Re: [Trisquel-users] Smart Phone Recommendations, Please
Are there any phones (apart from the soon-to-be Neo900) where it can be verified that the modem *is* off when 'disabled', and not just pretending to be? Perhaps more to the point, is this an issue which can be solved by (say) flashing Replicant to a device with decent modem isolation, or does this require it to be designed in a way no phone had yet been? Sorry if this question can easily be answered or is a bit vague.
Re: [Trisquel-users] Questions about determining what is free software
It's coming up in the forum, so that's a good sign :).
Re: [Trisquel-users] Intel AMT
>Anyway not every computer has it, because some models don't >have AMT/ME at all. In this case Libreboot shouldn't share >inaccurate information, What you say is correct, but Libreboot never seems to have claimed otherwise. Their FAQ, which I presume is what you are referencing, states in bold that the ME is "present on all Intel desktop, mobile (laptop), and server systems since mid 2006." This assertion does seem accurate. >and also what does it mean that you can't turn it off? >Because on Lenovo x220 you can disable AMT, These are separate issues. The AMT can be turned off or not present at all (presuming Intel/OEMs are honest- see below), as is exemplified in a number of devices if I remember correctly. The ME, however, is a different kettle of colored horses. Their *are* no BIOS switches for this little beast, and only in the earliest models (pre-X220 for sure) can it be switched off or removed. Later models have a hard-coded check, which will switch off the device after 30 minutes if the ME is not found. It also performs some hardware-init stuff, I think, although that's only required at boot. >but is it totally or partially disabled and how can you >affirm that (anyone knows how hardware really works?)? For the ME, I'm pretty sure the standard way to check is by removing all traces of the code from the flash chip- if the ME is still required, then it wouldn't work. For the AMT, I'm not quite so certain about the method- I'd imagine the best you can do is check if the AMT stops offering the services one would expect to (remote shutdown etc.). That said, this is just a total guess- the only one I can tell you about is the ME. As regards how the hardware works, the basic idea is that the ME is a little chip embedded inside the main processor, which then has full control over the main processor. It reads from a flash chip, which is writable (the ME can update its OS). That's awfully vague, and probably about the extent of my knowledge, but it's the basic concept nonetheless. >Libreboot and also other sites should specify these issues, >otherwise is not an objective information, is an useless >alarm that seems useful only to sell Libreboot computers "Libreboot" doesn't make *any* profit from Libreboot computers to the best of my knowledge; Leah, the lead developer, does, but that is a secondary issue nonetheless. The primary concern is whether the description is accurate. In that regard, it is an excellent and comprehensive description of how the ME has developed as an obstruction to free computing over time. Your facts cited above are equally correct, certainly, but they're about the AMT. This is *not* the same as the ME, in that it can be avoided, often disabled (albeit through a proprietary BIOS) and perhaps might be considered a piece of software in its own right rather than just complex firmware.
Re: [Trisquel-users] A Liberated Version of Youtube-DL is Almost Here!
You do have a fair point. Although my views align with SuperTramp's, I can understand how those who are less inclined to completely trample over copyright restrictions may not see that statement in such a positive light. However, it seems questionable that the execution of JavaScript is *with* the author's consent and the downloading of the videos *without*. In regards to the JavaScript, it is stated in YouTube's TOS that "You agree not to access Content through any technology or means other than the video playback pages of the Service itself, the Embeddable Player, or other explicitly authorized means YouTube may designate." (from https://trisquel.info/en/forum/you-cannot-watch-youtube-libre-software-computer#comment-113304). This would seem to imply non-consent to use of the 'JavaScript engine' in YouTube-DL for the purpose of downloading videos- potentially there would be no objections to running the JavaScript for other purposes, but that is beside the point. For downloading of videos, there is of course non-consent in some sense, highlighted in the TOS quote above. On the other hand, though, official music videos have been posted online, for free, in a public space under the auspices of the publishers themselves (or at least with their implicit consent). This to me suggests permission, or even encouragement, from the copyright holders to download a copy and have a look. They might not want you holding a copy on your hard drive, or using a third-party interface to YouTube, but that's a separate issue- the former can be administered at will with the delete key, and the latter is the only way to access *any* YouTube video without running 10 tonnes of full-strength JS.
Re: [Trisquel-users] A Liberated Version of Youtube-DL is Almost Here!
Thank you for linking that! Also, it would definitely be a good idea to consolidate discussion. I'll sign up right now (I should have earlier, but... better late than never, perhaps).
Re: [Trisquel-users] A Liberated Version of Youtube-DL is Almost Here!
Thanks for the link- looks good! As a side note, it may be worth mentioning that avideo will automatically overwrite youtube-dl, so that any software which uses youtube-dl should (minus error messages) automatically be compatible. That said, it doesn't hurt to check- and it would definitely be good to point the terminal-averse to a GUI, so they too can be free.
Re: [Trisquel-users] A Liberated Version of Youtube-DL is Almost Here!
>What has been the functionality lost while liberating it? The main function lost has been the ability to download YouTube videos with 'encrypted signatures'. These videos have a scrambled (not even encrypted, really) ID used in place of the 'real' video ID in their video page, requiring a separate proprietary script be downloaded and run from YouTube; thus, these videos are 'off-limits' until it becomes feasible to reverse engineer the algorithm used. *HOWEVER*, this only affects those videos which use it- likely music videos/movies in most cases, which means most should work fine. Also lost are the ability to log in to iQiyi, and the integrated update command. The former is for reasons of freedom also, as it requires executing some 'SDK' script downloaded from their site in order to authenticate the user. The latter, admittedly, isn't so much for reasons of liberty as convenience; frankly, I see no reason to add ANOTHER update utility rather than just allowing the user to use their main one (with a PPA/repository to offer up-to-date packages). >Is Soon.to.be.Free the same person as "Grace Past"? We are indeed the same sentient being. I can't confirm or deny that I'm a human being though :). > Google supposedly has the motto "Don't be evil", but they >are very evil, while pretending they're good and caring for >people It really is a pity that they've ended up like this. Although it might be naive to presume they were above corporate greed, they did show leadership in 'open-sourcing' Android- surely not being totally oblivious to what potential profits it could bring- and even acquiring YouTube, given the lack of copy protection in the service (in 2007, anyway). Perhaps I'm exaggerating the risk-taking and forward-thinking mindset exhibited. Even if so, though, it's sad to see how 'corporate' they are now, with the fabled '20% on work, 80% on your own projects' policy perhaps the last remaining monument to their innovation-prone startup origins.
Re: [Trisquel-users] Questions about determining what is free software
>How can it be determined if a piece of software is free? Software is considered free if it satisfies the four software freedoms, as outlined by the FSF: *The freedom to run the program as you wish, for any purpose (freedom 0). *The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). *The freedom to redistribute copies so you can help your neighbor (freedom 2). *The freedom to distribute copies of your modified versions to others (freedom 3). The ability to do all these things using only free software is also implicitly demanded, and (for some circumstances) avoidance of any form of advertising (explicit or not) of proprietary software must also be satisfied. >If I am installing software from Trisquels apt-get via >the command line, is that software guaranteed to be free Trisquel promises it will be free, and you can usually trust them on this. However, mistakes can be made; if you discover some available software is proprietary, report it and it should be dealt with. >It is not clear to me if apt-get is distro specific or not. It is in a sense; what software is available depends on the 'repositories' in which apt-get is told to look for software. The ones your apt-get is using will be listed in /etc/apt/sources.list; likely, they'll just be the standard Trisquel ones, which means you can trust them to deliver only free software. >what tools do I have for determining if it is free? I'm not sure if there's a better way (there probably is), but you can find the text of a program installed with apt-get's license in /usr/share/doc//copyright. If the license is free, the program's almost certainly free; otherwise, it's not. Occasionally, programs can be released under free licenses but not be free- the most common examples are Firefox and Thunderbird, which have their code released under a free license, but are non-free because their trademark policy prevents users from selling any Mozilla-branded programs. >Is it fair to assume there is free software that may not be >listed in the FSF Free Software Directory? Their definitely is. Most reasonably well-known free software will be listed, but any project which nobody has bothered/thought to list will be in the directory, even if it's free. Anyone who wants to, though, can do so- simply sign up for an FSF account (it's free) and edit the page. >Is it all about a piece of software having a free license? That's generally the main factor. Technically, the key thing is offering the 4(-6) freedoms listed above. A free license usually guarantees these; on occasions things like trademarks (e.g. Firefox) can get in the way, but that's exceedingly rare. >I have been have been meaning to do more research about the >licenses but haven't gotten far so I am not too >knowledgeable, That's OK! The FSF keeps a list of free licenses: https://www.gnu.org/licenses/license-list.html#SoftwareLicenses. You'd be pretty lucky to find free software under a license not on that list, so it's a good guide. Apart from that, though, it's always possible to ask if you're not sure. >is this even possible to determine before downloading and >install the software? If you check the program's website/page, it'll often list the license somewhere on there. Alternatively, if you found it via the 'apt search' command on Trisquel, it's probably a safe bet that it is free. Conversely, if there's no link to the source code on the download page and it's not hosted on a forge (e.g. NotABug, Github), then it's probably not free.
Re: [Trisquel-users] leak of windows source software. Beneficial?
It appears the story, as posted by the Register, may be somewhat sensationalist: https://www.betaarchive.com/forum/viewtopic.php?t=37283 gives a clarification. Regardless, there's probably not much that can come from it besides a minor privacy review (and Heather's spark idea, which sounds quite practical- a 100% libre Microsoft logo generator!). Not only is this a "relatively minor" leak, containing only a few items of at most tangential interest, it's still proprietary.
