Re: Truth matters when writing software and selecting leaders

2021-04-19 Thread Martin

On 4/13/21 8:20 PM, Jean Louis wrote:

* Martin  [2021-04-13 20:41]:

Live-bootstrap (still under early development state at the moment) is a pure
bare metal project aiming to be used before involving any OS. Kernel blobs
are out of scope for them, because linux-kernel in general is not capable to
operate on 8bit processor with 300bytes of ROM and a single 4bits of RAM -
the hardware requirements for hex0 you can build from scratch i.e.:
https://www.nand2tetris.org/ . But yes if you really want you could also
setup it on some over-complicated hypocritical Cloud environment based 

on

Microsoft Windows Guest Virtual Machines powered by Guix linux-libre KVM
Hosts (another not fixable freedom bug in "free software"^tm).

Do I understand it well:

- there must be some computer with a chip that is programmed by which
   method? Maybe physical switches? Then the chip spit the first binary
   which is used to create programming languags?

- or is there maybe some editor, so when small 8 bit CPU starts, user
   can enter some information and file is generated?
Basically it's about reinventing the wheel 
https://web.archive.org/web/20120127144927/http://www.cs.ncl.ac.uk/research/pubs/books/papers/133.pdf 
. But nowadays we have many different computer architectures, designs, 
tools, development boards, fpga implementations, virtual machines, 
blockchain technologies, etc 
https://en.wikipedia.org/wiki/Comparison_of_instruction_set_architectures 

. You have a full freedom of choosing your best CPU and how to speak 
with it. For now most of the attention is focused on the mainstream x86, 
arm and RISCV hardware but it could be also ported to any other exotic 
arch, i.e.: 
https://b1391bd6-da3d-477d-8c01-38cdf774495a.filesusr.com/ugd/56440f_96cbb9c6b8b84760a04c369453b62908.pdf

I don't think someone would like to repeat the
https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal even though 

some

corrupted VW cars are still on the streets.

You said it there in a good example. People driving will not
necessarily get informed of security issues.
Drivers in this context are not the main target of this VW scandal. It's 
just a top global politics and their dirty games with CO2 emission 
speculative trading, which is basically a brute-force way to enforce 
additional tax for the car manufactures and any other big industries. 
Btw. it looks like the recent SolarWinds big scandal could be also 
prevented by bootstrappability and reproducible-builds: 
https://arxiv.org/abs/2104.06020

as that is exactly how Telegram is doing it, but currently FSF
endorses distributions with software that interacts with Skype,
Telegram, Twitter, etc. On the other hand campaign is there, money is
paid for decentralization of Internet, but FSF endorsed distributions
still partially work to centralize Internet.
It's the main reason why I started to write in this thread. In my 
opinion FSF needs some serious internal refactoring, fresh global view 
of all the current and possible future threats and a serious new 
strategy how to effectively counter-measure it.






Re: Truth matters when writing software and selecting leaders

2021-04-13 Thread Martin

On 4/12/21 4:53 PM, Jean Louis wrote:

Guix is nice but at the moment it requires Guile(approx 20mb of binaries) to
bootstrap itself. Better solution is
https://github.com/fosslinux/live-bootstrap - there are even plans to
integrate it with Guix directly, Debian and many other projects.

That is great. Yet, that project does not support fully free OS, as if
they accept kernel blobs, that defeats the purpose of bootstrapping
and reproducing. Comparison table says that Guix version would run
with Linux-libre kernel only, while their version runs with any
kernel. Which means introducing blobs for some reason. Unknown for now.
Live-bootstrap (still under early development state at the moment) is a 
pure bare metal project aiming to be used before involving any OS. 
Kernel blobs are out of scope for them, because linux-kernel in general 
is not capable to operate on 8bit processor with 300bytes of ROM and a 
single 4bits of RAM - the hardware requirements for hex0 you can build 
from scratch i.e.: https://www.nand2tetris.org/ . But yes if you really 
want you could also setup it on some over-complicated hypocritical Cloud 
environment based on Microsoft Windows Guest Virtual Machines powered by 
Guix linux-libre KVM Hosts (another not fixable freedom bug in "free 
software"^tm).
Well I don't trust compilers like any other software and I don't trust 

any

people behind them.

I do, as I am forced to do so. It is one type of lock-in. Practically
it means little as software security does not depend on compilers
only. Whole chain has to be verified. Making an automated process to
compile one from each other does not make it enough safe IMHO. Even if
whole chain is verified, who is to guarantee that it was verified? So
for users, those verifications mostly do not matter. There is NO
WARRANTY whatsoever for most or all of free software, most of
times. For users thus practically, it does not matter.

Those efforts are though much appreciated. I like practical solutions,
but I do welcome all boostraping and reproducible build efforts. Sadly
I would not know how to contribute to it, other but building it and
verifying small portions of the process myself. Machine language I
have used to create games, it requires some patience, but not more
patience than learning any programming language. I would like to
verify the first binary that is entered and to know how it is
entered. It is not large, it may be verified and better described.
Scientific papers are also full of hidden or disclosure errors, but it 
doesn't mean theoretical studies are bad because of this inevitable side 
effects. In fact perfect abstractions are very useful in practice even 
though you will never rich them directly. In real world there is no such 
think like 100% security, but still we always want to be as close as 
possible to that imaginary point. Besides machine code could be really 
fun as well http://tom7.org/abc/

The biggest advantage of open-source, gnu freedom "free software",
etc in general is just the ability to verify the code itself.

We can do that for all source packages, but not for easy for the
compiler chain and not easy for binaries created by the compiler
chain.

easy problems are boring

There are still many difficulties and limited ways to do it but it doesn't
mean the verification effort is pointless. I believe in the future where all
the basic computer hardware/software/systems could be formally verified and
audited by anyone and in any time.

Let us say they are audited by entities, or persons A, B, C. What true
security does it mean for users? I say none. It just increases
illusion of safety to a certain degree, but it is far from trusting
it. There are millions of users. They have to trust their
distributions, they have no control of verification.

Now, what if verification finds something is wrong? Millions of users
will still continue using malicious software, it is practically taking
place every day millions of times.
I don't think someone would like to repeat the 
https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal even though 
some corrupted VW cars are still on the streets. Besides 
reproducible-bulds and bootstrappability are not only about the 
security. These concepts can really help you to understand and control 
your computer system by eliminating any unnecessary random, obscure, 
dirty and undefined behaviors from your code. These kind of projects are 
easier to maintain, test, optimize, extend, etc.

People should be able to build from very scratch, from nand logical
gates and below to complex linux riscv machines and above to have
full control in all that process. Small simple concepts like
transparency, reproducible-builds, bootstrappability, simplicity,
minimalism, etc are very essential to reach that perfect goal.

That is pleasure in exercise in computing. Something that each student
of CS should start with, I would include the hex0 initial stage as a
lesson in every CS course.

Just that goal is n

Re: Truth matters when writing software and selecting leaders

2021-04-13 Thread Jean Louis
* Martin  [2021-04-13 20:41]:
> On 4/12/21 4:53 PM, Jean Louis wrote:
> > > Guix is nice but at the moment it requires Guile(approx 20mb of binaries) 
> > > to
> > > bootstrap itself. Better solution is
> > > https://github.com/fosslinux/live-bootstrap - there are even plans to
> > > integrate it with Guix directly, Debian and many other projects.
> > That is great. Yet, that project does not support fully free OS, as if
> > they accept kernel blobs, that defeats the purpose of bootstrapping
> > and reproducing. Comparison table says that Guix version would run
> > with Linux-libre kernel only, while their version runs with any
> > kernel. Which means introducing blobs for some reason. Unknown for
> now.

> Live-bootstrap (still under early development state at the moment) is a pure
> bare metal project aiming to be used before involving any OS. Kernel blobs
> are out of scope for them, because linux-kernel in general is not capable to
> operate on 8bit processor with 300bytes of ROM and a single 4bits of RAM -
> the hardware requirements for hex0 you can build from scratch i.e.:
> https://www.nand2tetris.org/ . But yes if you really want you could also
> setup it on some over-complicated hypocritical Cloud environment based on
> Microsoft Windows Guest Virtual Machines powered by Guix linux-libre KVM
> Hosts (another not fixable freedom bug in "free software"^tm).

Do I understand it well:

- there must be some computer with a chip that is programmed by which
  method? Maybe physical switches? Then the chip spit the first binary
  which is used to create programming languags?

- or is there maybe some editor, so when small 8 bit CPU starts, user
  can enter some information and file is generated?

> > Now, what if verification finds something is wrong? Millions of users
> > will still continue using malicious software, it is practically taking
> > place every day millions of times.

> I don't think someone would like to repeat the
> https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal even though some
> corrupted VW cars are still on the streets.

You said it there in a good example. People driving will not
necessarily get informed of security issues. 

> Besides reproducible-bulds and bootstrappability are not only about
> the security. These concepts can really help you to understand and
> control your computer system by eliminating any unnecessary random,
> obscure, dirty and undefined behaviors from your code.  These kind
> of projects are easier to maintain, test, optimize, extend, etc.

Sure, but that applies only to very narrow group of experts. It means
nothing for 99.999% of users, probably more than that. That is
disclosure that is missing on pages that are marketing reproducible
builds and bootstrappability.

"These concepts can really help you to understand and control your
 computer system by eliminating any unnecessary random, obscure, dirty
 and undefined behaviors from your code." -- that is far from
 practical truth and reality.

Thos concepts will not help 40-50 million free softwware users to
understand and control their computer system; they will not help them
to eliminate any unnecessary (neither help them understand what would
be unnecessary), random, obscure, dirt and undefined behaviors from
the code because it requires proficient experts who know everything
from the begin to the end, this involves knowing all of the
boostrapped binaries, all of the internals of each of GCC versions and
other binaries involved, and to know security and internals of each
remote software ever pulled in this process, and this grows to the
distribution size. That is why I say it is probably less than 0.001%
of users that would have such capacities and skills.

For all others it will remain impractical. They will not even want to
know about it.

That there are thinkers like you is my appreciation to life on this
planet. But it will be worse, people will know less, not
more. Corporations want to make sure of it. We are in the war that we
do not even know that we are.

> > Just that goal is not perfect as you say. There is no warranty for
> > software, and there is no guarantee that auditing is uncompromised. We
> > also do not know true identities of developers and their background,
> > we cannot verify them, thus we cannot know what is really going
> > on.

> There are many tools available to formally verify the code, i.e.: Coq,
> Idris, Agda, etc. If it works for real research to facilitate crafting and
> validating complicated mathematical lemmas, i.e.:

There may be X number of tools, see above, as if 40 million users
cannot verify it, it is not verified for them. For you it may be
verified if you have done the process.

Did you verify it truly ever?

In speaking highly hypothetical of future goals, we have to disclose
the reality, as what you verify is not verified by myself, it does not
help, it just increases probability or trust, and we are anyway now
downloading software due to trust to se

Re: Truth matters when writing software and selecting leaders

2021-04-13 Thread Jean Louis
* Martin  [2021-04-06 15:25]:
> On 4/5/21 5:52 PM, Jean Louis wrote:
> > I do understand the strive to perfectionism and there are projects
> > like Guix which strive to reach the point you are talking. Maybe such
> > projects can become bootstrapping distributions for other
> > distributions which cannot or did not reach that far yet.

> Guix is nice but at the moment it requires Guile(approx 20mb of binaries) to
> bootstrap itself. Better solution is
> https://github.com/fosslinux/live-bootstrap - there are even plans to
> integrate it with Guix directly, Debian and many other projects.

That is great. Yet, that project does not support fully free OS, as if
they accept kernel blobs, that defeats the purpose of bootstrapping
and reproducing. Comparison table says that Guix version would run
with Linux-libre kernel only, while their version runs with any
kernel. Which means introducing blobs for some reason. Unknown for now.

> > What means "to trust" compiler? We already trust our compilers,
> > obviously. We have confidence, faith in compilers and people making
> > it. Free software is insecure and we trust people behind
> > distributions. We have only freedom to verify it though largest
> > majority of users including programmers cannot possibly verify free
> > software on a system as it would take a life time. OpenBSD people are
> > verifying the system for decades they still did not finish. It is
> > never ending story.

> Well I don't trust compilers like any other software and I don't trust any
> people behind them.

I do, as I am forced to do so. It is one type of lock-in. Practically
it means little as software security does not depend on compilers
only. Whole chain has to be verified. Making an automated process to
compile one from each other does not make it enough safe IMHO. Even if
whole chain is verified, who is to guarantee that it was verified? So
for users, those verifications mostly do not matter. There is NO
WARRANTY whatsoever for most or all of free software, most of
times. For users thus practically, it does not matter.

