Re: Advice Workplace that Forces Non-Free Software
On Mon, Sep 07, 2020 at 09:51:35 +0300, Jean Louis wrote: > Using non-free software, including centralized proprietary networks, > and other digital evils, by an organization is danger to national and > international security and concerns all people on this planet. > > You probably need examples on that. I don't. I understand you, my approach is just a little bit different. We seek very similar goals. I don't believe there is any legitimate argument in support of the existence of non-free software. But where it does happen to exist, and in a world where many people strongly disagree with that, I look for practical ways to both advance our ideals and coexist with others. >> The reason is that the best way to change an organization is often from >> within. > > If it is not your organization, and you are not planner issuing > policies, you have almost no recourse, you could beg for > organizational changes and make proposals, but you have no > control. Don't accept to be in suppressive oranizations. That's often true, but it's also too much of a generalization. I'll leave it to people to evaluate this on a case-by-case basis. -- Mike Gerwitz signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: Advice Workplace that Forces Non-Free Software
On Tue, Sep 08, 2020 at 13:57:42 +0300, Jean Louis wrote: > * Mike Gerwitz [2020-09-08 07:56]: >> Internal distribution (to other employees) counts as the same >> party. v3 also states: > > While I do understand to which link and section of interpretation of > the GPL you are pointing to, I do not agree that it is same as we were > speaking of. While our concerns overlap, there are some distinctions. I'll elaborate below. > So you refer to this: > >> https://www.gnu.org/licenses/gpl-faq.html#InternalDistribution > > Quote: > > Is making and using multiple copies within one organization or company > “distribution”? (#InternalDistribution) > > No, in that case the organization is just making the copies for > itself. As a consequence, a company or other organization can develop > a modified version and install that version through its own > facilities, without giving the staff permission to release that > modified version to outsiders. > > However, when the organization transfers copies to other organizations > or individuals, that is distribution. In particular, providing copies > to contractors for use off-site is distribution. > > End of quote > > - making a copy in my organization would mean somebody let us say, > burning the CD or placing OS on the USB stick, or doing some other > kind of duplication or replication of software on multiple > computers, or various media, and that can be done by myself or by > any staff member in the name of the organization management. Even if > such software is modified, I am doing it for my organization, like > preparing copies, duplicates, or installing it on computers. That is > what the above interpretation says, just making copies for itself, > or developing modified versions, installing such on own facilities, > meaning on own computers, without giving staff permission to release > it, is not distribution. This is quite clear to me, it was clear > previously, and myself I can clearly see it is not conveying of > software. Software is there to be used on my own facilities. We are in agreement. > - but let us say, I provide CD/DVD or USB sticks or server links and > advise staff members to install such software for better function of > our organization, where staff members individually receive such > software, they could be in-house or outside of house, where the > staff member is installing free software on person's own phone for > better function of organization, or if such software is installed on > computer that belongs to organization, but I have given the USB > flash or DVD to staff member, without making note of "internal" or > that staff member is doing it in the name of the organizational > management, but is only advised to install software for usage, then > such staff member is facing license texts and if I did not forbid it > (no reference to that in GPL that I know) -- then that is conveying > software. There are a few different things lumped in here. And while I have my own theories, IANAL, and I'd prefer someone else comment on such situations. I also suspect that the particulars of a given situation are important. But it's becoming tangential to the original discussion. >> So when the organization receives a copy of the software from a third >> party, that organization is entitled to the source code. But the >> organization has no obligations with regards to internal distribution, >> e.g. to employees. > > The interpretation did not mention the word employee, I know. > Yet, if I provide DVD of operating system and I tell to employee that > he shall install it, without giving special notices and informations > that software should not be released, and without giving employee > power of attorney or other authorization to act on behalf of > organization only, and when employee is convinced that employee > received the DVD/USB or had access to free software over Internet, > than in that case that is conveying of software. Again, you'd want to consult with a lawyer on this. The particular situations under which you are expected to be acting on behalf of an employer or in a personal capacity vary from one jurisdiction to the next. > It is not a slight difference, employees too often do private things, > and if you give them USB flash, they may understand that as a gift, > and may never even give it back in some cases. If it is indeed intended as a gift for an employee to use in a personal capacity, then yes, the work has clearly been conveyed, and the employer is bound as a distributor to the terms of the GPL. > Making copies internally is not same as advising employee to download > from public server and install sof
Re: Advice Workplace that Forces Non-Free Software
Jean: I don't have time now to respond to the entirety of your message before I head off to bed, but I did want to provide a quick link: On Mon, Sep 07, 2020 at 09:44:17 +0300, Jean Louis wrote: > Dear Mike, > > * Mike Gerwitz [2020-08-30 08:53]: >> > Employee working on software that cannot be improved, verified, >> > distributed, is certainly deprived personally of many freedoms, >> > employee cannot get the same software for himself, cannot study it, >> > and cannot improve it for the company, cannot help other companies to >> > use the same software. Right? So employee is denied personal >> > freedoms to help others. We are back to same injustice and same >> > sharing liberties. >> >> Software freedom is different than entitlement. Just because software >> is free, doesn't mean that you have, or should have, access to it. But >> when you do have access to it, it ought to be free. >> >> When a company distributes software internally to employees, that does >> not count as distribution under the terms of the GPL, for example. If >> the employer distributes it outside of the company, then it is. > > I am sorry, please clarify it to me, I have been reading in that > context some texts in past, yet I do not find it today. > > If software is on the computer that any person is using that in my > opinion is not conveying of software. The GPL says: > > To “convey” a work means any kind of propagation that enables other > parties to make or receive copies. Mere interaction with a user > through a computer network, with no transfer of a copy, is not > conveying. > > But if software is given to employee through network, as a copy of > software, that is conveying by my opinion. > > You said when company distributes software, so that distribution is > conveying of software. And the GPL license would apply, if such > software is under GPL. > > So please clarify that opinion of yours, that I may find references to > it, as how I read the GPL, at least this newest version, it is > contrary to what you stated. > >> If an employer develops software internally, as another example: if that >> software is kept internally, and not distributed to users outside of the >> company, it makes no difference to users' freedoms (under the four >> freedoms) if it's freely licensed or not. > > I do not see any word "employer" or "employee" in the GPL in the > license text: > https://www.gnu.org/licenses/gpl-3.0.en.html > > So I cannot know how do you interpret the license, as it is irrelevant > for the license who is employee and who is employer. > > So please clarify it, as you are interepreting the license now, and > your interpretation is on the public mailing list, and I cannot find > any references to that interpretation, and to me it looks contrary to > GPL statements. > > It would not be nice that many people reading the public mailing list > get confused about that, as we are all guarding the GPL and its > principles. Internal distribution (to other employees) counts as the same party. v3 also states: To “propagate” a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Internal distribution within an organization is private. Here's the GPL FAQ: https://www.gnu.org/licenses/gpl-faq.html#GPLRequireSourcePostedPublic The GPL does not require you to release your modified version, or any part of it. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization. https://www.gnu.org/licenses/gpl-faq.html#InternalDistribution No, in that case the organization is just making the copies for itself. As a consequence, a company or other organization can develop a modified version and install that version through its own facilities, without giving the staff permission to release that modified version to outsiders. However, when the organization transfers copies to other organizations or individuals, that is distribution. In particular, providing copies to contractors for use off-site is distribution. So when the organization receives a copy of the software from a third party, that organization is entitled to the source code. But the organization has no obligations with regards to internal distribution, e.g. to employees. Of course, an employee can attempt to acquire the source code for softw
Re: Advice Workplace that Forces Non-Free Software
On Sun, Aug 30, 2020 at 01:51:47 -0400, Mike Gerwitz wrote: > Hey, Jean: > I agree, and I agree that we ought to help whomever we can. > > But I also recognize that not everybody sees it as an injustice, and not > everyone will be convinced. Helping someone who does not want to be > helped has its own considerations. I forgot to emphasize one other point: In my original message, I encouraged lily to try to change the working environment if possible. In a similar way, I don't necessarily think that everyone should avoid jobs that don't subscribe fully to the free software philosophy. The reason is that the best way to change an organization is often from within. If you make it a goal to do so, then while your ideals may be strained, the end result could be quite beneficial to society and to our movement. If we avoid situations that conflict with our ideals, then we can't hope to change them. This is in a way similar to using non-free software for the sake of studying it to write a free replacement. You suffer, but you do so for a good cause. But certainly if your goal is to change a company for the better, and that goal proves to be unattainable, it's time to move on. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: Advice Workplace that Forces Non-Free Software
Hey, Jean: On Sat, Aug 29, 2020 at 08:41:28 +0300, Jean Louis wrote: > * Mike Gerwitz [2020-08-29 06:34]: >> Software freedom in the context of an employer is worth considering a >> little bit differently than freedom in your own personal >> computing. > > In my opinion injustice is injustice, if it happens to me personally > or if it happens to other people. Spreading of free software is one > way to liberate others, and talking about it and teaching others is > also one good way to liberation. Injustice need not be personal for me > to act to help other people. I agree, and I agree that we ought to help whomever we can. But I also recognize that not everybody sees it as an injustice, and not everyone will be convinced. Helping someone who does not want to be helped has its own considerations. >> When you are performing work for an employer, you are acting on their >> behalf. When a company adopts non-free software, then the company is >> placing itself in an unfortunate situation---they are being denied >> certain freedoms. But you are not personally deprived of freedoms, >> because you aren't acting in a personal capacity, so long as that >> software is not installed on your own hardware (e.g. your personal >> laptop). > [...] > Employee working on software that cannot be improved, verified, > distributed, is certainly deprived personally of many freedoms, > employee cannot get the same software for himself, cannot study it, > and cannot improve it for the company, cannot help other companies to > use the same software. Right? So employee is denied personal > freedoms to help others. We are back to same injustice and same > sharing liberties. Software freedom is different than entitlement. Just because software is free, doesn't mean that you have, or should have, access to it. But when you do have access to it, it ought to be free. When a company distributes software internally to employees, that does not count as distribution under the terms of the GPL, for example. If the employer distributes it outside of the company, then it is. If an employer develops software internally, as another example: if that software is kept internally, and not distributed to users outside of the company, it makes no difference to users' freedoms (under the four freedoms) if it's freely licensed or not. It'd be a benefit to our community if it were distributed, but it won't necessarily be a harm if it's not. I write plenty of software for myself personally that I never share with anyone. That's not a problem in the sense of the four freedoms---it's a different type of social problem, in that others may benefit from it. The employee, as you described above, is denied freedoms, but they aren't personal freedoms. When I work for my employer, I do not have the freedom to inspect many things. I can't view my manager's emails. I can't inspect payroll data. I can't eavesdrop on board meetings, or any meetings I'm not invited to for that matter. That doesn't violate my personal freedom, because I'm not acting in a personal capacity. >> If you were to clock out and continue using those non-free programs for >> your own personal work---rely on it for your _own_ computing---then you >> have ceded control of your computing to others. But if you log off, >> walk away, and log onto your own free system for your computing, then >> your personal computing has not been impacted. > > I am sorry, I cannot agree to that. > > Software freedom is not conditional upon personal or business work and > it never was conditional that I know. But the injustice isn't in whether a program is free or not. It's whether someone has been deprived of their freedoms in running it. A nonfree program that nobody uses isn't taking away any freedoms. Similarly, the subject of those violations depends on the context in which software is distributed. If my mother asks me to help her fix something on her Windows machine for her, I'm not sacrificing my freedoms. It's my mother that is suffering from the use of non-free software. I dislike it because I dislike non-free software, and I feel for her, but I have not been wronged. There's one or more essays from rms, maybe someone can find them, that discuss this point---e.g. using terminals to purchase tickets for the subway, or using a library computer. I wish I had more time to do so right now. >> But it's also important to understand that there are many issues that >> employees feel passionate about that employers do not accommodate, or >> even agree with. What if your coworker is vegan---should the company >> disallow meat on the premises? What if one of the employees is a >> climate
Re: Advice Workplace that Forces Non-Free Software
cade. The hardware setup (Windows) is mandated. I use a GNU/Linux VM as my safe environment---I use free software as much as I am able, and only out of necessity (to integrate with others) do I use non-free software that has been prescribed. I'm in a position, as a principal developer in the organization, to essentially say what I please. I frequently push for free software, and I often win. But often I don't. I lament that decision not for me, but for my employer. I voice my objections, make my concerns known, document them if need be, and we move on. I can't make hard-line demands any more than they can, and I assure you that I disagree strongly with some demands that others make. We compromise. But I always go home to freedom. It has no impact on my personal computing. If anything, it's strengthened it, since I strive to find free replacements suitable for my employer. Working remotely has blurred some lines for personal computing. I do not permit running non-free software on any device I own. For example, the company mandates Duo for 2FA. Nearly every employee installs an app on their mobile device to do so. My employer instead provided me with a hardware token. Note that I'm not suggesting that my employer should be required to accommodate this need. They're nice enough to, and I think they ought to, but I would have also considered it acceptable if I had to pay for that myself. But with this comes a constant discomfort. It is a discomfort that will, among other reasons, cause me to one day leave for a position that is more in line with my ideals. But that's not an option for me right now. > I am leaning more towards Option 1, but if I lose the Free Software I > am able to work with, I will also lose the opportunity to learn and > grow as a biostatistician. If you feel you cannot grow professionally in the manner that you wish, then your position is probably not one you should stay in. But I'd recommend you line something else up first, or see if you can create the change you're looking for. See if you can find someone who will advocate for you within your organization. When I was younger, my approach was very different. I was much more aggressive when it came to my ideals. The only reason I'm still in my position is because I have a manager that kept others at bay when I pissed off the wrong people in the company. I've grown a lot since then---both personally, and as an activist---and have developed a better strategy. I've matured. (I was 19 when I started the job; I'm 30 now.) But sometimes you're in an environment where no strategy works, and no progress can be made. > Thank you so much LibrePlanet community, you are wonderful! I also do > volunteering where I get to promote Free Software, but again with the > pandemic, those activities have come to a halt. And as a result I > tried pushing for alternative software in the work place, which is > having a the negative outcome I described above. Let's also try to look on the bright side: you have strong ideals that you care for deeply. The cognitive dissonance that you feel will be critical toward evaluating and refining (if need be) your ideals, and will serve as a guide for your future decisions. This is what is important. Life's is never ideal. It's always a balance. Some people within our community do manage to land those ideal positions where there's no personal conflict and they are truly happy. I hope that you can be one of those people. I hope the same for myself. But until that time comes, what matters most is that you work toward realizing your ideals the best you can given your situation. As long as you recognize and admit to yourself when something is wrong, and recognize that they're wrong and in need of improvement rather than coming up with excuses to justify them, then you will make progress. Thank you for sharing your concerns, and I hope I was able to provide a useful perspective. It's something that's bothered me for nearly a decade now (I started the job before I became an activist). -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: purism why does fsf and libreboot embrace a misleading company?
On Wed, Mar 11, 2020 at 20:10:09 +0100, a via libreplanet-discuss wrote: > This post is directed at officials from libreplanet > and fsf. > > I wrote this post on trisquel's forum. > https://paste.nolsen.xyz/?98e7462461e8a46c#8YchW86Fn3UvkxdHbfN74cVVoYkFqCGWCx2tWVX5uvZJ Would you mind pasting the text of your message on this list? I get this when I visit the site, and I do not intend to enable JS: JavaScript is required for Such PrivateBin to work. Sorry for the inconvenience. Pasting will also allow people to quote inline and respond to specific points. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: All in-person LP2020 events canceled, conference will continue virtually
On Mon, Mar 09, 2020 at 18:43:31 -0400, Greg Farough wrote: > Please see our announcement here for more information: > <https://www.fsf.org/blogs/community/libreplanet-2020-in-person-component-canceled-but-well-see-you-online>. > > Thanks to everyone for your understanding and support. I'm sure this was a really hard decision, but I think the FSF made the right call. I had already canceled for personal reasons a month ago, but I would have ended up canceling anyway, even if I were speaking, and even if I couldn't get a refund for my airfare. I'm glad it's still being held remotely. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: Fyi: this list, libreplanet-dev, just had it's subject [tag] and footer removed
On Wed, Oct 30, 2019 at 15:57:09 -0400, Ian Kelling wrote: > Yes, for now. Are there any more people who want the footer removed > here? Right now, the From address gets changed for senders to Someone > via libreplanet-discuss , removing > the footer would allow us to keep the original from address. I'm in favor of removing the footer. -- Mike Gerwitz signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: [libreplanet-discuss] Can I sign up for a lightning talk?
On Mon, Feb 11, 2019 at 12:24:17 -0500, Jeremiah C. Foster wrote: > I was hoping to submit a lightning talk on the Librem 5 phone and > devkit https://puri.sm/products/librem-5/ and > https://puri.sm/posts/how-we-designed-the-librem-5-dev-kit-with-100-free-software/ I'd love to see that. :) > Is it still possible to submit lightning talks? May I get a link to do > so or is this done on site like at FOSDEM? I think in past years the registration has been on the LibrePlanet Wiki. I don't know if that's set up yet or not, though; I just got a message approving my (non-lightning) talk today, and a schedule hasn't yet been made. I've attended lightning talk sessions in the past where there's been _extra_ time available for people to fill, and at least one person gave an ad-hoc talk. If you don't get an answer here within a few days, try campai...@fsf.org. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: [libreplanet-discuss] Electron replacement?