Re: [Trisquel-users] Technoethical T400s now available
Just to clarify, I in no way intended (or intend) to imply that such a suggestion is an insult. Personally, I don't see any reason to presume the comment was in bad faith or negative. However, Tiberiu didn't see it the same way, as was borne out in later comments, and so (in light of a lack of alternatives) it seemed reasonable to presume that was the object of the reference. That said, I can't speak on anybody's behalf, and certainly don't want to imply that this is somehow certainly the correct reading of the comment.
Re: [Trisquel-users] Technoethical T400s now available
I can't speak for Tiberiu, but I believe the reference may have been to https://trisquel.info/en/forum/arrested-filming-ceo-thinkpenguin-inc-arrested-filming-police-faces-year-prison#comment-113992, where Chris claimed Ian was suffering from mental health issues.
Re: [Trisquel-users] New Trisquel 8 alpha images
You might be better off using the dd command (but please read the warning below first!). Open a terminal, type 'dd if=/path/to/ISO of=/dev/sdX' (/path/to/ISO is the file path of the ISO, and /dev/sdX is the USB device found in little grey letters in the title bar of GNOME disks when you have the USB selected). Then press enter, wait for the prompt to return, and you should be done! *WARNING*: Make 100% sure you have the right USB file before copying. If you get it wrong, you could end up overwriting the start of your hard drive or some other thing, which will not be fun at all. If you have any doubts, double check here: I can assure you dd'ing to the wrong device makes permanently deleting the wrong file seem tiny in comparison.
Re: [Trisquel-users] A Liberated Version of Youtube-DL is Almost Here!
Yes! Although it would be unreasonable to expect perfection in reducing JS requirements, the amount some sites use is ridiculous. When entire sections of the page are missing because a web developer somewhere decided on compulsory accordion-boxes or some other 'design feature', or (even worse) the enable-JS popup actually prevents a site that would work reasonably WITHOUT JS from being usable, it shows just how much form is prioritized over function. It's depressing, to be honest.
Re: [Trisquel-users] A Liberated Version of Youtube-DL is Almost Here!
Just been released! NotABug Repository
Re: [Trisquel-users] A Liberated Version of Youtube-DL is Almost Here!
>with youtube-dl and vlc, what data am I giving up by using >that tiny bit of JS used for making URLs readable? What you've asked is an extremely good question, and the answer should be made absolutely clear: At present, the JavaScript engine does not implement *any* functionality which threatens the privacy or security of the user. As a member of the security/privacy camp of software freedom myself, this means I have no direct qualms with the current use of JS. However, there are still two reasons that it is important an alternative is developed: *User choice. Stallman has unequivocally declared his dissatisfaction with the current state of affairs, and so I am sure there are at least a few others who must also be unwilling to accept it. *The precedent set. Although the current state of affairs isn't too bad, the implication of "functionality over philosophy" made by this and other items of evidence published in the thread linked from the original post suggests it could get far worse if EME takes hold. Granted, that's still hypothetical thinking- but with all major browsers now aboard, how much of a fight do we expect from Alphabet when the never-content producers come knocking. That said, please be aware external sandboxing is not (yet) needed- the limitations of the interpreter do that inherently. >The non-free JS is needed, AFAIK. Not quite. In general, the video signature can be obtained relatively easily just by downloading the page and applying some regular expressions. The exceptions only come from a subset of videos with 'signature encryption' (an unusual form of DRM). These appear to map quite nicely onto the types of media which come with DRM everywhere else- music videos and movies.
Re: [Trisquel-users] New development mailing list for Libreboot
Yay! It's good to see LibreBoot has a mailing list- I think that was sorely missed for a while. Hopefully it helps the project gain a newfound following (I'd join, but there is literally nothing I could contribute).
Re: [Trisquel-users] A Liberated Version of Youtube-DL is Almost Here!
Also, just since I came across it reading the page for the workgroup you linked, it's now confirmed that nonfree JS is being run. In attempting to download the video https://www.youtube.com/watch?v=8SbUC-UaAxE (I have absolutely no idea what this video involves, so it could be NSFW), avideo reports an error "Youtube's DRM has prevented this software from obtaining the video URL". This error is only invoked in a very specific part of the code, the "if player_type" block I posted in the other thread, which was traced backwards in that post.
Re: [Trisquel-users] A Liberated Version of Youtube-DL is Almost Here!
Thank you! Also, just to note- >why would we want to accept loading nonfree js with out >preciousss ytdl It's the only way to download most music videos (and probably movies). How could you live without Guns 'n' Roses' "November Rain"?
Re: [Trisquel-users] A Liberated Version of Youtube-DL is Almost Here!
Unfortunately, using a web extension wouldn't make replacing the JS any easier. I've written a full-length summary at https://trisquel.info/en/forum/liberated-version-youtube-dl-almost-here#comment-116286, but in short- it's used to implement DRM on some videos (most don't have it, but no JS is executed for them anyway).
Re: [Trisquel-users] A Liberated Version of Youtube-DL is Almost Here!
Not yet, unfortunately-I admittedly didn't even consider that in setting up (I'm completely new to this whole thing). That said, I would like to. Could anybody suggest a decent free (both senses) mailing list/forum/something host?
Re: [Trisquel-users] A Liberated Version of Youtube-DL is Almost Here!
There's actually more information that's arisen in regards to the issue. My apologies for not adding it here earlier- I've mixed up what's been written in e-mails and what's on the forum, it seems. The issue, which forces YouTube-DL to execute Javascript in order to capture full functionality, is 'signature encryption'. A very good summary can be found at https://superuser.com/questions/773719/how-do-all-of-these-save-video-from-youtube-services-work (read the answer starting with "YouTube Bookmarklet). Essentially, for some videos (such as music videos...), the URL of the video itself depends on a 'signature', which is obtained from the video ID through 'encryption'. This isn't really encryption, though, and that's the problem: it's some random set of mix-and-match functions contained in some off-site JS, which can be changes at YouTube's whim. At the bare minimum, then, this will require some low-level-but-above-me-for-now reverse engineering. At worst, this could require a daily effort from a group of 3-4 skilled hackers just to avoid falling too far behind. In summary, this is DRM on YouTube which YouTube-DL carries out. I refrain from calling it that since it's so petty (all DRM is, but what does YouTube think this accomplishes?), but it in many ways is none other than a digital lock.
Re: [Trisquel-users] A Liberated Version of Youtube-DL is Almost Here!
@SuperTramp83: Thank you! I'll do my best, although it's questionable whether it's particularly "good"... @libreleah: Thank you for the information. I had heard of VLC, but never of unplug. I'd (at Stallman's advice) been planning to start implementing a browser plugin (after avideo was off the ground), so it'd definitely be good to have something to work from.
[Trisquel-users] A Liberated Version of Youtube-DL is Almost Here!
Hi! A while ago, it was discovered by user calher that Youtube-DL executes non-free Javascript as part of downloading some videos. In order to remedy that, I've been working on removing this (anti)feature from the software, as well as a few others. The result- avideo /ævə'dɛjo:/- has just entered beta! This is an open invite to anybody who would like to join the effort to make avideo a viable replacement for youtube-dl. I'll post any significant updates here.
Re: [Trisquel-users] No wifi detected, gtk settings reset and I cannot connect external drives after update.
It does have a live environment. I'd post a screenshot if I could- it's an absolutely stunning background- but... I have no idea what I'm doing.
Re: [Trisquel-users] purism reverse engineering
I think I've made some quite significant errors in what I said above- I'll try and correct them as I go. >How would displaying the secret key weaken security for the >computer owner? The issue is one of authentication. Currently, any code not signed by Intel won't run on the ME. That stops people with nefarious intentions from taking advantage of the ME's omnipotence. If the secret key were published, however, it wouldn't just be Intel who could change the code. I hope we can agree that the problems with this security 'safeguard' are not worth the benefits, but those benefits aren't totally non-existent. >The me removal option has nothing to do with the secret >key? Firstly, I was wrong in calling the technique discovered a 'ME removal' option: it only partly removes the ME. Also, the technique itself doesn't rely on the private key. Is all it depends on is the fact that the core parts don't care whether or not the modules removed are there, so it won't crash the device if they're erased. >From intel's point of view being able to remove me, >weakens the security of the computer? How does it weaken >the security of the computer? The problem here isn't so much security as Intel's power. Although I'm not convinced of the theory I gave, it still is worrying because it's reasonable. If Intel DID want to block something like 'ME neutralization', all they need to do is justify releasing a patch. Nobody can realistically prove it *doesn't* serve the purpose provided, giving plausible deniability whilst protecting their monopoly of control. They have this power, of course, because they manufacture their chips so that they hold the keys and we don't.
Re: [Trisquel-users] purism reverse engineering
>It does not make the computer worse on security, if we get >the secrete keys? It would likely weaken security in that sense, but there's also the counterbalancing effect of letting the user choose their boot firmware (or write their own, if they can). Even presuming what I've written is correct, it's still a good trade-off: the threat of a multinational company with reasonably direct access to hardware is FAR more worrying than a government/stranger who has to get physical access to, disassemble, and then (almost perfectly) re-assemble a laptop to get the same power. >Shows the importance of having the source code. We cannot >tell if there is a back door. Exactly. It's unfair to accuse companies of embedding backdoors without knowing, but it's just as unfair for the user to not be able to check. >An software update intel tells us to install, could create >a back door on the computer? Yes. In fact, there was a "conspiracy theory" that the saga with the massive bug in the ME was an excuse for an update to block the ME-removal exploit. I'm not going to say I agree with this, but it's entirely plausible that that (or something similar) could happen. It's this kind of power that makes the Intel ME, MS Windows 10 and "web apps" so absolutely disgusting. Other proprietary software may be horrible, but at least it's your choice when/if to let an update in.
