Re: cURL author receives rude LogJ4 security inquiry
Thank you for joining in the discussion. I would like to hereby remind fellow list members of the context. I am sorry that Daniel Stenberg, maintainer of cURL chooses the term "open source" in the following. But we should understand what he is talking about. Call it the "free software pyramid" if you so desire. LogJ4 Security Inquiry - Response Required https://daniel.haxx.se/blog/2022/01/24/logj4-security-inquiry-response-required/ I think maybe this serves as a good example of the open source pyramid and users in the upper layers not at all thinking of how the lower layers are maintained. Building a house without a care about the ground the house stands on. Enforcing the pyramid of Open Source https://daniel.haxx.se/blog/2022/01/17/enforcing-the-pyramid-of-open-source/ --- According to Daniel Stenberg, there exists a pyramid in which the companies at the top make much money by selling products and services which make use of free software components. Those on the bottom of the pyramid commonly get little or no money for the work of producing and maintaining the fundamental building blocks. Because they form the foundation of sophisticated software and services, problems at this level may have widespread, devastating effects. The general public, corporate directors, educators and elected officials do not understand that this is going on. Stenberg provides email from a big company which he believes attests to this lack of understanding. Recently there is discussion on the book "Just for fun" by Linus Torvalds and David Diamond. I would like to emphasize that this book is intended for a general audience - not computer experts. Ordinary people have but a vague idea of what an operating system is. What does someone like that imagine from the word "OS"? Likely Microsoft Windows and Mac-OS. Those who hear that "a young Finnish student named Linus created Linux, an OS, mostly by himself" will imagine that he made something like MS-Windows, or at least MS-DOS. Any writer who desires to explain correctly what feat Torvalds accomplished should make clear in language appropriate for the layman that his creation, should it be called the "Linux OS", is something remarkably different from MS-Windows. There may be passages in "Just for fun" which indicate that Torvalds was well aware that he was making no more than a kernel and borrowing other vital OS components. But we cannot expect the general reader to make that distinction. Daniel Stenberg warns that we should brace ourselves for more security problems in the future - unless the environment changes. I firmly believe that the widely observed behavior of technology writers and self-proclaimed experts failing or refusing to understand that Linux is a kernel and not an operating system is a glaring symptom which indicates that the environment that requires reform.
Re: cURL author receives rude LogJ4 security inquiry
On 2022-02-25 00:45, Jean Louis wrote: * Alfred M. Szmidt [2022-02-25 10:47]: Please stop thinking you know what someone misunderstood or not, specially when they are not on this list and can respond. Allow me to think what I think as I have went through the book, and it is my impression founded on very clear statements of Linus. That is my review of the book as related to what he was thinking of operating system. You may find it wrong and thanks for your insights. Though I will keep thinking... 珞 We do say things like "the free function doesn't necessarily return memory to the OS, though under some circumstances it may." In that nuance, malloc isn't part of the operating system, and neither is the program which is calling it (even if it happens to be the init daemon or something).
Re: cURL author receives rude LogJ4 security inquiry
RS> Linux is a kernel, but many people think that it is an operating RS> system. I can tell everyone here has never taken undergraduate-level operating systems. Let me tell you, it's hard (Nachos, anyone?). On a general note, we should focus less on word taxonomy, and more on ridding the world of closed-source iniquity.
Re: cURL author receives rude LogJ4 security inquiry
On 2022-02-24 21:02, Richard Stallman wrote: [[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > That Linus Torvalds had serious misunderstandings on what "operating > > system" is ... > is vanishingly improbable. Linux is a kernel, but many people think that it is an operating system. Perhaps Jean Louis was referring to that. I am not sure "misunderstanding" was the right word for it, though. It seems pretty clear that Linus Torvalds was engaged in an activity which he believed was headed in the direction of making a Unix-like operating system, along the lines of Minix or Coherent or what have you. The GNU project was also replacing a Unix (including working on a kernel), so the comparison to GNU makes sense in that light. One short term goal was self-hosting: to stop compiling that system under Minix, but do that under itself: so he wasn't just running some regression test cases under the new kernel, but he had a system with Bash and GCC. He likely didn't suspect that the result of this activity would be a decades-long project that is limited to producing a kernel (and some utilities specific to it which depend on a third party C library). Let alone that it would be a popular kernel that people would turn into operating systems by combining it with other pieces, and that they would still persist in calling every such a system "Linux", informally. Let alone that it would be the kernel that effectively ties together the GNU system and gets it into the hands of large numbers of users on consumer-grade hardware. At that time, it would have made sense for Torvalds to believe he was working on an operating system project; there is no evidence to support the belief that he had no idea what "operating system" means.