On Sun, Feb 03, 2019 at 14:30:37 +0300, joinlaw wrote: > is there any libre replacement for electron js which is removed from parabola > repos, > electron uses Chromium as it's rendering engine and node.js, electron is > used by many free software projects such as jitsi meet desktop client, > riot.im desktop client, and draw.io and many others. This implies that Electron is non-free. Is the concern over certain unclear licensing practices of Chromium? If so, can Chromium just be built without those unclearly-licensed components? For example: https://lists.gnu.org/archive/html/guix-devel/2019-02/msg9.html If there is no intentional malice with regards to licensing from Electron, Chromium, or any other projects involved, then it seems more appropriate to me to fix or work around the issue than it does to avoid the projects entirely. These are popular projects and it's in our best interest to do our best to resolve the issues rather than sidestep them, because they are not going away. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: [libreplanet-discuss] Key signing party during libreboot & educode
On Wed, Mar 21, 2018 at 17:22:08 -0600, Bob Proulx wrote: > Gunnar Wolf wrote: >> Nicolas Pettiaux dijo: >> > Is there a keysigning party during LibrePlanet ? I have not found any. > > As far as I know you are the first to have written here about it. > Last year Jason Self organized several different meetup times for key > signing but as I understand it is not attending this year. I had suggested an FSF-sponsored keysigning party a couple months ago, but I never followed up and unfortunate it didn't materialize. Would there be someone interested in organizing some times? I'm unfortunately still trying to finalize my talk so I don't have the time to focus on that atm. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: [libreplanet-discuss] Adding [A]GPLv3+ code to Quake-based code base
On Wed, Aug 30, 2017 at 21:48:03 -0700, Aaron Wolf wrote: > What do you mean "only if modifications are made"? > Can you cite the part of the license you read that way? https://www.gnu.org/licenses/why-affero-gpl.html "It has one added requirement: if you run a __modified__ program on a server and let other users communicate with it there, your server must also allow them to download the source code corresponding to the modified version running there." (emphasis mine) That page did not include "modified" some time ago (>1y); I brought it to rms' attention out of confusion, and he corrected it. As far as the actual license goes: https://www.gnu.org/licenses/agpl.html "The GNU Affero General Public License is designed specifically to ensure that, in such cases, the modified source code becomes available to the community. It requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version." Section 13: "Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge [...]" > I certainly had the impression that, just like the GPL, the AGPL > required making the source available whenever conveying, regardless of > modified status. I had that impression too, a while back. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: [libreplanet-discuss] Adding [A]GPLv3+ code to Quake-based code base
On Wed, Aug 30, 2017 at 09:19:13 -0700, Aaron Wolf wrote: >> So if someone downloads such combined work and start a server, do they >> have to publish the complete source code? What if they modify it? >> > > Yes, the AGPL terms apply to the whole work, *all* the code *as running > on the server* (i.e. including any modifications) must be published to > those who have access to the server. But only if modifications are made. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: [libreplanet-discuss] helping newcomers start blogs - but where?
On Thu, Aug 17, 2017 at 19:52:51 +0200, Daniel Pocock wrote: > blogger.com Blogger requires non-free JS to even begin to render a page. I've never been able to read any blogs hosted on that site, unfortunately. Unless things have since changed. > Github pages have also become popular with developers recently. While static pages hosted on github.io do not carry the same problems as GitHub itself (non-free JS), you'd be encouraging users to use GitHub to do so. A further consideration is how the static site with Jekyll is published: through a build outside of the user's control. It is SaaSS.[0] Any host that allows the user to upload their own website in their entirety---and have full control over that website---would be fine to avoid such an SaaSS issue. That's your traditional web host, provided that you can use it without running non-free software (mainly JS) to register an account and upload. [0]: https://www.gnu.org/philosophy/who-does-that-server-really-serve.html -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: [libreplanet-discuss] Libreplanet using Discourse for mailing lists and web-based forums?
On Thu, Jun 22, 2017 at 03:00:17 +, Connor Doherty wrote: > Wow Mike, fascinating read. I'm the earliest of Millennials, so I did not > completely grow up with the web I was born in '89 myself. :) > I guess I'm one of the few hackers that does indeed care about design. > [...] > but I think it's a bit far to call it "flashy" when I can explain to > you down to an *exact science* how well something is designed. The > free software community, as addressed in Boston this year and nearly > every year before it, has a well-documented problem with design, so I > won't go into that here. That is good---we do need people in the free software community interested in design. It's subjective, of course. I'm sure hackers far older than I would call my terminal an angry fruit salad. > You said it yourself. You don't want to use a poorly reinvented > wheel. That's exactly what most forum sites have been. And to those who only > know that world, the need for "reimagination" is obvious. Discourse is, in > my opinion, a very nice wheel, and can likely be made to do whatever you > need from your emacs setup. I'm not opposed to change. Professionally, much of my work is web development, so I'm more intimate than I'd like to be most of the time with certain things. We just need to make sure we don't sacrifice anything substantial considering the existing community. I can't say whether we will or not, and I can't say whether most on this list would care or not (I don't know the makeup of the subscribers). > Find any establishment in history and you'll see that they probably did not > "want" the wave of change that superceded them (discovery of electricity, > industrial revolution, computers) even when that change was definitely an > upgrade for the better. Depends what problem is being solved, and whether it's a solution in search of a problem. You have proposed legitimate problems, and suggested legitimate options to solve them. They're not everyone's problems, but what's important is the community as a whole, not the individual. So while I wanted to make sure my stance was understood, I wasn't dismissing any options outright, especially not having researched in any detail. > So while you may not see the need for a "re-imagination" of online > discourse, I invite you try Discourse and tell me in what ways it's not > better. Then we can potentially improve it for everyone. Again, depends who we're talking about. I have coworkers that wouldn't be able to stand mailing lists and would be very pleased by Discourse and its more modern features. They engage socially in different manners than I do. (They wouldn't have interest in this community; I'm just exposed to their opinions.) They'll communicate in gifs and emoji. They'll take screenshots of text (*twitch*) instead of pasting it. With the exception of the latter, it's fine to communicate that way. I find myself communicating differently when sending messages on my Replicant device, because I have to use the tools I have available---and it provides a completely different social experience. I've used emoji semantically on certain sites like GitLab at work, which I'd never do outside a casual social setting (but that's because, as a hacker, I don't want to couple pictorial representations with abstract concepts unnecessarily...that's a different topic). I just prefer the old, boring, but highly efficient method. (Though the argument can be rightfully made that images and emoji and such efficiently encode a great deal of information, especially culturally, that's not representable in text, with the exception of unicode.) I also lose some of that by rejecting HTML e-mail. If I _did_ want to communicate in that manner, it wouldn't make much sense to use my tools, unless Emacs' ability to display images would suffice (I can't say; I use a VTE primarily). But this also demonstrates the divide that I was referring to: Discourse is a whole different means of communication. There is overlap, but it's a step above---it allows more expressiveness, for better or for worse. So those of us who do decide to stick with a mailing list approach might completely lose context of certain discussions. It creates subgroups / subcultures within a community. Does that matter? Will that happen? I can't say. I don't want my messages to be interpreted as fighting for one way or the other, though---I don't do much on these lists or on the Wiki (for lack of time, not interest). I'm just adding input to the conversation. :) -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: [libreplanet-discuss] Libreplanet using Discourse for mailing lists and web-based forums?
On Tue, Jun 20, 2017 at 20:44:56 -0500, J.B. Nicholson wrote: > I don't see this as a problem. I see this as a feature: I have no problem > filing the list emails into a folder and reading them when I have time. I > subscribe to multiple lists and I do this quite successfully across them all > using an interface I know, scales well to service many people, and doesn't > require that I learn a new interface to do what I come to a list to do -- > read and participate in discussions. I agree with everything else you said, but this is something that a lot of people don't understand, especially those who grew up doing everything on the Web. I live a huge chunk of my life in my mail client (which happens to be my editor as well). It's scripted, heavily customized, and integrated with other things. I do task management with Org mode, which integrates simply but well enough with Gnus. I can use my editor keybindings and such when composing messages. The same goes with my IRC client. I never have to leave home, if you will. Contrast that with websites: if I have to write anything substantial, I often have to write it in my editor first and paste it in. Many of us hackers don't care for flashy interfaces; we'd rather use the tools we've invested our lives into and know well. Tools that can compose and work well in pipelines. Trying to use interfaces that reinvent the wheel poorly is painful. And let's not be fooled---these are programs. Especially when they're heavy on JavaScript. There's no difference between this and someone asking me to download Foo and put my Emacs toy away, as cute as it is. But I know that many people don't feel that way. I have coworkers that think I'm crazy (respectfully so). And I think they're crazy too. ;) Admittedly, using your own tools is a large barrier to entry---my tools are useful because I've spent a great deal of time learning and researching and customizing. And now I can reuse them for everything. For your average user looking to get into activism, who may not even be a programmer, that's a bit different. It's easier to say "here's your single tool (Web)---go use it". There are systems that allow for a level of integration (e.g. mailing lists and forums). But they're often treated as fallbacks---as second-class citizens. They might provide a subset of features; it leaves certain members of the community out---those who want to use their own tools. I haven't used Discourse. I do see "mailing list support"; maybe that's a good sign. But one of the phrases at the top of the features page is "[w]e're reimagining what a modern discussion platform should be". Many of us don't want to see it reimagined. That's the opposite of what many want. Trying to strike a balance isn't a bad thing if that's the audience we're looking to attract. But it's difficult, and something I struggle with a great deal. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: [libreplanet-discuss] Replicant or LineageOS or ???
On Wed, Jun 14, 2017 at 15:00:35 +0200, Daniel Pocock wrote: > With CyanogenMod gone, more and more people are looking at which OS to > use next. > > LineageOS[1] is the most well known successor, but how does it compare > to Replicant[2] when it comes to security and privacy? As has already been said, Replicant is a fork of LineageOS, with non-free stuff removed. Replicant seems to be the only Android option if you want a fully free mobile OS. From a security standpoint, it remains to be seen how frequently Replicant will update with patches. I used Replicant 4 for quite some time which had no patches for the entire time I used it (~1yr), and hadn't before then either. This is very dangerous. Maybe someone can volunteer to help; I don't know how difficult of a job it is. All things considered, though, LineageOS is not an option for me, as I don't want to run non-free software. I can at least trust that proprietary software isn't hiding potentially dirty secrets from me (sans the modem), but I have no choice but to treat my mobile device as untrusted, and store nothing sensitive on it that I can avoid (I do have contacts and photos, at least until I can back up and get rid of the latter). I'd be more comfortable if I knew enough about the OS to monitor/audit/harden it (as I do with GNU/Linux), but I don't. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: [libreplanet-discuss] BeagleBone Black
On Sat, Jun 03, 2017 at 19:48:39 +0100, Andrew Ferguson wrote: > I'm thinking of getting a BeagleBone Black for various projects, mainly > because it can be used with fully free software (according to > https://www.fsf.org/resources/hw/single-board-computers). Bob Mottram (CC'd) is the author of Freedombone, which uses the BeagleBone Black; maybe he'd be able to provide some information, or maybe you can find some on the project's website. I'm not familiar enough with the hardware or the project to speak intelligently on it. https://freedombone.net/ -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: [libreplanet-discuss] No more Ubuntu Phones
On Fri, Apr 07, 2017 at 10:09:03 -0400, Steven Sullam wrote: > At libreplanet, a vendor, technoethical.com, was selling a secure open > source phone with replicant installed. I wouldn't call it "secure"; I can't apply that definition to any mobile device at the moment, but Replicant is at a further disadvantage because it doesn't have a community keeping up with security updates. While Replicant 6 is in the works, the existing software is old and Android vulnerabilities are frequent. With that said, I still use it, because freedom to me is more important. So while I can generally trust the software running on my phone not to do anything intentionally malicious, I have no choice but to assume that the device is or can be compromised at any moment, and do not store anything sensitive on it that I can avoid. That's obviously difficult with call history, texts, and photos. I do not know enough about the operating system to make any recommendations. CopperheadOS is attempting to make a dent in the problems, but I don't think they're fully free (proprietary drivers, perhaps)? tl;dr: I still recommend Replicant for freedom's sake, but I'd steer clear of saying "secure". More trustworthy, yes. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: [libreplanet-discuss] Keysigning Party At LibrePlanet?
On Fri, Mar 24, 2017 at 12:48:43 -0600, Bob Proulx wrote: > I haven't been into the office today (Friday) yet but will be there > eventually. I am wearing a pink shirt today and will be easy to spot > but wlil plan on seeking you and others out while there. Ah, should have checked my mail! I was talking with others the whole time and didn't overhear a mention of keysigning---I'm still interested, so I'll meet up with people tomorrow. If anyone sees me, please grab me! I'll have everything on hand. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 Old: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: [libreplanet-discuss] Keysigning Party At LibrePlanet?
On Fri, Mar 17, 2017 at 08:19:01 -0700, Jason Self wrote: > Jason Self wrote .. >> Is anyone interested in meeting up at LibrePlanet to sign GPG keys? > > Okay, seems that the answer is "yes." I was going to ask as well. Thanks for organizing! > * I'll be at the FSF's open house on Friday. I'll be wearing a shirt with > my IRC nick (jxself) on it. I'll be volunteering at the FSF's office all day Friday, so I'll see you (and hopefully others!) there. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 Old: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mikegerwitz.com signature.asc Description: PGP signature ___ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
Re: [libreplanet-discuss] HTML tags that should be stripped for privacy reasons.
On Fri, Jan 27, 2017 at 13:29:52 +, Josh Branning wrote: > What I would really like is implementation details on how to avoid many of > the issues stated on this page: > https://en.wikipedia.org/wiki/Internet_privacy > > So like two columns; Stated problem, and possible solution. This isn't a problem that can be summarized as such with any meaningful level of detail. I'm not entirely sure what you mean by handling it on the webserver. Is this like a privacy-respecting proxy server (in which case you can look into things like Privoxy[0])? The other concern there is that you'd have to MitM HTTPS connections (with the user's consent, of course), which is dangerous. There are many things that you'd have difficulty detecting outside of the user's browser---you'd be doing static analysis on behaviors that aren't entirely defined until runtime, or might be difficult to detect. If you don't entirely strip out JS, it's not possible to mitigate most things unless you execute the code on your server and analyze it (since it can just modify the DOM). Ultimately, the user can trust only their web browser, not a remote server, so mitigations also have to be done there. And the level of complexity there is staggering (see NoScript; Privacy Badger; uBlock Origin; etc). With regards to information, the Tor Browser has documented some implementation details[1]. One of the best ways to learn how to mitigate issues is to know how to exploit them, in practice and in theory. OWASP has some good material (duplicated in various projects, granted) that's readily available.[2] You can also look at commits in repositories of these various projects. [0]: http://www.privoxy.org/ [1]: https://www.torproject.org/projects/torbrowser/design/ [2]: https://www.owasp.org/index.php/Category:OWASP_Project -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 Old: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mikegerwitz.com signature.asc Description: PGP signature
Re: [libreplanet-discuss] Cross posting FSF announcements to libreplanet-discuss
On Fri, Aug 26, 2016 at 11:45:59 +0200, Alexander Berntsen wrote: > So I'd like to suggest that the FSF cross-post their announcements to > libreplanet-discuss. There's not a lot of them, so it wouldn't be a > mess. And it would give us all a place to discuss announcements, as > well as give the FSF a place to gather feedback. Regardless of their decision (perhaps e-mail campai...@fsf.org to make sure they see this), you can always respond to the message on this list. It'd be useful in that case to either forward the message itself as an attachment or quote the entire body so that others who don't receive the mail will have the proper context. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mikegerwitz.com signature.asc Description: PGP signature
Re: [libreplanet-discuss] Readability with gnu.org
On Thu, Aug 18, 2016 at 19:01:30 +0100, amunizp wrote: > Using fennec for Android (found in f-droid). The readability button us not > offered. > Is this meant to be? Websites don't dictate the availability of that mode---it guesses the best it can based on content. Unless Fennec is doing something special that Firefox is not. Fennec isn't available in F-Droid anymore, is it? I don't see it in the repository. In any case, make sure that it is a fork of a version of Firefox that supports that mode. If you have concerns, feel free to e-mail webmast...@gnu.org. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mikegerwitz.com signature.asc Description: PGP signature
Re: [libreplanet-discuss] Brand Names, loyalty and ill Effects
On Sun, Jul 31, 2016 at 11:21:52 +0530, A. Mani wrote: > I am talking about the nature of local ecosystem of these and similar > communities. We discourage the use of the term "ecosystem": https://www.gnu.org/philosophy/words-to-avoid.en.html#Ecosystem > The dynamics of development within these groups suggests > that the active developers have accepted the state of affairs. > > What may be a possible solution? What is the problem you want to solve? If a group disagrees with how a project is run, they can (and do) create a fork. For example, Trisquel GNU/Linux is a fork of Ubuntu which is fully free. There are a number of such projects, some of which are listed here: https://www.gnu.org/distros/free-distros.html If the problem is that a distro is doing something completely unethical to their users, it could be worth addressing. For example, Ubuntu installed spyware in earlier versions that sent all search queries to Amazon, even if they were intended for the local filesystem. Aggressive lastback reversed this decision. In this case, while it may help push users to fully free distros, most users would have continued to use Ubuntu; it's worth fighting for certain types of changes. But if those changes are fundamental issues with how the project is governed, and the organization behind the project does not wish to change, a fork is more appropriate---friction within an organization isn't beneficial to anyone. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer https://mikegerwitz.com | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Tribute to Gnash developers
On Sat, Jul 30, 2016 at 16:00:49 -0400, Jim Garrett wrote: > But if you have young children and you live in the U.S., pbskids.org > has lots of Flash-based games, and it would be a hard sell to parents > of small children that they can't use this web site. Those games are proprietary as well. If you're trying to create a system for people who still have a desire to run non-free programs that require non-free systems, you certainly are in a tricky situation. But building a system that respects their freedom as much as possible is still a good thing to do, and I'm glad you're pursuing that. Do keep us up to date on your experiences. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer https://mikegerwitz.com | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Best Wifi chipset that runs free
Dave:
Sorry, I had intended to reply to this when you originally sent it, but
I must have forgotten after it was marked as read.
On Thu, May 12, 2016 at 02:49:52 -0400, Dave Rolek wrote:
> Can you touch a bit on your experience with the TPE-N150USB? I may be
> buying one soon ('twas motivated prior to this email topic).
It's not perfect. I downloaded the drivers from ThinkPenguin[0]; there
may be updates that I haven't checked for since then. Note that it
mentions "connection stability issues".
It uses ath9k_htc. I occasionally have issues connecting after a reboot
or resuming from suspend. Admittedly, I usually just do this if I get
into such a situation:
sudo rm /run/network/ifstate.wlan0 && sudo ifdown wlan0 && sudo ifup wlan
I don't use a network manager or GUI, so it's possible that such might
be automatically done for you if you happen to.
On very rare instances, I have to rmmod ath9k_htc and re-load it.
Otherwise, it performs well during use. I have used it on two separate
laptops with completely different hardware (not by choice; I had to move
the HDD from one to another after I had an unrelated hardware failure),
and the situation is exactly the same in both.