Re: [Trisquel-users] purism reverse engineering
In terms of the features themselves, *some* are necessary for the functioning of the computer- they MUST be present, in some form or another, for it to be more than a very expensive doorstop. Of these, at least some have to go onto ROM so that they can be loaded at boot. The signature verification is stop nefarious forces from using the nearly omnipotent ME to gain unlimited access to the device. It does solve that problem, presuming Intel isn't one of those forces (they may or may not be), but at the obvious expense of locking the owner of the system out. As for the rest of the features and the particular choice of 'protection' against crackers (and hackers...), that's pure speculation. Perhaps they just thought the effort to make it possible for the user to crack it wasn't worth the niche market who would use it. Maybe three-letter agencies are involved. Intel themselves may even have a secret entrance. The only thing we do know is that it's unacceptable.
Re: [Trisquel-users] purism reverse engineering
I agree with you about "Purism"- and wholeheartedly agree with you about Intel- but I don't think what they're doing here is bad. Of course, the fact that they are a plague on the free software community isn't up for debate. Making promises to "free the ME" without noting the difficulties faced (if Google can't negotiate with them, what makes a small start-up any more likely to succeed?) or any reasonable effort to note offerings that already partly solve the issue (Minifree's are not the only ones...) indicates blatant disregard for the fact that the low-level components actually serious issues concerning software freedom. Every person using a Purism machine instead of an off-the-shelf Windows machine is of course a victory, but the risk of potentially misleading those who really do want total freedom is unfair. If you read this, Purism, please either make the hurdles faced clear or stop claiming to be free software advocates. However, the work being done here still does appear positive. Perhaps my naive ignorance is showing here, but this work could potentially be a large part of what's required to introduce LibreBoot to current chips, allowing a wide range of devices previously locked under Intel's rule to finally be liberated.
Re: [Trisquel-users] purism reverse engineering
>The strength of the intel me verification is the fact, that >we cannot do anything about the key because is in a rom? I think so. >Is it known where the keys are located? The public key is on the ROM- which I'm pretty sure is embedded inside the ME and (although I might be wrong) read-only (ROM stands for read-only memory). If it is read-only, then you can't disable it- no matter how hard you try. The private key doesn't come with the computer at all. >Do we know if each intel me computer model has its own >verifying keys? Each Intel ME version has a different keypair, but the keypair is the same for all MEs of the same version- as the good reference https://libreboot.org/faq.html#intel puts it, "This manifest is signed with a strong cryptographic key, which differs between versions of the ME firmware." >If a computer model would turn out to be a non seller, then >the manufacturer and intel, if agreeing about themselves, >could make the intel me software and secret key public in >order to increase sales to libre software people? Yes, but no. It's certainly possible- indeed, Intel could do that by themselves, since even the manufacturer doesn't have the private key (they have one for the BIOS, but that's a separate issue). However, by the same token, one computer being a failure is unlikely to persuade Intel. Unless the Intel ME caused massive damage to sales for a significant number of devices with their chipsets, the sheer number of devices brought to market with such chips means the company likely wouldn't be phased if just one didn't sell.
Re: [Trisquel-users] purism reverse engineering
>About pgp keys, It's not PGP that's used in any real sense. To paraphrase my understanding of https://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf, each module is hashed, with the hash stored next to it, and then the set of hashes is RSA-signed and stored around the front of the line. The public key, as OnPon4 said, is baked into the ROM- there's no way to change it. >If you could or if you had the public key, with some >probability you would be able to reverse engineer the intel >me software and install the reverse engineered version of >the software? If you had the private key, then it would be entirely possible to install the reverse engineered software. However, no computationally feasible way of doing that, besides leaking, is known- and finding any such technique would be absolutely terrible, as it would render most forms of encryption ineffective. What looks promising is the bug the link you posted suggests might exist. If that bug does exist, then it becomes possible to edit the hashes the ME checks against AFTER they've been checked against the signed ones- essentially, breaking the chain of authentication and letting us run whatever we want.
Re: [Trisquel-users] Mission impossible: Family privacy
If it's of interest, you can get around the bug by using for < and for >.
Re: [Trisquel-users] purism reverse engineering
>If people here say, that intel's me and amd's psp software >is encrypted such that no one can reverse engineer the >software, I have no reason to doubt that. Just to throw a spanner in the works, I don't think it *technically* is. The software is most definitely encrypted- and we can't get around that- but I'm pretty certain that it's possible to crack the encryption and *read* the machine code, which lets us reverse engineer it. What we can't do is sign it with Intel's key- and, because the ME checks the signatures, that means the reverse engineered code can't be used. However, as in the post you linked to, reading the code is all you need to find exploits. >Does the article say, that there is some random likelihood >an intel mainboard's software can get reverse engineered >due to software errors? As I've written above, the reverse engineering is already possible. What the article says is that, *if* the coding error found is duplicated in the the right spot, then (provided Intel doesn't move too fast...) we can bypass the need to sign the reverse engineered code, making it possible to install one's own software. There may be some other hurdles to jump, but that would be a massive step towards liberating the ME.
Re: [Trisquel-users] Mission impossible: Family privacy
As a teenager, I feel that my opinion may be helpful here- on the other hand, with the closest "typical" teenagers I have being peers and a sibling, it may be no more insightful than a parent's. Firstly, OnPon4's point is worth keeping in mind- once a person enters adolescence, the influence of the caregiver is greatly diminished. I can give you some suggestions as to what might help with your concerns, but nothing you can do will convert them. The best you can do is to address what *your* concerns are through rules, and then make the case for your argument where relevant current affairs come up. However, never make an 'I told you so' point (that just infuriates them) and only make a given point once (unless they're interested, doing it twice will only sound preachy). Your best hope, I would suspect, is to combine strict-but-fair boundaries on technology usage with emotional appeals (in the form of scare tactics and making it 'cool'). On the emotional appeals side, fear might best be projected with a story of how much a third party can find out from your social media history- see, for example, https://labs.rs/en/browsing-histories/. 'Coolness' can be, for example, shown in everything from (if you don't feel it'll encourage bad behaviors) the deep web to the sometimes underrated no-cost stuff. These things, combined with the (maybe it's just me?) euphoria of booting a feature-packed OS from a 100MB USB, were what brought me to the dark side. In regards to rules, these are obviously going to be your choice and depend on what you and your children think is fair. However, with phones for example, rules on where and when they can be used might be helpful- the choice of locations would depend on what is required to reduce the worst risks (e.g. taking inappropriate pictures of your younger one or having sensitive conversations recorded) without 'destroying their lives'. I'm not sure how practical such rules are- I don't feel the need to have a phone or standard social media services anyway, so I would follow them easily- but that's my two cents.
Re: [Trisquel-users] brute force reverse engineering a mali gpu?
Unfortunately, it's physically impossible. Firstly, as megurineturilli has pointed out, actually guessing a working combination would take billions of years. On top of that, though, there's the issue of comments. These are as much a part of the source code as the executable parts- without them a program is just a long list of somehow relevant commands- but, since the compiled code completely omits them, the only way to reconstruct them is through artificial intelligence, an insider leak, or reverse engineering.
Re: [Trisquel-users] Verifiable turning of intel me or amd psp?
It might be possible, but I suspect not. The issue here is that "turning off" the ME is not yet possible. Indeed, it's doubtful anything but a massive leak/mistake from Intel could let that happen, because the code will only run if they have digitally signed it- the very same technology we rely on for practically unbreakable security turned against us. What's actually happened is that some hackers in this area have found it can be "neutralized". It's still there- and still running- but most of it is gone, meaning it is severely crippled in its capabilities. That's definitely an achievement to celebrate, and one which gives hope for the previously 'unfreeable' successors of the X200, but not a final success. I'm reasonably certain that means the ME could still be a menace in a number of ways (though the reduced size of the code gives hope). Regardless, Intel can liberate the ME to some degree. They might not directly be able to remove code signing- as I understand it, that's directly baked into the hardware or ROM- or even release the signing key if it's used for other things, but they can certainly release the source code (and commit to sign any modifications requested). They could also definitely stop baking in code-signing with their confidential key, thus allowing future generations to hack on the firmware. As for Intel being "arrogant", or placing any value on the ME code, that's not (necessarily) entirely clear. Beyond perhaps any wealth earned through control of AMT, we don't know whether they care in the slightest. Perhaps they even want to liberate their chips, but other parties (business or even spy agencies) are making it hard for them. The point is that, although this is undeniably wrong, we can't accuse the master of being malicious or evil. The injustice is in the existence of such a master.
Re: [Trisquel-users] Forum for librebootable devices
It sounds good- I do think a wiki would be a useful format, and it seems like they should be an immense help with this. Their concern about the URL is understandable (the l..r..l string isn't ideal), but I agree it's probably not too bad- it's an entirely clear and logical address for a site about Libreboot-compatible devices, which is probably more important than a fluid name. In any case, I unfortunately can't offer too much help beyond potentially adding entries. Hopefully somebody else a little (or lot...) more experienced has something to offer!
