the copyright license doesn't matter much for this, unless it > contains a trademark grant. Which isn't what we historically required. > The reason we avoid the Firefox image for Mozilla's Firefox is their > trademark policy, not its copyright license. > > So I'm hard pressed to see a case where you'd be able to freely create > derived works of trademarked icons even if the copyright license were > to be fixed. > > And there are a lot more trademarks in Debian. Similarly you are not > allowed to modify Debian and distribute it as Debian. Hence the case > of trademarked icons seems to be fairly distinct from the usual > modification clauses we want. Required icon changes and renames are > similar. OK, that convinces me. Best regards Ole -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87615gxcj2@news.ole.ath.cx
Re: The Spirit of Free Software, or The Reality
On Sun, Jul 19, 2015 at 02:59:15PM +0200, Ole Streicher wrote: > If someone wants to have a DFSG compatible system, then he should be > able to get it -- which means that he should be allowed to change > whatever he wants (and to publish it). Then he does not get the original > icons. > > This who can live with icons that are not legally editable can just > enable non-free and use the icons. I don't see any complication here. But the copyright license doesn't matter much for this, unless it contains a trademark grant. Which isn't what we historically required. The reason we avoid the Firefox image for Mozilla's Firefox is their trademark policy, not its copyright license. So I'm hard pressed to see a case where you'd be able to freely create derived works of trademarked icons even if the copyright license were to be fixed. And there are a lot more trademarks in Debian. Similarly you are not allowed to modify Debian and distribute it as Debian. Hence the case of trademarked icons seems to be fairly distinct from the usual modification clauses we want. Required icon changes and renames are similar. Kind regards Philipp Kern -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150719172716.ga29...@home.philkern.de
Re: The Spirit of Free Software, or The Reality
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On ഞായര് 19 ജൂലൈ 2015 06:06 വൈകു, Philipp Kern wrote: > Some trademark owners might be very annoyed if their name appears > next to an icon that does not belong to their brand. Shouldn't this situation be used as a chance to convince the logo owners to make them free? Properly let them know that we'll have to use different logos unless he/she makes theirs free and If he/she doesn't cooperate, we are left with no other option, but to change them. Just a suggestion (probably a silly one). - -- Regards Balasankar C http://balasankarc.in -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJVq6mOAAoJEJbtq5sua3FxLFMH/RqEI5TWZPdQK8FOEyWqyioj hMGfkAvQ03UgoVzut32JytYCXzokuG5n+WN+xDwZYFRdtc4BRn8LXI5emU0mkmB1 El+sa7wS1m+VZuVP4WQeqYXuV5kgrPwBlkKLtGKZEwDYJeBfm5wrJ8qQj4f6La5t bUSpnOy27FhpnM5E/C52KMdvfgOiuH60yRssL8qjCfY8k9MxsUicYULjTvELFBgz 36t8KhJkMCTQDr7gLgJ88annwwrHNw9H2bexAjGh2JvVPh1x3R+Lh0enwhlZL2Dz u0aI6eXLyR6Hs42MnOgKQjqxMRrQJxThBMOQh+KlztllrFg0FfPkoYxzG1k1HnA= =gIus -END PGP SIGNATURE- 0x2E6B7171.asc Description: application/pgp-keys
Re: The Spirit of Free Software, or The Reality
Philipp Kern writes: > On Sat, Jul 18, 2015 at 01:20:19PM +0200, Ole Streicher wrote: >> >> The use of non-free icons if IMO a perfect use case for non-free. >> > ... and also yet another case when to make their life comfortable one >> > should enable non-free. > [...] >> The main idea of non-free is to have such a pragmatic approach here. >> >> And the "put the non-free logos into non-free" solution would fit into >> the do-it-yourself pragmatic of Debian: If you feel that there should be >> a free alternative, just create one. When an alternative icon is good >> enough that people will switch, then non-free is not needed anymore. Or >> convince the copyright owner to make the logos free. I see no real point >> in a heated discussion then. > > Some trademark owners might be very annoyed if their name appears next > to an icon that does not belong to their brand. So this would give us some pressure to the owner to make their trademark DFSG compatible? > You might call your proposition pragmatic, but the more pragmatic > choice would be to keep the icons in main. If someone wants to have a DFSG compatible system, then he should be able to get it -- which means that he should be allowed to change whatever he wants (and to publish it). Then he does not get the original icons. This who can live with icons that are not legally editable can just enable non-free and use the icons. I don't see any complication here. Keeping the icons in main means the we revoke the choice whether to have a free system. I personally always just switch on non-free + contrib, but I respect those who don't. Best regards Ole -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87a8usxpzw@news.ole.ath.cx
Re: The Spirit of Free Software, or The Reality
On Sat, Jul 18, 2015 at 01:20:19PM +0200, Ole Streicher wrote: > >> The use of non-free icons if IMO a perfect use case for non-free. > > ... and also yet another case when to make their life comfortable one > > should enable non-free. [...] > The main idea of non-free is to have such a pragmatic approach here. > > And the "put the non-free logos into non-free" solution would fit into > the do-it-yourself pragmatic of Debian: If you feel that there should be > a free alternative, just create one. When an alternative icon is good > enough that people will switch, then non-free is not needed anymore. Or > convince the copyright owner to make the logos free. I see no real point > in a heated discussion then. Some trademark owners might be very annoyed if their name appears next to an icon that does not belong to their brand. I agree that what you describe would normally be the course of action how it should go: the proprietary (but distributable) way first in non-free and a free alternative in main (c.f. unrar and unar) once it's available. That being said it does not apply to everything. This is a hard case (unless we do not advertise search engines at all) and what Andrey meant (firmware) is also a hard case. It is possible that free firmware appears but it is also very unlikely and in the meantime it's unusable. Plus suddenly everyone has to enable non-free by default. You might call your proposition pragmatic, but the more pragmatic choice would be to keep the icons in main. Kind regards Philipp Kern, who still ponders if we should move firmware into a distinct component signature.asc Description: Digital signature
Re: Replacement Default Icons for Iceweasel [was Re: The Spirit of Free Software, or The Reality]
On Jul 19, Florian Weimer wrote: > Thanks, I think that's an acceptable interim solution until we can > obtain permission to ship the actual logos under terms we like. I think it's a crappy solution that makes Debian worse and solves no problem except DFSG-fetishism. -- ciao, Marco pgpuJ9qXp85rv.pgp Description: PGP signature
Re: Replacement Default Icons for Iceweasel [was Re: The Spirit of Free Software, or The Reality]
* Don Armstrong: > On Thu, 16 Jul 2015, Don Armstrong wrote: >> This is why I said "if they're necessary, then they're necessary". > > Here's a set of default icons which can trivially be expanded to avoid > shipping those icons and downloading them: > > for icon in ebay google wikipedia bing; do > convert -size 16x16 xc:white -pointsize 8 \ > -font 'DejaVu-Sans' -fill black \ > -stroke none \ > -draw "text 0,7 '${icon:0:3}'" \ > -draw "text 0,14 '${icon:3:3}'" \ > ${icon}.png; > done; Thanks, I think that's an acceptable interim solution until we can obtain permission to ship the actual logos under terms we like. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87zj2sfku5@mid.deneb.enyo.de
Re: The Spirit of Free Software, or The Reality
* Nikolaus Rath: > On Jul 15 2015, Bas Wijnen wrote: >> As Jakub was saying: just starting it up without even visiting a site yet >> will >> do a POST and a *few dozen* GET requests. Shouldn't it be waiting with its >> checks until it actually knows what to check? What is it sending them at >> browser startup? > > Why don't you check the code? I found the Mozilla safe-browsing code *very* hard to read. It's not just the protocol, you also need to know a lot about how Javascript is used as part of the browser implementation. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87pp3oh1qs@mid.deneb.enyo.de
Re: The Spirit of Free Software, or The Reality
* Bas Wijnen: > I have some experience with safe browsing, but indeed I have not > looked up how it works. I do know that it continuously sends data > to Google, and I have quite a bit of confidence in their capability > and willingness to use that data for tracking. From your > description it sounds like that is not trivial, but there are smart > people at Google, and they have near infinite resources. One aspect that could be fixed fairly easily: Iceweasel sends your Google cookies along those requests (and accepts new Google cookies if you do not have them). That's not really required by the protocol. Similarly for OCSP requests: There should be no need at all to accept or send cookies on them. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87twt0h1sw@mid.deneb.enyo.de
Re: The Spirit of Free Software, or The Reality
* Paul Wise: [Safe Browsing] > Why doesn't it just download the full list and do checks client-side? The contents of this list is proprietary. Google might not even own it (or parts of it). There may also be a need for operational secrecy for such technology. Publishing the list would also increase liability for Google because it is easier to spot third parties whose rights are violated. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87zj2sh1wt@mid.deneb.enyo.de
Re: The Spirit of Free Software, or The Reality
* Bas Wijnen: > I disagree that the safebrowsing part is not serious, especially > considering that it continues to send a message there on every new > page you visit. That's not what should happen. Google can essentially make Iceweasel do that by serving appropriate static data instructing the browser to do so, but it should not happen in practice. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87y4ich1wa@mid.deneb.enyo.de
Re: The Spirit of Free Software, or The Reality
Andrey Rahmatullin writes: > On Sat, Jul 18, 2015 at 10:52:33AM +0200, Ole Streicher wrote: >> > Distributing them to Debian recipients makes the implicit promise that >> > they are free by the DFSG, or that they should be removed from Debian if >> > that's discovered to be untrue. >> >> Can't we just put non-free logos to non-free? In main they could be >> replaced by either a simple png with the name in it (someone provided an >> example how to create them) or by something created by a designer from >> scratch. >> >> The use of non-free icons if IMO a perfect use case for non-free. > ... and also yet another case when to make their life comfortable one > should enable non-free. For the logos in non-free, I feel that the discussion a bit academic: I don't see why our freedom is factically limited by not being allowed to patch the logos. We are still allowed to create new ones if we feel that they don't fit. The main idea of non-free is to have such a pragmatic approach here. And the "put the non-free logos into non-free" solution would fit into the do-it-yourself pragmatic of Debian: If you feel that there should be a free alternative, just create one. When an alternative icon is good enough that people will switch, then non-free is not needed anymore. Or convince the copyright owner to make the logos free. I see no real point in a heated discussion then. Cheers Ole -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87615hvhjg@debian.org
Re: The Spirit of Free Software, or The Reality
On Sat, Jul 18, 2015 at 01:09:37PM +0800, Paul Wise wrote: > On Sat, Jul 18, 2015 at 6:26 AM, Mike Hommey wrote: > > > Screenshots of games during play are not the same as logos. > > Are you saying that screenshots of logos aren't derivative works of those > logos? I'm saying you can't derive any knowledge from that debian-legal post about screenshot of games. Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150718092346.ga11...@glandium.org
Re: The Spirit of Free Software, or The Reality
On Sat, Jul 18, 2015 at 10:52:33AM +0200, Ole Streicher wrote: > > Distributing them to Debian recipients makes the implicit promise that > > they are free by the DFSG, or that they should be removed from Debian if > > that's discovered to be untrue. > > Can't we just put non-free logos to non-free? In main they could be > replaced by either a simple png with the name in it (someone provided an > example how to create them) or by something created by a designer from > scratch. > > The use of non-free icons if IMO a perfect use case for non-free. ... and also yet another case when to make their life comfortable one should enable non-free. -- WBR, wRAR signature.asc Description: Digital signature
Re: The Spirit of Free Software, or The Reality
Ben Finney writes: > Distributing them to Debian recipients makes the implicit promise that > they are free by the DFSG, or that they should be removed from Debian if > that's discovered to be untrue. Can't we just put non-free logos to non-free? In main they could be replaced by either a simple png with the name in it (someone provided an example how to create them) or by something created by a designer from scratch. The use of non-free icons if IMO a perfect use case for non-free. Best regards Ole -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87egk5vodq@debian.org
