[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Truth matters when writing software and selecting leaders
From: |
Martin |
Subject: |
Re: Truth matters when writing software and selecting leaders |
Date: |
Tue, 30 Mar 2021 16:58:04 +0000 |
On 3/30/21 1:38 PM, Jean Louis wrote:
* Martin <smartin@disroot.org> [2021-03-30 15:51]:
This kind of stories also have some pros. That time Jabber/XMPP network was
getting big "free" promotion from Facebook, Google, etc. Nowadays I'm still
using Jabber/XMPP and I have zero interest of having fb, g+, etc.
I don't remember that neither Google nor Facebook advertised XMPP,
they did not use directly that term. It was a hidden feature to a
degree. I would be definitely contacting Google and Facebook users
would they have XMPP today.
So I would not contribute promotion of XMPP to them, and I am not sure
if XMPP became more popular due to them.
The promotion of XMPP was not coming only from the official advertising
campaigns but also from many technical blogs, podcasts and various other
media noises partially sponsored by Google/Facebook. You cannot just
ignore that facts but anyway for me XMPP is really one of the best p2p
communication system till these days.
To really face the modern threats I would just use a term like: "clean
open-source, reproducible, bootrstrappable, secure and free software".
It's
long but at least it explicitly describe what it is about without any
confusion.
In that sense you minimize the meaning of "free software", as if you
use "open source" it means that maybe it is open source, but also free
of charge -- so there is no definite information that you actually
deal with free software as in liberty.
I don't agree with you. For me still "free software" doesn't explicitly
state that the source should be open and even the hidden "freedom"
element included in the definition is not precise enough to strictly
require from the code to be open as I've explained multiple times in my
previous mails. I agree though that open-source code could be released
under many non ethical licenses vulnerable to patent trolling, etc but
together with "free" word it actually maximize the meaning of my
proposed long new term.
What would mean "Clean"? I don't know.
If you wish to avoid confusion simple refer by hyperlink to definition
of free software: https://www.gnu.org/philosophy/free-sw.html
Open source definition misses the point:
https://www.gnu.org/philosophy/open-source-misses-the-point.en.html
Please avoid using the term “open” or “open source” as a substitute for “free
software.”
https://www.gnu.org/philosophy/words-to-avoid.html#Open
The above links are the main source of confusion. Instead of redefine
basic words, creating blacklist of common synonyms and brainwashing
people from their intuitions it would be better to CLEAN finally that
mess and Keep It Simple S...?
Please avoid using the term “open” or “open source” as a substitute
for “free software.” Those terms refer to a different set of views
based on different values. The free software movement campaigns for
your freedom in your computing, as a matter of justice. The open
source non-movement does not campaign for anything in this way.
When referring to the open source views, it's correct to use that name,
but please do not use that term when talking about us, our software, or our
views—that leads people to suppose our views are similar to theirs.
Instead of open source, we say, free software or free (libre)
software.
This is absurd, I would never use only "free software" term for the
exactly same reason I'm not using only the word "open-source". For me
both cases are not precise and lead to misinterpretations. I don't see
the reason to limit my vocabulary from the words you and your
organizations simply don't like. If you don't understand the context of
using terms like "open" or "open-source" you can just ask for more
details. What if any freeware vendors start to use "free software" term
to promote their commercial products, how you plan to stop them from
doing it? Does the GNU "free software" definition is protected under
some trademark laws? If not than why you blindly assume that everyone
should use it as it only please you?
Yes, that was ironical. Any word may be misunderstood, but we shall
not change our words to accommodate people who lack certain levels of
education.
Are you saying that the inventor of "free software" term was badly
educated?.
Those who install their systems themselves are for me advanced
users. They will hardly go for reproducible builds. If somebody is
downloading few gigabytes of binaries to install on computer, that
somebody will most probably, in the majority of this group of advanced
users, never verify any sources. Hashes and PGP signatures may be
verified automatically by the system package manager.
There will be those who are responsible for security of data and may
like to verify distributions or make their own, those will be doing
verification checks. This group does not belong to group of end users.
Not so long time ago a person who was able to use text editor or any
simple applications in the first computers were considered as advanced
user. In the early internet years people were putting in their Resume
abilities of using web browsers, etc. Nowadays almost every end user is
verifying PGP signatures, it's not a rocket science anymore. People are
sand-boxing many layers of their working environments, using chroots,
jails, containers, various virtualization, etc. There is a devops
profession that fully automate complex pipelines and craft a fully
transparent recipes so the end user can just click a button to trigger
reproducible-builds, bootstrappability, verification, testing, fuzzing,
sanitazing and many other features for their software in some nice CI/CD
fashion.