Those efforts are though much appreciated. I like practical solutions,
but I do welcome all boostraping and reproducible build efforts. Sadly
I would not know how to contribute to it, other but building it and
verifying small portions of the process myself. Machine language I
have used to create games, it requires some patience, but not more
patience than learning any programming language. I would like to
verify the first binary that is entered and to know how it is
entered. It is not large, it may be verified and better described.

> The biggest advantage of open-source, gnu freedom "free software",
> etc in general is just the ability to verify the code itself.

We can do that for all source packages, but not for easy for the
compiler chain and not easy for binaries created by the compiler
chain.

> There are still many difficulties and limited ways to do it but it doesn't
> mean the verification effort is pointless. I believe in the future where all
> the basic computer hardware/software/systems could be formally verified and
> audited by anyone and in any time.

Let us say they are audited by entities, or persons A, B, C. What true
security does it mean for users? I say none. It just increases
illusion of safety to a certain degree, but it is far from trusting
it. There are millions of users. They have to trust their
distributions, they have no control of verification.

Now, what if verification finds something is wrong? Millions of users
will still continue using malicious software, it is practically taking
place every day millions of times.

> People should be able to build from very scratch, from nand logical
> gates and below to complex linux riscv machines and above to have
> full control in all that process. Small simple concepts like
> transparency, reproducible-builds, bootstrappability, simplicity,
> minimalism, etc are very essential to reach that perfect goal.

That is pleasure in exercise in computing. Something that each student
of CS should start with, I would include the hex0 initial stage as a
lesson in every CS course.

Just that goal is not perfect as you say. There is no warranty for
software, and there is no guarantee that auditing is uncompromised. We
also do not know true identities of developers and their background,
we cannot verify them, thus we cannot know what is really going on.

Speaking about it is good, it raises awareness, but not significantly,
users still remain there to trust their distributions.

Why we use "chain of trust" in other security related processes? Here
in this process there is no clear chain of trust, no process of
verification. What does it matter that somebody there on some server
says, that reproducible hash outcome is 123 compared to user's hash
123, makes it same, and thus trusted. It does not as user does not
know people behind those servers. Mass manipulations are done every
day through media, few words may c

Re: Risks of deterministic builds (was: Re: Truth matters when writing software and selecting leaders)

2021-04-09 Thread Jean Louis
* Martin  [2021-04-06 12:22]:

> >  From practical viewpoint, among milions and millions of users, when it
> > comes to validating compiler, they would have to validate the
> > reproducible build with comparison to something. Benefits of
> > reproducible builds thus depend of number of people validating it and
> > reporting problems. It depends of publicity of problems and
> > research. Small group of people may do the work, but they cannot
> > possibly make sure to do the work for ALL distributions and for all
> > people. Thus practically for an individual it means nothing, unless
> > individual is highly skilled to verify internals of the compiler, and
> > we have plethora of compilers on every single GNU/Linux operating
> > system. Thus whole countries may be converted into spying backdoor
> > teams by using marketing of reproducible builds of packages that
> > people cannot really verified. Reproducible build of system is not
> > yet reality. We hope for it in future.

> Maybe freedom in "free software" shouldn't require from the code to be open
> neither. Let's just blindly trust some saint developers who cannot even
> control their own binaries. Actually today we are closer and closer to that
> sad scenario like never before in the history, because in fact most of the
> open-source and GNU "free software" nowadays base on blackboxed binary seeds
> that cannot be verified by the users not even by the core developers.

I say you are right there, only that irony is not really in place. I
admire your perfectionism.

- practically, majority of GNU/Linux and BSD-derivatives blindly trust
  their developers. It is how it is. Just few of them are actual
  developers who verify things and develop, and submit issues, find
  security problems and so on. We rely on our developers.

- developers can to a degree control their binaries. It is
  questionable if they can boostrap compilers from pure sources, so
  they trust their upstream compiler providers like GNU GCC, or
  Haskell's origins, or other compilers. Guix is making effort and
  some other OS-es to make it boostrapable.

- yes, with larger number of people using GNU/Linux we are closer and
  closer to scenario of blindly trusting our distributions. That is
  not good. Common users cannot anyway verify software.

- You are right, that now, at this point of time, we should point out
  to that issue, as now it is important when it is not too late. Maybe
  it is too late for Haskell. I know for GCC is not too late as Guix
  can bootstrap it or almost bootstrap it. Not sure.

If we don't point from today on about this issue, we will get serious
problems in future. Awareness we need.

Something practical has to be done about that. Did you contribute to
Guix with your knowledge?

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

Sign an open letter in support of Richard M. Stallman
https://rms-support-letter.github.io/




Re: Truth matters when writing software and selecting leaders

2021-04-08 Thread Martin

On 4/5/21 5:52 PM, Jean Louis wrote:

I do understand the strive to perfectionism and there are projects
like Guix which strive to reach the point you are talking. Maybe such
projects can become bootstrapping distributions for other
distributions which cannot or did not reach that far yet.
Guix is nice but at the moment it requires Guile(approx 20mb of 
binaries) to bootstrap itself. Better solution is 
https://github.com/fosslinux/live-bootstrap - there are even plans to 
integrate it with Guix directly, Debian and many other projects.

What means "to trust" compiler? We already trust our compilers,
obviously. We have confidence, faith in compilers and people making
it. Free software is insecure and we trust people behind
distributions. We have only freedom to verify it though largest
majority of users including programmers cannot possibly verify free
software on a system as it would take a life time. OpenBSD people are
verifying the system for decades they still did not finish. It is
never ending story.
Well I don't trust compilers like any other software and I don't trust 
any people behind them. The biggest advantage of open-source, gnu 
freedom "free software", etc in general is just the ability to verify 
the code itself. There are still many difficulties and limited ways to 
do it but it doesn't mean the verification effort is pointless. I 
believe in the future where all the basic computer 
hardware/software/systems could be formally verified and audited by 
anyone and in any time. People should be able to build from very 
scratch, from nand logical gates and below to complex linux riscv 
machines and above to have full control in all that process. Small 
simple concepts like transparency, reproducible-builds, 
bootstrappability, simplicity, minimalism, etc are very essential to 
reach that perfect goal.

Maybe you wish to say we have to control compiler, but compiler is
huge, not even compiler developers can know what is everything inside,
they always find some new problems to solve.
Hopefully there are still alternatives, and if GCC won't fix itself on 
time than it gonna die by natural selection.






Re: Risks of deterministic builds (was: Re: Truth matters when writing software and selecting leaders)

2021-04-08 Thread Martin

On 4/6/21 7:40 AM, Jean Louis wrote:

* Jacob Bachmeyer  [2021-04-06 05:39]:

Exploits are easier to develop when hardcoded offsets, virtual addresses,
etc. can be used.  In a "binary monoculture" environment, that is possible.
This contributes to and worsens security problems in proprietary software,
which is almost always distributed as a single identical set of binaries.
If you have a source code that types of exploits are also easier to 
detect. Besides you can always compile your software with different 
flags then the one used by default. Reproducible-builds just gives you 
information that for a fixed environment you have the fixed binaries but 
usually the combinations of settings are very wide and it's only up to 
you how your binaries are distributed in the end.

Reproducible builds are useful for validating the compiler, but there is a
potential downside in that they make any exploit that can be found in the
reproducibly built program much more reliable, since everyone will have
exactly identical binaries.  Note that this is an identical risk with binary
distributions:  if you simply install the binaries form Debian, an exploit
can be tuned to Debian's version of that binary and it will work on your
machine.
So far debian is still one of the safest linux distribution in the 
world. Anyway even debian is giving you the option to compile all their 
software from source codes and again you can tune it as you like in your 
custom dev environment producing completely different binaries than 
others do.

That is right.

 From practical viewpoint, among milions and millions of users, when it
comes to validating compiler, they would have to validate the
reproducible build with comparison to something. Benefits of
reproducible builds thus depend of number of people validating it and
reporting problems. It depends of publicity of problems and
research. Small group of people may do the work, but they cannot
possibly make sure to do the work for ALL distributions and for all
people. Thus practically for an individual it means nothing, unless
individual is highly skilled to verify internals of the compiler, and
we have plethora of compilers on every single GNU/Linux operating
system. Thus whole countries may be converted into spying backdoor
teams by using marketing of reproducible builds of packages that
people cannot really verified. Reproducible build of system is not
yet reality. We hope for it in future.
Maybe freedom in "free software" shouldn't require from the code to be 
open neither. Let's just blindly trust some saint developers who cannot 
even control their own binaries. Actually today we are closer and closer 
to that sad scenario like never before in the history, because in fact 
most of the open-source and GNU "free software" nowadays base on 
blackboxed binary seeds that cannot be verified by the users not even by 
the core developers.





Risks of deterministic builds (was: Re: Truth matters when writing software and selecting leaders)

2021-04-07 Thread Jacob Bachmeyer

Martin wrote:

On 4/4/21 11:38 PM, Jacob Bachmeyer wrote:

Martin wrote:
In a perfect world if everything is reproducible than all the 
compilations are deterministic. It means that for a given 
environment your source code will always produce the same binaries. 
Briefly DDC method is using mix of different environments in order 
to analyze the binary patterns of the same source code.


The downside of this is that we are right back to a binary 
monoculture, and an exploit that works on one machine would be 
trivially guaranteed to work everywhere.  We really need some kind 

of
controlled randomization that allows provably equivalent executables 
to be produced, but such that exploits relying on hardcoded offsets 
will only work on a limited subset.


I don't understand what you mean by "binary monoculture" in this 
context can you elaborate more about it pls?


Exploits are easier to develop when hardcoded offsets, virtual 
addresses, etc. can be used.  In a "binary monoculture" environment, 
that is possible.  This contributes to and worsens security problems in 
proprietary software, which is almost always distributed as a single 
identical set of binaries.


Reproducible builds are useful for validating the compiler, but there is 
a potential downside in that they make any exploit that can be found in 
the reproducibly built program much more reliable, since everyone will 
have exactly identical binaries.  Note that this is an identical risk 
with binary distributions:  if you simply install the binaries form 
Debian, an exploit can be tuned to Debian's version of that binary and 
it will work on your machine.



-- Jacob



Re: Risks of deterministic builds (was: Re: Truth matters when writing software and selecting leaders)

2021-04-07 Thread Jean Louis
* Jacob Bachmeyer  [2021-04-06 05:39]:
> Exploits are easier to develop when hardcoded offsets, virtual addresses,
> etc. can be used.  In a "binary monoculture" environment, that is possible.
> This contributes to and worsens security problems in proprietary software,
> which is almost always distributed as a single identical set of binaries.
> 
> Reproducible builds are useful for validating the compiler, but there is a
> potential downside in that they make any exploit that can be found in the
> reproducibly built program much more reliable, since everyone will have
> exactly identical binaries.  Note that this is an identical risk with binary
> distributions:  if you simply install the binaries form Debian, an exploit
> can be tuned to Debian's version of that binary and it will work on your
> machine.
> 
> 
> -- Jacob

That is right.

>From practical viewpoint, among milions and millions of users, when it
comes to validating compiler, they would have to validate the
reproducible build with comparison to something. Benefits of
reproducible builds thus depend of number of people validating it and
reporting problems. It depends of publicity of problems and
research. Small group of people may do the work, but they cannot
possibly make sure to do the work for ALL distributions and for all
people. Thus practically for an individual it means nothing, unless
individual is highly skilled to verify internals of the compiler, and
we have plethora of compilers on every single GNU/Linux operating
system. Thus whole countries may be converted into spying backdoor
teams by using marketing of reproducible builds of packages that
people cannot really verified. Reproducible build of system is not
yet reality. We hope for it in future.


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

Sign an open letter in support of Richard M. Stallman
https://rms-support-letter.github.io/




Re: Truth matters when writing software and selecting leaders

2021-04-06 Thread Martin

On 4/4/21 11:38 PM, Jacob Bachmeyer wrote:

Martin wrote:
In a perfect world if everything is reproducible than all the 
compilations are deterministic. It means that for a given environment 
your source code will always produce the same binaries. Briefly DDC 
method is using mix of different environments in order to analyze the 
binary patterns of the same source code.


The downside of this is that we are right back to a binary 
monoculture, and an exploit that works on one machine would be 
trivially guaranteed to work everywhere.  We really need some kind 
of 
controlled randomization that allows provably equivalent executables 
to be produced, but such that exploits relying on hardcoded offsets 
will only work on a limited subset.