Re: The Spirit of Free Software, or The Reality
On Sat, Jul 18, 2015 at 3:22 AM, Philip Hands wrote: > Have you considered that by removing the logos there are almost > certainly people who will be less able to recognise which search engine > they have selected? (be that because of poor sight, poor reading > ability or perhaps because they only know the thing they want by its logo) I hadn't considered that. I would assume that text is more accessible as screen-readers can convert it to audio. I would assume that people with poor sight are probably using magnification already. The latter two seem reasonable. > Even if we had the right under copyright law to modify these logos, we'd > not want to do it, because we're trying to display a trademark image in > order to refer to the related service. > > It strikes me that the names of at least some of these services are also > trademarked, so the text is presumably also immutable to some extent. Agreed. -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAKTje6H1UQs-RTqEOam=r_thdxbeok6s3s6_oswwre91aiu...@mail.gmail.com
Re: The Spirit of Free Software, or The Reality
On Sat, Jul 18, 2015 at 6:26 AM, Mike Hommey wrote: > Screenshots of games during play are not the same as logos. Are you saying that screenshots of logos aren't derivative works of those logos? -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAKTje6FCXNLoGbbQJV=qxezbhn+esqhsgquah3saufida67...@mail.gmail.com
Re: The Spirit of Free Software, or The Reality
On Sat, Jul 18, 2015 at 12:57:41AM +0800, Paul Wise wrote: > On Fri, Jul 17, 2015 at 9:03 PM, Thorsten Glaser wrote: > > > You could make a screenshot from where the original icons are shown, > > then re-encode those tiny 16x16px thingies into new *.ico files with > > GIMP. This is sorta like taking a photograph (if in doubt, take an > > actual photo), or a bitmap font (where neither the font nor the indi‐ > > vidual glyphs fall under copyright law), so only trademark law matters, > > and Don already said Debian can “probably” use them to refer to the > > sites in question. > > Debian has legal advice from SPI lawyers that screenshots are > derivative works and thus are under the same license as the software > they are derived from. > > http://lists.debian.org/debian-legal/2008/08/msg00016.html > http://lists.debian.org/debian-legal/2008/08/msg00018.html > > Trademarks are indeed irrelevant here. Screenshots of games during play are not the same as logos. Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150717222610.ga30...@glandium.org
Re: The Spirit of Free Software, or The Reality
On Jul 18 2015, Chris Bannister wrote: > On Wed, Jul 15, 2015 at 08:00:52AM -0700, Nikolaus Rath wrote: >> On Jul 15 2015, Bas Wijnen wrote: >> > As Jakub was saying: just starting it up without even visiting a site yet >> > will >> > do a POST and a *few dozen* GET requests. Shouldn't it be waiting with its >> > checks until it actually knows what to check? What is it sending them at >> > browser startup? >> >> Why don't you check the code? > > That won't answer the why, just the how. Aeh, please re-read what you've quoted. The question was *what*, not *why* or *how*. And the code will answer that exactly. Best, -Nikolaus -- GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F »Time flies like an arrow, fruit flies like a Banana.« -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87si8mjx7j@thinkpad.rath.org
Re: The Spirit of Free Software, or The Reality
Paul Wise writes: > On Fri, Jul 17, 2015 at 3:07 PM, Moritz Mühlenhoff wrote: > >> They're certainly necessary. W/o the icons there would be no indication >> which search engine is currently selected in the Iceweasel search box. > > The Tor Browser has the name of the search engine in the search box in > grey when no text has been typed. That should be enough of an > indicator. Have you considered that by removing the logos there are almost certainly people who will be less able to recognise which search engine they have selected? (be that because of poor sight, poor reading ability or perhaps because they only know the thing they want by its logo) Even if we had the right under copyright law to modify these logos, we'd not want to do it, because we're trying to display a trademark image in order to refer to the related service. It strikes me that the names of at least some of these services are also trademarked, so the text is presumably also immutable to some extent. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 08:00:52AM -0700, Nikolaus Rath wrote: > On Jul 15 2015, Bas Wijnen wrote: > > As Jakub was saying: just starting it up without even visiting a site yet > > will > > do a POST and a *few dozen* GET requests. Shouldn't it be waiting with its > > checks until it actually knows what to check? What is it sending them at > > browser startup? > > Why don't you check the code? That won't answer the why, just the how. -- "If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing." --- Malcolm X -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150717174016.GB22734@tal
Re: The Spirit of Free Software, or The Reality
On Fri, Jul 17, 2015 at 9:03 PM, Thorsten Glaser wrote: > You could make a screenshot from where the original icons are shown, > then re-encode those tiny 16x16px thingies into new *.ico files with > GIMP. This is sorta like taking a photograph (if in doubt, take an > actual photo), or a bitmap font (where neither the font nor the indi‐ > vidual glyphs fall under copyright law), so only trademark law matters, > and Don already said Debian can “probably” use them to refer to the > sites in question. Debian has legal advice from SPI lawyers that screenshots are derivative works and thus are under the same license as the software they are derived from. http://lists.debian.org/debian-legal/2008/08/msg00016.html http://lists.debian.org/debian-legal/2008/08/msg00018.html Trademarks are indeed irrelevant here. > I question that 16x16px logos fall under the copyright law at all. > Maybe some of the picture metadata, at best (hence the suggestion > to re-encode). I expect some creativity goes into cramming logos into such a small space but IANAL so... -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caktje6g0xe0qv5immdjnfxz6sx6-tv7qbf6jva1lukx_772...@mail.gmail.com
Re: The Spirit of Free Software, or The Reality
On Fri, Jul 17, 2015 at 3:07 PM, Moritz Mühlenhoff wrote: > They're certainly necessary. W/o the icons there would be no indication > which search engine is currently selected in the Iceweasel search box. The Tor Browser has the name of the search engine in the search box in grey when no text has been typed. That should be enough of an indicator. -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caktje6fr0mkpb5u0c-hv0dudswcwjordv5vfdsspt9oualo...@mail.gmail.com
Re: The Spirit of Free Software, or The Reality
On Jul 17 2015, Mike Hommey wrote: > On Fri, Jul 17, 2015 at 02:38:12PM +0800, Paul Wise wrote: >> On Thu, Jul 16, 2015 at 6:17 AM, Mike Hommey wrote: >> >> > I, myself, find our DFSG-freeness pickiness going too far, and I'm sick >> > of this icon thing. So, here's what I'm going to do: unless I hear >> > non-IANAL objection until the next upstream release due on august 11 >> > (and I'm BCCing the DPL in case he wants to have the SPI lawyer(s) look >> > into this), I will remove the replacement of the bundled icons with >> > urls. >> >> How about just disabling the icons altogether? They seem unnessecary >> to me. Removing them would avoid both the potential DFSG issue and the >> privacy issue. > > Would you dare say this is useful? > http://i.imgur.com/duKHZKF.png Mike, thank you for continuing to put up with this (and for actually bothering to reply with a screenshot). Best, -Nikolaus -- GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F »Time flies like an arrow, fruit flies like a Banana.« -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87io9ikbi4@thinkpad.rath.org
Re: The Spirit of Free Software, or The Reality
On 07/16/2015 01:00 AM, Ben Finney wrote: Bas Wijnen writes: The "problem" that nobody mentioned it may be caused by the fact that nobody really considers those icons non-free, The copyright holder of those icons does not, AFAIK, grant restricted license for recipients to modify and redistribute the work. That makes those works non-free by my reading of the Social Contract. IANAL but the icons are not part of the work (the browser); they are trademarks for purposes of identification of an integration with a third-party service; they don't have to be DFSG-free, just redistributable by Debian (and possibly not even that because this usage could fall into fair use, as long as there is no claim or appearance that the third-party endorses the work). Best regards. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55a9239b.3060...@alvarezp.org
Re: The Spirit of Free Software, or The Reality
On Fri, 2015-07-17 at 19:57 +0900, Mike Hommey wrote: > Would you dare say this is useful? > http://i.imgur.com/duKHZKF.png I agree that isn't very useful. I don't actually use the search bar as you can't[1] have multiple instances of it so I hadn't seen current versions of it but I did see that an earlier version of Firefox used a simple drop-down of names and icons. That would work just fine with the icons removed from the drop-down. 1. http://bonedaddy.net/pabs3/log/2011/11/04/migrate-from-galeon-to-iceweasel-firefox/ -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Replacement Default Icons for Iceweasel [was Re: The Spirit of Free Software, or The Reality]
On Thu, 16 Jul 2015, Don Armstrong wrote: > This is why I said "if they're necessary, then they're necessary". Here's a set of default icons which can trivially be expanded to avoid shipping those icons and downloading them: for icon in ebay google wikipedia bing; do convert -size 16x16 xc:white -pointsize 8 \ -font 'DejaVu-Sans' -fill black \ -stroke none \ -draw "text 0,7 '${icon:0:3}'" \ -draw "text 0,14 '${icon:3:3}'" \ ${icon}.png; done; -- Don Armstrong http://www.donarmstrong.com Judge if you want. We are all going to die. I intend to deserve it. -- a softer world #421 http://www.asofterworld.com/index.php?id=421 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150717143800.GR6137@geta
Re: The Spirit of Free Software, or The Reality
On Fri, 17 Jul 2015, Adrien CLERC wrote: > Maybe you should try the "I am an advanced user" of uBlock (or uBlock > Origin, it's up to you). It replaces AdblockPlus and RequestPolicy in a > much more efficient UI for me. More complex also… Hm, but, tbh, I’m not. I absolutely hate Firef*x but there are certain “web applications” that require it. Also, things like geographic applications (geocaching, geodashing, geovexilla, geohashing, shutterspot, munzee, …) don’t make sense in lynx. I still try to use it as few as possible. bye, //mirabilos -- Sometimes they [people] care too much: pretty printers [and syntax highligh- ting, d.A.] mechanically produce pretty output that accentuates irrelevant detail in the program, which is as sensible as putting all the prepositions in English text in bold font. -- Rob Pike in "Notes on Programming in C" -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/alpine.deb.2.20.1507171615240.11...@tglase.lan.tarent.de
Re: The Spirit of Free Software, or The Reality
Le 17/07/2015 15:09, Thorsten Glaser a écrit : > OK, wrong place to complain about RequestPolicy, admittedly. > It’s just that it’s the only actually effective ad blocker, > for use by me when lynx, my default webbrowser, isn’t enough. > > Maybe you should try the "I am an advanced user" of uBlock (or uBlock Origin, it's up to you). It replaces AdblockPlus and RequestPolicy in a much more efficient UI for me. More complex also… Adrien -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55a90c84.40...@antipoul.fr
Re: The Spirit of Free Software, or The Reality
Adam Borowski angband.pl> writes: > Note that while requestpolicycontinued is capable to do everything original > requestpolicy did, in its default mode it's just a poor ad blocker, The new xul-ext-requestpolicy is a severe regression from the old one: • it defaults to all permitted • it fails at importing old permissions • if you temporarily enable all requests, then exit iceweasel and start it anew, it is still in the “temporarily enable all requests” mode Furthermore – but the old one couldn’t do this either – there’s no way to say “always forbid to this specific site and don’t bother me with it again (e.g. by using the red flag”. The new one can add “always forbid” rules, but it fails in that… • … the red flag is still shown • … it blocks same-site requests (e.g. twitter.com → twitter.com, if requests to twitter.com are blocked), which wouldn’t be so bad if not for… • … it doesn’t have a way to grant explicit exceptions for such blocks OK, wrong place to complain about RequestPolicy, admittedly. It’s just that it’s the only actually effective ad blocker, for use by me when lynx, my default webbrowser, isn’t enough. bye, //mirabilos
Re: The Spirit of Free Software, or The Reality
Ian Jackson chiark.greenend.org.uk> writes: > The problem is simply that the icons are non-DFSG-free. You could make a screenshot from where the original icons are shown, then re-encode those tiny 16x16px thingies into new *.ico files with GIMP. This is sorta like taking a photograph (if in doubt, take an actual photo), or a bitmap font (where neither the font nor the indi‐ vidual glyphs fall under copyright law), so only trademark law matters, and Don already said Debian can “probably” use them to refer to the sites in question. I question that 16x16px logos fall under the copyright law at all. Maybe some of the picture metadata, at best (hence the suggestion to re-encode).