No.
I said that terms like "bootstrapping" or "reproducible" do not fall
into definition of free software, those are technical methods of
creation and verification of software.
Yes because your "free software" term is also dedicated mainly for
technical methods of modifying and compiling the software.
I have already given few examples that "reproducible" does not mean
secure. You have to compare your reproducible build it with some
original build, and you still have to trust the original build to be
safe. It does not speak of safety, it just speaks of reproducibility
of software as compared to the previous distributor.
For end user it means nothing. End users are majority of user base. If
they trust enough to online distributor to download gigabytes of
software and boot the system, at that moment reproducible builds are
of no importance, as user already expressed the trust to online
distributor. Why now reproduce it oneself?!
Reproducible builds only make sure that software was not tampered as
compared to original build and its repository to the local build.
You are wrong again reproducible-builds is assuring that every end user
of the software is able to produce exactly the same binaries from the
source-code. So whenever someone would like to temper the official
binaries it would be immediately detected by the software community,
i.e.: https://github.com/bitcoin-core/gitian.sigs/
Example of malicious intent easily to be placed online:
1. Insert various malicious code into GCC, that is to place backdoor
shells in all kinds of network services.
2. Build GCC.
3. Make new GNU/Linux distribution.
4. Publish it as fully free software, promote it as you wish.
5. Provide hashes of binaries, packages, PGP signatures.
6. Provide reproducibility for all binaries, except of few compilers.
7. Let people install software and verify the reproducible builds.
8. After some time, ping on some servers, like ping the port 7801 and
then 5 times 7802, knock on the door, and open up the root shell.
Have you ever tried to contribute into GCC or GNU/Linux? Have you ever
heard about Diverse Double-Compiling https://dwheeler.com/trusting-trust/
?
Definition is fine, as definition does not speak of reproducibility,
or bootstrapping, neither of hardware, it is general
definition.
Your official definition is too general, hence it's useless in practice
now. It's a shame for all RMS/FSF/GNU/Free organizations that for so
many years even Guix is not yet fully bootstrappable.
Definition alone cannot help anybody to get free software in their
hardware, that is maybe matter of laws, personal preferences,
lobbying, campaigning for it. Nobody points that out in public. That
is serious problem. Nobody complains to their parliaments.
Obfuscated and pathological free software like GNAT are much bigger
problem, because their ridiculous lack of reproducibility and
bootstrappability are officially endorsed by the GNU organization.
Back in time all micro computer chips were well defined, their
instruction sets and internals were defined and transparent. Today it
is not so any more.
Today RISCV, OpenPOWER, MIPS, etc are getting more and more popular.
We are in agreement, but we have to act.
The way to go is to convert number of users' machines from proprietary
Windoze to free software OS. Then it will create an impact. Thus
contributing to FSF campaigns will make the actual change.
I don't like free software OS like MacOSX neither even though it's based
on open source FreeBSD ;)
- Re: Truth matters when writing software and selecting leaders, Martin, 2021/04/03
- Re: Truth matters when writing software and selecting leaders, Jean Louis, 2021/04/03
- Re: Truth matters when writing software and selecting leaders, Martin, 2021/04/03
- Re: Truth matters when writing software and selecting leaders, Jean Louis, 2021/04/03
- Re: Truth matters when writing software and selecting leaders, Martin, 2021/04/03
- Re: Truth matters when writing software and selecting leaders, Jean Louis, 2021/04/03
- Re: Truth matters when writing software and selecting leaders,
Martin <=
- Re: Truth matters when writing software and selecting leaders, shulie, 2021/04/03
- Re: Truth matters when writing software and selecting leaders, Jean Louis, 2021/04/03
- Re: Truth matters when writing software and selecting leaders, Martin, 2021/04/04
- Re: Truth matters when writing software and selecting leaders, Jean Louis, 2021/04/04
- Re: Truth matters when writing software and selecting leaders, Jacob Bachmeyer, 2021/04/06
- Re: Truth matters when writing software and selecting leaders, Martin, 2021/04/06
- Re: Truth matters when writing software and selecting leaders, Jean Louis, 2021/04/06
- Re: Truth matters when writing software and selecting leaders, Martin, 2021/04/08
- Re: Truth matters when writing software and selecting leaders, Jean Louis, 2021/04/13
- Re: Truth matters when writing software and selecting leaders, Martin, 2021/04/14