Re: Truth matters when writing software and selecting leaders

[Martin]

On 3/30/21 9:10 AM, Jean Louis wrote:
> * Martin <smartin@disroot.org> [2021-03-30 11:07]:
> > On 3/29/21 12:26 PM, Jean Louis wrote:
> I do not think that Facebook is freeware software, it is cloud service
> provider. There are Facebook applications and messengers, maybe you
> mean those?  See: https://en.wikipedia.org/wiki/Freeware
>
> Look, even a prison gives you some kind of a freedom to sit in the
> cell and associate with other prisoners, within specific
> boundaries.
>
> So the freedom in Facebook is there, it is just within prison
> walls. For example, if you wish to get contacted by somebody who is
> not FB-prisoner, you must invite free citizen to become FB-prisoner
> to enter prison walls, as only from inside you can talk to each
> other.
Exactly this is also one of the reason why the world "freedom" is not 
any better than "free". Even if we would decide to use "freedom 
software" instead of "free software" the core issue would be similar. 
Both terms are very not precise for nowadays realities.
> Back in past, it was possible, and I remember doing so. I have been
> using Jabber network and I could freely contact Google Plus users
> through Jabber network and I could freely contact Facebook users
> through Jabber/XMPP network. It was possible to send email to Facebook
> friend without being Facebook user or having Facebook account, they
> would answer in their inbox to such email, and you would get
> reply. Today it is not possible.
This kind of stories also have some pros. That time Jabber/XMPP network 
was getting big "free" promotion from Facebook, Google, etc. Nowadays 
I'm still using Jabber/XMPP and I have zero interest of having fb, g+, etc.
> I get it, that is how you misinterpreted it.
>
> Well, Facebook is not free software, it is online service, and social
> network. Applications made by Facebook are free software.
Facebook has also big impact of the web evolution in general. Together 
with Google, MS, Amazon, etc they are creating web prisons heavily 
obfuscated with their javascript trash. It's almost impossible to browse 
modern websites (their "free" applications) in pure GNU "free software" 
environments.
> You are free to introduce any new words into English or any other
> language. Why not? Is there a law forbidding that? Languages are
> changing throughout the centuries, the word "Libre" is today English
> word and it has its special definition for software.
To really face the modern threats I would just use a term like: "clean 
open-source, reproducible, bootrstrappable, secure and free software". 
It's long but at least it explicitly describe what it is about without 
any confusion.
> > The problem I mentioned above is that "free software" unfortunately
> > could also mean freeware for too many people who are not
> > professional English linguists nor IT specialists.
> That is right, for people on lower literacy level it can mean
> anything, including "freeze". For children it may mean just
> nothing. The word "free" is definitely one of most common words in
> English. As I said, if there is any confusion, that means person did
> not verify the context where word is used.
You could say exactly the same about the word "open-source". It's very 
common nowadays and "...if there is any confusion, that means person did 
not verify the context where word is used."
> Reproducible build of software is not related to class of
> software. While it does seem important, it is more hypothetical rather
> than practical. End user usually does not have enough knowledge to
> verify software, regardless of all the PGP keys and
> hashes. Verification is more for group of people skilled in
> security. Even they will make grave mistakes. For example they could
> be downloading software from a mirror and verify PGP signatures and
> hashes that have been published on a mirror, but would not maybe
> verify original PGP signatures and original hashes. Some people may be
> tricked with domain names. Reproducible builds are far far from
> practical users' data security. Guix is doing well in that
> direction. All that is not related to free software definition.
The precursor and the current leader of reproducible-builds efforts is 
still the Debian project. It's not hypothetical effort anymore, there 
are more and more serious and big projects where this concept is used in 
practice, i.e.: Bitcoin, Guix, Coreboot, etc. The biggest benefit for 
the end user is the possibility to easily reproduce their source code 
and verify its compiled binaries with the whole community who is using 
it. This is so far the only way to fight against "Volkswagen emissions 
scandal" cases, where compromised dev environments could inject any 
malicious code to our "free software".
> I agree that software should be boostrappable from software that one
> can understand and inspect. But that is for many software today not
> so. Example is Haskell compiler that can only be compiled with
> previous Haskell compiler. I have tried my best to compile it fully
> from original source, but pieces of information are missing and it was
> not practically possible, and now after few years, I think it is
> impossible.
I'm not an expert in Haskell but maybe this effort will interest you: 
https://github.com/oriansj/blynn-compiler . The low-level assemblers and 
C language is Turing-complete so theoretically is very possible to 
implement everything on it. Besides the very first version of the 
high-level language like Haskell is not coming from its clone, it would 
be ridiculous.
> Yes, GNU Guix has solution to fully bootstrap system, it will come
> there, if it is not yet there, and I hope that solution will be useful
> for other distributions. Bootstrapping does not belong into definition
> of free software. But what cannot be said to be free software is a
> compiler that cannot be compiled or bootstrapped itself. Again,
> practically, the bootstrapping technique means something only to people
> skilled in security, it means little to end users. I just hope that we
> get boostrappable systems.
Using similar argumentation you could also say that "free software" in 
general means nothing to end users who are not skilled in security. 
Thompson attack is a real issue: 
https://twitter.com/_markel___/status/1373059797155778562 , you cannot 
trust your "free software" if you don't trust your compiler. You cannot 
trust your compiler if you don't trust your hardware. You cannot trust 
your hardware if you cannot validate the full fabrication process of it. 
The design of the whole system and chain of trust should be fully 
auditable be default.

Worth to highlight is also the fact that most of the software we are 
using nowadays is highly overpowered, they are able to create full blown 
computers inside of your own computer, inside your font, MMU chip, etc: 
https://www.gwern.net/Turing-complete . Conclusions are still the same: 
the definition of "free software" is outdated and it doesn't scale to 
protect the whole philosophy of software freedom from the arising real 
technological threats.