> ThinkPenguin has a mild note [0][1] indicating it may not perform well
> in many uses (e.g. coffee shop?). Have you found it dropping much or
> having reduced throughput in common environments?
I've only used it in two places---home and at LibrePlanet. In both
cases, the signal strength is/was good, so I can't say how it might act
in, say, a coffee shop.
> Are you using 802.11n with the 40MHz channel (i.e. the fastest it
> supports) or something slower? Do you find its speed to be reasonable
> for general use?
I am using N, 20MHz (I haven't changed that from the default on my
router); I haven't tried 40MHz. I'm actually using a Wireless N router
I purchased from them as well, but I don't see it on their website
anymore.
I have no problems with latency---ping of ~1ms with WPA2 with another
box on the same network. If it helps put it into perspective: on the
rare occasion that I need to edit images, I use GIMP over SSH (using
X11-forwarding) without frustration.[1] ;) All of my computing (with the
exception of graphical web browsing) is done over SSH.
> For completeness: could you mention which kernel + revision you have?
$ uname -a
Linux mikegerwitz-laptop 3.13.0-77-generic #121+7.0trisquel2 SMP\
Mon Feb 1 22:56:52 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Hope that helps.
[0]:
https://www.thinkpenguin.com/gnu-linux/penguin-wireless-n-usb-adapter-gnu-linux-tpe-n150usb-tpe-n150usbl-tpe-nusbdb
[1]: Actually, it's indistinguishable from running locally until I
perform an operation that updates a large portion of the image.
--
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
https://mikegerwitz.com | GPG Key ID: 0x8EE30EAB
signature.asc
Description: PGP signature
Re: [libreplanet-discuss] ReactJS Patent License
On Sun, Jul 17, 2016 at 21:20:36 -0400, Mike Gerwitz wrote: > I took a look: > > https://github.com/facebook/react/blob/master/PATENTS > > This makes React non-free---it restricts freedoms 2 and 3. I brought this up in a discussion with rms in another context. He considers this to be legitimate and approves of the strategy. So, with that, React wouldn't be non-free. My concerns over the issue still stand---I'd rather the entire license be void in the event of a violation (like the GPL) vs. a specific section of it (e.g. Apache License 2.0), which effectively puts the distributor into a trap: they can continue to distribute it, but risk legal repercussions for doing so, rather than not being able to distribute it at all. But software patents are a problem in general, and trying to balance non-aggression/defensive and retaliation strategies to defeat patent trolls isn't an easy concept. Sorry for any confusion I caused! -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer https://mikegerwitz.com | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] ReactJS Patent License
On Sun, Jul 17, 2016 at 14:15:26 -0400, Mike Gerwitz wrote: > On Sun, Jul 17, 2016 at 14:00:00 -0400, Tyler Romeo wrote: >> Do you mean specifically regarding ReactJS? Or just regarding the dangers of >> using licenses like BSD due to their lack of patent license? > > Sorry---the latter. I can't speak to the ReactJS situation. I took a look: https://github.com/facebook/react/blob/master/PATENTS This makes React non-free---it restricts freedoms 2 and 3. It is worse than not granting patent rights: it's putting the user into a situation where they cannot take action against Facebook under certain circumstances, because then they lose rights granted to them and in turn potentially have a host of other legal issues. This is a consequence of the terrible state of software patents; Facebook is employing a "defensive" (latent offensive) strategy by implanting a destructive device into each and every instance of React (and consequently every program that uses it)---one that they can detonate at will given specific types of aggression. It's also dangerously broad: it terminates "without notice" if you "or any of your subsidiaries, corporate affiliates or agents" violate the license, and such a violation applies to anything owned by Facebook or its subsidiaries or "corporate affiliates", and any parties related to the software. Facebook is large; this has a massive scope. This license is a weapon. We can hope that developers of software using React choose GPLv3+---version 3 provides a failsafe that prevents distribution of the covered program in the event of a patent aggressor (Facebook) insisting on royalties, rather than that software falling prey to this sort of manipulation. It seems that React used to be licensed under the Apache License 2.0, but changed to 3-clause BSD precisely to impose patent restrictions. So those earlier versions of React seem like they may be okay to use. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer https://mikegerwitz.com | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] ReactJS Patent License
On Sun, Jul 17, 2016 at 14:00:00 -0400, Tyler Romeo wrote: > Do you mean specifically regarding ReactJS? Or just regarding the dangers of > using licenses like BSD due to their lack of patent license? Sorry---the latter. I can't speak to the ReactJS situation. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer https://mikegerwitz.com | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] ReactJS Patent License
On Sat, Jul 16, 2016 at 23:47:23 -0400, Tyler Romeo wrote: > Thanks. I literally just ran into that as I got your reply. > > My apologies for the outdated info. Carry on! Your original statement is still relevant regarding patents. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer https://mikegerwitz.com | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Are proprietary software and science compatible?
On Sun, May 15, 2016 at 14:14:48 +0200, Fabio Pesari wrote: > I would appreciate this article more if it wasn't written by people who > can program. I agree. There are smaller articles/editorials that were published in Nature that mentioned the issue (few and far between), but I'd have to dig them up, and they weren't substantial; I read them in print, so I don't have the links. But even a mention gets people t > I'll make a quick example - Stephen Hawking. He literally depends > exclusively on software (and hardware) to interact with the world and if > I were him, I would worry a bit more about software freedom, because > otherwise anyone can put anything in his mouth, but I don't think I've > ever heard him talk about free software (even if ACAT has been released > under the Apache License 2.0, it's Windows only). I do wonder if he has given consideration, or if he doesn't care because he trusts that others have his interests in mind and he wouldn't modify the software to begin with. In any case, it is unfortunate. > To the article (I'll get to the rest of your mail below). >> One proposed solution to the problem of ambiguity is to devote a >> large amount of attention to the description of a computer program, >> perhaps expressing it mathematically or in natural language augmented >> by mathematics. > > This is actually a better solution than the one they proposed because it > allows free/libre software developers to implement a new program without > looking at any proprietary code, which would get them into trouble for > copyright infringement (and prevent anyone who's actually looked at it > from writing any code, like it happened for Wine). > > This also only works for first-party code. If the code depends on a > third-party program or library (the majority of cases), there's still a > problem. It's useful, but in practice, a formal mathematical definition rarely manifests in a disciplined manner in procedural code (especially not for scientists who don't have formal, disciplined experience writing software). Declarative languages and ones with theorem provers may be less error prone, but it's the subtle mistakes people make in software that are especially problematic. (Obligatory "The Limits of Correctness" reference: https://www.student.cs.uwaterloo.ca/~cs492/11public_html/p18-smith.pdf). But I can agree that a formal mathematical definition, where possible, should always supplement the software. >> and finally that the development of program code is a subsidiary >> activity in the scientific effort. > > This one is a barrier but only mentally; writing software can't be > considered a subsidiary activity anymore, in any field. Agreed. > I think that rather than characterizing proprietary software as evil, we > should call it for what it truly is, irrational. That gave me a chuckle, but you're absolutely right. :) Though I've seen many programs that I really can call "evil". -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Are proprietary software and science compatible?
On Sat, May 14, 2016 at 09:11:11 +0200, Fabio Pesari wrote: > Some scientists go to great lengths to make sure their experiments are > reproducible and can be peer reviewed, but then often use proprietary > programs to achieve their results. On that note, this article discusses issues related to the problem of source code and reporoducibility from a scientific perspective. We may not (or may) agree with all of it, but it's a useful perspective: http://www.nature.com/nature/journal/v482/n7386/full/nature10836.html (Note that the first comment contains more information from the authors that they could not fit in the article due to word limits.) > It seems a bit contradictory to me. For starters, the proprietary > programs themselves aren't peer reviewable, so the researchers (and > other scientists and the general public) just have to blindly trust what > those programs say. ...but it stops very short: under the "Limited Access" heading, it says: Researchers may not have access to at least some of the software packages that are used for development. We suggest that this would not be a problem for most researchers: their institutions would normally provide such software. If it were to be a problem, then a journal could mark a publication as ‘Partial source code’. The release of the code, even without the software environment required for compilation and execution, would still be valuable in that it would address issues such as dissection and indirect reproducibility (see above) and would enable rewriting using other programming languages. Which completely misses the point. And I think this is the largely accepted view, and somehow dismisses the very issues that the paper is raising by either assuming that the black box of the proprietary library is somehow immune, or just negligently neglecting consideration on the matter. I meant to write the authors a while back but forgot (for this reason and a number of others); I think I'll do so. > So, in the end, I don't think science and proprietary software are > compatible at all, and research conducted through proprietary software > should be considered unreliable. The simple answer is: proprietary software isn't compatible with _any_ reasonable philosophy. Short of that, yes, for the many good reasons you raised, and many others. > For this reason, I think proprietary software's unscientific nature > should be stressed more when promoting free/libre software to scientists. Agreed. Are you in a scientific field, by chance? -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] commments on LibrePlanet 2016
platform. > > Coursera could provide unified instructions (with footages made on purpose > maybe ) about how to get started assuming the common tools selection and > configurations provided by the profile Teachers/authors on Coursera are free to reference profiles on, say, Guix, or even contribute them; but the former shouldn't be required for the latter, and that documentation should be available outside of Coursera.[4] [4]: shttps://www.gnu.org/philosophy/free-doc.htm > A collaboration with Coursera should be established. They have tens of > different courses ! Many have tried---unsuccessfully, unfortunately---to get them to liberate their platform. The necessary first step is in their court. > the author of this talk observed that ease of use DOES matter. He gave the > example of Github and Slack that surclassed the number of users of Git > alone and of Irc I attended that talk at LibrePlanet. It was well researched, but unfortunately, I recall disagreeing (to varying degrees) on some fundamental points. I don't recall what those points were, but I do recall that this was one of them. And it's not because it's not important, it's because it's a dangerous focus that tends toward the open source philosophy, putting freedom (perhaps unintentionally) on a lower platform. And I observe this every day, especially in the web development community. Yes, software should be accessible. But keep in mind that those projects have other things working "for" them: huge sums of money and user lock-in. When free software projects have huge sums of money, they succeed in the general population as well. Android, for example, is largely a free software project---granted, it's heavily littered with proprietary software by the time it reaches the user, but you can have a beautiful free system (e.g. Replicant) that looks the same as any other. But going back to GNU: even then, it still misses the point. We want our users to recognize and understand _freedoms_. If users use software because it's cool or "better" than others' software, then they don't value their freedoms and will simply move back to a proprietary program when it appeals to them more. We're offering ethical software. Anything else is secondary. Now, if that ethical software becomes exceedingly popular, that's great, because more people will be introduced to the free software philosophy...unless it's not emphasized. Back to Android as an example: how many users are learning about their freedoms from that? Yeah. > I had hoped that because both GNUNet and Guix are GNU projects they would > have been more integrated and that I could have install GNUNet with guix > > But the current port doesn't work. I read someone managed to install it on > Gentoo Linux, but I don't know anymore abouth that Those are two wholly independent projects. But I'm sure they'd like bug reports or patches. They're a very (very) busy team of volunteers. Remember: GNU is an organization of mostly volunteers. Some are paid, but most often by their employers, not the FSF. > I mean, the Freedom to run GNUNet AS I WHISH is NOT effective ! > > And in the meantime I can run and play with IPFS and Ethereum that are less > powerful and general, they are not free, but yet I can play with them. > > They offer more effective empowerment than GNUNet does. You're confusing two separate issues: freedom and usability. The latter provides different types of freedom. This is also something specific to the GNUnet project. > But as the speaker remarked about his crashing LibreOffice, the power or > the right to fix it myself is not EFFECTIVE enough > > Ease of use DOES matter ! This is a more extreme case: instability to the point of not being able to use the software. Though I can't comment on it, since I haven't had that situation myself. Perhaps a different version may have fixed it; I don't know. It was a good example for demonstrating his point, but it is a different concern than general usability (stability being a rather important subset), which you've been discussing thus far. > One last bit of thought: the html Guix manual is not readable on mobile > phones Please bring that up with the Guix folks. Or, better yet, consider submitting a patch, since you seem to know what the cause is: https://gnu.org/software/guix/contribute/ > I hope I didn't irritate anyone Don't let my comments give the wrong impression: I'm not irritated; I hope that I was able to convey and rationalize my thoughts effectively. In any case, thank you for sharing; this is something I know many others are thinking about as well. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Best Wifi chipset that runs free
On Tue, May 10, 2016 at 11:01:54 +1200, Koz Ross wrote: > My current laptop used basically the first free Wifi chipset I could get, and > is > now misbehaving somewhat. I dunno *exactly* if it needs replacement or not, > but > if it does, I would prefer the best option out there. What choice would that > be? I use the TPE-N150USB: https://www.thinkpenguin.com/catalog/wireless-networking-gnulinux There a number of other options that ThinkPenguin provides as well. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Apple's iTunes deletes ALL your music files
On Thu, May 05, 2016 at 10:10:11 -0700, Aaron Wolf wrote: > https://blog.vellumatlanta.com/2016/05/04/apple-stole-my-music-no-seriously/ This is terribly alarming, to the point where I'd question the extent to which their TOS actually frees them of liability if tested in court. If it looks like a duck, swims like a duck, and quacks like a duck---let's call it what it really is: "iTunes Ransomware". -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] What do you think about calling free systems as "GNU" systems (even if there is no GNU or Linux-libre)?
On Mon, May 02, 2016 at 16:44:21 -0300, Adonay Felipe Nogueira wrote: > * Some non-free system distributions are also GNU, so we wouldn't be > able to call just/only the free ones as "GNU". We'd still want to call them GNU/Linux, because they are---but also mention that they're also robbing users of their rights. For example, Ubuntu GNU/Linux includes proprietary blobs in the kernel and encourages the use of non-free software. The FSF only endorses a handful of distros: https://www.gnu.org/distros/free-distros.html > he thought that Raspberry Pi was a good choice of single board > computer just because some "GNU" system can be used, then I told him > that only the non-free system distributions can be used on Raspberry Pi, > and pointed him to the page on FSF's website about the single board > computers. The best we can do is educate users. GNU doesn't restrict users' ability to run non-free software. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] What do you think about calling free systems as "GNU" systems (even if there is no GNU or Linux-libre)?
On Mon, May 02, 2016 at 15:53:52 +0200, Alexander Berntsen wrote: > GNU distributions are distributions that use GNU software. They are in part GNU software, but phrasing it like that makes it seem like the GNU part of GNU/Linux is only the GNU software. GNU is an entire operating system, not just a set of GNU tools, which is evident from its history: https://gnu.org/gnu/thegnuproject.html > Linux is the operating system. But there's a big group of people who > think that "Linux by itself doesn't do anything, so it isn't an > operating system". I find this to be a puzzling argument. Linux is a very specific project: a kernel. The problem is encouraged by the project itself, though: https://github.com/torvalds/linux "Linux is a clone of the operating system Unix, written from scratch by Linus Torvalds with assistance from a loosely-knit team of hackers across the Net." In any case: if you took GNU+Linux, and subtracted GNU (and everything that includes---see the history page above), you're not going to be left with what most people would consider a useful (or usable) system. > Even GNU+Linux isn't good enough, since Gentoo can run with other > kernels than Linux (and with enough hacking, probably without GNU too). If Gentoo is distributed with Linux, then it's Gentoo GNU/Linux. If it's not, then it's not. For example, there's a Debian GNU/Hurd, and Debian GNU/kFreeBSD. > So to sum up: Say Gentoo. Say Replicant. Say Android. They are all > free distributions, and referring to them as GNU is doing them and GNU > both a disservice. Saying GNU isn't only to give credit to the GNU Project---it also starts a discussion about free software, because people will wonder what GNU is and research it. The kernel Linux does not hold those same values, and you will not expect a discussion of freedom---you would expect a discussion about "open source". Therefore, saying "Gentoo" or "Ubuntu", while true, doesn't help our cause, and is a way to avoid what may would consider to be an awkward discussion entirely. See https://mikegerwitz.com/2016/04/GNU-kWindows for rationale. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] helping friends kill their facebook accounts
On Thu, Apr 28, 2016 at 09:30:33 +0200, Daniel Pocock wrote: > Is it better for people to go through their profile more vigorously > though, messing up all the data? I don't see that as being useful. Once Facebook has your data, they have it; it'd be naive to think that changing data on Facebook's services would change that. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Questions about Google+
On Thu, Apr 28, 2016 at 09:06:16 +0200, Alexander Berntsen wrote: > On 28/04/16 03:38, Mike Gerwitz wrote: > That depends on its intent and purpose. If Google+ (or Facebook, or > any other thing like that) is used to advertise the project, then I > don't think it is necessarily a bad thing. I consider it similarly to > releasing free software to proprietary environments like Microsoft > Windows. It's about reaching people. Preaching to the converted is > largely ineffective. It's less about preaching and more about effectively endorsing it by prominently linking to it and actively using it. Passively using it without linking to it is less of an issue to me, because... > But the people who use Google+/Steam/whatever, would likely not even > have heard of the project if it weren't there. ...of this. > Maybe the project can limit the information on Google+ by primarily > posting small updates with links to the full story, which is available > on their free website? Yes, hopefully there's nothing exclusive on those services. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Questions about Google+
On Thu, Apr 28, 2016 at 06:17:31 +0200, felix_poss...@openmailbox.org wrote: > You can't really do anything without scripts, here is a little list: > - getting access to you profile > - post something on google+ > - upvote a post on google plus > - open some links (some work though) > - upload pictures > - follow other profiles Thank you :) > On the subject of using it: > It might be useful to expand the reach of the fsf out of our own terrain > into one, other people would use. > I wouldn't have foud the fsf myself without a youtube video, so yeah. Thanks for your perspective. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
[libreplanet-discuss] Questions about Google+
Hello, everyone: I have questions regarding Google+. I cannot ever recommend its use, but I also want to be able to speak intelligently about it, specifically with regards to issues of freedom. Are there any users of Google+ here, or those otherwise familiar with it, that can tell me: 1. Whether Google+ is usable without JavaScript enabled; 2. What sorts of services (SaaSS or proprietary JavaScript programs) it recommends or encourages (e.g. Hangouts); and 3. Any other issues you'd like to comment on that a free software advocate would find a problem with. Finally: could you justify a free software project that promotes software freedom prominently linking to and using a G+ profile for the project? I know about the privacy/surveillance issues; that's not what I'm asking about here. Thanks! -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] programming language package manager
On Mon, Apr 11, 2016 at 10:25:03 +0200, Alexander Berntsen wrote: > I would also suggest that any Haskell developers and users who are > reading this email try to convince Hackage and haskell.org into > changing "open source" to *free software*, thereby highlighting what > really matters. Not that it is ideal, but if they reject a full replacement to "free software", maybe they'd consider "free/libre and open source software". I'm not fond of "free and open source software" because (as an increasing trend) often times when I read it, it means "free as in beer and open source software", and this is what users are trained to recognize. But that's also better than just "open source", and can be supplemented with a hyperlink on "free" to point to <https://www.gnu.org/philosophy/free-sw.html>. Unless you disagree, Richard. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Non-Free JavaScript
On Wed, Apr 06, 2016 at 09:13:33 +0200, Fabio Pesari wrote: > IIRC Matt Lee told me they won't replace Google Analytics Do you know if anyone has suggested Piwik? I was able to convince Gitlab to switch to it for their own hosted instance. Granted, they didn't really need much convincing. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] N1, GPL violation?
