Re: Truth matters when writing software and selecting leaders
On 4/13/21 8:20 PM, Jean Louis wrote: * Martin [2021-04-13 20:41]: Live-bootstrap (still under early development state at the moment) is a pure bare metal project aiming to be used before involving any OS. Kernel blobs are out of scope for them, because linux-kernel in general is not capable to operate on 8bit processor with 300bytes of ROM and a single 4bits of RAM - the hardware requirements for hex0 you can build from scratch i.e.: https://www.nand2tetris.org/ . But yes if you really want you could also setup it on some over-complicated hypocritical Cloud environment based on Microsoft Windows Guest Virtual Machines powered by Guix linux-libre KVM Hosts (another not fixable freedom bug in "free software"^tm). Do I understand it well: - there must be some computer with a chip that is programmed by which method? Maybe physical switches? Then the chip spit the first binary which is used to create programming languags? - or is there maybe some editor, so when small 8 bit CPU starts, user can enter some information and file is generated? Basically it's about reinventing the wheel https://web.archive.org/web/20120127144927/http://www.cs.ncl.ac.uk/research/pubs/books/papers/133.pdf . But nowadays we have many different computer architectures, designs, tools, development boards, fpga implementations, virtual machines, blockchain technologies, etc https://en.wikipedia.org/wiki/Comparison_of_instruction_set_architectures . You have a full freedom of choosing your best CPU and how to speak with it. For now most of the attention is focused on the mainstream x86, arm and RISCV hardware but it could be also ported to any other exotic arch, i.e.: https://b1391bd6-da3d-477d-8c01-38cdf774495a.filesusr.com/ugd/56440f_96cbb9c6b8b84760a04c369453b62908.pdf I don't think someone would like to repeat the https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal even though some corrupted VW cars are still on the streets. You said it there in a good example. People driving will not necessarily get informed of security issues. Drivers in this context are not the main target of this VW scandal. It's just a top global politics and their dirty games with CO2 emission speculative trading, which is basically a brute-force way to enforce additional tax for the car manufactures and any other big industries. Btw. it looks like the recent SolarWinds big scandal could be also prevented by bootstrappability and reproducible-builds: https://arxiv.org/abs/2104.06020 as that is exactly how Telegram is doing it, but currently FSF endorses distributions with software that interacts with Skype, Telegram, Twitter, etc. On the other hand campaign is there, money is paid for decentralization of Internet, but FSF endorsed distributions still partially work to centralize Internet. It's the main reason why I started to write in this thread. In my opinion FSF needs some serious internal refactoring, fresh global view of all the current and possible future threats and a serious new strategy how to effectively counter-measure it.
Re: Truth matters when writing software and selecting leaders
On 4/12/21 4:53 PM, Jean Louis wrote: Guix is nice but at the moment it requires Guile(approx 20mb of binaries) to bootstrap itself. Better solution is https://github.com/fosslinux/live-bootstrap - there are even plans to integrate it with Guix directly, Debian and many other projects. That is great. Yet, that project does not support fully free OS, as if they accept kernel blobs, that defeats the purpose of bootstrapping and reproducing. Comparison table says that Guix version would run with Linux-libre kernel only, while their version runs with any kernel. Which means introducing blobs for some reason. Unknown for now. Live-bootstrap (still under early development state at the moment) is a pure bare metal project aiming to be used before involving any OS. Kernel blobs are out of scope for them, because linux-kernel in general is not capable to operate on 8bit processor with 300bytes of ROM and a single 4bits of RAM - the hardware requirements for hex0 you can build from scratch i.e.: https://www.nand2tetris.org/ . But yes if you really want you could also setup it on some over-complicated hypocritical Cloud environment based on Microsoft Windows Guest Virtual Machines powered by Guix linux-libre KVM Hosts (another not fixable freedom bug in "free software"^tm). Well I don't trust compilers like any other software and I don't trust any people behind them. I do, as I am forced to do so. It is one type of lock-in. Practically it means little as software security does not depend on compilers only. Whole chain has to be verified. Making an automated process to compile one from each other does not make it enough safe IMHO. Even if whole chain is verified, who is to guarantee that it was verified? So for users, those verifications mostly do not matter. There is NO WARRANTY whatsoever for most or all of free software, most of times. For users thus practically, it does not matter. Those efforts are though much appreciated. I like practical solutions, but I do welcome all boostraping and reproducible build efforts. Sadly I would not know how to contribute to it, other but building it and verifying small portions of the process myself. Machine language I have used to create games, it requires some patience, but not more patience than learning any programming language. I would like to verify the first binary that is entered and to know how it is entered. It is not large, it may be verified and better described. Scientific papers are also full of hidden or disclosure errors, but it doesn't mean theoretical studies are bad because of this inevitable side effects. In fact perfect abstractions are very useful in practice even though you will never rich them directly. In real world there is no such think like 100% security, but still we always want to be as close as possible to that imaginary point. Besides machine code could be really fun as well http://tom7.org/abc/ The biggest advantage of open-source, gnu freedom "free software", etc in general is just the ability to verify the code itself. We can do that for all source packages, but not for easy for the compiler chain and not easy for binaries created by the compiler chain. easy problems are boring There are still many difficulties and limited ways to do it but it doesn't mean the verification effort is pointless. I believe in the future where all the basic computer hardware/software/systems could be formally verified and audited by anyone and in any time. Let us say they are audited by entities, or persons A, B, C. What true security does it mean for users? I say none. It just increases illusion of safety to a certain degree, but it is far from trusting it. There are millions of users. They have to trust their distributions, they have no control of verification. Now, what if verification finds something is wrong? Millions of users will still continue using malicious software, it is practically taking place every day millions of times. I don't think someone would like to repeat the https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal even though some corrupted VW cars are still on the streets. Besides reproducible-bulds and bootstrappability are not only about the security. These concepts can really help you to understand and control your computer system by eliminating any unnecessary random, obscure, dirty and undefined behaviors from your code. These kind of projects are easier to maintain, test, optimize, extend, etc. People should be able to build from very scratch, from nand logical gates and below to complex linux riscv machines and above to have full control in all that process. Small simple concepts like transparency, reproducible-builds, bootstrappability, simplicity, minimalism, etc are very essential to reach that perfect goal. That is pleasure in exercise in computing. Something that each student of CS should start with, I would include the hex0 initial stage as a lesson in every CS course. Just that goal is n
Re: Truth matters when writing software and selecting leaders
* Martin [2021-04-13 20:41]: > On 4/12/21 4:53 PM, Jean Louis wrote: > > > Guix is nice but at the moment it requires Guile(approx 20mb of binaries) > > > to > > > bootstrap itself. Better solution is > > > https://github.com/fosslinux/live-bootstrap - there are even plans to > > > integrate it with Guix directly, Debian and many other projects. > > That is great. Yet, that project does not support fully free OS, as if > > they accept kernel blobs, that defeats the purpose of bootstrapping > > and reproducing. Comparison table says that Guix version would run > > with Linux-libre kernel only, while their version runs with any > > kernel. Which means introducing blobs for some reason. Unknown for > now. > Live-bootstrap (still under early development state at the moment) is a pure > bare metal project aiming to be used before involving any OS. Kernel blobs > are out of scope for them, because linux-kernel in general is not capable to > operate on 8bit processor with 300bytes of ROM and a single 4bits of RAM - > the hardware requirements for hex0 you can build from scratch i.e.: > https://www.nand2tetris.org/ . But yes if you really want you could also > setup it on some over-complicated hypocritical Cloud environment based on > Microsoft Windows Guest Virtual Machines powered by Guix linux-libre KVM > Hosts (another not fixable freedom bug in "free software"^tm). Do I understand it well: - there must be some computer with a chip that is programmed by which method? Maybe physical switches? Then the chip spit the first binary which is used to create programming languags? - or is there maybe some editor, so when small 8 bit CPU starts, user can enter some information and file is generated? > > Now, what if verification finds something is wrong? Millions of users > > will still continue using malicious software, it is practically taking > > place every day millions of times. > I don't think someone would like to repeat the > https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal even though some > corrupted VW cars are still on the streets. You said it there in a good example. People driving will not necessarily get informed of security issues. > Besides reproducible-bulds and bootstrappability are not only about > the security. These concepts can really help you to understand and > control your computer system by eliminating any unnecessary random, > obscure, dirty and undefined behaviors from your code. These kind > of projects are easier to maintain, test, optimize, extend, etc. Sure, but that applies only to very narrow group of experts. It means nothing for 99.999% of users, probably more than that. That is disclosure that is missing on pages that are marketing reproducible builds and bootstrappability. "These concepts can really help you to understand and control your computer system by eliminating any unnecessary random, obscure, dirty and undefined behaviors from your code." -- that is far from practical truth and reality. Thos concepts will not help 40-50 million free softwware users to understand and control their computer system; they will not help them to eliminate any unnecessary (neither help them understand what would be unnecessary), random, obscure, dirt and undefined behaviors from the code because it requires proficient experts who know everything from the begin to the end, this involves knowing all of the boostrapped binaries, all of the internals of each of GCC versions and other binaries involved, and to know security and internals of each remote software ever pulled in this process, and this grows to the distribution size. That is why I say it is probably less than 0.001% of users that would have such capacities and skills. For all others it will remain impractical. They will not even want to know about it. That there are thinkers like you is my appreciation to life on this planet. But it will be worse, people will know less, not more. Corporations want to make sure of it. We are in the war that we do not even know that we are. > > Just that goal is not perfect as you say. There is no warranty for > > software, and there is no guarantee that auditing is uncompromised. We > > also do not know true identities of developers and their background, > > we cannot verify them, thus we cannot know what is really going > > on. > There are many tools available to formally verify the code, i.e.: Coq, > Idris, Agda, etc. If it works for real research to facilitate crafting and > validating complicated mathematical lemmas, i.e.: There may be X number of tools, see above, as if 40 million users cannot verify it, it is not verified for them. For you it may be verified if you have done the process. Did you verify it truly ever? In speaking highly hypothetical of future goals, we have to disclose the reality, as what you verify is not verified by myself, it does not help, it just increases probability or trust, and we are anyway now downloading software due to trust to se
Re: Truth matters when writing software and selecting leaders
* Martin [2021-04-06 15:25]: > On 4/5/21 5:52 PM, Jean Louis wrote: > > I do understand the strive to perfectionism and there are projects > > like Guix which strive to reach the point you are talking. Maybe such > > projects can become bootstrapping distributions for other > > distributions which cannot or did not reach that far yet. > Guix is nice but at the moment it requires Guile(approx 20mb of binaries) to > bootstrap itself. Better solution is > https://github.com/fosslinux/live-bootstrap - there are even plans to > integrate it with Guix directly, Debian and many other projects. That is great. Yet, that project does not support fully free OS, as if they accept kernel blobs, that defeats the purpose of bootstrapping and reproducing. Comparison table says that Guix version would run with Linux-libre kernel only, while their version runs with any kernel. Which means introducing blobs for some reason. Unknown for now. > > What means "to trust" compiler? We already trust our compilers, > > obviously. We have confidence, faith in compilers and people making > > it. Free software is insecure and we trust people behind > > distributions. We have only freedom to verify it though largest > > majority of users including programmers cannot possibly verify free > > software on a system as it would take a life time. OpenBSD people are > > verifying the system for decades they still did not finish. It is > > never ending story. > Well I don't trust compilers like any other software and I don't trust any > people behind them. I do, as I am forced to do so. It is one type of lock-in. Practically it means little as software security does not depend on compilers only. Whole chain has to be verified. Making an automated process to compile one from each other does not make it enough safe IMHO. Even if whole chain is verified, who is to guarantee that it was verified? So for users, those verifications mostly do not matter. There is NO WARRANTY whatsoever for most or all of free software, most of times. For users thus practically, it does not matter. Those efforts are though much appreciated. I like practical solutions, but I do welcome all boostraping and reproducible build efforts. Sadly I would not know how to contribute to it, other but building it and verifying small portions of the process myself. Machine language I have used to create games, it requires some patience, but not more patience than learning any programming language. I would like to verify the first binary that is entered and to know how