Re: cURL author receives rude LogJ4 security inquiry
* Alfred M. Szmidt [2022-02-25 10:47]: > Please stop thinking you know what someone misunderstood or not, > specially when they are not on this list and can respond. Allow me to think what I think as I have went through the book, and it is my impression founded on very clear statements of Linus. That is my review of the book as related to what he was thinking of operating system. You may find it wrong and thanks for your insights. Though I will keep thinking... 珞 > The term "operating system" has multiple meanings, one is of a > "monitor" (or kernel), another is a fully fledge system that the > user can interact with. We, in the GNU project, have always used > the later definition of the term, and this is also what is meant > when talking about Unix, BSD, etc. Yes, that is what is referenced on Internet that means we have 2 definitions of "operating system". The mix of 2 definitions is visible in the "Just for Fun" book where Linus refers to operating systems with applications such as Q-DOS or Unix. Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/
Re: cURL author receives rude LogJ4 security inquiry
Please stop thinking you know what someone misunderstood or not, specially when they are not on this list and can respond. The term "operating system" has multiple meanings, one is of a "monitor" (or kernel), another is a fully fledge system that the user can interact with. We, in the GNU project, have always used the later definition of the term, and this is also what is meant when talking about Unix, BSD, etc.
Re: cURL author receives rude LogJ4 security inquiry
* Jacob Bachmeyer [2022-02-24 06:04]: > A big part of the misunderstanding here is probably due to Linux's > origin as a bare-metal terminal emulator. Bare-metal applications > which essentially integrate their own specialized operating system > were somewhat rare on IBM-PC-type systems, but very common on other > microcomputers and a few did exist for IBM-ish PCs if I understand > correctly. They were much more common on floppy-based systems > lacking hard disks, such as most Apple IIs. Insert disk, power on > machine. While Apple II hard disks did exist, they were very rare. > > As I understand it, Linus essentially used a *nix-like environment > as an extension interface for his terminal emulator because he was > familiar with Unix at his university; indeed, the primary use of > that terminal emulator was to dial in to the university's modem pool > for access to Unix. This is a likely basis for his "nothing big and > professional like GNU" remark. It grew from there. Yes, I see it that way. He was not really planning it but tried to make the input and output and ended up with "operating system" which he misunderstood to be the kernel only. However, I have never purchased neither tried "operating system" which did not have basic necessary applications. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/
Re: cURL author receives rude LogJ4 security inquiry
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > That Linus Torvalds had serious misunderstandings on what "operating > > system" is ... > is vanishingly improbable. Linux is a kernel, but many people think that it is an operating system. Perhaps Jean Louis was referring to that. I am not sure "misunderstanding" was the right word for it, though. See https://gnu.org/gnu/linux-and-gnu.html and https://gnu.org/gnu/gnu-linux-faq.html, plus the history in https://gnu.org/gnu/the-gnu-project.html. -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
Re: cURL author receives rude LogJ4 security inquiry
* Jacob Bachmeyer [2022-02-23 04:09]: > Jean Louis wrote: > > * Akira Urushibata [2022-02-22 02:23]: > > [...] > > So I can see that Linus is giving credits to GNU, GCC, Richard > > Stallman, and that he did not know nothing about free software before > > he heard Stallman's speech in Helsinki. > > > > Linux kernel was at that time proprietary. > > > > He liberated kernel due to Stallman's talk. > > > > I can also read a sentence where Linus says on page X: "Richard > > Stallman wants to make everything open source" -- this shows clear > > misunderstanding on side of Linus on what "open source" means and what > > is "free software." > > > > Linus also said: "Richard Stallman deserves monument in his honor for > > giving birth to GPL" > > > > There is quote that he acknowledges that his new system won't be big > > and professional as GNU. > > > > To me I see clear misunderstandings of Linus in his youth when he was > > thinking that by making the kernel he is making "operating system". > > > > It is misunderstanding. > > My understanding of the history here is that Linus *was* more-or-less making > a homebrew operating system at the time. I remember a quote describing > Linux: "My terminal emulator grew legs." OK, though I don't see in that book that he was making "operating system", though I can see that he was intending to make it, though never made it in the sense how we understand operating systems today. Is the operating system the kernel only that helps software operate with hardware? Or is it the full system software that helps computer user operate with hardware? In other words can we say that operating system is the WHOLE including the application programs, or just a kernel without application programs? I cannot hold Wikipedia authoritative on that subject, and myself I have not studied it well enough. I know and learned about SPECTRUM and how to operate computer by using BASIC, and I have learned about TRS computers, Atari, Commodre and Amiga. All of those operating systems had application programs built-in, those basic programs to deal with the computer, files, executing files, sort things, save stuff and so on. Some times I have entered MS-DOS diskettes in the flat keyboard-like PC I could "operate" as user, list files, execute programs, and MS-DOS was described not only as a kernel, rather there was a book of how to operate the computer by using MS-DOS commands. And I went through that book and learned it all. My understanding is that basic application programs are necessary to call it "operating system". Thus in that sense I agree that Linus did not create "operating system", he created kernel, one part of it. Operating System Components and Their Services https://www.elprocus.com/what-is-an-operating-system-and-its-components/ At that page it is referenced that GUI