Bradley M. Kuhn email@example.com
originally from Baltimore, MD, USA.
President and Distinguished Technologist at Software Freedom Conservancy. On the Board of Directors of the Free Software Foundation. Generally, a Software Freedom advocate, GPL Enforcer, and Occasional developer..
Are you sure your lawyer supports software freedom?
Thanks to Matthew Garrett, I've finally found some more public proof (scroll to bottom) that Heather Meeker opposes software freedom. (The only other place to take a look at is this article where she says that the “FSF's view [on GPL] contravenes business expectations, it is a trap for the unwary“).
Meeker is part of a large group of lawyers who pretend and seek credibility by giving pro-bono work to Open Source projects, but their goal is not software freedom. It's often hard to prove this because their seemingly “good work” is public and their nefarious work (such as representing GPL violators in opposition to GPL-enforcing charities) isn't.
Keep in mind that most lawyers are mercenaries: they build expertise so they can get paid lots by the highest bidder. Not all, but many, lawyers who do pro-bono work are getting something out of it: they're getting expertise by doing work for your Free Software project so they can go later sell those skills to your opponents. I wish the conflict rules for lawyers worked better than this, but they don't: there's usually no formal conflict of interest unless they represent both sides in an actual Court case.
I'm not intending to paint all lawyers the same: I've occasionally worked with some truly moral and ethical lawyers, but they are very rare. Having met hundreds of lawyers who work in the Open Source and Free Software community, I can count on only one hand those that actually believe in software freedom and would refuse a paying client on software-freedom-moral grounds.
I briefly considered going to law school, and at the time the only thing that kept me out of it was how cost-prohibitive it is in the USA (and an employer who promised to fund law school for me reneged on their offer). I feel that I made a narrow escape. IANAL but I'm living proof you can be an expert in some areas of the law without being a lawyer.
OSCON Has an anti-Open-Source keynote (again)
Wow, OSCON EU has a keynote from a Ninh Bui and Hongli Lai from Phusion wherein they argue that (a) non-profit models of fundraising for Open Source will never work and should never be used (I have proven this wrong for decades of course), and (b) that "passive income" through proprietary software add-ons is the only revenue model that is reasonable, because you have to "work too hard" to do other models. They further claim that people who have a problem with "Open Core" proprietary add-ons are a vocal minority that won't cause you too much trouble.
TL;DR: "Proprietary software can make you wealthy so you don't have to work hard, so you should do that, and try to exploit your Open Source community. Those software freedom advocates are a minority so shout them down and they'll shut up, becuase you should be allowed to get wealthy, no matter what you have to do"For clarity, this is likely a purchased keynote? I know that O'Reilly and OSCON themselves believe "you should be allowed to get wealthy, no matter what you have to do" to some extent, per the fact that they *sell* keynotes and talks which can then bypass all normal curation and acceptance procedures…
You should consider the fact that your project isn't changing the face of computing
If you start a technical talk with the sentence that the technology you working on "changes the way we're all thinking about computing", then you are (a) believing your own hype and (b) shouldn't be believed or trusted as a technical expert.
Very little has changed fundamentally about computing in many decades. The details change, platforms change, but there are two ways to do computing: you do it on a machine in front of you or you do it on a machine on some network, and you have connections between the two.
The rest is details. Yes, we've invented ways to do the details better, or worse, as the case may be.Show all 5 replies
Go home, Perl 5, you're drunk.
In the USA, Perl 5 is officially, as of today, the legal age to consume alcoholic beverages. (Today is the anniversary of Perl version 5's release, not the anniversary of the Perl language itself).
I must admit that I both (a) have scripts that were written for Perl 4 in personal production (i.e., I'm the the only user), and (b) that I still code most in Perl 5 more than any other language (not that I write much code anymore, sadly).
Perl 6 will be released officially this year. Obviously it won't have the success that Perl 5 had in its heyday. (cf my blog post for the 25th birthday of Perl itself: http://ebb.org/bkuhn/blog/2012/12/18/perl-cobol.html ).
The TIOBE index still gives Java at the top, followed by C, C++, C# and Python.
I don't know if they count Android programming as Java or if its popularity is only motivated by the fact that AFAIK it's still the default language inside big corporatey environments. Cobol is 21st :)
firstname.lastname@example.org likes this.
Pre-Sunrise wakeup tricks?
One item I didn't account for upon moving to the USA Pacific Northwest was extremely late sunrise between the vernal equinox and solsitice. I have a lot of difficult waking up before sunrise, and for someone whose job basically mandates that I work 12-16 hours/day, that poses some difficulty. It does not seem to matter if I go to sleep earlier; I still feel equally tired awaking before sunrise.
I wonder how others deal with this problem, although maybe there aren't that many people who are required to work 12-16 hours/day.Show all 7 replies
I don't work so many hours. But I have to wake up many days before sunrise. I feel blue and tired, sun and blue sky are very important for me. I've tried #coffee, apples, but it's hard for me to eat/drink something so early. The only things that help me to feel better are: having a shower (just jump from bed into the shower), the night birds that I hear while walking to the bus stop, and actually sleeping a bit more in the bus and/or metro, until I arrive my workplace. Many days I go out from the metro station and it's still night. But at that moment, I'm in a better situation to enjoy my coffee (I try to stick on decaffeinated or half-decaf for the very bad days).
I should migrate to the warm South when autumn comes, like some birds... and come back in springtime.
Take care Bradley, and try to work less.