I don't understand what you mean by "binary monoculture" in this context 
can you elaborate more about it pls? Besides reproducibile-builds is not 
designed to solve all type of exploits. It's just hardening dev 
environment requirements to face the trusting trust issue 
https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf 
. In general it doesn't make sens to make any "free software" 
development if you cannot trust your compiler. You cannot trust your 
source code if it produce different binaries in the same dev 
environment. This is the basic and once it's established than you can 
play with any "controlled randomization" ideas on top of it.





Re: Truth matters when writing software and selecting leaders

2021-04-06 Thread Jean Louis
* Martin  [2021-04-05 20:19]:

> In general it doesn't make sens to make any "free software"
> development if you cannot trust your compiler. You cannot trust your
> source code if it produce different binaries in the same dev
> environment. This is the basic and once it's established than you
> can play with any "controlled randomization" ideas on top of it.

Yes Martin, that is theory, look around the world, practicality is
that for people it does make sense. They don't trust compilers, they
trust websites, not even people, as majority of users do not know any
people behind OS distributions. That is the real world.

I do understand the strive to perfectionism and there are projects
like Guix which strive to reach the point you are talking. Maybe such
projects can become bootstrapping distributions for other
distributions which cannot or did not reach that far yet.

What means "to trust" compiler? We already trust our compilers,
obviously. We have confidence, faith in compilers and people making
it. Free software is insecure and we trust people behind
distributions. We have only freedom to verify it though largest
majority of users including programmers cannot possibly verify free
software on a system as it would take a life time. OpenBSD people are
verifying the system for decades they still did not finish. It is
never ending story.

Maybe you wish to say we have to control compiler, but compiler is
huge, not even compiler developers can know what is everything inside,
they always find some new problems to solve.

Developers are solving issues:
https://gcc.gnu.org/bugzilla/buglist.cgi?chfield=%5BBug%20creation%5D&chfieldfrom=24h

Insecurities: https://www.cvedetails.com/product/960/GNU-GCC.html?vendor_id=72

To use free software we have to rely that it is safe and comes from
trusted sources. It can still be that we discover backdoors after
years, just as with Minix OS in Intel chips that could be used for
backdoors and intrusion into computer operations.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

Sign an open letter in support of Richard M. Stallman
https://rms-support-letter.github.io/




Re: Truth matters when writing software and selecting leaders

2021-04-06 Thread Jacob Bachmeyer

Martin wrote:
In a perfect world if everything is reproducible than all the 
compilations are deterministic. It means that for a given environment 
your source code will always produce the same binaries. Briefly DDC 
method is using mix of different environments in order to analyze the 
binary patterns of the same source code.


The downside of this is that we are right back to a binary monoculture, 
and an exploit that works on one machine would be trivially guaranteed 
to work everywhere.  We really need some kind of controlled 
randomization that allows provably equivalent executables to be 
produced, but such that exploits relying on hardcoded offsets will only 
work on a limited subset.



-- Jacob



Re: Google XMPP service (was: Re: Truth matters when writing software and selecting leaders)

2021-04-05 Thread Jean Louis
* Jacob Bachmeyer  [2021-04-03 22:16]:
> On a side note:  talk.google.com still speaks Jabber/XMPP on port 5223.  I
> use it to talk with friends that carry Android devices.  The Android
> messenger app and Hangouts still use Jabber on the backend.

How does the username looks like? Is it u...@google.com ? Or something else?

Do you think that each user has asigned XMPP username automatically?

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

Sign an open letter in support of Richard M. Stallman
https://rms-support-letter.github.io/




Google XMPP service (was: Re: Truth matters when writing software and selecting leaders)

2021-04-04 Thread Jacob Bachmeyer

Martin wrote:

On 3/30/21 9:10 AM, Jean Louis wrote:

* Martin  [2021-03-30 11:07]:

Back in past, it was possible, and I remember doing so. I have been
using Jabber network and I could freely contact Google Plus users
through Jabber network and I could freely contact Facebook users
through Jabber/XMPP network. It was possible to send email to Facebook
friend without being Facebook user or having Facebook account, they
would answer in their inbox to such email, and you would get
reply. Today it is not possible.
This kind of stories also have some pros. That time Jabber/XMPP 
network was getting big "free" promotion from Facebook, Google, etc. 
Nowadays I'm still using Jabber/XMPP and I have zero interest of 
having fb, g+, etc.


On a side note:  talk.google.com still speaks Jabber/XMPP on port 5223.  
I use it to talk with friends that carry Android devices.  The Android 
messenger app and Hangouts still use Jabber on the backend.



-- Jacob



Re: Truth matters when writing software and selecting leaders

2021-04-04 Thread Jean Louis
* Martin  [2021-03-31 17:00]:
> On 3/30/21 7:10 PM, Jean Louis wrote:
> > * Martin  [2021-03-30 19:58]:
> > You may, but we don't, as it is vague term. On GNU website, we never
> > use "open source" to refer to free software, as we have to promote
> > freedom.

> what's your definition of freedom then?

When I say freedom, it is used in the context of free software how it
is already well defined on the website, I gave you references. I am
glad to receive that freedom with GNU and other free software, and I
distribute to other people as well.

When I say "to promote freedom" on this mailing list, it refers to
free software as defined, and users' rights, which I say are basic
human rights to be in charge of any actions done on their behalf.

As a paralegal since almost 20 years, when a person wish to authorize
somebody else to do some actions on person's behalf, then there are 2
different powers of attorney:

- General Power of Attorney -- usually authorizes another person to do
  ANY kind of actions on person's behalf, for example to purchase
  house, website domain, open up bank accounts, demand money, and so
  on.

- Specific Power of Attorney -- authorizes attorney or representative
  to do some specific actions, for example, it could authorize
  attorney or assigned person to purchase vehicle on somebody's
  behalf.

Those legal documents have to be signed usually in front of a public
notary who makes sure that person is aware of all details written in
the document.

Normally, we do not legally authorize people to read, listen, hear,
record, process our data, and do other unauthorized actions with our
data, our information, so much related to life.

Software programs and authors conquered the legality and took their
right to claim that "by downloading this software" or "by using this
website" one receives some kind of a license and accept any kind of
otherwise unauthorized actions, like sending personal information,
tracking your behavior, researching your behavior, selling your face,
your habits, your situation of posession of your devices, like if you
are rich or poor, processing your information, doing actions on your
compute which actions you have never authorized, and repeating same
actions trillions of times.

Person was not technically capable to understand such authorization
given to proprietary software companies, and thus IMHO, all such
authorizations are invalid, and should be persectued by criminal law,
depending of the country.

But countries think that software is some kind of a written deed, and
treat is under copyrights, I would not.

I would treat it as set of actions executed on user's computer,
usually processing user's data, and conducted by author. As that is
what it is.

Unauthorized processing of actions with users' data is criminal.

I do not think that authorization by click or blind acceptance of
software is legally right. Neither I do not think that for free
software.

For any software, it has to be free software, as only so users can
verify if actions are actually authorized or not.

For any software, that is assumed to be free software in future, users
should or could trust developers who verify the software and designate
what such software does with users' data. If it only play files, it
would be easily accepted, but if it can do potential harm to user's
privacy, something like that would need to be looked from criminal
view point.

As if anybody ENTERS my room, and takes FEW papers from a table,
regardless what is on those papers, that is so much criminal that
deserves few years in prison.

Computer software is used in the same way, to automate computers to
send user's data, process, sell it, profit on it -- and people do not
recognize it as crime. But majority of people did not really
understand the impact of it, and did not consciously give their powers
to software authors.

> > I probably have more years than you, so I am aware of the movement
> > called "open source" and licking asses of corporations.

> "free software" movement is actively endorsing a lot of projects that are
> not bootstrappable for many years. This is like a gift for corporations who
> can freely exploit your resources.

You are free to contribute your knowledge and report issues where
appropriate. This list will not be read by them.

> > > Does the GNU "free software" definition is protected under some
> > > trademark laws? If not than why you blindly assume that everyone
> > > should use it as it only please you?

> > I don't. I said in this GNU environment, on mailing lists, in
> > contributions, in publishing, designations and similar, we strive to
> > use proper terminology to express the purposes of free software
> > philosophy better, it is voluntarily.

> And how you protect your self from internal manipulations?

I would not know what is internal manipulation. I have been eating
beans and polenta, and something is happening internally, what do you
mean?

> It's good that you mentioned that,

Re: Truth matters when writing software and selecting leaders

2021-04-04 Thread Martin

On 3/30/21 7:10 PM, Jean Louis wrote:

* Martin  [2021-03-30 19:58]:
You may, but we don't, as it is vague term. On GNU website, we never
use "open source" to refer to free software, as we have to promote
freedom.

what's your definition of freedom then?

For me both cases are not precise and lead to misinterpretations. I
don't see the reason to limit my vocabulary from the words you and
your organizations simply don't like.

But nobody asks you to limit, it is recommendation for every human to
be precise how they express themselves.

In general, free software is free as in freedom.

Open source in general may be proprietary software, see non-free
Debian open source repository, it is full of proprietary software that
is open source. It is vague.
What kind of free in freedom you see in GNU binary seeds that are not 
bootstrappable? Is it really better than Debian open-source drivers for 
commercial blobs that are isolated in different repository disabled by 
default to fulfill the DFSG requirements?


I probably have more years than you, so I am aware of the movement
called "open source" and licking asses of corporations.
"free software" movement is actively endorsing a lot of projects that 
are not bootstrappable for many years. This is like a gift for 
corporations who can freely exploit your resources.

Does the GNU "free software" definition is protected under some
trademark laws? If not than why you blindly assume that everyone
should use it as it only please you?

I don't. I said in this GNU environment, on mailing lists, in
contributions, in publishing, designations and similar, we strive to
use proper terminology to express the purposes of free software
philosophy better, it is voluntarily.

And how you protect your self from internal manipulations?

Not so long time ago a person who was able to use text editor or any simple
applications in the first computers were considered as advanced
user.

Actually, the other way around. First micro computer users were
assembling their micro computer at home, later programming it as there
was no software available. Using editors and if not editors, then
interactive editing environments such as BASIC shell, LOGO shell,
including assembly, machine language, that was daily routine for the
end users back then.
It's good that you mentioned that, because in the beginning actually 
everything was bootstrappable, and nowadays almost nothing - how bizarre 
is our evolution of freedom.

In the early internet years people were putting in their Resume
abilities of using web browsers, etc. Nowadays almost every end user
is verifying PGP signatures, it's not a rocket science
anymore. People are sand-boxing many layers of their working
environments, using chroots, jails, containers, various
virtualization, etc.

You speak of developers, they are now many, but not proportionally
many as in early years of micro computing era, since about begin of
1980. Number of developers is today so much less proportionally to
number of computers - we are under developed in 2021. Sorry, what you
mention is not what end users are. I meet end users every day, they
use computers for DVD, movies and music, sharing files by using USB,
some of them know how to write a letter, and some will even make a
presentation. That is largest majority of computer end users.
What you are talking about? No one is using DVD anymore. DVD has died 
like floppy disks many years ago. Today end users mostly are sharing and 
casting complex streams of media. To setup recording environments people 
are using very advanced tools for editing, encoding/decoding, 
encrypting, data synchronizations, backups, etc. Moreover thanks to 
fintec and cryptocurrency more and more people are paranoic about 
security, using some external crypto hardware devices, complex signing 
procedures, etc. Don't forget about IoT gadgets, electric cars, drones, 
smart homes, 5G, etc.

There is a devops profession that fully automate complex pipelines
and craft a fully transparent recipes so the end user can just click
a button to trigger reproducible-builds, bootstrappability,
verification, testing, fuzzing, sanitazing and many other features
for their software in some nice CI/CD fashion.  > No.

Sorry, I do not share opinion that end user is triggering
reproducible-builds, and if it is just by click of a button, that end
user, without knowledge of underlying software, does not need
reproducible build -- as that requires serious knowledge to verify
what is going on really.

We are all advanced users, so in that term of end user how you
mentioned it, I understood it as majority of common computer
users. But you speak of developers.
Bitcoin HOLDers are more gamblers than advanced users, but yet even they 
are able to compile from scratch their nodes and verify its reproducible 
in order to keep as safe as possible their investments. The is a reason 
why BTC blockchain is considered as the safest public ledger in the 
world, and why so many people 

Re: Truth matters when writing software and selecting leaders

2021-04-02 Thread Jean Louis
* Martin  [2021-03-30 19:58]:
> > Instead of open source, we say, free software or free (libre)
> > software.