or User Interface is the part of the OS. I agree to that statement. As I am very sure, that just no practical computer user would go to buy operating system that does nothing but provides its kernel to users. When Wikipedia article about operating system discards the important factor of basic applications and user interface, that is where I do not take it for granted. It is not written by professionals. Thus Linus' book shows clear misunderstandings on Linus side on what is "operating system". One can read it in the chapter V: Beauty of Programming where he relates to "operating system", that it is "basis for everything else that will happen in the machine"; thus IMHO he referred to kernel, not the whole operating system. The basis for everything else is the operating system that MUST include applications, not only the kernel. As for example, the basis for user to decide which keyboard to use is run after the load of the kernel, after PID 1, by user's settings and by command line programs. Fonts, terminal, date and time, networking operations, all that is run after the kernel has already loaded. Users here agree that kernel is part of operating system: What is the difference between the operating system and the kernel? - Stack Overflow https://stackoverflow.com/questions/3315730/what-is-the-difference-between-the-operating-system-and-the-kernel Then in chapter VI Linus wrote about making a scheduler in kernel and talking, that it will become "operating system", so his intentions were verbally and on the first sight towards "operating system", and practically it was just kernel. Linus later wrote some tools or parts that became part of the GNU/Linux operating systems, he never wrote himself an operating system. That Linus Torvalds had serious misunderstandings on what "operating system" is shows the paragraph in the same VI chapter of the book where he says "So, I shifted my thinking of it as a terminal emulator to thinking of it as an operating system"; and I find such cognitions nice and exciting, changes that happened in the mind of young excited and ambitious Linus Torvalds. Youth is often
Re: cURL author receives rude LogJ4 security inquiry
Jean Louis wrote: * Akira Urushibata [2022-02-22 02:23]: [...] So I can see that Linus is giving credits to GNU, GCC, Richard Stallman, and that he did not know nothing about free software before he heard Stallman's speech in Helsinki. Linux kernel was at that time proprietary. He liberated kernel due to Stallman's talk. I can also read a sentence where Linus says on page X: "Richard Stallman wants to make everything open source" -- this shows clear misunderstanding on side of Linus on what "open source" means and what is "free software." Linus also said: "Richard Stallman deserves monument in his honor for giving birth to GPL" There is quote that he acknowledges that his new system won't be big and professional as GNU. To me I see clear misunderstandings of Linus in his youth when he was thinking that by making the kernel he is making "operating system". It is misunderstanding. My understanding of the history here is that Linus *was* more-or-less making a homebrew operating system at the time. I remember a quote describing Linux: "My terminal emulator grew legs." [...] And I could not find "strong disagreements with Richard Stallman claims" -- not really, that is not my impression. He gives quite good credits to GNU, and Richard Stallman and expresses his opinions as from viewpoint of somebody who did not know what is free software and somebody who mixes "open source" with free software and likes to be rather pragmatic person. There is also some confusion here from the "open source" advocates. When I last checked, the Open Source Definition was, in all practical respects, essentially equivalent to the Free Software Definition. As I understand, this was intentional because "open source" was intended as "free software for moral retards" as an effort to advance the cause of software freedom among groups that are allergic to RMS's moral arguments. There are many ways that effort can go wrong, and this is probably not the best time or place to go sifting through them. :-/ [...] By reading about other operating systems one may find that their kernel is usually named different than the operating system. As I understand, this is fairly unusual and actually a technical advance that can be credited to the GNU system. Granted, it was an advance made out of necessity, since GNU had everything *except* a kernel, so the pieces *had* to work on foreign systems, but much as Unix was the first operating system not bound to its original platform, GNU has been the first operating system not bound to a specific kernel. [...] Me, as non native English speaker, I have hard time understanding this sentence: Moreover I stand in a position to state whether Netpbm should be considered an OS component or an application." Because you use the word "whether". It is unclear, as that word is neither nor, but whether. See: "https://www.thefreedictionary.com/whether; -- so I am not getting it. You stand in the position to state... that Netpbm should be considered an OS component or you stand in the position to state it shold be considered application. There are two choices and I can't understand that. As a native English speaker, I understand that sentence to mean (at least in the dialect I grew up with) that he is asserting expertise to declare which of these (presumed mutually incompatible) statements is true: 1. Netpbm is an OS component. 2. Netpbm is an application. In my view, I am unsure how this is actually a meaningful distinction for a portable package -- Netpbm could be an OS component on one system and an application on another, so I still scratch my head, but that is how I understand his statement. Alternately, we could resolve that by declaring that Netpbm is one or the other, but introduce the categories of "bundled application" for an application included as an OS component and "portable component" for an OS component installed as an application on a different system. -- Jacob
Re: cURL author receives rude LogJ4 security inquiry