Re: The Spirit of Free Software, or The Reality
Ian Jackson chiark.greenend.org.uk> writes: >For example, in this case, it would be technically possible for >(say) Google (or someone masquerading as Google) to change the icon >offered to Debian's Iceweasel to one which looks very like >Wikipedia's icon. FWIW, there are DuckDuckGo iceweasel search plugins out there (don’t know if the one Debian ships is one of them) that encode the favicon, which makes it not download it: data:image/x-icon;base64,AAABAAEAEBEAIAB[…] Maybe patch all the others to do that could help? bye, //mirabilos, who agrees those implicit requests are not so nice
Re: The Spirit of Free Software, or The Reality
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/17/2015 12:57 PM, Mike Hommey wrote: > On Fri, Jul 17, 2015 at 02:38:12PM +0800, Paul Wise wrote: >> On Thu, Jul 16, 2015 at 6:17 AM, Mike Hommey wrote: >> >>> I, myself, find our DFSG-freeness pickiness going too far, and >>> I'm sick of this icon thing. So, here's what I'm going to do: >>> unless I hear non-IANAL objection until the next upstream >>> release due on august 11 (and I'm BCCing the DPL in case he >>> wants to have the SPI lawyer(s) look into this), I will remove >>> the replacement of the bundled icons with urls. >> >> How about just disabling the icons altogether? They seem >> unnessecary to me. Removing them would avoid both the potential >> DFSG issue and the privacy issue. > > Would you dare say this is useful? http://i.imgur.com/duKHZKF.png One Search Icon To Rule Them All! - -- It's not the COST, it's the VALUE -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJVqPK3AAoJEC5cILs3kzv9FZ4P/3sCfcydSXC3gcCTD6Xw/mZo YEAimquwDDXUcKuliOTL8XbBRG5xFX34eLqefpbs99x0qK0tbzF2vwFds3Gk1PF9 IwkeSaxp7JWRbNv0gCMEUTQ2QnYqTgmSCjy3YdCFVOTp0K+pfTy9uqUvWgfbF0Mq uxYrymRuGnFCFhTSzRe1dLnSsq6X3rIVhWiwt9np22O+sLCfa19krBc7ZTBIYTfo E9AiEx7lz+JZxE+jZ1CyG/GBhuYz5USkNNmr9FX6nKkFK98/2wZ0HDvHKPhLD75a ZJeiSG1caQQ0o/6yQsI0O5HAxEVwEPeSCmwBMD2jn7Nm8KRKMdxyt5qpSpyE06iR qkd8if0SnMKq5BgNORvZBkXIoWETHo4yOS2QUSy4U2xY5GhW2WqeFG4BJaHcrvQd O0XqANn8jItuFQF0DI/V2oHiwsQLscaocNlXcpygF3HPxSES6jak94uoJRvIziCx u4kc+wv3TvLBSek0h+felF/40aXbKAU1SzIp7qJFWJRXMiBiDj2zo8iKxcRmy0Oa XU57icZ9k+p3YibJyqlAi7BAGDsc5YQPZa7Rrqdb/Rl5S7/Qv3py+4o2TJpPD3qY nULrGLlQIrrOHsDgRbSvAiEx6D07d66YaQApNcjRuA7HFydpZhs1baGttApRMTE1 1kjTIqjUJe9DFJBnq6yM =efXC -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55a8f2b8.6020...@riseup.net
Re: The Spirit of Free Software, or The Reality
Le 17/07/2015 12:57, Mike Hommey a écrit : > On Fri, Jul 17, 2015 at 02:38:12PM +0800, Paul Wise wrote: >> On Thu, Jul 16, 2015 at 6:17 AM, Mike Hommey wrote: >> >>> I, myself, find our DFSG-freeness pickiness going too far, and I'm sick >>> of this icon thing. So, here's what I'm going to do: unless I hear >>> non-IANAL objection until the next upstream release due on august 11 >>> (and I'm BCCing the DPL in case he wants to have the SPI lawyer(s) look >>> into this), I will remove the replacement of the bundled icons with >>> urls. >> How about just disabling the icons altogether? They seem unnessecary >> to me. Removing them would avoid both the potential DFSG issue and the >> privacy issue. > Would you dare say this is useful? > http://i.imgur.com/duKHZKF.png > > Mike > > This seems to be the new DFSG game. Pick an icon, and get random results. Adrien -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55a8ef44.7000...@antipoul.fr
Re: The Spirit of Free Software, or The Reality
On Fri, Jul 17, 2015 at 02:38:12PM +0800, Paul Wise wrote: > On Thu, Jul 16, 2015 at 6:17 AM, Mike Hommey wrote: > > > I, myself, find our DFSG-freeness pickiness going too far, and I'm sick > > of this icon thing. So, here's what I'm going to do: unless I hear > > non-IANAL objection until the next upstream release due on august 11 > > (and I'm BCCing the DPL in case he wants to have the SPI lawyer(s) look > > into this), I will remove the replacement of the bundled icons with > > urls. > > How about just disabling the icons altogether? They seem unnessecary > to me. Removing them would avoid both the potential DFSG issue and the > privacy issue. Would you dare say this is useful? http://i.imgur.com/duKHZKF.png Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150717105745.ga31...@glandium.org
Re: The Spirit of Free Software, or The Reality
Paul Wise schrieb: > On Thu, Jul 16, 2015 at 6:17 AM, Mike Hommey wrote: > >> I, myself, find our DFSG-freeness pickiness going too far, and I'm sick >> of this icon thing. So, here's what I'm going to do: unless I hear >> non-IANAL objection until the next upstream release due on august 11 >> (and I'm BCCing the DPL in case he wants to have the SPI lawyer(s) look >> into this), I will remove the replacement of the bundled icons with >> urls. Fully agreed. > How about just disabling the icons altogether? They seem unnessecary > to me. They're certainly necessary. W/o the icons there would be no indication which search engine is currently selected in the Iceweasel search box. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnmqhae5.iss@inutil.org
Re: The Spirit of Free Software, or The Reality
On Thu, Jul 16, 2015 at 7:53 PM, Ian Jackson wrote: > I have also made the point that we make an exception for licence > texts. Obviously the situations aren't entirely parallel, but this > demonstrates that the absolutist position you are arguing for is both > contrary to our existing practice, and impractical. If you are saying > that this principle of modifiability is entirely absolute and we have > to make no exceptions at all at all at all, you have to address that > point too. Without these non-modifiable license texts there would be basically no Debian at all as the license texts are what makes the rest of a package containing them DFSG-free. So basically this exception is one we don't have a real choice in. This isn't the case for icons, which are could be removed or disabled without anywhere near as much effect. -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caktje6hfgxvgfsbwwa0xulog6+khlkyz8ajjebfhgzoq1w-...@mail.gmail.com
Re: The Spirit of Free Software, or The Reality
On Thu, Jul 16, 2015 at 6:17 AM, Mike Hommey wrote: > I, myself, find our DFSG-freeness pickiness going too far, and I'm sick > of this icon thing. So, here's what I'm going to do: unless I hear > non-IANAL objection until the next upstream release due on august 11 > (and I'm BCCing the DPL in case he wants to have the SPI lawyer(s) look > into this), I will remove the replacement of the bundled icons with > urls. How about just disabling the icons altogether? They seem unnessecary to me. Removing them would avoid both the potential DFSG issue and the privacy issue. -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caktje6hyombuyrhdixzwuqo22rsqkywette3mjjvm2gq7a4...@mail.gmail.com
Re: The Spirit of Free Software, or The Reality
On Thu, 16 Jul 2015, "IOhannes m zmölnig (Debian/GNU)" wrote: > On 07/16/2015 08:29 PM, Don Armstrong wrote: > > On Thu, 16 Jul 2015, Simon Richter wrote: > >> > The problem is that the icons are displayed in the search field > >> > dropdown, which should be fully functional before visiting the first > >> > site. > > I was hoping that it could be semi-functional, with placeholder icons > > until the site in question is actually visited. But if the icons are > > necessary, then they're necessary. > > what is the "site in question" you are referring to? Whatever the icons correspond to. > whenever they enter a search term and select one of the unknown¹ > search engines, the search is performed (e.g. on wikipedia) and the > placeholder icon is updated with the real icon (since wikipedia was > visited anyhow), and from know on the user knows at least one of their > search engines. This is why I said "if they're necessary, then they're necessary"; I use iceweasel+pentadactyl, so I've no clue what the default search UI even looks like any more. With pentadactyl, it helpfully tells you precisely what the search engine is so you don't have to guess whose icon is a briefcase. -- Don Armstrong http://www.donarmstrong.com I'm wrong to criticize the valor of your brave men. It's important to die for one's country when it means being the subject of a king who wears a ruffled collar or a pleated one. -- Cyrano de Bergerac -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150716214849.GQ6137@geta
Re: The Spirit of Free Software, or The Reality
On Thu, 16 Jul 2015 22:20:35 +0200 "IOhannes m zmölnig (Debian/GNU)" wrote: > On 07/16/2015 08:29 PM, Don Armstrong wrote: > > On Thu, 16 Jul 2015, Simon Richter wrote: > >> > The problem is that the icons are displayed in the search field > >> > dropdown, which should be fully functional before visiting the first > >> > site. > > I was hoping that it could be semi-functional, with placeholder icons > > until the site in question is actually visited. But if the icons are > > necessary, then they're necessary. > > > > what is the "site in question" you are referring to? > > as in: the first time the user starts the browser, the search field will > be filled with empty (placeholder) icons. whenever they enter a search > term and select one of the unknown¹ search engines, the search is > performed (e.g. on wikipedia) and the placeholder icon is updated with > the real icon (since wikipedia was visited anyhow), and from know on the > user knows at least one of their search engines. > this feels a bit like > > Quaff the blue speckled potion. > > You have no more potions of blindness. What if the placeholder icons were the first letter of the search engine's name? pgpttdEVSZsSQ.pgp Description: PGP signature
Re: The Spirit of Free Software, or The Reality
On 07/16/2015 08:29 PM, Don Armstrong wrote: > On Thu, 16 Jul 2015, Simon Richter wrote: >> > The problem is that the icons are displayed in the search field >> > dropdown, which should be fully functional before visiting the first >> > site. > I was hoping that it could be semi-functional, with placeholder icons > until the site in question is actually visited. But if the icons are > necessary, then they're necessary. > what is the "site in question" you are referring to? as in: the first time the user starts the browser, the search field will be filled with empty (placeholder) icons. whenever they enter a search term and select one of the unknown¹ search engines, the search is performed (e.g. on wikipedia) and the placeholder icon is updated with the real icon (since wikipedia was visited anyhow), and from know on the user knows at least one of their search engines. this feels a bit like > Quaff the blue speckled potion. > You have no more potions of blindness. fmgsdr IOhannes ¹ not totally unknown: there's a tooltip showing the name of the search engine if you hover over it. signature.asc Description: OpenPGP digital signature
Re: The Spirit of Free Software, or The Reality
On Thu, 16 Jul 2015, Simon Richter wrote: > The problem is that the icons are displayed in the search field > dropdown, which should be fully functional before visiting the first > site. I was hoping that it could be semi-functional, with placeholder icons until the site in question is actually visited. But if the icons are necessary, then they're necessary. > I believe that it is acceptable to ship these icons -- while they > aren't free to modify, there is no real reason why we would need that. I think upstream is claiming that they're free to modify as far as copyright is concerned, which is really all I'm personally concerned about. All of that said, I don't see a difference between us shipping the icons and having the package automatically download them without the user specifically visiting a site. [I'm speaking to the choir when I lament the fact that so much leakage of information seems to be necessary in order to use most modern devices... that ship has sailed, and we're just fighting a rearguard action now.] -- Don Armstrong http://www.donarmstrong.com There is no mechanical problem so difficult that it cannot be solved by brute strength and ignorance. -- William's Law -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150716182933.GM6137@geta
Re: The Spirit of Free Software, or The Reality
On Thu, Jul 16, 2015 at 07:17:03AM +0900, Mike Hommey wrote: > I, myself, find our DFSG-freeness pickiness going too far, and I'm sick > of this icon thing. So, here's what I'm going to do: unless I hear > non-IANAL objection until the next upstream release due on august 11 > (and I'm BCCing the DPL in case he wants to have the SPI lawyer(s) look > into this), I will remove the replacement of the bundled icons with > urls. > In this case, I don't intend on doing so. If you (as the maintainer) or the FTPMasters want me to, I'll forward it on, but I don't particularly want to waste lawyers time on what seems to be a minor issue. Neil -- signature.asc Description: Digital signature
Re: The Spirit of Free Software, or The Reality
Hi, On Thu, Jul 16, 2015 at 06:00:17PM +0200, Simon Richter wrote: > Am 16.07.2015 um 16:57 schrieb Don Armstrong: > > How easy would it be to modify the code so that it only gets the > > favorite icons when the site is actually visited? [Does it already try > > to update the icons when it visits one of the configured sites?] > > The problem is that the icons are displayed in the search field > dropdown, which should be fully functional before visiting the first site. Also, if it is acceptable to auto-download them, I don't see why it wouldn't be acceptable to ship them. It's one or the other: we want to protect our users against this non-free material and don't give it to them, or we don't think it is non-free (or that it is an acceptable exception, just like license texts) and we do. In the former case we don't ship and don't download; in the latter case, we do ship and therefore still don't download. > I believe that it is acceptable to ship these icons -- while they aren't > free to modify, there is no real reason why we would need that. I agree, and it seems Mike will start shipping them, which is good IMO. Thanks, Bas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150716162105.gs8...@fmf.nl
Re: The Spirit of Free Software, or The Reality