On Tue, Apr 05, 2016 at 17:17:44 +0200, Nils Gillmann wrote: > I don't have the resources (time) to deal with this, but we are > pretty sure that N1[1] is violating the GPL. Unfortunately, if N1 is the copyright holder, then they can't really violate (in a useful sense) their own license---as the copyright holder, they're the only one that can enforce it. I notice also that they don't include a full copy of the GNU GPLv3+ (they just have a mention of it in LICENSE.md). > It is a GPLv3 or later[2] project which only provides apm "build" > instructions to users and no instructions (or even hints) on how > to build your own binaries. What's the result of the build? Is it not something you can run? https://github.com/nylas/N1/tree/master/build JavaScript (well, CoffeeScript in this case, I suppose) projects don't really have "binaries". See also https://github.com/nylas/N1/blob/master/.travis.yml -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
[libreplanet-discuss] x86 Binary Blobs
I just came across this mail that I'd like to share: http://mail.fsfeurope.org/pipermail/discussion/2016-April/010912.html It has recently come to my attention that many in the free software movement are unaware of a relatively new development on x86 platforms that permanently removes the ability to use these platforms without also continually executing signed, proprietary code at the highest possible privilege level. All post-2013 (AMD) and virtually all post-2009 (Intel) systems contain this mandatory technology, and therefore, by design, can never be converted to run using pure FOSS. Prior to these changes projects such as coreboot could be used to replace the boot firmware with a FOSS alternative. HN discussion: https://news.ycombinator.com/item?id=11422531 I was unaware of this. Restricted boot I was aware of. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Help Scratch gain HTML5 support and be free!
On Sun, Apr 03, 2016 at 20:44:56 +, Rudolf wrote: > Perhaps the solution here is to import Scratch projects into Snap and > export them to Canvas/HTML5? I'm unsure what you mean by this. Are you saying Scratch -> Snap -> HTML5? The canvas element is part of the HTML5 spec and does nothing by itself---a JavaScript API is provided with drawing operations, so a program is needed to render the program. That program is Snap. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Help Scratch gain HTML5 support and be free!
On Sun, Apr 03, 2016 at 13:15:11 +0200, Fabio Pesari wrote: > Sadly, right now it uses Adobe AIR/Flash to play those programs and > animations in web browsers, and it seems that the official team doesn't > think porting the exporter to HTML5 has a high priority ([2]), and > although some independent developers started development, they stopped > at around 40% on May 8, 2015 ([3]). Yes, this is incredibly unfortunate; I was excited to introduce my son to programming with it, but if I do so, I'll have to use an older version of it. I'm glad you're bringing it up. > I think it's good that so many schools, libraries and museums adopted a > free program, but most people use mobile devices nowadays, and Flash > doesn't work on all of them, so this could likely put an end to > Scratch's adoption, which will likely mean a proprietary program will be > used instead. Since Scratch uses Flash, it's effectively encouraging use of proprietary software and can't practically be used on a free system[*]---it's good that Scratch is free software, but it's out of reach for those who value their freedoms and reject proprietary software. [*] I didn't have the time to try Gnash or Shumway; I probably should. Has anyone else here? I wouldn't consider that a substitute for an ActionScript replacement, but it'd be a viable option. Shumway is a JavaScript/HTML5 player, so that would also work on other devices in the meantime. Lmk if you have success. So adoption should be a secondary goal. I have no choice but to reject Scratch entirely at the moment (barring Gnash or Shumway). But it'll be a good consequence; Scratch would lend itself well to the ever-growing number of touchscreen devices. It's also important for users' privacy, and for reasons of SaaSS, that Scratch's HTML5 implementation be able to run offline, preferably invoked like any other program on the computer, and able to store data locally on the users' computer. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] The dangers of repository deletion
On Sun, Apr 03, 2016 at 08:25:42 +0200, Fabio Pesari wrote: > But this does happen a lot. The AUR in Arch Linux sources the > repositories directly, for example, and as you said there are some > package managers which also do it (Go's for example). > > Not everyone packages their software for a distro, and there are some > packages that if it weren't for Debian's extensive repositories, would > likely be lost forever. There are thousands of programs which only exist > on GitHub, SourceForge or BitBucket. You're highlighting a distribution problem; most developers don't think about or even care about distribution. A solution is needed, but I don't think preventing repo deletion is it, and I don't think education is it either (because many really couldn't care less). The situation with NPM was just blatantly irresponsible (on the part of the author). Perhaps repository hosts could create archives; many might already exist because of forks of the repo. The repository would no longer be listed for the user, but when hit, could still work. Maybe cloning the repo could result in a warning being displayed. It might be a useful thing to suggest to GitHub, Gitlab, and others. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] The dangers of repository deletion
On Fri, Apr 01, 2016 at 20:42:57 +0200, Fabio Pesari wrote: > The recent left-pad fiasco on NPM just showed that in order for free > software to be reliable, it must be stored permanently (since the > license allows it). > > Github, the most popular project hosting platform at the moment, allows > users to delete their repositories. The NPM issue is a little bit different. NPM is a place where packages are published for use by a package manager (npm); its sole purpose is distribution. That's similar to running `make dist` and uploading GNU packages to ftp.gnu.org. In this case, you wouldn't want those packages to disappear---people rely on them. Same case with packages on NPM. Git repositories are source code repositories and are not necessarily distributions---especially if a build process is needed. Now, some people do use sites like GitHub for distributing packages. Whether or not I agree with that practice is irrelevant for this conversation, I suppose; but in the case there they use GitHub to distribute their package for installation or compilation, then moving it isn't a great idea. But if it's just a source code repository to a project that distributes its packages elsewhere, I don't see that as a problem. For example, a project may move its development elsewhere (e.g. GitHub to Gitlab), but keep its distribution files on the same server. Granted, we do have other unfortunate practices. For example, some language-specific package managers support cloning directly from source code repositories. Git's submodule support takes a direct repository URI. Situations like that complicate things. So I think it's more nuanced. I think it's fair to say that if a project explicitly states a distribution site, then it should be free to move its source code repository as it pleases, and that language-specific package managers have an obligation to use those distribution files. Otherwise, they should accept the risk of things breaking. Same case with submodules. As an example for my project, users should get GNU ease.js distributions from ftp.gnu.org, as stated by the site and release announcements. But they can also clone the Git repository from Savannah, or a mirror on Gitlab and GitHub. I offer no guarantees that the GitHub repository won't disappear some day---in fact, I can more confidently state that it might disappear than not. The description on the GitHub repository states "Mirror". I feel no obligation to keep that repository there, even if it didn't say "Mirror". -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Equivalent of GPLv3 for hardware???
On Wed, Mar 30, 2016 at 12:23:26 +0100, Pen-Yuan Hsing wrote: > I really like the idea of copyleft and licenses such as the GPLv3. What is > the closest equivalent of GPLv3 for hardware? This is rms' position: https://www.gnu.org/philosophy/free-hardware-designs.en.html -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] What's the weblink for the video... No DRM in Web standards! by Zak Rogoff, FSF
On Sun, Mar 27, 2016 at 13:04:36 -0400, Julien Kyou wrote: > On March 27, 2016 10:28:28 AM AST, Don Warner Saklad wrote: >>What's the weblink for the video... No DRM in Web standards! >>by Zak Rogoff, FSF >>16:55 - 17:40 Sunday 20 March 2016 Session Block 6B Room 32-144 > > This talk was cancelled This talk happened, but it was intended originally as preparation for the protest. MIT didn't want to be affiliated with the protest, so the original session was reformatted and it was instead an educational session with general discussion. I don't believe that it was recorded; I don't recall seeing a camera in the room. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] We need a Great campaign To tell the programmers to improve their programs To work well with the screen Reader
On Tue, Mar 22, 2016 at 09:25:20 +0100, Fabio Pesari wrote: > My suggestion is this: what do you think about adding a field in the > Free Software Directory which says if a program can be used by blind > users or not? This seems like a good idea. > Also, what are your personal suggestions to improve the usability of > programs for blind users? Are there any guidelines online that > developers should follow? For GNU, we have accessibility standards: https://www.gnu.org/accessibility/accessibility.htmlo See the recommendations at the bottom. -- Mike Gerwitz Free Software Hacker | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Please fix webcast for Zak Rogoff, FSF No DRM in Web standards! 16:55 - 17:40: Session Block 6B Room 32-144
On Sun, Mar 20, 2016 at 17:26:46 -0400, Don Saklad wrote: > Please fix webcast for Zak Rogoff, FSF > No DRM in Web standards! > 16:55 - 17:40: Session Block 6B Room 32-144 > > No video! I'm not sure that this was intended to have video. I could be wrong, but it was intended as a gathering for DRM protesters (which went great, btw!). -- Mike Gerwitz Free Software Hacker | GNU Maintainer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
[libreplanet-discuss] LibrePlanet 2016 MIT Tours?
Is there anyone attending LibrePlanet this year that has any affiliation with MIT or would otherwise be comfortable (given whatever policies they might have) giving a tour of areas that might hold historical significance or interest to the free software movement? I'm not sure what still exists, if anything---I was disappointed (to say the least) to learn from John Sullivan that the building holding the AI Lab was torn down. I'm not sure what still resides on campus---be it a PDP-10/11, Lisp machine, or anything else---vs. the museum. Even so, if there truly are no remnants, a tour of CSAIL would still be a wonderful experience. -- Mike Gerwitz Free Software Hacker | GNU Maintainer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Slides for Deb Nicholson's 2015 LibrePlanet talk?
On Tue, Feb 23, 2016 at 11:54:26 +1100, Adam Bolte wrote: > I agree it's a pain, but it is possible to download the slides with > just a little bit of Bash, since the slides are all there in the > source. eg. If you prefer to render the slides in the browser, you may also do this (assuming it still works; I haven't checked since I posted this): https://mikegerwitz.com/2014/11/Please-stop-using-SlideShare -- Mike Gerwitz Free Software Hacker | GNU Maintainer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Reverse Engineering
On Wed, Feb 10, 2016 at 18:21:43 +, arthur_tor...@comcast.net wrote: > On the OSHWA, I don't see a conflict just because of the name. As I said > previously, I think that even Richard has said that 'Open Source' is a > better term for hardware, since it isn't possible to replicate and > distribute 'Free Hardware'. The only thing that can be distributed at no > cost to the distributing person is the design/build information which is as > close to 'source code' as one can get... Thus 'Open Source' is the correct > term for hardware. https://www.gnu.org/philosophy/free-hardware-designs.en.html The terms “open hardware” and “open source hardware” are used by some with the same concrete meaning as “free hardware,” but those terms downplay freedom as an issue. They were derived from the term “open source software,” which refers more or less to free software but without talking about freedom or presenting the issue as a matter of right or wrong. To underline the importance of freedom, we make a point of referring to freedom whenever it is pertinent; since “open” fails to do that, let's not substitute it for “free.” -- Mike Gerwitz Free Software Hacker | GNU Maintainer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Reverse Engineering
On Wed, Feb 10, 2016 at 09:42:34 +0100, Fabio Pesari wrote: > On 02/10/2016 01:06 AM, arthur_tor...@comcast.net wrote: >> This seems like something that MIGHT be helped, or at least encouraged, by >> the folks in the "Digital Right to Repair" movement. They are trying to >> produce a legal REQUIREMENT that companies release the information needed >> for outside entities to service their products to the same extent that an >> in-house entity would. I don't know that this would drill down far enough >> to require releasing signing keys, but one might be able to make a case >> for it If nothing else it would make it harder to block efforts to >> crack the signature... > > Do you mean http://repair.org/ ? I agree. I think the FSF should > approach them. This is interesting; thank (you both) for sharing. -- Mike Gerwitz Free Software Hacker | GNU Maintainer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Reverse Engineering
On Sat, Feb 06, 2016 at 10:01:13 +0100, Fabio Pesari wrote: > That's my main criticism of Libreboot. Instead of freeing old boards, > the community should focus on building its own. Yes, that's expensive > and needs experts and it's more about hardware than software, but there > is no "Free Hardware Foundation" and the free software community should > be able to fund its own research just like corporations do. I agree that we need completely free systems from the hardware up. But as someone with two young children and a new house, living off of a single income while my wife is finishing up her schooling, I can't even come close to affording new hardware. My current laptop is one that I scavenged years ago, and dislike very much. My desktop PC (which I use as a server; laptop is more of a thin client than anything) is older than the laptop. I'm fortunate enough to not need proprietary blobs in my kernel to run anything on either of those computers. But if I did, then that'd be terribly unfortunate, because even as a strong free software activist, I wouldn't be able to afford otherwise. So I _depend_ on those people that reverse engineer hardware and write free drivers; they're doing good and important work, and I'm very grateful for it. There are a number of people that are either in my position, are worse off, or simply don't want to put money into new hardware. As a GNU/Linux user, I'm used to repurposing old hardware---a 10--15-year old machine might have plenty of processing power for most everything I do, except compiling large programs like GNU IceCat or Emacs. And we gain some good ground in doing so: a PC that old is useless and even dangerous to use with proprietary operating systems like Windows, since old versions no longer receive security updates. Modern software might not work on them. And they're often slow due to both the operating system, bloatware, and malware. But put an appropriate GNU/Linux distro on there (for the hardware) and you have yourself a shiny new PC. Users are introduced to the concept of Free Software, and some will come to value those freedoms. And for those who might otherwise have decided to buy a new computer, you've saved one person from the modern evils of (probably) Microsoft or Apple, and you've deprived those companies of another customer. So projects like Libreboot are necessary. Old hardware is sticking with us for a long time. -- Mike Gerwitz Free Software Hacker | GNU Maintainer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] libreplanet-discuss Digest, Vol 71, Issue 6
On Fri, Feb 05, 2016 at 09:52:35 -0500, Mike C wrote: > Wait isn't there a way to setup libreoffice in server mode and use it > through a webbrowser? Why wouldn't someone do that if they wanted > access to documents over the internet? If you are accessing your own LibreOffice instance---or one under control of an organization that you're a part of---then that is not a problem. SaaSS becomes a problem when it robs you of your ability to do your own computing. So, if I were to host a remote LibreOffice instance and said that anyone could use it to edit their documents, you'd do best to reject it. But if I used it myself, I have no loss of freedom. -- Mike Gerwitz Free Software Hacker | GNU Maintainer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] libreplanet-discuss Digest, Vol 71, Issue 6
On Thu, Feb 04, 2016 at 22:24:57 -0500, John Sullivan wrote: > AFAIK, Google Docs works with JavaScript disabled. I get this error, without the document loading: "JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload." Even so, Google Docs is foremost the worst of both worlds: a proprietary web application and SaaSS. -- Mike Gerwitz Free Software Hacker | GNU Maintainer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Teaching programming
On Wed, Feb 03, 2016 at 11:24:25 -0500, Harry Prevor wrote: > For the record, this has never been true. I wrote a program a long time ago > that allows you to download Google Docs in the free ODT format; the script > seems to have been lost but the process is still simple: > > http://archive.is/Oxqwf Ah, this is good, thank you for sharing. > You may still not want to use GD because it may be difficult (but not > impossible) to *edit* the documents using only free software, but it > certainly is not hard to view Google Docs documents using only free > software. It's good that we have a way to view these documents. But it's not an excuse for others to use Google Docs. What they could do is provide the ODT link instead of the normal Google Docs link if they do have to link to such a document. -- Mike Gerwitz Free Software Hacker | GNU Maintainer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] libreplanet-discuss Digest, Vol 72, Issue 3
On Tue, Feb 02, 2016 at 06:59:00 -0800, Johnny Merrill wrote: > Now, we, the open source community We don't identify with the "open source" community here: https://www.gnu.org/philosophy/open-source-misses-the-point.html You can help us by saying "free software" or "free/libre software", which ensures that the issue of freedom is discussed. The term "open source" represents a development methodology and was created to avoid discussing freedom. -- Mike Gerwitz Free Software Hacker | GNU Maintainer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] libreplanet-discuss Digest, Vol 71, Issue 6
On Mon, Feb 01, 2016 at 15:18:47 -0600, Charley Quinton wrote: > Are you reading my mind, my document here -> > https://docs.google.com/document/d/1MVB1RDkeS4Gh0eRtYhYPXFDK8I2ejcRyXi6ujtJPnH4/ > or simply listening to common sense, Fabio? I agree whole-heartedly. See my > user page at LibrePlanet. Please don't link to Google Docs, as it requires that users run proprietary JavaScript, and does not work with JavaScript disabled. See: https://www.gnu.org/philosophy/javascript-trap.html As such, I and others cannot view it. Perhaps you can export it in another format that others can view? -- Mike Gerwitz Free Software Hacker | GNU Maintainer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] applying the GPL to some clojure code
On Thu, Jan 14, 2016 at 10:39:39 +0100, Catonano wrote: > For caution I wrote to them too, on Dec 27th, no reply yet. > > Is this normal ? Or i can assume that they missed my email or decided not > to handle it for some reason ? They may be backed up due to the holidays. > The fsf docs say to include the license text in every file it applies to, > but the github default is to add a single file to the root of the project. > This has me wondering. > > Why the indication is different ? Isn' t this a legal standard ? You are encouraged to include a copyright header and license notice in each source file because it ensures that the proper copyright information is conveyed even if the file becomes separated from the rest of the source tree (e.g. used in another project). There is no legal requirement. > Also the project includes some csv files that I extracted from some xls > files published by a governmental agency. If I put a single license file at > the top of the project, will it apply to the resources files too ? This is another benefit of applying license information in headers; it's not always clear what LICENSE applies to. If placing license notices in headers is not possible or practical, you can put another file in the directory hosting the file (or the root directory) listing the files to which the license applies. You should be sure to include the full license text somewhere. -- Mike Gerwitz Free Software Hacker | GNU Maintainer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] applying the GPL to some clojure code
On Thu, Jan 14, 2016 at 09:55:00 -0500, Thompson, David wrote: > The better way is to place the full license text in a file called > "LICENSE" in the root of the source tree, and place an appropriate > copyright header and license snippet in each source code file, to > indicate the license of that particular file and who claims copyright > in it. Alternatively, the GNU convention is to use COPYING to include the GPL. -- Mike Gerwitz Free Software Hacker | GNU Maintainer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] observation re. build systems