* Akira Urushibata [2022-02-22 02:23]: > In a previous post I stated that the distinction between subjective > and objective is necessary. Our friend Monsieur Jean Louis offered a > lengthy reply to this message, but he did not first clarify on this > distinction. It is okay to say that one does not agree here but it is > important to make clear what position one takes. Lacking this > distinction, the reply was deprived of structure. I can see that > there is information that should be useful in certain contexts. But I > don't think it will help the cURL author or others in a similar > situation. Can you be specific on how people are supposed to help cURL authors? > I was initially puzzled by the way Jean Louis replied. Now I believe > I know why. My approach to the problem had elements that were exotic > to him, and probably, other list members as well. That made him > uncomfortable and he felt compelled to reply. I just guess Akira, it is the way how you speak Japanese in different form and then how you translate the way of speaking to English and I cannot understand that. It seem to be kind way of talking without pointing out who said what, thus is hard for me to understand if you are the person making statement or you are maybe person transmitting statements from somebody or maybe something else. > > Linux is not "operating system", but kernel. > > I think that most, if not all, list subscribers are aware of that. > > The following is a book by Linus Torvalds, in which he states that > he wrote Linux and in which he expresses strong disagreement with > Richard Stallman's claims. > > Just for fun > The story of an accidental revolutionary > by Linus Torvalds and David Diamond > > ISBN 0066620724 > 262 pages Harper Business There is no specific quote by you on what exactly was said, but I could download the book, and let me search inside of the EPUB... So I can see that Linus is giving credits to GNU, GCC, Richard Stallman, and that he did not know nothing about free software before he heard Stallman's speech in Helsinki. Linux kernel was at that time proprietary. He liberated kernel due to Stallman's talk. I can also read a sentence where Linus says on page X: "Richard Stallman wants to make everything open source" -- this shows clear misunderstanding on side of Linus on what "open source" means and what is "free software." Linus also said: "Richard Stallman deserves monument in his honor for giving birth to GPL" There is quote that he acknowledges that his new system won't be big and professional as GNU. To me I see clear misunderstandings of Linus in his youth when he was thinking that by making the kernel he is making "operating system". It is misunderstanding. He felt so proud when GNU shell worked on his system that he wanted to let the world see. Linus would not start making Linux kernel if GNU kernel Hurd would be ready, which is good thing. He made the kernel that GNU system could use. That statement alone from the book acknowledges that GNU is operating system. Linus then said he admires Richard Stallman, just that he does not like continuous pushing of the GPL -- that is clear as Linus likes corporate powers and earns money from there. I have reviewed that book by using "Find text" function. And I could not find "strong disagreements with Richard Stallman claims" -- not really, that is not my impression. He gives quite good credits to GNU, and Richard Stallman and expresses his opinions as from viewpoint of somebody who did not know what is free software and somebody who mixes "open source" with free software and likes to be rather pragmatic person. > I am providing the above information, not because I agree with the > content of the book, but because I understand that what our friend > Jean Louis has said is not accepted in the greater world. I can't relate that statement to what Linus Torvalds wrote in that book, and I remember browsing that book before many years. > > GNU system existed before the kernel Linux, and once somebody put > > GNU with any kernel, it is GNU system based on Linux kernel. > > We have been saying this for a quarter century and yet it is not > taken seriously. To solve a problem, one must first understand its > primary cause. People who don't understand need not take it seriously. I don't know technologies for astronauts, so I am not taking it seriously as I am not going out there in the space. I need not believe that astronauts use gold to protect themselves from destructive rays. Thus I do not see a problem when some people don't understand what is operating system and what is kernel. There are enough articles online where one can clearly distinguish it. By reading about other operating systems one may find that their kernel is usually named different than the operating system. There is enough written information about it: GNU/Linux FAQ by Richard Stallman https://www.gnu.org/gnu/gnu-linux-faq.html > I would
Re: cURL author receives rude LogJ4 security inquiry
Akira Urushibata wrote: Linux is not "operating system", but kernel. I think that most, if not all, list subscribers are aware of that. [...] GNU system existed before the kernel Linux, and once somebody put GNU with any kernel, it is GNU system based on Linux kernel. We have been saying this for a quarter century and yet it is not taken seriously. To solve a problem, one must first understand its primary cause. In this particular case, the distinction is a little more important, because the "GNU/Linux" system is modular "both ways" -- not only are there other kernels on which to run the GNU tools, but there are also other userspaces that can be used with the Linux kernel, although the GNU userspace is almost always used for general-purpose systems. If I understand correctly, at the moment, the most common "Linux" is not GNU/Linux at all -- it is Android, often TiVoized. (Have possible anti-trust implications of this been considered? TiVoization certainly can be argued to harm users, perhaps not so much when it was TiVo's unique innovation but certainly as it becomes more widespread.) -- Jacob
Re: cURL author receives rude LogJ4 security inquiry
AU>I fear lack of gratitude... will have consequences. And I assure you it won't. We're all here because no one will hire us for our programming skill, and no one will converse with us at parties. For such a lot as we, the knowledge that anyone finds our unsalable works useful is reward enough. That anyone would reply to our opinions, no matter how disagreeable the reply, is all the acknowledgement we seek. If you are familiar with the Game of Thrones mythology, you may think of free software as the Wall upon which industry rejects find existential salvation and camaraderie amongst the Night's Watch.
