Bradley M. Kuhn email@example.com
originally from Baltimore, MD, USA.
President and Distinguished Technologist at Software Freedom Conservancy. On the Board of Directors of the Free Software Foundation. Generally, a Software Freedom advocate, GPL Enforcer, and Occasional developer..
Supporting Conservancy Makes a Difference
Supporting Conservancy Makes a Difference
Sunday 31 December 2017 by Bradley M. Kuhn
Earlier this year, in February, I wrote a blog post encouraging people to donate to where I work, Software Freedom Conservancy. I've not otherwise blogged too much this year. It's been a rough year for many reasons, and while I personally and Conservancy in general have accomplished some very important work this year, I'm reminded as always that more resources do make things easier.
I understand the urge, given how bad the larger political crises have gotten, to want to give to charities other than those related to software freedom. There are important causes out there that have become more urgent this year. Here's three issues which have become shockingly more acute this year:
- making sure the USA keeps it commitment to immigrants to allow them make a new life here just like my own ancestors did,
- assuring that the great national nature reserves are maintained and left pristine for generations to come,
- assuring that we have zero tolerance abusive behavior — particularly by those in power against people who come to them for help and job opportunities.
These are just three of the many issues this year that I've seen get worse, not better. I am glad that I know and support people who work on these issues, and I urge everyone to work on these issues, too.
Nevertheless, as I plan my primary donations this year, I'm again, as I always do, giving to the FSF and my own employer, Software Freedom Conservancy. The reason is simple: software freedom is still an essential cause and it is frankly one that most people don't understand (yet). I wrote almost two years ago about the phenomenon I dubbed Kuhn's Paradox. Simply put: it keeps getting more and more difficult to avoid proprietary software in a normal day's tasks, even while the number of lines of code licensed freely gets larger every day.
As long as that paradox remains true, I see software freedom as urgent. I know that we're losing ground on so many other causes, too. But those of you who read my blog are some of the few people in the world that understand that software freedom is under threat and needs the urgent work that the very few software-freedom-related organizations, like the FSF and Software Freedom Conservancy are doing. I hope you'll donate now to both of them. For my part, I gave $120 myself to FSF as part of the monthly Associate Membership program, and in a few minutes, I'm going to give $400 to Conservancy. I'll be frank: if you work in technology in an industrialized country, I'm quite sure you can afford that level of money, and I suspect those amounts are less than most of you spent on technology equipment and/or network connectivity charges this year. Make a difference for us and give to the cause of software freedom at least as much a you're giving to large technology companies.
Finally, a good reason to give to smaller charities like FSF and Conservancy is that your donation makes a bigger difference. I do think bigger organizations, such as (to pick an example of an organization I used to give to) my local NPR station does important work. However, I was listening this week to my local NPR station, and they said their goal for that day was to raise $50,000. For Conservancy, that's closer to a goal we have for entire fundraising season, which for this year was $75,000. The thing is: NPR is an important part of USA society, but it's one that nearly everyone understands. So few people understand the threats looming from proprietary software, and they may not understand at all until it's too late — when all their devices are locked down, DRM is fully ubiquitous, and no one is allowed to tinker with the software on their devices and learn the wonderful art of computer programming. We are at real risk of reaching that distopia before 90% of the world's population understands the threat!
Thus, giving to organizations in the area of software freedom is just going to have a bigger and more immediate impact than more general causes that more easily connect with people. You're giving to prevent a future that not everyone understands yet, and making an impact on our work to help explain the dangers to the larger population.
I wonder if I'm the only person in the world who analyzes extended warranties on electronics like prop bets.
I'm buying a laptop for my wife. The extended warranty cost is a 1-to-16 bet against the price today of the laptop.
So, i sit and think: "If I were to buy this laptop 16 times would at least one of them fail in the second year? Third year?"