On Fri, Jan 01, 2016 at 11:09:52 -0800, Kip Warner wrote: > Agreed. I also really don't see them as "developers". If they were, > they would have more knowledge and hopefully act more responsibly. That statement is a bit unfair; many are introduced to programming through these communities and simply would not know better, or see these recommendations from countless sources and conclude that this is the standard and proper way of doing things. Those are practices encouraged (sometimes demanded) by the wider community or the package managers themselves. I'd say that your average programmer doesn't care or know much about packaging, aside from what their package manager tells them to do. To most people, something like `npm install -g package` which triggers compilation and installation seems very convenient and to be a great idea. Remember: they're probably dealing with others in the same community, not distro package maintainers or sysadmins. NPM doesn't make that easy, either---it's designed to load sometimes hundreds of individual modules on demand, not install (or even build) pre-built distribution tarballs. Which is great for development, but people don't realize that this is terrible for installation on non-development systems. I'm by no means defending the practice (it's a terrible situation). But it's not an issue of programmer competence, IMO; it's cultural in many cases---be it ignorant or intentionally dismissive. -- Mike Gerwitz Free Software Hacker | GNU Maintainer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Best e-reader for free software compatibility
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Dec 06, 2015 at 03:22:40 +, David wrote: > Given that your relative already has a Kindle why not root it and > remove their lock-in that way? I know you can put Cyanogen mod on there > and would think it likely that Replicant might work too (easy enough to > find out by trying it for yourself!). If you already have a device, replacing the software with a mostly-free system is better than continuing to use it in its "factory" state, but it's important to understand when it's not an alternative to a fully-free system. Cyanogenmod often requires proprietary blobs. Here is Kindle (some versions), for example, which mentions the extraction of proprietary blobs: https://wiki.cyanogenmod.org/w/Build_for_otter Replicant unfortunately can't support many devices (because those blobs are needed), but if you can find one of them, then you should be in a good spot: http://www.replicant.us/supported-devices.php - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJWZDV6AAoJEPIruBWO4w6rfNkP/RrnbIMYclPr1cgt4FuAeQF0 rrXbCI39Ww/9k+pl07j1qa6JcqSatXD525zkxEG5mhBn9MT1Vs9DQKdD6D2vhxZ7 EK7yle8XrfiFh92X8v5emEB4YIJIb6vhUPAZxP1hfYsHYYg+ElqPpv4BjEeVVU2m f2FKzfpsLsbRosTc/w1bGtyUMGwDHG6Ve2AjQ8qbj/NeEHLnLzkXHPEOHesew2aP qLRQYmmD/P9WYTkZ6hraU29y44kYMmet7mcO6JZT5ra0IWto51RzVzLQUWI6nj7P AOowWna/cda93rSmRKl4JL8Wd16h2RCoKSRTTU2H8bPuAlXgDCv2Vq0P9WiJqwY7 FCZuQDIi0SYtmhCh2fYKpySLsQLHQhMVnMwkN0U+4OWXPlRVV2tUAfCfjfMnEXvo lpJ0xEjiP1RejaFkMrmuxMWZiByPAFyEHF/jxuYPs3j/Bp2szRnChYiWdZc3PsTF JnK0r7Ybwm7cBKOVQUz710KQ1ieD56WPGJgX8045Nd2nfZPFA/MErt9V0gWMACMc 3wXf/gnJIl4LDHuu7iVf0ZK4hETiYJmjCZjmJ9FzIgFOlS7FYP9hfOVhmRFyl6DW Pppkf6ioGCSBrxbsqL3U6q7WNkWXXv6Guq1F3PdbKCVA9AN3GmlmefbMoWq04tQk 1jvaVu5mkhUH83Ky9iB/ =udvx -END PGP SIGNATURE-
Re: [libreplanet-discuss] applying the GPL to some clojure code
On Thu, Dec 03, 2015 at 10:14:09 +0100, Catonano wrote: > Hello people, > > If this is not the right place, I apologize. > > I'd like to apply the GPL license to a small clojure project of mine. > > I know that clojure requires the GPL to mention an exception because the > clojure core libraries and runtime are released under the EPL I asked licens...@fsf.org about this in the past (considering the AGPL); here's the response I received: One easy option for the code you write yourself would be to license it under the AGPL with an extra permission: https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs You may also want to review this answer: https://www.gnu.org/licenses/gpl-faq.html#InterpreterIncompat > My end goal is this: I do not necessarily care if other EPL-licensed > Clojure projects have difficulty incorporating my code, but I want other AGPL- > licensed works to be able to include my code freely. Because the code that you write would be licensed under the AGPL with an extra (removable) permission, then other AGPL projects will be able to use it without compatibility issues. Of course, they will need to add an extra permission themselves if they also need the EPL-licensed components. Also, if you make sure that you license your code under "AGPL v3 or later" then future AGPLv4-licensed programs will be able to use your code as well. I hope this helps. Francois -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] GNU ethical repository criteria: Should privacy issues really be extra credit?
I'm CC'ing the mailing list for these criteria (repo-criteria-disc...@gnu.org). These decisions are made by RMS. Richard (and repo-criteria-discuss)---I have quoted the entire message below. On Wed, Nov 18, 2015 at 17:19:47 -0800, Niels Nesse wrote: > I recently came upon the GNU ethical repository criteria: > https://www.gnu.org/software/repo-criteria.html > > I am very pleased to see the FSF take up this issue. There has been far > to much apathy on the part of developers regarding the ethics of hosts. > It bothers me however that many privacy and security issues that I would > consider basic requirements for recommendation are addressed only in the > extra credit section. > > I am a supporter of free software in large part because of it's ability > to help offer me better privacy and security. It seems backwards to me > to accept services as "recommended" that have with poor or abusive > privacy practices. Without violating any criteria in the C-A range a > host could store user data indefinitely in unencrypted form, give it to > third parties without consent or disclosure, send passwords in plain > text over email, etc, etc. > > I suggest that items A+0, A+1, and A+2 be incorporated into the B or A > grades. I think these items address similar concerns as items in lower > grades such as B1, C2, and C3. Another possibility is to simply not > address any privacy issues to avoid assessing their relative weight. > > Regards, > Niels > -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Question about free (as in freedom) data from free software
On Wed, Oct 28, 2015 at 22:32:43 +, Pen-Yuan Hsing wrote: > As I mentioned a couple months ago, I met some fellow scientists at a > conference, and asked them to continue development their wildlife > image analyses program as Free Software (as in Freedom). I was glad > that they were receptive to the idea (even though they keep going back > to calling it "open source" oh well), so I think this is a good > first step! I'm glad to hear that you're making progress. > (1) If the data is released to the wider public, there might be other > scientists who would "steal" the data, publish the work/analyses on > it, preempt our efforts, and we won't end up being able to publish any > papers. Since peer-reviews scientific journal papers are the > "currency" with which academic performance is judged, we shouldn't > release our data because others might "steal" them. He said we should > at the very least embargo and restrict access to the data for e.g. > five years before releasing them. This is unrelated to software freedom, so these opinions are strictly my own, but I base them heavily on what I've read over the years from the scientific community. I would suggest that they release the data applicable to the paper with the paper itself---this is necessary for proper peer-review and reproducability. If they have data left over after publishing their results, they can release that after the fact. > (2) Since a lot of the data are photos of wild animals, what if some > of the animals are endangered or sensitive to human encroachment? > Since GPS metadata is associated with our images, what is a poacher > sees our data and use it to hunt down the endangered animal? He said > maybe we shouldn't release the data at all/ever, doing so would be > "irresponsible" and possibly cause great harm. Reproducibility continues to be a constantly discussed topic in scientific journals and communities---because it isn't happening. This was re-ignited recently when a study headed by Brian Nosek at the Center for Open Science found that only 39 of the 100 replication attempts of 98 studies from three psychology journals were successful.[0] This doesn't mean that those studies were wrong. But in order to reproduce results---in this case, from analyzing data---those data need to be made available for independent analysis. In turn, the _software_ also needs to be made available. Which is what I brought up previously, and what you're been working on. Negative or uninteresting results are also important and valuable. That is why, even if the data aren't used in any papers, I suggest that they should still be released at some point. With regards to the concerns of encroachment: I can't answer that question, because I'm not educated on this particular issue, and would not want to suggest something irresponsible. But my generic answer is to default to releasing the data unless the researchers can determine that the potential risk is greater than the potential benefit with a high level of certainty. It's difficult to say what the benefit might be; here we can draw an analogy to free software: the original author couldn't possibly anticipate how everyone might use their software, but free software is tweaked for personal uses all the time, in novel ways. Consider also the Unix philosophy: the standard tools were developed to do one thing and do it well, and to be used in a pipeline. This allows users to combine the tools in any number of useful ways that their creators could have never imagined. > So, what do people think about points (1) and (2)? If the expertise is > not on this mailing list, is there another place/forum where I can > discuss the issue of Free Data (as in Freedom), "open data", and "open > access"??? Thank you! I'd be curious of that answer as well. While I do a lot of reading, I rarely participate in discussion, unless it's contacting authors directly. [0]: http://www.nature.com/news/over-half-of-psychology-studies-fail-reproducibility-test-1.18248 -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] SaaSS
On Sun, Oct 25, 2015 at 17:31:29 -0700, Aaron Wolf wrote: > As much as that is what Richard says, it downplays the significance of > the AGPL. Because the AGPL requires that the source match the running > version on the server, it goes beyond just providing the features for > others to use. AGPL provides a requirement of transparency and > accountability (albiet hard to enforce). It means that the software > running on the server can be inspected even if you don't plan to use the > features in running some software otherwise. "Hard to enforce" is important there---if you can't observe the changes in some way, you really can't prove that there are any. It also doesn't prohibit modifications as part of a pipeline. All modern SaaSS is in some way part of a pipeline (web server, load balancer, content cache, CDNs, etc). But even without, it's trivial to say "pre-process | agpl-software | post-process" The AGPL is useful, but it only handles a small part of what makes SaaSS bad. -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] SaaSS
On Sat, Oct 24, 2015 at 22:48:31 +0200, Alexander Berntsen wrote: > Have I given up control of my email client since I can't modify it while > it runs? Have I given up control of my LaTeX papers, because I can't > force everyone else to use LaTeX? These examples don't relate to the issue of SaaSS. It doesn't matter if your MUA is running or not---you have the freedom to modify it and run it again. It doesn't matter if others use LaTeX, just as it doesn't matter if others don't use C or Python or any other language of your choosing. The point is that you can't even make those choices to begin with with SaaSS. You can't modify your MUA-as-a-service. And you can only use LaTex-as-a-service if that service both supports it and lets you do so. >> You're talking about tricking hackers/programmers/users who read >> the code. > No. I am talking about using a sophisticated type system to eliminate > ill-doing. Please provide an explanation of how this would be the case, any more so than it is today. Type systems are orthogonal to this issue. -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] SaaSS
On Sun, Oct 25, 2015 at 14:07:21 +0100, Alexander Berntsen wrote: > On 25/10/15 04:52, Aaron Wolf wrote: >> Software freedom as a value is about autonomy and independence and >> creative freedoms and other values that still *exist* as concerns >> even in cases without maliciousness. > And AGPL is one of the things that exist to give you these. It isn't. It's a (common) mistake to mix the issue of software freedom with that of SaaSS. Many free software supporters assume that the problem of SaaSS will be solved by developing free software for servers. For the server operator's sake, the programs on the server had better be free; if they are proprietary, their owners have power over the server. That's unfair to the server operator, and doesn't help the users at all. But if the programs on the server are free, that doesn't protect the server's users from the effects of SaaSS. These programs liberate the server operator, but not the server's users.[0] The AGPL exists to ensure that changes made to copylefted free software on a server are available for others to incorporate. The GNU Affero GPL does not address the problem of Service as a Software Substitute (SaaSS).[1] [0]: https://www.gnu.org/philosophy/who-does-that-server-really-serve.html [1]: https://www.gnu.org/licenses/why-affero-gpl.html -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] SaaSS
On Sat, Oct 24, 2015 at 21:21:08 -0700, Aaron Wolf wrote: > On 10/24/2015 09:05 PM, Mike Gerwitz wrote: > Given two worlds, one where proprietary software has no maliciousness > and one where it has egregious maliciousness, I can't imagine anyone > saying that the importance of software freedom is equal in both cases. > Are you really saying that? Malicious acts (more malicious than simply being proprietary) help us to justify our cause---because software freedom would thwart many of those acts, or even reverse control entirely. But those malicious acts are a corollary of non-free software. The reasons that software freedom is essential have not changed; they've been exemplified. So it is important that the egregious exploitation and manipulation of users be addressed with greater urgency, certainly. But we wouldn't say that human health and a proper diet would be "less important" in the United States if the obesity epidemic suddenly subsided. Health is vital to survival. Software freedom is vital for society, more so now than ever. If we would adopt the view that it's "less important" at any point, then we risk history repeating itself. -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] SaaSS
On Sat, Oct 24, 2015 at 20:52:58 -0700, Aaron Wolf wrote: > In a fantasy world where everyone were ethical enough to never engage in > malicious abuses of power, the concerns about software freedom would > still exist, they would just be much less important. Similarly the > concerns about SaaSS. You said yourself: > Software freedom as a value is about autonomy and independence and > creative freedoms and other values that still *exist* as concerns even > in cases without maliciousness. The four freedoms could be applied equally to a world of only good neighbors. I don't think they'd be any less important at all. Even good people have different needs and opinions. :) Same for SaaSS. -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] SaaSS
On Sat, Oct 24, 2015 at 21:05:20 +0200, Alexander Berntsen wrote: > For what it's worth I find your argument unconvincing anyway, as you > have the chicken and egg problem with compilers, and almost everyone > is using non-free non-documented hardware. And even free hardware with > free documentation could trick you. Unless you make literally > everything yourself, and interface with nothing, you may be tricked by > your computer. Those are important issues, but require their own discussions, and are not important for this discussion. SaaSS is something that is practical to avoid, here and now. SaaSS does not need to trick the user to be bad---we know it's bad. I'm not being tricked into thinking otherwise. > We are mitigating this e.g. with free software. I believe we can > mitigate it further with cryptography You are speaking very generally. There are many issues with SaaSS, and cryptography is part of means to mitigate, but it alone does not present a solution to all of the problems of SaaSS. Consider an ambitious and seemingly ideal scenerio: a distributed, anonymous, fully homomorphic cryptosystem[0] running only free software (so that the software running on the services services can be studied) in which a user can use response variations to attempt to detect malicious systems or inconsistencies in operation (to the extent that is meaningful). Let's assume that the system is large enough that there are not enough malicious nodes in this system to compromise its integrity (by providing consistently bad responses); similar considerations as with Tor. The system can't (let's assume) discover your identity. It can't spy on your data. It can't manipulate your data in ways that you wouldn't expect if you were running your own instance of that software. But you still can't modify the running instances. In fact, if you did, then that one instance would return different results than all the others, and would be flagged as producing inconsistent results, and would be removed from the network; this, in fact, makes this type of system that I'm describing difficult to implement usefully in the first place. So you have still given up your control. You can only do the type of computing that others say you can do, and if you try to say, "I have an idea; let's do it this way!", then unless everyone else agrees with your changes, then you are told that you can't compute like that---it's not allowed. If you get rid of that distributed nature, then we're back to where we are today: pretty much the same place, but less dystopian. > and sophisticated type systems. There is programming languages theory > research going into this right now. We're talking about two different things. You're talking about tricking hackers/programmers/users who read the code. Even if all software were written in a system like Coq, and all of it were formally proven to operate exactly as it was designed, the above issues would still stand. Fundamentally, you'll always be able to trick others with code (but hopefully someone will notice at some point in time): you don't need a lack of a decent type system or hard-to-grok programming language to do that. Someone might just not understand what you're doing, plain and simple, even though it's perfectly clear to the author. [0]: https://en.wikipedia.org/wiki/Homomorphic_encryption -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] SaaSS (was: The GNU ethical repository criteria will only harm free software.)
On Sat, Oct 24, 2015 at 13:33:58 +0200, Alexander Berntsen wrote: > I firmly believe we can, at least theoretically, reduce the risk so > far that the only hazard for the user is the service shutting down. > *Everything* else can be solved. We just need some time. And some > dependent types as first class citizens of a higher-order ranks > programming language. :] I think that you might be talking about the risk of tricking users by obfuscating or writing intentionally deceptive code (e.g. [0]). This is a risk in software (including Free), but is not applicable to SaaSS. Service as a Software Substitute (SaaSS) means that the software runs on a remote server---other than your own, that you do not control---in place of conventional software on your computer. For example, if you use a service that manages your source code repository on your behalf---by committing for you via a web interface, managing pull requests, tagging, rebasing and otherwise rewriting history/code, etc---you have no control over the software that is running. Even if the software running on the sever were free (e.g. GitLab CE), you still cannot study or modify the running instance. If the software on the server is licensed under the AGPL, then you can get the source code of the running instance, but you still cannot modify that running instance; you must trust that the host is being truthful and providing all of the modifications;[1] and there may be other software running.[2] A service can also spy on you, and may even report you to third parties. Unfortunately, most servers are set to spy by default, by storing certain data in (e.g.) access logs.[3] But even using an anonymizing service like Tor, if your data contains anything personal that the server can look at, your privacy is lost. You can expect that your own software on your own computer---so long as it is Free---will respect your privacy. And if it doesn't, you or someone can modify it to ensure that it does. By using SaaSS, you relinquish all control to the server. This is incompatible with freedom. [0]: http://underhanded-c.org/ [1]: Not all modifications are observable. For example, a modification that logs all of your actions or your personal data cannot be observed by the user. [2]: If the program licensed under the AGPL is part of a pipeline, then other parts of that pipeline are not subject to the AGPL. For example, a program sitting between the AGPL program and the user may monitor or modify data. [3]: https://www.eff.org/wp/osp -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] The GNU ethical repository criteria will only harm free software.