it is entered. It is not large, it may be verified and better described. > The biggest advantage of open-source, gnu freedom "free software", > etc in general is just the ability to verify the code itself. We can do that for all source packages, but not for easy for the compiler chain and not easy for binaries created by the compiler chain. > There are still many difficulties and limited ways to do it but it doesn't > mean the verification effort is pointless. I believe in the future where all > the basic computer hardware/software/systems could be formally verified and > audited by anyone and in any time. Let us say they are audited by entities, or persons A, B, C. What true security does it mean for users? I say none. It just increases illusion of safety to a certain degree, but it is far from trusting it. There are millions of users. They have to trust their distributions, they have no control of verification. Now, what if verification finds something is wrong? Millions of users will still continue using malicious software, it is practically taking place every day millions of times. > People should be able to build from very scratch, from nand logical > gates and below to complex linux riscv machines and above to have > full control in all that process. Small simple concepts like > transparency, reproducible-builds, bootstrappability, simplicity, > minimalism, etc are very essential to reach that perfect goal. That is pleasure in exercise in computing. Something that each student of CS should start with, I would include the hex0 initial stage as a lesson in every CS course. Just that goal is not perfect as you say. There is no warranty for software, and there is no guarantee that auditing is uncompromised. We also do not know true identities of developers and their background, we cannot verify them, thus we cannot know what is really going on. Speaking about it is good, it raises awareness, but not significantly, users still remain there to trust their distributions. Why we use "chain of trust" in other security related processes? Here in this process there is no clear chain of trust, no process of verification. What does it matter that somebody there on some server says, that reproducible hash outcome is 123 compared to user's hash 123, makes it same, and thus trusted. It does not as user does not know people behind those servers. Mass manipulations are done every day through media, few words may c
Re: Risks of deterministic builds (was: Re: Truth matters when writing software and selecting leaders)
* Martin [2021-04-06 12:22]: > > From practical viewpoint, among milions and millions of users, when it > > comes to validating compiler, they would have to validate the > > reproducible build with comparison to something. Benefits of > > reproducible builds thus depend of number of people validating it and > > reporting problems. It depends of publicity of problems and > > research. Small group of people may do the work, but they cannot > > possibly make sure to do the work for ALL distributions and for all > > people. Thus practically for an individual it means nothing, unless > > individual is highly skilled to verify internals of the compiler, and > > we have plethora of compilers on every single GNU/Linux operating > > system. Thus whole countries may be converted into spying backdoor > > teams by using marketing of reproducible builds of packages that > > people cannot really verified. Reproducible build of system is not > > yet reality. We hope for it in future. > Maybe freedom in "free software" shouldn't require from the code to be open > neither. Let's just blindly trust some saint developers who cannot even > control their own binaries. Actually today we are closer and closer to that > sad scenario like never before in the history, because in fact most of the > open-source and GNU "free software" nowadays base on blackboxed binary seeds > that cannot be verified by the users not even by the core developers. I say you are right there, only that irony is not really in place. I admire your perfectionism. - practically, majority of GNU/Linux and BSD-derivatives blindly trust their developers. It is how it is. Just few of them are actual developers who verify things and develop, and submit issues, find security problems and so on. We rely on our developers. - developers can to a degree control their binaries. It is questionable if they can boostrap compilers from pure sources, so they trust their upstream compiler providers like GNU GCC, or Haskell's origins, or other compilers. Guix is making effort and some other OS-es to make it boostrapable. - yes, with larger number of people using GNU/Linux we are closer and closer to scenario of blindly trusting our distributions. That is not good. Common users cannot anyway verify software. - You are right, that now, at this point of time, we should point out to that issue, as now it is important when it is not too late. Maybe it is too late for Haskell. I know for GCC is not too late as Guix can bootstrap it or almost bootstrap it. Not sure. If we don't point from today on about this issue, we will get serious problems in future. Awareness we need. Something practical has to be done about that. Did you contribute to Guix with your knowledge? -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns Sign an open letter in support of Richard M. Stallman https://rms-support-letter.github.io/
Re: Truth matters when writing software and selecting leaders
On 4/5/21 5:52 PM, Jean Louis wrote: I do understand the strive to perfectionism and there are projects like Guix which strive to reach the point you are talking. Maybe such projects can become bootstrapping distributions for other distributions which cannot or did not reach that far yet. Guix is nice but at the moment it requires Guile(approx 20mb of binaries) to bootstrap itself. Better solution is https://github.com/fosslinux/live-bootstrap - there are even plans to integrate it with Guix directly, Debian and many other projects. What means "to trust" compiler? We already trust our compilers, obviously. We have confidence, faith in compilers and people making it. Free software is insecure and we trust people behind distributions. We have only freedom to verify it though largest majority of users including programmers cannot possibly verify free software on a system as it would take a life time. OpenBSD people are verifying the system for decades they still did not finish. It is never ending story. Well I don't trust compilers like any other software and I don't trust any people behind them. The biggest advantage of open-source, gnu freedom "free software", etc in general is just the ability to verify the code itself. There are still many difficulties and limited ways to do it but it doesn't mean the verification effort is pointless. I believe in the future where all the basic computer hardware/software/systems could be formally verified and audited by anyone and in any time. People should be able to build from very scratch, from nand logical gates and below to complex linux riscv machines and above to have full control in all that process. Small simple concepts like transparency, reproducible-builds, bootstrappability, simplicity, minimalism, etc are very essential to reach that perfect goal. Maybe you wish to say we have to control compiler, but compiler is huge, not even compiler developers can know what is everything inside, they always find some new problems to solve. Hopefully there are still alternatives, and if GCC won't fix itself on time than it gonna die by natural selection.
Re: Risks of deterministic builds (was: Re: Truth matters when writing software and selecting leaders)
On 4/6/21 7:40 AM, Jean Louis wrote: * Jacob Bachmeyer [2021-04-06 05:39]: Exploits are easier to develop when hardcoded offsets, virtual addresses, etc. can be used. In a "binary monoculture" environment, that is possible. This contributes to and worsens security problems in proprietary software, which is almost always distributed as a single identical set of binaries. If you have a source code that types of exploits are also easier to detect. Besides you can always compile your software with different flags then the one used by default. Reproducible-builds just gives you information that for a fixed environment you have the fixed binaries but usually the combinations of settings are very wide and it's only up to you how your binaries are distributed in the end. Reproducible builds are useful for validating the compiler, but there is a potential downside in that they make any exploit that can be found in the reproducibly built program much more reliable, since everyone will have exactly identical binaries. Note that this is an identical risk with binary distributions: if you simply install the binaries form Debian, an exploit can be tuned to Debian's version of that binary and it will work on your machine. So far debian is still one of the safest linux distribution in the world. Anyway even debian is giving you the option to compile all their software from source codes and again you can tune it as you like in your custom dev environment producing completely different binaries than others do. That is right. From practical viewpoint, among milions and millions of users, when it comes to validating compiler, they would have to validate the reproducible build with comparison to something. Benefits of reproducible builds thus depend of number of people validating it and reporting problems. It depends of publicity of problems and research. Small group of people may do the work, but they cannot possibly make sure to do the work for ALL distributions and for all people. Thus practically for an individual it means nothing, unless individual is highly skilled to verify internals of the compiler, and we have plethora of compilers on every single GNU/Linux operating system. Thus whole countries may be converted into spying backdoor teams by using marketing of reproducible builds of packages that people cannot really verified. Reproducible build of system is not yet reality. We hope for it in future. Maybe freedom in "free software" shouldn't require from the code to be open neither. Let's just blindly trust some saint developers who cannot even control their own binaries. Actually today we are closer and closer to that sad scenario like never before in the history, because in fact most of the open-source and GNU "free software" nowadays base on blackboxed binary seeds that cannot be verified by the users not even by the core developers.
Risks of deterministic builds (was: Re: Truth matters when writing software and selecting leaders)
Martin wrote: On 4/4/21 11:38 PM, Jacob Bachmeyer wrote: Martin wrote: In a perfect world if everything is reproducible than all the compilations are deterministic. It means that for a given environment your source code will always produce the same binaries. Briefly DDC method is using mix of different environments in order to analyze the binary patterns of the same source code. The downside of this is that we are right back to a binary monoculture, and an exploit that works on one machine would be trivially guaranteed to work everywhere. We really need some kind of controlled randomization that allows provably equivalent executables to be produced, but such that exploits relying on hardcoded offsets will only work on a limited subset. I don't understand what you mean by "binary monoculture" in this context can you elaborate more about it pls? Exploits are easier to develop when hardcoded offsets, virtual addresses, etc. can be used. In a "binary monoculture" environment, that is possible. This contributes to and worsens security problems in proprietary software, which is almost always distributed as a single identical set of binaries. Reproducible builds are useful for validating the compiler, but there is a potential downside in that they make any exploit that can be found in the reproducibly built program much more reliable, since everyone will have exactly identical binaries. Note that this is an identical risk with binary distributions: if you simply install the binaries form Debian, an exploit can be tuned to Debian's version of that binary and it will work on your machine. -- Jacob
Re: Risks of deterministic builds (was: Re: Truth matters when writing software and selecting leaders)
* Jacob Bachmeyer [2021-04-06 05:39]: > Exploits are easier to develop when hardcoded offsets, virtual addresses, > etc. can be used. In a "binary monoculture" environment, that is possible. > This contributes to and worsens security problems in proprietary software, > which is almost always distributed as a single identical set of binaries. > > Reproducible builds are useful for validating the compiler, but there is a > potential downside in that they make any exploit that can be found in the > reproducibly built program much more reliable, since everyone will have > exactly identical binaries. Note that this is an identical risk with binary > distributions: if you simply install the binaries form Debian, an exploit > can be tuned to Debian's version of that binary and it will work on your > machine. > > > -- Jacob That is right. >From practical viewpoint, among milions and millions of users, when it comes to validating compiler, they would have to validate the reproducible build with comparison to something. Benefits of reproducible builds thus depend of number of people validating it and reporting problems. It depends of publicity of problems and research. Small group of people may do the work, but they cannot possibly make sure to do the work for ALL distributions and for all people. Thus practically for an individual it means nothing, unless individual is highly skilled to verify internals of the compiler, and we have plethora of compilers on every single GNU/Linux operating system. Thus whole countries may be converted into spying backdoor teams by using marketing of reproducible builds of packages that people cannot really verified. Reproducible build of system is not yet reality. We hope for it in future. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns Sign an open letter in support of Richard M. Stallman https://rms-support-letter.github.io/
Re: Truth matters when writing software and selecting leaders
On 4/4/21 11:38 PM, Jacob Bachmeyer wrote: Martin wrote: In a perfect world if everything is reproducible than all the compilations are deterministic. It means that for a given environment your source code will always produce the same binaries. Briefly DDC method is using mix of different environments in order to analyze the binary patterns of the same source code. The downside of this is that we are right back to a binary monoculture, and an exploit that works on one machine would be trivially guaranteed to work everywhere. We really need some kind of controlled randomization that allows provably equivalent executables to be produced, but such that exploits relying on hardcoded offsets will only work on a limited subset. I don't understand what you mean by "binary monoculture" in this context can you elaborate more about it pls? Besides reproducibile-builds is not designed to solve all type of exploits. It's just hardening dev environment requirements to face the trusting trust issue https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf . In general it doesn't make sens to make any "free software" development if you cannot trust your compiler. You cannot trust your source code if it produce different binaries in the same dev environment. This is the basic and once it's established than you can play with any "controlled randomization" ideas on top of it.