I have concluded that it's a bad bet, for two reasons: (0) Companies employ acctuaries to analyze these situations with tons of data to ensure it's a bad bet, and (1) when I factor in the odds that I can repurpose a partly broken laptop (e.g., if only the wifi subsystem fails) into a useful task anyway, there is added value that isn't inherent when I consider "broken to point of unusable". I'm not sure how to quantify its numeric effect on the odds, but I suspect it puts well out of the 1-to-16 per-year area that the company is offering for warranty pricing.Re: (0) it can be a good bet for the company and for you, for rational loss-aversion reasons. Fixing the laptop may be more value to you than the cost for the company, and having a warranty and a place to call that will fix it may lower transaction costs for you compared to trying to fix it with a third party.
But yeah, I don't buy extended warranties. I try to make sure there's no invaluable data on the machine, so that it is trivial to chuck out and replace if need be.Generally I avoid warranties like the plague. I did buy an extended warranty on a phone I bought a few years ago. Worked out well when the non-replaceable battery started dying in the second year--even though it should have been considered a manufacturer defect.
For laptops that we loan out to students at our library, however, we buy extended warranties that cover damage due to drops, etc. This protects the students from heinous charges when the inevitable accidents happen.
"How Do You Take your Brandy Sir?" "In a glass."
Doing a bit of work on a flight; I like to throw on a film I've seen before for background. Delta has TCM classic film selection now, so I'm watching The Big Sleep. If you haven't seen this film, you should see it, and read the book too. I've done both. It reminds me that movies used to be huge crowd pleasers with big stars and of amazing literary quality.
I said to my wife tonight that Trump could save time (and thus spend more time POTUS-ing rather than tweeting) by using a Markov chain to generate his tweets based on past data and that they'd likely be just as coherent.
I wasn't the only person who thought of this; I quickly found this: https://filiph.github.io/markov/
Make Markov chains great again. Sad.
>> Mike Linksvayer:
“This is your first dent in 5 months? S__.
Anyway, I suggest the reverse would be more useful. Markov POTUS, the entity you refer to dedicated full time to microblogging.”
You should submit that idea for reinventing government. We could layoff a few GS-13 or higher grade people in other agencies who are the official Twitter posters. I kid you not that they get paid that obscenely high.
Cloud Computing, due to Conquest Mo Money and pointless Senior Investment has left us with a Classic Empire, and we're still Always Dreaming.
I don't follow horse racing on purpose, but I turned on the TV just during the Post Parade for the Preakness. There is a horse named "Cloud Computing" in the Preakness. http://www.preakness.com/race-info
Looking forward to this call from the announcer:
I'ts a Multipler leading a Conquest Mo Money. Everyone wants Cloud Computing. Senior Investment is just outside of Cloud Computing. No, it's Classic Empire over Cloud Computing. And the Conquest Mo Money is really messing up this race. Cloud Computing has fallen behind; we've discovered it's just Term of Art. No wait, Term of Art is just not enough to make it past Cloud Computing. And We're left with Always Dreaming. We've just gotta be Always Dreaming; Cloud Computing just can't do it.
Why GPL Compliance Education Materials Should Be Free as in Freedom
[ This blog was crossposted on Software Freedom Conservancy's website. ]
I am honored to be a co-author and editor-in-chief of the most comprehensive, detailed, and complete guide on matters related to compliance of copyleft software licenses such as the GPL. This book, Copyleft and the GNU General Public License: A Comprehensive Tutorial and Guide (which we often call the Copyleft Guide for short) is 155 pages filled with useful material to help everyone understand copyleft licenses for software, how they works, and how to comply with them properly. It is the only document to fully incorporate esoteric material such as the FSF's famous GPLv3 rationale documents directly alongside practical advice, such as the pristine example, which is the only freely published compliance analysis of a real product on the market. The document explains in great detail how that product manufacturer made good choices to comply with the GPL. The reader learns by both real-world example as well as abstract explanation.
However, the most important fact about the Copyleft Guide is not its useful and engaging content. More importantly, the license of this book gives freedom to its readers in the same way the license of the copylefted software does. Specifically, we chose the Creative Commons Attribution Share-Alike 4.0 license (CC BY-SA) for this work. We believe that not just software, but any generally useful technical information that teaches people should be freely sharable and modifiable by the general public.