On Fri, Oct 23, 2015 at 23:49:55 -0700, Aaron Wolf wrote: > I don't know what happened below, but I dislike that Alex's words are > quoted to appear as something I wrote. Alex did quote me, but he quoted > me saying something else, and the "I think we should instead…" is not > words I wrote. So, Mike, please be careful about these things. Thanks I'm not sure what happened there; that was bad proof-reading on my part. Sorry about that. -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] The GNU ethical repository criteria will only harm free software.
On Fri, Oct 23, 2015 at 22:22:51 +0200, Alexander Berntsen wrote: > On 23/10/15 16:02, Aaron Wolf wrote: > I think we should instead embrace it, and build a ladder to a future > where it may be rejected. And if one accepts this opinion, as I do, > one must work hard to ensure that SaaSS doesn't trick anyone. SaaSS, by definition, can always trick the user---you are not in control of your computing.[0] I can imagine ways in which that this risk can be reduced, but fundamentally, unless you can examine and modify the _exact instance of_ the software that you run, you are not in control. [0]: https://www.gnu.org/philosophy/who-does-that-server-really-serve.html -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] The GNU ethical repository criteria will only harm free software.
On Tue, Oct 20, 2015 at 11:09:21 +0200, Alexander Berntsen wrote: > Some are just stupid, like not allowing the site to recommend SaaSS, > when the sites themselves are in fact SaaSS. > > Some are trying to push unrelated FSF politics -- like "you need to > say GNU/Linux when we think you might be talking about a GNU+Linux > system, not just Linux". To make that one even worse, it's actually > considered *more important* than *accessibility for the handicapped* > and *anonymity*. Are you fucking serious, GNU? The criteria are designed for hosting GNU projects. We hope that the criteria will also be useful to others, but that isn't the purpose---they are designed to ensure that hosts for GNU projects follow, at least to some degree, the GNU philosophy. GNU and the FSF stand against SaaSS. We insist on speaking of both GNU and Linux when referring to the GNU operating system. If you look at our maintainers guide[0], you will find that these criteria are consistent, where possible, with its requirements. Many of the repository criteria naturally are aligned with the GNU and the FSF's position on JavaScript.[1] > If I'm supposed to take the criteria seriously, they need to address > the actual issue at hand. To give a parallel, if FSF is going to start > pushing that awful non-free license they use for documentation and > writings with the same strength as they work for free software > (ironic, isn't it), I -- and likely several others -- will cease our > donating quick as. > > > As it stands now, the criteria are a good start, but worthless. I encourage you to make constructive suggestions at repo-criteria-disc...@gnu.org. [0]: https://www.gnu.org/prep/maintain/ [1]: https://fsf.org/campaigns/freejs -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] RollApp: proof that we need to deprecate GPL for AGPL for everything
On Sat, Sep 12, 2015 at 09:38:17 -0700, Aaron Wolf wrote: > https://www.rollapp.com/ — complete SaaSS to the extreme (see > https://www.gnu.org/philosophy/who-does-that-server-really-serve.html ). > > They aren't illegal, and they do mention "Open Source" at least (which > isn't absolutely legally required), but they avoid even linking to the > websites of the software they host. Keep in mind that the AGPL's extra requirement only applies if the software is _modified_.[0] But this is still an important discussion. Perhaps it even highlights an issue with the "modified" condition. From glancing briefly at this site, it seems that it allows remotely executing and rendering software for display on the client (within a web browser). So this would be a similar concept to SSH'ing into a server and running software either on the command line or via X11 forwarding: no software has been distributed to the user that is interacting with it. So while the concept in itself isn't anything new---it's just rendered in a web browser rather than, say, by an X11 client---I still agree with you on the more general issue. We can expect this type of trend to continue, but not only because of the SaaSS push and "thin"/"dumb" clients: it's also an easy way to circumvent the most important provisions of the GPL. The user still wouldn't be able to run their changes to the software on the original service, but that's a property of SaaSS; she could still run it on her own hardware. (I know you know all of this; I'm just trying to avoid unnecessary replies from others on these points.) So just saying "SaaSS is bad, don't use it" isn't the solution: many users will choose to use it, just as many users choose to use proprietary operating systems; we don't forsake those users and tell them "you've already scarified your freedom; there is nothing we can do for you". On the contrary, we support those platforms if at all possible so that those users can enjoy those fundamental freedoms in whatever environment they decide is acceptable to them. All-or-nothing is not realistic and works against our cause. I'm not saying that is being done here. But to further Aaron's point, we're at risk of moving in that direction. > The only legitimate reason for GPL (without the A) today is to preserve > compatibility with existing GPL projects. All new projects, and all > projects that can feasibly switch without forking problems need to move > to AGPL. It has *nothing* to do with whether or not the software is > *designed* to be run on a server, *all* software should be AGPL. I do see a couple issues that immediately stand out that would need to be heavily considered: The first is license compatibility with _other_ free software licenses, such as the Apache License v2. The second is how adopting the AGPL too aggressively too soon might work against our goals by having more people avoid the software more aggressively than they avoid the GPL today. With that said, for the latter case, we have two major categories to consider: 1. Standalone software; and 2. Share libraries. For standalone software, as a _user_, it would seem that the only way you'd have reason to avoid AGPL'd software is to exploit precisely this situation. So that works toward our goals, not against them. But we have license compatibility issues for AGPL'd libraries and for standalones using other libraries with which the AGPL may not be compatible. We have a similar issue today with GPLv2-only and GPLv3 software, and often times over another strong philosophical reason: Tivoization. And just as the GPLv3 adapted to a new reality, so too should it to the issue of SaaSS. Does a step to encourage AGPL provisions present a similar philosophical challenge to Tivoization, or is it greater? That's not to say that the AGPL's provisions will always be appropriate, just as the GPL's are sometimes not: the LGPL is used in certain cases for legitimate reasons (such as glibc), and linking exceptions are used with the GPL (such as for the GCC Runtime Library Exception). [0]: https://www.gnu.org/licenses/why-affero-gpl.html -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB signature.asc Description: PGP signature
Re: [libreplanet-discuss] Chrome Web Store missing extension License
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Aug 16, 2015 at 23:58:33 +0200, David Englund/Hedlund wrote: > I suggest that the FSF contact Google > (https://www.google.com/intl/en_us/chrome/business/devices/contact.html) > and ask them to add "License(s)" to the default text to the extensions > in Chrome Web Store so we can build a verified free repository in the FSD. Are there any existing bug reports or feature requests anywhere? This would be a good starting point, to see if this has been denied in the past or is under active discussion. - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJV0p33AAoJEPIruBWO4w6rP8cP+waq2ZZbIuu4GIMEqcIi+1WH DEZXh6+DoipimrWBe71msolKo+SnOAYtS/xPKETACB0lZWYTPFgBrGVUIMsr52Cb Tenwrv2vvTQPycR8Pm/HMbiJF459QlS5cVkEtAMtEn0yc60WydP56xCN15w/TU4A nVd+PCy9GIYQxiwIpBt3pl3gEXxQxPeRjeMvptRlJvXdWzV761dXO8fdLOFqtkU8 fF/eYRgkrfwrnodp1ySuSN9dVQFHAjj0WdK5Pax2tQ2jPZoy6u+WUm+ULYhMLUeu 7wpxsrJLNpMUIw6vsL4J2KdCxOScCgfRVBu5SuA3UaW67YWmjBtPYpOF5fq3Zgd7 uu9j13U+q+EFO52PUwj/cz6etF22OEjpnWQIJxvD4aRlzDdK8vZhXRdI9M5erzdj 7ONATY7MVuc750VFlrS+uj3qhR90brC9wHzLYSoo9FLXV9AI0PKl9HCT5zCTi608 OaNSVDhmNFD3xXaSQ6oCSTYPfvPWIqJVNoOcRE6Ic7deI0uuA3WvHkHRbenoH6YM oAh99rNSygjH97aw22kzbZYAmFFs+UT97h7fyJiloPcX3LC1KMdscyqgGu3w/lEv 87nU/C5oCZQhQImoxtuTGtwApIdlaTJRtvIr2ZsJ2gfNCYOnQphUPQo1irTRP28Z ntufqfnAECPS90EN2wRK =74lS -END PGP SIGNATURE-
Re: [libreplanet-discuss] Gratis software being released as proprietary
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Aug 14, 2015 at 09:55:18 +0200, Steen Engholm wrote: > The focus of open source is remarkable in many ways and is very competible > in relation to ordinary commercial markets - this is where free software > and open source software ideally is alike .. but, obviously not with the > same focus. > > I must confess there is some obfuscation in that "focus" of open source and > free software seem to melt together. > The software products of open source and free software has been described > for example by Bruce Perens as an alternative business-model, and there is > not much to say here on the difference between free software and open > source. The free software movement is not opposed to selling software[0], but it is not a goal (as is evident in our terminology[1])---writing free software is, regardless of how it is distributed, as long as distributors follow the terms of the program's free software license, and do not use nasty tricks like Tvioization (which is prohibited in the GPLv3). Commercialization of free software and exploitation of the philosophy as a _development model_ is "open source". Free software reaps similar benefits, and the overlap is strong[2], but it's important to focus on ethical issues relating to software freedom when speaking about free software, otherwise our point is lost.[3] [0]: https://www.gnu.org/philosophy/selling.en.html [1]: https://www.gnu.org/philosophy/words-to-avoid.html#SellSoftware [2]: https://www.gnu.org/philosophy/free-open-overlap.html [3]: https://www.gnu.org/philosophy/open-source-misses-the-point.html - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVzeCIAAoJEPIruBWO4w6r3ZUP/iFJz8uDqdE6kJIuHDyVYOLF qoQ+OPbsBbZWaMXaYncNdUn29S5FHO2f8vuIxuAJub31gaH9LLvOgfqXPCZZSZMq j2P5oAAxRoAOXSfhSuLeNHPKpTGC3OkfPhizoDBriNKlAtkqLDTSDJ1chv4x6fXl ChxdQgidH2AEGw74/bZseLO6Ct3XFuqpb3MPVp6gBnUZVQJ+b0HJtZLWGKL0D9G9 LVAe5dwoFptxYd4NKfI6KV9KOHwvZnV/xiVDmgKQpsNoxnIWMnQ98aeyta78r2gL gZ7hT5UxCHEo8FMiCtdLnFovAPSzbfn6LKNf5Z9rCvozf2Xw6ELvm1UIu/R0ElXq ZYUTWUJ5ze4wa8uPXIlhovXWsNwIyYA18XHsRszuBIuwAMm/pfGZZCdcHXMhIbk4 zMsntzpumLwcbo1acUgCKEmygkb3uY6vNHQht3Bs6GXMs9zdDxVu5i0kO49TCHAE pe8bF8A2SsiwwRUeWNDCW1/NqADz+E1QB1ox3v9qmhDe2SDXyPQPSoZdoov4QXg2 kK/5o8sDFcKlIUV5dUEVXSNBon1S4PNr954CljEQOBjn9ucXMQPlpdq2oi0IqBL7 iw6xFYDqpOq5BAWy92N794IsjJHO7g0hPE9lbfrKvAc1rYrjooi+VxrvsZ+bWXTV +djcE9/E44/YPUOXTyiK =hI3z -END PGP SIGNATURE-
Re: [libreplanet-discuss] Gratis software being released as proprietary
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Aug 10, 2015 at 17:27:26 +0100, Pen-Yuan Hsing wrote: > Speaking of which, what would be a good hosting site? I thought of > Savannah but it requires software that runs on a Free OS, which > Windows isn't. What about Gitlab? At least most of it is Free > Software, so it is a little better than GitHub? Or somewhere else? Savannah is an option if the "project runs primarily on a completely free OS", which doesn't sound to be the case. For GitLab, I wrote extensively about it here: https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-software/ GitHub is not a good option; they have demonstrated that they do not support software freedom, and continue to serve proprietary JavaScript, with no intent to change it. I and others have contacted them in the past (including RMS) with no success. http://mikegerwitz.com/about/githubbub > Finally, I am thinking about *where* to start developing this Free Software > FAQ that I mentioned. Would perhaps a publicly hosted Etherpad instance > work? Or do you have other suggestions? Once a collaboration platform is > decided on, I will post there the ideas (i.e. FAQs) I have so far. The FSF and GNU already have a huge number of resources available online and in print. If you are interested in creating an FAQ to try to put everything in one place, I'd recommend getting in contact with someone at the FSF, or creating a page on the LibrePlanet wiki. You can try campai...@fsf.org---they could point you in the right direction, at least. - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVyqNDAAoJEPIruBWO4w6ra2cP/0C5hokt3IVVZPJKjL6rifib r9mVquZ357SZit8SO1hzQYPuZDIM3737+lmipCA6mKgEmXYjGnW4XhXe2wS1TFe8 HzvPs0PZmIi4R63h7NSTV//ClPkgaLtKwzPz6K8SBEFy2iGtj/5cfDvYdcYme27e JcZYr0BEI1U8W2XVwzoWp9NZw4f132SNRdVRUZVdwy6Prx8X7waxCSGX+ACgYcvQ /DUg+OOR6Q54byWTln4k6gEjTv8rFkSxAM9g7wZyxWfy8+UL+YDSkCjGeVbG9ch3 REEWovHLUAhZW1L8g/4z6e5gwzG8UKH3ghv9Sr8ylboIvuF9xuf/BepBe9t2YeHF cW2MS6e/rovZVlPyAp+mWi1OkZ5WaGcVF1eKGLuUz4EGoPf655gWY909QQWEBGx8 +6N4HaA+W0yr0VMTHOWDmlfQ8yZHp5KTqvjDAlILHQXfsr+uHxDhOn2E00/lr+8L B4F0ppwRZW/+KminTmes8deo4Gx+0iIfJia0YbKCpfhYI2emvjjLcHLX81oqypVj HLNkx8eqik6y82nIAUZwrXWxx36NH+EblxleUHW0kmgUV5RG4EZU8Zs+M75nRaww vCL1cx1pL3+fFugoKhrvdZfcXYqodzwPm7rwW2tecs4lU5EWk1Hj73v5/VAPuSHS xFrR4eCJY6irY0hrQ+w2 =2Rue -END PGP SIGNATURE-
Re: [libreplanet-discuss] Gratis software being released as proprietary
ecided one day to simply stop developing its software? What would happen with all the data stored in proprietary formats, or software using their proprietary APIs? What would happen to all of the software that runs only on their operating system? Or what if they did it intentionally, to force users to "upgrade" to something newer? > Finally, I believe there will be great value in creating an extensive FAQ > about Free Software to answer and rebut some of the issues I mentioned > before. I think a thorough, empirical evidence-based issue-by-issue > debunking of Free Software myths would be wonderful. I promise I don't mean > to detract from the topic of this list, but here are two great examples of > what I am talking about for another important topic: That would be a good resource. > P.S. I intentionally did not go into exactly what the science is since > I don't think it is very relevant and would take a lot more space, but > I can explain if you are curious. Feel free to off-list if you'd like. I might be able to provide more specific examples, or alternatives they might be able to consider. Thank you for your efforts! [0]: https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-software/ - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVxXDtAAoJEPIruBWO4w6rHMMQAMgCDyCwMdZoCkdj6zbDvUJm b9LzIi9VHZNycq2YWbiHvRmWY+s52AMd1+tizd71NT+vjGCCkOJhn+4eD+mN5FLR p63Bx5S4YY5KXyDodYxW7k0Ub28VjxSJaZBRgZo2ePoO90F7e1t9dQY24vYnIVjO jjYSLmsaVCnFFFXu87Qfh/ktW2IG+MlT1sNDiwaf67lUaVtPYhQPohOgPQoLHaqP j9tab4DrFMqdmLinyUVZ/k7lEy2C8zWcpYczgdZw5m18Eiaxx1LXdNAfjS7RDA/3 3RzKQncGeIvHvesYC8d/o4629zbWX/InqyFk/rVmYKAsi2xGE7ItrHtIgBvm5NxH YUa4f61WLi6NrdXAG+HPCoeLAn2wJPBDidcY6a56GBE+L2rT4rLoEOPvxsrVgJOT i4d9AkNAokd79mmd+t1zaNDQYzhGOme0Wv9meu/x98D1Mzwda0hTJ7d0Lo9K2VRa 0Hrzszm9KNf9ON1zibe64gLiYZx1rIjqR9PcOshes8tVns17UYf4QmmZKLsDSH/G gUZW+LNuI82TjcPJc2Q1CJ2G+cMO6bJq0CiaUt7ldb6dY2PFfHwTWeC7PsCZJDgn wLJYCgXBoKJhylWIIVXChIgaqB0NcOokj7Td9CLnwfcxH+m4FwAlBij1CWGGCWie nhDV8Ihr8B2wThh4GHoV =oORn -END PGP SIGNATURE-