Re: Truth matters when writing software and selecting leaders
* Martin [2021-04-05 20:19]: > In general it doesn't make sens to make any "free software" > development if you cannot trust your compiler. You cannot trust your > source code if it produce different binaries in the same dev > environment. This is the basic and once it's established than you > can play with any "controlled randomization" ideas on top of it. Yes Martin, that is theory, look around the world, practicality is that for people it does make sense. They don't trust compilers, they trust websites, not even people, as majority of users do not know any people behind OS distributions. That is the real world. I do understand the strive to perfectionism and there are projects like Guix which strive to reach the point you are talking. Maybe such projects can become bootstrapping distributions for other distributions which cannot or did not reach that far yet. What means "to trust" compiler? We already trust our compilers, obviously. We have confidence, faith in compilers and people making it. Free software is insecure and we trust people behind distributions. We have only freedom to verify it though largest majority of users including programmers cannot possibly verify free software on a system as it would take a life time. OpenBSD people are verifying the system for decades they still did not finish. It is never ending story. Maybe you wish to say we have to control compiler, but compiler is huge, not even compiler developers can know what is everything inside, they always find some new problems to solve. Developers are solving issues: https://gcc.gnu.org/bugzilla/buglist.cgi?chfield=%5BBug%20creation%5D&chfieldfrom=24h Insecurities: https://www.cvedetails.com/product/960/GNU-GCC.html?vendor_id=72 To use free software we have to rely that it is safe and comes from trusted sources. It can still be that we discover backdoors after years, just as with Minix OS in Intel chips that could be used for backdoors and intrusion into computer operations. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns Sign an open letter in support of Richard M. Stallman https://rms-support-letter.github.io/
Re: Truth matters when writing software and selecting leaders
Martin wrote: In a perfect world if everything is reproducible than all the compilations are deterministic. It means that for a given environment your source code will always produce the same binaries. Briefly DDC method is using mix of different environments in order to analyze the binary patterns of the same source code. The downside of this is that we are right back to a binary monoculture, and an exploit that works on one machine would be trivially guaranteed to work everywhere. We really need some kind of controlled randomization that allows provably equivalent executables to be produced, but such that exploits relying on hardcoded offsets will only work on a limited subset. -- Jacob
Re: Google XMPP service (was: Re: Truth matters when writing software and selecting leaders)
* Jacob Bachmeyer [2021-04-03 22:16]: > On a side note: talk.google.com still speaks Jabber/XMPP on port 5223. I > use it to talk with friends that carry Android devices. The Android > messenger app and Hangouts still use Jabber on the backend. How does the username looks like? Is it u...@google.com ? Or something else? Do you think that each user has asigned XMPP username automatically? -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns Sign an open letter in support of Richard M. Stallman https://rms-support-letter.github.io/
Google XMPP service (was: Re: Truth matters when writing software and selecting leaders)
Martin wrote: On 3/30/21 9:10 AM, Jean Louis wrote: * Martin [2021-03-30 11:07]: Back in past, it was possible, and I remember doing so. I have been using Jabber network and I could freely contact Google Plus users through Jabber network and I could freely contact Facebook users through Jabber/XMPP network. It was possible to send email to Facebook friend without being Facebook user or having Facebook account, they would answer in their inbox to such email, and you would get reply. Today it is not possible. This kind of stories also have some pros. That time Jabber/XMPP network was getting big "free" promotion from Facebook, Google, etc. Nowadays I'm still using Jabber/XMPP and I have zero interest of having fb, g+, etc. On a side note: talk.google.com still speaks Jabber/XMPP on port 5223. I use it to talk with friends that carry Android devices. The Android messenger app and Hangouts still use Jabber on the backend. -- Jacob
Re: Truth matters when writing software and selecting leaders
* Martin [2021-03-31 17:00]: > On 3/30/21 7:10 PM, Jean Louis wrote: > > * Martin [2021-03-30 19:58]: > > You may, but we don't, as it is vague term. On GNU website, we never > > use "open source" to refer to free software, as we have to promote > > freedom. > what's your definition of freedom then? When I say freedom, it is used in the context of free software how it is already well defined on the website, I gave you references. I am glad to receive that freedom with GNU and other free software, and I distribute to other people as well. When I say "to promote freedom" on this mailing list, it refers to free software as defined, and users' rights, which I say are basic human rights to be in charge of any actions done on their behalf. As a paralegal since almost 20 years, when a person wish to authorize somebody else to do some actions on person's behalf, then there are 2 different powers of attorney: - General Power of Attorney -- usually authorizes another person to do ANY kind of actions on person's behalf, for example to purchase house, website domain, open up bank accounts, demand money, and so on. - Specific Power of Attorney -- authorizes attorney or representative to do some specific actions, for example, it could authorize attorney or assigned person to purchase vehicle on somebody's behalf. Those legal documents have to be signed usually in front of a public notary who makes sure that person is aware of all details written in the document. Normally, we do not legally authorize people to read, listen, hear, record, process our data, and do other unauthorized actions with our data, our information, so much related to life. Software programs and authors conquered the legality and took their right to claim that "by downloading this software" or "by using this website" one receives some kind of a license and accept any kind of otherwise unauthorized actions, like sending personal information, tracking your behavior, researching your behavior, selling your face, your habits, your situation of posession of your devices, like if you are rich or poor, processing your information, doing actions on your compute which actions you have never authorized, and repeating same actions trillions of times. Person was not technically capable to understand such authorization given to proprietary software companies, and thus IMHO, all such authorizations are invalid, and should be persectued by criminal law, depending of the country. But countries think that software is some kind of a written deed, and treat is under copyrights, I would not. I would treat it as set of actions executed on user's computer, usually processing user's data, and conducted by author. As that is what it is. Unauthorized processing of actions with users' data is criminal. I do not think that authorization by click or blind acceptance of software is legally right. Neither I do not think that for free software. For any software, it has to be free software, as only so users can verify if actions are actually authorized or not. For any software, that is assumed to be free software in future, users should or could trust developers who verify the software and designate what such software does with users' data. If it only play files, it would be easily accepted, but if it can do potential harm to user's privacy, something like that would need to be looked from criminal view point. As if anybody ENTERS my room, and takes FEW papers from a table, regardless what is on those papers, that is so much criminal that deserves few years in prison. Computer software is used in the same way, to automate computers to send user's data, process, sell it, profit on it -- and people do not recognize it as crime. But majority of people did not really understand the impact of it, and did not consciously give their powers to software authors. > > I probably have more years than you, so I am aware of the movement > > called "open source" and licking asses of corporations. > "free software" movement is actively endorsing a lot of projects that are > not bootstrappable for many years. This is like a gift for corporations who > can freely exploit your resources. You are free to contribute your knowledge and report issues where appropriate. This list will not be read by them. > > > Does the GNU "free software" definition is protected under some > > > trademark laws? If not than why you blindly assume that everyone > > > should use it as it only please you? > > I don't. I said in this GNU environment, on mailing lists, in > > contributions, in publishing, designations and similar, we strive to > > use proper terminology to express the purposes of free software > > philosophy better, it is voluntarily. > And how you protect your self from internal manipulations? I would not know what is internal manipulation. I have been eating beans and polenta, and something is happening internally, what do you mean? > It's good that you mentioned that,
Re: Truth matters when writing software and selecting leaders
On 3/30/21 7:10 PM, Jean Louis wrote: * Martin [2021-03-30 19:58]: You may, but we don't, as it is vague term. On GNU website, we never use "open source" to refer to free software, as we have to promote freedom. what's your definition of freedom then? For me both cases are not precise and lead to misinterpretations. I don't see the reason to limit my vocabulary from the words you and your organizations simply don't like. But nobody asks you to limit, it is recommendation for every human to be precise how they express themselves. In general, free software is free as in freedom. Open source in general may be proprietary software, see non-free Debian open source repository, it is full of proprietary software that is open source. It is vague. What kind of free in freedom you see in GNU binary seeds that are not bootstrappable? Is it really better than Debian open-source drivers for commercial blobs that are isolated in different repository disabled by default to fulfill the DFSG requirements? I probably have more years than you, so I am aware of the movement called "open source" and licking asses of corporations. "free software" movement is actively endorsing a lot of projects that are not bootstrappable for many years. This is like a gift for corporations who can freely exploit your resources. Does the GNU "free software" definition is protected under some trademark laws? If not than why you blindly assume that everyone should use it as it only please you? I don't. I said in this GNU environment, on mailing lists, in contributions, in publishing, designations and similar, we strive to use proper terminology to express the purposes of free software philosophy better, it is voluntarily. And how you protect your self from internal manipulations? Not so long time ago a person who was able to use text editor or any simple applications in the first computers were considered as advanced user. Actually, the other way around. First micro computer users were assembling their micro computer at home, later programming it as there was no software available. Using editors and if not editors, then interactive editing environments such as BASIC shell, LOGO shell, including assembly, machine language, that was daily routine for the end users back then. It's good that you mentioned that, because in the beginning actually everything was bootstrappable, and nowadays almost nothing - how bizarre is our evolution of freedom. In the early internet years people were putting in their Resume abilities of using web browsers, etc. Nowadays almost every end user is verifying PGP signatures, it's not a rocket science anymore. People are sand-boxing many layers of their working environments, using chroots, jails, containers, various virtualization, etc. You speak of developers, they are now many, but not proportionally many as in early years of micro computing era, since about begin of 1980. Number of developers is today so much less proportionally to number of computers - we are under developed in 2021. Sorry, what you mention is not what end users are. I meet end users every day, they use computers for DVD, movies and music, sharing files by using USB, some of them know how to write a letter, and some will even make a presentation. That is largest majority of computer end users. What you are talking about? No one is using DVD anymore. DVD has died like floppy disks many years ago. Today end users mostly are sharing and casting complex streams of media. To setup recording environments people are using very advanced tools for editing, encoding/decoding, encrypting, data synchronizations, backups, etc. Moreover thanks to fintec and cryptocurrency more and more people are paranoic about security, using some external crypto hardware devices, complex signing procedures, etc. Don't forget about IoT gadgets, electric cars, drones, smart homes, 5G, etc. There is a devops profession that fully automate complex pipelines and craft a fully transparent recipes so the end user can just click a button to trigger reproducible-builds, bootstrappability, verification, testing, fuzzing, sanitazing and many other features for their software in some nice CI/CD fashion. > No. Sorry, I do not share opinion that end user is triggering reproducible-builds, and if it is just by click of a button, that end user, without knowledge of underlying software, does not need reproducible build -- as that requires serious knowledge to verify what is going on really. We are all advanced users, so in that term of end user how you mentioned it, I understood it as majority of common computer users. But you speak of developers. Bitcoin HOLDers are more gamblers than advanced users, but yet even they are able to compile from scratch their nodes and verify its reproducible in order to keep as safe as possible their investments. The is a reason why BTC blockchain is considered as the safest public ledger in the world, and why so many people
Re: Truth matters when writing software and selecting leaders