Re: cURL author receives rude LogJ4 security inquiry
AU>I fear lack of gratitude... will have consequences. And I assure you it won't. We're all here because no one will hire us for our programming skill, and no one will converse with us at parties. For such a lot as we, the knowledge that anyone finds our unsalable works useful is reward enough. That anyone would reply to our opinions, no matter how disagreeable the reply, is all the acknowledgement we seek. If you are familiar with the Game of Thrones mythology, you may think of free software as the Wall upon which industry rejects find existential salvation and camaraderie amongst the Night's Watch.
Re: cURL author receives rude LogJ4 security inquiry
In a previous post I stated that the distinction between subjective and objective is necessary. Our friend Monsieur Jean Louis offered a lengthy reply to this message, but he did not first clarify on this distinction. It is okay to say that one does not agree here but it is important to make clear what position one takes. Lacking this distinction, the reply was deprived of structure. I can see that there is information that should be useful in certain contexts. But I don't think it will help the cURL author or others in a similar situation. I was initially puzzled by the way Jean Louis replied. Now I believe I know why. My approach to the problem had elements that were exotic to him, and probably, other list members as well. That made him uncomfortable and he felt compelled to reply. To those who desire to understand what is going on here I recommend the following Wikipedia article: Meme - Wikipedia https://en.wikipedia.org/wiki/Meme --- > Linux is not "operating system", but kernel. I think that most, if not all, list subscribers are aware of that. The following is a book by Linus Torvalds, in which he states that he wrote Linux and in which he expresses strong disagreement with Richard Stallman's claims. Just for fun The story of an accidental revolutionary by Linus Torvalds and David Diamond ISBN 0066620724 262 pages Harper Business I am providing the above information, not because I agree with the content of the book, but because I understand that what our friend Jean Louis has said is not accepted in the greater world. > GNU system existed before the kernel Linux, and once somebody put > GNU with any kernel, it is GNU system based on Linux kernel. We have been saying this for a quarter century and yet it is not taken seriously. To solve a problem, one must first understand its primary cause. I would like to remind you that I work on Netpbm. If you download the source and run "make" source files which I have worked on will be compiled into executables. I have done work on the build framework. In particular the test invoked by "make check" is all my work. I have hands-on experience with makefiles and I can tell whether make should be considered a part of the OS. Moreover I stand in a position to state whether Netpbm should be considered an OS component or an application. Unfortunately my opinion will have little or no effect upon those who choose not to respect me in light of my contributions to Netpbm.