The reasons these freedoms are necessary seem so obvious that I'm surprised I need to state them. Companies who want to build internal training courses on copyleft compliance for their employees need to modify the materials for that purpose. They then need to be able to freely distribute them to employees and contractors for maximum effect. Furthermore, like all documents and software alike, there are always “bugs”, which (in the case of written prose) usually means there are sections that are fail to communicate to maximum effect. Those who find better ways to express the ideas need the ability to propose patches and write improvements. Perhaps most importantly, everyone who teaches should avoid NIH syndrome. Education and science work best when we borrow and share (with proper license-compliant attribution, of course!) the best material that others develop, and augment our works by incorporating them.
These reasons are akin to those that led Richard M. Stallman to write his seminal essay, Why Software Should Be Free. Indeed, if you reread that essay now — as I just did — you'll see that much of damage and many of the same problems to the advancement of software that RMS documents in that essay also occur in the world of tutorial documentation about FLOSS licensing. As too often happens in the Open Source community, though, folks seek ways to proprietarize, for profit, any copyrighted work that doesn't already have a copyleft license attached. In the field of copyleft compliance education, we see the same behavior: organizations who wish to control the dialogue and profit from selling compliance education seek to proprietarize the meta-material of compliance education, rather than sharing freely like the software itself. This yields an ironic exploitation, since the copyleft license documented therein exists as a strategy to assure the freedom to share knowledge. These educators tell their audiences with a straight face: Sure, the software is free as in freedom, but if you want to learn how its license works, you have to license our proprietary materials! This behavior uses legal controls to curtail the sharing of knowledge, limits the advancement and improvement of those tutorials, and emboldens silos of know-how that only wealthy corporations have the resources to access and afford. The educational dystopia that these organizations create is precisely what I sought to prevent by advocating for software freedom for so long.
While Conservancy's primary job provides non-profit infrastructure for Free Software projects, we also do a bit of license compliance work as well. But we practice what we preach: we release all the educational materials that we produce as part of the Copyleft Guide project under CC BY-SA. Other Open Source organizations are currently hypocrites on this point; they tout the values of openness and sharing of knowledge through software, but they take their tutorial materials and lock them up under proprietary licenses. I hereby publicly call on such organizations (including but not limited to the Linux Foundation) to license materials such as those under CC BY-SA.
I did not make this public call for liberation of such materials without first trying friendly diplomacy first. Conservancy has been in talks with individuals and staff who produce these materials for some time. We urged them to join the Free Software community and share their materials under free licenses. We even offered volunteer time to help them improve those materials if they would simply license them freely. After two years of that effort, it's now abundantly clear that public pressure is the only force that might work0. Ultimately, like all proprietary businesses, the training divisions of Linux Foundation and other entities in the compliance industrial complex (such as Black Duck) realize they can make much more revenue by making materials proprietary and choosing legal restrictions that forbid their students from sharing and improving the materials after they complete the course. While the reality of this impasse regarding freely licensing these materials is probably an obvious outcome, multiple sources inside these organizations have also confirmed for me that liberation of the materials for the good of general public won't happen without a major paradigm shift — specifically because such educational freedom will reduce the revenue stream around those materials.
Of course, I can attest first-hand that freely liberating tutorial materials curtails revenue. Karen Sandler and I have regularly taught courses on copyleft licensing based on the freely available materials for a few years — most recently in January 2017 at LinuxConf Australia and at at OSCON in a few weeks. These conferences do kindly cover our travel expenses to attend and teach the tutorial, but compliance education is not a revenue stream for Conservancy. While, in an ideal world, we'd get revenue from education to fund our other important activities, we believe that there is value in doing this education as currently funded by our individual Supporters; these education efforts fit withour charitable mission to promote the public good. We furthermore don't believe that locking up the materials and refusing to share them with others fits a mission of software freedom, so we never considered such as a viable option. Finally, given the institutionally-backed FUD that we've continue to witness, we seek to draw specific attention to the fundamental difference in approach that Conservancy (as a charity) take toward this compliance education work. (My my recent talk on compliance covered on LWN includes some points on that matter, if you'd like further reading).