I get up around 6am (dark, this time of year) and have some coffee. Then I head to the gym for 40minutes or so and then to work where I'll eat a granola bar. I also try to walk around the building and get some sun a little later.
I only work 9-10 hrs, though. Typically anyway.
I get through it, I don't enjoy waking up early.
How Would Software Freedom Have Helped With VW?
[ A version of this blog post was crossposted on Conservancy's blog. ]
Would software-related scandals, such as Volkswagen's use of proprietary software to lie to emissions inspectors, cease if software freedom were universal? Likely so, as I wrote last week. In a world where regulations mandate distribution of source code for all the software in all devices, and where no one ever cheats on that rule, VW would need means other than software to hide their treachery.
Universal software freedom is my lifelong goal, but I realized years ago that I won't live to see it. I suspect that generations of software users will need to repeatedly rediscover and face the harms of proprietary software before a groundswell of support demands universal software freedom. In the meantime, our community has invented semi-permanent strategies, such as copyleft, to maximize software freedom for users in our current mixed proprietary and Free Software world.
In the world we live in today, software freedom can impact the VW situation only if a few complex conditions are met. Let's consider the necessary hypothetical series of events, in today's real world, that would have been necessary for Open Source and Free Software to have stopped VW immediately.
First, VW would have created a combined or derivative work of software with a copylefted program. While many cars today contain Linux, which is copylefted, I am not aware of any cars that use Linux outside of the on-board entertainment and climate control systems. The VW software was not part of those systems, and VW engineers almost surely wrote the emissions testing mode code from scratch. Even if they included some non-copylefted Open Source or Free Software in it, those licenses don't require disclosure of any source code; VW's ability to conceal its bad actions with non-copylefted code is roughly identical to the situation of proprietary VW code before us. As a thought experiment, though, let's pretend, that VW based the nefarious code on Linux by writing a proprietary Linux module to trick the emissions testing systems.
In that case, VW would have violated the GPL. But that alone is far from enough to ensure anyone would catch VW. Indeed, GPL violations remain very prevalent, and only one organization enforces the GPL for Linux (full disclosure: that's Software Freedom Conservancy, where I work). That organization has such limited enforcement resources (only three people on staff, and enforcement is one of many of our programs), I suspect that years would pass before Conservancy had the resources to pursue the violation; Conservancy currently has hundreds of Linux GPL violations queued for action. Even once opened, most GPL violations take years to resolve. As an example, we are currently enforcing the GPL against one auto manufacturer who has Linux in their car. We've already spent hundreds of hours and the company to date continues to fail in their GPL compliance efforts. Admittedly, it's highly unlikely that particular violator has a GPL-violating Linux module specifically designed to circumvent automotive regulations. However, after enforcing the GPL in that case for more than two years, I still don't have enough data about their use of Linux to even know which proprietary Linux modules are present — let alone whether those modules are nefarious in any way other than as violating Linux's license.
Thus, in today's world, a “software freedom solution” to prevent the VW scandal must meet unbelievable preconditions: (a) VW would have to base all its software on copylefted Open Source and Free Software, and (b) an organization with a mission to enforce copyleft for the public good would require the resources to find the majority of GPL violators and ensure compliance in a timely fashion. This thought experiment, even with an otherwise unreal initial assumption, quickly shows how much more work remains to advance and defend software freedom. While requirements of source code disclosure, such as those in copyleft licenses, are necessary to assure the benefits of software freedom, they cannot operate unless someone exercises the offers for source and looks at the details.
We live in a world where most of the population accepts proprietary software as legitimate. Even major trade associations, such as the OpenStack Foundation and the Linux Foundation, in the Open Source community laud companies who make proprietary software, as long as they adopt and occasionally contribute to some Free Software too. Currently, it feels like software freedom is winning, because the overwhelming majority in the software industry believe Open Source and Free Software is useful and superior only in some circumstances. Furthermore, while I appreciate the aspirational ideal of voluntary Open Source, I find in my work that so many companies, just as VW did, will cheat against important social good policies unless someone watches and regulates. Mere adoption of Open Source won't work alone; we only yield the valuable results of software freedom if software is copylefted and someone upholds that copyleft.
Indeed, just as it has been since the 1980s, very few people believe that software freedom is of fundamental importance for all software users. Scandals, like VW's use of proprietary software to hide other bad acts, might slowly change opinions, but one scandal is rarely enough to permanently change public opinion. I therefore encourage those who support software freedom to take this incident as inspiration for a stronger stance, and to prepare yourselves for the long haul of software freedom advocacy.
Make a homemade gift for th Executive Director in your life.
I just made a homemade gift for @John Sullivan, in honor of the FSF 30th anniversary and his years of service to the organization.
John already knows what it is, if he remembers, because I asked him if he thought he would like it.
Assuming TSA doesn't confisicate it, I'll deliver it in one week. :)
I'll also make a homeade gift for Karen in honor of the tenth anniversary of Conservancy next year. But I have to think of something to do for her. If folks have ideas, email me. :)
The EPA Deserves Software Freedom, Too
The issue of software freedom is, not surprisingly, not mentioned in the mainstream coverage of Volkswagen's recent use of proprietary software to circumvent important regulations that exist for the public good. Given that Volkswagen is an upstream contributor to Linux, it's highly likely that Volkswagen vehicles have Linux in them.
Thus, we have a wonderful example of how much we sacrifice at the altar of &lduqo;Linux adoption”. While I'm glad for some Free Software to appear in products rather than none, I also believe that, too often, our community happily accepts the idea that we should gratefully laud a company includes a bit of Free Software in their product, and gives a little code back, even if most of what they do is proprietary software.
