Re: forums, mailing lists and other tools

[Paul Hänsch]

On Thu, Jan 18, 2018 at 07:27:19PM +0100, Carsten Agger wrote:
> Technically, with browser plugins, if the JavaScript is available in a
> non-minimized form, it /is/ possible to modify it as it runs in your
> browser. If you interact with a number of specific sites, you could even
> program these modifications in your own plugins.

This would cover Freedom No. 3.

It would even cover it badly, because the site might require you to update the
script anytime to function any further. You could only do this for known
scripts, keeping up with all the modifications around would be an overwhelming
task. This bares no comparison with actual document standards, where viewing a
new document does not require a software update.
It leaves the task of reviewing arbitrary changes and keeing up with authors
decision to the user, who is forced to either keep up, or become unable to use
a site. The relation of dependence here is fundamentally different, from what
we are used from desktop software, and...

> So in that way I don't see how JavaScript collides with the Free Software
> Definition if it's under a free license. Of course, it should be that -
> releasing software under a non-free license is never morally acceptable.

The relation of dependence is also fundamentally different from what we expect
Free Software Licenses to provide in a classic case. Those licenses do not do
in relation to browser side scripting, what they usually do in relation to
software running independently from a service.

> And note, with this I'm only defending JavaScript for building user
> interfaces, which I think is far too powerful a tool to be discarded;
> generally, the Web is far too powerful a technology to be discarded.

I believe this is a great misunderstanding. Scaling websites to different
screen sizes, building menues, building responsive dialogs, play video, etc.
does not require the use of JavaScript. For building user interfaces it is
simply a sign of bad quality. Web standards to enable those features have been
around for at least half a decade, and are nowadays well supported by
browsers. Yet websites are increasingly forcing users to enable JavaScript for
the most mundane features, just to remain usable. Many web services associated
with Free Software make no exception, and are in my view a big part of the
problem.

> With this, however, I'm not defending tracking & advertising JavaScript - my
> personal hope is that Internet advertising dies, and I don't care at all if
> it takes Google etc down with it.

It is not just advertising anymore, and it is not going to die anytime soon.
Unfortunately it is perfectly legal to pack any number of antifeatures into a
Program under a Free Software license. Free Software was meant to prevent this
arrogance by software authors, yet as a Free Software community we have grown
accustomed to letting it slip, especially on the web.

> > Furthermore, strong separation of the browser from the rest of the system,
> > even if it were possible, hardly leads to a gain where this browser and the
> > websites I visit are the focus of my work.

> Aren't we all in some way depending on the Web for our work these days?

My point exactly. The idea of a "sandbox" is, that within its boundaries a
system can be allowed to do any damage, and it should not affect our work
outside this sandbox. Yet when our work happens within the sandbox in the
first place, "sandboxing" becomes ridicoulous as an excuse for running
untrusted software.

> I mean, those of us who work in software. The separation is a good idea
> because we hope the sandboxing can protect us from the potentially malign
> effects of software originating from other people's computers. The
> alternative would be to only visit sites we have reason to trust or only
> have passive HTML pages.

HTML pages need not to be passive in any way, and to provide a service with a
dynamic website it is still not necessary to execute programs on a users
computer.

> The first of these alternatives is kind of infeasible (because why *would*
> you trust your bank, airlines, travel agencies, grocers etc.,
> indiscriminately, together with all of their employees),  and the second
> doesn't appear to be necessary - and as I said, I see many advantages in
> being able to construct software with JavaScript.

My argument goes not against JavaScript as an application language. It is as
good a programming language as any, and can be suitable for applications which
are installed and run by a user as such.

My argument goes against contrabanding applications as documents for no good
reason at all. The web as a library of interlinked documents is too powerful a
technology to be discarded to the mindset of software authors viewing
themselfes as patron and minister over consumers.

-- 
Paul Hänsch █▉Webmaster, System-Hacker
  █▉█▉█▉  
Jabber: p...@jabber.fsfe.org▉▉ Free 

Re: forums, mailing lists and other tools

[Carsten Agger]

On 01/18/2018 06:32 PM, Paul Hänsch wrote:

On Thu, Jan 18, 2018 at 04:34:50PM +0100, marc wrote:

The client-side Javascript to me is not a relevant issue anymore since JS is an 
open standard and browsers are sandboxed these days.

I'd like to disagree with this statement.

I fully agree with Marc here.

I would also like to add a more technical note.

That is that no amount of sandboxing exempts a program from havig to follow
the Free Software Definition in order to be considered Free Software.

Other than HTML documents and their stylesheets, JavaScript elements are by
themselfes programs. Although in a different context the issue of
Tivoization[1] has shown a decade ago that compliance to a license does not
guarantee compliance to this set of statements which constitute a spirit
rather than a law.

[1]https://en.wikipedia.org/wiki/Tivoization

Coercing a user into running specific code in order to view information from
your website, leaves this user powerless in regard to this code. The mere
permission to serve a modified copy on my own site, and force it over other
people in turn, does not change my standing toward the original source, as it
would do with desktop software.
Technically, with browser plugins, if the JavaScript is available in a 
non-minimized form, it /is/ possible to modify it as it runs in your 
browser. If you interact with a number of specific sites, you could even 
program these modifications in your own plugins.


So in that way I don't see how JavaScript collides with the Free 
Software Definition if it's under a free license. Of course, it should 
be that - releasing software under a non-free license is never morally 
acceptable.


And note, with this I'm only defending JavaScript for building user 
interfaces, which I think is far too powerful a tool to be discarded; 
generally, the Web is far too powerful a technology to be discarded.