Re: cURL author receives rude LogJ4 security inquiry
* Akira Urushibata [2022-02-18 01:16]: > Here is my reply to some points raised in the course of discussion. > > On why gratitude is necessary, it is important to make a distinction > between the subjective from the objective. We should not assume that > it is just one of these and fail to see the other. It's always good to read your opinions. > Subjective: > > "I wrote this software. It was hard work. I do not object to people > using it without paying me money, but I want to be recognized for my > contribution. As such I demand expression of gratitude from each and > every user." "It was hard work" -- It could be said to be hard work. I just don't relate to it. Authors normally do it out of pleasure and personal needs. They are not forced normally to make it. To be recognized is easy, if people like it, people speak about it. "To demand expression of gratitude" is somehow weird. It is either free or not free and demanding. If author wishes to get expression of gratitude, then a button on the website could tell "THANKS, I LIKE IT" and other button could say "NOT QUITE WHAT I WANT". There are also button to "Pay me a beer" and "Donate some money". I can understand that some people may feel so. I don't agree to lack of professionalism in the above statement, though I think it is hypothetical statement. Professionals are simply selling their software. I have visited various websites in last days where free software is offered and sold, it is sold either as software or as provision of service that software serves. Example of free software: Monica - Personal Relationship Manager https://github.com/monicahq/monica Example how they earn money: https://www.monicahq.com/pricing > Objective: > > "Someone who gets something for free fails to say thanks is bound to > fall into the fallacy that the object is not valuable. This > distortion of value leads to misunderstanding of technology. Poor > understanding in turn leads to abuse. Modern computers and > communication devices are powerful; they can incur significant > damage when abused or misused to users and by-standers alike. It is > natural that those who understand technology to consider it their > rightful duty to prevent such damage." The word "free" in free software does not relate to price. I have seen websites where software is free as in freedom, but has to be purchased. There is nothing wrong with it. Teach those people to make it professional. One example is that there is F-Droid.org repository of free software applications for Android, LineageOS and Replicant mobile systems; then there is Google Play where some applications otherwise downloadable free of charge on F-Droid have to be paid on Google Play. Here is one such example where application is sold for US $3.97 while otherwise it can be downloaded free of charge on F-Droid.org or elsewhere: https://play.google.com/store/apps/details?id=eu.siacs.conversations And I am sure that application is sold many times on Google Play thus giving income to author. Let me stress that writing software alone is not enough to make money. Salesmanship, online marketing, and plethora of other skills are necessary to sell anything, not just software. Programmers are not necessarily professional in sales. They do need help to sell services easier. > Expression of gratitude, acknowledgment of someone's contribution > to society come together. Please consider the following, a line of > discussion all of us must have heard, in this light: > > "The OS should be called 'Linux' not 'GNU/Linux' as Richard Stallman > suggests. It is true that Linus Torvalds used tools written by > Richard Stallman to make the Linux. But Richard Stallman wrote none > of the source code of Linux; his contribution was indirect and by no > means sufficient to support his claim that the operating system > should bear 'GNU' (which is the name of the project Stallman headed) > in its name." I don't know what the above paragraph is meant to be. Maybe it is your statement, maybe it is hypothetical statement. Linux is not "operating system", but kernel. GNU system existed before the kernel Linux, and once somebody put GNU with any kernel, it is GNU system based on Linux kernel. There is GNU based on Hurd kernel, and I remember there is GNU based on FreeBSD kernel, then there is with Illumos Kernel, Darwin kernel and Windows NT kernel, see: https://en.wikipedia.org/wiki/GNU_variants and then we have to mention Linux-libre kernel which is kernel without proprietary blobs. If you take those kernels alone, they will not provide an operating systems, this is because kernel is not operating system. Why not just say “Linux is the GNU kernel” and release some existing version of GNU/Linux under the name “GNU”? https://www.gnu.org/gnu/gnu-linux-faq.html#linuxgnu Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M.
Re: cURL author receives rude LogJ4 security inquiry
Thank you for joining in the discussion which started with my message titled "cURL author receives rude LogJ4 security inquiry". (Date: Mon, 31 Jan 2022) Here is my reply to some points raised in the course of discussion. On why gratitude is necessary, it is important to make a distinction between the subjective from the objective. We should not assume that it is just one of these and fail to see the other. Subjective: "I wrote this software. It was hard work. I do not object to people using it without paying me money, but I want to be recognized for my contribution. As such I demand expression of gratitude from each and every user." Objective: "Someone who gets something for free fails to say thanks is bound to fall into the fallacy that the object is not valuable. This distortion of value leads to misunderstanding of technology. Poor understanding in turn leads to abuse. Modern computers and communication devices are powerful; they can incur significant damage when abused or misused to users and by-standers alike. It is natural that those who understand technology to consider it their rightful duty to prevent such damage." That said, I understand that the use of coercive measures is not a good way to achieve the above goal. We should look for better means. Here I can make one suggestion. When I visit computer events I see people and groups busy promoting their accomplishments. With free software it is possible to discuss the technical inputs which went into one's work and made that accomplishment possible. Doing so is one way of expressing gratitude. Experience tells me that one is more likely to find good allies in this manner. --- Expression of gratitude, acknowledgment of someone's contribution to society come together. Please consider the following, a line of discussion all of us must have heard, in this light: "The OS should be called 'Linux' not 'GNU/Linux' as Richard Stallman suggests. It is true that Linus Torvalds used tools written by Richard Stallman to make the Linux. But Richard Stallman wrote none of the source code of Linux; his contribution was indirect and by no means sufficient to support his claim that the operating system should bear 'GNU' (which is the name of the project Stallman headed) in its name." Note that one consequence we have here is that technology is misunderstood. I believe that this is an epic example. Moreover the misunderstanding comes with the sinister aspect of throwing the unsuspecting novice off from the path which leads him to proper understanding.