Re: [Trisquel-users] How do you get your books?
DuckDuckGo- probably not the kind of thing you were asking for, but it does the job adequately. To search for a specific file type, use f: followed by the file extensions (e.g. f:pdf).
Re: [Trisquel-users] microsoft against surveillance, they say
The worst part is that the anti-virus programs in circulation now probably aren't even necessary- MS Windows has one built in, which is just as competent as any mainstream one (but for free with your spyware...), so the entire market is effectively an oligopoly feeding on unfounded fears. There's only one 'anti-virus' I can think of that actually offers any advantage of others: vrms (although we're still waiting on the MS Windows version- I'd like to see that one!).
Re: [Trisquel-users] microsoft against surveillance, they say
Same here. I've been lucky in never having been much of a gamer in the first place (so I didn't have to worry about that), but the non-free BIOS and proprietary JS needed for school are still problematic.
Re: [Trisquel-users] microsoft against surveillance, they say
This is indeed the problem- there's a steep uphill involved in even partly liberating oneself, especially if there's no tangible motivation to do so and/or if computing is not a skill one has. As for the capitalist-controlled government, I think we *do* need that. It'd be a pity for the hundreds of years of experience the aristocracy have in making the plebians' lives miserable to be confined to day-to-day operation. Why shouldn't the law help with that? By the way, I've been practicing the salute- am I doing it right:
Re: [Trisquel-users] The hijacking flaw that lurked in Intel chips is worse than anyone thought
Like Legimet said, it's highly doubtful. This is rather minor compared to the Vault 7 dump, and even that didn't get much more than news reports and some software patches (although making it into the mainstream is an achievement in itself). In fact, hypothetically speaking, it could actually introduce more difficulty. If the result is some people choosing AMD instead, that's going to reduce the chance of us getting ANYWHERE with freeing the PSP. The best we can do is hope that anybody phased by the Intel leak realizes AMD isn't necessarily any better, and opts for something libre. It's a pity the EOMA68-A20 release had to be pushed back; this would be the perfect opportunity to say "We told you so"!
Re: [Trisquel-users] The hijacking flaw that lurked in Intel chips is worse than anyone thought
Thank you for clarifying that- it makes it much clearer why nobody picked it up for so long (although what convinced them to use the said comparison function is still beyond comprehension...). As for your point in regards to caring, you're unfortunately probably right. The most mainstream news source I've seen carry this was Slashdot, and even then I suspect many readers probably aren't greatly moved by this revelation (disclaimer: I do have a ME-enabled device presently, so perhaps that's hypocritical to say). Perhaps it's a little too much to propose there were malicious motives behind it, but it can't be ruled out...
Re: [Trisquel-users] microsoft against surveillance, they say
We should indeed not trust Microsoft to have the user's best interests in mind, but the message they've given is a good and valid one. The key here is to make sure we don't settle for anything less than we expect, and certainly no less than the now (weakly) reformed company has suggested we do. That, of course, means we must not let them make only the easiest contributions to freedom (or source exposure, as is often the case) in exchange for hypocritically maintaining the most profitable immorality. A few pawns make nice ornaments, but freedom rests on the game.
Re: [Trisquel-users] The hijacking flaw that lurked in Intel chips is worse than anyone thought
Even for proprietary software, this seems incredible. Correct if I'm wrong, but- has it taken 7 years for it to emerge that the authentication feature did absolutely nothing AT ALL (except for checking that two 32-bit hashes were the same length)? Even if I'm certain the i5 laptop on which this post is written doesn't have AMT or vPro, that kind of oversight (at best) suggests any trust I had in it was entirely misplaced... Whoever quipped that the infamous "Intel Inside" stickers reminded them of the "Smoking Kills" ones was perfectly correct, and may very well find their simile reified soon.
Re: [Trisquel-users] Proposed Project: GOLD - Gaming on Linux Distribution
Although I can't speak on behalf of Strypey, I think the fundamental issue lies with scope. Although GOLD is (to be) a distro, there is also a need for accompanying work with game developers, other distros, and the gaming community (pro-free-software, anti-open-source, and what-are-you-talking-about subgroups alike). This work is equally important- even someone with my level of gaming (non-) experience can see the lack of gaming culture within the free software community. The participation of numerous groups within the free software community is required before a distro like GOLD can even *begin* to pay dividends. There is also possibly the technical concern of 'weight'- for example, with Lakka, a completely gutted-out base in OpenELEC allowed for 5-second boot times. This is obviously not essential, but there's simply no good justification for the numerous processes that are required by a general-purpose distro to operate in a gaming one. As such, using Trisquel as a base is not ideal- something more like an embedded distro would be more suitable.
Re: [Trisquel-users] Forum for librebootable devices
The above plan sounds great! There are a few things I would suggest, though: *The landing page should probably serve as introduction to the website's purpose and links to key pages, rather than as an information page in itself. Definitely have stuff about OSes on the wiki, but just link to it from the landing page. *Registration probably isn't strictly necessary to avoid spam, but there's little harm in having it anyway. *Definitely links to retailers! Not only is it relevant, but I'm not sure if there's a particularly complete list of them on the Internet currently. *A buyer's guide would be interesting. It could potentially offer a comparison of (inherent) device characteristics, tips for where to find items, recommended market price etc.
Re: [Trisquel-users] I am revisiting something...
Sorry- I completely missed the fact that I hadn't replied to your post! Maybe the concept of having 15 tabs open at once is not as smart as it seemed... Anyway, I don't know much about the specifics of Debian. However, making an educated guess (I've never actually even tried to do this myself), I'd suspect you'd need: *A moderate amount of experience in Bash, as well as at least one more traditional interpreted language (e.g. Python, Perl); *A good knowledge of the infrastructure and operational mechanics of a comparable distro (e.g. in your case, Debian, Ubuntu, or one of their children); *A functioning knowledge of any tools you plan to use as part of the infrastructure. In general, beyond these elements, anything else you'll need should be able to be found with a search engine or reference. That said, in the case of a knowledge of the operating system and key parts of the distro, knowing more will save plenty of time looking things up, and obviously at least basic skills are required (although one would assume a GNU/Linux user can use the OS).
Re: [Trisquel-users] Spying in mobile phones.
I don't know much, but I can give you what I do know... Obviously, as you point out, the SIM card can be used for tracking. However, according to https://www.digitaltrends.com/mobile/police-hackers-phone-tracking/, even removing that would not be enough. I presume the tracking identifier of interest outside the SIM card is the IMEI number, a code unique to each phone. It wouldn't be surprising if this were transmitted even without a SIM card, and so could identify anybody merely carrying a phone. In your last question, I assume you're talking about privacy. If so, there's no difference- the technology needed to connect to the phone tower is identical, and still gives away exactly the same amount of information.
Re: [Trisquel-users] [ACPI] Disabling power button handling?
You're absolutely right- it doesn't. Sorry about the above. I've tried what I could find online, and absolutely nothing seems to work. Hopefully somebody can help here!
Re: [Trisquel-users] Proposed Project: GOLD - Gaming on Linux Distribution
Firstly, the games library sounds like a great idea. I would recommend using APT as a base. It seems like it already has enough features to provide what you suggest (with a bit of tweaking by the bit that serves it up, of course): * screenshots: If the description used were replaced by an HTML-like language, these could then be incorporated into it- or simply do it however Add/Remove Software does it; * data import: APT has the ability to add tags to packages, so this could be done server-side and provided as part of the package metadata; * search: doable with APT, using tags where necessary for specific features; * reviews: Incorporated into the description; * rating: Probably the only exception to this principle- could be performed in a similar way to Add/Remove Software or what-not; * hardware detection: Package key information as tags, and then simply have the software filter for information which suits it- also has the advantage that users can choose to look at games outside their specifications if they want; * links: Incorporate in the page description; * payment: Incorporate in the page description It should be noted that where I suggest "incorporate in the page description", the implication is that the data will be stored in a format which can then be parsed for display; it does not necessarily imply text-readability. As for time, I'm a little busy at the moment. However, with the obvious issue that my ability to contribute is rather limited (for now), I'm certainly willing. Is there anything specific I can do?
Re: [Trisquel-users] [ACPI] Disabling power button handling?
I would suspect your guess is correct. Trisquel 7 Mini uses systemd- which takes over handling that sort of thing. As such, according to the last answer at https://superuser.com/questions/699905/change-behavior-of-linux-power-button, all you need to do is add the following line to /etc/systemd/logind.conf: HandlePowerKey=ignore Then reboot, and (hopefully) the power button should stop responding to short presses. Long presses will still kill the system, but I presume that's not an issue.
Re: [Trisquel-users] Proper use of browsers
Sorry for the confusion. As posted below, the step you're referring to randomly switches to a completely different paragraph part way through- a correction has been provided (I hope it works that way). Also, the pop-up you see is indeed the expected object. Next time, it appears including some screenshots may be far better than leaning on sentences (which go astray).
Re: [Trisquel-users] Forum for librebootable devices
This is certainly a great idea, and something I would like to see. However, it wouldn't be appropriate on the Trisquel website (it doesn't pertain to Trisquel in any tangible way), and even the Libreboot website might not be the best place (it isn't really about Libreboot itself so much as the hardware). It definitely needs its own URL- I unfortunately can't help with that, apart from suggesting librebooted.me (it's available as a URL).