With this, however, I'm not defending tracking & advertising JavaScript 
- my personal hope is that Internet advertising dies, and I don't care 
at all if it takes Google etc down with it.



Furthermore, strong separation of the browser from the rest of the system,
even if it were possible, hardly leads to a gain where this browser and the
websites I visit are the focus of my work.


Aren't we all in some way depending on the Web for our work these days? 
I mean, those of us who work in software. The separation is a good idea 
because we hope the sandboxing can protect us from the potentially 
malign effects of software originating from other people's computers. 
The alternative would be to only visit sites we have reason to trust or 
only have passive HTML pages.


The first of these alternatives is kind of infeasible (because why 
*would* you trust your bank, airlines, travel agencies, grocers etc., 
indiscriminately, together with all of their employees),  and the second 
doesn't appear to be necessary - and as I said, I see many advantages in 
being able to construct software with JavaScript.


Best
Carsten


___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: forums, mailing lists and other tools

[Paul Hänsch]

On Thu, Jan 18, 2018 at 04:34:50PM +0100, marc wrote:
> > The client-side Javascript to me is not a relevant issue anymore since JS 
> > is an open standard and browsers are sandboxed these days.
> 
> I'd like to disagree with this statement.

I fully agree with Marc here.

I would also like to add a more technical note.

That is that no amount of sandboxing exempts a program from havig to follow
the Free Software Definition in order to be considered Free Software.

Other than HTML documents and their stylesheets, JavaScript elements are by
themselfes programs. Although in a different context the issue of
Tivoization[1] has shown a decade ago that compliance to a license does not
guarantee compliance to this set of statements which constitute a spirit
rather than a law.

[1] https://en.wikipedia.org/wiki/Tivoization

Coercing a user into running specific code in order to view information from
your website, leaves this user powerless in regard to this code. The mere
permission to serve a modified copy on my own site, and force it over other
people in turn, does not change my standing toward the original source, as it
would do with desktop software.

Furthermore, strong separation of the browser from the rest of the system,
even if it were possible, hardly leads to a gain where this browser and the
websites I visit are the focus of my work.

-- 
Paul Hänsch █▉Webmaster, System-Hacker
  █▉█▉█▉  
Jabber: p...@jabber.fsfe.org▉▉ Free Software Foundation Europe


signature.asc
Description: PGP signature
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: breaking bad habits like Doodle and Facebook with plugins?

[Paul Boddie]

On Wednesday 17. January 2018 11.56.21 Daniel Pocock wrote:
> 
> One thing that comes to mind: are there browser plugins and Thunderbird
> email plugins that can help people avoid visiting or linking to things
> like Facebook, Meetup, Twitter and Doodle?  I'm not talking about giving
> electric shocks through the keyboard, maybe just a popup alert would be
> enough.  This could be a far more effective way of helping members of
> the community improve their habits and it can step in just at the moment
> when they really need it.  The reality is, many people don't
> deliberately do these things and they would change with just a little
> bit of help.

It seems like a niche problem, really, targeting people who know that using 
Facebook and friends can be problematic, but who make other people use these 
services for the usual reasons of "convenience", "popularity", and so on. (The 
distinction between going along with someone's Doodle invitation and actively 
sending one out to others is important here.)

If people are reaching for proprietary services instead of using something 
that is free and open, and if they know that they should be using the latter 
instead of the former, particularly because they advocate things like Free 
Software to others, then is it not just a case of self-discipline and having 
some ability to reflect on one's own image and integrity? If habits are so 
deeply ingrained, then might they also need to reflect on why this is?

Perhaps the free alternatives need improvement, for example. Or perhaps people 
feel that they cannot readily convince others to break their own habits. 
Perhaps they feel bad making a point that might be considered "ideological" 
(even though it is sound).

I participate in some forums where newcomers can occasionally be seen linking 
out to Facebook. I could understand that asking people not to do that might be 
seen as unkind, given that for some people Facebook is their gateway to the 
Internet (sadly and disturbingly enough) and I would be perceived as lecturing 
them. They might not have given their use of Facebook a second thought 
because, amongst other things, "surely everyone is on it".

But then again, the whole point of such forums is to have a place that people 
fully commit to in their collaboration, and if people choose to post stuff 
elsewhere and then expect others to go there to get a complete picture of a 
discussion or collaboration, then they undermine those forums. That can upset 
the people who set such forums up, partly because it starts to look like 
people are just using them to get what they want and not give anything back.

(There are also interesting observations to be made about eBay, and how that 
can be a harmful influence within the scene in question and on those forums, 
too. When it seems like people are using a resource as an advertising medium 
to make more money, that can really focus the mind around ethics, rules, and 
what is considered acceptable behaviour.)

So, why is it that Free Software advocates want to use proprietary services? 
Are they dissatisfied with free and open solutions for a good reason? Do they 
need to set such things up and so see them as a distraction? Do they have a 
disagreement with the developers of such solutions at some level? Or are they 
just unaware that solutions exist for their needs?

This last issue is perhaps the only thing I can think of where a plugin as 
described might be genuinely helpful, but it seems to me that addressing these 
issues is a lot more constructive than administering a slap on the wrist, even 
if that is what some people might want.

Paul
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: forums, mailing lists and other tools

[marc]

> The client-side Javascript to me is not a relevant issue anymore since JS is 
> an open standard and browsers are sandboxed these days.

Hi

I'd like to disagree with this statement.