> This is absurd, I would never use only "free software" term for the exactly
> same reason I'm not using only the word "open-source".

You may, but we don't, as it is vague term. On GNU website, we never
use "open source" to refer to free software, as we have to promote
freedom.

Anyway, you cannot change it, I have mentioned already various
Spanish, Italian, German speaking countries, free software movement is
there, it will not change, people of free software movement use "free
software" in their speech. Those who like software but do not
understand importance of freedom may call it as they want, but that is
not helping new people.

You maybe deal with all kinds of software, sorry I cannot know what
you do. I have asked what software you relate to, to show me some
hyperlinks.

> For me both cases are not precise and lead to misinterpretations. I
> don't see the reason to limit my vocabulary from the words you and
> your organizations simply don't like.

But nobody asks you to limit, it is recommendation for every human to
be precise how they express themselves.

In general, free software is free as in freedom.

Open source in general may be proprietary software, see non-free
Debian open source repository, it is full of proprietary software that
is open source. It is vague.

It is thus obvious that people use non-free software under umbrella of
free software. GNU Free Software OS-es do not use vague
terminology. It is how it is, it is decision of the group and
individuals in the group to make things straight.

> If you don't understand the context of using terms like "open" or
> "open-source" you can just ask for more details.

I probably have more years than you, so I am aware of the movement
called "open source" and licking asses of corporations.

> What if any freeware vendors start to use "free software" term to
> promote their commercial products, how you plan to stop them from
> doing it?

I could not care less. People are free to make their new terms in new
contexts. We use it in the context of freedom. There is no need to
discuss hypothetical situations, they are not real.

> Does the GNU "free software" definition is protected under some
> trademark laws? If not than why you blindly assume that everyone
> should use it as it only please you?

I don't. I said in this GNU environment, on mailing lists, in
contributions, in publishing, designations and similar, we strive to
use proper terminology to express the purposes of free software
philosophy better, it is voluntarily. 

> > Those who install their systems themselves are for me advanced
> > users. They will hardly go for reproducible builds. If somebody is
> > downloading few gigabytes of binaries to install on computer, that
> > somebody will most probably, in the majority of this group of advanced
> > users, never verify any sources. Hashes and PGP signatures may be
> > verified automatically by the system package manager.
> > 
> > There will be those who are responsible for security of data and may
> > like to verify distributions or make their own, those will be doing
> > verification checks. This group does not belong to group of end users.

> Not so long time ago a person who was able to use text editor or any simple
> applications in the first computers were considered as advanced
> user.

Actually, the other way around. First micro computer users were
assembling their micro computer at home, later programming it as there
was no software available. Using editors and if not editors, then
interactive editing environments such as BASIC shell, LOGO shell,
including assembly, machine language, that was daily routine for the
end users back then.

Today, end users mostly using computers for multi-media, and some of
them edit text, that is now, not back then, considered advanced. We
are underdeveloped in 2021.

> In the early internet years people were putting in their Resume
> abilities of using web browsers, etc. Nowadays almost every end user
> is verifying PGP signatures, it's not a rocket science
> anymore. People are sand-boxing many layers of their working
> environments, using chroots, jails, containers, various
> virtualization, etc.

You speak of developers, they are now many, but not proportionally
many as in early years of micro computing era, since about begin of
1980. Number of developers is today so much less proportionally to
number of computers - we are under developed in 2021. Sorry, what you
mention is not what end users are. I meet end users every day, they
use computers for DVD, movies and music, sharing files by using USB,
some of them know how to write a letter, and some will even make a
presentation. That is largest majority of computer end users.

> There is a devops profession that fully automate complex pipelines
> and craft a fully transparent recipes so the end user can just click
> a button to trigger repr

Re: Truth matters when writing software and selecting leaders

2021-04-02 Thread Martin

On 3/30/21 1:38 PM, Jean Louis wrote:

* Martin  [2021-03-30 15:51]:

This kind of stories also have some pros. That time Jabber/XMPP network was
getting big "free" promotion from Facebook, Google, etc. Nowadays I'm still
using Jabber/XMPP and I have zero interest of having fb, g+, etc.

I don't remember that neither Google nor Facebook advertised XMPP,
they did not use directly that term. It was a hidden feature to a
degree. I would be definitely contacting Google and Facebook users
would they have XMPP today.

So I would not contribute promotion of XMPP to them, and I am not sure
if XMPP became more popular due to them.
The promotion of XMPP was not coming only from the official advertising 
campaigns but also from many technical blogs, podcasts and various other 
media noises partially sponsored by Google/Facebook. You cannot just 
ignore that facts but anyway for me XMPP is really one of the best p2p 
communication system till these days.

To really face the modern threats I would just use a term like: "clean
open-source, reproducible, bootrstrappable, secure and free software". 

It's

long but at least it explicitly describe what it is about without any
confusion.

In that sense you minimize the meaning of "free software", as if you
use "open source" it means that maybe it is open source, but also free
of charge -- so there is no definite information that you actually
deal with free software as in liberty.
I don't agree with you. For me still "free software" doesn't explicitly 
state that the source should be open and even the hidden "freedom" 
element included in the definition is not precise enough to strictly 
require from the code to be open as I've explained multiple times in my 
previous mails. I agree though that open-source code could be released 
under many non ethical licenses vulnerable to patent trolling, etc but 
together with "free" word it actually maximize the meaning of my 
proposed long new term.

What would mean "Clean"? I don't know.

If you wish to avoid confusion simple refer by hyperlink to definition
of free software: https://www.gnu.org/philosophy/free-sw.html

Open source definition misses the point:
https://www.gnu.org/philosophy/open-source-misses-the-point.en.html

Please avoid using the term “open” or “open source” as a substitute for “free 
software.”
https://www.gnu.org/philosophy/words-to-avoid.html#Open
The above links are the main source of confusion. Instead of redefine 
basic words, creating blacklist of common synonyms and brainwashing 
people from their intuitions it would be better to CLEAN finally that 
mess and Keep It Simple S...?

Please avoid using the term “open” or “open source” as a substitute
for “free software.” Those terms refer to a different set of views
based on different values. The free software movement campaigns for
your freedom in your computing, as a matter of justice. The open
source non-movement does not campaign for anything in this way.

When referring to the open source views, it's correct to use that name, 

but please do not use that term when talking about us, our software, or our 
views—that leads people to suppose our views are similar to theirs.


Instead of open source, we say, free software or free (libre)
software.
This is absurd, I would never use only "free software" term for the 
exactly same reason I'm not using only the word "open-source". For me 
both cases are not precise and lead to misinterpretations. I don't see 
the reason to limit my vocabulary from the words you and your 
organizations simply don't like. If you don't understand the context of 
using terms like "open" or "open-source" you can just ask for more 
details. What if any freeware vendors start to use "free software" term 
to promote their commercial products, how you plan to stop them from 
doing it? Does the GNU "free software" definition is protected under 
some trademark laws? If not than why you blindly assume that everyone 
should use it as it only please you?

Yes, that was ironical. Any word may be misunderstood, but we shall
not change our words to accommodate people who lack certain levels of
education.
Are you saying that the inventor of "free software" term was badly 
educated?.

Those who install their systems themselves are for me advanced
users. They will hardly go for reproducible builds. If somebody is
downloading few gigabytes of binaries to install on computer, that
somebody will most probably, in the majority of this group of advanced
users, never verify any sources. Hashes and PGP signatures may be
verified automatically by the system package manager.

There will be those who are responsible for security of data and may
like to verify distributions or make their own, those will be doing
verification checks. This group does not belong to group of end users.
Not so long time ago a person who was able to use text editor or any 
simple applications in the first computers were considered as advanced 
user. In the early internet years peopl

Re: Truth matters when writing software and selecting leaders

2021-04-02 Thread shulie
On 3/30/21 12:58 PM, Martin wrote:
> Nowadays almost every end user is verifying PGP signatures, it's not a
> rocket science anymore.



no they aren't and it is not rocket science, it is just poorly designed
and worstly implimented.




Re: Truth matters when writing software and selecting leaders

2021-04-02 Thread Martin

On 3/29/21 12:26 PM, Jean Louis wrote:

* Martin  [2021-03-29 13:57]:
 From the paragraph above, I can see you did not get the difference
between the free software and open souce. And your analogy is not
right. You mentioned price not freedom.
I know that gnu definition and in general I'm on your site here, but 
unfortunately besides us and other small groups of geeks the "free 
software" term just sounds too general in my opinion. People in 
supermarkets while choosing some free stuffs in promotions usually are 
not thinking about freedom. Besides freeware software like facebook 
(with all its network, cloud services, etc) gives you also some kind of 
freedom of socializing with other ppl in their platform. In general 
facebook is not only about price, they control almost every aspect of 
human lives around the globe including people who are not using their 
apps directly. Some random person by just reading the gnu header that 
"free software is better than open-source" could easily misinterpret it 
as facebook being not so bad only because it's not open-source.

We use the word "free software" to clearly refer to freedom, we may
use words such as libre software to refer to freedom.
Libre is just more blurred spanish, french,... translation of the word 
"free" redefined by GNU. So the core issue with this confusing term is 
still not resolved.

We do not use "open source" as that is vague term, and does not
necessarily mean "free software". The distinction is more and more
important today.
Ironically the word "free" is much more vague then "open-source". The 
problem I mentioned above is that "free software" unfortunately could 
also mean freeware for too many people who are not professional English 
linguists nor IT specialists.


Moreover definition of "free software" is not mentioning about 
importance of https://reproducible-builds.org/ nor 
http://bootstrappable.org/ which should be in the highest priority for 
any RMS/FSF/GNU/Free organization to finally address pathological issues 
like: https://gcc.gnu.org/legacy-ml/gcc/2007-11/msg00091.html





Re: Truth matters when writing software and selecting leaders

2021-04-02 Thread Martin

On 3/30/21 9:10 AM, Jean Louis wrote:

* Martin  [2021-03-30 11:07]:

On 3/29/21 12:26 PM, Jean Louis wrote:

I do not think that Facebook is freeware software, it is cloud service
provider. There are Facebook applications and messengers, maybe you
mean those?  See: https://en.wikipedia.org/wiki/Freeware

Look, even a prison gives you some kind of a freedom to sit in the
cell and associate with other prisoners, within specific
boundaries.

So the freedom in Facebook is there, it is just within prison
walls. For example, if you wish to get contacted by somebody who is
not FB-prisoner, you must invite free citizen to become FB-prisoner
to enter prison walls, as only from inside you can talk to each
other.
Exactly this is also one of the reason why the world "freedom" is not 
any better than "free". Even if we would decide to use "freedom 
software" instead of "free software" the core issue would be similar. 
Both terms are very not precise for nowadays realities.

Back in past, it was possible, and I remember doing so. I have been
using Jabber network and I could freely contact Google Plus users
through Jabber network and I could freely contact Facebook users
through Jabber/XMPP network. It was possible to send email to Facebook
friend without being Facebook user or having Facebook account, they
would answer in their inbox to such email, and you would get
reply. Today it is not possible.
This kind of stories also have some pros. That time Jabber/XMPP network 
was getting big "free" promotion from Facebook, Google, etc. Nowadays 
I'm still using Jabber/XMPP and I have zero interest of having fb, g+, etc.

I get it, that is how you misinterpreted it.

Well, Facebook is not free software, it is online service, and social
network. Applications made by Facebook are free software.
Facebook has also big impact of the web evolution in general. Together 
with Google, MS, Amazon, etc they are creating web prisons heavily 
obfuscated with their javascript trash. It's almost impossible to browse 
modern websites (their "free" applications) in pure GNU "free software" 
environments.

You are free to introduce any new words into English or any other
language. Why not? Is there a law forbidding that? Languages are
changing throughout the centuries, the word "Libre" is today English
word and it has its special definition for software.
To really face the modern threats I would just use a term like: "clean 
open-source, reproducible, bootrstrappable, secure and free software". 
It's long but at least it explicitly describe what it is about without 
any confusion.

The problem I mentioned above is that "free software" unfortunately
could also mean freeware for too many people who are not
professional English linguists nor IT specialists.

That is right, for people on lower literacy level it can mean
anything, including "freeze". For children it may mean just
nothing. The word "free" is definitely one of most common words in
English. As I said, if there is any confusion, that means person did
not verify the context where word is used.
You could say exactly the same about the word "open-source". It's very 
common nowadays and "...if there is any confusion, that means person did 
not verify the context where word is used."