In this example, a company poisoned people and our environment with out-of-compliance greenhouse gas emissions, and hid their tracks behind proprietary software. IIUC, the EPA had to do use an (almost literal) analog hole to catch these scoundrels.
It's not that I'm going to argue that end users should modify the software that verifies emissions standards. But if end users could extract these binaries from the physical device, recompile the source, and verify the binaries match, someone would have discovered this problem immediately when the models drove off the lot.
So, why does no one demand for this? To me, this feels like Diebold and voting machines all over again. So tell me, voters' rights advocates who claimed proprietary software was fine, as long as you could get voter-verified paper records: how do are we going to “paper verify” our emissions testing?
Software freedom is the only solution to problems that proprietary software creates. Sadly, opposition to software freedom is so strong, nearly everyone will desperately try every other (failing) solution first.> Sadly, opposition to software freedom is so strong, nearly everyone will desperately try every other (failing) solution first.
Private attempted software freedom enforcement fits right in to this schema. I'm all for it, but there's no substitute for convincing the public and regulators so that non-dwarfish means are applied to enforce software freedom.
Exercising Software Freedom in the Global Email System
[ This post was cross-posted on Conservancy's blog. ]
In this post, I discuss one example of how a choice for software freedom can cause many strange problems that others will dismiss. My goal here is to explain in gory detail how proprietary software biases in the computing world continue to grow, notwithstanding Open Source ballyhoo.
Two decades ago, nearly every company, organization, entity, and tech-minded individual ran their own email server. Generally speaking, even back then, nearly all the software for both MTAs and MUAs were Free Software0. MTA's are the mail transport agents — the complex software that moves email around from one Internet domain to another. MUAs are the mail user agents, sometimes called mail clients — the local programs with which users manipulate their own email.
I've run my own MTA since around 1993: initially with sendmail, then with exim for a while, and with Postfix since 1999 or so. Also, everywhere I've worked throughout my entire career since 1995, I've either been in charge of — or been the manager of the person in charge of — the MTA installation for the organization where I worked. In all cases, that MTA has always been Free Software, of course.
However, the world of email has changed drastically during that period. The most notable change in the email world is the influx of massive amounts of spam, which has been used as an excuse to implement another disturbing change. Slowly but surely, email service — both the MTA and the MUA — have been outsourced for most organizations. Specifically, either (a) organizations run proprietary software on their own computers to deal with email and/or (b) people pay a third-party to run proprietary and/or trade-secret software on their behalf to handle the email services. Email, generally speaking, isn't handled by Free Software all that much anymore.
This situation became acutely apparent to me this earlier this month when Conservancy moved its email server. I had plenty of warning that the move was needed1, and I'd set up a test site on the new server. We sent and received some of our email for months (mostly mailing list traffic) using that server configured with a different domain (sf-conservancy.org). When the shut-off day came, I moved sfconservancy.org's email officially. All looked good: I had a current Debian, with a new version of Postfix and Dovecot on a speedier host, and with better spam protection settings in Postfix and better spam filtering with a newer version of SpamAssassin. All was going great, thanks to all those great Free Software projects — until the proprietary software vendors threw a spanner in our works.
For reasons that we'll never determine for sure2, the IPv4 number that our new hosting provide gave us was already listed on many spam blacklists. I won't debate the validity of various blacklists here, but the fact is, for nearly every public-facing, pure-blacklist-only service, delisting is straightforward, takes about 24 hours, and requires at most answering some basic questions about your domain name and answering a captcha-like challenge. These services, even though some are quite dubious, are not the center of my complaint.
The real peril comes from third-party email hosting companies. These companies have arbitrary, non-public blacklisting rules. More importantly, they are not merely blacklist maintainers, they are MTA (and in some cases, even MUA) providers who sell their proprietary and/or trade-secret hosted solutions as a package to customers. Years ago, the idea of giving up that much control of what happens to your own email would be considered unbelievable. Today, it's commonplace.
And herein lies the fact that is obvious to most software freedom advocates but indiscernible by most email users. As a Free Software user, with your own MTA on your own machine, your software only functions if everyone else respects your right to run that software yourself. Furthermore, if the people you want to email are fully removed from their hosting service, they won't realize nor understand that their hosting site might block your emails. These companies have their customers fully manipulated to oppose your software freedom. In other words, you can't appeal to those customers (the people you want to email), because you're likely the only person to ever raise this issue with them (i.e., unless they know you very well, they'll assume you're crazy). You're left begging to the provider, whom you have no business relationship with, to convince them that their customers want to hear from you. Your voice rings out indecipherable from the spammers who want the same permission to attack their customers.
The upshot for Conservancy? For days, Microsoft told all its customers that Conservancy is a spammer; Microsoft did it so subtly that the customers wouldn't even believe it if we told them. Specifically, every time I or one of my Conservancy colleagues emailed organizations using Microsoft's “Exchange Online”, “Office 365” or similar products to host email for their domain4, we got the following response:
Sep 2 23:26:26 pine postfix/smtp: 27CD6E12B: to=, relay=example-org.mail.protection.outlook.com[220.127.116.11]:25, delay=5.6, delays=0.43/0/0.16/5, dsn=5.7.1, status=bounced (host example-org.mail.protection.outlook.com[18.104.22.168] said: 550 5.7.1 Service unavailable; Client host [22.214.171.124] blocked using FBLW15; To request removal from this list please forward this message to email@example.com (in reply to RCPT TO command))
Oh, you ask, did you forward your message to the specified address? Of course I did; right away! I got back an email that said:
Thank you for your delisting request SRXNUMBERSID. Your ticket was received on (Sep 01 2015 06:13 PM UTC) and will be responded to within 24 hours.