Re: [libreplanet-discuss] Gratis software being released as proprietary
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Jul 29, 2015 at 22:27:28 +0100, Pen-Yuan Hsing wrote: > I have yet to meet these scientists in person (but will this weekend), > but some common "reasons" I've heard for not releasing gratis software > as Free (as in Freedom) is that they (1) "want to make sure all users > get our most up to date and definitive version"; (2) "want to make > sure the software is well maintained/taken care of"; (3) "afraid of > their hard work being 'stolen' or misappropriated"; and (4) "sounds > like too much extra work when our resources are already streched so > thin". Scientific communities tend to consider software source code in a manner similar to methods: in order to reproduce findings, methods must be provided, and if code is involved, it should also be made available. (Ideally; it's an ongoing effort.) That invalidates #3. How is it different than publishing any other methods? But those arguments demonstrate the most important point: that they are exerting control over their users. #1 states that they do not think that their users are capable of following development of the software (which is an odd thing to say to a scientific community). It also states that they think they know what is best for their users. Can you draw an analogy to any proprietary software that they may use? Windows 10 has been in the news: they think that it is best to provide their users with the most up-to-date software, so much so that certain versions offer no ability to opt out.[0] If they allow redistribution of their software gratis, #1 can still be circumvented anyway by obtaining software from your peers (a good thing). #2 is a fallacy. Who is to say that someone else can't make their software even better? Have they never improved upon someone else's work? Have they ever, as scientists, adapted someone else's work for their own needs, that maybe were different from the original author/researcher's? Of course they have. And how would allowing others to study and modify the code affect maintenance? That is an internal affair (project management). #4 is a copout. In that case---and this is a good idea regardless---there are plenty of resources that you can provide them with to help them to understand the importance of software freedom.[1][2] This is sometimes an alien and uncomfortable concept to others. When suggesting that software be liberated, I usually offer to help. That help might not be in the form of code: it helps to have a guide into unfamiliar territory. [0]: https://www.fsf.org/windows [1]: https://www.fsf.org/blogs/community/user-liberation-watch-and-share-our-new-video [2]: https://www.gnu.org/philosophy/ > > For (4) above, this is especially true for non-profit organisations > since their resources truly are very limited, and they are afraid of > more burden (I know Free Software is actually liberating, I'm just > saying that's what some people are afraid of). For (3), obviously a > Free Software license makes sure that the original developer is fully > attributed. Even then, I wonder what would be some good responses to > (1) through (4)? Also, I don't think "Freedom is paramount, nothing > else matters" is a sufficient catch all response. > > Another possible problem is that these scientists might have actually > hired an outside developer to write this software, and maybe in the > hiring contract the developer made the software proprietary? Is this > something that might have happened? If so, would these conservation > scientists be able to change this? > > The above (1) to (4) are some responses from them that I can > anticipate, but what are some other common "concerns" about switching > to Free Software that I can prepare for? Speaking of which, I wonder > if it'll be nice to make a list of such frequently asked questions > about Free Software for makers of both gratis and for-sale software? > Perhaps it can go on the Libreplanet of FSF websites somewhere? (sorry > it it exists, I confess I haven't been to those sites in a while) If > the list doesn't exist, how can we work together to compile it? > > Regardless of your personal opinion on wildlife conservation, I think > it is safe to say that these people are very well meaning and > sincerely want to do good in this world. They are not greedy/evil > corporations who want to control our lives! The problem is many people > just don't have the digital literacy (I promise I don't mean this in a > condescending way!) to appreciate the issues around software freedom > and why they should care... :( So what is a nice and respectful way to > bring up this problem, and achieve tangible, positive change? This > will be my
Re: [libreplanet-discuss] libreplanet-discuss Digest, Vol 65, Issue 3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Jul 30, 2015 at 10:36:19 -0600, Terry wrote: > I think the single most important strength of open source software is > trust. OSS is by it's very nature open to audit and inspection. Trust is important, but "open source" does not necessarily provide that. Using the term "free" (or "libre") emphasizes the user freedoms essential to that trust, whereas "open source" was explicitly designed to side-step that ethical discussion. https://www.gnu.org/philosophy/open-source-misses-the-point.html - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVuvnsAAoJEPIruBWO4w6rF54P/1DhDTD6fSdLr5ystC0KL4mZ zLBYOiPdrEwzAOOrJ1JZZZgPDdmhh7lqrcI7caPrXGAKYFjH0chKwNrnvgis99xZ tRySC/Dp1osOGlvxiztF4FJougXazahGv2lLkFgPYKRmm53727CaVuQVc+tiD5Wz O90k8OzsjdzW3mqvE/74Wy9I8faZl38nwB+Pj8V5cTn+lnb9pOgrIzulYn9NHBaC 4e84xTHdtwwpPGKAiFt5GxHLmt1Mr2YgxGLQGVQ1SAHdkX+CkOQxkxfd/hSLJMCW Vgk7tpUEL8bbrTy3+3NwSS2QTJ4NMXqRFRWZwjlUNCgcw6Ft1ePPzrQ4RYKl8Qv3 +NR9u9Uq/VIEVXKgrQwb1MrmIuuAoktS6yAemTIzVAR1o6P7sGLBnpeu4xschT3f x4ZZmolwq3ZWQnahHF1xVWVhPbWklCzCNOzG2dEJjsbjJ/AFcjvlNmLF5BjxKTu9 9LUVbXy1IzkzRkJGa3aVdTCfSYaGTRL9HpGssbFw5pO/3BPnhUaScj4CSNV6Lmvu RHvp9RgZsRtnxO7h/J/j4/J0lMkbXWOLhMx9Oo3aztDg1WBJysTRVolewbfHm7Q7 M2+dScdfvG/rebXh/kWtNV8QCn4T7UhGObWcFWAqsET7Yk1v3EO8Ucu+SWuF+K/0 siT24lKjilEYIdcTx876 =iXOT -END PGP SIGNATURE-
[libreplanet-discuss] Mozilla and Pocket
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Has anyone seen any useful campaigns against Mozilla's integration of Pocket? It's distributed with Firefox and is a third-party service that is not only proprietary (in the sense that I cannot host my own instance of it), but also serves proprietary JavaScript. Recent response from them here: http://venturebeat.com/2015/06/09/mozilla-responds-to-firefox-user-backlash-over-pocket-integration/ Perhaps the FSF would be interested in calling them out, along the same lines as they did with Adobe and EME (although those are more fundamental issues). I'd be willing to write something up. - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVevHyAAoJEPIruBWO4w6rCgUQAKhskSAn5Q8QtPvFx/I+tOor 24+Wb171NIG6gwzvfQFm5pkfFi/5fvW//YpIRjAiRCr5FUxjV4kKRhjW3JPcsmHy mgYs6pMKrPKkp5uPl5XIOuQiv0F9A9jeviKTPNsh4RWP8dQ+RHRoZVtf8KZ/ougy ecD0c0u6QtBbpO0yJKcX1nyDfJs9FsMLk0MnEMpBXGmggRjTfy8hkCz2zNxnujyJ 3TDEW1aQF7BXs1zIwJHCN0klVBrR77a5Dy4wDlSHnHxnrQN/PQonVfLVwfU0sQtm OKj5AQ6xkv9Ftm3rRihf2Py8kwrTYwvs92BzHrpfr0hqM3f8jdiVQkm98uRfMXs+ h85by8cB1oG6+iXynuLoUXRUAYZ05351L/h0Y/MNEDUKsjORYXZyC2/O8kKRNdCY 871a0ioRH7F5PklqpbDe4hkTFca4E9vELFCf64D09C7jvl6CoZ98QreacHf9rvxD QGS0yiJVQlXZSzkpcJbiW2LwEF97cyuLKJbHIAmkwcd8B5uFzXlZ0gKUzEIbE7hv QSXmjiyIa/iop9FpLe/zpLMCY816J0Qzuf46uoZ47NE3Ub3Fbxdudkf72v0lxvZf q4KPuY9irzUhf3zkNNmU1ScfUV74TGd0Z5cleokfIcI/4A6De/rYUXJ/T9WurLH/ fh6hVAftdds906qAtaHZ =bkOT -END PGP SIGNATURE-
Re: [libreplanet-discuss] Fwd: The FSF Allows No Derivatives
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, May 15, 2015 at 14:35:09 -0700, Aaron Wolf wrote: > It's put simply in Nina's http://blog.ninapaley.com/2011/07/04/rantifesto/ Thank you for sharing that. - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVVqDOAAoJEPIruBWO4w6rM8wP+wTp/dqEdluqO4TcGmjWhFDT udeTMsjbCY5DYQUFY226yjLIOmOPm9UDTRn7TRO0pPe7yv269d717txM4XI3e/8S 8gI+V5e8ZQRHTrvqKkj4KaK3DMJOnHPoeYXJkii1ylFeB08jhVTwLRN2logGYT5B QR6t3yQcgqfJLnZRPtXH1hCwaElMNFP+23T7+K+5pcwziOfrGAQ6ccpfIFNn1RiF IO0zVlFLdXqrblSsQ5pQ/JOQ1RIblErg2IIlttGlLGJpaCQg9FbR2uTNCIJuvQAQ h4je4ykOOLq7cSGRnhFaGtXdjMkixUInDy+Mt9OEQWqYQLU/bE2pGBipXYbRzjoA TCCQXMyybda+rvZIG+cCFmxjsKWhgoMvET8RkVj7LUhZKnrKIZSIg2Abtd9yZggK +ahjgrmYV58SOq+gQqIeTBCHlxfoAzeDpPi2z/R7sbYJ3UApcz9uRE94/xlcfGDR cVf+w+/4kLSq+xFfttXWPOXCiIIbiX3A3AwKCCZGquHipL6tXUk/Dh99sMbYVi54 ZFA81lkvBW9IR2eA2ltfAsLiCQRT3OSSEEdr4UKCHlvwDyz8fozSYoX8ZES2r0z2 WsCGdWVGE7yNYVf55e6hzq8+fH9yWx+oVmev3jbIePKhpbRrAqYK13zD76o+sZUB ZCDo1WKTwpVC0HWRhkc+ =T2fn -END PGP SIGNATURE-
Re: [libreplanet-discuss] GNU pricing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, May 10, 2015 at 22:28:35 -0400, Rudolf wrote: > someone made a utility that calculates how much you owe after using GNU > tools, kinda like a Software as a Service: > https://github.com/diafygi/gnu-pricing > > the website for it is excellent: > https://diafygi.github.io/gnu-pricing/website/ I can see the intended humor. Unfortunately, it made me more uncomfortable than anything. - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVUW1MAAoJEPIruBWO4w6rt/IQAJOHQjZfFEKO4MvwmVGrVzVD oIH2fd8Ot7Mxlk/aYEDDTEPRNg5f/At7XlxPUyWfIkfJvIDhR1FlOmNlwgiF2A9o 9KkLVzQcWOslryjNmUqPCaRdYsNKbSjPdMsHfq1ME0/1gdGDYWMxI3/rBqK9kDgy M3xuBcgUNVnXw875cR52LGfDbS+RycuSQCOQRzbXsPwTe+WJSLdiemOICe8IPlrd jRbQgZvHaB6z2XksxUWQ53ovV+d823Qx8q4Wg8WkjklcOaWzUhUpkjDwVoFxtJd5 7wZxPfr66YuP6BcBn5oq13fd6zqzxvot8VBdEo/LoqI3psfyFibMxEcAN33GLrMD MqyqG6gksuIA/hIQxwcCNihB9cTwbm3DpsJrItGLl6HazwJ8rt30Qgw8v/jEKzRp 1UGjms3nlxT4i+gWe/5hBe8cKQqlIvKPcXnBL9l8EOBaGHqggu7wMxhp7WqstzlK k9tn/fIwTQd4wP9YMvakYTzNRTFu541Q8n4IP3PZ6wgSbrui9dyTj7yZdiR6+SY9 83HQKNzIUr1vlFgFD9rDeXLyh1a2fq0i/ZyzvSpXia6mOUobCJGbe6YibobV60Th uMo02pMXZH1J42JLWScJ9Yi53qgGDXnBPIulbyu3ACM07eCCnEzDNLbPJfVaVkeG IIUWuodaRcqCVY4BKmBp =uTgC -END PGP SIGNATURE-
Re: [libreplanet-discuss] The FSF Allows No Derivatives,
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Apr 24, 2015 at 20:40:13 -0500, J.B. Nicholson-Owens wrote: >> The FSF's idea is that if people are allowed to modify works of >> opinion, they are going to distort it and misrepresent the original >> author(s). The FSF claims that this is the only possible reason one >> could have for modifying a work of opinion, which is nonsense. > > Where has the FSF claimed this? I'd like to read the evidence for this > claim for myself. Misrepresentation was stated; I'm not sure about the rest of it. https://www.gnu.org/philosophy/copyright-and-globalization.html#opinions "To modify them is to misrepresent the authors; so modifying these works is not a socially useful activity. And so verbatim copying is the only thing that people really need to be allowed to do." https://www.gnu.org/philosophy/license-list.html#OpinionLicenses - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVOvfbAAoJEPIruBWO4w6riHsP+gL097vvtXc4w+Lzl0h5Dam/ Ro/bWdVuiXC6Wibl/O77IXMB5kEoxMiaAm47kyIfQDv5EoYIdLx/oSdhHo++q6x3 2H1BvhCLZ/2oMn6l9DjgcYklYbTy9ueIaXEIexU3PguhLQU494xLoLa58luXPciC 5JCj5CWZehUEAzdFlUtsROD2R16uA11tdLMAJGTOUhUJ9Ecktbknnjo5ylPbB2wj UyJQPJyoeFiH3ckofbCWx3NXrevokSHol0L5Dq8u8FkjqbvoTESQeG5D3+BP2KhY lpHSfqHLRp54lKRQxIPN/c9/EOQ4DTF2vPQZqdeXuM5sSSGHS8jpsKdCOJmNp0BD KChlL3V3exSiTjbgd7Y0x7oasZ5GnP6JfLqXSkQC6xQoBMzw75pGGBPFV4n1Iw/D yNpLpIOjjCnlI55arIotfjvk25W/2n3EbhBDfeAQskl7iRERresjPX3b4L+Y4cNm gAcSwqWwqcZpJSnSYOHbY4q5w/RhN2mvIdAlqpzfPE88XxYvaGDD9MODkg8XNVw7 hwDITIJjUOQeMxSWP+Rq3LZ42apGOcDX+j9P1HPqoTZvAo7tDaSJolbJ32xcL1ai oEvBV49IivKnrd2Zp9N7lmWwrr2fQ/2tEDFeChEwfZ6mgvzhWz7nvtaLW5btl4Rg 30A8eTn2S3ZJDJPMfbXM =jcqh -END PGP SIGNATURE-
Re: [libreplanet-discuss] The FSF Allows No Derivatives,
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Apr 24, 2015 at 15:50:44 -0700, Ali Abdul Ghani wrote: > hi all > to day I find this article > http://onpon4.github.io/other/fsf-no-derivatives/ Is there a part of the article that you wanted to discuss? Software freedom requires considerations that are very different from (albeit with some overlap) expressing one's opinion. The former has a concrete definition and set of ideals; the latter is, well, opinion. I posted my opinions on and evaluation of this topic back when I decided to release all of my works---including works of opinion, such as blog posts---under CC BY-SA: http://mikegerwitz.com/2013/06/All-Thoughts-and-Site-Text-Now-Licensed-Under-CC-BY-SA It touches on many of the same points. Different people will reach different conclusions for their works. For example, consider RMS: "The second class of work is works whose purpose is to say what certain people think. Talking about those people is their purpose. This includes, say, memoirs, essays of opinion, scientific papers, offers to buy and sell, catalogues of goods for sale. The whole point of those works is that they tell you what somebody thinks or what somebody saw or what somebody believes. To modify them is to misrepresent the authors; so modifying these works is not a socially useful activity. And so verbatim copying is the only thing that people really need to be allowed to do."[0] While I disagree with that (rationale in above link), RMS is in a much more sensitive position: he dedicates his life to speaking and conveying his opinions, and assigns very precise semantics to his words. He is an important public figure that is often discussed and often refuted and misrepresented. Out of all those people---and all those heated philosophical spats between free software advocates and everyone else---will allowing derivative works offer too much of a distraction - From his and the FSF's content? I don't know if my personal opinions of my works would change in his position or not; it's not a position that I ever expect myself to be in. [0]: https://www.gnu.org/philosophy/copyright-and-globalization.html#opinions - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVOvysAAoJEPIruBWO4w6ry9UQAIoBQOei0Mx9PKi5nxYpq+7k DktMJ2T0JAHpJI3nytkXsKHyYnbVcgokRd563IEdfpwSvuNA+0m2hIQG2JWvsdIM 0ypsO3QdO2I7URU8D1vKznuhX3v/uuTJSHQOvbnCPtemn2cnsiOPPhcBEw49r4KI 7rnqpfKTEEqZfgdO1oqiJ7UxfptY+JYzoT2vjTLbLJx49oceNLVLeA480u7M1BML vdhIKJBAb7o5z+jRJGBOgzBM3F26FZ+GdR/dlhsLBUxD3TlGeqjncsQghF07lnmW UhcMjGQuPEbAlG87GxaKraPT4dGz1ZUdfZQGT3Kdypz5fkJ0Ah81DC6NfXLTEDuI ecoPQxPolElgntb4+6RPvMtSAomoPYtkiWF2SshvTo2MHiFZ6Xkoe6nvR7+F1pw5 3RXKQ91bDjrEWRi+meon2Yh1ae+pmjYF3TRi/CpBmTP7/f2dX4ElDW0ceSjNEzse k05RVUyKN8L42ywhykyGvh0WjbQIO755LjalsLZr57YrWETzSa4o3GMShPRuf4+q wFixIb+3EyvNrm8YV04KVzPUuCDH//SWAlZvk2j6xyUabl+uG78Fp3YJPmBr2lQ3 c0vC48585VAcn87qkfuz13ssPZup5xvpqJsHGp6DYydZ5NrFOcKslK4VLLNLncWM Z1IM/hKc5q5Gs3CWZlCv =tGdq -END PGP SIGNATURE-
Re: [libreplanet-discuss] support me