Re: [Trisquel-users] Proper use of browsers
Firstly, sorry about it not making sense- that's my fault. It appears two paragraphs got mashed together, and the second half of the sentence has nothing to with the first. What it should have said was that, in the box which appears after you follow the steps proceeding it, one line will be highlighted. A few lines above that one (you might need to scroll up a bit to find it), there will be a line with "noscript" in it. Select that line, and press delete- the annoying pop-up should disappear. Then press the cross on the little box you've just been working in to get the screen back. It's obviously not terribly convenient, but (for now) it's the best I can give you. In regards to alternatives, I don't know of any outside of the standard method of scrounging the Internet, local stores, and garage sales for what you want. Comparable sites exist, but they aren't much better- in terms of variety, they're likely worse. I do hope one emerges, although it isn't clear how it would build a sufficient market base to serve its intended purpose.
Re: [Trisquel-users] Wireless not working
>Let's simplify it, let's call everything in the repos of >Trisquel free-software and the job is done, simply as that! One could do that, but it's in no way necessary- I haven't seen it done thus far. >Your god RMS I don't believe anyone would consider RMS particularly worthy of deification. Differences of opinion aside, the very characteristics which made him so well poised to initiate the free software movement can also make him less than sociable. >... is all the time saying that others OS's are dangerous >because they run malicious software, where is the prove in >one specific case? I can't speak on RMS's behalf, but to suggest that the possibility of imperfection means we should accept far worse flaws is tantamount to arguing that, since any electrical circuit is a fire hazard, we should ban electricity. We can't confirm Trisquel is 100% free, as you point out- but Microsoft Windows and Mac OS X definitely aren't. >And that naive idea that free-software is free just >because the community have the freedom to investigate the >code, doesn't stick any more. Where are the programmers to >do it if they are so scarce and probably using their time >to other things more profitable? Free software isn't free just because the community can read the code- they also have to have the right to modify it. Whilst this may not actually be used- programmers may indeed be scarce for some projects- the existence of that freedom is still all that is required. As with free speech, most people will never use that freedom, due to obstacles such as programmer scarcity or not wanting to be ostracized from the group, but, if one were to remove that freedom, there would still be significant damages caused to those who *would* have used it. In any case, programmer scarcity is hardly endemic. Looking purely at the free software community might make it appear that way, but excluding open source advocates is inaccurate. The disagreement is almost entirely ideological, and works can usually be shared between the two communities. >In Math if you want to prove that a theorem is wrong, you >just have to find one proposition that negates it! Them >that theorem becomes an Inconsistency This is almost entirely true, but applying mathematical ideas to ideology is not tenable. Indeed, what you call an inconsistency above would be, in mathematics, a contradiction. The mathematical term captures the notion of an absolute, irreconcilable violation of the fundamental "law of the excluded middle". One proposition contradicting a statement instantly forces it to consign itself to falsity, with no way to ever revive it (short of proving the counterexample wrong). By contrast, in ideological or political considerations, the notion of "inconsistency" highlights how the counterexample can (although uncomfortably) co-exist with the statement. This is not automatic- some mechanism is needed to address the apparent contradiction- but, even while the counterexample holds, the statement it is intended to disprove can remain. Hence the use of the legal principle: until evidence overrides the assumption of innocence, innocence holds.
Re: [Trisquel-users] Wireless not working
Thank you! A good point also about YouTube-DL still being free software- I am completely missed that.
Re: [Trisquel-users] Wireless not working
>Of course somebody is maybe (always "maybe"!) protecting >the "business" of think penguin and technoethical, maybe >they have a part on it, maybe... The absence of proprietary firmware in Trisquel is to ensure users can avoid executing it without their knowledge- that's all. ThinkPenguin and Technoethical obviously have an interest in it being this way, but to assume this project is intended to protect their market position would be ridiculous- how many people actually use Trisquel? It's simply not enough to make it worth the development effort if the sole purpose were protecting two (relatively small) businesses. >But one things are for sure: >1. The prices of them are just pornographic! These are small businesses in niche markets... expecting them to compete on price with mass-produced mainstream goods is not realistic. Perhaps more transparency as to were costs come from would be good, but it's clear already that they will be more expensive than standard store-bought ones. That's the price of fighting for freedom in a society were it's not an expectation, unfortunately. >2. If there are real and concise knowledge on how to >liberate the wi fi cards, we wouldn't need to buy them. What do you mean? In terms of finding freedom-compatible wi-fi cards, h-node is the best we can do with limited resources. The problem is that manufacturers will often alter the chipsets in a series, without changing anything about the packaging- which can render a once satisfactory card useless. You can't tell, so the only thing you can do is hope for the best (unless you buy it with an explicit guarantee of free-software compatibility). In terms of actually convincing manufacturers to loosen their grip on code, that's hard work. I know ThinkPenguin is involved in that- and it wouldn't be a surprise if Technoethical were too. >3. Of course h-node is not the perfect solution. One >simple question why we have to register to access the >"knowledge"? And overall is very cryptic. You could read h-node without registering last time I checked. >The free-software thing, that so many like to divinize in >this forum, is just a concept! Nothing more! I'm presuming you mean it's a pipe dream. In terms of winning over the world, it probably is- neither feminism nor anti-racism won over the whole world. But would it be worth declaring these movements a failure? Of course not! Just like these movements, the free software movement is not fighting with the expectation of winning over every living human being. Rather, it's about ensuring that nobody will be forced to accept proprietary software and/or the privacy, security, and other ethical issues accompanying it. In that sense, far from losing, great leaps have already been made- we still have a long way to go, but the present situation is far better than the one at the turn of this millenium. >As we see with youtube-dl that supposed to be a >free-software, it runs apparently non free JavaScript! And >that is just one program, there are millions! Who's gonna >check if the software is really free or not, when there is >no time nor means to do it? According to the philosophy underlying modern Western legal systems, the burden of proof is on the one who brings accusations. Hence, although YouTube-DL did indeed execute a (small, provably sandboxed) JavaScript program, other components of the system are not under suspicion until evidence is brought against them.
Re: [Trisquel-users] Proper use of browsers
It depends on exactly what you want to do, but some of it can still be accessed. There are a few tricks though: 1. Whenever a search page comes up with a big "You should have JavaScript enabled" box, right-click on that box, and select "Inspect Element." A box then comes up at the bottom of the screen. A few lines above the highlighted one in there, there should be one starting with "
Re: [Trisquel-users] Cinnamon from T8.0 onT7.0?
Although I can't speak from experience, CalmStorm's probably right. The problem is that, unless Cinnamon is very unusual in this regard, it's going to need reasonably recent dependencies (or whatever those were back when it was packaged). Those dependencies will be the same, and eventually it'll end up trying to pull in half the operating system- which is going to cause turmoil. That doesn't mean you can't package Cinnamon for Belenos- it just means the version you package needs to come from around 2014 or so. The exact date will depend on what versions of its dependencies are currently offered, but- if Ubuntu is like Debian, which I'm pretty sure it is- these won't have shifted much from initial release.
Re: [Trisquel-users] Bright control on Trisquel
It's certainly possible to make them work. Unforunately, in cutting back on the excesses of the major DEs, LXDE has thrown the metaphorical baby out with the metaphorical bathwater- implementing that functionality is left to the user. In terms of the actual process of doing that, there's instructions at https://adangel.org/2016/01/24/lxde-audio-brightness-keybindings/. I can't vouch for them personally, but they look pretty accurate. There is one change that needs to be made though: in the 'brightness' section, replace all references to gmux_backlight with whatever the subfolder in your /sys/class/backlight folder is. The apple-gmux bit might also need replacing, but it might be worth a try without touching it first.
Re: [Trisquel-users] Arrested for filming : CEO of ThinkPenguin, Inc arrested for filming police : faces up to year in prison
Please note that I've no intention of attacking the project. I backed it- everything from a demonstrable commitment to liberty and environmental conscience to the disproportionately impressive concept of internal USB ports- and am thus far satisfied with Luke's updates on progress, even if that does mean delays. Nor do I wish to condemn ThinkPenguins' involvement- this was definitely worth the investment, and I am grateful for your willingness to support a great concept. What I was requesting was some guidance as to how I would find the actual designs published. I'm not greatly vested in what has and what has not- hardware liberty is not a significant issue for me, except as pertaining to firmware- but I've yet to actually see anything. I'm simply asking if somebody could advise me on where I would look, so that I (and perhaps others) can understand exactly what is being discussed.
Re: [Trisquel-users] Arrested for filming : CEO of ThinkPenguin, Inc arrested for filming police : faces up to year in prison
Thank you for your help- I'll try contacting the individuals you mentioned. My point of curiosity was in regard to whether or not it /is/ free hardware currently. At least knowing that it's not is a good start. As I've said above, though, I don't wish to take sides (beyond what's objectively established). Like you pointed out, this *could* serve as a base for free hardware development- the more important thing is that we've now got a standard for combining computers with peripheral shells. With that, the cost of liberation should drop (because you don't have to replace the whole thing).
Re: [Trisquel-users] Wanna start contributing code? Ask your question here
I agree with you entirely here, but it's important to note that having only one developer in a project is not opposed to the ideas of free software. Of course, a thriving community is in all likelihood better for a project (and its freedom), but an inability to contribute to a project doesn't necessarily mean the users are powerless- they always have the right to fork should they feel it necessary, even if that's not the ideal.
Re: [Trisquel-users] Arrested for filming : CEO of ThinkPenguin, Inc arrested for filming police : faces up to year in prison
Could somebody please point me to what's been released, or where I would find it. I don't wish to take sides here- frankly, hardware liberty has little to do with my support of the campaign- but it obviously would be good to at least have an objective basis from which to draw conclusions. Sorry if this shows my ignorance or laziness- not being particularly knowledgeable about hardware, I've simply not been much involved in the EOMA68(-A20) discussion (either passively or actively).