* Martin [2021-03-30 19:58]: > > Instead of open source, we say, free software or free (libre) > > software. > This is absurd, I would never use only "free software" term for the exactly > same reason I'm not using only the word "open-source". You may, but we don't, as it is vague term. On GNU website, we never use "open source" to refer to free software, as we have to promote freedom. Anyway, you cannot change it, I have mentioned already various Spanish, Italian, German speaking countries, free software movement is there, it will not change, people of free software movement use "free software" in their speech. Those who like software but do not understand importance of freedom may call it as they want, but that is not helping new people. You maybe deal with all kinds of software, sorry I cannot know what you do. I have asked what software you relate to, to show me some hyperlinks. > For me both cases are not precise and lead to misinterpretations. I > don't see the reason to limit my vocabulary from the words you and > your organizations simply don't like. But nobody asks you to limit, it is recommendation for every human to be precise how they express themselves. In general, free software is free as in freedom. Open source in general may be proprietary software, see non-free Debian open source repository, it is full of proprietary software that is open source. It is vague. It is thus obvious that people use non-free software under umbrella of free software. GNU Free Software OS-es do not use vague terminology. It is how it is, it is decision of the group and individuals in the group to make things straight. > If you don't understand the context of using terms like "open" or > "open-source" you can just ask for more details. I probably have more years than you, so I am aware of the movement called "open source" and licking asses of corporations. > What if any freeware vendors start to use "free software" term to > promote their commercial products, how you plan to stop them from > doing it? I could not care less. People are free to make their new terms in new contexts. We use it in the context of freedom. There is no need to discuss hypothetical situations, they are not real. > Does the GNU "free software" definition is protected under some > trademark laws? If not than why you blindly assume that everyone > should use it as it only please you? I don't. I said in this GNU environment, on mailing lists, in contributions, in publishing, designations and similar, we strive to use proper terminology to express the purposes of free software philosophy better, it is voluntarily. > > Those who install their systems themselves are for me advanced > > users. They will hardly go for reproducible builds. If somebody is > > downloading few gigabytes of binaries to install on computer, that > > somebody will most probably, in the majority of this group of advanced > > users, never verify any sources. Hashes and PGP signatures may be > > verified automatically by the system package manager. > > > > There will be those who are responsible for security of data and may > > like to verify distributions or make their own, those will be doing > > verification checks. This group does not belong to group of end users. > Not so long time ago a person who was able to use text editor or any simple > applications in the first computers were considered as advanced > user. Actually, the other way around. First micro computer users were assembling their micro computer at home, later programming it as there was no software available. Using editors and if not editors, then interactive editing environments such as BASIC shell, LOGO shell, including assembly, machine language, that was daily routine for the end users back then. Today, end users mostly using computers for multi-media, and some of them edit text, that is now, not back then, considered advanced. We are underdeveloped in 2021. > In the early internet years people were putting in their Resume > abilities of using web browsers, etc. Nowadays almost every end user > is verifying PGP signatures, it's not a rocket science > anymore. People are sand-boxing many layers of their working > environments, using chroots, jails, containers, various > virtualization, etc. You speak of developers, they are now many, but not proportionally many as in early years of micro computing era, since about begin of 1980. Number of developers is today so much less proportionally to number of computers - we are under developed in 2021. Sorry, what you mention is not what end users are. I meet end users every day, they use computers for DVD, movies and music, sharing files by using USB, some of them know how to write a letter, and some will even make a presentation. That is largest majority of computer end users. > There is a devops profession that fully automate complex pipelines > and craft a fully transparent recipes so the end user can just click > a button to trigger repr
Re: Truth matters when writing software and selecting leaders
On 3/30/21 1:38 PM, Jean Louis wrote: * Martin [2021-03-30 15:51]: This kind of stories also have some pros. That time Jabber/XMPP network was getting big "free" promotion from Facebook, Google, etc. Nowadays I'm still using Jabber/XMPP and I have zero interest of having fb, g+, etc. I don't remember that neither Google nor Facebook advertised XMPP, they did not use directly that term. It was a hidden feature to a degree. I would be definitely contacting Google and Facebook users would they have XMPP today. So I would not contribute promotion of XMPP to them, and I am not sure if XMPP became more popular due to them. The promotion of XMPP was not coming only from the official advertising campaigns but also from many technical blogs, podcasts and various other media noises partially sponsored by Google/Facebook. You cannot just ignore that facts but anyway for me XMPP is really one of the best p2p communication system till these days. To really face the modern threats I would just use a term like: "clean open-source, reproducible, bootrstrappable, secure and free software". It's long but at least it explicitly describe what it is about without any confusion. In that sense you minimize the meaning of "free software", as if you use "open source" it means that maybe it is open source, but also free of charge -- so there is no definite information that you actually deal with free software as in liberty. I don't agree with you. For me still "free software" doesn't explicitly state that the source should be open and even the hidden "freedom" element included in the definition is not precise enough to strictly require from the code to be open as I've explained multiple times in my previous mails. I agree though that open-source code could be released under many non ethical licenses vulnerable to patent trolling, etc but together with "free" word it actually maximize the meaning of my proposed long new term. What would mean "Clean"? I don't know. If you wish to avoid confusion simple refer by hyperlink to definition of free software: https://www.gnu.org/philosophy/free-sw.html Open source definition misses the point: https://www.gnu.org/philosophy/open-source-misses-the-point.en.html Please avoid using the term “open” or “open source” as a substitute for “free software.” https://www.gnu.org/philosophy/words-to-avoid.html#Open The above links are the main source of confusion. Instead of redefine basic words, creating blacklist of common synonyms and brainwashing people from their intuitions it would be better to CLEAN finally that mess and Keep It Simple S...? Please avoid using the term “open” or “open source” as a substitute for “free software.” Those terms refer to a different set of views based on different values. The free software movement campaigns for your freedom in your computing, as a matter of justice. The open source non-movement does not campaign for anything in this way. When referring to the open source views, it's correct to use that name, but please do not use that term when talking about us, our software, or our views—that leads people to suppose our views are similar to theirs. Instead of open source, we say, free software or free (libre) software. This is absurd, I would never use only "free software" term for the exactly same reason I'm not using only the word "open-source". For me both cases are not precise and lead to misinterpretations. I don't see the reason to limit my vocabulary from the words you and your organizations simply don't like. If you don't understand the context of using terms like "open" or "open-source" you can just ask for more details. What if any freeware vendors start to use "free software" term to promote their commercial products, how you plan to stop them from doing it? Does the GNU "free software" definition is protected under some trademark laws? If not than why you blindly assume that everyone should use it as it only please you? Yes, that was ironical. Any word may be misunderstood, but we shall not change our words to accommodate people who lack certain levels of education. Are you saying that the inventor of "free software" term was badly educated?. Those who install their systems themselves are for me advanced users. They will hardly go for reproducible builds. If somebody is downloading few gigabytes of binaries to install on computer, that somebody will most probably, in the majority of this group of advanced users, never verify any sources. Hashes and PGP signatures may be verified automatically by the system package manager. There will be those who are responsible for security of data and may like to verify distributions or make their own, those will be doing verification checks. This group does not belong to group of end users. Not so long time ago a person who was able to use text editor or any simple applications in the first computers were considered as advanced user. In the early internet years peopl
Re: Truth matters when writing software and selecting leaders
On 3/30/21 12:58 PM, Martin wrote: > Nowadays almost every end user is verifying PGP signatures, it's not a > rocket science anymore. no they aren't and it is not rocket science, it is just poorly designed and worstly implimented.
Re: Truth matters when writing software and selecting leaders
On 3/29/21 12:26 PM, Jean Louis wrote: * Martin [2021-03-29 13:57]: From the paragraph above, I can see you did not get the difference between the free software and open souce. And your analogy is not right. You mentioned price not freedom. I know that gnu definition and in general I'm on your site here, but unfortunately besides us and other small groups of geeks the "free software" term just sounds too general in my opinion. People in supermarkets while choosing some free stuffs in promotions usually are not thinking about freedom. Besides freeware software like facebook (with all its network, cloud services, etc) gives you also some kind of freedom of socializing with other ppl in their platform. In general facebook is not only about price, they control almost every aspect of human lives around the globe including people who are not using their apps directly. Some random person by just reading the gnu header that "free software is better than open-source" could easily misinterpret it as facebook being not so bad only because it's not open-source. We use the word "free software" to clearly refer to freedom, we may use words such as libre software to refer to freedom. Libre is just more blurred spanish, french,... translation of the word "free" redefined by GNU. So the core issue with this confusing term is still not resolved. We do not use "open source" as that is vague term, and does not necessarily mean "free software". The distinction is more and more important today. Ironically the word "free" is much more vague then "open-source". The problem I mentioned above is that "free software" unfortunately could also mean freeware for too many people who are not professional English linguists nor IT specialists. Moreover definition of "free software" is not mentioning about importance of https://reproducible-builds.org/ nor http://bootstrappable.org/ which should be in the highest priority for any RMS/FSF/GNU/Free organization to finally address pathological issues like: https://gcc.gnu.org/legacy-ml/gcc/2007-11/msg00091.html
Re: Truth matters when writing software and selecting leaders
On 3/30/21 9:10 AM, Jean Louis wrote: * Martin [2021-03-30 11:07]: On 3/29/21 12:26 PM, Jean Louis wrote: I do not think that Facebook is freeware software, it is cloud service provider. There are Facebook applications and messengers, maybe you mean those? See: https://en.wikipedia.org/wiki/Freeware Look, even a prison gives you some kind of a freedom to sit in the cell and associate with other prisoners, within specific boundaries. So the freedom in Facebook is there, it is just within prison walls. For example, if you wish to get contacted by somebody who is not FB-prisoner, you must invite free citizen to become FB-prisoner to enter prison walls, as only from inside you can talk to each other. Exactly this is also one of the reason why the world "freedom" is not any better than "free". Even if we would decide to use "freedom software" instead of "free software" the core issue would be similar. Both terms are very not precise for nowadays realities. Back in past, it was possible, and I remember doing so. I have been using Jabber network and I could freely contact Google Plus users through Jabber network and I could freely contact Facebook users through Jabber/XMPP network. It was possible to send email to Facebook friend without being Facebook user or having Facebook account, they would answer in their inbox to such email, and you would get reply. Today it is not possible. This kind of stories also have some pros. That time Jabber/XMPP network was getting big "free" promotion from Facebook, Google, etc. Nowadays I'm still using Jabber/XMPP and I have zero interest of having fb, g+, etc. I get it, that is how you misinterpreted it. Well, Facebook is not free software, it is online service, and social network. Applications made by Facebook are free software. Facebook has also big impact of the web evolution in general. Together with Google, MS, Amazon, etc they are creating web prisons heavily obfuscated with their javascript trash. It's almost impossible to browse modern websites (their "free" applications) in pure GNU "free software" environments. You are free to introduce any new words into English or any other language. Why not? Is there a law forbidding that? Languages are changing throughout the centuries, the word "Libre" is today