0One notable exception to these efforts was the success of my colleague, Karen Sandler (and others) in convincing the OpenChain project to choose CC-0 licensing. However, OpenChain is not officially part of the LF training curriculum to my knowledge, and if it is, it can of course be proprietarized therein, since CC-0 is not a copyleft license.
After two years of that effort, it's now abundantly clear that public pressure is the only force that might work
I'd like to know why improving free materials is not among the forces that could work. Pleading isn't how free software has obtained the successes it has.
Mike, I agree that we need to improve existing materials. My point in the blog post is to point out that, like with Free Software development itself, we have proprietary competitors that we have to succeed against, and that these proprietary competitors are entities that people tend to think are on our side. They aren't.
I have spent a lot of my career helping organizations release work as Free Software. I tried the same here, for years, discussing with people at the Linux Foundation, asking them to release their materials under Free licenses. They pretended to be working with me, then stopped talking to me and released even more proprietary materials. I think public pressure can possible have an impact on that behavior, which is why I wrote the blog post.
But I agree with you that we shouldn't spend further time pleading with them. One plea is enough. I've made it. Now let's get to work on copyleft.org. :)
Supporting Conservancy Makes a Difference
There are a lot of problems in our society, and particularly in the USA, right now, and plenty of charities who need our support. The reason I continue to focus my work on software freedom is simply because there are so few focused on the moral and ethical issues of computing. Open Source has reached its pinnacle as an industry fad, and with it, a watered-down message: “having some of the source code for some of your systems some of the time is so great, why would you need anything more?”. Universal software freedom is however further from reality than it was even a few years ago. At least a few of us, in my view, must focus on that cause.
I did not post many blog posts about this in 2016. There was a reason for that — more than any other year, work demands at Conservancy have been constant and unrelenting. I enjoy my work, so I don't mind, but blogging becomes low priority when there is a constant backlog of urgent work to support Conservancy's mission and our member projects. It's not just Conservancy's mission, of course, it's my personal one as well.
For our 2016 fundraiser, I wrote last year a blog post entitled “Do You Like What I Do For a Living?”. Last year, so many of you responded, that it not only made it possible for me to continue that work for one more year, but we were able to add our colleague Brett C. Smith to our staff, which brought Conservancy to four full-time staff for the first time. We added a few member projects (and are moving that queue to add more in 2017), and sure enough — the new work plus the backlog of work waiting for another staffer filled Brett's queue just like my, Karen's and Tony's was already filled.
The challenge now is sustaining this staffing level. Many of you came to our aid last year because we were on the brink of needing to reduce our efforts (and staffing) at Conservancy. Thanks to your overwhelming response, we not only endured, but we were able to add one additional person. As expected, though, needs of our projects increased throughout the year, and we again — all four of us full-time staff — must work to our limits to meet the needs of our projects.
Charitable donations are a voluntary activity, and as such they have a special place in our society and culture. I've talked a lot about how Conservancy's Supporters give us a mandate to carry out our work. Those of you that chose to renew your Supporter donations or become new Supporters enable us to focus our full-time efforts on the work of Conservancy.
On the signup and renewal page, you can read about some of our accomplishments in the last year (including my recent keynote at FOSDEM, an excerpt of which is included here). Our work does not follow fads, and it's not particularly glamorous, so only dedicated Supporters like you understand its value. We don't expect to get large grants to meet the unique needs of each of our member projects, and we certainly don't expect large companies to provide very much funding unless we cede control of the organization to their requests (as trade associations do). Even our most popular program, Outreachy, is attacked by a small group of people who don't want to see the status quo of privileged male domination of Open Source and Free Software disrupted.