Hi, Am 16.07.2015 um 16:57 schrieb Don Armstrong: > How easy would it be to modify the code so that it only gets the > favorite icons when the site is actually visited? [Does it already try > to update the icons when it visits one of the configured sites?] The problem is that the icons are displayed in the search field dropdown, which should be fully functional before visiting the first site. I believe that it is acceptable to ship these icons -- while they aren't free to modify, there is no real reason why we would need that. Trademark legislation should allow us to use these logos to refer to the companies even without a formal permission, and would forbid us to use them in any other context regardless of the copyright situation. The only thing I'd see as problematic is when a company changes their logo and wants us to stop distributing the old one -- this is something we cannot do. Simon -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55a7d511.4070...@debian.org
Re: The Spirit of Free Software, or The Reality
On Thu, 16 Jul 2015, Mike Hommey wrote: > On Wed, Jul 15, 2015 at 12:56:29PM +0100, Ian Jackson wrote: > > I was surprised that it would download the icons from the installed > > search providers. There is no need for it to do that. And that means > > that the mere presence of an unused but configured search provider, > > causes every user's iceweasel to notify the search provider whenever > > the user starts the browser. > > Starts the browser for the first time ever. How easy would it be to modify the code so that it only gets the favorite icons when the site is actually visited? [Does it already try to update the icons when it visits one of the configured sites?] Since I haven't read the code,[1] this might be too much work, but I was thinking about shipping 1x1.png for those icons, and then having them be updated if and when a user actually visits those sites. -- Don Armstrong http://www.donarmstrong.com A Bill of Rights that means what the majority wants it to mean is worthless. -- U.S. Supreme Court Justice Antonin Scalia -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150716145720.GI6137@geta
Re: The Spirit of Free Software, or The Reality
Ben Finney writes ("Re: The Spirit of Free Software, or The Reality"): > So the above seems to argue either that search engine icons are > sufficiently important that we can violate the Social Contract, or I've > misunderstood. I'd like to know exactly where that misunderstanding is. You are arguing from the Social Contract. This is the Debian equivalent of godwinating the conversation. But I will try anyway. The point of having ethical principles is to do good in the world. We can disagree about what good is, of course. But our users are not harmed, and their freedom is not diminished, if we ship nonmodifable icons for proprietary search services.[1] There is no significant risk that anyone would think that these icons are modifiable. As I wrote before, in this case, pickiness about the modifiability of the icons /is/ harming our users (not very much, but still). You haven't come up with a counterargument to these points, which I made in an earlier mail. I have also made the point that we make an exception for licence texts. Obviously the situations aren't entirely parallel, but this demonstrates that the absolutist position you are arguing for is both contrary to our existing practice, and impractical. If you are saying that this principle of modifiability is entirely absolute and we have to make no exceptions at all at all at all, you have to address that point too. If we are prepared to make exceptions, no matter how narrow, then the question is: on what basis might we make an exception, and should we make one in this case ? I am happy that we should use our documented principles and aims to guide our actions, but if applying the letter of the law undermines our values, we should go with what is right rather than what is written down. One problem is that the principle that we should protect our users' privacy isn't written down in our foundation documents, even though it's clear that most of us (probably, an overwhelming majority) think it important. If it _were_ written down then it would be more obvious that there is a conflict between different principles here. As someone who has come to think that reference to foundation documents to illuminate these kind of problems is not normally helpful, I'm not particularly bothered that the foundation documents lack a commitment to our users' privacy. But if this bothers you then I would support a GR to improve this. If you are going to clean this up then you should probably also deal with the fact that they also lack a commitment to our users' security, and you should consider whether it would be useful for these documents to use words and phrases like `autonomy' and `in practice'. I'd like to thank Mike Hommey again for all his hard work and his toleration for this kind of conversation. I support his intentions as he has just laid out. Ian. [1] To be clear, I mean that the users' freedoms are not diminished, nor the users harmed, by the nonmodifiability of the icons. An argument could be made that the very presence of these search engine configurations is a problem, but if that is the case it doesn't depend very much on what icon is shown. The obvious counterargument is that respecting the user's autonomy - including not putting barriers in front of their choice to use a proprietary service - is part of upholding the user's freedom. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/21927.39727.387280.432...@chiark.greenend.org.uk
Re: The Spirit of Free Software, or The Reality
On Jul 16, Mike Hommey wrote: > I, myself, find our DFSG-freeness pickiness going too far, and I'm sick > of this icon thing. So, here's what I'm going to do: unless I hear > non-IANAL objection until the next upstream release due on august 11 > (and I'm BCCing the DPL in case he wants to have the SPI lawyer(s) look > into this), I will remove the replacement of the bundled icons with > urls. Full support here... -- ciao, Marco pgpWX23hiZSFE.pgp Description: PGP signature
Re: The Spirit of Free Software, or The Reality
Bas Wijnen writes: > The "problem" that nobody mentioned it may be caused by the fact that > nobody really considers those icons non-free, The copyright holder of those icons does not, AFAIK, grant restricted license for recipients to modify and redistribute the work. That makes those works non-free by my reading of the Social Contract. > and so having them on our users' machines isn't a problem. But then I > agree with Ian and Mike, we should just ship them in the package. Distributing them to Debian recipients makes the implicit promise that they are free by the DFSG, or that they should be removed from Debian if that's discovered to be untrue. So the above seems to argue either that search engine icons are sufficiently important that we can violate the Social Contract, or I've misunderstood. I'd like to know exactly where that misunderstanding is. -- \ “The surest way to corrupt a youth is to instruct him to hold | `\ in higher esteem those who think alike than those who think | _o__) differently.” —Friedrich Nietzsche, _The Dawn_, 1881 | Ben Finney -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/857fq0vdyv@benfinney.id.au
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 07:56:42PM +0100, Ian Jackson wrote: > Right. I find it disappointing to discover that in Debian we have > deliberately modified Iceweasl to make this problem worse, even if > only in a modest way. ... > And one thing we could easily do (well, easily from a technical point > of view, if we could agree to do it) would be to not download the > icons. AIUI downloading the icons was a change that was made in > Debian for DFSG reasons. I've seen Mike's mail, and agree that his solution is appropriate. I'd like to note my opinion on what seems to have happened here though (it may not actually be what happened, but this is a theoretical argument, so that is irrelevant): We found that some content was not DFSG free, and therefore we didn't want to distribute it in Debian. I don't see how anyone could think that "let the program download the non-free material at first boot" is an appropriate solution for anything in main. The point of software in main is that our users trust that we don't put non-free stuff on their machine. It really doesn't matter if that stuff comes from the archive or is auto-downloaded from somewhere else. I don't expect this to be controversial, but I wanted to mention it anyway, because nobody did so far, and if there is no consensus about this, I think we should have a discussion about it. The "problem" that nobody mentioned it may be caused by the fact that nobody really considers those icons non-free, and so having them on our users' machines isn't a problem. But then I agree with Ian and Mike, we should just ship them in the package. Thanks, Bas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150716051023.gq8...@fmf.nl
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 01:07:00PM +0100, Ian Jackson wrote: > > BTW, that's something that would need to be resolved once and for all by > > an SPI lawyer, because a) Mozilla's lawyers consider those icons kocher > > as MPL-licensed icons and b) that's a problem broader than just > > iceweasel, as it concerns any package with references to external > > services (and a recurring question on debian-legal). > > There isn't a legal problem, surely. I can't imagine that ebay or > whoever mind us copying their icon in this way. There is surely a > formal legal copyright licence from ebay which makes the icon > redistributable for this kind of purpose. As for trademarks, we are > using the icon to refer to the organisation in question, so we do not > even need permission (although there is almost certainly a formal > permission document). > > AFAICT no-one has suggested that redistributing unmodified copies of > these icons along with the corresponding search engine thingies in > Iceweasl is contrary to any laws, or contrary to the wishes of the > copyright or trademark owners. > > The problem is simply that the icons are non-DFSG-free. I'm not even convinced it's a non-DFSG-freeness problem. You know what? (IANAL opinion here) If upstream is telling me these files are MPL-kocher, I have no reason not to believe them. MPL is DFSG-free, right? Now, surely, you can't modify company logos without some legal boundaries, but those come from trademark laws. Guess what, the same freaking problem exists with the Debian DFSG-free logo! I, myself, find our DFSG-freeness pickiness going too far, and I'm sick of this icon thing. So, here's what I'm going to do: unless I hear non-IANAL objection until the next upstream release due on august 11 (and I'm BCCing the DPL in case he wants to have the SPI lawyer(s) look into this), I will remove the replacement of the bundled icons with urls. Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150715221703.gd19...@glandium.org
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 12:56:29PM +0100, Ian Jackson wrote: > Nikolaus Rath writes ("Re: The Spirit of Free Software, or The Reality"): > > On Jul 15 2015, Jakub Wilk wrote: > > > So I made this experiment with Iceweasel. These are the requests it > > > makes with a fresh profile, before you even type an URL: > > > > > > POST > > > https://location.services.mozilla.com/v1/country?key=no-mozilla-api-key > > > GET http://www.ebay.com/favicon.ico > > > GET http://en.wikipedia.org/favicon.ico > > > GET http://www.yahoo.com/favicon.ico > > > GET http://www.google.com/favicon.ico > > > GET http://www.amazon.com/favicon.ico > ... > > 1. Were you surprised by this? I was certainly not, this is about what I > >would have guessed. If a program does what I expect it to do, I'm not > >sure if me starting it is "violating my privacy". > > I was surprised that it would download the icons from the installed > search providers. There is no need for it to do that. And that means > that the mere presence of an unused but configured search provider, > causes every user's iceweasel to notify the search provider whenever > the user starts the browser. Starts the browser for the first time ever. Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150715220617.gc19...@glandium.org
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 02:18:08PM +0200, Bas Wijnen wrote: > On Wed, Jul 15, 2015 at 01:26:16PM +0900, Mike Hommey wrote: > > On Wed, Jul 15, 2015 at 03:51:42AM +0200, Bas Wijnen wrote: > > > On Wed, Jul 15, 2015 at 01:06:28AM +0200, Jakub Wilk wrote: > > > > POST > > > > https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweasel&appver=38.1.0&pver=2.2&key=no-google-api-key > > > > + a few dozens of GET requests to https://safebrowsing.google.com/ > > > > > > > > So nothing serious here. It's just casually violating your privacy. > > > > > > I disagree that the safebrowsing part is not serious, especially > > > considering > > > that it continues to send a message there on every new page you visit. > > > Best > > > case the only thing that happens is that Google checks that you aren't > > > visiting > > > a dangerous site. But really? Does anyone believe that Google does not > > > store > > > this data to monitor browsing habits? > > > > FUD is easy. How about documenting yourself on how Safe browsing > > actually works? > > Please don't be so harsh. FUD is about trying to mislead people into thinking > untrue bad things about someone. I have no bad intentions, and I don't see > why > you would think that I do. Because you were misleading people into thinking untrue bad things about safe browsing. (snip) > As Jakub was saying: just starting it up without even visiting a site yet will > do a POST and a *few dozen* GET requests. Shouldn't it be waiting with its > checks until it actually knows what to check? What is it sending them at > browser startup? I'm not sure which version of the protocol iceweasel uses nowadays, but this is the protocol spec for v2.2: https://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec Using a POST is part of that. If you're interested in knowing exactly what's going over the wire, you can go enable the browser toolbox and watch all the network requests the browser does. https://developer.mozilla.org/en-US/docs/Tools/Browser_Toolbox > So I wanted to make it stop; I can live without the safe browsing feature. I > couldn't find it anywhere in the regular preferences. Security > Block reported attach sites and Security > Block reported web forgeries Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150715220450.gb19...@glandium.org
