[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Truth matters when writing software and selecting leaders

From: Martin
Subject: Re: Truth matters when writing software and selecting leaders
Date: Tue, 30 Mar 2021 12:51:42 +0000

On 3/30/21 9:10 AM, Jean Louis wrote:
* Martin <> [2021-03-30 11:07]:
On 3/29/21 12:26 PM, Jean Louis wrote:
I do not think that Facebook is freeware software, it is cloud service
provider. There are Facebook applications and messengers, maybe you
mean those?  See:

Look, even a prison gives you some kind of a freedom to sit in the
cell and associate with other prisoners, within specific

So the freedom in Facebook is there, it is just within prison
walls. For example, if you wish to get contacted by somebody who is
not FB-prisoner, you must invite free citizen to become FB-prisoner
to enter prison walls, as only from inside you can talk to each
Exactly this is also one of the reason why the world "freedom" is not any better than "free". Even if we would decide to use "freedom software" instead of "free software" the core issue would be similar. Both terms are very not precise for nowadays realities.
Back in past, it was possible, and I remember doing so. I have been
using Jabber network and I could freely contact Google Plus users
through Jabber network and I could freely contact Facebook users
through Jabber/XMPP network. It was possible to send email to Facebook
friend without being Facebook user or having Facebook account, they
would answer in their inbox to such email, and you would get
reply. Today it is not possible.
This kind of stories also have some pros. That time Jabber/XMPP network was getting big "free" promotion from Facebook, Google, etc. Nowadays I'm still using Jabber/XMPP and I have zero interest of having fb, g+, etc.
I get it, that is how you misinterpreted it.

Well, Facebook is not free software, it is online service, and social
network. Applications made by Facebook are free software.
Facebook has also big impact of the web evolution in general. Together with Google, MS, Amazon, etc they are creating web prisons heavily obfuscated with their javascript trash. It's almost impossible to browse modern websites (their "free" applications) in pure GNU "free software" environments.
You are free to introduce any new words into English or any other
language. Why not? Is there a law forbidding that? Languages are
changing throughout the centuries, the word "Libre" is today English
word and it has its special definition for software.
To really face the modern threats I would just use a term like: "clean open-source, reproducible, bootrstrappable, secure and free software". It's long but at least it explicitly describe what it is about without any confusion.
The problem I mentioned above is that "free software" unfortunately
could also mean freeware for too many people who are not
professional English linguists nor IT specialists.
That is right, for people on lower literacy level it can mean
anything, including "freeze". For children it may mean just
nothing. The word "free" is definitely one of most common words in
English. As I said, if there is any confusion, that means person did
not verify the context where word is used.
You could say exactly the same about the word "open-source". It's very common nowadays and "...if there is any confusion, that means person did not verify the context where word is used."
Reproducible build of software is not related to class of
software. While it does seem important, it is more hypothetical rather
than practical. End user usually does not have enough knowledge to
verify software, regardless of all the PGP keys and
hashes. Verification is more for group of people skilled in
security. Even they will make grave mistakes. For example they could
be downloading software from a mirror and verify PGP signatures and
hashes that have been published on a mirror, but would not maybe
verify original PGP signatures and original hashes. Some people may be
tricked with domain names. Reproducible builds are far far from
practical users' data security. Guix is doing well in that
direction. All that is not related to free software definition.
The precursor and the current leader of reproducible-builds efforts is still the Debian project. It's not hypothetical effort anymore, there are more and more serious and big projects where this concept is used in practice, i.e.: Bitcoin, Guix, Coreboot, etc. The biggest benefit for the end user is the possibility to easily reproduce their source code and verify its compiled binaries with the whole community who is using it. This is so far the only way to fight against "Volkswagen emissions scandal" cases, where compromised dev environments could inject any malicious code to our "free software".
I agree that software should be boostrappable from software that one
can understand and inspect. But that is for many software today not
so. Example is Haskell compiler that can only be compiled with
previous Haskell compiler. I have tried my best to compile it fully
from original source, but pieces of information are missing and it was
not practically possible, and now after few years, I think it is
I'm not an expert in Haskell but maybe this effort will interest you: . The low-level assemblers and C language is Turing-complete so theoretically is very possible to implement everything on it. Besides the very first version of the high-level language like Haskell is not coming from its clone, it would be ridiculous.
Yes, GNU Guix has solution to fully bootstrap system, it will come
there, if it is not yet there, and I hope that solution will be useful
for other distributions. Bootstrapping does not belong into definition
of free software. But what cannot be said to be free software is a
compiler that cannot be compiled or bootstrapped itself. Again,
practically, the bootstrapping technique means something only to people
skilled in security, it means little to end users. I just hope that we
get boostrappable systems.
Using similar argumentation you could also say that "free software" in general means nothing to end users who are not skilled in security. Thompson attack is a real issue: , you cannot trust your "free software" if you don't trust your compiler. You cannot trust your compiler if you don't trust your hardware. You cannot trust your hardware if you cannot validate the full fabrication process of it. The design of the whole system and chain of trust should be fully auditable be default.

Worth to highlight is also the fact that most of the software we are using nowadays is highly overpowered, they are able to create full blown computers inside of your own computer, inside your font, MMU chip, etc: . Conclusions are still the same: the definition of "free software" is outdated and it doesn't scale to protect the whole philosophy of software freedom from the arising real technological threats.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]