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Firstly---sorry for calling you Dmitriy. My mind was somewhere else (definitely not the "To" field!) when I wrote that. On Tue, Apr 14, 2015 at 10:59:33 -0700, Sytse Sijbrandij wrote: > We might have some javascript for Enterprise Edition specific > functionality that is not MIT licensed. If any, it would be trivial > code (most EE functions are ruby code) and we would be willing to MIT > license it by merging it into the Community Edition (although it will > be non-functional there). That would be great; thank you. I'm okay with it being non-functional. Even if trivial, it'd be ideal to freely license it, since that will encourage trust from your users that everything will continue to be freely licensed, and that "trivial" won't be defined too aggressively. > We plan to make the source code of Enterprise Edition downloadable > soon (it will still be non-free software). At that time I would > appreciate someone checking if there is anything to merge into CE > since we are pretty time constrained. I can also give people access > right now if they are interested in checking this. "Anything to merge into CE" being the aforementioned JavaScript? If you have questions of whether such JS code is missing, I'd be more than happy to audit it for you. Access to the source code might be useful if I have questions on whether something is conditional; I otherwise tie minified code back to the CE edition and assume anything I cannot find there is proprietary. Let me know what you had in mind. >> (I am aware of the use of Google Analytics, which is proprietary; it can >> be easily disabled by their domain, so that is less of a concern.) > > GitLab CE also has support for Piwik GitLab.com uses GA, though, which is non-free, so users will have to block that with NoScript/LibreJS/etc. Since that is on its own domain, it's trivial to do; having to block proprietary snippets mixed with GitLab's other JS would be a problem. Fortunately, it seems that we won't have a problem with that! >> Would you mind describing to us the current situation, and whether >> GitLab would be willing to make any guarantees to the community under >> (b)? This would be useful information for the GNU project as well, as >> there have been discussions recently on the ethics of GitHub and the >> like. > > I would love to, but I have a hard time coming out with legally > binding language. We could also do a blog post to put us on record. > But what would we say? GitLab Community Edition will be awesome, > non-artificially restricted, free software until the end of time? I'm not sure we need anything legally binding. What I'm referring to is GitLab.com itself---the software that is hosted there, and whether or not it contains proprietary JS. If GitLab.com provides, for example, the source code for its client-side modifications in a public repository under a free license, that's the only legal assurance we need. Users will use GitLab if they agree with its direction and philosophy. By doing the above, you are demonstrating a commitment toward software freedom. We can only trust that you won't diverge from that, because GitLab would be going back on its word, which is risky - From a PR standpoint. (I'm also not sure what sort of legally binding text you could come up with for this sort of situation, unless you put it in a TOS and we could sue for damages, which I would not recommend that you do. heh) > I'm comfortable doing this out in the open. Thanks for your reply; I'm encouraged by it and I appreciate your commitment to free software. GitLab is a much-needed project for the free software community. - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVLq+vAAoJEPIruBWO4w6rL/gQAMOfHeAKWd4mD6gA/R6Eghas l5MD4BQg1dvXvmFWegHY1GJX5Ge3EU14I92PdWijXcv0NUZ64AER2grXzKSSErHV +xy+7/xjo12m7Fnax/Y4FElEauHdq+pBxmvFr5UysWL6bFjHH7gCvYCVYrIm9iYE Hhb9dRHjYse/KnZMzxdqlrH+sTpmydZ6WbOwqKhw0CV8xt31pydAp9JRn0BwfrlH 6/BMlpF/JJvx121HieEl0kNQ2PsXJentX4EBfoBsNGtyqi0618htAg+FlPx/QcT/ 5T+UhtX0y8i8XsUluj5q/AocHYpFqAcfLYGi3rZU2WJl/up92VNg6HHdbg6WDJgx IsOOS41F+EI1wAdLao4N7pgVOgZ/U8KD9MqMzIt+HT0j8l+FBkAFSRPWB48flM2V TW0jq+Qg58bFer0Zc2idTw+bE0UOOg99wRo8/03kGPyHEIGWBNxrKXQcj9BpCgAb ae07uJwLCn+RyEqg01Rx2GrkzbtKUZhsfZtwLcyhXb0aKQZA1SF2HpHyVObrREZr jjEa1/QSQpiZ7xrq7kW1CmqBmb596/a7DCVGTJtLk57QKbPamKTErdnTzQfsiNmn XBPax//tI5dieqAlxq5fWmcuM5hvaMm06LzuGXU2rgDilbqcIj5YGI8fQJkbwTzW DB/axrXKo5Bvhy6IvxNr =c1Jd -END PGP SIGNATURE-
Re: [libreplanet-discuss] support me
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello again, Dmitriy: On Fri, Mar 06, 2015 at 09:09:01 -0800, Sytse Sijbrandij wrote: > Hope you don't mind the reply to all. Dmitriy and me (founders of > GitLab B.V.) strongly believe that global cooperation is a much > stronger business model than competition without collaboration. We may > disagree on tactics such as what license is best for GitLab and our > use of an open core business model. But I think that we both want to > see more freedom and collaboration in software development. We admire > greatly what Mr. Stallman and the FSF have done and continue to do for > the world. Rather than spending the time on a formal analysis of gitlab.com's served JavaScript, I feel like I may be able to get a better understanding and justification from those that developed it. If you have some extra time, I'd appreciate it. With migrating away from Gitorious, it is important for free software users and hackers to understand what code is running within their browser. LibreJS considerations aside (patches can be submitted for that), are there any proprietary modifications to the JavaScript served by gitlab.com's GitLab instance, or are all sources available either in the vanilla installation or another source code repository? I cannot recommend GitHub to anyone because, although I use it, I must do so with JavaScript disabled, which severely hampers (or even prohibits use of) much of its functionality. It would be excellent if I could state confidently that (a) GitLab is not only excellent software, but its hosting serves Free software and is superior to GitHub not only as software, but also as a host; and (b) that GitLab intends to keep it this way. (I am aware of the use of Google Analytics, which is proprietary; it can be easily disabled by their domain, so that is less of a concern.) Would you mind describing to us the current situation, and whether GitLab would be willing to make any guarantees to the community under (b)? This would be useful information for the GNU project as well, as there have been discussions recently on the ethics of GitHub and the like. If you'd prefer to discuss any details in private, feel free to respond directly to me. I'm interested personally as well, since I'm considering my migration options. Thanks. - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVLNIvAAoJEPIruBWO4w6r0WYQAI1EMtnLkLcO9Cnc4IguE6UB BSwKWs8lN758AoXvTs2i5QFDt+d0es3yK94qsZ1/p5uG5W1+fKtkLCSnNn2+6qqt MjOJ1Ke45np4eD21X2aj6c46AfTz4ucmFgAUVqJeiq7yC8DSRIu37VTIob4C+Nqe NJqA5L5b5y+Ca0KFUaE0xX9L0T8RkUN8fUgoOobVPWAu5dda9LTbiLdj6iNpknIg YjMjM8cn9bUgi9hD6l5msgpv9s4wdy19jJwFFlatiljlWALZQtbQTTWZ7ubO1Wgs bWDsJ4f270n3FTdhErq7j5lEZC7+HgICLj9wlNcy+b11/FaWGEY/BBZGrD6is/y5 CT5LSBXZAYQFhiw3CabscMY0Hg2UwQZPwN9DTDIc8dArYkqrwMB43BfsjkzwqOoX UbscPppVksDziEI1+2EFMuQ/HrgQBueC9Y5RCr5p2QmWLi//ouKhx8FkYF4YsZCV Z//CQDr0q90nuLBv+8qolaaV3QNNKDR+mKquANNVmJx0mYkE1K9YP/Y5cyuJYRHS UmA7WthekOspwMeGaaNWnuOar7d0efsu8Xv2/+75w7kbA8sP2lrXY4BADc7vigGo ts/o/Z3a/z2Uw5cRq6EDKV7JnzoUW03HGKywGcqmomCJKYunNix6nZ+hGwanMd09 vhZYDDLRZzGuEfsrftlX =Q3xa -END PGP SIGNATURE-
Re: [libreplanet-discuss] The JS Trap expanding
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Mar 23, 2015 at 22:22:40 +0100, klez wrote: > Hi all > In particular, I'm singling out: > > * Startpage: https://new.startpage.com/ > * The Internet Archive: https://archive.org/v2 > > I already gave feedback to the Internet Archive about the issue, > asking them to consider freeing their JS, linking to the relevant pages > from the GNU and LibreJS pages. I found out the FSF conducted a > campaign to ask Reddit to free their JS, and I was wondering if > something similar for these other websites would be of interest to > this community. Thanks. I'm the one who performed the reddit audit; I'll forward this on to the JS Developers Task Force and recommend that we take a look. - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVEVl5AAoJEPIruBWO4w6r1ZkP/jtq6eNIxrEfcD7PYTqNpEjf cbw7vf+cXZDjfwwj9O72FiFlqzjS1ODwgLuCtaY+v5FqeBKOwjnRgDdTxTXqS2fl RhBmSp2dQsGxcgVVOonw87l+BmhhVMPa8kihaixUgVnNYkRjv3fntuHN+lHmh3Vd JdO6cqHFyVgfyweL+bOS7QmguNRDUxYmd2+2WbJwpyR919FjPsZrzNWpHf9XBn0R YINu8i4ERRXHhnk5BUxEGNttekcaGMTKks226/bXf1VV+nLLxHfdkQoqIpu5Cpwx USvnUQKj3DYNIQ0rcIiHcmzpVVq0ziBO+3yIw2zL33/eJPiMh+aFo/Thcb1PcPG+ 66x3NNe7Rl0X688WYJLha+FvDF/qa37+lCvVicgGbTrxID/CiU3QZ6pZfjlPHexb Nr1YxuTPb9K/OfnEwpmzKe7a/B03VKyEiWbxSfi5yZGkXru7YPG/rJhOhfgwAbeY ygyhWbefGj4uPv65YQwVyxtf2RRIdjqFEtcD89M2yDQasidqYCO6Nr9g0pxPhDzL V2qOjduEUsn8vIPrhOANCTVDfVIeddrOUQ3uWHXR53Phtws/hFrRdDZ14jSy9baM zUg9aCY9vFt7hAkzeXC3FR1S9kKkyp7+ZvshlZMs+yiIDduULhdJbmC5AsLGn3cJ N+zWkws/WnRtKQf77dPo =7jqk -END PGP SIGNATURE-
Re: [libreplanet-discuss] Libre on Wikipedia
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Mar 11, 2015 at 02:28:09 +0100, Kim Tucker wrote: > The following might be of interest to some members of the LibrePlanet > community: > > https://en.wikipedia.org/wiki/Draft:Libre [...] > https://en.wikipedia.org/wiki/Libre_knowledge Well done. Thank you for all of your work on those. I haven't had the chance to read them as deeply as I would like, but these pages seem comprehensive and well-written. - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVAjmHAAoJEPIruBWO4w6rLQkP/RarhmOvFBqpUdBiV7GYb22b /u/d+jvq0vlKJfzDaepsjooOaHq8Uz5ZvTzA5saE3OXbZ/FnySMX7XXJ8goD0Seh eqJBQ28idH7Vin5hODuh3xPnD6WefLE7Z5E423cxWbvZShHQh9+q62Vuk9GdHd9/ uUGV8+XJ8gXYhfooHpWiKf03NPI+3mEYqUm9J1W+kjUIEDYzA9T3rQfMtNUgttjV O5CcK9WRTFK9wxsIckZwDlw2wyIA5d8lcxJBIiATxDT5yDCmvF8iv4CA3Rej4iXu RpERc0XuFMl9Yzr93sfYacJCVpBQ4ZqBtYL+gp6UNAaGersqwDEdg70Wi/ZoSy+B gxJ+rZnzvRzMobw7eK9brbxQ45zWvN0jAgEqVxTu3mhjA90PfyJLfcPBYiEfA8UG LZWjQ6n9YtT9kRzbQGQ5DHrmkG959jfqKwBdPUjHOs8m1Eqg3/ZBTN3945wMBrjy 0e4IqSGS1xyRQImz2N/NDZ9PwougL2xeDFb7hbptAW9i8zsZSnbkbgSYWRQAuUdU 9f/F/qkEIvaQDfXdxTCDz0eXMuCWjNZFE3O3GiKZyxZDPftb9ogoD7m3tSdLqw6b JGCLRqsJnvxQyD3gO8Lyl/RvU/wDzoX5heTZeF1bDAebuGlYWJgKc9GDD92VlpoM g4+PfH9kx2gtOTwqbLwU =ylk/ -END PGP SIGNATURE-
Re: [libreplanet-discuss] support me
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Mar 10, 2015 at 23:20:13 -0700, Sytse Sijbrandij wrote: > Right now the homepage has an obvious download button, that links to > https://about.gitlab.com/downloads/ this is the recommended way to > install and it contains the source code (ruby is an interpreted > language) although as plain files, not as a git repo. The downloads page lists Debian and RPM packages, which must either be installed or unpacked using specialized tools. I do see that there is a "installation from source code" after clicking on the download button on the homepage, then "alternative installation methods". That was what I was referring to. Maybe a more prominent link to a source package (preferably a tarball, which is traditional) on the downloads page could be included? The development kit, if that is preferred, is another option, so long as it is clear that this is the preferred method for obtaining source code. > A bit lower on the page the term 'open source' is a link that links to > https://gitlab.com/gitlab-org/gitlab-ce/tree/master Ah, I see---I expected that link to take me to an "open source" definition. But the downloads page is a good enough focus. I understand the rationale in your reply. Balancing two distinct user groups is not an easy task, especially when business depends on it. - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVAOLDAAoJEPIruBWO4w6rTZEP/i2D7LvzQinjoeBRScDwGsAV V6vSanhJm/7R07wi7hBwSw8PZeKw+F25dl8LLCAXLvRYVMdGzk5CuuT+K1qpe15I awylCrB5qYqmiP3ie6d7aRhnpvEhMcTaV6duc8m0hx6g/HOWhEHrsiHtYEcMF95W Bwh1gl9IhbyEd4jpJRT8s0TyFDaNJOhEx6TSLXX1d/5tBLI6mvvvoiO79F7Go4yM sVf5GsKDy6WnoX5GaFIeqQE7y7Qre3+MUi1U2QiFs8wHBAIhI5d/QEiduj1nVdnh yhU3MvRRQxg2ddez/yyLsFxbh5046m78ZnjQvMdlEjGmZnLzJWmyKXITRSCnPj+v Yw08OC8hu9eUr0iXzAA+I1gr0XftApO8nSyhvy+Uoh4jT4+U0HPxFy9TOSmvYwb+ E0oHGOMgU/14YLmruhiFxJCiR3orXk7Rhu0YvLat0qb406BXVAs8ptVwNEkegfQr HjXfXM+SfqVCRgFpZ1Qj2rHGQgtNj7elFjQVOg+L8gecQos8R64jvgF1BOLPTyYe xguKinsDosigWz3qLwFdDholBHpZKRVV9Kpc6xDdeYZ6mEnuDnLLF61PB/3FokeC lfDyh0rrczN587H6wwePfY8Tkhy6xbDpIPWj2sfgjA+QR1xCytTt6gt8MDEHqdyg isxdEh6YHaqbmuvvoMWF =LqiT -END PGP SIGNATURE-
Re: [libreplanet-discuss] support me
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Mar 06, 2015 at 09:09:01 -0800, Sytse Sijbrandij wrote: > We may disagree on tactics such as what license is best for GitLab and > our use of an open core business model. But I think that we both want > to see more freedom and collaboration in software development. We admire > greatly what Mr. Stallman and the FSF have done and continue to do for > the world. Admiration is not a substitute for action. GitLab's "Community Edition" is indeed an excellent contribution to the free software community, and fills a niche that is otherwise dominated by GitHub. That is important. I have encouraged use of GitLab CE (most recently to Devuan) in the past, and will continue to offer it as an alternative to GitHub. But I must do so very clearly, and very cautiously. Unfortunately, the "open core" business model that you describe cannot and will not be embraced by the free software community. Freedom and collaboration are necessary consequences of software freedom---it's not that we want to "see more" of it. We want to see more software freedom. Proprietary extensions to GitLab are antithetical to that level of collaboration. In fact, on the surface, we have a situation similar to that of GitHub: collaboration is encouraged, but not when it comes to their software! GitLab has the benefit of encouraging collaboration on its own free software (which I will not discount), but it veils that with proprietary software, and in fact downplays the Free version: https://about.gitlab.com/features/#enterprise GitLab is encouraging both the use of proprietary software and SaaSS[0]. As such, this places free software activists in a very difficult situation to even suggest GitLab, because the mere suggestion will take them to a website that attempts to up^H^Hdownsell them to a proprietary version. In fact, the GNU project cannot, per its guidelines, even recommend or link to GitLab.[1] That's no good! It's not even obvious how to get to the CE edition source code from the homepage. I would encourage GitLab to put more emphasis on their "community edition"---by providing more clear, dedicated pages (preferably its own website, that free software users can link to, that does not try to promote proprietary versions of GitLab) for it, and a very clear link directly to the source code directly on the homepage, as prominent as all other major links. I would also encourage renaming the project from "community edition" to simply "GitLab", and leave the other as "GitLab Enterprise"; all software should be "community edition" by default; why does that need to be stated? If GitLab is focused on developing communities, then that should be implicit. GitLab is a powerful contribution to the free software community, but if it is to thrive as "the" Free alternative---and it could!---then it needs to hold its head high and be an example of those freedoms. Many of us will never agree with the business model you call "open core", but that does not mean a community cannot continue to be built around it that encourages users' freedoms. [0]: https://www.gnu.org/philosophy/who-does-that-server-really-serve.html [1]: https://www.gnu.org/server/standards/README.webmastering.html - -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJU/7UoAAoJEPIruBWO4w6roqkP/ijaBPOIzjOgUMBDCPthvmTI gQpuRQhUFPZJtqNd1r64BCjw9s2I+cTclcvMSUHpnG+F4b/4crNnKcUIVaYHEpHp 0CzOEuA+OIRRKA/f1IZhqUHJz1eW4iDat7MWJzfh8Bc6z2E2qd3sJf+DDXvulEPG HOXiIOssmPCF6aw3Tvo7lDGump9CG45+i+nEq2m2wmRI4lTYnbOxJgsurdN5+DEQ JX44EtN6+pd/BoDrKFdZ9YoaQtJSUS06i1GQQ+dE/U8ykbPONFrHj4hVbkx1dW0y qPp30bN8aNsSy46zTZkxLuoUcJMWFfdSIGQGQ/ZvdoKXn1GxbN4ORcKUS7LptPGs HyghFvTwMzl4YJAO5oGSRrFx+7pRcEJDkzZD9B8Jvw1QCevGn0zsqyFdve5XqfG6 Fm8xJvCZ/zcyjCcrJn0ni8A0YnU01/DD+ZTQm1vsk/QoMrAOqPVfQzXhQTSg+j0T U8MDgJwA+eBPNn5XtIx/izvLQDM3y5Nn4cSY+ednSsCWrZuQER0SwRj6yQcWOL3Y Fh0N8MztILYa0lQoJxh3y3X4I7VGKItKGFPmohCzf54M5A23PcLJvoXpfFe5AdAe E/k4eizlRP9NgJtLVvuYSHVD/1vF1MJrOKJFA2Y19wu/h8U1jtZ84LfodCDqSyRR 8XmZC5K4CRqeJ7zzA7oH =cLFg -END PGP SIGNATURE-