Re: Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 03:50:18PM +, Christoph Riehl wrote: > > On Wed, Jul 15, 2015 at 03:51:42AM +0200, Bas Wijnen wrote: > > > On Wed, Jul 15, 2015 at 01:06:28AM +0200, Jakub Wilk wrote: > > > > POST > https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweasel&appver=38.1.0&pver=2.2&key=no-google-api-key > > > > + a few dozens of GET requests to https://safebrowsing.google.com/ > > > > > > > > So nothing serious here. It's just casually violating your privacy. > > > > > > I disagree that the safebrowsing part is not serious, especially > considering > > > that it continues to send a message there on every new page you > visit. Best > > > case the only thing that happens is that Google checks that you > aren't visiting > > > a dangerous site. But really? Does anyone believe that Google > does not store > > > this data to monitor browsing habits? > > > > FUD is easy. How about documenting yourself on how Safe browsing > > actually works? Hint: urls are _never_ sent to Google. The worst thing > > that Google can know is that the _hash_ of /some/ url you went to, > has the > > first n bits matching the first n bits of the hash of one (or multiple) > > of the known malware of phishing urls. Nothing more. > > Yeah, it's not like google would have a giant scanning tool that > downloads the content, processes, parses, classifies every web page out > there. > Google will of course never ever generate and store in one of their > databases a hash of the url of each page they process. No, never ever > they will do that. > Also, google will never ever store your requests. They never store > anything for tra(ffi)cking. Let's say they do. So what? The only thing they can get from the first n bits of the hash is that you visited one of possibly hundreds of thousands of urls with the same hash first n bits that also matches the first n bits of the hash of some known malware. Wow, that's going to make tracking so much easier than, say, ads or analytics. Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150715215357.ga19...@glandium.org
Re: The Spirit of Free Software, or The Reality
Ian Jackson writes ("Re: The Spirit of Free Software, or The Reality"): > Right. I find it disappointing to discover that in Debian we have > deliberately modified Iceweasl to make this problem worse, even if ^ Also, why do I keep doing that ? e <= here are the ones I missed out so far with a few extra spare. Ian. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/21926.45026.984216.363...@chiark.greenend.org.uk
Re: The Spirit of Free Software, or The Reality
Nikolaus Rath writes ("Re: The Spirit of Free Software, or The Reality"): > On Jul 15 2015, Ian Jackson wrote: > > If I use Iceweasl to visit the EFF's web pages, over TLS, I see no > > reason why I should be exposed to any privacy violations (other than > > any implied by decisons taken by the EFF). > > I agree with you. There is no reason, and it would be nice if Iceweasel > would not violate your privacy if you do so. Right. I find it disappointing to discover that in Debian we have deliberately modified Iceweasl to make this problem worse, even if only in a modest way. > However, I am not at all surprised that Iceweasel is doing that. If I > want privacy, I don't run Iceweasel but something like w3m. That's a lot > more reliable than changing Iceweasel to not download some icons and > disable safe browsing. Well, that may be a realistic assessment. But others in this thread have suggested possible ways to gain more assurance about the behaviour of programs like Iceweasel. I think people who want to do that deserver our moral and practical support. And one thing we could easily do (well, easily from a technical point of view, if we could agree to do it) would be to not download the icons. AIUI downloading the icons was a change that was made in Debian for DFSG reasons. Thanks, Ian. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/21926.44266.664357.850...@chiark.greenend.org.uk
Re: The Spirit of Free Software, or The Reality
Nikolaus Rath writes ("Re: The Spirit of Free Software, or The Reality"): > On Jul 15 2015, Bas Wijnen wrote: > > As Jakub was saying: just starting it up without even visiting a > > site yet will do a POST and a *few dozen* GET requests. Shouldn't > > it be waiting with its checks until it actually knows what to > > check? What is it sending them at browser startup? > > Why don't you check the code? I think asking questions is a reasonable way to go about this. Having been the maintainer of a similar package for a while, "checking the code" is far from straightforward. Ian. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/21926.39019.476429.927...@chiark.greenend.org.uk
Re: Re: The Spirit of Free Software, or The Reality
> On Wed, Jul 15, 2015 at 03:51:42AM +0200, Bas Wijnen wrote: > > On Wed, Jul 15, 2015 at 01:06:28AM +0200, Jakub Wilk wrote: > > > POST https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweasel&appver=38.1.0&pver=2.2&key=no-google-api-key > > > + a few dozens of GET requests to https://safebrowsing.google.com/ > > > > > > So nothing serious here. It's just casually violating your privacy. > > > > I disagree that the safebrowsing part is not serious, especially considering > > that it continues to send a message there on every new page you visit. Best > > case the only thing that happens is that Google checks that you aren't visiting > > a dangerous site. But really? Does anyone believe that Google does not store > > this data to monitor browsing habits? > > FUD is easy. How about documenting yourself on how Safe browsing > actually works? Hint: urls are _never_ sent to Google. The worst thing > that Google can know is that the _hash_ of /some/ url you went to, has the > first n bits matching the first n bits of the hash of one (or multiple) > of the known malware of phishing urls. Nothing more. Yeah, it's not like google would have a giant scanning tool that downloads the content, processes, parses, classifies every web page out there. Google will of course never ever generate and store in one of their databases a hash of the url of each page they process. No, never ever they will do that. Also, google will never ever store your requests. They never store anything for tra(ffi)cking. Gruss Christoph
Re: The Spirit of Free Software, or The Reality
On Jul 15 2015, Bas Wijnen wrote: > As Jakub was saying: just starting it up without even visiting a site yet will > do a POST and a *few dozen* GET requests. Shouldn't it be waiting with its > checks until it actually knows what to check? What is it sending them at > browser startup? Why don't you check the code? Best, -Nikolaus -- GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F »Time flies like an arrow, fruit flies like a Banana.« -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87oajdtqhn@thinkpad.rath.org
Re: The Spirit of Free Software, or The Reality
On Jul 15 2015, Ian Jackson wrote: > Nikolaus Rath writes ("Re: The Spirit of Free Software, or The Reality"): >> On Jul 15 2015, Jakub Wilk wrote: >> > So I made this experiment with Iceweasel. These are the requests it >> > makes with a fresh profile, before you even type an URL: >> > >> > POST >> > https://location.services.mozilla.com/v1/country?key=no-mozilla-api-key >> > GET http://www.ebay.com/favicon.ico >> > GET http://en.wikipedia.org/favicon.ico >> > GET http://www.yahoo.com/favicon.ico >> > GET http://www.google.com/favicon.ico >> > GET http://www.amazon.com/favicon.ico > ... >> 1. Were you surprised by this? I was certainly not, this is about what I >>would have guessed. If a program does what I expect it to do, I'm not >>sure if me starting it is "violating my privacy". > > I was surprised that it would download the icons from the installed > search providers. There is no need for it to do that. And that means > that the mere presence of an unused but configured search provider, > causes every user's iceweasel to notify the search provider whenever > the user starts the browser. This is not desirable. I agree that it's not desirable. But there's a lot of stuff in a lot of packages that's not desirable, I don't see this as an especially severe problem. >> 2. Would it be ok if Firefox did all this at the time you visited the >>first webpage, rather than at the time of startup? > > I think that depends on what the first webpage is. > > If the first webpage is (say) > https://en.wikipedia.org/wiki/Embarrassing_medical_problem > https://act.eff.org/login > https://search.debian.org/cgi-bin/omega?DB=en&P=vulnerability+scanner > https://fetlife.com/home/v4 > then I don't see any reason why Ebay or Amazon would have to know even > that I am running Iceweasel. > > To implement the unsafe sites protection, Google might need to know > that I am running Iceweasel, but measures described elsewhere in this > thread mean that its information about which actual URLs I am visiting > is limited. > >>If not, then what about all the tracking pages that Firefox is going >>to load because they're referenced in the page you asked for? >>Shouldn't you be much more worried about those? > > It is obviously not practical for us to do very much about that, other > than by promoting (a) privacy-enhancing client-side tools > (b) privacy-respecting websites, where relevant and (c) political > change. Yes. I guess what I'm trying to say is that calling Iceweasel isn't the same as calling "ls" or make. Having the latter programs do the above would be severe. But in order to protect your privacy when browsing with Iceweasel, you have to run it through tor anyway (and probably add all sorts of other measures to prevent fingerprinting). So why worry about a few extra requests? Best, -Nikolaus -- GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F »Time flies like an arrow, fruit flies like a Banana.« -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87r3o9tql1@thinkpad.rath.org
Re: The Spirit of Free Software, or The Reality
On 07/15/2015 at 08:18 AM, Bas Wijnen wrote: > As Jakub was saying: just starting it up without even visiting a site > yet will do a POST and a *few dozen* GET requests. Shouldn't it be > waiting with its checks until it actually knows what to check? What > is it sending them at browser startup? > > So I wanted to make it stop; I can live without the safe browsing > feature. I couldn't find it anywhere in the regular preferences. In > about:config I searched for it and there is an "enabled" flag, which > I turned off, but that didn't actually stop the traffic (is that a > bug, or does it disable something in a different way?) I've seen this (or something similar) discussed on Mozilla lists semi-recently. I believe there was a bug opened about it, but I don't recall the bug number or what the outcome (if any yet) may have been. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 12:16:36PM +0200, Marcus Rohrmoser wrote: > https://requestpolicycontinued.github.io/ comes to a rescue. Note that while requestpolicycontinued is capable to do everything original requestpolicy did, in its default mode it's just a poor ad blocker, strictly weaker than Adblock Plus. There is a switch to make it block third-party servers by default, but the documentation discourages that. I can't fathom why they would do such a thing as this throws away the whole concept, but as it stands, I wouldn't recommend requestpolicycontinued to unwary users. -- // If you believe in so-called "intellectual property", please immediately // cease using counterfeit alphabets. Instead, contact the nearest temple // of Amon, whose priests will provide you with scribal services for all // your writing needs, for Reasonable and Non-Discriminatory prices. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150715121826.ga26...@angband.pl
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 01:26:16PM +0900, Mike Hommey wrote: > On Wed, Jul 15, 2015 at 03:51:42AM +0200, Bas Wijnen wrote: > > On Wed, Jul 15, 2015 at 01:06:28AM +0200, Jakub Wilk wrote: > > > POST > > > https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweasel&appver=38.1.0&pver=2.2&key=no-google-api-key > > > + a few dozens of GET requests to https://safebrowsing.google.com/ > > > > > > So nothing serious here. It's just casually violating your privacy. > > > > I disagree that the safebrowsing part is not serious, especially considering > > that it continues to send a message there on every new page you visit. Best > > case the only thing that happens is that Google checks that you aren't > > visiting > > a dangerous site. But really? Does anyone believe that Google does not > > store > > this data to monitor browsing habits? > > FUD is easy. How about documenting yourself on how Safe browsing > actually works? Please don't be so harsh. FUD is about trying to mislead people into thinking untrue bad things about someone. I have no bad intentions, and I don't see why you would think that I do. I have some experience with safe browsing, but indeed I have not looked up how it works. I do know that it continuously sends data to Google, and I have quite a bit of confidence in their capability and willingness to use that data for tracking. From your description it sounds like that is not trivial, but there are smart people at Google, and they have near infinite resources. > Hint: urls are _never_ sent to Google. The worst thing > that Google can know is that the _hash_ of /some/ url you went to, has the > first n bits matching the first n bits of the hash of one (or multiple) > of the known malware of phishing urls. Nothing more. That sounds good, and I believe you that is how it's supposed to work, but I can't quite match it with my observations. The first time I encountered safe browsing was when I was running wireshark for an unrelated reason. I saw lots of packets going to a remote server even though I wasn't doing anything on the network yet. So I checked which host it was, and it turned out to be Google. Given that every product they have seems to be targeting maximum gathering of personal information on people, I worry when my computer is sending a lot of data to them without me asking for it. I also note that it sent requests there all the time. I wasn't even doing anything with my browser, and I didn't have any sites open that would obviously keep contact with the server. I don't remember exactly what happened, but I do remember that it looked like Iceweasel was sending a lot of information about me to Google. As Jakub was saying: just starting it up without even visiting a site yet will do a POST and a *few dozen* GET requests. Shouldn't it be waiting with its checks until it actually knows what to check? What is it sending them at browser startup? So I wanted to make it stop; I can live without the safe browsing feature. I couldn't find it anywhere in the regular preferences. In about:config I searched for it and there is an "enabled" flag, which I turned off, but that didn't actually stop the traffic (is that a bug, or does it disable something in a different way?) Eventually I managed to stop it by replacing all the safebrowsing related urls with empty strings. I don't like that I need to do that much work to prevent my computer from contacting Google. I also don't think I am obligated to find out the technical details of the protocol before I'm allowed to complain about it. All that being said, I agree with Ben that the Iceweasel packaging in Debian is excellent, and I'm happy to know that this is the case. Thanks, Bas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150715121808.gp8...@fmf.nl