Re: [Trisquel-users] Do youtube-dl/HTML5 Video Everywhere run nonfree JS?
I've sent the address to you. On the other hand, the does make a very good point. For confirmation/future reference, I'll post the address here: gpast [underscore] panama [at] protonmail [dot] net
Re: [Trisquel-users] Do youtube-dl/HTML5 Video Everywhere run nonfree JS?
If you can find it, for sure- although could you then please tell me how you found it? Otherwise, I'm afraid it's not possible to publish my e-mail address (spambots and what not). I'm still happy to discuss whatever is of interest with them, but it would have to be through some other means- potentially (though not necessarily) this forum. Also, although I'm happy to discuss it, do be aware that I'm not particularly experienced with the issue. My expertise are largely limited to a (barely) functional knowledge of Python and enough time and patience to Ctrl+F and grep through a codebase.
Re: [Trisquel-users] Why does no insider disclose the non libre computer software?
Reading back, what I wrote was rather different from what I meant... Firstly, as CalmStorm has pointed out, I used the term 'pirate' to mean 'illegal downloader'. I suspect that was intended to refer to the attitude a proprietary software developer would likely hold towards those who source their software through unofficial channels; regardless, I don't believe the term is appropriate even for the least moral users of such channels. I apologize for that, and (inasmuch as I can) withdraw that misuse of the class. As for the use, and justification, of the term 'intellectual property', certain components failed to reflect both my views and (as has been highlighted) the reality of the situation. I acknowledge that the phrase is overused- often in ways which obscure (intentionally or not) key differences- and, indeed, the third and (perhaps) second uses of the term in my post were unnecessary. However, it would still appear that, whilst valid arguments can be made against the phrase, it isn't necessarily a total waste (although its vacuous use is a serious problem- more generally, vacuous statements are a problematic staple of business communication). @Magic Banana: Thank you for the article. Several good points are made, but (to me) RMS does exaggerate the generality of the relationships, and I would argue that the notion of 'intellectual property' suggesting a relationship to property fails to address the nature of linguistic development. In any case, the key issue of a 'seductive mirage' most definitely is applicable to current popular usage, and over-generalization does create issues. @onpon4: I agree with your point that freely lumping into categories serves no purpose, but disagree with the notion that it serves to cause harm. Certainly, there is a danger incurred in by unnecessary terminology- and this is fully manifested in the 'intellectual property' crisis- but inclusion of a clear definition of terms used, and careful choice of the most appropriate phrase at all times, can alleviate this. With your example of radiation control- and my only critique of its validity is that you forgot visible light- I could potentially envision it as arising in the modern context of those concerned about 'radiation pollution' or what-not. @CalmStorm: Indeed, it appears that some corporations are more interested in keeping secrets from their customers than their rivals. It'd be entertaining to watch, if it weren't reality. @loldier: Secondly, . Firstly, I agree with the quote you post (although the only generalities I hold absolutely true are mathematical proofs and this one).
Re: [Trisquel-users] Do youtube-dl/HTML5 Video Everywhere run nonfree JS?
To clarify, the statement "Regardless, even if this were the case, it's still not necessarily that bad." wasn't intended to excuse the execution of proprietary JavaScript. the reference was to the more general nature of the assertion that "YouTube videos require running JavaScript"- I probably misinterpreted here, but the response was to the implicit predicate that JavaScript is a problem.
Re: [Trisquel-users] Why does no insider disclose the non libre computer software?
>Personally, I don't think intellectual property or software patents deserve ANY RESPECT WHATSOEVER! I largely agree with you here, but- just to be pedantic- aren't software patents a type of 'intellectual property' anyway? Regardless, it may also be worthy of note that we guard 'intellectual property' here in the free software community, in the form of protecting the copyright on works to keep them free ('copyleft'). Of course, you may disagree with this practice, or its ethics. However, I think the issue here is more that the function of intellectual property- to force one's ideas about how a work should be used onto others- can be right or wrong, depending on the specifics of a given situation. That said, it's censorship nonetheless- and it must be treated as such in considering its ethics. >seriously... that's what allows people to abuse copyright for 70+ years and that's after the original creator is dead. Unfortunately, a few thousand dollars and infamous mice go a long way in world politics. >bs... the author doesn't care only the company does... If you were referring to the above sentence, I'm not sure there IS anything to add. In a more general context, however, there are sadly more complexities. As an author, artist, or other person in a creative career, making money is obviously very difficult- or very easy, if you reach the highest ranks. For those at the bottom, the (financial) situation can often be very precarious. Although I can't provide any evidence, it would seem reasonable that a broken, tested system would be preferable to a superior but unknown (in the modern-day world) system for such people. For those at the top, the current system is obviously no apparent impediment- and, in a typical elitist attitude, that's all that matters. >I understand the reasons for why we shouldn't leak anything, due to punishment from law enforcement, etc, Does punishment from law enforcement justify not leaking though? It's obviously something that should be taken into consideration, but legality and morality are two different things. >but the fact of the matter is, COPYRIGHT PATENTS SHOULD BE ILLEGAL! If I may ask, was 'COPYRIGHT PATENTS' a single entity or two things meant to be joined by 'and'? I may be misunderstanding here, but copyright and patents are two different forms of 'intellectual property', covering separate things in separate ways. Regardless, they most certainly should be (although how the GPL would then work I don't know). >especially considering all the proprietary malfeatures such as being locked in, being spied on, deceived, have your info sold for money, etc... These are problematic indeed, but it's doubtful how much they have to do with copyright or patents. Besides the proliferation of proprietary book-, music-, and movie-access platforms, and the occasional software patent banning libre software, these are just an extra lawsuit or two for a leaker to live through. The big issues are trade secrets, for the developers, and EULAs (for any computer user). These keep the source code hidden and make use of the final product a game of legality-based hopscotch. >If you want a piece of software something that can be emulated with free software but it costs money and has malfeatures, screw the people who add those malfeatures, do it your way not their way. Meaning, download it. What exactly is the kind of software you had in mind here? I infer you mean something like game console emulation, but can't quite tell. In any case, absolutely true. It probably is much better to stay clear of such software entirely- many malfeatures are intricately integrated with features in such a way that liberation doesn't help, and running unnecessary proprietary software is not ideal- but when the choice is not yours, definitely download. That said, there are two things to consider here: *If the software requires an Internet connection... it should be obvious. Either run in a VM with no internet (if possible), pay for the software, or just say "No!". It's always worth a try! *No matter what, write an (anonymous) message to the developer stating what what you have done, and why. Don't take the anonymity lightly, but they deserve/need to know that at least one 'pirate' isn't merely a digital shoplifter. >I mean the dmca only punishes the uploaders not the downloaders right? Perhaps, but the downloader is not legally innocent anyway- their safety is because companies find suing uploaders pays higher dividends. Here, as always, a healthy dose of anonymity pays greatly for all involved (except the litigators). >If I am wrong you may enlighten me but that's my theory. The same here- although read the P.S. before discussing the term 'intellectual property', please. P.S. I've used the term 'intellectual property' throughout. I'm fully aware of the arguments against it, and that
Re: [Trisquel-users] Do youtube-dl/HTML5 Video Everywhere run nonfree JS?
>It appears YouTube videos require running JavaScript. Possibly, but that hasn't been established here. It's clear that using the YouTube interface provided by Google requires JS, and that youtube-dl uses it, but I'm not sure if that extends to all other video download/viewing tools. There's some mentioned in https://trisquel.info/en/forum/you-cannot-watch-youtube-libre-software-computer: ViewTube and VLC are two worth a look. Regardless, even if this were the case, it's still not necessarily that bad. JavaScript itself isn't necessarily an issue: it's just a programming language, like Python and C. It can hurt freedom when the code is proprietary, requires proprietary components to run, or is indiscriminately copied from someone else's domain, but none of these is an integral part of the language. >So, where do we go from here? Is it possible to view YouTube anymore? Do we need to encourage people not to post YouTube links now? In regards to viewing YouTube, it is still possible: see above. As for posting links, that's by corollary not necessarily an incitement to submit to Alphabet Corporation. That said, linking to alternative sources where possible would be ideal. Posting to YT, of course, is strongly advised against, as the cost in privacy and security is a significant one. Where to go from here is an interesting question. Switching to an alternative program is probably a good idea, if you weren't using one before. Potentially it might be worth petitioning the YouTube-DL developers, but that presumes it's their fault: obviously they were the ones who decided to implement the code, but did they have a choice? It's still unclear, as far as I'm aware, whether other 'interfaces' to the video-sharing service are equally problematic. Even the kind of code being run is not currently clear, though it is of course obvious that the potential to execute a Turing-Complete subset of JavaScript exists. Overall, whilst it's definitely worth investigating further, it's still too early to state what exactly the issue is, let alone lay blame and take action. One thing is already obvious, though: Google don't always follow their motto.