Reproducible build of software is not related to class of
software. While it does seem important, it is more hypothetical rather
than practical. End user usually does not have enough knowledge to
verify software, regardless of all the PGP keys and
hashes. Verification is more for group of people skilled in
security. Even they will make grave mistakes. For example they could
be downloading software from a mirror and verify PGP signatures and
hashes that have been published on a mirror, but would not maybe
verify original PGP signatures and original hashes. Some people may be
tricked with domain names. Reproducible builds are far far from
practical users' data security. Guix is doing well in that
direction. All that is not related to free software definition.
The precursor and the current leader of reproducible-builds efforts is 
still the Debian project. It's not hypothetical effort anymore, there 
are more and more serious and big projects where this concept is used in 
practice, i.e.: Bitcoin, Guix, Coreboot, etc. The biggest benefit for 
the end user is the possibility to easily reproduce their source code 
and verify its compiled binaries with the whole community who is using 
it. This is so far the only way to fight against "Volkswagen emissions 
scandal" cases, where compromised dev environments could inject any 
malicious code to our "free software".

I agree that software should be boostrappable from software that one
can understand and inspect. But that is for many software today not
so. Example is Haskell compiler that can only be compiled with
previous Haskell compiler. I have tried my best to compile it fully
from original source, but pieces of information are missing and it was
not practically pos

Re: Truth matters when writing software and selecting leaders

2021-04-02 Thread Jean Louis
* Martin  [2021-03-30 15:51]:
> This kind of stories also have some pros. That time Jabber/XMPP network was
> getting big "free" promotion from Facebook, Google, etc. Nowadays I'm still
> using Jabber/XMPP and I have zero interest of having fb, g+, etc.

I don't remember that neither Google nor Facebook advertised XMPP,
they did not use directly that term. It was a hidden feature to a
degree. I would be definitely contacting Google and Facebook users
would they have XMPP today.

So I would not contribute promotion of XMPP to them, and I am not sure
if XMPP became more popular due to them.

> Facebook has also big impact of the web evolution in
> general. Together with Google, MS, Amazon, etc they are creating web
> prisons heavily obfuscated with their JavaScript trash. It's almost
> impossible to browse modern websites (their "free" applications) in
> pure GNU "free software" environments.

How I see that impact, governments took about 10-15 years delay to act
on abuses of people's information. Today US courts are heavily
punishing Facebook, maybe other similar too, for past abuses and
tracking of user information without consent. Europe has enacted
similar laws and Facebook and Google are pretty much protesting.

Following that observation it will be quite possible to enslave half
of the world digitally but also medically, until governments start
reacting and observing that human rights are in danger.

That is why right time for outcries and protests is now. Not later.

> > You are free to introduce any new words into English or any other
> > language. Why not? Is there a law forbidding that? Languages are
> > changing throughout the centuries, the word "Libre" is today English
> > word and it has its special definition for software.

> To really face the modern threats I would just use a term like: "clean
> open-source, reproducible, bootrstrappable, secure and free software". It's
> long but at least it explicitly describe what it is about without any
> confusion.

In that sense you minimize the meaning of "free software", as if you
use "open source" it means that maybe it is open source, but also free
of charge -- so there is no definite information that you actually
deal with free software as in liberty.

What would mean "Clean"? I don't know.

If you wish to avoid confusion simple refer by hyperlink to definition
of free software: https://www.gnu.org/philosophy/free-sw.html

Open source definition misses the point:
https://www.gnu.org/philosophy/open-source-misses-the-point.en.html

Please avoid using the term “open” or “open source” as a substitute for “free 
software.”
https://www.gnu.org/philosophy/words-to-avoid.html#Open

Please avoid using the term “open” or “open source” as a substitute
for “free software.” Those terms refer to a different set of views
based on different values. The free software movement campaigns for
your freedom in your computing, as a matter of justice. The open
source non-movement does not campaign for anything in this way.

When referring to the open source views, it's correct to use that name, but 
please do not use that term when talking about us, our software, or our 
views—that leads people to suppose our views are similar to theirs.

Instead of open source, we say, free software or free (libre)
software.

Me, as user of fully free software distribution, I will install
exclusively those which are FSF endorsed, as there is good and better
certainty that my environment is free
software. https://www.gnu.org/distros/free-distros.html

What software is the software you have to distribute? 

> > > The problem I mentioned above is that "free software" unfortunately
> > > could also mean freeware for too many people who are not
> > > professional English linguists nor IT specialists.
> > That is right, for people on lower literacy level it can mean
> > anything, including "freeze". For children it may mean just
> > nothing. The word "free" is definitely one of most common words in
> > English. As I said, if there is any confusion, that means person did
> > not verify the context where word is used.

> You could say exactly the same about the word "open-source". It's very
> common nowadays and "...if there is any confusion, that means person did not
> verify the context where word is used."

Yes, that was ironical. Any word may be misunderstood, but we shall
not change our words to accommodate people who lack certain levels of
education. 

> The precursor and the current leader of reproducible-builds efforts is still
> the Debian project. It's not hypothetical effort anymore, there are more and
> more serious and big projects where this concept is used in practice, i.e.:
> Bitcoin, Guix, Coreboot, etc. The biggest benefit for the end user is the
> possibility to easily reproduce their source code and verify its compiled
> binaries with the whole community who is using it. This is so far the only
> way to fight against "Volkswagen emissions scandal" cases, where compromised
>

Re: Truth matters when writing software and selecting leaders

2021-04-02 Thread Jean Louis
* Martin  [2021-03-30 11:07]:
> On 3/29/21 12:26 PM, Jean Louis wrote:
> > * Martin  [2021-03-29 13:57]:
> >  From the paragraph above, I can see you did not get the difference
> > between the free software and open source. And your analogy is not
> > right. You mentioned price not freedom.
> I know that gnu definition and in general I'm on your site here, but
> unfortunately besides us and other small groups of geeks the "free software"
> term just sounds too general in my opinion.

To me not. I also speak German, Freie Software does not sound
ambiguous, I speak Italian, software libero does not sound ambiguous,
I believe it is same in Spanish, those are large countries with a lot
of population and free software movement is present there.

In my opinion "free software" is so much more specific than "open
source", but you have different opinion. Note that the word "free" in
English in the first place in every dictionary refers to freedom
rather than price.

> People in supermarkets while choosing some free stuffs in promotions
> usually are not thinking about freedom. Besides freeware software
> like Facebook (with all its network, cloud services, etc) gives you
> also some kind of freedom of socializing with other ppl in their
> platform.

I do not think that Facebook is freeware software, it is cloud service
provider. There are Facebook applications and messengers, maybe you
mean those?  See: https://en.wikipedia.org/wiki/Freeware

Look, even a prison gives you some kind of a freedom to sit in the
cell and associate with other prisoners, within specific
boundaries.

So the freedom in Facebook is there, it is just within prison
walls. For example, if you wish to get contacted by somebody who is
not FB-prisoner, you must invite free citizen to become FB-prisoner
to enter prison walls, as only from inside you can talk to each
other.

By contrast, if you have a phone number anywhere in the world issued
by any phone provider, people can call you from other countries
regardless which network provider they have. A citizen of United
States may be called freely from Germany, regardless of their network
providers.

You cannot become member of Reddit and be able to contact Facebook
members directly. Those are network providers who do not cooperate
between each others as they earn money by selling your face and your
private information to advertising companies. They do not want, or so
they think, to dilute their customer base and connect with other
networks.

Back in past, it was possible, and I remember doing so. I have been
using Jabber network and I could freely contact Google Plus users
through Jabber network and I could freely contact Facebook users
through Jabber/XMPP network. It was possible to send email to Facebook
friend without being Facebook user or having Facebook account, they
would answer in their inbox to such email, and you would get
reply. Today it is not possible.

Walls are narrower and narrower.

You Facebook friends have their contact information, but you cannot
easily export that contact information, find their email address or
similar, Facebook made it hard. They are master trader of human
emotions. They blackmail you as Facebook used (not user), with
emotions of loss of contacts to your friends and family. That in
itself is such terrible social injustice and oppression.

Simple rules:

1. Keep your address book on your own computer or phone. Export it and
   make regular backups. This way you will never trust third party
   company and come into situation of losing contacts to your friends
   and family like it is case with Facebook useds.

2. Never upload your address book to remote offline providers. Think
   about it this way, if a total stranger come over to you and asks
   you to give to stranger your address book, would you give it? Most
   probably the answer is NO. But you can at least see the stranger
   face to face, there is possibility of actual human talk with
   stranger, you could ask why you need my address book, and you could
   find out where stranger lives, what is his number, and so on.

   With Google, Facebook, do you know anybody at least face to face?
   They have hundreds of thousands of staff members, many being
   corrupted. What you think what can happen with your data?

> In general Facebook is not only about price, they control almost
> every aspect of human lives around the globe including people who
> are not using their apps directly. Some random person by just
> reading the gnu header that "free software is better than
> open-source" could easily misinterpret it as Facebook being not so
> bad only because it's not open-source.

I get it, that is how you misinterpreted it.

Well, Facebook is not free software, it is online service, and social
network. Applications made by Facebook are free software.

> We use the word "free software" to clearly refer to freedom, we may
> use words such as libre software to refer to freedom.  Libre is just
> more blurred Spani

Dealin with Social Justice Warriors - Re: Truth matters when writing software and selecting leaders

2021-04-02 Thread Jean Louis
* Kaz Kylheku (gnu-misc-discuss) <936-846-2...@kylheku.com> [2021-03-26 19:02]:
> Those incidents could have been "innocent" in the sense that
> the person was really just working on their own and actually member
> of [FOOBAR group], just with a really oboxious personality and
> way of thinking.
> 
> The conspiracy-like theory of mine that I'm referring to is that the
> submitter is not actually a member of any [FOOBAR group]. The claim is fake,
> used by some nefarious agency to push rogue commits.
> 
> To make it crystal clear, I am not in any way "FOOBAR-phobic" or
> whatever.

There are two different viewpoints on who is a member of a group:

- as a registerd member, like let us say elected, registered, voted,
  member, somewhere registered in a list;

- as a moral member or member by self-deterministic association to a
  group, motivated by purposes of the group;

One may belong to one of the above lists without belonging to other,
or may be in both lists.

Free software broader community including those people using free
software without knowing what it is, was since decades a friendly
group, with common issues where majority members, either by
self-deterministic association or as registered members -- had goals
of being united by what is common to the group, and that was software
and activities related to software.

When other politics and other subjects which are not common to the
broader larger group of people are introduced and focused, that is
what causes division, hate, defamations, rumours, and possibly wars in
our human society.

One good part, maybe one fifth of people participating are turning
unconsciously or consciously to the direction where the wind blows,
without feeling of repercussion or understanding the outcomes of their
actions

Thus it is very important to point out those individuals, and not
groups, but individuals who are inciting other people to divide, as
they benefit or gain to their private probably psychopathic purposes.

> Let me articulate the crazy conspiracy theory more precisely: some
> nefarious agencies are injecting animosity into free software
> communities in order to create disruption which will have the result
> of bringing changes into projects, such that the leadership of those
> projects becomes more docile and pliable in the face of pressure
> from those nefarious agencies. Nefarious agencies could be
> corporations, governments (local and foreign), you name it.

It is good that you see patterns. We are in matrix as in the
movie. Large corporations are backed up by even larger powers who know
how to influence the world, create more or less of any subject in the
world, they know to press a button Y that will destroy the subject X
in foreseeable future.

> I think the most level-headed attitude to have is represented in that
> "no code of conduct". https://nocodeofconduct.com/

Yes. It is practical, it works well without it. Yet Code of Conduct is
like code of basic agreements that relate to specific group, in itself
a Code of Conduct can be good thing. Problems come with enforcements
and focus on negativities. Both the node code of conduct and code of
conduct can be abuse to extremes. Groups attract people that are group
alike, with or without code of conduct. A bad group can have a good
code of conduct and still engage in activities contrary to their own
code of conduct. A no code of conduct can attract both good and bad
people whatever good and bad means for the reader. People in groups
will attract people similar people to join.

Greater problem with those groups maintaining the Code of Conduct is
the abuse of power where individuals instead of advising participants,
rather start publicly shaming others, accusing, defaming, harassing
and that evolves into bullying that is all justified by whatever
established code of conducts. It is perversion of authorities,
perversion of power and perversion of justice. This kind of people
enjoy in doing so as justice is not present in those groups. Rarely
somebody will decide to sue the other person for defamation,
criminal accusations, and similar. But they should IMHO.

Code of conducts are not legally binding to anything. They represent
wished behavior by the management of particular organization, but
cannot be imposed. The organization or group imposing the code of
conduct should put a great care to abide by the law first and
foremost. That is the missing part of all of Codes of
Conducts.