Supporter contributions are what make Conservancy possible. A year ago, you helped us build Conservancy as a donor-funded organization and stabilize our funding base. I now must ask that you make an annual commitment to renewal — either by renewing your contribution now or becoming a monthly supporter, or, if you're just learning about my work at Conservancy from this blog post, reading up on us and becoming a new Supporter.
Years ago, when I was still only a part-time volunteer at Conservancy, someone who disliked our work told me that I had “invented a job of running Conservancy”. He meant it as an insult, but I take it as a compliment with pride. In fact, between me and my colleague (and our Executive Director) Karen Sandler, we've “invented” a total of four full-time jobs and one part-time one to advance software freedom. You helped us do that with your donations. If you donate again today, your donation will be matched to make the funds go further.
Many have told me this year that they are driven to give to other excellent charities that fight racism, work for civil and immigration rights, and other causes that seem particularly urgent right now. As long as there is racism, sexism, murder, starvation, and governmental oppression in the world, I cannot argue that software freedom should be made a priority above all of those issues. However, even if everyone in our society focused on a single, solitary cause that we agreed was the top priority, it's unlikely we could make quicker progress. Meanwhile, if we all single-mindedly ignore less urgent issues, they will, in time, become so urgent they'll be insurmountable by the time we focus on them.
Industrialized nations have moved almost fully to computer automation for most every daily task. If you question this fact, try to do your job for a day without using any software at all, or anyone using software on your behalf, and you'll probably find it impossible. Then, try to do your job using only Free Software for a day, and you'll find, as I have, that tasks that should take only a few minutes take hours when you avoid proprietary software, and some are just impossible. There are very few organizations that are considering the long-term implications of this slowly growing problem and making plans to build the foundations of a society that doesn't have that problem. Conservancy is one of those few, so I hope you'll realize that long-term value of our lifelong work to defend and expand software freedom and donate.
Microsoft's Committment to Open Source: Lock up LibreOffice for you.
Bad SNAFU when facing a major deadline for Conservancy's FY 2015 audit: a rather simple, one-page xlsx spreadsheet, which I desperately need to edit and round-trip back to our auditors, that reproducibly locks up LibreOffice.
It does so *even if* you just open the xlsx file and attempt to resave it as ODS.
Linux Foundation told me last year that Microsoft had fortified its commitment to Open Source:
I'll believe that's actually true when they liberate the Microsoft Office code, not before.
(I was finally able to work around the problem by cut-and-paste from the opened XLSX file into a new ODS file, and most of the formulas came through with that paste ok, but there's yet another hour of my life lost because Microsoft opposes software freedom and has convinced so many people in the professional world to follow their lead.)
But hey, if they write big checks to the right organizations, we should just ignore that they're bent on making the world more difficult for LibreOffice?
(BTW, to show I'm equal opportunity on this point: trying to share data with people who use Google's proprietary Android apps have caused me trouble lately too, but not in a professional capacity I had trouble coordinating appointments with a dog walker).)
Lars Wirzenius shared this.
Well, MS is clearly horrible, their closed/patented/secret proprietary formats are pure unadulterated crap, and their "we love open source" and "we love Linux" lines are just ridiculous.
That being said, I don't think it's fair or reasonable to blame $ENTITY when a program made by $NOT-ENTITY crashes or freezes when trying to load a file in that crappy format by $ENTITY.
Said program should handle exceptions properly, and if it can't load the crappy file correctly (to be expected, being a secret/obfuscated/overall crappy format), it should handle that and show a "I can't display this piece of **** of a format" message, but not crash or freeze. Exception handling is a thing for a reason, just like sanitizing inputs is.
Is that file (the clean version of course), something that can be shared? It'd be probably good if the LO developers could test against it, if you haven't already sent it to them =)
Unicode "dirt speck" character set?
With the advent of http://www.fileformat.info/info/unicode/block/geometric_shapes/list.htm and Emacs' full support for Unicode, now, more than ever I must keep my LCD displays very clean.