Re: The Spirit of Free Software, or The Reality
Marc Haber writes ("Re: The Spirit of Free Software, or The Reality"): > On Wed, 15 Jul 2015 14:56:28 +1000, Ben Finney > wrote: > >Whatever my position ends up being on that, I do have a firm position on > >another aspect: I greatly appreciate that you're grappling with these > >issues in Mozilla products, and working to keep Debian high-quality and > >free. > > Amen. Packaging Mozilla software surely is hard work just for its > obiquity, and the work is done just splendidly. I should say that I agree with this and my previous message should not be read as a criticism of Mike, who is indeed dealing with very tricky problems. Ian. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/21926.19736.832540.256...@chiark.greenend.org.uk
Re: The Spirit of Free Software, or The Reality
Mike Hommey writes ("Re: The Spirit of Free Software, or The Reality"): > On Wed, Jul 15, 2015 at 01:06:28AM +0200, Jakub Wilk wrote: > > GET http://www.ebay.com/favicon.ico > > GET http://en.wikipedia.org/favicon.ico > > GET http://www.yahoo.com/favicon.ico > > GET http://www.google.com/favicon.ico > > GET http://www.amazon.com/favicon.ico > > GET http://www.yahoo.com/favicon.ico > > GET http://www.yahoo.com/favicon.ico > > GET https://en.wikipedia.org/favicon.ico > > GET https://en.wikipedia.org/favicon.ico > > GET https://www.yahoo.com/favicon.ico > > GET https://en.wikipedia.org/favicon.ico > > FWIW, those are a consequence of removing supposedly non-free icons from > the source package. But maybe you'd prefer no icons at all for the list > of search engines. Yes. Frankly I think it is astonishing that we have done this deliberately. Do we really think we are enhancing our users' freedom by doing this ? Compared to distributing the icon in the package, the user does not gain the ability to legally modify the icon. We are not avoiding exposing us or our users to any legal risks. Supposely this decision is made by us for ethical reasons (ie, to uphold our values) but the actual effect is simply to diminish our users' privacy,. I would prefer the following things in this order: 1. Where distribution is permitted by an upstream, we make an exception for non-free icons in this context. We already make exceptions for the text of licences and I don't see this being a problem in principle. No reasonable downstream would want to take the trademarked icons of a proprietary company, which happens to be bundled into our package for privacy and convenience, and produce derivative icons. Nor would anyone reasonable expect to be able to do that. 2. No non-DFSG-free icons for search engines. If no modifiable icon is available, no icon. > BTW, that's something that would need to be resolved once and for all by > an SPI lawyer, because a) Mozilla's lawyers consider those icons kocher > as MPL-licensed icons and b) that's a problem broader than just > iceweasel, as it concerns any package with references to external > services (and a recurring question on debian-legal). There isn't a legal problem, surely. I can't imagine that ebay or whoever mind us copying their icon in this way. There is surely a formal legal copyright licence from ebay which makes the icon redistributable for this kind of purpose. As for trademarks, we are using the icon to refer to the organisation in question, so we do not even need permission (although there is almost certainly a formal permission document). AFAICT no-one has suggested that redistributing unmodified copies of these icons along with the corresponding search engine thingies in Iceweasl is contrary to any laws, or contrary to the wishes of the copyright or trademark owners. The problem is simply that the icons are non-DFSG-free. Ian. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/21926.19684.439953.87...@chiark.greenend.org.uk
Re: The Spirit of Free Software, or The Reality
On Wed, 15 Jul 2015 14:56:28 +1000, Ben Finney wrote: >Whatever my position ends up being on that, I do have a firm position on >another aspect: I greatly appreciate that you're grappling with these >issues in Mozilla products, and working to keep Debian high-quality and >free. > >Thank you, Mike. Amen. Packaging Mozilla software surely is hard work just for its obiquity, and the work is done just splendidly. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1zfklg-hl...@swivel.zugschlus.de
Re: The Spirit of Free Software, or The Reality
Dear Nikolaus, I have to disagree. > I'm not sure if that's really as serious as you make it sound. Let me > ask you this: > > 1. Were you surprised by this? Yes. > I was certainly not, this is about what I >would have guessed. Why? > If a program does what I expect it to do, I'm not >sure if me starting it is "violating my privacy“. If I didn’t tell it to access a webpage I wouldn’t expect it to. >Accessing various webpages is necessary for the functions that >Firefox provides. So complaining about this is a little like >complaining that my car needs fuel - unfortunate, but difficult to >avoid if I want to have a car. If you don't want the functions that >Firefox provides, don't use it. Indeed, staying in the car analogon (that usually fails): question is who’s in the driver’s seat. Who decides which directions to take - i.e. pages to access. It should be the user's decision. Not the visited website’s (which sadly too often is) but definitively not the browser’s own decision. Even less so in secrecy. And even less so prior ANY USER ACTION requesting so. > 2. Would it be ok if Firefox did all this at the time you visited the >first webpage, rather than at the time of startup? No. >If not, then what about all the tracking pages that Firefox is going >to load because they're referenced in the page you asked for? >Shouldn't you be much more worried about those? Thank you mentioning this - yes, acually I am not only worried but annoyed to a degree to take action: https://requestpolicycontinued.github.io/ comes to a rescue. Cheers, M -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cf383996-93cc-4f4f-9dbb-c5f95d3fe...@mro.name
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 02:34:41PM +0900, Mike Hommey wrote: > On Wed, Jul 15, 2015 at 01:09:47PM +0800, Paul Wise wrote: > > On Wed, Jul 15, 2015 at 12:26 PM, Mike Hommey wrote: > > > > > FUD is easy. How about documenting yourself on how Safe browsing > > > actually works? Hint: urls are _never_ sent to Google. The worst thing > > > that Google can know is that the _hash_ of /some/ url you went to, has the > > > first n bits matching the first n bits of the hash of one (or multiple) > > > of the known malware of phishing urls. Nothing more. > > > > Why doesn't it just download the full list and do checks client-side? > > The full list is huge, so it downloads a smaller list with hash > prefixes, then when it hits a match, it downloads a list of all the > hashes that start with that prefix. In other words, that's what it actually does, modulo some optimization so it doesn't have to download terabytes of data. -- It is easy to love a country that is famous for chocolate and beer -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150715074242.ga28...@grep.be
Re: The Spirit of Free Software, or The Reality
> > FWIW, those [requests to search engines to retrieve their icons] are a > > consequence of removing supposedly non-free icons from the source > > package. But maybe you'd prefer no icons at all for the list of search > > engines. > > That's a tough one. I haven't yet got a firm position on what should be > done to resolve that. A possible solution would be to make new icons. The problem with this would be that they wouldn't be easily identifiable, which is the whole point of icons.,, pgpRwHWXpegEy.pgp Description: PGP signature
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 01:09:47PM +0800, Paul Wise wrote: > On Wed, Jul 15, 2015 at 12:26 PM, Mike Hommey wrote: > > > FUD is easy. How about documenting yourself on how Safe browsing > > actually works? Hint: urls are _never_ sent to Google. The worst thing > > that Google can know is that the _hash_ of /some/ url you went to, has the > > first n bits matching the first n bits of the hash of one (or multiple) > > of the known malware of phishing urls. Nothing more. > > Why doesn't it just download the full list and do checks client-side? The full list is huge, so it downloads a smaller list with hash prefixes, then when it hits a match, it downloads a list of all the hashes that start with that prefix. Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150715053441.ga26...@glandium.org
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 12:26 PM, Mike Hommey wrote: > FUD is easy. How about documenting yourself on how Safe browsing > actually works? Hint: urls are _never_ sent to Google. The worst thing > that Google can know is that the _hash_ of /some/ url you went to, has the > first n bits matching the first n bits of the hash of one (or multiple) > of the known malware of phishing urls. Nothing more. Why doesn't it just download the full list and do checks client-side? -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caktje6hbeogot-sj0atrbzxmd+npah29wcuecp_s4elwa_b...@mail.gmail.com
Re: The Spirit of Free Software, or The Reality
Mike Hommey writes: > FWIW, those [requests to search engines to retrieve their icons] are a > consequence of removing supposedly non-free icons from the source > package. But maybe you'd prefer no icons at all for the list of search > engines. That's a tough one. I haven't yet got a firm position on what should be done to resolve that. Whatever my position ends up being on that, I do have a firm position on another aspect: I greatly appreciate that you're grappling with these issues in Mozilla products, and working to keep Debian high-quality and free. Thank you, Mike. -- \ “The internet's completely over.… Anyway, all these computers | `\and digital gadgets are no good. They just fill your head with | _o__) numbers and that can't be good for you.” —Prince, 2010-07-05 | Ben Finney -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/85si8quigz@benfinney.id.au
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 01:06:28AM +0200, Jakub Wilk wrote: > GET http://www.ebay.com/favicon.ico > GET http://en.wikipedia.org/favicon.ico > GET http://www.yahoo.com/favicon.ico > GET http://www.google.com/favicon.ico > GET http://www.amazon.com/favicon.ico > GET http://www.yahoo.com/favicon.ico > GET http://www.yahoo.com/favicon.ico > GET https://en.wikipedia.org/favicon.ico > GET https://en.wikipedia.org/favicon.ico > GET https://www.yahoo.com/favicon.ico > GET https://en.wikipedia.org/favicon.ico FWIW, those are a consequence of removing supposedly non-free icons from the source package. But maybe you'd prefer no icons at all for the list of search engines. BTW, that's something that would need to be resolved once and for all by an SPI lawyer, because a) Mozilla's lawyers consider those icons kocher as MPL-licensed icons and b) that's a problem broader than just iceweasel, as it concerns any package with references to external services (and a recurring question on debian-legal). Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150715043131.gb20...@glandium.org
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 03:51:42AM +0200, Bas Wijnen wrote: > On Wed, Jul 15, 2015 at 01:06:28AM +0200, Jakub Wilk wrote: > > POST > > https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweasel&appver=38.1.0&pver=2.2&key=no-google-api-key > > + a few dozens of GET requests to https://safebrowsing.google.com/ > > > > So nothing serious here. It's just casually violating your privacy. > > I disagree that the safebrowsing part is not serious, especially considering > that it continues to send a message there on every new page you visit. Best > case the only thing that happens is that Google checks that you aren't > visiting > a dangerous site. But really? Does anyone believe that Google does not store > this data to monitor browsing habits? FUD is easy. How about documenting yourself on how Safe browsing actually works? Hint: urls are _never_ sent to Google. The worst thing that Google can know is that the _hash_ of /some/ url you went to, has the first n bits matching the first n bits of the hash of one (or multiple) of the known malware of phishing urls. Nothing more. Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150715042615.ga20...@glandium.org
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 11:30 AM, Nikolaus Rath wrote: >If not, then what about all the tracking pages that Firefox is going >to load because they're referenced in the page you asked for? >Shouldn't you be much more worried about those? Allowing third-party requests was one of the biggest mistakes made in the design of web browsers. It is basically impossible to put that cat back into the bag at this point though. Most people concerned about this issue are using the RequestPolicy plugin along with various other plugins. Unfortunately this breaks much of the web. -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caktje6gcrbc9zvyspluoti4m9rtkuofmjzey8efqrekfh9u...@mail.gmail.com
Re: The Spirit of Free Software, or The Reality