Mandating javascript is a problem for several reasons:

 * Webbrowsers have gotten enormously complex, and not
   by accident: In my view this is a result of the fight
   of initially netscape and microsoft, and now google and
   microsoft for control of the web - piling on features
   appears to have been a strategy to place the opponent
   on the back foot. Even if a particular snippet of
   javascript happens to be GPLv3'ed, the infrastructure
   running in support of it (eg, the web browser) is
   probably not. Trying to keep up with this feature race
   is a red queen problem, and soaks up precious developer
   time - I would argue this is by design.

 * The complexity of a browser (almost certainly the
   largest piece of software running on most computers)
   means that securing the sandbox is hard. I would say
   impossibly hard. The recent Spectre class security 
   issues illustrates this nicely.

Then there are other problems, which aren't directly related
to free software issues, but may be relevant to people who
would like to use computers ethically:

 * The unnecessary bloat of contemporary web browsers means
   that computers have to be upgraded often and consume too 
   much power. Without this a computer from a decade ago would
   be perfectly serviceable. Individually this is a minor
   issue, but in total this is a significant environmental
   problem.

 * The majority of javascript run is not for the benefit
   of the owner of the computer, but to track, spy on and
   manipulate the viewer. Much has been said on surveillance
   capitalism, and I won't repeat it here. But an effective way
   of opting out of much this is to disable javascript 
   completely. If javascript is mandated by the free software 
   community then it becomes that much harder to opt out.

I understand that many programmers develop for the web, that
maybe some on this list regard "being a javascript developer"
as part of their core identity, and so might regard these
statements an attack on themselves personally. But this is
hardly a unique position - coal-powerplant builder, land-mine
manufacturer and even butcher or just fisherman all have to
face these questions, programmers should not be excluded from
those concerns.

regards

marc
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: breaking bad habits like Doodle and Facebook with, plugins?

[Mat Witts]

On 18/01/18 13:06, Stephane Ascoet wrote:
> These are two of the main differences between libre software
> advocacies(Linus Torvalds and Eric Raymond for the first, RMS for the
> second) and I think it would be hardly solved now and here..
I think the Torvalds / RMS split is an example of this internal
inconsistency playing out, yes.

I suspect though that each person is intelligent enough to see it as an
internal contradiction within the FS movement that cannot be resolved
dogmatically by either coming down on one side or the other - but ought
to be left open for individual activists to work through in their own
lives without reference to either luminary.

It seems to me there is not a black and white moral fence that we need
to jump over to acheive a fairer society but a moral and functional
gradient available, and that ought to be left to individual activists to
work out for themselves what is right for them in the conditions they
are most concerned about.

For a debian developer, having software that secretly connects to
proprietary surveillance / telemetrics would I think be totally
unacceptable, but for a 'free', progressive web app games developer, the
use of the FB API just for login for example to boost adoption may be
acceptable for them, and both ought to be able to identify fully with
the FS movement in an egalitarian way.

The point being that the role of the FS activist needs more room to
maneuver than is often admitted in forums, and apologists for modest use
of proprietary software perhaps ought not to have to contend with the
ridicule and moral crusading that comes with more zealous standards in
pursuit of an imagined utopia of total proprietary software annihilation
when a more modest goal would perhaps be better for computer users,
developers and society more generally?

The idea of 'good' and 'bad' here then is problematic because it is a
moral judgment being made about software when we know free software can
be used to accelerate terrifying consequences and also the reverse is
also true - in the case where a discussion about the benefits of free
software could easily take place on a proprietary platform like Facebook
for example.

The fundamentalist complaint then is about deflating the moral
categories of a liberal lifeworld, and turning the critique on those
that would use the rhetoric of software freedom to control and
manipulate computer users in that way, which is possibly as 'unhelpful'
(or if you like - 'reprehensible') as the 'evil' of Facebook and the likes?

If you have ever wondered why people are suspicious of the Free Software
message then this would be by wager, that the FS movement hasn't yet
reconciled its own internal contradictions on the issue of what software
freedom includes (in that it cannot exclude proprietary software on
moral grounds, but only through technical measures such as some versions
of copyleft) but until it does, not many will want to listen to the
messages Torvalds or RMS would prefer they hear?
 
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: breaking bad habits like Doodle and Facebook with, plugins?

[Adonay Felipe Nogueira]

Using technological measures to purposely prevent someone to use
non-free software, or to connect to sites not friendly to free/libre
software, if and only if for the sake of "keeping software freedom" is
indeed problematic. This paragraph must not be confused with:

- not recommending a given item;

- recommending another instead;

- refusing to give support/help upon finding out that the involved item
  is non-free;

- disabling or modifying features that would by default recommend a
  non-free item.

In free/libre software projects this kind of blockage tend to happen not
by purpose (/e.g./: GNU Linux-libre), and so are considered a bug.

2018-01-18T13:13:51+ Mat Witts wrote:
> I agree that is is not axiomatic under all conditions, and is only
> salient in restricted circumstances - for example when FS adviocates
> attempt to manipulate computer users towards software they believe is
> better (ie/ free software) or prevent people connecting to proprietary
> software (eg. like the sort of javascript etc. on Facebook).
>
> My complaint was about the obvious problem of FS advocates seeking to
> manipulate computer users, albeit in the name of freedom through the
> use of plugins etc.
>
> The comparison you make I believe is 100% apt in terms of the right
> for a human person to sell themselves into slavery if they wish, yes.
>
> I think there is an element of this in many work and life contexts -
> at least in terms of employment contracts and in the social contract
> where we agree to follow the laws of the state even if we do not agree
> with them on the grounds that if we don't, we may well be punished.
>
> Where you miss the point I think is that I am not suggesting that
> people should have the right to deny others rights and freedoms, but
> rather in pursuing the just cause of software freedom, some activists
> go to far and inflate this well-intentioned and important work into
> manipulation of computer users, which is to deny the rights and
> freedoms of others to connect to Facebook for example.
>
> This is evident through the sorts of technologies discussed in this
> thread, in preventing people from connecting to proprietary software
> in an automated fashion.
>
> I say this because I feel strongly if FS advocates give up the moral
> issue of computer user freedom and software developer freedom in their
> advocacy, then that is a self-defeating activity.
>
> In contrast to your view, I believe that unless the FS movement treats
> rights and freedoms as something that MUST be negotiated individually,
> computer user freedom and free software will be unobtainable for the
> the individuals who are being manipulated into using software (free or
> otherwise) that isn't respecting their freedoms as much as is claimed.
>
> I'm not a staunch individualist, because I believe the rights of the
> human person in some circumstances must fold into what is best for
> society, especially in areas of public health and education and so
> forth, and the options of the individual to opt out of freedom is a
> fundamental prerequisite for both liberal and not-so-liberal education
> programs everywhere.