Once we passed the 24 hour mark with no response, I started looking around for more information. I also saw a suggestion online that calling is the only way to escalate one of those tickets, so I phoned 800-865-9408 and gave V-2JECOD my ticket number and she told that I could only raise these issues with the “Mail Flow Team”. She put me on hold for them, and told me that I was number 2 in the queue for them so it should be a few minutes. I waited on hold for just under six hours. I finally reached a helpful representative, who said the ticket was the lowest level of escalation available (he hinted that it would take weeks to resolve at that level, which is consistent with other comments about this problem I've seen online). The fellow on the phone agreed to escalate it to the highest priority available, and said within four hours, Conservancy should be delisted. Thus, ultimately, I did resolve these issues after about 72 hours. But, I'd spent about 15 hours all-told researching various blacklists, email hosting companies, and their procedures3, and that was after I'd already carefully configured our MTA and DNS to be very RFC-compliant (which is complicated and confusing, but absolutely essential to stay off these blacklists once you're off).
Admittedly, this sounds like a standard Kafkaesque experience with a large company that almost everyone in post-modern society has experienced. However, it's different in one key way: I had to convince Microsoft to allow me to communicate with their customers who are paying Microsoft for proprietary and/or trade-secret software and services, ostensibly to improve efficiency of their communications. Plus, since Microsoft, by the nature of their so-called spam blocking, doesn't inform their customers who they've blocked, I and my colleagues would have just sounded crazy if we'd asked our contacts to call their provider instead. (I actually considered this, and realized that we might negatively impact relationships with professional contacts.)
These problems do reduce email software freedom by network effects. Most people rely on third-party proprietary email software from Google, Microsoft, Barracuda, or others. Therefore, most people, don't exercise any software freedom regarding email services. Since exercising software freedom for email slowly becomes a rarer and rarer (rather than norm it once was), society slowly but surely pegs those who do exercise software freedom as “random crazy people”.
There are a few companies who are seeking to do email hosting in a way that respects your software freedom. The real test of such companies is if someone technically minded can get the same software configured on their own systems, and have it work the same way. Yet, in most cases, you go to one of these company's Github pages and find a bunch of stuff pushed public, but limited information on how to configure it so that it functions the same way the hosted service does. RMS wrote years ago that Free Software cannot properly succeed without Free Documentation, and in many of these hosting cases: the hosting company is using fully upstreamed Free Software, but has configured the software in a way that is difficult to stumble upon by oneself. (For that reason, I'm committing to writing up tutorials on how Conservancy configured our mail server, so at least I'll be part of the solution instead of part of the problem.)
BTW, as I dealt with all this, I couldn't help but think of John Gilmore's activism efforts regarding open mail relays. While I don't agree with all of John's positions on this, his fundamental position is right: we must oppose companies who think they know better how we should configure our email servers (or on which IP numbers we should run those servers). I'd add a corollary that there's a serious threat to software freedom, at least with regard to email software, if we continue to allow such top-down control of the once beautifully decentralized email system.
The future of software freedom depends on issues like this. Imagine someone who has just learned that they can run their own email server, or bought some Free Software-based plug computing system that purports to be a “home cloud” service with email. There's virtually no chance that such users would bother to figure all this out. They'd see their email blocked, declare the “home cloud” solution useless, and would just get a gmail.com, outlook.com, or some other third-party email account. Thus, I predict that software freedom that we once had, for our MTAs and MUAs, will eventually evaporate for everyone except those tiny few who invest the time to understand these complexities and fight the for-profit corporate power that curtails software freedom. Furthermore, that struggle becomes Sisyphean as our numbers dwindle.
Email is the oldest software-centric communication system on the planet. The global email system serves as a canary in the coalmine regarding software freedom and network service freedom issues. Frighteningly, software now controls most of the global communications systems. How long will it be before mobile network providers refuse to terminate PSTN calls or SMS's sent from devices running modified Android firmwares like Replicant? Perhaps those providers, like large email providers, will argue that preventing robocalls (the telephone equivalent of SPAM) necessitates such blocking. Such network effects create place so many dystopias on software freedom's horizon.
I don't deny that every day, there is more Free Software existing in the world than has ever existed before — the P.T. Barnum's of Open Source have that part right. The part they leave out is that, each day, their corporate backers make it a little more difficult to complete mundane tasks using only Free Software. Open Source wins the battle while software freedom loses the war.
0Yes, I'm intimately aware that Elm's license was non-free, and that the software freedom of PINE's license was in question. That's slightly relevant here but mostly orthogonal to this point, because Free Software MUAs were still very common then, and there were (ultimately successful) projects to actively rewrite the ones whose software freedom was in question
1For the last five years, one of Conservancy's Director Emeriti, Loïc Dachary, has donated an extensive personal amount of personal time and in-kind donations by providing Cloud server for Conservancy to host its three key servers, including the email server. The burden of maintaining this for us became too time consuming (very reasonably), and Loïc's asked us to find another provider. I want, BTW, to thank Loïc his for years of volunteer work maintaining infrastructure for us; he provided this service for much longer than we could have hoped! Loïc also gave us plenty of warning that we'd need to move. None of these problems are his fault in the least!