English word and it has its special definition for software. To really face the modern threats I would just use a term like: "clean open-source, reproducible, bootrstrappable, secure and free software". It's long but at least it explicitly describe what it is about without any confusion. The problem I mentioned above is that "free software" unfortunately could also mean freeware for too many people who are not professional English linguists nor IT specialists. That is right, for people on lower literacy level it can mean anything, including "freeze". For children it may mean just nothing. The word "free" is definitely one of most common words in English. As I said, if there is any confusion, that means person did not verify the context where word is used. You could say exactly the same about the word "open-source". It's very common nowadays and "...if there is any confusion, that means person did not verify the context where word is used." Reproducible build of software is not related to class of software. While it does seem important, it is more hypothetical rather than practical. End user usually does not have enough knowledge to verify software, regardless of all the PGP keys and hashes. Verification is more for group of people skilled in security. Even they will make grave mistakes. For example they could be downloading software from a mirror and verify PGP signatures and hashes that have been published on a mirror, but would not maybe verify original PGP signatures and original hashes. Some people may be tricked with domain names. Reproducible builds are far far from practical users' data security. Guix is doing well in that direction. All that is not related to free software definition. The precursor and the current leader of reproducible-builds efforts is still the Debian project. It's not hypothetical effort anymore, there are more and more serious and big projects where this concept is used in practice, i.e.: Bitcoin, Guix, Coreboot, etc. The biggest benefit for the end user is the possibility to easily reproduce their source code and verify its compiled binaries with the whole community who is using it. This is so far the only way to fight against "Volkswagen emissions scandal" cases, where compromised dev environments could inject any malicious code to our "free software". I agree that software should be boostrappable from software that one can understand and inspect. But that is for many software today not so. Example is Haskell compiler that can only be compiled with previous Haskell compiler. I have tried my best to compile it fully from original source, but pieces of information are missing and it was not practically pos
Re: Truth matters when writing software and selecting leaders
* Martin [2021-03-30 15:51]: > This kind of stories also have some pros. That time Jabber/XMPP network was > getting big "free" promotion from Facebook, Google, etc. Nowadays I'm still > using Jabber/XMPP and I have zero interest of having fb, g+, etc. I don't remember that neither Google nor Facebook advertised XMPP, they did not use directly that term. It was a hidden feature to a degree. I would be definitely contacting Google and Facebook users would they have XMPP today. So I would not contribute promotion of XMPP to them, and I am not sure if XMPP became more popular due to them. > Facebook has also big impact of the web evolution in > general. Together with Google, MS, Amazon, etc they are creating web > prisons heavily obfuscated with their JavaScript trash. It's almost > impossible to browse modern websites (their "free" applications) in > pure GNU "free software" environments. How I see that impact, governments took about 10-15 years delay to act on abuses of people's information. Today US courts are heavily punishing Facebook, maybe other similar too, for past abuses and tracking of user information without consent. Europe has enacted similar laws and Facebook and Google are pretty much protesting. Following that observation it will be quite possible to enslave half of the world digitally but also medically, until governments start reacting and observing that human rights are in danger. That is why right time for outcries and protests is now. Not later. > > You are free to introduce any new words into English or any other > > language. Why not? Is there a law forbidding that? Languages are > > changing throughout the centuries, the word "Libre" is today English > > word and it has its special definition for software. > To really face the modern threats I would just use a term like: "clean > open-source, reproducible, bootrstrappable, secure and free software". It's > long but at least it explicitly describe what it is about without any > confusion. In that sense you minimize the meaning of "free software", as if you use "open source" it means that maybe it is open source, but also free of charge -- so there is no definite information that you actually deal with free software as in liberty. What would mean "Clean"? I don't know. If you wish to avoid confusion simple refer by hyperlink to definition of free software: https://www.gnu.org/philosophy/free-sw.html Open source definition misses the point: https://www.gnu.org/philosophy/open-source-misses-the-point.en.html Please avoid using the term “open” or “open source” as a substitute for “free software.” https://www.gnu.org/philosophy/words-to-avoid.html#Open Please avoid using the term “open” or “open source” as a substitute for “free software.” Those terms refer to a different set of views based on different values. The free software movement campaigns for your freedom in your computing, as a matter of justice. The open source non-movement does not campaign for anything in this way. When referring to the open source views, it's correct to use that name, but please do not use that term when talking about us, our software, or our views—that leads people to suppose our views are similar to theirs. Instead of open source, we say, free software or free (libre) software. Me, as user of fully free software distribution, I will install exclusively those which are FSF endorsed, as there is good and better certainty that my environment is free software. https://www.gnu.org/distros/free-distros.html What software is the software you have to distribute? > > > The problem I mentioned above is that "free software" unfortunately > > > could also mean freeware for too many people who are not > > > professional English linguists nor IT specialists. > > That is right, for people on lower literacy level it can mean > > anything, including "freeze". For children it may mean just > > nothing. The word "free" is definitely one of most common words in > > English. As I said, if there is any confusion, that means person did > > not verify the context where word is used. > You could say exactly the same about the word "open-source". It's very > common nowadays and "...if there is any confusion, that means person did not > verify the context where word is used." Yes, that was ironical. Any word may be misunderstood, but we shall not change our words to accommodate people who lack certain levels of education. > The precursor and the current leader of reproducible-builds efforts is still > the Debian project. It's not hypothetical effort anymore, there are more and > more serious and big projects where this concept is used in practice, i.e.: > Bitcoin, Guix, Coreboot, etc. The biggest benefit for the end user is the > possibility to easily reproduce their source code and verify its compiled > binaries with the whole community who is using it. This is so far the only > way to fight against "Volkswagen emissions scandal" cases, where compromised >
Re: Truth matters when writing software and selecting leaders
* Martin [2021-03-30 11:07]: > On 3/29/21 12:26 PM, Jean Louis wrote: > > * Martin [2021-03-29 13:57]: > > From the paragraph above, I can see you did not get the difference > > between the free software and open source. And your analogy is not > > right. You mentioned price not freedom. > I know that gnu definition and in general I'm on your site here, but > unfortunately besides us and other small groups of geeks the "free software" > term just sounds too general in my opinion. To me not. I also speak German, Freie Software does not sound ambiguous, I speak Italian, software libero does not sound ambiguous, I believe it is same in Spanish, those are large countries with a lot of population and free software movement is present there. In my opinion "free software" is so much more specific than "open source", but you have different opinion. Note that the word "free" in English in the first place in every dictionary refers to freedom rather than price. > People in supermarkets while choosing some free stuffs in promotions > usually are not thinking about freedom. Besides freeware software > like Facebook (with all its network, cloud services, etc) gives you > also some kind of freedom of socializing with other ppl in their > platform. I do not think that Facebook is freeware software, it is cloud service provider. There are Facebook applications and messengers, maybe you mean those? See: https://en.wikipedia.org/wiki/Freeware Look, even a prison gives you some kind of a freedom to sit in the cell and associate with other prisoners, within specific boundaries. So the freedom in Facebook is there, it is just within prison walls. For example, if you wish to get contacted by somebody who is not FB-prisoner, you must invite free citizen to become FB-prisoner to enter prison walls, as only from inside you can talk to each other. By contrast, if you have a phone number anywhere in the world issued by any phone provider, people can call you from other countries regardless which network provider they have. A citizen of United States may be called freely from Germany, regardless of their network providers. You cannot become member of Reddit and be able to contact Facebook members directly. Those are network providers who do not cooperate between each others as they earn money by selling your face and your private information to advertising companies. They do not want, or so they think, to dilute their customer base and connect with other networks. Back in past, it was possible, and I remember doing so. I have been using Jabber network and I could freely contact Google Plus users through Jabber network and I could freely contact Facebook users through Jabber/XMPP network. It was possible to send email to Facebook friend without being Facebook user or having Facebook account, they would answer in their inbox to such email, and you would get reply. Today it is not possible. Walls are narrower and narrower. You Facebook friends have their contact information, but you cannot easily export that contact information, find their email address or similar, Facebook made it hard. They are master trader of human emotions. They blackmail you as Facebook used (not user), with emotions of loss of contacts to your friends and family. That in itself is such terrible social injustice and oppression. Simple rules: 1. Keep your address book on your own computer or phone. Export it and make regular backups. This way you will never trust third party company and come into situation of losing contacts to your friends and family like it is case with Facebook useds. 2. Never upload your address book to remote offline providers. Think about it this way, if a total stranger come over to you and asks you to give to stranger your address book, would you give it? Most probably the answer is NO. But you can at least see the stranger face to face, there is possibility of actual human talk with stranger, you could ask why you need my address book, and you could find out where stranger lives, what is his number, and so on. With Google, Facebook, do you know anybody at least face to face? They have hundreds of thousands of staff members, many being corrupted. What you think what can happen with your data? > In general Facebook is not only about price, they control almost > every aspect of human lives around the globe including people who > are not using their apps directly. Some random person by just > reading the gnu header that "free software is better than > open-source" could easily misinterpret it as Facebook being not so > bad only because it's not open-source. I get it, that is how you misinterpreted it. Well, Facebook is not free software, it is online service, and social network. Applications made by Facebook are free software. > We use the word "free software" to clearly refer to freedom, we may > use words such as libre software to refer to freedom. Libre is just > more blurred Spani
Dealin with Social Justice Warriors - Re: Truth matters when writing software and selecting leaders