Somebody steps little beyond the Code of Conduct, and then the
harassment starts beyond what is considered decent human behavior,
incitements to criminal acts and harm to other organizations and other
people.

Please read:

Shawn James,  Black Freelance Writer: How to Deal With Social Justice Warriors 
or SJWs
https://shawnsjames.blogspot.com/2017/09/how-to-deal-with-social-justice.html

How to deal with SJWs – a conservative’s guide | The Conservative Woman
https://www.conservativewoman.co.uk/how-to-deal-with-sjws-a-conservative

Re: Truth matters when writing software and selecting leaders

2021-04-02 Thread Jean Louis
* Martin  [2021-03-29 13:57]:
> On 3/28/21 6:47 AM, Jean Louis wrote:
> > * shulie  [2021-03-27 21:28]:
> > > On 3/24/21 10:55 PM, Jacob Bachmeyer wrote:
> > > > As I understand, RMS always thought that proprietary software
> > > > companies would make some kind of large legal attack on the GNU project,
> > > > 
> > > no - this is just how the extreme left works now.  They scream until you
> > > agree with them.
> > We are here together because of free software, that is where we can
> > agree upon that we like it, promote it, it is useful, helps people,
> > preserves users freedom and control of their data.
> The problem is that everyone define the term "free software" in many
> different ways.

We speak here on this mailing list in the context of free software as
how it is defined on this hyperlink:
https://www.gnu.org/philosophy/free-sw.html

> Controversial statements like
> https://www.gnu.org/philosophy/free-software-for-freedom.en.html
> making this issue even more confusing.

It may be controversial, but it brings clarification on what is "open
source", which is vague ambiguous term, and what is free
software.

> There are many non ethical open-source licenses and obfuscated codes
> but saying that free software is better than open-source in general
> is like saying that official facebook app (binary blob available for
> free) is better than telegram app (open source client available only
> with commercial and centralized backend

>From the paragraph above, I can see you did not get the difference
between the free software and open souce. And your analogy is not
right. You mentioned price not freedom.

The word "free" in English has various definitions, in the fist
definition it is related to freedom, not price.

Free software is free as related to freedom on what users can do with
it, not related to price. In fact, you and everybody is encouraged to
sell it. People are making millions on sales of free software.

* Overview of verb free

The verb free has 11 senses (first 8 from tagged texts)
1. (6) free, liberate, release, unloose, unloosen, loose -- (grant freedom to; 
free from confinement)
2. (3) rid, free, disembarrass -- (relieve from; "Rid the house of pests")
3. (3) dislodge, free -- (remove or force out from a position; "The dentist 
dislodged the piece of food that had been stuck under my gums"; "He finally 
could free the legs of the earthquake victim who was buried in the rubble")
4. (1) exempt, relieve, free -- (grant relief or an exemption from a rule or 
requirement to; "She exempted me from the exam")
5. (1) free, release -- (make (information) available for publication; "release 
the list with the names of the prisoners")
6. (1) free, discharge -- (free from obligations or duties)
7. (1) free, disengage -- (free or remove obstruction from; "free a path across 
the cluttered floor")
8. (1) absolve, justify, free -- (let off the hook; "I absolve you from this 
responsibility")
9. release, relinquish, resign, free, give up -- (part with a possession or 
right; "I am relinquishing my bedroom to the long-term house guest"; "resign a 
claim to the throne")
10. release, free, liberate -- (release (gas or energy) as a result of a 
chemical reaction or physical decomposition)
11. unblock, unfreeze, free, release -- (make (assets) available; "release the 
holdings in the dictator's bank account")

> https://en.wikipedia.org/wiki/Telegram_(software)#Security ). We
> need updated, clearer and more explicit definition (not just better
> or worst intuitions) of the perfect free, open-source, secure,
> reproducible and bootstrappable hardware/software/system that could
> unite us again.

We use the word "free software" to clearly refer to freedom, we may
use words such as libre software to refer to freedom.

We do not use "open source" as that is vague term, and does not
necessarily mean "free software". The distinction is more and more
important today. Companies are publishing software under "open source"
licenses, that is not free software, that is proprietary software for
this or the other reason. Example is the Debian's non-free software
that has sources but is not free software, that is why it is called
non-free. 

> If RMS/FSF/GNU/Free Software go down now, we are defeated and we let
> > those corporations control every single citizen on this planet.

Well, RMS's one word or event or activity may influence the whole
world. That is true.

FSF is providing essential financial and technical support to various
free software distributions, at least I am so convinced, I do not have
the underlying information. It is very hard for FSF to go down for as
long as there are supporters and management that properly distribute
finances to support distribution of free software.

Now, GNU as free software, that is harder to get down, even without
the FSF, as everybody is free to replicate the GNU website, and GNU
software, but rarely some individual has resources and money enough to
do so, larger companies d

Re: Truth matters when writing software and selecting leaders

2021-04-02 Thread Martin

On 3/28/21 6:47 AM, Jean Louis wrote:

* shulie  [2021-03-27 21:28]:

On 3/24/21 10:55 PM, Jacob Bachmeyer wrote:

As I understand, RMS always thought that proprietary software
companies would make some kind of large legal attack on the GNU project,


no - this is just how the extreme left works now.  They scream until you
agree with them.

We are here together because of free software, that is where we can
agree upon that we like it, promote it, it is useful, helps people,
preserves users freedom and control of their data.
The problem is that everyone define the term "free software" in many 
different ways. Controversial statements like 
https://www.gnu.org/philosophy/free-software-for-freedom.en.html making 
this issue even more confusing. There are many non ethical open-source 
licenses and obfuscated codes but saying that free software is better 
than open-source in general is like saying that official facebook app 
(binary blob available for free) is better than telegram app (open 
source client available only with commercial and centralized backend 
https://en.wikipedia.org/wiki/Telegram_(software)#Security ). We need 
updated, clearer and more explicit definition (not just better or worst 
intuitions) of the perfect free, open-source, secure, reproducible and 
bootstrappable hardware/software/system that could unite us again.

If RMS/FSF/GNU/Free Software go down now, we are defeated and we let
those corporations control every single citizen on this planet.
This organizations and individuals are helpful but not crucial. Control 
of resources never last forever https://www.youtube.com/watch?v=NKkvPxYNh9A





Re: Truth matters when writing software and selecting leaders

2021-03-28 Thread Jean Louis
* shulie  [2021-03-27 21:28]:
> On 3/24/21 10:55 PM, Jacob Bachmeyer wrote:
> >
> > As I understand, RMS always thought that proprietary software
> > companies would make some kind of large legal attack on the GNU project, 

> no - this is just how the extreme left works now.  They scream until you
> agree with them.

We are here together because of free software, that is where we can
agree upon that we like it, promote it, it is useful, helps people,
preserves users freedom and control of their data.

Yes, there can be attacks on GNU, FSF, RMS, free software -- this has
been taking on and on for long time, starting with Microsoft, UNIX
trademarks, proprietary software companies not respecting GPL, and
there are many serious, highly interested corporations that wish to
see both FSF and GNU and RMS and decline of free software.

There are interests to legally break private encryption, to open up
backdoors in encryption.

One word of RMS spoken in public is more worth thant 1 people
speaking in public related to encryption safety!

Those large corporations such as Bill Gates corporation have vested
interest in proprietary software!

Look just at vaccines, it is multi-billion dollar business run by Bill
Gates -- vaccines are proprietary and there may be intention to even
implant chips into human bodies.

If we fight now for freedom for users to control their data, we are
fighting for control of human society in future.

If RMS/FSF/GNU/Free Software go down now, we are defeated and we let
those corporations control every single citizen on this planet.




Re: Truth matters when writing software and selecting leaders

2021-03-27 Thread Jean Louis
* shulie  [2021-03-27 21:28]:
> On 3/24/21 10:13 PM, Akira Urushibata wrote:
> > In response to the storm of criticism, the FSF Board has decided to
> > vote to determine whether RMS should return to the board.  I observe
> > that both sides have initiated petition drives
> 
> The FSF just makes itself impotent and irrelevant like this.  It needs
> to take a stand on due process, tolerance and justice.

FSF is already in the process and while I am not in US, I am sure they
do consider various public facts, but I think they should not. As
letter of support to RMS or letter of absence of support does not
change anything, and putting focus on activities that do not support
FSF campaigns waste time and effort.

The apparent problem could be said with the public image -- but we can
observe that many organizations move on with their purposes
regardless.

In my opinion it is more important to stick to promotion of purposes
rather than handling what some people organized on Github.

>From legal viewpoint of Articles of Incorporation or By-laws, FSF is
not necessarily there to protect or involve itself in public speech,
but can do so if they wish.

It is there to promote free exchange of software. It does so by
supporting GNU and free OS-es.

Because the FSF's legal foundation is not well defined it opens door
to inclusion of decision making people who may deviate FSF purposes to
be something else than what it was meant to be. 

Jean



Re: Truth matters when writing software and selecting leaders

2021-03-27 Thread shulie
On 3/24/21 10:55 PM, Jacob Bachmeyer wrote:
>
> As I understand, RMS always thought that proprietary software
> companies would make some kind of large legal attack on the GNU project, 



no - this is just how the extreme left works now.  They scream until you
agree with them.




Re: Truth matters when writing software and selecting leaders

2021-03-27 Thread shulie
On 3/24/21 10:27 PM, DJ Delorie wrote:
> The problem with Truth is that there's your Truth, and someone else's
> Truth. 



No, there is ACTUAL truth.




Re: Truth matters when writing software and selecting leaders

2021-03-27 Thread shulie
On 3/24/21 10:13 PM, Akira Urushibata wrote:
> In response to the storm of criticism, the FSF Board has decided to
> vote to determine whether RMS should return to the board.  I observe
> that both sides have initiated petition drives


The FSF just makes itself impotent and irrelevant like this.  It needs
to take a stand on due process, tolerance and justice.  The vote should
never have hapened and RMS should never had resigned.  Let them open a
commitee to investigate charges, and hear witnesses through due fair
rules, not through petition wars and histerical crying.  Until then, RMS
should remain in charge of the FSF.  And honestly, when real due process
is applied, Richard will be COMPLETELY obsolved of any wrong doing.  His
soul crime in he speaks up, defended his friends, and suffers some
emotional disabilities which these "people" exploit to drive him from
his lifes work.




Re: Truth matters when writing software and selecting leaders

2021-03-27 Thread shulie
On 3/24/21 10:55 PM, Jacob Bachmeyer wrote:
> That is not to say that I believe a word of them, but can we actually
> prove that each one is false?  



we have already gone through this and it is absolutely false.  But you
know what... if you can't win, make things up and upend ue process.






Re: Truth matters when writing software and selecting leaders

2021-03-26 Thread Jacob Bachmeyer

Kaz Kylheku (gnu-misc-discuss) wrote:

On 2021-03-25 18:57, Jacob Bachmeyer wrote:

Kaz Kylheku (gnu-misc-discuss) wrote:

On 2021-03-24 19:55, Jacob Bachmeyer wrote:

[...] I now wonder if
we may be seeing a different angle of an attack on the GNU project
that RMS did not anticipate.


I also have similar suspicions. If you can replace the stewards of
free software with meek, emotional weaklings, or fools, you can easily
manipulate those projects in whatever direction you see fit.

"You must accept this backdoor patch because it's written by a
member of a vulnerable, disadvantaged group."

If you don't think that's coming, just sit back and watch.


I have vague memories of similar incidents having already occurred,
although I do not recall exactly what they were.  I think they were
actually demands for direct commit access, on the grounds that none of
the active developers were [insert FOOBAR group name here].  I want to
say that the attempts failed, but I am not certain.

[...]


Those incidents could have been "innocent" in the sense that
the person was really just working on their own and actually member
of [FOOBAR group], just with a really oboxious personality and
way of thinking.

The conspiracy-like theory of mine that I'm referring to is that the
submitter is not actually a member of any [FOOBAR group]. The claim is 
fake,

used by some nefarious agency to push rogue commits.


There was a time when I would call you paranoid for that, but then 
Snowden (never mind how that guy somehow got a security clearance after 
publicly stating his intention to leak whatever he could grab -- my tax 
dollars at work bungling a background check, obviously) dumped a bunch 
of documents, and even if I still doubt the NSA would go quite that far 
against the GNU project, I am convinced that there are plenty of foreign 
agencies that would try it.



To make it crystal clear, I am not in any way "FOOBAR-phobic" or
whatever.


I think I might remember what FOOBAR actually was, but I deliberately 
replaced it with a placeholder to exclude any question of irrational 
fears related to any specific group.