-- 
- https://libreplanet.org/wiki/User:Adfeno
- Palestrante e consultor sobre /software/ livre (não confundir com
  gratis).
- "WhatsApp"? Ele não é livre. Por favor, veja formas de se comunicar
  instantaneamente comigo no endereço abaixo.
- Contato: https://libreplanet.org/wiki/User:Adfeno#vCard
- Arquivos comuns aceitos (apenas sem DRM): Corel Draw, Microsoft
  Office, MP3, MP4, WMA, WMV.
- Arquivos comuns aceitos e enviados: CSV, GNU Dia, GNU Emacs Org, GNU
  GIMP, Inkscape SVG, JPG, LibreOffice (padrão ODF), OGG, OPUS, PDF
  (apenas sem DRM), PNG, TXT, WEBM.
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: forums, mailing lists and other tools

[Adonay Felipe Nogueira]

I see this JS issue as somewhat more problematic than it is, perhaps
because I'm too much in the website visitor/guest side? :D

These are the notes I have taken so far on the subject:

1. most web developers nowadays don't have stablished a standard as to
   how to display copyright and license notices in the JS *files* (.js)
   that are executed client-side. If they do have such, it's not machine
   readable, nor understandable by non-tech humans (because the notices
   will be too short, shorter than what the license actually recommends
   for the sake of the understandable;

2. most overlook the fact that their HTML (.html) pages might possibly
   have in-page JS through DOM/HTML event handlers, so the entire HTML
   file would be licensed accordingly.

3. Under the W3C HTML specification ([2]) and the ECMAScript
   specification ([3]), there is *no requirement* for the web
   browser/user-agent to offer, instead of blindlessly executing the
   code:

   - immediate display of copyright and license information for the
 end-user;

   - a warning of non-free software if the previous information is
 absent due to lazyness of the website owner;

   - button to download complete corresponding source;

   - button to black list the software;

   - button to white list the software;

   - a repetition/loop of the previous items for every JavaScript
 code/script that appears in a given page, including when there is
 an update in the script.

   The W3C HTML specification does describe the expected way a
   user-agent should behave, but it doesn't include anything related to
   the functions described in the previous unnumbered items (see [2]
   again).

4. GNU LibreJS (and its documentation, third-party guides, and also the
   mailing list) exist to try to stablish a standard on how to improve
   (2), but traditional proprietors simply get annoyed for no reason
   instead of trying to understand it and help make it better;

5. I'm still waiting for the resolution of an issue in one of FSFEs
   repositories ([1]) and also on the result of an improvement (with
   patches) that I sent privately to some other organization (which also
   has a legal team) which has an important campaign website with some
   licensing issues (even involving license compatibility), to reach
   back to me and tell what was decided. But as far as I have studied,
   MIT --- truly, either Expat or X11 licenses, and although MIT never
   made a license, historically they used various ones, and some are
   non-free, this is not the case for Expat nor for X11 ---, BSD ---
   considering only the free ones for simplicity --- and
   lax/permissive/non-copyleft licenses might require the full license
   to be keep as the license notice, thus making their notices longer
   than GPL-and-variants (even if one considers that at least in the
   latest version of GPL-and-variants, they have an exception that you
   can declare/use in the notice to not be obligated to transfer a full
   copy of the license to the site guest/visitor, whereas other licenses
   don't have such shortcut).

   Continuing the previous paragraph, it must be noted that it's still
   under pending status both in FSFE issue tracker and in the other
   organization's campaign website, so the issue isn't confirmed yet. I
   described the situation and study to Jason "jxself" Self in #peers at
   chat.freenode.net IRC, and he made an addendum describing that he
   thinks that the issue is non-existing since under a (hopefully not
   needed) judgement, the judge can use the argument of estoppel to have
   the lazy copyright holder (the one which uses shorter-than-required
   notices such as "Licensed under SomeLicense") to comply with the
   license used regardless. However, while this "Licensed under
   SomeLicense" would be legally valid, it still doesn't tell anything
   of understandable to the site visitor/guest.

6. Thanks to the existance of Meltdown/Spectre vulnerabilities --- which
   impact Intel, AMD, ARM and every processor with speculative execution
   enabled --- sandboxed JS execution might not be enough to protect the
   visitor/guest from attackers attempting to access private
   information. And while today a given JS can be trusted by the
   visitor/guest for a given website, the possibility of an intruder to
   make some change in the script's source and it being automatically
   accepted by the visitor/guest makes the situation worse.

Depending on how the Discourse project does provide their
visitor/guest/user-facing JS, then these items might have to be taken
into account. Considering only client-side safety, item (6) is an issue
as long as the page is allowed to have client-side JS.