I just hit CTRL-D four times on the same spot on my screen attempting to delete something that looked like this:◦ or some other tiny mark.
In the old days of 7 bit ASCII, a dirt spot had to be as noticable as a '.' to cause this problem. I look now carefully and I literally have at least two ◦-looking dirt specks on my main LCD, and looking carefully I found one that looks like
What a strange world we live in thanks to Unicode. And I say that having never even used an emoji.
Where can I get a $3 website?
Trump says that it only costs $3 to build a website:
I'd definitely get ebb.org redesigned for me if it would only cost $3. I'd send Trump an email to ask him where to get these $3 websites if I didn't know for sure he's lying.
Even if you outsource to the developing world, I don't think you can get a website for $3. The bandwidth costs more than that per month if you even get a few hits.
Douglas Perkins likes this.
Form 990 in the news
Every once in a while, a Form 990 is in the news.
Today, they're talking about FY 2015 Donald J Trump Foundation one. Yet, I can't find an actual copy of it.
BTW, I am not sure where the phrase 'self-dealing' comes from. The IRS forms talk about payments to disqualified person.
(And, if you were wondering, I'm a disqualified person for Conservancy, usually any director or officer is).
I noticed the phrase self-dealing is used more often for private foundations, like Trump's, which file a 990-PF rather than a usual 990.
Stephen Michael Kellat likes this.
Did you apply at http://www.greatagain.gov to head up an agency? It doesn't matter if you're not a Republican as a certain number of slots must be held by people outside the President's party. Heck, apply for a slot at the FCC. Be advised that as I hold a career slot I'm stuck where I am for the moment.
As to grabbing the 990, it can sometimes be dislodged by sending a Form 4506-A to the IRS who can turn over a "Modernized e-File" print: https://www.irs.gov/uac/about-form-4506a
Nathan Willis likes this.
Prop betting on the election
I'm now offering 9-to-1 to take the field of presidential candidates against Trump. 538 has him only as a about a 4-to-1 dog. I get the field (yes, the tiny edge of third party candidates make a difference ;) against Trump.
Of course, I'm a bit of a fish when it comes to betting on elections. I did take Kerry at 1.2-to-1.
Stephen Michael Kellat likes this.
Conservancy's First GPL Enforcement Feedback Session
[ This blog was crossposted on Software Freedom Conservancy's website. ]
As I mentioned in an earlier blog post, I had the privilege of attending Embedded Linux Conference Europe (ELC EU) and the OpenWrt Summit in Berlin, Germany earlier this month. I gave a talk (for which the video is available below) at the OpenWrt Summit. I also had the opportunity to host the first of many conference sessions seeking feedback and input from the Linux developer community about Conservancy's GPL Compliance Project for Linux Developers.
ELC EU has no “BoF Board” where you can post informal sessions. So, we scheduled the session by word of mouth over a lunch hour. We nevertheless got an good turnout (given that our session's main competition was eating food :) of about 15 people.
Most notably and excitingly, Harald Welte, well-known Netfilter developer and leader of gpl-violations.org, was able to attend. Harald talked about his work with gpl-violations.org enforcing his own copyrights in Linux, and explained why this was important work for users of the violating devices. He also pointed out that some of the companies that were sued during his most active period of gpl-violations.org are now regular upstream contributors.
Two people who work in the for-profit license compliance industry attended as well. Some of the discussion focused on usual debates that charities involved in compliance commonly have with the for-profit compliance industry. Specifically, one of them asked how much compliance is enough, by percentage? I responded to his question on two axes. First, I addressed the axis of how many enforcement matters does the GPL Compliance Program for Linux Developers do, by percentage of products violating the GPL? There are, at any given time, hundreds of documented GPL violating products, and our coalition works on only a tiny percentage of those per year. It's a sad fact that only that tiny percentage of the products that violate Linux are actually pursued to compliance.