Re: [Trisquel-users] Testing Trisquel 8 : Feedback ;-)
Exact same problem here. I unfortunately haven't found a solution yet, but installing the firmware helps- follow the instructions listed for Debian 7&8 at https://www.thinkpenguin.com/gnu-linux/penguin-wireless-n-usb-adapter-gnu-linux-tpe-n150usb-debian-firmware-install, perhaps just running the command "sudo modprobe ath9k_htc" and re-inserting the adapter instead of rebooting. That got the wi-fi adapter recognized for me, and (after a little while) added to the list of internet devices, but not able to find or connect to wi-fi networks. I'm not entirely sure why- the fact that it's listed as "ethernet" under ifconfig and the command iwconfig doesn't exist at all suggests there isn't any wi-fi functionality built in yet, but I'm not sure. In any case, hopefully this is fixed quickly! ThinkPenguin devices are not at all uncommon, and it's a rather big hole in an otherwise incredible system.
Re: [Trisquel-users] Testing Trisquel 8 : Feedback ;-)
Thank you! I do hope so- due to the fact that I am forced to use an e-mail server configured for only Satan's proprietary MAPI and EWS protocols, I have no choice but to choose between Evolution with evolution-ews/evolution-mapi, the third-party DavMail, and Thunderbird/Icedove with the proprietary ExQuilla. For now, DavMail it will be then.
Re: [Trisquel-users] Do youtube-dl/HTML5 Video Everywhere run nonfree JS?
>That probably is enough for the interpreted language to be Turing-complete It seems to be so. On the other hand- and it's no excuse for running proprietary software- there doesn't seem to be a great deal of functionality: for example, there seems to be no way to communicate over the Internet, access a permanent data store, invoke third-party functions, and so on. It seems relatively harmless from a privacy/security perspective, though of course it wouldn't take much for that to change. >But is the interpreter really taking arbitrary code from the Web? Unfortunately, yes- perhaps not in actual usage, but it's set up to do so. The module containing the interpreter is imported by youtube_dl/extractor/youtube.py, and the function _parse_sig_js invokes that to run some code it's fed. The following block of code then calls that function with the source of a webpage it downloads: if player_type == 'js': code = self._download_webpage( player_url, video_id, note=download_note, errnote='Download of %s failed' % player_url) res = self._parse_sig_js(code) This seems to be the only use of the system for YouTube (I haven't looked at other sites), and what exactly sets the player type to 'js' I don't know. It may be worth noting that there's also SWF interpreter, which is invoked very similarly to the way the JS one is (except with player type swf instead).
Re: [Trisquel-users] Which version of Ubuntu is Flidas based on?
Indeed, "Eww"buntu carries an identical file.
Re: [Trisquel-users] Which version of Ubuntu is Flidas based on?
I'm not sure who the person to ask would be, but (although slightly inconvenient) SuperTramp's suggestion above works: it should be possible to cross-check the Debian version listed for a Trisquel release with which Ubuntu version it corresponds to: Belenos has Debian Jessie as a grandparent, which is the base of Ubuntu 14.04, and Flidas has Stretch, found as the basis of 16.04.
[Trisquel-users] Testing Trisquel 8 : Feedback ;-)
With the third generation of Flidas ISOs having been released recently, and the establishment of its wonderful stability, now seems like a good time to start a Trisquel 8 feedback thread- idea courtesy of Mangy Dog and Pandya. I can only personally comment on the second generation live CD, but it proved extremely stable and complete. The software selection appeared well-chosen, though the inclusion of both Rhythmbox and VLC was excessive in my opinion, and the complete lack of a mail client was slightly irritating. Installation went smoothly- although a text installer would have been nice, as well as some way to assign partitions to LVM physical volumes (Ubuntu lacks that too though, so it's understandable). Post-installation, my only complaint was the lack of evolution in the repositories- every other piece of desired software was available, which was positively surprising given these are early days.
Re: [Trisquel-users] Which version of Ubuntu is Flidas based on?
You may very well have. Even IF licensing restrictions and what-not make it illegal now, these only came into effect after Belenos. Such a feature might very well exist: I agree with you that it would be a wonderful feature to have.
Re: [Trisquel-users] Waiting for Trisquel 8 (Flidas)
Good idea! I'm going to do that now.
Re: [Trisquel-users] Automatically Start VPN Connection
This is just a(n educated) guess, but... If you left-click on the internet icon in the tray, 'Edit', and then 'Add' in the new window that pops up, it gives you the option 'OpenVPN'. What happens if you select that and then click 'OK'?
Re: [Trisquel-users] Do youtube-dl/HTML5 Video Everywhere run nonfree JS?
The imports at the top are modules provided with Python: json provides tools for handling json, re is for handling regular expressions, and operator simply allows binary operations (e.g. x+y, x*y) to be expressed as functions. As you, its capacity seems rather limited. With the caveat that my 'audit' didn't involve reading every single line of code to death, the interpreter's capacity seems largely limited to basic arithmetic and string operations, assignment, and function/class definitions. It also appears to be able to handle json dumps, although what exactly this involves is not apparent. Overall, it could perhaps be argued it's no worse than allowing arbitrary CSS to run in the browser, since that already permits mathematical operations. However, this is certainly something to be wary of.
Re: [Trisquel-users] Why does no insider disclose the non libre computer software?
>I will say that regarding eu law what Ignacio writes about >legality is likely not correct I'm no expert in EU law, and so I'm likely wrong here, but it may very well be illegal. The issue is that, even if copyright law does not prevent use of leaked source code, it is also a trade secret. I don't know exactly how that would affect an end user, but it could still be an issue. >Considering what else data gets leaked or obtained by >attacks, I find it impressive that about one computer after >the next, the source code does not get out. I believe the >companies must run a strict setup. They almost certainly do have a *strict* setup, but that doesn't mean it's complex. Carefully managed access means the company can easily find a leaker: once it's known you did it, you've got lawsuits and a lifetime ban from related projects. For anyone reasonably accepting of proprietary software, there's no reason to leak. >Even if you had the encryption keys, enabling you to flash >any piece of software on the computer, if you do not have >the source software, you would have to do reverse >engineering, which is impossible or difficult? Your outline of the issues sounds perfect to me. In practice, I'm not quite sure how difficult reverse engineering is: it's definitely not impossible, but it certainly isn't as easy as writing software with a public specification.
Re: [Trisquel-users] Which version of Ubuntu is Flidas based on?
Probably not. The LSB modules refer to "Linux Standard Base", which is a standard aimed to introduce some level of compatibility between major distros. A quick search for "LSB modules" suggests that installing the package "lsb-core" would give you the modules, but that won't give you the Ubuntu version. In any case, short of an error, there shouldn't be any way to determine the Ubuntu base of Trisquel from within. Canonical's (current) license terms, as I understand it, ban any unofficial respin of Ubuntu from using Canonical trademarks- which would, presumably, not permit inclusion of information about the base version of Ubunu used. However, there's a fairly simple way to determine the base. It's always the most recent Long-Term Support release of Ubuntu, which is the one with version .04: for example, Belenos was based on 14.04, Flidas is drawn from 16.04, and whatever Trisquel 9 is will derive from 18.04, unless the long release wait for Flidas pushes it back (in which case you'll know anyway).
Re: [Trisquel-users] Why does no insider disclose the non libre computer software?
I fully agree with your second point- better do it legitimately than have a project constantly bear the threat of legal action, subsequently deterring newcomers from our community out of doubt about legality. Your first point is also fairly reasonable, but it unfortunately seems that financial security and/or loyalty can keep illegal projects hidden quite well- it did with Volkswagen, at least.
Re: [Trisquel-users] Why does no insider disclose the non libre computer software?
>Your answers confirm to me, that we do not know how they >manage their secrets. We do know the basic details. As others have outlined above, a combination of legal obligations and careful access management keep the risk of disclosure low. Specifics might not be public, though. >We do not how many people has the intel me and amd psp >source software, their respective encryption keys and what >else relevant software in terms of a libre software computer. Why would we want to though? Please do inform me if you have something else in mind, but the only use I can see for such information is to launch a targeted attack to squeeze the details out of relevant individuals. As Ignacio.Agullo pointed out, this would be of little gain to the free software community. Though it may be harder, it would be better to petition the company or simply switch in the name of libre software. >Likely it is a system of need to know and maybe their >registration system on who made what, enables them to >narrow it much down regarding who did the leaking, should >there be a leaker. There is- with such a large piece of software as MS Windows, for example, there are many different individual programs which combine to form the whole. Programmers are allocated to only one (maybe a few?) of these at a time, and consequently only a certain group of people have access to the code for a given part at any set moment. On top of that, any leaker trying to prove their authenticity would likely need to reveal more details- that limits even further who it could be. >Maybe they do not see any reason for a libre software >computer and disclosing anything would be against their >financial interests. To a degree, that's probably a fair assessment; however, saying they see no reason at all is likely excessive, and there's more to it than finances. It's like with the environmental movement- although support is widespread, only a tiny portion of people are sufficiently motivated and reckless to perform dangerous/illegal acts for the cause. Similarly, expecting a Snowden in every company is excessive. >I would also like to know if there have been any hacking >attempts to get the intel and amd non free software? Not that have been disclosed, to the best of my knowledge. There was the 2006 discovery of documents discussing the ME on a public FTP server by Igor Skochinsky. but Intel had put them there (through carelessness). I'm not sure they had source in them either. Furthermore, there is a rumor that ME source is traded on the dark web, but it doesn't seem to be supported by evidence. In any case, the PSP doesn't seem to come at all in such 'attacks'. >Unless countries like russia and china have their own >brand of computers, it must be unacceptable for them. Without any confirmed exploits, the perceived threat from these chips likely pales in comparison to that posed by the OS and other higher-level components. Furthermore, I'm quite certain these countries do have their own computers- if not, switching to ARM-based devices would hardly be difficult.