[1] .

[2]
.

[3] .

2018-01-18T10:13:03+0100 Mirko Boehm wrote:
> Hello there!
>

Re: breaking bad habits like Doodle and Facebook with, plugins?

[Mat Witts]

> I don't find this argument very strong at all.

I agree that is is not axiomatic under all conditions, and is only salient in 
restricted circumstances - for example when FS adviocates attempt to manipulate 
computer users towards software they believe is better (ie/ free software) or 
prevent people connecting to proprietary software (eg. like the sort of 
javascript etc. on Facebook).

My complaint was about the obvious problem of FS advocates seeking to 
manipulate computer users, albeit in the name of freedom through the use of 
plugins etc.

The comparison you make I believe is 100% apt in terms of the right for a human 
person to sell themselves into slavery if they wish, yes.

I think there is an element of this in many work and life contexts - at least 
in terms of employment contracts and in the social contract where we agree to 
follow the laws of the state even if we do not agree with them on the grounds 
that if we don't, we may well be punished.

Where you miss the point I think is that I am not suggesting that people should 
have the right to deny others rights and freedoms, but rather in pursuing the 
just cause of software freedom, some activists go to far and inflate this 
well-intentioned and important work into manipulation of computer users, which 
is to deny the rights and freedoms of others to connect to Facebook for example.

This is evident through the sorts of technologies discussed in this thread, in 
preventing people from connecting to proprietary software in an automated 
fashion.

I say this because I feel strongly if FS advocates give up the moral issue of 
computer user freedom and software developer freedom in their advocacy, then 
that is a self-defeating activity.

In contrast to your view, I believe that unless the FS movement treats rights 
and freedoms as something that MUST be negotiated individually, computer user 
freedom and free software will be unobtainable for the the individuals who are 
being manipulated into using software (free or otherwise) that isn't respecting 
their freedoms as much as is claimed.

I'm not a staunch individualist, because I believe the rights of the human 
person in some circumstances must fold into what is best for society, 
especially in areas of public health and education and so forth, and the 
options of the individual to opt out of freedom is a fundamental prerequisite 
for both liberal and not-so-liberal education programs everywhere.

___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: breaking bad habits like Doodle and Facebook with, plugins?

[Stephane Ascoet]

Le 18/01/2018 à 12:41, Carmen Bianca Bakker a écrit :


I don't find this argument very strong at all.  What about a man's
rights to hold slaves?  What about a man's rights to sell oneself into
slavery?  I am aware that the comparison isn't 100% apt, but it relies
on the same core argument: People having the right to deny others rights
and freedoms, and people having the right to waive their rights and
freedoms.

If you start treating rights and freedoms as something that can be
negotiated individually, the "powerful" will misuse this to transfer the
rights of the "weak" over to them.

I'm a staunch individualist, but the individual right to opt out of
freedom is not one that I can comprehend or support.

Yours,

I share this. These are two of the main differences between libre 
software advocacies(Linus Torvalds and Eric Raymond for the first, RMS 
for the second) and I think it would be hardly solved now and here...


--
Sincerely, Stephane Ascoet

___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: forums, mailing lists and other tools

[Nikos Roussos]

> On 18/01/18 12:14, Carsten Agger wrote:
> 
>> 2. However, I find containers to be black magic. How can you trust them
>> to be 100% free software if you don't build them yourself? I honestly
>> don't know if Debian's packaging model is a perfect fit for distributing
>> JavaScript, which is, I suppose, why people have come up with npm etc.
> 
> I don't think it is about whether Debian's model is perfect or not
> 
> Rather, it is about people taking one or more of the following shortcuts:
> 
> - they want to use build tools that don't exist in Debian because they
> are not free software (e.g. jslint, jshint)

FWIW, none of these are build tools. These are just linting tools, that people 
use regardless of the packaging/build. I'm personally using ESLint, which is 
MIT licensed.

> - they want to use other JavaScript libraries that are not free software

I understand you point in this thread in general, but using npm or not using 
Debian packages doesn't necessarily equals using non-free software.

> - they don't want to spend time on little things like creating a proper
> install directory for their files because they just hack on them in
> their web server directory

No developer touches a web server directory. At least not on a proper 
deployment workflow. This is why people use things like package.json and 
npm/yarn to describe dependencies in an server (and distribution) agnostic way. 
And then use something like Ansible for deployment.

> - maybe they don't even release or version their code because they just
> hack on it as they please

It depends. For instance projects like Discourse do version their code. If you 
are talking about a website, usually there is no need for versioning, 
especially if you are using a CI/CD workflow.


~nikos
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: forums, mailing lists and other tools

[Daniel Pocock]

On 18/01/18 13:10, Carsten Agger wrote:
> 
> 
> On 01/18/2018 12:45 PM, Daniel Pocock wrote:
> 
>> If an organization like FSFE wants to know that the software,
>> dependencies and build tools are all really free software then the
>> "shortcut" to take is to use a Debian package because then you know
>> somebody has checked all those things.
>>
>>
> Discourse is under GPL v.2. Is there really a reason to doubt that it's
> truly free software?
> 


I don't want to comment on Discourse in particular because I haven't
checked it but many of the other web applications I've looked at offer a
similar free software license for the top-level project but when you
scratch under the surface you find at least one dependency or build tool
that is not free software.

For example, JSHint chose a free license (MIT) but because they copied a
file from JSLint they ran into trouble:

https://github.com/jshint/jshint/issues/1234

When I started looking at HOMER (GNU Affero v3), I found one bad library:

https://groups.google.com/d/msg/homer-discuss/Q-oWrHLTTBU/AaBTAax8DwAJ

So if you can't find every web application in Debian, that is probably a
good thing: it means Debian is saving you time by giving you a shortlist
of web applications that have already been checked and can be supported.