* Kaz Kylheku (gnu-misc-discuss) <936-846-2...@kylheku.com> [2021-03-26 19:02]: > Those incidents could have been "innocent" in the sense that > the person was really just working on their own and actually member > of [FOOBAR group], just with a really oboxious personality and > way of thinking. > > The conspiracy-like theory of mine that I'm referring to is that the > submitter is not actually a member of any [FOOBAR group]. The claim is fake, > used by some nefarious agency to push rogue commits. > > To make it crystal clear, I am not in any way "FOOBAR-phobic" or > whatever. There are two different viewpoints on who is a member of a group: - as a registerd member, like let us say elected, registered, voted, member, somewhere registered in a list; - as a moral member or member by self-deterministic association to a group, motivated by purposes of the group; One may belong to one of the above lists without belonging to other, or may be in both lists. Free software broader community including those people using free software without knowing what it is, was since decades a friendly group, with common issues where majority members, either by self-deterministic association or as registered members -- had goals of being united by what is common to the group, and that was software and activities related to software. When other politics and other subjects which are not common to the broader larger group of people are introduced and focused, that is what causes division, hate, defamations, rumours, and possibly wars in our human society. One good part, maybe one fifth of people participating are turning unconsciously or consciously to the direction where the wind blows, without feeling of repercussion or understanding the outcomes of their actions Thus it is very important to point out those individuals, and not groups, but individuals who are inciting other people to divide, as they benefit or gain to their private probably psychopathic purposes. > Let me articulate the crazy conspiracy theory more precisely: some > nefarious agencies are injecting animosity into free software > communities in order to create disruption which will have the result > of bringing changes into projects, such that the leadership of those > projects becomes more docile and pliable in the face of pressure > from those nefarious agencies. Nefarious agencies could be > corporations, governments (local and foreign), you name it. It is good that you see patterns. We are in matrix as in the movie. Large corporations are backed up by even larger powers who know how to influence the world, create more or less of any subject in the world, they know to press a button Y that will destroy the subject X in foreseeable future. > I think the most level-headed attitude to have is represented in that > "no code of conduct". https://nocodeofconduct.com/ Yes. It is practical, it works well without it. Yet Code of Conduct is like code of basic agreements that relate to specific group, in itself a Code of Conduct can be good thing. Problems come with enforcements and focus on negativities. Both the node code of conduct and code of conduct can be abuse to extremes. Groups attract people that are group alike, with or without code of conduct. A bad group can have a good code of conduct and still engage in activities contrary to their own code of conduct. A no code of conduct can attract both good and bad people whatever good and bad means for the reader. People in groups will attract people similar people to join. Greater problem with those groups maintaining the Code of Conduct is the abuse of power where individuals instead of advising participants, rather start publicly shaming others, accusing, defaming, harassing and that evolves into bullying that is all justified by whatever established code of conducts. It is perversion of authorities, perversion of power and perversion of justice. This kind of people enjoy in doing so as justice is not present in those groups. Rarely somebody will decide to sue the other person for defamation, criminal accusations, and similar. But they should IMHO. Code of conducts are not legally binding to anything. They represent wished behavior by the management of particular organization, but cannot be imposed. The organization or group imposing the code of conduct should put a great care to abide by the law first and foremost. That is the missing part of all of Codes of Conducts. Somebody steps little beyond the Code of Conduct, and then the harassment starts beyond what is considered decent human behavior, incitements to criminal acts and harm to other organizations and other people. Please read: Shawn James, Black Freelance Writer: How to Deal With Social Justice Warriors or SJWs https://shawnsjames.blogspot.com/2017/09/how-to-deal-with-social-justice.html How to deal with SJWs – a conservative’s guide | The Conservative Woman https://www.conservativewoman.co.uk/how-to-deal-with-sjws-a-conservative
Re: Truth matters when writing software and selecting leaders
* Martin [2021-03-29 13:57]: > On 3/28/21 6:47 AM, Jean Louis wrote: > > * shulie [2021-03-27 21:28]: > > > On 3/24/21 10:55 PM, Jacob Bachmeyer wrote: > > > > As I understand, RMS always thought that proprietary software > > > > companies would make some kind of large legal attack on the GNU project, > > > > > > > no - this is just how the extreme left works now. They scream until you > > > agree with them. > > We are here together because of free software, that is where we can > > agree upon that we like it, promote it, it is useful, helps people, > > preserves users freedom and control of their data. > The problem is that everyone define the term "free software" in many > different ways. We speak here on this mailing list in the context of free software as how it is defined on this hyperlink: https://www.gnu.org/philosophy/free-sw.html > Controversial statements like > https://www.gnu.org/philosophy/free-software-for-freedom.en.html > making this issue even more confusing. It may be controversial, but it brings clarification on what is "open source", which is vague ambiguous term, and what is free software. > There are many non ethical open-source licenses and obfuscated codes > but saying that free software is better than open-source in general > is like saying that official facebook app (binary blob available for > free) is better than telegram app (open source client available only > with commercial and centralized backend >From the paragraph above, I can see you did not get the difference between the free software and open souce. And your analogy is not right. You mentioned price not freedom. The word "free" in English has various definitions, in the fist definition it is related to freedom, not price. Free software is free as related to freedom on what users can do with it, not related to price. In fact, you and everybody is encouraged to sell it. People are making millions on sales of free software. * Overview of verb free The verb free has 11 senses (first 8 from tagged texts) 1. (6) free, liberate, release, unloose, unloosen, loose -- (grant freedom to; free from confinement) 2. (3) rid, free, disembarrass -- (relieve from; "Rid the house of pests") 3. (3) dislodge, free -- (remove or force out from a position; "The dentist dislodged the piece of food that had been stuck under my gums"; "He finally could free the legs of the earthquake victim who was buried in the rubble") 4. (1) exempt, relieve, free -- (grant relief or an exemption from a rule or requirement to; "She exempted me from the exam") 5. (1) free, release -- (make (information) available for publication; "release the list with the names of the prisoners") 6. (1) free, discharge -- (free from obligations or duties) 7. (1) free, disengage -- (free or remove obstruction from; "free a path across the cluttered floor") 8. (1) absolve, justify, free -- (let off the hook; "I absolve you from this responsibility") 9. release, relinquish, resign, free, give up -- (part with a possession or right; "I am relinquishing my bedroom to the long-term house guest"; "resign a claim to the throne") 10. release, free, liberate -- (release (gas or energy) as a result of a chemical reaction or physical decomposition) 11. unblock, unfreeze, free, release -- (make (assets) available; "release the holdings in the dictator's bank account") > https://en.wikipedia.org/wiki/Telegram_(software)#Security ). We > need updated, clearer and more explicit definition (not just better > or worst intuitions) of the perfect free, open-source, secure, > reproducible and bootstrappable hardware/software/system that could > unite us again. We use the word "free software" to clearly refer to freedom, we may use words such as libre software to refer to freedom. We do not use "open source" as that is vague term, and does not necessarily mean "free software". The distinction is more and more important today. Companies are publishing software under "open source" licenses, that is not free software, that is proprietary software for this or the other reason. Example is the Debian's non-free software that has sources but is not free software, that is why it is called non-free. > If RMS/FSF/GNU/Free Software go down now, we are defeated and we let > > those corporations control every single citizen on this planet. Well, RMS's one word or event or activity may influence the whole world. That is true. FSF is providing essential financial and technical support to various free software distributions, at least I am so convinced, I do not have the underlying information. It is very hard for FSF to go down for as long as there are supporters and management that properly distribute finances to support distribution of free software. Now, GNU as free software, that is harder to get down, even without the FSF, as everybody is free to replicate the GNU website, and GNU software, but rarely some individual has resources and money enough to do so, larger companies d
Re: Truth matters when writing software and selecting leaders
On 3/28/21 6:47 AM, Jean Louis wrote: * shulie [2021-03-27 21:28]: On 3/24/21 10:55 PM, Jacob Bachmeyer wrote: As I understand, RMS always thought that proprietary software companies would make some kind of large legal attack on the GNU project, no - this is just how the extreme left works now. They scream until you agree with them. We are here together because of free software, that is where we can agree upon that we like it, promote it, it is useful, helps people, preserves users freedom and control of their data. The problem is that everyone define the term "free software" in many different ways. Controversial statements like https://www.gnu.org/philosophy/free-software-for-freedom.en.html making this issue even more confusing. There are many non ethical open-source licenses and obfuscated codes but saying that free software is better than open-source in general is like saying that official facebook app (binary blob available for free) is better than telegram app (open source client available only with commercial and centralized backend https://en.wikipedia.org/wiki/Telegram_(software)#Security ). We need updated, clearer and more explicit definition (not just better or worst intuitions) of the perfect free, open-source, secure, reproducible and bootstrappable hardware/software/system that could unite us again. If RMS/FSF/GNU/Free Software go down now, we are defeated and we let those corporations control every single citizen on this planet. This organizations and individuals are helpful but not crucial. Control of resources never last forever https://www.youtube.com/watch?v=NKkvPxYNh9A
Re: Truth matters when writing software and selecting leaders
* shulie [2021-03-27 21:28]: > On 3/24/21 10:55 PM, Jacob Bachmeyer wrote: > > > > As I understand, RMS always thought that proprietary software > > companies would make some kind of large legal attack on the GNU project, > no - this is just how the extreme left works now. They scream until you > agree with them. We are here together because of free software, that is where we can agree upon that we like it, promote it, it is useful, helps people, preserves users freedom and control of their data. Yes, there can be attacks on GNU, FSF, RMS, free software -- this has been taking on and on for long time, starting with Microsoft, UNIX trademarks, proprietary software companies not respecting GPL, and there are many serious, highly interested corporations that wish to see both FSF and GNU and RMS and decline of free software. There are interests to legally break private encryption, to open up backdoors in encryption. One word of RMS spoken in public is more worth thant 1 people speaking in public related to encryption safety! Those large corporations such as Bill Gates corporation have vested interest in proprietary software! Look just at vaccines, it is multi-billion dollar business run by Bill Gates -- vaccines are proprietary and there may be intention to even implant chips into human bodies. If we fight now for freedom for users to control their data, we are fighting for control of human society in future. If RMS/FSF/GNU/Free Software go down now, we are defeated and we let those corporations control every single citizen on this planet.
Re: Truth matters when writing software and selecting leaders
* shulie [2021-03-27 21:28]: > On 3/24/21 10:13 PM, Akira Urushibata wrote: > > In response to the storm of criticism, the FSF Board has decided to > > vote to determine whether RMS should return to the board. I observe > > that both sides have initiated petition drives > > The FSF just makes itself impotent and irrelevant like this. It needs > to take a stand on due process, tolerance and justice. FSF is already in the process and while I am not in US, I am sure they do consider various public facts, but I think they should not. As letter of support to RMS or letter of absence of support does not change anything, and putting focus on activities that do not support FSF campaigns waste time and effort. The apparent problem could be said with the public image -- but we can observe that many organizations move on with their purposes regardless. In my opinion it is more important to stick to promotion of purposes rather than handling what some people organized on Github. >From legal viewpoint of Articles of Incorporation or By-laws, FSF is not necessarily there to protect or involve itself in public speech, but can do so if they wish. It is there to promote free exchange of software. It does so by supporting GNU and free OS-es. Because the FSF's legal foundation is not well defined it opens door to inclusion of decision making people who may deviate FSF purposes to be something else than what it was meant to be. Jean
Re: Truth matters when writing software and selecting leaders
On 3/24/21 10:55 PM, Jacob Bachmeyer wrote: > > As I understand, RMS always thought that proprietary software > companies would make some kind of large legal attack on the GNU project, no - this is just how the extreme left works now. They scream until you agree with them.
Re: Truth matters when writing software and selecting leaders
On 3/24/21 10:27 PM, DJ Delorie wrote: > The problem with Truth is that there's your Truth, and someone else's > Truth. No, there is ACTUAL truth.
Re: Truth matters when writing software and selecting leaders
On 3/24/21 10:13 PM, Akira Urushibata wrote: > In response to the storm of criticism, the FSF Board has decided to > vote to determine whether RMS should return to the board. I observe > that both sides have initiated petition drives The FSF just makes itself impotent and irrelevant like this. It needs to take a stand on due process, tolerance and justice. The vote should never have hapened and RMS should never had resigned. Let them open a commitee to investigate charges, and hear witnesses through due fair rules, not through petition wars and histerical crying. Until then, RMS should remain in charge of the FSF. And honestly, when real due process is applied, Richard will be COMPLETELY obsolved of any wrong doing. His soul crime in he speaks up, defended his friends, and suffers some emotional disabilities which these "people" exploit to drive him from his lifes work.
Re: Truth matters when writing software and selecting leaders
On 3/24/21 10:55 PM, Jacob Bachmeyer wrote: > That is not to say that I believe a word of them, but can we actually > prove that each one is false? we have already gone through this and it is absolutely false. But you know what... if you can't win, make things up and upend ue process.