On Jul 15 2015, Jakub Wilk wrote: > So I made this experiment with Iceweasel. These are the requests it > makes with a fresh profile, before you even type an URL: > > POST https://location.services.mozilla.com/v1/country?key=no-mozilla-api-key > GET http://www.ebay.com/favicon.ico > GET http://en.wikipedia.org/favicon.ico > GET http://www.yahoo.com/favicon.ico > GET http://www.google.com/favicon.ico > GET http://www.amazon.com/favicon.ico > GET http://www.yahoo.com/favicon.ico > GET https://tiles.services.mozilla.com/v2/links/fetch/en-US > GET http://www.yahoo.com/favicon.ico > GET https://en.wikipedia.org/favicon.ico > GET https://en.wikipedia.org/favicon.ico > GET https://www.yahoo.com/favicon.ico > GET > https://tiles.cdn.mozilla.net/desktop/PL/en-US.dd461b9cdf65d101f61b5dddac1ce4996e8d91ca.json > GET https://en.wikipedia.org/favicon.ico > POST > https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweasel&appver=38.1.0&pver=2.2&key=no-google-api-key > + a few dozens of GET requests to https://safebrowsing.google.com/ > > So nothing serious here. It's just casually violating your privacy. I'm not sure if that's really as serious as you make it sound. Let me ask you this: 1. Were you surprised by this? I was certainly not, this is about what I would have guessed. If a program does what I expect it to do, I'm not sure if me starting it is "violating my privacy". Accessing various webpages is necessary for the functions that Firefox provides. So complaining about this is a little like complaining that my car needs fuel - unfortunate, but difficult to avoid if I want to have a car. If you don't want the functions that Firefox provides, don't use it. 2. Would it be ok if Firefox did all this at the time you visited the first webpage, rather than at the time of startup? If not, then what about all the tracking pages that Firefox is going to load because they're referenced in the page you asked for? Shouldn't you be much more worried about those? Best, -Nikolaus -- GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F »Time flies like an arrow, fruit flies like a Banana.« -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87mvyyjdx2@vostro.rath.org
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 5:18 AM, Bas Wijnen wrote: > On Tue, Jul 14, 2015 at 04:21:07PM +0200, Wouter Verhelst wrote: >> On Mon, Jul 06, 2015 at 02:10:08PM +0800, Paul Wise wrote: >> > Perhaps we could run everything in $PATH in virtual machines and log >> > all network beyond localhost. >> >> I look forward to not reading your emails anymore ;-P >> >> (or did I misunderstand something?) > > I think so; AIUI he was describing a test procedure to automatically check if > anything in the archive initiates network connections without being asked. > It's not a setup to run on a production machine; you are correct that the > machine wouldn't be much use. I was indeed describing a test machine, however, such a machine would not block network usage, just log it. -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caktje6fz3b2fobo7abg_skqbbkzp29jbqkqf5hmc_do+fdm...@mail.gmail.com
Re: The Spirit of Free Software, or The Reality
Bas Wijnen writes: > On Wed, Jul 15, 2015 at 01:06:28AM +0200, Jakub Wilk wrote: > > POST > > https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweasel&appver=38.1.0&pver=2.2&key=no-google-api-key > > + a few dozens of GET requests to https://safebrowsing.google.com/ > > > > So nothing serious here. It's just casually violating your privacy. > > I disagree that the safebrowsing part is not serious You're right IMO to express your disagreement with that statement. My understanding of that message was that Jakub Wilk's “nothing serious” was very sarcastic, and he actually meant us to know he thinks this level of privacy violation is quite serious. But that may be wrong, or if correct it may not be obvious, so it's worth pointing out: > Are there any other ideas? Am I the only one who thinks this is a big > deal? I think the behaviour of Iceweasel in Debian, described by Jakub Wilk above, is a big deal, yes. -- \ “They who can give up essential liberty to obtain a little | `\temporary safety, deserve neither liberty nor safety.” | _o__) —Benjamin Franklin, 1775-02-17 | Ben Finney -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/85wpy2upuz@benfinney.id.au
Re: The Spirit of Free Software, or The Reality
On Wed, Jul 15, 2015 at 01:06:28AM +0200, Jakub Wilk wrote: > POST > https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweasel&appver=38.1.0&pver=2.2&key=no-google-api-key > + a few dozens of GET requests to https://safebrowsing.google.com/ > > So nothing serious here. It's just casually violating your privacy. I disagree that the safebrowsing part is not serious, especially considering that it continues to send a message there on every new page you visit. Best case the only thing that happens is that Google checks that you aren't visiting a dangerous site. But really? Does anyone believe that Google does not store this data to monitor browsing habits? I'm not saying I have a solution; unsafe sites are a reality, and a static database delivered with the package is just not good enough. But it would be good to try to solve this. Tor seems like the best service for the job. However, auto-connecting every Debian machine with Iceweasel installed (which is pretty much every Debian machine) to Tor may not be the best idea either. Are there any other ideas? Am I the only one who thinks this is a big deal? Thanks, Bas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150715015142.go8...@fmf.nl
Re: The Spirit of Free Software, or The Reality
* Paul Wise , 2015-07-06, 14:10: #786909 was absolutely not acceptable, and was treated as such. Social contract #1 remains in effect and will continue to do so in spite of day to day bugs that violate its spirit. It might be interesting to think about ways we can automatically discover such problems in future. lintian has privacy checks but this kind of problem doesn't seem statically detectable to me. Perhaps we could run everything in $PATH in virtual machines and log all network beyond localhost. So I made this experiment with Iceweasel. These are the requests it makes with a fresh profile, before you even type an URL: POST https://location.services.mozilla.com/v1/country?key=no-mozilla-api-key GET http://www.ebay.com/favicon.ico GET http://en.wikipedia.org/favicon.ico GET http://www.yahoo.com/favicon.ico GET http://www.google.com/favicon.ico GET http://www.amazon.com/favicon.ico GET http://www.yahoo.com/favicon.ico GET https://tiles.services.mozilla.com/v2/links/fetch/en-US GET http://www.yahoo.com/favicon.ico GET https://en.wikipedia.org/favicon.ico GET https://en.wikipedia.org/favicon.ico GET https://www.yahoo.com/favicon.ico GET https://tiles.cdn.mozilla.net/desktop/PL/en-US.dd461b9cdf65d101f61b5dddac1ce4996e8d91ca.json GET https://en.wikipedia.org/favicon.ico POST https://safebrowsing.google.com/safebrowsing/downloads?client=Iceweasel&appver=38.1.0&pver=2.2&key=no-google-api-key + a few dozens of GET requests to https://safebrowsing.google.com/ So nothing serious here. It's just casually violating your privacy. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150714230628.ga7...@jwilk.net
Re: The Spirit of Free Software, or The Reality
On Tue, Jul 14, 2015 at 04:21:07PM +0200, Wouter Verhelst wrote: > On Mon, Jul 06, 2015 at 02:10:08PM +0800, Paul Wise wrote: > > Perhaps we could run everything in $PATH in virtual machines and log > > all network beyond localhost. > > I look forward to not reading your emails anymore ;-P > > (or did I misunderstand something?) I think so; AIUI he was describing a test procedure to automatically check if anything in the archive initiates network connections without being asked. It's not a setup to run on a production machine; you are correct that the machine wouldn't be much use. Thanks, Bas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150714211847.gm8...@fmf.nl
Re: The Spirit of Free Software, or The Reality
On Mon, Jul 06, 2015 at 02:10:08PM +0800, Paul Wise wrote: > Perhaps we could run everything in $PATH in virtual machines and log > all network beyond localhost. I look forward to not reading your emails anymore ;-P (or did I misunderstand something?) -- It is easy to love a country that is famous for chocolate and beer -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150714142107.gd23...@grep.be
Re: The Spirit of Free Software, or The Reality
On Sat, Jul 04, 2015 at 07:40:28PM +0200, Jan Gloser wrote: > It would be really nice if we didn't have to care about money at all. Let's > say > you would make software and give it for free. If you needed a house, you would > go to someone who specializes in that and he would build the house for you, > for > free. If you needed shoes ... you get my point, right? Then we could live > like > a huge happy tribe, sharing everything we have. This is a very nice > philosophy. > It has a history though. It also has a name. Communism. And history has shown > us that communism on a large scale does not work. True. But you're confusing several matters. When "production" involves material goods, it's normal that you can't expect to get those goods for free. After all, if I give you an apple, or shoes, or a house, I no longer have that apple, shoes, or house, and so it is fair that I would expect some compensation for those goods. When "production" involves "copying digital information from one hard disk to another", then this is not the case anymore. If I allow you to copy some digital data off my hard disk onto yours, then in the worst case I've lost some of my time and less than a cent of extra electricity. I could ask you for compensation for those things, but most likely the time spent figuring out how much you'd owe me would cost both of us even more than what the original cost to me would've been. So it's likely better to just not charge you for that at all. Additionally, when in the free software world we use the word "free", we don't usually refer to price; instead, it is more likely that we refer to "freedom": your freedom to improve the software that I've given you. This is why Debian insists on not allowing non-free software into its archive; not because we are against money changing hands, but because we insist on the ability to modify and improve software. Speaking personally, I must say that I agree with your sentiment that there is nothing wrong or dirty about money. Money can be a good motivator for doing a job, and it can help people concentrate on a task at hand knowing that they don't have to worry about having a job. But that has nothing to do with freedom, nor the reason why we block non-free software of becoming part of Debian. -- It is easy to love a country that is famous for chocolate and beer -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26 signature.asc Description: Digital signature
Re: The Spirit of Free Software, or The Reality
Octavio Alvarez has written: > That could be the reason behind your analogy with communism, which turns out to be out of bounds. The Free Software community is > not against trade or capitalism at all. Maybe some individuals do, but that's another story. In fact, Free Software is legally based on > Copyright law. When I compared free software to communism I did not mean anything wrong about it so I apologize if that insulted anybody. I realize the word has a very negative "shade" for many people. What I had in mind were the principles that stood at the beginning of communism - not the twisted "implementations" that we could - and still can - see in some countries. Namely it is: 1) Cooperation of many on a common goal/product 2) Free distribution of the product to anyone (sometimes only inside the community but not always as is the case with debian) Communism can work in some instances - take a look at monasteries for example - often they are examples of a working communism, but that is relatively small scale. I just wanted to point out that this never worked on a LARGE scale, at least when the community is also supposed to reversely support all its contributors - because their life might depend on it. Cheers, Jan On Mon, Jul 6, 2015 at 8:10 AM, Paul Wise wrote: > On Mon, Jul 6, 2015 at 7:35 AM, Michael Gilbert wrote: > > > #786909 was absolutely not acceptable, and was treated as such. > > Social contract #1 remains in effect and will continue to do so in > > spite of day to day bugs that violate its spirit. > > It might be interesting to think about ways we can automatically > discover such problems in future. > > lintian has privacy checks but this kind of problem doesn't seem > statically detectable to me. > > Perhaps we could run everything in $PATH in virtual machines and log > all network beyond localhost. > > -- > bye, > pabs > > https://wiki.debian.org/PaulWise > > > -- > To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: > https://lists.debian.org/caktje6h7qdbrxtefqvreowqehjrrebnnpbaimdbqd2yrb0c...@mail.gmail.com > >
Re: The Spirit of Free Software, or The Reality
On Mon, Jul 6, 2015 at 7:35 AM, Michael Gilbert wrote: > #786909 was absolutely not acceptable, and was treated as such. > Social contract #1 remains in effect and will continue to do so in > spite of day to day bugs that violate its spirit. It might be interesting to think about ways we can automatically discover such problems in future. lintian has privacy checks but this kind of problem doesn't seem statically detectable to me. Perhaps we could run everything in $PATH in virtual machines and log all network beyond localhost. -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caktje6h7qdbrxtefqvreowqehjrrebnnpbaimdbqd2yrb0c...@mail.gmail.com
Re: The Spirit of Free Software, or The Reality
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/06/2015 01:35 AM, Michael Gilbert wrote: . . . > Social contract #1 remains in effect and will continue to do so in > spite of day to day bugs that violate its spirit. ^ best answer ever! > Best wishes, Mike > > Cheers, zlatan - -- It's not the COST, it's the VALUE -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJVmcZOAAoJEC5cILs3kzv9GtcQAJ77VtAPqMp1cdftgqOBfx6a EGvIXKUaUpbbhD8Z9/IFusEXt7/suIt+x7HbLsB0uAW97FDdWDJKxlo/ez/A7kBx LUXlcLEzZ23qzo2c0AuJj7YqfmgoiN6vAT8qmhk9Tfsll2GzWtvJkMldyIY3Y0yA WitQnRVc+XihjG8jRho/WnpX+jUz8DxA+EC8J1xveuNVNNL75UixeK70LD6VvP2U bFLpFrzPCDG/KPPm/z61Uyy7M1bNyuz1ZFvGRzVmdUFYcmowvUJxJwyOmGc5yvQS 8e4El7wuha7zxMXDVkiSs2NOm//tiys8vejdTrLqQ/4oAPEycaHA1hLQrYY4Ki2J jzAMupggqhsEgqovQhztJ22J0yNPNzUAN/hpPJeDJFuQv35YjEEgcEU9TtCfZ6Qf n0rW15sQOjmOKHxd7P8aElbCrtG2BfT3KPx56NnmLtXa1fGxc6xIogDrF90qeHNx Nu9i90Y6b0b3bqx8E6RgEjazKr3Whzb8inJJeSjLfj/oQ6U9jhdH0yTJHUKkmXqx yrhKKXDdDlacTnnSMoo2odZv7/IoAEdUjSDXi3uSWwvucAhikHcRX6xNCSX5B1wF g+P+731ojFfuMfS3mgWiz8h1hRv9tpynyFZ91W0eZM4EAuVSU6twsJ4Fs4Eg/D2y +ZVe00bGpCAo+jsA3q3G =B/Y/ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5599c64f.30...@riseup.net
Re: The Spirit of Free Software, or The Reality
On Sun, Jul 5, 2015 at 12:29 AM, lumin wrote: > For example, the Chromium: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909 > What if we constantly keep feeling free to use non-free blobs, > and get compromised with those suspicious weird binary blobs, > and those odd software behaviours? #786909 was absolutely not acceptable, and was treated as such. Social contract #1 remains in effect and will continue to do so in spite of day to day bugs that violate its spirit. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=mm3xundr1e5ru7g-cj7ajzeaoyiodcnjie-m7cunwb...@mail.gmail.com