For any web application, even if everything in the stack is free
software, do FSFE volunteers have time to check it every time they take
a container directly from the developers of a project?  Or would you
prefer to save your time and rely on a distribution that does those checks?

One other thing I should have mentioned when Discourse mailing list mode
was mentioned: it is not really like a mailing list, it is more like
alpha/beta quality compared to real mailing lists.  It also obfuscates
the email addresses so people can't communicate privately or use PGP.

Regards,

Daniel
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: forums, mailing lists and other tools

[Carsten Agger]

On 01/18/2018 12:45 PM, Daniel Pocock wrote:


If an organization like FSFE wants to know that the software,
dependencies and build tools are all really free software then the
"shortcut" to take is to use a Debian package because then you know
somebody has checked all those things.


Discourse is under GPL v.2. Is there really a reason to doubt that it's 
truly free software?


Best
Carsten
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: forums, mailing lists and other tools

[Daniel Pocock]

On 18/01/18 12:14, Carsten Agger wrote:

> 2. However, I find containers to be black magic. How can you trust them
> to be 100% free software if you don't build them yourself? I honestly
> don't know if Debian's packaging model is a perfect fit for distributing
> JavaScript, which is, I suppose, why people have come up with npm etc.

I don't think it is about whether Debian's model is perfect or not

Rather, it is about people taking one or more of the following shortcuts:

- they want to use build tools that don't exist in Debian because they
are not free software (e.g. jslint, jshint)

- they want to use other JavaScript libraries that are not free software

- they don't want to spend time on little things like creating a proper
install directory for their files because they just hack on them in
their web server directory

- maybe they don't even release or version their code because they just
hack on it as they please

- they like to cut and paste bits of JavaScript from other sites without
checking the license

If an organization like FSFE wants to know that the software,
dependencies and build tools are all really free software then the
"shortcut" to take is to use a Debian package because then you know
somebody has checked all those things.

Regards,

Daniel
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: breaking bad habits like Doodle and Facebook with, plugins?

[Carmen Bianca Bakker]

Je 2018-01-18 10:30:47, Mat Witts  skribis:
> This type of complaint in the context of software is that an
> individuals or corporate's right to develop proprietary software is
> being 'drowned out' or 'silenced' by all this talk of software
> freedom.
>
> The argument is advanced by showing how exposure to free software
> either by blocking non-free, not providing non-free alternatives
> actually goes against the free exercise of computers users freedom to
> use proprietary software through denigrating it either from technical,
> moral, political, social, economic or philosophical perspectives.
>
> It seems timely to issue a reminder that all computer users must be
> allowed to opt out of Free Software too, to avoid the charge of
> contradiction or hypocrisy?
>
> Making Free Software mandatory for all and to victimize users who
> refuse to participate in Free Software is not only contradictory but
> will only marginalize users we are trying to educate.

I don't find this argument very strong at all.  What about a man's
rights to hold slaves?  What about a man's rights to sell oneself into
slavery?  I am aware that the comparison isn't 100% apt, but it relies
on the same core argument: People having the right to deny others rights
and freedoms, and people having the right to waive their rights and
freedoms.

If you start treating rights and freedoms as something that can be
negotiated individually, the "powerful" will misuse this to transfer the
rights of the "weak" over to them.

I'm a staunch individualist, but the individual right to opt out of
freedom is not one that I can comprehend or support.

Yours,

-- 
Carmen Bianca Bakker
en eo nl


signature.asc
Description: PGP signature
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: forums, mailing lists and other tools

[Carsten Agger]

On 01/18/2018 11:02 AM, Mirko Boehm wrote:

Hi,

On 18. Jan 2018, at 10:45, Daniel Pocock > wrote:


The real questions:

- can you trust a container to be available in the future the same
extent that you can trust a package in a stable Linux distribution?

- can you trust upstream developers to ensure they never put anything
non-free into their container images or does somebody have time to
verify the contents of those images on every update?

When you take something from an official package, it has usually been
looked at by a second set of eyes already.  If you cut that step out
then how long is it before non-free stuff creeps in?


These are real questions. I don’t have any answers for them. To me the 
issue of JS in web services is separate from them, though.



As a developer, I'd like to chip in on this:

1. There's no problem at all in web applications in JavaScript per se. 
JavaScript is a powerful tool, it's standardized as Mirko said, and of 
course JavaScript programs can give the four freedoms just as well as 
every other programming language. Minified versions (corresponding to 
compiled code) in deployments is also not a problem, since if it's free 
software the source code will also be available for whoever wants it.


Indeed, JavaScript-based web applications are a perfect candidate for 
the Affero GPL, and maybe they *should * be under the Affero GPL as a 
standard recommendation.


2. However, I find containers to be black magic. How can you trust them 
to be 100% free software if you don't build them yourself? I honestly 
don't know if Debian's packaging model is a perfect fit for distributing 
JavaScript, which is, I suppose, why people have come up with npm etc. 
in the first place. A non-broken NPM or a complete bundling of source 
code in releases (i.e., pull in the sources of all dependencies and be 
able to run the source version of all packages in developer mode) would 
be preferrable. Plone, for instance, tends to bundle its JavaScript 
itself and allows you to unbundle and unminify everything when debugging.


Best
Carsten
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: breaking bad habits like Doodle and Facebook with, plugins?