Re: Truth matters when writing software and selecting leaders
Kaz Kylheku (gnu-misc-discuss) wrote: On 2021-03-25 18:57, Jacob Bachmeyer wrote: Kaz Kylheku (gnu-misc-discuss) wrote: On 2021-03-24 19:55, Jacob Bachmeyer wrote: [...] I now wonder if we may be seeing a different angle of an attack on the GNU project that RMS did not anticipate. I also have similar suspicions. If you can replace the stewards of free software with meek, emotional weaklings, or fools, you can easily manipulate those projects in whatever direction you see fit. "You must accept this backdoor patch because it's written by a member of a vulnerable, disadvantaged group." If you don't think that's coming, just sit back and watch. I have vague memories of similar incidents having already occurred, although I do not recall exactly what they were. I think they were actually demands for direct commit access, on the grounds that none of the active developers were [insert FOOBAR group name here]. I want to say that the attempts failed, but I am not certain. [...] Those incidents could have been "innocent" in the sense that the person was really just working on their own and actually member of [FOOBAR group], just with a really oboxious personality and way of thinking. The conspiracy-like theory of mine that I'm referring to is that the submitter is not actually a member of any [FOOBAR group]. The claim is fake, used by some nefarious agency to push rogue commits. There was a time when I would call you paranoid for that, but then Snowden (never mind how that guy somehow got a security clearance after publicly stating his intention to leak whatever he could grab -- my tax dollars at work bungling a background check, obviously) dumped a bunch of documents, and even if I still doubt the NSA would go quite that far against the GNU project, I am convinced that there are plenty of foreign agencies that would try it. To make it crystal clear, I am not in any way "FOOBAR-phobic" or whatever. I think I might remember what FOOBAR actually was, but I deliberately replaced it with a placeholder to exclude any question of irrational fears related to any specific group. That strategy will easily work if the project leaders have been replaced by mental/emotional weaklings, by some coup in which the original leaders were displaced for faintly smelling of being resistant to unconditional "inclusivity". You mean like the ousting of Brendan Eich, who had stated in no uncertain terms that Firefox would not support DRM, after which Mozilla reversed that decision? That also ignores the harm that that larger incident has likely done to the cause of transparency in politics, since the activists specifically promised the court that there would be no harassment of the people whose names they wanted revealed, a promise that was quickly shown to be utterly worthless. The next shady group that wants to keep their donor list secret can now point to that case and its aftermath as justification. I'm not even saying anything like that the new project leaders are moles. Basically everyone involved, up to that point, had just been a pawn being played. Let me articulate the crazy conspiracy theory more precisely: some nefarious agencies are injecting animosity into free software communities in order to create disruption which will have the result of bringing changes into projects, such that the leadership of those projects becomes more docile and pliable in the face of pressure from those nefarious agencies. Nefarious agencies could be corporations, governments (local and foreign), you name it. The major problem I have with this is that I do not recall seeing any of the initial disruptions your conspiracy theory posits. The disruption is what causes certain social activists to take notice of free software and become attracted to free software projects in the first place. Can you show such disruptions prior to the arrival of the certain social activists? I suspect that the activists were also the sources of the initial disruptions. This is one of the reasons that they have not gotten very far, as they are simply invaders in every sense and they do not fit amongst us at all. Even the attacks on RMS are predominately based on pressure from outside of our community, although they may expose foolish, cowardly, or deluded members of our community. "Hey there is this world of free software which is really great and powers most of the Internet. But I hear stories about how it's run by volunteers some of whom are bad people. Racists, trans-phobics, defenders of pedophilia and sex trafficking. That's how I even heard about this stuff in the first place, sadly! Well, we can fix that. Gosh, darn it, I'm gonna join one of these projects and do something about it!" The solution here is to refuse to create sinecure positions of any sort and to demand technical competence for technical work. The worst of the social activists, whose only skill is whining, will be effectivel
Re: Truth matters when writing software and selecting leaders
On 2021-03-25 18:57, Jacob Bachmeyer wrote: Kaz Kylheku (gnu-misc-discuss) wrote: On 2021-03-24 19:55, Jacob Bachmeyer wrote: Does there appear to be some form of hidden coordination behind these articles? As I understand, RMS always thought that proprietary software companies would make some kind of large legal attack on the GNU project, so he was very particular about setting up the FSF and arranging for copyrights on many GNU packages to be held by the FSF. If we interpret the SCO mess as that attack, the strategy seems to have worked: SCO did not attack GNU, but instead attempted to attack the Linux kernel project. Ultimately, they failed but I now wonder if we may be seeing a different angle of an attack on the GNU project that RMS did not anticipate. I also have similar suspicions. If you can replace the stewards of free software with meek, emotional weaklings, or fools, you can easily manipulate those projects in whatever direction you see fit. "You must accept this backdoor patch because it's written by a member of a vulnerable, disadvantaged group." If you don't think that's coming, just sit back and watch. I have vague memories of similar incidents having already occurred, although I do not recall exactly what they were. I think they were actually demands for direct commit access, on the grounds that none of the active developers were [insert FOOBAR group name here]. I want to say that the attempts failed, but I am not certain. As a maintainer of a package that I did not write, I expect that I would react very badly to anyone trying to push an obviously defective patch on grounds of personal identity. Those incidents could have been "innocent" in the sense that the person was really just working on their own and actually member of [FOOBAR group], just with a really oboxious personality and way of thinking. The conspiracy-like theory of mine that I'm referring to is that the submitter is not actually a member of any [FOOBAR group]. The claim is fake, used by some nefarious agency to push rogue commits. To make it crystal clear, I am not in any way "FOOBAR-phobic" or whatever. That strategy will easily work if the project leaders have been replaced by mental/emotional weaklings, by some coup in which the original leaders were displaced for faintly smelling of being resistant to unconditional "inclusivity". I'm not even saying anything like that the new project leaders are moles. Basically everyone involved, up to that point, had just been a pawn being played. Let me articulate the crazy conspiracy theory more precisely: some nefarious agencies are injecting animosity into free software communities in order to create disruption which will have the result of bringing changes into projects, such that the leadership of those projects becomes more docile and pliable in the face of pressure from those nefarious agencies. Nefarious agencies could be corporations, governments (local and foreign), you name it. The disruption is what causes certain social activists to take notice of free software and become attracted to free software projects in the first place. "Hey there is this world of free software which is really great and powers most of the Internet. But I hear stories about how it's run by volunteers some of whom are bad people. Racists, trans-phobics, defenders of pedophilia and sex trafficking. That's how I even heard about this stuff in the first place, sadly! Well, we can fix that. Gosh, darn it, I'm gonna join one of these projects and do something about it!" Think of the analogy of smearing something with blood to attract predators. I think the most level-headed attitude to have is represented in that "no code of conduct". https://nocodeofconduct.com/ Projects must put up a barrier against allowing manipulation via irrelevant politics. All decisions must be purely technical. Nobody must be allowed to manipulate technical decisions, like what software changes are approved, by means of gender identity politics, race or anything else. This is necessary for software security and the survival of free software as such.
Re: Truth matters when writing software and selecting leaders
Kaz Kylheku (gnu-misc-discuss) wrote: RMS didn't like "they" used as a singular, due to issues such as a ambiguities of reference (is the antecedent the two people mentioned, or just the latter?) He invented gender-neutral pronouns and uses them. Those pronouns carry no indication of someone's biological gender or sexual identity. RMS's preferred-use pronoun "person" is not his own invention; it was used in a book that (ambiguously) depicted a future androgynous utopia. (Was the utopia a vision of a future or just the viewpoint character's hallucination?) I have objected to it previously on the grounds that the possessive form "per" is also a preposition in English and its use in both roles makes text difficult to read, although I admit that I have yet to find an instance where it introduces an unresolvable ambiguity. In the end, I am fine with it as a quirk of RMS's own speech and writing, but I do push to keep it and other invented pronouns out of GNU project documents and policy statements, where they could be stumbling blocks for readers for whom English is a second (or third or fourth or ...) language. One's name is a very important asset; when you sign it under a document which contains lies, without being deceived or coerced, you severely tarnish that asset. Some people do not seem to have that concept or any notion of honor at all other than a means to manipulate others who do have those. -- Jacob
Re: Truth matters when writing software and selecting leaders
Kaz Kylheku (gnu-misc-discuss) wrote: On 2021-03-24 19:55, Jacob Bachmeyer wrote: Does there appear to be some form of hidden coordination behind these articles? As I understand, RMS always thought that proprietary software companies would make some kind of large legal attack on the GNU project, so he was very particular about setting up the FSF and arranging for copyrights on many GNU packages to be held by the FSF. If we interpret the SCO mess as that attack, the strategy seems to have worked: SCO did not attack GNU, but instead attempted to attack the Linux kernel project. Ultimately, they failed but I now wonder if we may be seeing a different angle of an attack on the GNU project that RMS did not anticipate. I also have similar suspicions. If you can replace the stewards of free software with meek, emotional weaklings, or fools, you can easily manipulate those projects in whatever direction you see fit. "You must accept this backdoor patch because it's written by a member of a vulnerable, disadvantaged group." If you don't think that's coming, just sit back and watch. I have vague memories of similar incidents having already occurred, although I do not recall exactly what they were. I think they were actually demands for direct commit access, on the grounds that none of the active developers were [insert FOOBAR group name here]. I want to say that the attempts failed, but I am not certain. As a maintainer of a package that I did not write, I expect that I would react very badly to anyone trying to push an obviously defective patch on grounds of personal identity. -- Jacob
Fact: RMS is innocent - how to complain - Re: Truth matters when writing software and selecting leaders
The public boycotting with purpose to defame RMS is posted on Github: https://github.com/rms-open-letter/rms-open-letter.github.io PLEASE COMPLAIN and express your resentment to Github by reporting hate speech, discrimination, bullying and harassment on Github at this page: GitHub Support https://support.github.com/contact/report-abuse?category=report-abuse&report=other&report_type=unspecified Because Github is Microsoft organization with a clear set of community guidelines: https://docs.github.com/en/github/site-policy/github-community-guidelines Quote: == Hate speech and discrimination While it is not forbidden to broach topics such as age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation, we do not tolerate speech that attacks a person or group of people on the basis of who they are. Just realize that when approached in an aggressive or insulting manner, these (and other) sensitive topics can make others feel unwelcome, or perhaps even unsafe. While there's always the potential for misunderstandings, we expect our community members to remain respectful and civil when discussing sensitive topics. Bullying and harassment We do not tolerate bullying or harassment. This means any habitual badgering or intimidation targeted at a specific person or group of people. In general, if your actions are unwanted and you continue to engage in them, there's a good chance you are headed into bullying or harassment territory.
Fact: RMS is innocent - Re: Truth matters when writing software and selecting leaders
* Kaz Kylheku (gnu-misc-discuss) <936-846-2...@kylheku.com> [2021-03-25 15:35]: > On 2021-03-24 19:13, Akira Urushibata wrote: > > Richard Stallman recently announced at LibrePlanet that he would > > return to the FSF board. Soon after this announcement, many articles > > appeared online stating strong objection to his return. > > > > I have read several of them and I do not like what I see. > > I see lies. For instance: In fact, boycotters needs some intellect to negatively present positive statements, and they need to know how to express their words so that they "kick in" at casual observers, readers who never examine the facts. It is good to stick to a fact that RMS is innocent and was never accused of anything. > "RMS has spent years on a campaign against using people’s correct > pronouns. This is poorly disguised transphobia. [...] > The main page on his web site includes the statement that > “‘They’ is plural — for singular antecedents, use singular > gender-neutral pronouns.”" > > [https://rms-open-letter.github.io/appendix] Yes, I see that very positive influence on society, but now Molly White, does not like it and tries to construe something negative out of it. > But the references given completely contradict this claim. > Did they not read the material, one has to wonder. It is easy. Malicious intent. Personal hate. Hate mongering. > RMS didn't like "they" used as a singular, due to issues such > as a ambiguities of reference (is the antecedent the two people > mentioned, or just the latter?) He invented gender-neutral pronouns > and uses them. Those pronouns carry no indication of someone's > biological gender or sexual identity. Of course, but trying to defend a fact against malicious intent will result with another false fact being presented. Insane psychopatic social justice warriors do not act by reason. > The individuals and organizations who signed the petitition added > their names under a letter that contains or references bare-faced > lies. Everybody is free to believe what they want, and sign any letters they want. That speaks for them and their own behavior. To better understand the nature of social justice warriors, here is the reference: https://www.deviantart.com/aristodes/art/50-Reasons-why-SJWs-Suck-575496053 Jean
Re: Truth matters when writing software and selecting leaders
On 2021-03-24 19:55, Jacob Bachmeyer wrote: Does there appear to be some form of hidden coordination behind these articles? As I understand, RMS always thought that proprietary software companies would make some kind of large legal attack on the GNU project, so he was very particular about setting up the FSF and arranging for copyrights on many GNU packages to be held by the FSF. If we interpret the SCO mess as that attack, the strategy seems to have worked: SCO did not attack GNU, but instead attempted to attack the Linux kernel project. Ultimately, they failed but I now wonder if we may be seeing a different angle of an attack on the GNU project that RMS did not anticipate. I also have similar suspicions. If you can replace the stewards of free software with meek, emotional weaklings, or fools, you can easily manipulate those projects in whatever direction you see fit. "You must accept this backdoor patch because it's written by a member of a vulnerable, disadvantaged group." If you don't think that's coming, just sit back and watch.