2The obvious supposition is that, because IPv4 numbers are so scarce, this particular IP number was likely used previously by a spammer who was shut down.
3I of course didn't count the time time on phone hold, as I was able to do other work while waiting, but less efficiently because the hold music was very distracting.
4If you want to see if someone's domain is a Microsoft customer, see if the MX record for their domain (say, example.org) points to example-org.mail.protection.outlook.com.Show all 6 replies
Does this mean I really live in the pacific Northwest now? My neighborhood, as is all of Northwest OR, has been filled with smoke from wildfires. I didn't check the news and thought it was just a house fire in my neighborhood. That's what I associate that smell with, as that's what it always meant where I grew up on the east coast.
DebConf Keynote Video & other DebConf comments.
I'm here at DebConf and I just met someone who follows me here on pump.io at DebConf. I'm really glad to know there are other people than the "usual suspects" :) following me here.
pump.io is not perfect, or even, um, all that easy to use, but I'm glad there are people that are committed to free as in freedom social networking systems.
And, as another note, a lot of people have said really kind and friendly things to me here at DebConf about my work. This is a very unstressful conference for me: so many people like what I do here. *Such* a difference between the trade association conferences where everyone walking around things I'm that "infamous GPL enforcement guy". Here at DebConf, I appear to be the "famous and often-thanked GPL enforcement guy".
As I said in my keynote here, I truly love the people in the Debian project.
Speaking of which, here's a link to my keynote video:
The Manipulation Tactics of GPL violators
Ugh, I had a tightly scheduled day of urgent Conservancy work to finish before I leave for DebConf tomorrow, and a GPL violator decided to start playing head games with me this morning. It's already burned an hour of my time today and will likely burn more. Which, at this point, simply translates into less sleep for me, the night before a 18 hr travel day en route to DebConf.
People rightly point out that I'm often indigant about GPL violators, but it's because they (and their allies who oppose GPL enforcement) *know* that the only orgs that enforce the GPL are tiny compared to them, and squeezing the individuals to the breaking point of overwork is a viable strategy to end GPL enforcement. It's the classic lawyer strategy of "waste your opponents' time when you have more resources than they do"
I've survived because I simply refuse to break. I hope it continues to work. But many, I wish I could sleep on planes. It's those kinds of things I think at a time like this: I have to become an UberMensch merely to get my job done, and be able to do everything, including sleeping in on a coach flight like I'm in my own bed. If you see me at DebConf Friday morning, at least you'll know why I'm about to collapse. :)
Anyway, back to work!
Claes Wallin (韋嘉誠) shared this.Show all 6 repliesWhy be indignant at the execution of a classic strategy? They are your opponents after all. You are a very limited resource, even if you were somehow dedicated 24hrs/day to GPL enforcement. Why have they not dedicated a bit more of their vast resources to occupying your limited resources? Do they just not find GPL enforcement a very important threat? That's what I'd be indignant about.
Your classic strategy of refusing to break coupled with (elsewhere) dismal prediction of a dark age brings to mind that folk tale and song about a steel-driving man.
Thoughts on Canonical, Ltd.'s Updated Ubuntu IP Policy
Most of you by now have probably seen Conservancy's and FSF's statements regarding the today's update to Canonical, Ltd.'s Ubuntu IP Policy. I have a few personal comments, speaking only for myself, that I want to add that don't appear in the FSF's nor Conservancy's analysis. (I wrote nearly all of Conservancy's analysis and did some editing on FSF's analysis, but the statements here I add are my personal opinions and don't necessarily reflect the views of the FSF nor Conservancy, notwithstanding that I have affiliations with both orgs.)
First of all, I think it's important to note the timeline: it took two years of work by two charities to get this change done. The scary thing is that compared to their peers who have also violated the GPL, Canonical, Ltd. acted rather quickly. As Conservancy pointed out regarding the VMware lawsuit, it's not uncommon for these negotiations to take even four years before we all give up and have to file a lawsuit. So, Canonical, Ltd. resolved the matter at least twice as fast as VMware, and they deserve some credit for that — even if other GPL violators have set the bar quite low.
Second, I have to express my sympathy for the positions on this matter taken by Matthew Garrett and Jonathan Riddell. Their positions show clearly that, while the GPL violation is now fully resolved, the community is very concerned about what the happens regarding non-copylefted software in Ubuntu, and thus Ubuntu as a whole.
Realize, though, that these trump clauses are widely used throughout the software industry. For example, electronics manufacturers who ship an Android/Linux system with standard, disgustingly worded, forbid-everything EULA usually include a trump clause not unlike Ubuntu's. In such systems, usually, the only copylefted program is the kernel named Linux. The rest of the distribution includes tons of (now proprietarized) non-copylefted code from Android (as well as a bunch of born-proprietary applications too). The trump clause assures the software freedom rights for that one copylefted work present, but all the non-copylefted ones are subject to the strict EULA (which often includes “no reverse engineer clauses”, etc.). That means if the electronics company did change the Android Java code in some way, you can't even legally reverse engineer it — even though it was Apache-licensed by upstream.
This whole situation seems to me a simple argument for why copyleft matters. Copyleft can and does (when someone like me actually enforces it) prevent these types of situations. But copyleft is not infinitely expansive. Nearly every full operating system distribution available includes an aggregated mix of copylefted, non-copyleft, and often fully-proprietary userspace applications. Nearly every company that distributes them wraps the whole thing with some agreement that restricts some rights that copyleft defends, and then adds a trump clause that gives an exception just for FLOSS license compliance. I have never seen a trump clause that guarantees copyleft-like compliance for non-copylefted programs and packages. Thus, the problem with Ubuntu is just a particularly bad example of what has become a standard industry practice by nearly every “open source” company.