That strategy will easily work if the project leaders have been
replaced by mental/emotional weaklings, by some coup in which the 
original

leaders were displaced for faintly smelling of being resistant
to unconditional "inclusivity".


You mean like the ousting of Brendan Eich, who had stated in no 
uncertain terms that Firefox would not support DRM, after which Mozilla 
reversed that decision?


That also ignores the harm that that larger incident has likely done to 
the cause of transparency in politics, since the activists specifically 
promised the court that there would be no harassment of the people whose 
names they wanted revealed, a promise that was quickly shown to be 
utterly worthless.  The next shady group that wants to keep their donor 
list secret can now point to that case and its aftermath as justification.



I'm not even saying anything like that the new project leaders are
moles.  Basically everyone involved, up to that point, had just been
a pawn being played.

Let me articulate the crazy conspiracy theory more precisely:
some nefarious agencies are injecting animosity into free software
communities in order to create disruption which will have the result
of bringing changes into projects, such that the leadership of those
projects becomes more docile and pliable in the face of pressure from
those nefarious agencies. Nefarious agencies could be corporations,
governments (local and foreign), you name it.


The major problem I have with this is that I do not recall seeing any of 
the initial disruptions your conspiracy theory posits.



The disruption is what causes certain social activists to take notice
of free software and become attracted to free software projects
in the first place.


Can you show such disruptions prior to the arrival of the certain social 
activists?


I suspect that the activists were also the sources of the initial 
disruptions.  This is one of the reasons that they have not gotten very 
far, as they are simply invaders in every sense and they do not fit 
amongst us at all.  Even the attacks on RMS are predominately based on 
pressure from outside of our community, although they may expose 
foolish, cowardly, or deluded members of our community.



"Hey there is this world of free software which is really great
and powers most of the Internet. But I hear stories about how it's
run by volunteers some of whom are bad people. Racists, trans-phobics,
defenders of pedophilia and sex trafficking. That's how I even heard
about this stuff in the first place, sadly! Well, we can fix that.
Gosh, darn it, I'm gonna join one of these projects and do something
about it!"


The solution here is to refuse to create sinecure positions of any sort 
and to demand technical competence for technical work.  The worst of the 
social activists, whose only skill is whining, will be effectivel

Re: Truth matters when writing software and selecting leaders

2021-03-26 Thread Kaz Kylheku (gnu-misc-discuss)

On 2021-03-25 18:57, Jacob Bachmeyer wrote:

Kaz Kylheku (gnu-misc-discuss) wrote:

On 2021-03-24 19:55, Jacob Bachmeyer wrote:
Does there appear to be some form of hidden coordination behind these 
articles?


As I understand, RMS always thought that proprietary software
companies would make some kind of large legal attack on the GNU
project, so he was very particular about setting up the FSF and
arranging for copyrights on many GNU packages to be held by the FSF.
If we interpret the SCO mess as that attack, the strategy seems to
have worked:  SCO did not attack GNU, but instead attempted to attack
the Linux kernel project.  Ultimately, they failed but I now wonder 
if

we may be seeing a different angle of an attack on the GNU project
that RMS did not anticipate.


I also have similar suspicions. If you can replace the stewards of
free software with meek, emotional weaklings, or fools, you can easily
manipulate those projects in whatever direction you see fit.

"You must accept this backdoor patch because it's written by a
member of a vulnerable, disadvantaged group."

If you don't think that's coming, just sit back and watch.


I have vague memories of similar incidents having already occurred,
although I do not recall exactly what they were.  I think they were
actually demands for direct commit access, on the grounds that none of
the active developers were [insert FOOBAR group name here].  I want to
say that the attempts failed, but I am not certain.

As a maintainer of a package that I did not write, I expect that I
would react very badly to anyone trying to push an obviously defective
patch on grounds of personal identity.


Those incidents could have been "innocent" in the sense that
the person was really just working on their own and actually member
of [FOOBAR group], just with a really oboxious personality and
way of thinking.

The conspiracy-like theory of mine that I'm referring to is that the
submitter is not actually a member of any [FOOBAR group]. The claim is 
fake,

used by some nefarious agency to push rogue commits.

To make it crystal clear, I am not in any way "FOOBAR-phobic" or
whatever.

That strategy will easily work if the project leaders have been
replaced by mental/emotional weaklings, by some coup in which the 
original

leaders were displaced for faintly smelling of being resistant
to unconditional "inclusivity".

I'm not even saying anything like that the new project leaders are
moles.  Basically everyone involved, up to that point, had just been
a pawn being played.

Let me articulate the crazy conspiracy theory more precisely:
some nefarious agencies are injecting animosity into free software
communities in order to create disruption which will have the result
of bringing changes into projects, such that the leadership of those
projects becomes more docile and pliable in the face of pressure from
those nefarious agencies. Nefarious agencies could be corporations,
governments (local and foreign), you name it.

The disruption is what causes certain social activists to take notice
of free software and become attracted to free software projects
in the first place.

"Hey there is this world of free software which is really great
and powers most of the Internet. But I hear stories about how it's
run by volunteers some of whom are bad people. Racists, trans-phobics,
defenders of pedophilia and sex trafficking. That's how I even heard
about this stuff in the first place, sadly! Well, we can fix that.
Gosh, darn it, I'm gonna join one of these projects and do something
about it!"

Think of the analogy of smearing something with blood to attract
predators.

I think the most level-headed attitude to have is represented in that
"no code of conduct". https://nocodeofconduct.com/

Projects must put up a barrier against allowing manipulation via
irrelevant politics. All decisions must be purely technical. Nobody
must be allowed to manipulate technical decisions, like what software
changes are approved, by means of gender identity politics, race or
anything else. This is necessary for software security and the survival
of free software as such.




Re: Truth matters when writing software and selecting leaders

2021-03-25 Thread Jacob Bachmeyer

Kaz Kylheku (gnu-misc-discuss) wrote:

RMS didn't like "they" used as a singular, due to issues such
as a ambiguities of reference (is the antecedent the two people
mentioned, or just the latter?) He invented gender-neutral pronouns
and uses them. Those pronouns carry no indication of someone's
biological gender or sexual identity.


RMS's preferred-use pronoun "person" is not his own invention; it was 
used in a book that (ambiguously) depicted a future androgynous utopia.  
(Was the utopia a vision of a future or just the viewpoint character's 
hallucination?)  I have objected to it previously on the grounds that 
the possessive form "per" is also a preposition in English and its use 
in both roles makes text difficult to read, although I admit that I have 
yet to find an instance where it introduces an unresolvable ambiguity.  
In the end, I am fine with it as a quirk of RMS's own speech and 
writing, but I do push to keep it and other invented pronouns out of GNU 
project documents and policy statements, where they could be stumbling 
blocks for readers for whom English is a second (or third or fourth or 
...) language.



One's name is a very important asset; when you sign it under
a document which contains lies, without being deceived or coerced,
you severely tarnish that asset.


Some people do not seem to have that concept or any notion of honor at 
all other than a means to manipulate others who do have those.



-- Jacob



Re: Truth matters when writing software and selecting leaders

2021-03-25 Thread Jacob Bachmeyer

Kaz Kylheku (gnu-misc-discuss) wrote:

On 2021-03-24 19:55, Jacob Bachmeyer wrote:
Does there appear to be some form of hidden coordination behind these 
articles?


As I understand, RMS always thought that proprietary software
companies would make some kind of large legal attack on the GNU
project, so he was very particular about setting up the FSF and
arranging for copyrights on many GNU packages to be held by the FSF.
If we interpret the SCO mess as that attack, the strategy seems to
have worked:  SCO did not attack GNU, but instead attempted to attack
the Linux kernel project.  Ultimately, they failed but I now wonder if
we may be seeing a different angle of an attack on the GNU project
that RMS did not anticipate.


I also have similar suspicions. If you can replace the stewards of
free software with meek, emotional weaklings, or fools, you can easily
manipulate those projects in whatever direction you see fit.

"You must accept this backdoor patch because it's written by a
member of a vulnerable, disadvantaged group."

If you don't think that's coming, just sit back and watch.


I have vague memories of similar incidents having already occurred, 
although I do not recall exactly what they were.  I think they were 
actually demands for direct commit access, on the grounds that none of 
the active developers were [insert FOOBAR group name here].  I want to 
say that the attempts failed, but I am not certain.


As a maintainer of a package that I did not write, I expect that I would 
react very badly to anyone trying to push an obviously defective patch 
on grounds of personal identity.



-- Jacob




Fact: RMS is innocent - how to complain - Re: Truth matters when writing software and selecting leaders

2021-03-25 Thread Jean Louis
The public boycotting with purpose to defame RMS is posted on Github:
https://github.com/rms-open-letter/rms-open-letter.github.io

PLEASE COMPLAIN and express your resentment to Github by reporting
hate speech, discrimination, bullying and harassment on Github at this
page:

GitHub Support
https://support.github.com/contact/report-abuse?category=report-abuse&report=other&report_type=unspecified

Because Github is Microsoft organization with a clear set of community
guidelines:
https://docs.github.com/en/github/site-policy/github-community-guidelines

Quote:
==

Hate speech and discrimination

While it is not forbidden to broach topics such as age, body size,
disability, ethnicity, gender identity and expression, level of
experience, nationality, personal appearance, race, religion, or
sexual identity and orientation, we do not tolerate speech that
attacks a person or group of people on the basis of who they are. Just
realize that when approached in an aggressive or insulting manner,
these (and other) sensitive topics can make others feel unwelcome, or
perhaps even unsafe. While there's always the potential for
misunderstandings, we expect our community members to remain
respectful and civil when discussing sensitive topics.

Bullying and harassment

We do not tolerate bullying or harassment. This means any habitual
badgering or intimidation targeted at a specific person or group of
people. In general, if your actions are unwanted and you continue to
engage in them, there's a good chance you are headed into bullying or
harassment territory.





Fact: RMS is innocent - Re: Truth matters when writing software and selecting leaders

2021-03-25 Thread Jean Louis
* Kaz Kylheku (gnu-misc-discuss) <936-846-2...@kylheku.com> [2021-03-25 15:35]:
> On 2021-03-24 19:13, Akira Urushibata wrote:
> > Richard Stallman recently announced at LibrePlanet that he would
> > return to the FSF board.  Soon after this announcement, many articles
> > appeared online stating strong objection to his return.
> > 
> > I have read several of them and I do not like what I see.
> 
> I see lies. For instance:

In fact, boycotters needs some intellect to negatively present
positive statements, and they need to know how to express their words
so that they "kick in" at casual observers, readers who never examine
the facts. It is good to stick to a fact that RMS is innocent and was
never accused of anything. 

> "RMS has spent years on a campaign against using people’s correct
>  pronouns. This is poorly disguised transphobia. [...]
>  The main page on his web site includes the statement that
>  “‘They’ is plural — for singular antecedents, use singular
>  gender-neutral pronouns.”"
> 
>  [https://rms-open-letter.github.io/appendix]

Yes, I see that very positive influence on society, but now Molly
White, does not like it and tries to construe something negative out
of it. 

> But the references given completely contradict this claim.
> Did they not read the material, one has to wonder.

It is easy. Malicious intent. Personal hate. Hate mongering.

> RMS didn't like "they" used as a singular, due to issues such
> as a ambiguities of reference (is the antecedent the two people
> mentioned, or just the latter?) He invented gender-neutral pronouns
> and uses them. Those pronouns carry no indication of someone's
> biological gender or sexual identity.

Of course, but trying to defend a fact against malicious intent will
result with another false fact being presented. Insane psychopatic
social justice warriors do not act by reason.

> The individuals and organizations who signed the petitition added
> their names under a letter that contains or references bare-faced
> lies.

Everybody is free to believe what they want, and sign any letters they
want. That speaks for them and their own behavior.

To better understand the nature of social justice warriors, here is
the reference:

https://www.deviantart.com/aristodes/art/50-Reasons-why-SJWs-Suck-575496053

Jean



Re: Truth matters when writing software and selecting leaders

2021-03-25 Thread Kaz Kylheku (gnu-misc-discuss)

On 2021-03-24 19:55, Jacob Bachmeyer wrote:
Does there appear to be some form of hidden coordination behind these 
articles?


As I understand, RMS always thought that proprietary software
companies would make some kind of large legal attack on the GNU
project, so he was very particular about setting up the FSF and
arranging for copyrights on many GNU packages to be held by the FSF.
If we interpret the SCO mess as that attack, the strategy seems to
have worked:  SCO did not attack GNU, but instead attempted to attack
the Linux kernel project.  Ultimately, they failed but I now wonder if
we may be seeing a different angle of an attack on the GNU project
that RMS did not anticipate.