Re: The Spirit of Free Software, or The Reality
On 07/04/2015 10:40 AM, Jan Gloser wrote: I am not an active member of the debian community, just a listener on this thread, but you got my attention. I also admire free software makers although I think one must always keep in mind the reality of the world and the rules of the game called 'trade'. (snipped the rest of the message) It appears to me that throughout your reply you used the word "free" to refer to zero price. In Lumin's original post he was not referring to price, but to freedom. I personally know people that have businesses based on free(dom) software, and I know people that get paid for implementing and customizing Free Software, for example. That could be the reason behind your analogy with communism, which turns out to be out of bounds. The Free Software community is not against trade or capitalism at all. Maybe some individuals do, but that's another story. In fact, Free Software is legally based on Copyright law. When RMS emphasizes about "freedom, not price" it means precisely that, but the message could not be so obvious. For example, we in Spanish call it "Software Libre" as opposed to "Software Gratis". Many people use it because it has zero price and that's ok too, but when people ask me if a piece of software is "gratis" (for free) I reply that yes, but furthermore, it is also "libre" (liberty). Compare, for example, with the Flash player for Windows, which you can download for free but you don't have a legal freedom to create derivative copies. That's not what we are talking about. Best regards. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55998521.2070...@alvarezp.org
Re: The Spirit of Free Software, or The Reality
Hi all Free software stands for a high qualitative product. It isn't at least of the collaborative model it uses, everybody can contribute as much as he want. And it won't be a last technological progress that will free man kind from its responsibilities. Anything other than openness isn't acceptable or justified, it would be just parasism and this is how capitalism doesn't work ... cheers, Joël On Sun, Jul 5, 2015 at 10:17 AM, Ben Finney wrote: > lumin writes: > > > Besides, some Free Software Licenses don't prevent people from selling > > them for profit, and so does Debian GNU/linux itself. > > Indeed, if a license restricts charging a fee when redistributing the > work, it is by definition (FSF and DFSG) not a free license. > > The work is only free if recipients are free to charge a fee – of any > size – for redistributing the work. > > -- > \ “Progress might have been all right once, but it's gone on too | > `\long.” —Ogden Nash | > _o__) | > Ben Finney > > > -- > To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: https://lists.debian.org/85zj3bxbl5@benfinney.id.au > >
Re: The Spirit of Free Software, or The Reality
lumin writes: > Besides, some Free Software Licenses don't prevent people from selling > them for profit, and so does Debian GNU/linux itself. Indeed, if a license restricts charging a fee when redistributing the work, it is by definition (FSF and DFSG) not a free license. The work is only free if recipients are free to charge a fee – of any size – for redistributing the work. -- \ “Progress might have been all right once, but it's gone on too | `\long.” —Ogden Nash | _o__) | Ben Finney -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/85zj3bxbl5@benfinney.id.au
Re: The Spirit of Free Software, or The Reality
On Sat, Jul 04, 2015 at 07:40:28PM +0200, Jan Gloser wrote: > So from my perspective - feel free to use non-free software, but remember > to pay for it, at least if the price is reasonable ;-). What to do with non-free software that doesn't require payment? It's the matter the original message was talking about, after all. -- WBR, wRAR signature.asc Description: Digital signature
Re: The Spirit of Free Software, or The Reality
Hi Jan Gloser and debian-devel, First I'd like to repeat a point on my view: * Free Software != Software can be legally used without charge Besides, some Free Software Licenses don't prevent people from selling them for profit, and so does Debian GNU/linux itself. The key of freesoftware is not only if it takes charges, but the software freedom it gave to users (including free of charge). Indeed everyone can use non-free software, but once we compromised more, the non-free software producers would bite more. For example, the Chromium: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909 What if we constantly keep feeling free to use non-free blobs, and get compromised with those suspicious weird binary blobs, and those odd software behaviours? Maybe some producers will make more "unconditionally downloads" and so on in their softwares. Then trust becomes a problem. At this point we who compromised need fighters like RMS. However, if people think the same, who speak for software freedom, who fight for itself's software freedom? The best candidate is oneself, but I, compromised !! Generally it's hard to find an optimized equilibrium solution, between belief and survival; software freedom and reality. On Sat, 2015-07-04 at 19:40 +0200, Jan Gloser wrote: > Hello Lumin, > > > I am not an active member of the debian community, just a listener on > this thread, but you got my attention. I also admire free software > makers although I think one must always keep in mind the reality of > the world and the rules of the game called 'trade'. > > > > Software is a product like any other. It requires care, time and > considerable effort to develop. With the advent of cheap, affordable > computers people somehow started to think that everything in this > domain should be free. Well, I don't really think so. If you go to the > market and want to get some apples, it's only fair that you pay for > the apples. It's your way to say to the apple-seller: Hey, I > appreciate what you're doing. Take the money and continue growing and > delivering apples so that me and people like me can buy them when we > want. I think non-free software is not inherently bad. Every > programmer likes to get paid (or at least I do). Programmers usually > get paid a lot and that gives them some room - that allows them to > give something back for free. But you must carefully decide where the > line is - what you can give for free and what you must charge others > for. Because the reality is there. If you give everything for free you > won't be able to survive in this global 'game of monopoly' that we are > all playing - and that also means you won't be able to give ANYTHING > back. > > > I think the free software movement is partly an outgrowth of the times > when just a few people really had the software-making know-how, or a > few companies. And these companies charged ridiculous prices. It's > very good that these companies have competition today in the form of > free software so that users can ask: Hey, this software I can get for > free. What extra can you give me? Why do you charge so much? I am > definitely against over-pricing. But I am also definitely not against > charging a reasonably price. > > > It would be really nice if we didn't have to care about money at all. > Let's say you would make software and give it for free. If you needed > a house, you would go to someone who specializes in that and he would > build the house for you, for free. If you needed shoes ... you get my > point, right? Then we could live like a huge happy tribe, sharing > everything we have. This is a very nice philosophy. It has a history > though. It also has a name. Communism. And history has shown us that > communism on a large scale does not work. > > > So from my perspective - feel free to use non-free software, but > remember to pay for it, at least if the price is reasonable ;-). And > if it is not - make a better alternative and either charge for it or > give it away for free. All depends on how much money you need for your > own survival. > > > Cheers, > > Jan > > > On Sat, Jul 4, 2015 at 6:55 PM, lumin wrote: > Hello Debian community, > > I long for becoming a Debian member, always. However now I get > into > trouble with the problem of "Spirit of Free software or > Reality". > I wonder how Debian interprets it's "Spirit of Free Software". > (Certainly Social Contract and DFSG don't refer much detail) > > As we know, getting into the stage where as the same as > Richard.M.Stallman (i.e. Resists any non-free stuff, > thoroughly ) > is very hard for an ordinary person, as well as me. Even > though, > many people are trying their best to protect their software > freedom, > with several careful compromises to non-free blobs. > > Several years ago I was influenced by Debi
Re: The Spirit of Free Software, or The Reality
> In the same way, I'm pretty sure is perfectly possible to make money > developing free software. You just don't charge for selling copies or > licenses, but instead you charge for developing new custom features or > offering support and consultancy around the software. True, but you would make much less money than if you charged individual users. If you only worked on a small software project, you would make nothing at all. pgpTrPwsK_LCk.pgp Description: PGP signature
Re: The Spirit of Free Software, or The Reality
On 04/07/15 19:40, Jan Gloser wrote: > computers people somehow started to think that everything in this domain > should be free. Well, I don't really think so. If you go to the market and > want to get some apples, it's only fair that you pay for the apples. It's > your way to say to the apple-seller: Hey, I appreciate what you're doing. > Take the money and continue growing and delivering apples so that me and > people like me can buy them when we want. I don't think comparing software with "apples" is fair. Software, like Music or any other digital good, costs money/time to be created in the first place, but then the cost of making copies of it is zero. On the other hand you can't copy an "apple" at zero cost. Doing a comparison with music: I think there should be possible for artists to release their songs under a free license and still make a living from it, for example, by doing live concerts. In the same way, I'm pretty sure is perfectly possible to make money developing free software. You just don't charge for selling copies or licenses, but instead you charge for developing new custom features or offering support and consultancy around the software. There are some good examples of companies that have built their business model around this, and they have proven that you can make good money developing free software. signature.asc Description: OpenPGP digital signature
Re: The Spirit of Free Software, or The Reality
Michael Ole Olsen has written: >Keep the profit at work, but I certainly wouldn't charge in my sparetime >If you code on something you are hired to do, then its fine you charge, because you can't say what you want to code on, your employeer >decides so I partly agree but what would you do if you were self-employed and thus YOU would decide what you work on? Would you not put a price on your products? How would you survive? What if you were a CEO of a company with employees who need to pay for their lodging, food, want to go out and have fun from time to time, some of them having children? Would you not want to have revenue? Then your company would soon bankrupt, your employees would be angry with you and it is likely you would end up at court. Or would you release your products as (seemingly) free and then pump ads to your users like many do (google/youtube, facebook, Skype) - well I think they are just afraid to state the simple truth to their users: "Yes, we need money to operate." If they could do that, their users would not have to see the ads (which have considerable size sometimes and some users actually have to pay the data depending on their ISP). Yes you are right that greed on the producer side is a bad thing and we could have a lot of things working better if the community could have the source codes and stuff. I believe this is the case of some firmware. But I would also point out that greed is also on the consumer side. Everyone wants to have software for free. People don't like to pay. Sure, some can't pay and then it's wonderful they can get a free product. But some CAN pay and still are reluctant to do it and they keep thinking that one should just not pay for software - probably because it is made by the guys with big bellies, driving Porsches, sleeping with the hot models and never running out of money (well, not really I don't know what they think :-) ). Especially when you think about games where the effort and know-how to make them is just tremendous, I don't think that's right. Cheers, Jan On Sat, Jul 4, 2015 at 9:55 PM, Andrey Rahmatullin wrote: > On Sat, Jul 04, 2015 at 07:48:26PM +0200, Michael Ole Olsen wrote: > > non-free, only the developer wins, and those that have enough money to > buy > > > > free software lets poor countries use pcs. > You are making a grave mistake here (and below). Should I point it to you? > > -- > WBR, wRAR >
Re: The Spirit of Free Software, or The Reality
On Sat, Jul 04, 2015 at 07:48:26PM +0200, Michael Ole Olsen wrote: > non-free, only the developer wins, and those that have enough money to buy > > free software lets poor countries use pcs. You are making a grave mistake here (and below). Should I point it to you? -- WBR, wRAR signature.asc Description: Digital signature
Re: The Spirit of Free Software, or The Reality
>I'm afraid you are terribly wrong with that comparison. You sound like an US citizen that, by historical means, brings everything that >does not completely value capitalism close to communism. Really strange for the rest of the world. Maybe I am wrong with the comparison, maybe not. But I am not a US citizen :-). Quite the contrary. I'm a citizen of the Czech Republic which is a post-communist state. I greatly value when people are willing to do something for others wanting nothing in return. But I also see nothing wrong about selling. On Sat, Jul 4, 2015 at 8:36 PM, Hendrik Sattler wrote: > > > Am 4. Juli 2015 19:40:28 MESZ, schrieb Jan Gloser < > jan.renra.glo...@gmail.com>: > >This is a very nice philosophy. It has a history though. It also has a > >name. Communism. And history has shown us that communism on a large > >scale does not work. > > I'm afraid you are terribly wrong with that comparison. You sound like an > US citizen that, by historical means, brings everything that does not > completely value capitalism close to communism. Really strange for the rest > of the world. > > HS > >