How badly these practices impact software freedom depends on the strictness and detailed terms of the overarching license (and not the contents of the trump clause itself; they are generally isomorphic0). The task of analyzing and rating “relative badness” of each overarching licensing document is monumental; there are probably thousands of different ones in use today. Matthew Garrett points out why Canonical, Ltd.'s is particularly bad, but that doesn't mean there aren't worse (and better) situations of a similar ilk. Perhaps our next best move is to use copyleft licenses more often, so that the trump clauses actually do more.
In other words, as long as there is non-copylefted software aggregated in a given distribution of an otherwise Free Software system, companies will seek to put non-Free terms on top of the non-copylefted parts, To my knowledge, every distribution-shipping company (except for extremely rare, Free-Software-focused companies like ThinkPenguin) place some kind of restrictions in their business terms for their enterprise distribution products. Everyone seems to be asking me today to build the “worst to almost-benign” ranking of these terms, but I've resisted the urge to try. I think the safe bet is to assume that if you're looking at one of these trump clauses, there is some sort of software-freedom-unfriendly restriction floating around in the broader agreement, and you should thus just avoid that product entirely. Or, if you really want to use it, fork it from source and relicense the non-copylefted stuff under copyleft licenses (which is permitted by nearly all non-copyleft licenses), to prevent future downstream actors from adding more restrictive terms. I'd even suggest this as a potential solution to the current Ubuntu problem (or, better yet, just go back upstream to Debian and do the same :).
Finally, IMO the biggest problem with these “overarching licenses with a trump clause” is their use by companies who herald “open source” friendliness. I suspect the community ire comes from a sense of betrayal. Yet, I feel only my usual anger at proprietary software here; I don't feel betrayed. Rather, this is just another situation that proves that saying you are an “open source company” isn't enough; only the company's actions and “fine print” terms matter. Now that open source has really succeeded at coopting software freedom, enormous effort is now required to ascertain if any company respects your software freedom. We must ignore the ballyhoo of “community managers” and look closely at the real story.
0Despite Canonical, Ltd.'s use of a trump clause, I don't think these various trump clauses are canonically isomorphic. There is no natural mapping between these various trump clauses, but they all do have the same effect: they assure that when the overarching terms conflict with the a FLOSS license, the FLOSS license triumphs over the overarching terms, no matter what they are. However, the potential relevance of the phrase “canonical isomorphism” here is yet another example why it's confusing and insidious that Canonical, Ltd. insisted so strongly on using canonical in a non-canonical way.
Well, this will still get interesting. I had the opportunity to read through the toybox rationale against copyleft and am not satisfied with that write-up either. As I see through work at my employer, someone determined to get something will try very hard to make it happen regardless of the preparations in place. Compliance violators don't like to come into compliance either.
In the end...how can we appropriately address this in copyleft-next?
Richard Fontana likes this.
Did You Actually Read the Lower Court's Decision?
I'm seeing plenty of people, including some non-profit organizations along with the usual punditocracy, opining on the USA Supreme Court's denial for a writ of certiorari in the Oracle v. Google copyright infringement case. And, it's not that I expect everyone in the world to read my blog, but I'm amazed that people who should know better haven't bothered to even read the lower Court's decision, which is de-facto upheld upon denial by the Supreme Court to hear the appeal.
I wrote at great length about why the decision isn't actually a decision about whether APIs are copyrightable, and that the decision actually gives us some good clarity with regard to the issue of combined work distribution (i.e., when you distribute your own works with the copyrighted material of others combined into a single program). The basic summary of the blog post I linked to above is simply: The lower Court seemed genially confused about whether Google copy-and-pasted code, as the original trial seems to have inappropriately conflated API reimplemenation with code cut-and-paste.
No one else has addressed this nuance of the lower Court's decision in the year since the decision came down, and I suspect that's because in our TL;DR 24-hour-news cycle, it's much easier for the pundits and organizations tangentially involved with this issue to get a bunch of press over giving confusing information.
So, I'm mainly making this blog post to encourage people to go back and read the decision and my blog post about it. I'd be delighted to debate people if they think I misread the decision, but I won't debate you unless you assure me you read the lower Court's decision in its entirety. I think that leaves virtually no one who will. :-/
There were more last time.
I got curious when the last time there were this many candidates for the Republican presidential primary. I only had to go back on election. In 2012, there were 19. So, we're only at 14 at the moment!
I really wish they just throw all the primary candidates from all the parties (including third parties) into one big election with STV. Bernie Sanders might actually win that way. :)
Of course, this would require a major constitutional amendment.
A lot of the so-called Founding Fathers were against a two-party system.
Claes Wallin (韋嘉誠) shared this.Show all 6 repliesYeah, single seat STV is really just IRV, which has serious issues. For multiseat constituencies it seems to me it should have something going for it. I can't see reweighted range voting happening in a proportional system any time soon. Would be happy to see more research in the proportional vote area.
I realized it must be very frustrating to be Steve Smith, the original drummer for Journey today, because the news keep saying that Journey's drummer is facing a rape charge. I got curious and I looked this up, and as I suspected, Journey's drummer has changed various times. (It's one of those bands that's more of a franchise than a band; they got news a while back when they replaced Steve Perry with a singer they found on youtube). Deen Castronovo is the current drummer who is facing the rape charge, for the record.