Re: Truth matters when writing software and selecting leaders
RMS is innocent and did not do anything illegal. * Akira Urushibata [2021-03-25 14:45]: > If the FSF Board votes soon on whether RMS should be reinstalled, > gives into outside pressure and decides to keep him out, the world > would interpret this as endorsement of the widespread view that > RMS "defended" Jeffrey Epstein. Those are not widespread views, maybe widespread negative propaganda; outside of scope of any reality. What we have at hand is "cancel culture" - https://en.wikipedia.org/wiki/Cancel_culture In other words, we are not in 21st century, we are in middle ages, just that boycotters are afraid to get arrest, that is why they don't stone the victims, in this example RMS. Boycotting Stallman without evidences? That is in most countries illegal, but somehow tolerated by RMS, as he is good hearted person. It is very easy to write such open letters, and also organize leads lists, like to have people "sign the cause", that is very easy. But those people, none of them, they have never verified the facts. For me personally is unbelievable that programmers who are meant to be logical, truth seeking individuals, can easily be mislead and turn against a friend, as RMS is a friend to all of them, by anything he did and is doing for society in the context of free software. > Now the individuals on the Board may make their decisions on other > grounds, but I am afraid many people are not going to pay attention. I would say who cares? FSF has to do and continue its purpose, that is what matters. > Why would anyone defend a pedophile? The most likely reason: > because he (or she) is a pedophile too. One need either sufficient gullibility or lack of ability to differentiate, to believe that RMS ever defended any criminals. His viewpoints are personal and his intellect over those who misjudge his talks. Finally, for talking he is stoned in public. What a nonsense. It looks as targeted organized attack, as I can see taking his statements out of context became a dear hobby for some of social justice warriors. > I believe many of you have photos with RMS posing beside. Think > well how they will play in the hands of your adversaries. Pity I don't have it. I think that open letter is written by highle insane and dangerous psychopat(s), would they be given opportunity, they would go after somebody's life. RMS is innocent and did not do anything illegal. RMS is to be supported in his efforts to improve society. I am not sure if this subject belongs to this mailing list. Jean
Re: Truth matters when writing software and selecting leaders
On 2021-03-24 19:13, Akira Urushibata wrote: Richard Stallman recently announced at LibrePlanet that he would return to the FSF board. Soon after this announcement, many articles appeared online stating strong objection to his return. I have read several of them and I do not like what I see. I see lies. For instance: "RMS has spent years on a campaign against using people’s correct pronouns. This is poorly disguised transphobia. [...] The main page on his web site includes the statement that “‘They’ is plural — for singular antecedents, use singular gender-neutral pronouns.”" [https://rms-open-letter.github.io/appendix] But the references given completely contradict this claim. Did they not read the material, one has to wonder. RMS didn't like "they" used as a singular, due to issues such as a ambiguities of reference (is the antecedent the two people mentioned, or just the latter?) He invented gender-neutral pronouns and uses them. Those pronouns carry no indication of someone's biological gender or sexual identity. This shows that RMS cares about the issue and has put in more effort into respectful communication than many an editor of a random LGBTQ newsletter. The individuals and organizations who signed the petitition added their names under a letter that contains or references bare-faced lies. I don't understand why anyone would do that, even if they support the removal for some other reasons which seem valid to per. One's name is a very important asset; when you sign it under a document which contains lies, without being deceived or coerced, you severely tarnish that asset.
Re: Truth matters when writing software and selecting leaders
If the FSF Board votes soon on whether RMS should be reinstalled, gives into outside pressure and decides to keep him out, the world would interpret this as endorsement of the widespread view that RMS "defended" Jeffrey Epstein. Now the individuals on the Board may make their decisions on other grounds, but I am afraid many people are not going to pay attention. Why would anyone defend a pedophile? The most likely reason: because he (or she) is a pedophile too. I believe many of you have photos with RMS posing beside. Think well how they will play in the hands of your adversaries.
Re: Truth matters when writing software and selecting leaders
* Jacob Bachmeyer [2021-03-25 05:58]: > Akira Urushibata wrote: > > Richard Stallman recently announced at LibrePlanet that he would > > return to the FSF board. Soon after this announcement, many articles > > appeared online stating strong objection to his return. > > Does there appear to be some form of hidden coordination behind these > articles? Any larger media organizations works by using keywords. They keep files and have directions on how to write about the specific keyword. Direction may say when keyword ABC appears, you have to mention XYZ and GHJ keywords. They know how to sell their stuff. They repeat what makes flames. If I remember well blood is somewhere on first place, then comes sex, but I forgot the major 4 subjects that "sell". Directions are political more or less. Journalists in a specific organization are not free to say what they really want, they comply to directions of an organization. It is not a single employed journalist that has full freedom of speech, it is the organization. Directions can be political and could be orchestrated and coordinated by their source or origin, not necessarily by the organizational's director. The source or origin may be well planned so that future coordination appears random. When keyword like RMS appears anywhere in media, they just do their drill. > As I understand, RMS always thought that proprietary software companies > would make some kind of large legal attack on the GNU project, so he was > very particular about setting up the FSF and arranging for copyrights on > many GNU packages to be held by the FSF. Exactly, and those attacks are taking place from time to time, including GPL violations. It is just that respons is mild and friendly with purpose to create more free software. My opinion is that focus for FSF is mainly on their well established purposes, on what really matters and focus to defend or resolve various public opinions is of low priority.
Re: Truth matters when writing software and selecting leaders
* Akira Urushibata [2021-03-25 05:14]: > Richard Stallman recently announced at LibrePlanet that he would > return to the FSF board. Soon after this announcement, many articles > appeared online stating strong objection to his return. > > I have read several of them and I do not like what I see. Repeatedly > I encounter the false claim that RMS "defended" Jeffrey Epstein. > I also see voices which criticize RMS employing vague terms such as > "bad behavior" which those not properly informed would interpret as > being fond of Epstein and antagonistic toward women who fall victim to > sexual exploitation. Many websites earn from their visitors, sales of advertising, and any famous names are quickly picked up and replicated with intention to draw few more dollars. Some websites are politically oriented, and may support causes that are opposite to free software movement. And then we have some websites run by people who never look into any facts and support their own whatever view points on the world. > In response to the storm of criticism, the FSF Board has decided to > vote to determine whether RMS should return to the board. I observe > that both sides have initiated petition drives: > > https://github.com/KenjiBrown/rms-open-letter.github.io/blob/main/index.md Nice. I just don't get it why that has to be published on Github, people don't know any more how to open up their own websites? > In my opinion the FSF leaders are not doing things in the right order. > First they should make an official statement saying that there are > serious errors in recent news articles. One has to understand the nature of a friendly foundation that supports control of users over their data. Regardless of the money available, do they want to use money on correcting numerous statements online or forwarding their cause? There is freedom of expression, too many times FSF and GNU, RMS and related parties do not make much of a reaction on online reactions, but just keep forwarding their cause. Putting focus on what really matters, not on what were reactions is a virtue. > They should also consider legal action. The decision whether RMS > belongs on the FSF Board should wait until those who are spreading > misinformation are brought to justice. What you describe is possible, legal actions are possible, but as I said forwarding their cause to promote free software, helping distributions spread free software is what really matters. Each party has to put priorities in their activities. Another issue can be that FSF does not know nothing about those articles, and that they maybe don't read this mailing list, so if you think they should know about it, just write directly to FSF or RMS and notify them.
Re: Truth matters when writing software and selecting leaders
Akira Urushibata wrote: Richard Stallman recently announced at LibrePlanet that he would return to the FSF board. Soon after this announcement, many articles appeared online stating strong objection to his return. Does there appear to be some form of hidden coordination behind these articles? As I understand, RMS always thought that proprietary software companies would make some kind of large legal attack on the GNU project, so he was very particular about setting up the FSF and arranging for copyrights on many GNU packages to be held by the FSF. If we interpret the SCO mess as that attack, the strategy seems to have worked: SCO did not attack GNU, but instead attempted to attack the Linux kernel project. Ultimately, they failed but I now wonder if we may be seeing a different angle of an attack on the GNU project that RMS did not anticipate. I have read several of them and I do not like what I see. Repeatedly I encounter the false claim that RMS "defended" Jeffrey Epstein. I also see voices which criticize RMS employing vague terms such as "bad behavior" which those not properly informed would interpret as being fond of Epstein and antagonistic toward women who fall victim to sexual exploitation. Do we have properly documented refutations of these claims? That is not to say that I believe a word of them, but can we actually prove that each one is false? As in refuting "RMS said X at ABC" with "no, RMS actually said Y at ABC; Y != X", ideally with video of RMS saying Y at ABC? In response to the storm of criticism, the FSF Board has decided to vote to determine whether RMS should return to the board. I observe that both sides have initiated petition drives: https://github.com/KenjiBrown/rms-open-letter.github.io/blob/main/index.md That one is interesting; the only minor quibble I have is that we really do need to have some kind of plan for "after RMS" because that will happen some day... ... and the part about using GitHub pull requests to sign the letter, which is a bit of a problem from a software freedom standpoint. At least it also provides an email address to send signatures to, unlike the other letter it mentions at https://github.com/rms-support-letter/rms-support-letter.github.io/blob/master/index.md>. https://itwire.com/open-source/foss-developers-launch-petition-to-push-out-stallman,-fsf-board.html According to that article, the whole thing started from a clearly true statement about sexual assault being a broad category? Wait... were those also the remarks that were taken out of context from an internal private mailing list? In my opinion the FSF leaders are not doing things in the right order. First they should make an official statement saying that there are serious errors in recent news articles. They should also consider legal action. The decision whether RMS belongs on the FSF Board should wait until those who are spreading misinformation are brought to justice. Unfortunately, freedom of speech here in USA protects even blatant lies to some extent. (If I remember correctly, it was Fox News that took a case all the way to our Supreme Court arguing that our First Amendment protects what we now call fake news... and Fox News won the case and the precedent is set.) I say this because I know from experience that I can't fix bugs in software I work on in the absence of accurate information. Any programmer that responds to unfounded claims about misbehaving programs will end up wasting time, or worse, breaking a program that works fine. That is why we write testsuites. :D (And *that* was how I got involved with DejaGnu development and ended up on a bunch of GNU mailing lists...) Truth is important if you want to write good software. Dishonesty invites poor quality. I cannot stress this too much. "Quoted For Truth." -- Jacob
Re: Truth matters when writing software and selecting leaders
Akira Urushibata writes: > In my opinion the FSF leaders are not doing things in the right order. People are quite able to do more than one thing at a time. > until those who are spreading misinformation are brought to justice. Beware - a lot of what you think is "misinformation", others think is "my opinion". The question of what speech is "actionable" is not one we can easily define (unless one is a judge, at least in the USA). Do not fall into the trap of saying "You should be punished unless I agree with what you say." > Truth is important The problem with Truth is that there's your Truth, and someone else's Truth. Don't confuse "truth" with "facts". Truth is often colored by one's own beliefs and opinions.