[Daniel Pocock]

On 18/01/18 11:30, Mat Witts wrote:
>> [...]
>> help people avoid visiting or linking to things like Facebook, Meetup, 
>> Twitter and Doodle?
>> [...]
> 
>> As well as blocking, does it give the user any encouragement to use
> alternatives?
> 
>> is there a way a plugin could reward people for doing the right thing?  
>> Rewards are more effective at bringing about change than criticism.
> 
> The anxiety and zeal around the adoption (or failure to adopt Free software) 
> among some programmers in the FS movement is I think a problem worthy of a 
> discussion itself since it seems to resemble the problems with 
> over-protective parenting. In Robin Norwood's 'Women Who Love Too Much' 
> (1985) we see:
> 
> 'In Praising and encouraging are very close to pushing, and when you do that 
> you are trying again to take control of his life. Think about why you are 
> lauding something he’s done. Is it to help raise his self-esteem? That's 
> manipulation. Is it so he will continue whatever behavior you're praising? 
> That's manipulation. Is it so that he'll know how proud you are of him? That 
> can be burden for him to carry. Let him develop his own pride from his own 
> accomplishments.'
> 
> There is, in short a similar potential for culture problems in the FS 
> movement which is about manipulation, control and influence over the lives of 
> computer users.
> 

Every time somebody posts a Doodle link on a mailing list somebody else
jumps on them for not using free software.

Many of these people actually want to promote free software but they are
making innocent mistakes.  They might choose to use a particular plugin
because they want to avoid making those mistakes again.  A plugin might
tell them their email includes a Doodle link before they click "Send".

If people choose to install the plugin and they already agree with the
objectives of the plugin, I wouldn't regard that as manipulation.


> My complaint then, is what I would describe as the 'FUNDAMENTALISTS 
> COMPLAINT' as in MOZERT V. HAWKINS.
>  
> Discussions about software freedom don't always result in freedom for the 
> user in the same way that the local school board in Hawkins County, Tennessee 
> in this case ended up being charged with denigrating a families religious 
> views.
> 
> This type of complaint in the context of software is that an individuals or 
> corporate's right to develop proprietary software is being 'drowned out' or 
> 'silenced' by all this talk of software freedom.
> 
> The argument is advanced by showing how exposure to free software either by 
> blocking non-free, not providing non-free alternatives actually goes against 
> the free exercise of computers users freedom to use proprietary software 
> through denigrating it either from technical, moral, political, social, 
> economic or philosophical perspectives. 
> 
> It seems timely to issue a reminder that all computer users must be allowed 
> to opt out of Free Software too, to avoid the charge of contradiction or 
> hypocrisy?
> 
> Making Free Software mandatory for all and to victimize users who refuse to 
> participate in Free Software is not only contradictory but will only 
> marginalize users we are trying to educate.
> 
> Facebook users are not seeking to impose their ideas on the FS movement and 
> generally do not have a problem with FS in principle or in practice.
> 
> These objections are at the heart of the Free Software movement and it's 
> important to keep in mind that Free Software will only grow if computer users 
> are exposed to it without being asked to give up proprietary software 
> entirely.
> 
> It's astonishing that the possibility of the ideal predicated on the complete 
> annihilation of proprietary software is so prevalent and is misinforming so 
> many FS activists.
> 
> It seems to me we should pay attention to the gains we have already made and 
> concentrate on those, and worry less about facebook users and the like and 
> trying to 'convert' them to a particularly disagreeable form of software 
> freedom which is more about computer user manipulation than computer user 
> freedom?
> 

Once again, people would choose to install the plugin.  Of course,
organizations could make it mandatory for their staff to use the plugin
but otherwise people are free to choose the plugins they install.

If people do make the decision they want the help of such a plugin then
it is important to make the plugin as useful as possible for them.

Regards,

Daniel
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: breaking bad habits like Doodle and Facebook with, plugins?

[Mat Witts]

> [...]
> help people avoid visiting or linking to things like Facebook, Meetup, 
> Twitter and Doodle?
> [...]

> As well as blocking, does it give the user any encouragement to use
alternatives?

> is there a way a plugin could reward people for doing the right thing?  
> Rewards are more effective at bringing about change than criticism.

The anxiety and zeal around the adoption (or failure to adopt Free software) 
among some programmers in the FS movement is I think a problem worthy of a 
discussion itself since it seems to resemble the problems with over-protective 
parenting. In Robin Norwood's 'Women Who Love Too Much' (1985) we see:

'In Praising and encouraging are very close to pushing, and when you do that 
you are trying again to take control of his life. Think about why you are 
lauding something he’s done. Is it to help raise his self-esteem? That's 
manipulation. Is it so he will continue whatever behavior you're praising? 
That's manipulation. Is it so that he'll know how proud you are of him? That 
can be burden for him to carry. Let him develop his own pride from his own 
accomplishments.'

There is, in short a similar potential for culture problems in the FS movement 
which is about manipulation, control and influence over the lives of computer 
users.

My complaint then, is what I would describe as the 'FUNDAMENTALISTS COMPLAINT' 
as in MOZERT V. HAWKINS.
 
Discussions about software freedom don't always result in freedom for the user 
in the same way that the local school board in Hawkins County, Tennessee in 
this case ended up being charged with denigrating a families religious views.

This type of complaint in the context of software is that an individuals or 
corporate's right to develop proprietary software is being 'drowned out' or 
'silenced' by all this talk of software freedom.

The argument is advanced by showing how exposure to free software either by 
blocking non-free, not providing non-free alternatives actually goes against 
the free exercise of computers users freedom to use proprietary software 
through denigrating it either from technical, moral, political, social, 
economic or philosophical perspectives. 