On the other axis, I discussed the percentage on a per-product basis. From that point of view, the question is really: Is there a ‘close enough to compliance’ that we can as a community accept and forget about the remainder? From my point of view, we frequently compromise anyway, since the GPL doesn't require someone to prepare code properly for upstream contribution. Thus, we all often accept compliance once someone completes the bare minimum of obligations literally written in the GPL, but give us a source release that cannot easily be converted to an upstream contribution. So, from that point of view, we're often accepting a less-than-optimal outcome. The GPL by itself does not inspire upstreaming; the other collaboration techniques that are enabled in our community because of the GPL work to finish that job, and adherence to the Principles assures that process can work. Having many people who work with companies in different ways assures that as a larger community, we try all the different strategies to encourage participation, and inspire today's violators to become tomorrow upstream contributors — as Harald mention has already often happened.
That same axis does include on rare but important compliance problem: when a violator is particularly savvy, and refuses to release very specific parts of their Linux code (as VMware did), even though the license requires it. In those cases, we certainly cannot and should not accept anything less than required compliance — lest companies begin holding back all the most interesting parts of the code that GPL requires them to produce. If that happened, the GPL would cease to function correctly for Linux.
After that part of the discussion, we turned to considerations of corporate contributors, and how they responded to enforcement. Wolfram Sang, one of the developers in Conservancy's coalition, spoke up on this point. He expressed that the focus on for-profit company contributions, and the achievements of those companies, seemed unduly prioritized by some in the community. As an independent contractor and individual developer, Wolfram believes that contributions from people like him are essential to a diverse developer base, that their opinions should be taken into account, and their achievements respected.
I found Wolfram's points particularly salient. My view is that Free Software development, including for Linux, succeeds because both powerful and wealthy entities and individuals contribute and collaborate together on equal footing. While companies have typically only enforce the GPL on their own copyrights for business reasons (e.g., there is at least one example of a major Linux-contributing company using GPL enforcement merely as a counter-punch in a patent lawsuit), individual developers who join Conservancy's coalition follow community principles and enforce to defend the rights of their users.
At the end of the session, I asked two developers who hadn't spoken during the session, and who aren't members of Conservancy's coalition their opinion on how enforcement was historically carried out by gpl-violations.org, and how it is currently carried out by Conservancy's GPL Compliance Program for Linux Developers. Both responded with a simple response (paraphrased): it seems like a good thing to do; keep doing it!
I finished up the session by inviting everyone to the join the principles-discuss list, where public discussion about GPL enforcement under the Principles has already begun. I also invited everyone to attend my talk, that took place an hour later at the OpenWrt Summit, which was co-located with ELC EU. Your browser does not support the element. Perhaps you can or .
In that talk, I spoke about a specific example of community success in GPL enforcement. As explained on the OpenWrt history page, OpenWrt was initially made possible thanks to GPL enforcement done by BusyBox and Linux contributors in a coalition together. (Those who want to hear more about the connection between GPL enforcement and OpenWrt can view my talk at https://sfconservancy.org/videos/2016-10-13_Kuhn_GPL-Enforcement-OpenWrt.mp4 .)
Since there weren't opportunities to promote impromptu sessions on-site, this event was a low-key (but still quite nice) start to Conservancy's planned year-long effort seeking feedback about GPL compliance and enforcement. Our next session is an official BoF session at Linux Plumbers Conference, scheduled for next Thursday 3 November at 18:00. It will be led by my colleagues Karen Sandler and Brett Smith.
>> Bradley M. Kuhn:
“[...] I also invited everyone to attend my talk, that took place an hour later at the OpenWrt Summit, which was co-located with ELC EU. Your browser does not support the element. Perhaps you can or . [...] https://sfconservancy.org/videos/2016-10-13_Kuhn_GPL-Enforcement-OpenWrt.mp4 [...] ”
I don't think it's possible to embed videos in pump.io posts. Thanks for adding the URL.