Re: cURL author receives rude LogJ4 security inquiry
* dick [2022-01-31 22:33]: > JL> Let people choose if they wish to pay or they wish to download it free > JL> of charge. > > Well, any Anglophone would call this a donation. Judging from your > written command of English, I suspect "donation" means something > different in your native tongue, possibly an exchange in the "Indian > giver" sense. No, I meant donation as in English. donation * Overview of noun donation The noun donation has 2 senses (first 2 from tagged texts) 1. (2) contribution, donation -- (a voluntary gift (as of money or service or ideas) made to some worthwhile cause) 2. (1) contribution, donation -- (act of giving in common with others for a common purpose especially to a charity) Everyone is free to offer things for free and to give it for free in the same time. Just that you are not used to that, just because it is not common, it does not mean it is not valid way of making money. SugarCRM used that principle for quite a long time, but now they stopped giving away the free software version. Guardian https://www.theguardian.com/ is doing that since quite some time, they are not blocking you to read the news, but asking you to pay. You can call it donation, payment, as you wish. You do get some benefits when you pay, for example you would most probably not get reminded over and over again to pay it. There are many ways to do money with free software. It is up ot distributor to decide how to sell it or how to ask for money. Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/
Re: cURL author receives rude LogJ4 security inquiry
JL> Let people choose if they wish to pay or they wish to download it free JL> of charge. Well, any Anglophone would call this a donation. Judging from your written command of English, I suspect "donation" means something different in your native tongue, possibly an exchange in the "Indian giver" sense.
Re: cURL author receives rude LogJ4 security inquiry
* dick [2022-01-31 21:07]: > JL> Many Free OS websites do not have clear way to pay. They have > JL> donations. > > To be clear, you're saying a "donation" is optional and "payment" is > non-optional. That is, under "payment", one is legally bound to remit > payment to the author before use notwithstanding the fact that his > software can be downloaded unabridged from various ftp sites. I don't say that. What I say is that majority of websites do not have any kind of payments. Now why complain if they did not ask for it? There are many ways to get money for free software: 1) Sell it. Author need not disclose neither publish the software. It can be sold individually. But somebody else will publish it. I think this method is best and it will not be problematic. Those who cannot pay will go somewhere else, those who find it valuable will pay. 2) Sell it in the same time, and offer download free of charge. Let people choose if they wish to pay or they wish to download it free of charge. 3) Ask for donations at the same page where software is downloaded. Authors may also ask for donations from various foundations, companies using the software and similar, 4) Author can also choose to hide the call for donations, never ask anybody and later "victimize" downloaders and blame people for "not paying". 5) Or don't sell it, don't ask for donations. Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/
Re: cURL author receives rude LogJ4 security inquiry
On 2022-01-30 20:32, Akira Urushibata wrote: LogJ4 Security Inquiry - Response Required https://daniel.haxx.se/blog/2022/01/24/logj4-security-inquiry-response-required/ On Friday January 21, 2022 I received this email. I tweeted about it and it took off like crazy. The email comes from a fortune-500 multi-billion dollar company that apparently might be using a product that contains my code, or maybe they have customers who do. Who knows? It really looks to me like the "Information Security" people of that company are just ignorant. It seems they really thought they are sending this inquiry (which is just a questionnaire) to a supplier company. Someone handed them a list of contacts to which they were instructed to send some spam letter about the issue (perhaps the composition of that letter being left up to them). Somehow Haxx contact info was in the list. The number one rule of Internet participation these days is, perhaps: refuse to be outraged. Never attribute to malice what can be easily explained by ignorance. Do not feed the internet outrage machine, on any topic. The letter doesn't ask anyone to work on any fix; is simply asking whether the recipients use Log4j in anything that ends up in products and such, or whether the supplier had any incidents revealing info about . Additionally, what steps should take in addition to what had been done on the supplier's side. The assumption is that there is a relationship; that Haxxe are suppliers who have customer management people who would know all that stuff: like which products use what pieces supplied by Haxxe. The letter more or less makes sense if sent to that type of vendor.
Re: cURL author receives rude LogJ4 security inquiry
JL> Many Free OS websites do not have clear way to pay. They have JL> donations. To be clear, you're saying a "donation" is optional and "payment" is non-optional. That is, under "payment", one is legally bound to remit payment to the author before use notwithstanding the fact that his software can be downloaded unabridged from various ftp sites. Only the author's mom and believers of karma would make this distinction, one so excruciatingly academic as to be vacuous. As a believer of karma myself, I remit payment for free software by tipping my waitress an extra dollar. Karma like money is fungible.