I started wondering how many people wondered about this when they heard the story, but then I realized most people have probably never heard of Journey. (They were very popular when I was a kid which is why I've heard of them). I guess that Glee show using their song gave them new life or something? I suspect without that, it wouldn't even be news that Journey's drummer is facing rape charges.Show all 6 replies
Fontana, I think (since you don't disclose your year of birth), that you are a few years older than me. It may turn out that Journey's popularity missed you by a few years.
They charted in the early 1980s.
Those who grew up in the USA with formative years in the 1980s probably realize that radio airplay in the USA during that time, mixed with the burgeoning MTV, made "missing" the big current band virtually impossible.
Richard Fontana likes this.It's more complicated than whatever age I may have been. The main thing was that I was turning away from exposure to commercial music radio at precisely the time period in which Journey was apparently reaching its zenith of airplay.
Looking at the Wikipedia article on Journey, I see that "Who's Crying Now" was one of their hits from 1981. I definitely remember that one though I have no memory of knowing that the song was by Journey. I guess the same is true of "Don't Stop Believing" - also from 1981. I remember that song but I am not sure I knew it was a Journey song before the coverage of The Sopranos finale. I imagine there were other Journey hits from the early 1980s I'd recognize too.
My main memory of Journey's existence was some TV show I remember watching in the early 1980s which profiled Journey. Also on this show there was an interview with Stephen Stills and I remember him saying that Neil Young showed up to Crosby Stills Nash & Young recording sessions stoned and that this caused a strain on the group. So I remember that kind of detail, but Journey all I remember was the name and that they had long hair.
I am pretty sure Journey was not popular with the kids I was going to school with at the time. Which might mean there was already a class thing going on and Journey was seen as a variety of Jersey/Long Island band (cf. my vague association of Journey with New Jersey).
Beginning at the end of summer 1982 I began listening to all sorts of alternatives to commercial music radio (this was in the New York radio market - the stations I discovered were WBGO (jazz), WKCR (better quality jazz and weird classical stuff), WNYC (classical but I was mainly interested in John Schafer's 'New Sounds' show), also the more conventional classical station around 103 FM whose call letters escape me. This opened up multiple new worlds for me although I did not quite leave behind commercial FM music radio, because I remember still listening to WLIR as late as fall 1983, though I think it was mainly something to listen to in the morning while getting ready for school.
The other issue was MTV. Remember that I lived in Brooklyn and (beginning fall 1983) Queens -- which had no access to cable TV at the time or for several years after that, related to the Donald Manes scandal. I had some exposure to MTV at a sort of summer school/camp for elite snobs that I went to in the summer of 1982. It didn't make a huge impression on me.
GPLv3 is now 8.
It seems that no one noticed yesterday was the 8th anniversary of GPLv3. I was going to write a blog post yesterday morning about it and then got too busy.
John Oliver Falls For Software Patent Trade Association Messaging
I've been otherwise impressed with John Oliver and his ability on Last Week Tonight to find key issues that don't have enough attention and give reasonably good information about them in an entertaining way — I even lauded Oliver's discussion of non-profit organizational corruption last year. I suppose that's why I'm particularly sad (as I caught up today on an old episode) to find that John Oliver basically fell for the large patent holders' pro-software-patent rhetoric on so-called “software patents”.
In short, Oliver mimics the trade association and for-profit software industry rhetoric of software patent reform rather than abolition — because trolls are the only problem. I hope the worlds' largest software patent holders send Oliver's writing staff a nice gift basket, as such might be the only thing that would signal to them that they fell into this PR trap. Although, it's admittedly slightly unfair to blame Oliver and his writers; the situation is subtle.
Indeed, someone not particularly versed in the situation can easily fall for this manipulation. It's just so easy to criticize non-practicing entities. Plus, the idea that the sole inventor might get funded on Shark Tank has a certain appeal, and fits a USAmerican sensibility of personal capitalistic success. Thus, the first-order conclusion is often, as Oliver's piece concludes, maybe if we got rid of trolls, things wouldn't be so bad.
And then there's also the focus on the patent quality issue; it's easy to convince the public that higher quality patents will make it ok to restrict software sharing and improvement with patents. It's great rhetoric for a pro-patent entities to generate outrage among the technology-using public by pointing to, say, an example of a patent that reads on every Android application and telling a few jokes about patent quality. In fact, at nearly every FLOSS conference I've gone to in the last year, OIN has sponsored a speaker to talk about that very issue. The jokes at such talks aren't as good as John Oliver's, but they still get laughs and technologists upset about patent quality and trolls — but through carefully cultural engineering, not about software patents themselves.
In fact, I don't think I've seen a for-profit industry and its trade associations do so well at public outrage distraction since the “tort reform” battles of the 1980s and 1990s, which were produced in part by George H. W. Bush's beloved M.C. Rove himself. I really encourage those who want to understand of how the anti-troll messaging manipulation works to study how and why the tort reform issue played out the way it did. (As I mentioned on the Free as in Freedom audcast, Episode 0x13, the documentary film Hot Coffee is a good resource for that.)
