[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Truth matters when writing software and selecting leaders

From: Martin
Subject: Re: Truth matters when writing software and selecting leaders
Date: Tue, 30 Mar 2021 16:58:04 +0000

On 3/30/21 1:38 PM, Jean Louis wrote:
* Martin <> [2021-03-30 15:51]:
This kind of stories also have some pros. That time Jabber/XMPP network was
getting big "free" promotion from Facebook, Google, etc. Nowadays I'm still
using Jabber/XMPP and I have zero interest of having fb, g+, etc.
I don't remember that neither Google nor Facebook advertised XMPP,
they did not use directly that term. It was a hidden feature to a
degree. I would be definitely contacting Google and Facebook users
would they have XMPP today.

So I would not contribute promotion of XMPP to them, and I am not sure
if XMPP became more popular due to them.
The promotion of XMPP was not coming only from the official advertising campaigns but also from many technical blogs, podcasts and various other media noises partially sponsored by Google/Facebook. You cannot just ignore that facts but anyway for me XMPP is really one of the best p2p communication system till these days.
To really face the modern threats I would just use a term like: "clean
open-source, reproducible, bootrstrappable, secure and free software".
long but at least it explicitly describe what it is about without any
In that sense you minimize the meaning of "free software", as if you
use "open source" it means that maybe it is open source, but also free
of charge -- so there is no definite information that you actually
deal with free software as in liberty.
I don't agree with you. For me still "free software" doesn't explicitly state that the source should be open and even the hidden "freedom" element included in the definition is not precise enough to strictly require from the code to be open as I've explained multiple times in my previous mails. I agree though that open-source code could be released under many non ethical licenses vulnerable to patent trolling, etc but together with "free" word it actually maximize the meaning of my proposed long new term.
What would mean "Clean"? I don't know.

If you wish to avoid confusion simple refer by hyperlink to definition
of free software:

Open source definition misses the point:

Please avoid using the term “open” or “open source” as a substitute for “free 
The above links are the main source of confusion. Instead of redefine basic words, creating blacklist of common synonyms and brainwashing people from their intuitions it would be better to CLEAN finally that mess and Keep It Simple S...?
Please avoid using the term “open” or “open source” as a substitute
for “free software.” Those terms refer to a different set of views
based on different values. The free software movement campaigns for
your freedom in your computing, as a matter of justice. The open
source non-movement does not campaign for anything in this way.

When referring to the open source views, it's correct to use that name,
but please do not use that term when talking about us, our software, or our 
views—that leads people to suppose our views are similar to theirs.

Instead of open source, we say, free software or free (libre)
This is absurd, I would never use only "free software" term for the exactly same reason I'm not using only the word "open-source". For me both cases are not precise and lead to misinterpretations. I don't see the reason to limit my vocabulary from the words you and your organizations simply don't like. If you don't understand the context of using terms like "open" or "open-source" you can just ask for more details. What if any freeware vendors start to use "free software" term to promote their commercial products, how you plan to stop them from doing it? Does the GNU "free software" definition is protected under some trademark laws? If not than why you blindly assume that everyone should use it as it only please you?
Yes, that was ironical. Any word may be misunderstood, but we shall
not change our words to accommodate people who lack certain levels of
Are you saying that the inventor of "free software" term was badly educated?.
Those who install their systems themselves are for me advanced
users. They will hardly go for reproducible builds. If somebody is
downloading few gigabytes of binaries to install on computer, that
somebody will most probably, in the majority of this group of advanced
users, never verify any sources. Hashes and PGP signatures may be
verified automatically by the system package manager.

There will be those who are responsible for security of data and may
like to verify distributions or make their own, those will be doing
verification checks. This group does not belong to group of end users.
Not so long time ago a person who was able to use text editor or any simple applications in the first computers were considered as advanced user. In the early internet years people were putting in their Resume abilities of using web browsers, etc. Nowadays almost every end user is verifying PGP signatures, it's not a rocket science anymore. People are sand-boxing many layers of their working environments, using chroots, jails, containers, various virtualization, etc. There is a devops profession that fully automate complex pipelines and craft a fully transparent recipes so the end user can just click a button to trigger reproducible-builds, bootstrappability, verification, testing, fuzzing, sanitazing and many other features for their software in some nice CI/CD fashion.

I said that terms like "bootstrapping" or "reproducible" do not fall
into definition of free software, those are technical methods of
creation and verification of software.
Yes because your "free software" term is also dedicated mainly for technical methods of modifying and compiling the software.
I have already given few examples that "reproducible" does not mean
secure. You have to compare your reproducible build it with some
original build, and you still have to trust the original build to be
safe. It does not speak of safety, it just speaks of reproducibility
of software as compared to the previous distributor.

For end user it means nothing. End users are majority of user base. If
they trust enough to online distributor to download gigabytes of
software and boot the system, at that moment reproducible builds are
of no importance, as user already expressed the trust to online
distributor. Why now reproduce it oneself?!

Reproducible builds only make sure that software was not tampered as
compared to original build and its repository to the local build.
You are wrong again reproducible-builds is assuring that every end user of the software is able to produce exactly the same binaries from the source-code. So whenever someone would like to temper the official binaries it would be immediately detected by the software community, i.e.:
Example of malicious intent easily to be placed online:

1. Insert various malicious code into GCC, that is to place backdoor
    shells in all kinds of network services.

2. Build GCC.

3. Make new GNU/Linux distribution.

4. Publish it as fully free software, promote it as you wish.

5. Provide hashes of binaries, packages, PGP signatures.

6. Provide reproducibility for all binaries, except of few compilers.

7. Let people install software and verify the reproducible builds.

8. After some time, ping on some servers, like ping the port 7801 and
    then 5 times 7802, knock on the door, and open up the root shell.
Have you ever tried to contribute into GCC or GNU/Linux? Have you ever heard about Diverse Double-Compiling ?
Definition is fine, as definition does not speak of reproducibility,
or bootstrapping, neither of hardware, it is general
Your official definition is too general, hence it's useless in practice now. It's a shame for all RMS/FSF/GNU/Free organizations that for so many years even Guix is not yet fully bootstrappable.
Definition alone cannot help anybody to get free software in their
hardware, that is maybe matter of laws, personal preferences,
lobbying, campaigning for it. Nobody points that out in public. That
is serious problem. Nobody complains to their parliaments.
Obfuscated and pathological free software like GNAT are much bigger problem, because their ridiculous lack of reproducibility and bootstrappability are officially endorsed by the GNU organization.
Back in time all micro computer chips were well defined, their
instruction sets and internals were defined and transparent. Today it
is not so any more.
Today RISCV, OpenPOWER, MIPS, etc are getting more and more popular.
We are in agreement, but we have to act.

The way to go is to convert number of users' machines from proprietary
Windoze to free software OS. Then it will create an impact. Thus
contributing to FSF campaigns will make the actual change.
I don't like free software OS like MacOSX neither even though it's based on open source FreeBSD  ;)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]