Re: cURL author receives rude LogJ4 security inquiry
* Akira Urushibata [2022-01-31 16:09]: > We tell people: "It's free as in freedom, not as in free beer." While > I don't object to this slogan, I must point out that in reality, the > vast majority of free software users get it for free, without paying > anything for it. The reason why majority of users get it without paying is because that is what is offered. I never found it problematic to pay for free software. I would be paying for free software. Many Free OS websites do not have clear way to pay. They have donations, so I sometimes donate. However, it is not enough exposed or demonstrated how to pay. My first encounter was with RedHat Linux, so I did pay to somebody who was selling their CD-ROM. When I have visited them, I have even got their packages for free as I was promoting free software at the time before the year of 2000. Today, various Linux based OS-es are built into various devices sold on the market, that is also one way of "paying": https://www.saturn.de/de/search.html?query=linux Other references where Linux based OS is sold: https://www.oracle.com/de/linux/ https://www.ebay.de/b/Ubuntu-Linux-Betriebssysteme/11226/bn_832857?mkevt=1=1=707-53477-19255-0=5336728181==10001 https://www.linux-shop.info/ Majority of free software is offered on VPS-es sold worldwide to VPS users. Those companies selling free software like RedHat also do contributions to free software. But it is not the must. My point is that I would pay for free software, that is what I was used to, but it is simply not offered for sale. Let me give you example on GNU website: https://www.gnu.org/distros/free-distros.html There is table with free GNU/Linux distributions. In that same table one could provide methods of payment, be it Bitcoin or any other method of payment. But there is no option for payment, and I do not mean it for sale, but for some kind of donation. Donations are available straight to FSF. I would say that payment buttons could be incorporated in websites. Question is yet if free software payment by credit card works without non-free Javascript. In general, if anybody wants to get paid, well, prepare yourself commercially and ask people for payment. In Germany free software is sold on shells of the computer malls. Some people pay for free software that way. I would even be ordering USB sticks, DVD-ROMs with Operating Systems and software. I would be ordering nice manuals for vocational school, like design with GIMP or similar. Problem is that there is few offers on the market. > When you get something for free, you are supposed to say thanks. OK > With free software, many people fail to do that. I would not be harsh on users that way. And how do you know it? Majority of countrie in the world have some kind of "thanks" or acknowledgment. You are making drama out of nothing. If there is no person involved in transmission of a product, then there is no person to hear "thank you". As simple as that. You download software from server and you have nobody to tell "thank you". But guess what, instead of that, if you are satisfied you will tell your friends to use that free software and where they can download it. That is other way of saying "thank you" as that will bring more people into free software community, there will be more contributions, and there will be some of those people donating to various organizations, like FSF. > I fear lack of gratitude, in wholehearted emotion as well as outward > expression, will have consequences. I think that is very much personal issue. It is far from objectivity. > It's rude not to say thanks. It is also rude to put blame on majority of unknown of computer users and accuse them to be rude for not saying thank you where there was nobody alive to be told to during the transmission of software. > Some people try to justify rudeness with claims like this: "This > isn't sophisticated. It didn't take much skill or effort to make. > It's not important." Which people? Do you have a reference? Is it so important? There is plethora of discussions online about this or that software. You have to learn how to live with it. And this is your problem, it is definitely not general problem of software developers. It is specific personal problem. > If this is not accurate, it can lead to trouble for those affected, > including the good-willed author who released his work under a free > license. That author who is affected has to read the free software license and to decide if that is for him or not. Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/
Re: cURL author receives rude LogJ4 security inquiry
Thanks in large part to the readers of this list, the time is past when people bought shrink-wrapped software off store shelves. Indie programmers must now give away their work to gain any market presence. So let's not pretend it's altruism. Ballmer's invocation of the cancer analogy, while certainly incendiary, was not too far off the mark. Once one market participant gives away the farm, everyone has to follow suit. Now the money for mortgages and college tuitions has to come obliquely, i.e., telemetry and ad revenue.
Re: cURL author receives rude LogJ4 security inquiry
Akira Urushibata writes: > When you get something for free, you are supposed to say thanks. While I agree with you in general, when you say "you are supposed to..." you are restricting freedoms. When you choose to write free software, you choose to let people use it without quid pro quo[*]. If you don't like those terms, don't write Free Software. If a Fortune 500 company files a bug report, it's an opportunity to present your consulting rates and contract terms :-) [*] aside from agreeing to the GPL or equivalent, of course