Re: [Trisquel-users] Transferring Windows 10 backup files to Trisquel
Glad to hear it worked! Hopefully that's the last time anything arises- if there is still a problem, obviously don't hesitate to ask for help. For the 108 files, you might have to open the file manager as root, which you can do with the command "sudo nautilus", and then try deleting them.
Re: [Trisquel-users] Libre Game Development
That's correct. Sorry if the wording caused any confusion, but the 'source code' and four freedoms are only required for software. It's often expected that the documentation also gets it, but art used in manuals would be the only kind that you might need to free. Anything else is, as you say, considered part of the 'game experience'.
Re: [Trisquel-users] Transferring Windows 10 backup files to Trisquel
Indeed there is. Thank you for running the script though- even just knowing that it works is extremely helpful. I've uploaded a script at http://pastebin.ca/3794338, which works exactly the same way as before- although the command "~/Downloads/gmsWord.sh" would probably work better here than "~/Downloads/gmsWord.sh > ~/Downloads/output". It's not so much a diagnostic as a rewrite of the original- it (should) do what the original script was meant to. If it doesn't, just say. Third time lucky hopefully!
Re: [Trisquel-users] Hardware Freedom Day 2017! Saturday April 15th
A very good cause, and I hope the day offers a chance for the issue of hardware freedom to be brought to light. I unfortunately am limited in my ability to participate, but nonetheless believe it is worthy of support. That said, are you aware that testing wi-fi/ethernet/bluetooth freedom is an issue of firmware, belonging to software rather than hardware? It's certainly not an unworthy issue- if anything, it's probably more important, since the benefits of true hardware freedom are still less tangible than those of free firmware, but it is something to note nonetheless. In any case, best wishes to those involved in events for the day, and may freedom in all forms be the future.
Re: [Trisquel-users] Transferring Windows 10 backup files to Trisquel
Thank you for being so patient with this- it is impossible to say with words how much I appreciate it, especially as a novice. I should have posted some sort of reply earlier, looking back, but there is little I can do now. I hope it hasn't caused any trouble. In any case, what is happening appears quite strange. Your description of the file organization isn't confusing in the slightest, but for some reason the script appears to be finding the archives just fine and then failing to pick up on Word documents inside them. I've written a diagnostic script, uploaded at http://pastebin.ca/3793824, which should hopefully help. Before you run it though, be warned that the output will (if it works properly) list the names of all the files in your backups. It won't print what's inside them, but please don't hesitate to just say if you don't feel comfortable publishing the names of all your files- I know I wouldn't, and others would certainly feel the same. Continuing on, if you are OK with the caveat: the script works much the same as before. The only difference is where the file is published (see above), and the command you have to run, which is (no quotes) "~/Downloads/gmsWord.sh > ~/Downloads/output". If it gives you a permission denied error, you'll need to run the 'chmod' command printed above again- "chmod +x ~/Downloads/gmsWord.sh"- but apart from that, there shouldn't be much, if any, output to the screen. The stuff that might then shed some light on the original script failing is what's in the 'output' file in your Downloads folder- open that with Gedit, and then (once again, only if you feel comfortable with doing so) paste it into a comment on this thread.
Re: [Trisquel-users] Libre Game Development
Indeed, you needn't provide source code with the game for it to be libre- as long as anybody who receives a copy of the game can obtain source in an easy and timely manner, the software is still free.
Re: [Trisquel-users] Libreboot no longer opposes the Trisquel project
Seconded- it takes a *lot* of courage to publicly make such a statement.
Re: [Trisquel-users] Transferring Windows 10 backup files to Trisquel
The script is now at http://pastebin.ca/3792624. The site works without JS enabled, if necessary. To use it, copy the text in the paste (the code in the big box in the middle, without the line numbers) into a text editor, such as Gedit (not LibreOffice). Save the file as "gmsWord.sh" (no quotes) inside your Downloads folder, and then open a terminal inside the main folder you mentioned above. Run the following two commands, once again without quotes: "chmod +x ~/Downloads/gmsWord.sh" "~/Downloads/gmsWord.sh" Sorry once again, and hopefully it works this time!
Re: [Trisquel-users] Transferring Windows 10 backup files to Trisquel
I'll post the source of the script, with modified instructions, below. That was my fault- for some odd reason, attachments to the forum don't seem to give permission. I should have thought about that BEFORE posting the file. I am extremely sorry.
Re: [Trisquel-users] Transferring Windows 10 backup files to Trisquel
You're welcome- I've been chronically bored lately, so it was nice to have something do. Magic Banana covered most of what's worth noting, so I'll just note what else I can think of: *It definitely sounds as though the computer might be under a lot of stress, especially given the mouse. It is somewhat strange though, given the amount of RAM (it was memory) and the processor, as well as the fact that Windows 10 worked fine. *Just out of curiosity, do the page jumps ever occur when after a page is done loading? Firefox sometimes has a habit of shifting around while loading, at least on GNU/Linux.
Re: [Trisquel-users] Fitting Custom Image As Wallpaper.
Hi! I presume you're using Trisquel 7. If you go into the 'Tweak Tools' section of the System Settings, and then to the 'Desktop' tab, there should be an option called Mode, which is probably set to Zoom. Change that to Stretch, and it should resize the background to fit the screen, albeit stretching it.
Re: [Trisquel-users] Transferring Windows 10 backup files to Trisquel
Hi again! Firstly, in regards to the fishing through the zips, I've almost got the script for that ready- I should have mentioned it, but I wasn't sure if you were still here. I'll post it as soon as I finish it. As for your computer woes, they are unfortunately common in switching OSes. However, there appears to be hope for resolving them. I'm reasonably certain sounds carrying between pages in the browser is normal functionality. There's likely a setting to stop it happening, if that's the case- I'll get back to you unless somebody else can be of more assistance. The problem with pausing the video not stopping sound, the keyboard randomly freezing, (maybe) the tabs not showing up, and the browser sometimes locking because of high CPU usage are possibly signs of a slow computer. Do you know how much RAM you have and what processor you're using- you can find them under 'Details' in system settings if necessary. The built in mouse (I presume a touchpad) not working could be one of several things. Is it completely unusable, not clickable but movable, or just a pain to use? For the pages randomly jumping to the top, I can't say I have a clue. There might be a trigger, such as touching the mouse (to scroll down, or just be accident) or rubbing an arm/hand on the keyboard. If not, then I honestly don't know.
Re: [Trisquel-users] Libre Game Development
Hi davidpgil! I'm giving my input here, with the caveat that I'm not a gamer, a developer, or an artist. Onpon4 is developing a 100% libre game, and will likely be able to give a more informed opinion. In regards to making money from your game, significant or not, making the art (including music) non-libre is not going to be of great use. Apart from potential ethical issues, there's no way you can stop redistribution without making the whole game proprietary- in fact, if your game becomes popular enough, even banning redistribution won't stop it from happening. You can still ban derivatives or commercial use without stopping the game from being libre, but neither of these will make anywhere near as much money as potential career opportunities gained by being able to show a game *you* made. It is of course your choice as to whether or not you ban these uses, but there's little to be gained from a financial point of view. The ways you *can* make money, by contrast, revolve around discarding the concept of the game as a 'product' and turning it into a 'service'. Crowdfunding is a great way to do this- set up a campaign with a libre service (I would recommend CrowdSupply) and offer such things as choice in how the game is developed, extra material (although this should be libre too!), or merchandise. By breaking the game down into several semi-independent parts, such as modular levels, it might very well be possible to keep the cash rolling in for quite a while. You could also sell merchandise separately- even if it were something as simple as discs containing copies of the game.
Re: [Trisquel-users] Libreboot no longer opposes the Trisquel project
Have you had a look at the latest alpha? It's quite recent, and apparently quite decent, so I'm not sure the point of being 'dead and abandoned' is on the horizon just yet.
Re: [Trisquel-users] Proposed Project: GOLD - Gaming on Linux Distribution
OK, I've done a bit of research so that this topic isn't completely sidetracked... Trying to strip down Lakka to meet the FSDG doesn't appear to be an option. As I read it, http://www.lakka.tv/get/linux/generic/install/first-boot/games/ seems to suggest the whole point of the distro is to run ROMs of other console's games: quite contrary to the aims of libre distro. That said, it is still worth looking at Lakka to consider what GOLD could learn from it. In regards to software management/updates, I would suggest apt or something similar, with a three-way division of the repositories between system core, fully-free games, and non-free art games. Something like GNOME software could be thrown in for a games store, only showing the games repositories; system updates could then be delivered via an auto-updater, which would maintain the system core. By dividing the games into two classes, like above, the user is provided with choice in regards to whether or not they wish to allow non-free artworks (although whether this is desired is obviously up for debate). The choice of apt, or similar package manager, is based on what level of control is desired. Lakka (and its base OpenELEC) seem to use a much more basic package management system, which assists them in shedding weight; however, it seems that fine-grained control would be of more interest in a free-software system than absolute minimalism.
Re: [Trisquel-users] Help with modify a package
I'm not familiar with tasksel, but there is already a package helper for tasksel in Trisquel 8 available at https://devel.trisquel.info/trisquel/package-helpers/blob/flidas/helpers/make-tasksel. Is there a feature or ability missing in tasksel for Trisquel 8 that isn't there for Trisquel 7? Regarding how package helpers work, they're basically short scripts that download the source code of a Ubuntu package, tinker with it to make it OK for Trisquel (for example, rebranding it and removing non-free software suggestions), and then compile it to put in the repositories.