I also have similar suspicions. If you can replace the stewards of
free software with meek, emotional weaklings, or fools, you can easily
manipulate those projects in whatever direction you see fit.

"You must accept this backdoor patch because it's written by a
member of a vulnerable, disadvantaged group."

If you don't think that's coming, just sit back and watch.




Re: Truth matters when writing software and selecting leaders

2021-03-25 Thread Jean Louis


RMS is innocent and did not do anything illegal.

* Akira Urushibata  [2021-03-25 14:45]:
> If the FSF Board votes soon on whether RMS should be reinstalled,
> gives into outside pressure and decides to keep him out, the world
> would interpret this as endorsement of the widespread view that
> RMS "defended" Jeffrey Epstein.

Those are not widespread views, maybe widespread negative propaganda;
outside of scope of any reality.

What we have at hand is "cancel culture" -
https://en.wikipedia.org/wiki/Cancel_culture

In other words, we are not in 21st century, we are in middle
ages, just that boycotters are afraid to get arrest, that is why they
don't stone the victims, in this example RMS.

Boycotting Stallman without evidences? That is in most countries
illegal, but somehow tolerated by RMS, as he is good hearted
person.

It is very easy to write such open letters, and also organize leads
lists, like to have people "sign the cause", that is very easy. But
those people, none of them, they have never verified the facts. For me
personally is unbelievable that programmers who are meant to be
logical, truth seeking individuals, can easily be mislead and turn
against a friend, as RMS is a friend to all of them, by anything he
did and is doing for society in the context of free software.

> Now the individuals on the Board may make their decisions on other
> grounds, but I am afraid many people are not going to pay attention.

I would say who cares? FSF has to do and continue its purpose, that is
what matters.

> Why would anyone defend a pedophile?  The most likely reason:
> because he (or she) is a pedophile too.

One need either sufficient gullibility or lack of ability to
differentiate, to believe that RMS ever defended any criminals. His
viewpoints are personal and his intellect over those who misjudge his
talks. Finally, for talking he is stoned in public. What a nonsense. 

It looks as targeted organized attack, as I can see taking his
statements out of context became a dear hobby for some of social
justice warriors.

> I believe many of you have photos with RMS posing beside.  Think
> well how they will play in the hands of your adversaries. 

Pity I don't have it.

I think that open letter is written by highle insane and dangerous
psychopat(s), would they be given opportunity, they would go after
somebody's life.

RMS is innocent and did not do anything illegal. RMS is to be
supported in his efforts to improve society.

I am not sure if this subject belongs to this mailing list.

Jean



Re: Truth matters when writing software and selecting leaders

2021-03-25 Thread Kaz Kylheku (gnu-misc-discuss)

On 2021-03-24 19:13, Akira Urushibata wrote:

Richard Stallman recently announced at LibrePlanet that he would
return to the FSF board.  Soon after this announcement, many articles
appeared online stating strong objection to his return.

I have read several of them and I do not like what I see.


I see lies. For instance:

"RMS has spent years on a campaign against using people’s correct
 pronouns. This is poorly disguised transphobia. [...]
 The main page on his web site includes the statement that
 “‘They’ is plural — for singular antecedents, use singular
 gender-neutral pronouns.”"

 [https://rms-open-letter.github.io/appendix]

But the references given completely contradict this claim.
Did they not read the material, one has to wonder.

RMS didn't like "they" used as a singular, due to issues such
as a ambiguities of reference (is the antecedent the two people
mentioned, or just the latter?) He invented gender-neutral pronouns
and uses them. Those pronouns carry no indication of someone's
biological gender or sexual identity.

This shows that RMS cares about the issue and has put in more effort
into respectful communication than many an editor of a random
LGBTQ newsletter.

The individuals and organizations who signed the petitition added
their names under a letter that contains or references
bare-faced lies.

I don't understand why anyone would do that, even if they support
the removal for some other reasons which seem valid to per.

One's name is a very important asset; when you sign it under
a document which contains lies, without being deceived or coerced,
you severely tarnish that asset.




Re: Truth matters when writing software and selecting leaders

2021-03-25 Thread Akira Urushibata
If the FSF Board votes soon on whether RMS should be reinstalled,
gives into outside pressure and decides to keep him out, the world
would interpret this as endorsement of the widespread view that
RMS "defended" Jeffrey Epstein.  Now the individuals on the Board
may make their decisions on other grounds, but I am afraid many
people are not going to pay attention.

Why would anyone defend a pedophile?  The most likely reason:
because he (or she) is a pedophile too.

I believe many of you have photos with RMS posing beside.  Think
well how they will play in the hands of your adversaries.





Re: Truth matters when writing software and selecting leaders

2021-03-24 Thread Jean Louis
* Jacob Bachmeyer  [2021-03-25 05:58]:
> Akira Urushibata wrote:
> > Richard Stallman recently announced at LibrePlanet that he would
> > return to the FSF board.  Soon after this announcement, many articles
> > appeared online stating strong objection to his return.
> 
> Does there appear to be some form of hidden coordination behind these
> articles?

Any larger media organizations works by using keywords. They keep
files and have directions on how to write about the specific
keyword. Direction may say when keyword ABC appears, you have to
mention XYZ and GHJ keywords. They know how to sell their stuff. They
repeat what makes flames. If I remember well blood is somewhere on
first place, then comes sex, but I forgot the major 4 subjects that
"sell". Directions are political more or less. Journalists in a
specific organization are not free to say what they really want, they
comply to directions of an organization. It is not a single employed
journalist that has full freedom of speech, it is the
organization. Directions can be political and could be orchestrated
and coordinated by their source or origin, not necessarily by the
organizational's director. The source or origin may be well planned so
that future coordination appears random. When keyword like RMS appears
anywhere in media, they just do their drill.

> As I understand, RMS always thought that proprietary software companies
> would make some kind of large legal attack on the GNU project, so he was
> very particular about setting up the FSF and arranging for copyrights on
> many GNU packages to be held by the FSF.

Exactly, and those attacks are taking place from time to time,
including GPL violations. It is just that respons is mild and friendly
with purpose to create more free software. 

My opinion is that focus for FSF is mainly on their well established
purposes, on what really matters and focus to defend or resolve
various public opinions is of low priority.




Re: Truth matters when writing software and selecting leaders

2021-03-24 Thread Jean Louis
* Akira Urushibata  [2021-03-25 05:14]:
> Richard Stallman recently announced at LibrePlanet that he would
> return to the FSF board.  Soon after this announcement, many articles
> appeared online stating strong objection to his return.
> 
> I have read several of them and I do not like what I see.  Repeatedly
> I encounter the false claim that RMS "defended" Jeffrey Epstein.
> I also see voices which criticize RMS employing vague terms such as
> "bad behavior" which those not properly informed would interpret as
> being fond of Epstein and antagonistic toward women who fall victim to
> sexual exploitation.

Many websites earn from their visitors, sales of advertising, and any
famous names are quickly picked up and replicated with intention to
draw few more dollars.

Some websites are politically oriented, and may support causes that
are opposite to free software movement. And then we have some websites
run by people who never look into any facts and support their own
whatever view points on the world.

> In response to the storm of criticism, the FSF Board has decided to
> vote to determine whether RMS should return to the board.  I observe
> that both sides have initiated petition drives:
> 
> https://github.com/KenjiBrown/rms-open-letter.github.io/blob/main/index.md

Nice.

I just don't get it why that has to be published on Github, people
don't know any more how to open up their own websites?

> In my opinion the FSF leaders are not doing things in the right order.
> First they should make an official statement saying that there are
> serious errors in recent news articles.

One has to understand the nature of a friendly foundation that
supports control of users over their data. Regardless of the money
available, do they want to use money on correcting numerous statements
online or forwarding their cause? 

There is freedom of expression, too many times FSF and GNU, RMS and
related parties do not make much of a reaction on online reactions,
but just keep forwarding their cause. 

Putting focus on what really matters, not on what were reactions is a
virtue.

> They should also consider legal action.  The decision whether RMS
> belongs on the FSF Board should wait until those who are spreading
> misinformation are brought to justice.

What you describe is possible, legal actions are possible, but as I
said forwarding their cause to promote free software, helping
distributions spread free software is what really matters. Each party
has to put priorities in their activities.

Another issue can be that FSF does not know nothing about those
articles, and that they maybe don't read this mailing list, so if you
think they should know about it, just write directly to FSF or RMS and
notify them.




Re: Truth matters when writing software and selecting leaders

2021-03-24 Thread Jacob Bachmeyer

Akira Urushibata wrote:

Richard Stallman recently announced at LibrePlanet that he would
return to the FSF board.  Soon after this announcement, many articles
appeared online stating strong objection to his return.
  


Does there appear to be some form of hidden coordination behind these 
articles?


As I understand, RMS always thought that proprietary software companies 
would make some kind of large legal attack on the GNU project, so he was 
very particular about setting up the FSF and arranging for copyrights on 
many GNU packages to be held by the FSF.  If we interpret the SCO mess 
as that attack, the strategy seems to have worked:  SCO did not attack 
GNU, but instead attempted to attack the Linux kernel project.  
Ultimately, they failed but I now wonder if we may be seeing a different 
angle of an attack on the GNU project that RMS did not anticipate.



I have read several of them and I do not like what I see.  Repeatedly
I encounter the false claim that RMS "defended" Jeffrey Epstein.
I also see voices which criticize RMS employing vague terms such as
"bad behavior" which those not properly informed would interpret as
being fond of Epstein and antagonistic toward women who fall victim to
sexual exploitation.
  


Do we have properly documented refutations of these claims?  That is not 
to say that I believe a word of them, but can we actually prove that 
each one is false?  As in refuting "RMS said X at ABC" with "no, RMS 
actually said Y at ABC; Y != X", ideally with video of RMS saying Y at ABC?



In response to the storm of criticism, the FSF Board has decided to
vote to determine whether RMS should return to the board.  I observe
that both sides have initiated petition drives:

https://github.com/KenjiBrown/rms-open-letter.github.io/blob/main/index.md
  


That one is interesting; the only minor quibble I have is that we really 
do need to have some kind of plan for "after RMS" because that will 
happen some day...


... and the part about using GitHub pull requests to sign the letter, 
which is a bit of a problem from a software freedom standpoint.  At 
least it also provides an email address to send signatures to, unlike 
the other letter it mentions at 
https://github.com/rms-support-letter/rms-support-letter.github.io/blob/master/index.md>.



https://itwire.com/open-source/foss-developers-launch-petition-to-push-out-stallman,-fsf-board.html
  


According to that article, the whole thing started from a clearly true 
statement about sexual assault being a broad category?  Wait... were 
those also the remarks that were taken out of context from an internal 
private mailing list?



In my opinion the FSF leaders are not doing things in the right order.
First they should make an official statement saying that there are
serious errors in recent news articles.  They should also consider
legal action.  The decision whether RMS belongs on the FSF Board
should wait until those who are spreading misinformation are brought
to justice.
  


Unfortunately, freedom of speech here in USA protects even blatant lies 
to some extent.  (If I remember correctly, it was Fox News that took a 
case all the way to our Supreme Court arguing that our First Amendment 
protects what we now call fake news... and Fox News won the case and the 
precedent is set.)



I say this because I know from experience that I can't fix bugs in
software I work on in the absence of accurate information.  Any
programmer that responds to unfounded claims about misbehaving
programs will end up wasting time, or worse, breaking a program
that works fine.
  


That is why we write testsuites.  :D  (And *that* was how I got involved 
with DejaGnu development and ended up on a bunch of GNU mailing lists...)



Truth is important if you want to write good software.  Dishonesty
invites poor quality.  I cannot stress this too much.
  


"Quoted For Truth."


-- Jacob



Re: Truth matters when writing software and selecting leaders

2021-03-24 Thread DJ Delorie


Akira Urushibata  writes:
> In my opinion the FSF leaders are not doing things in the right order.

People are quite able to do more than one thing at a time.

> until those who are spreading misinformation are brought to justice.

Beware - a lot of what you think is "misinformation", others think is
"my opinion".  The question of what speech is "actionable" is not one we
can easily define (unless one is a judge, at least in the USA).  Do not
fall into the trap of saying "You should be punished unless I agree with
what you say."

> Truth is important

The problem with Truth is that there's your Truth, and someone else's
Truth.  Don't confuse "truth" with "facts".  Truth is often colored by
one's own beliefs and opinions.