I've literally been laughed at publicly by OIN representatives when I point out that IBM, Microsoft, and other practicing entities do software patent shake-downs, too — just like the trolls. They're part of a well-trained and well-funded (by trade associations and companies) PR machine out there in our community to convince us that trolls and so-called “poor patent quality” are the only problems. Yet, nary a year has gone in my adult life where I don't see a some incident where a so-called legitimate, non-obvious software patent causes serious trouble for a Free Software project. From RSA, to the codec patents, to Microsoft FAT patent shakedowns, to IBM's shakedown of the Hercules open source project, to exfat — and that's just a few choice examples from the public tip of the practicing entity shakedown iceberg. IMO, the practicing entities are just trolls with more expensive suits and proprietary software licenses for sale. We should politically oppose the companies and trade associations that bolster them — and call for an end to software patents.Show all 15 repliesPatents build on top of patents all the time. That's not an argument against software patents. The best arguments I have found against software patents is that software is already covered by copyright and the fact that the claims of a software patent without any source code to go with them do not actually disclose anything of value to the public.
Mike Linksvayer likes this.I read the end of that aeaweb article, The Case Against Patents. I really liked the list of reforms to gain actual advantages. Especially the point that phasing out patents is not a difficult thing if you have the political will. The value of the patents held today will not erode if you shorten the lifespan of future patents, so nobody's balance sheet is hurt directly, companies will have time to adjust to the new reality. Existing business practices will be hurt of course, adjustment will be essential for the companies affected.
Mike Linksvayer likes this.
@Mike Linksvayer , I don't think there's anything we can do about this problem, other than create a record that there were people who opposed these things. I'm somewhat convinced that those who support software freedom, etc. are simply relegated now to recording their objections to how things went in hopes that future generations will solve these problems. The people who want to control and manipulate Open Source but will not give up their power is too great.
Free Software had a better chance when companies ignored it. Now, it's their plaything they will use against us.@bkuhn so by 'politically oppose' you just mean make statements for the record and you don't believe this will have any effect on abolishing software patents. As to future generations, volumes of objections to patents were recorded in the 1800s, almost totally forgotten. Sounds dismal. I'd work in some other field if I were you. IMO the beauty of free software is that it is not merely recording an objection, but blazing a different path.
Your claim that free software had a better chance when companies ignored it is extraordinary. A better chance at what? I urge you to spell this theory out.
Why Greet Apple's Swift 2.0 With Open Arms?
Apple announced last week that its Swift programming language — a currently fully proprietary software successor to Objective C — will probably be partially released under an OSI-approved license eventually. Apple explicitly stated though that such released software will not be copylefted. (Apple's pathological hatred of copyleft is reasonably well documented.) Apple's announcement remained completely silent on patents, and we should expect the chosen non-copyleft license will not contain a patent grant. (I've explained at great length in the past why software patents are a particularly dangerous threat to programming language infrastructure.)
Apple's dogged pursuit for non-copyleft replacements for copylefted software is far from new. For example, Apple has worked to create replacements for Samba so they need not ship Samba in OSX. But, their anti-copyleft witch hunt goes back much further. It began when Richard Stallman himself famously led the world's first GPL enforcement effort against NeXT, and Objective-C was liberated. For a time, NeXT and Apple worked upstream with GCC to make Objective-C better for the community. But, that whole time, Apple was carefully plotting its escape from the copyleft world. Fortuitously, Apple eventually discovered a technically brilliant (but sadly non-copylefted) research programming language and compiler system called LLVM. Since then, Apple has sunk millions of dollars into making LLVM better. On the surface, that seems like a win for software freedom, until you look at the bigger picture: their goal is to end copyleft compilers. Their goal is to pick and choose when and how programming language software is liberated. Swift is not a shining example of Apple joining us in software freedom; rather, it's a recent example of Apple's long-term strategy to manipulate open source — giving our community occasional software freedom on Apple's own terms. Apple gives us no bread but says let them eat cake instead.
Apple's got PR talent. They understand that merely announcing the possibility of liberating proprietary software gets press. They know that few people will follow through and determine how it went. Meanwhile, the standing story becomes: Wait, didn't Apple open source Swift anyway?. Already, that false soundbite's grip strengthens, even though the answer remains a resoundingly No!. However, I suspect that Apple will probably meet most of their public pledges. We'll likely see pieces of Swift 2.0 thrown over the wall. But the best stuff will be kept proprietary. That's already happening with LLVM, anyway; Apple already ships a no-source-available fork of LLVM.
Thus, Apple's announcement incident hasn't happened in a void. Apple didn't just discover open source after years of neutrality on the topic. Apple's move is calculated, which led various industry pundits like O'Grady and Weinberg to ask hard questions (some of which are similar to mine). Yet, Apple's hype is so good, that it did convince one trade association leader.
To me, Apple's not-yet-executed move to liberate some of the Swift 2.0 code seems a tactical stunt to win over developers who currently prefer the relatively more open nature of the Android/Linux platform. While nearly all the Android userspace applications are proprietary, and GPL violations on Android devices abound, at least the copyleft license of Linux itself provides the opportunity to keep the core operating system of Android liberated. No matter how much Swift code is released, such will never be true with Apple.
I'm often pointing out in my recent talks how complex and treacherous the Open Source and Free Software political climate became in the last decade. Here's a great example: Apple is a wily opponent, able to Open Source (the cooption of Free Software) to manipulate the press and hoodwink the would-be spokespeople for Linux to support them. Many of us software freedom advocates have predicted for years that Free Software unfriendly companies like Apple would liberate more and more code under non-copyleft licenses in an effort to create walled gardens of seeming software freedom. I don't revel in my past accuracy of such predictions; rather, I feel simply the hefty weight of Cassandra's curse.Show all 5 replies