It seems timely to issue a reminder that all computer users must be allowed to 
opt out of Free Software too, to avoid the charge of contradiction or hypocrisy?

Making Free Software mandatory for all and to victimize users who refuse to 
participate in Free Software is not only contradictory but will only 
marginalize users we are trying to educate.

Facebook users are not seeking to impose their ideas on the FS movement and 
generally do not have a problem with FS in principle or in practice.

These objections are at the heart of the Free Software movement and it's 
important to keep in mind that Free Software will only grow if computer users 
are exposed to it without being asked to give up proprietary software entirely.

It's astonishing that the possibility of the ideal predicated on the complete 
annihilation of proprietary software is so prevalent and is misinforming so 
many FS activists.

It seems to me we should pay attention to the gains we have already made and 
concentrate on those, and worry less about facebook users and the like and 
trying to 'convert' them to a particularly disagreeable form of software 
freedom which is more about computer user manipulation than computer user 
freedom?

___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: forums, mailing lists and other tools

[Mirko Boehm]

Hi, 

> On 18. Jan 2018, at 10:45, Daniel Pocock  wrote:
> 
> The real questions:
> 
> - can you trust a container to be available in the future the same
> extent that you can trust a package in a stable Linux distribution?
> 
> - can you trust upstream developers to ensure they never put anything
> non-free into their container images or does somebody have time to
> verify the contents of those images on every update?
> 
> When you take something from an official package, it has usually been
> looked at by a second set of eyes already.  If you cut that step out
> then how long is it before non-free stuff creeps in?

These are real questions. I don’t have any answers for them. To me the issue of 
JS in web services is separate from them, though.

Best,

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellowship Representative, FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm

___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: forums, mailing lists and other tools

[Daniel Pocock]

On 18/01/18 10:38, Mirko Boehm wrote:
> Hello,
> 
>> On 18. Jan 2018, at 10:28, Daniel Pocock > > wrote:
>>
>>> The client-side Javascript to me is not a
>>> relevant issue anymore since JS is an open standard and browsers are
>>> sandboxed these days.
>>>
>>
>>
>> There is an issue:
>> a) if the JavaScript is distributed as minified blobs and we can't
>> rebuild it easily from source,
>> b) if a large application makes heavy use of things like the NPM
>> repository for its build process
> 
> Accepted. I always assume that software like Discourse is compliant with
> FOSS licenses, where minified JS code is not “the corresponding source
> code”. That is usually a choice, though - most packages have a minified
> and a non-minified source URL. Developers tend to ship with links to the
> minified version because that is the norm and loads faster. 
> For a Debian packager, this is understandably a problem. We will
> probably run Discourse out of a container shipped by the project, not a
> package, so does that still apply to us?
> 

The real questions:

- can you trust a container to be available in the future the same
extent that you can trust a package in a stable Linux distribution?

- can you trust upstream developers to ensure they never put anything
non-free into their container images or does somebody have time to
verify the contents of those images on every update?

When you take something from an official package, it has usually been
looked at by a second set of eyes already.  If you cut that step out
then how long is it before non-free stuff creeps in?

Regards,

Daniel
___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: forums, mailing lists and other tools

[Mirko Boehm]

Hello,

> On 18. Jan 2018, at 10:28, Daniel Pocock  wrote:
> 
>> The client-side Javascript to me is not a
>> relevant issue anymore since JS is an open standard and browsers are
>> sandboxed these days.
>> 
> 
> 
> There is an issue:
> a) if the JavaScript is distributed as minified blobs and we can't
> rebuild it easily from source,
> b) if a large application makes heavy use of things like the NPM
> repository for its build process


Accepted. I always assume that software like Discourse is compliant with FOSS 
licenses, where minified JS code is not “the corresponding source code”. That 
is usually a choice, though - most packages have a minified and a non-minified 
source URL. Developers tend to ship with links to the minified version because 
that is the norm and loads faster. 
For a Debian packager, this is understandably a problem. We will probably run 
Discourse out of a container shipped by the project, not a package, so does 
that still apply to us?

Cheers,

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellowship Representative, FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm

___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion

Re: forums, mailing lists and other tools

[Mirko Boehm]

Hello there!

> On 16. Jan 2018, at 13:57, Max Mehl  wrote:
> 
> # Daniel Pocock [2018-01-16 13:43 +0100]:
>>> Discourse is somewhat overwork as we would have to patch various parts
>>> of it to either remove JS or free/libreate it.
>> Would packaging the Discourse JavaScript into Debian satisfy those concerns?
>> Is there enough interest in this topic to start building a wiki page
>> about it?
> 
> I want to highlight that some volunteers are already experimenting with
> a Discourse instance for FSFE, mainly Nikos IIRC (in Cc). Please join
> them if you want to support them in their work.
> 
> https://git.fsfe.org/fsfe-system-hackers/community 
> 

+1 for investigating Discourse. It was reviewed at the recent community meeting 
in Berlin and excitement was great. I agree with Daniel's concerns, and feel 
that the way Discourse works can help allay them. Especially the bridging of 
the traditional mailing list mode with a forum web interface can help making 
our discussions accessible to a wider range of people. The client-side 
Javascript to me is not a relevant issue anymore since JS is an open standard 
and browsers are sandboxed these days.

Best,

Mirko.
-- 
Mirko Boehm | mi...@kde.org | KDE e.V.
FSFE Fellowship Representative, FSFE Team Germany
Qt Certified Specialist and Trainer
Request a meeting: https://doodle.com/mirkoboehm

___
Discussion mailing list
Discussion@lists.fsfe.org
https://lists.fsfe.org/mailman/listinfo/discussion