Help Send Conservancy to Embedded Linux Conference Europe
This blog was crossposted on Software Freedom Conservancy's website. ]
Last month, Conservancy made a public commitment to attend Linux-related events to get feedback from developers about our work generally, and Conservancy's GPL Compliance Program for Linux Developers specifically. As always, even before that, we were regularly submitting talks to nearly any event with Linux in its name. As a small charity, we always request travel funding from the organizers, who are often quite gracious. As I mentioned in my blog posts about LCA 2016 and GUADEC 2016, the organizers covered my travel funding there, and recently both Karen and I both received travel funding to speak at LCA 2017 and DebConf 2016, as well as many other events this year.
Recently, I submitted talks for the CFPs of Linux Foundation's Embedded Linux Conference Europe (ELC EU) and the Prpl Foundation's OpenWRT Summit. The latter was accepted, and the folks at the Prpl Foundation graciously offered to fund my flight costs to speak at the OpenWRT Summit! I've never spoken at an OpenWRT event before and I'm looking forward to the opportunity getting to know the OpenWRT and LEDE communities better by speaking at that event, and am excited to discuss Conservancy's work with them.
OpenWRT Summit, while co-located, is a wholly separate event from LF's ELC EU. Unfortunately, I was not so lucky in my talk submissions there: my talk proposal has been waitlisted since July. I was hopeful after a talk cancellation in mid-August. (I know because the speaker who canceled suggested that I request his slot for my waitlisted talk.) Unfortunately, the LF staff informed me that they understandably filled his open slot with a sponsored session that came in.
The good news is that my OpenWRT Summit flight is booked, and my friend (and Conservancy Board Member Emeritus) Loïc Dachary (who lives in Berlin) has agreed to let me crash with him for that week. So, I'll be in town for the entirety of ELC EU with almost no direct travel costs to Conservancy! The bad news is that it seems my ELC EU talk remains waitlisted. Therefore, I don't have a confirmed registration for the rest of ELC EU (beyond OpenWRT Summit).
While it seems like a perfect and cost-effective opportunity to be able to attend both events, that seems harder than I thought! Once I confirmed my OpenWRT Summit travel arrangements, I asked for the hobbyist discount to register for ELC EU, but LF staff informed me yesterday that the hobbyist (as well as the other discounts) are sold out. The moral of the story is that logistics are just plain tough and time-consuming when you work for a charity with an extremely limited travel budget. ☻
Yet, it seems a shame to waste the opportunity of being in town with so many Linux developers and not being able to see or talk to them, so Conservancy is asking for some help from you to fund the $680 of my registration costs for ELC EU. That's just about six new Conservancy supporter signups, so I hope we can get six new Supporters before Linux Foundation's ELC EU conference begins on October 10th. Either way, I look forward to seeing those developers who attend the co-located OpenWRT Summit! And, if the logistics work out — perhaps I'll see you at ELC EU as well!
Scorpio20 likes this.
I know they're not much but those special checks from the treasury could be put to this if not already utilized. Granted, they're going to be stopping after the September one goes out until an undetermined point later but at least they're a pittance that was directed SFC's way.
Two Blog Posts Disguised as Mailing List Posts
There are plenty of mailing list threads to read, and I don't actually recommend the one that I'm talking about. I think it went on too long, was far too “ad hominem” rather than real policy. Somewhere beneath the surface there was a policy discussion being shouted down; if you look close, you can find find it underneath.
As he always does, Jon Corbet did an excellent job finding the real policy details in the “GPL defence” ksummit-discuss thread, and telling us all about it. I am very hard on tech journalism, but when it comes to reporting on Linux specifically, Jon and his colleagues at lwn.net have been, for nearly two decades, always been real, detailed, and balanced (and not in the Fox News way) tech journalism.
The main reason I made this blog post about it, though, is that I actually spent as much time on a few of my posts on the list as I would on any blog post, and I thought readers of my blog might want the content here. So I link to two posts in the thread that I encourage you to read. I also encourage you to read these two posts that my boss at my day job, Karen Sandler, made, which I think are very good as well.
And, to quote the fictional Forrest Gump: "That's all I have to say about that."
I really think the biggest impact of the GPL have been almost entirely outside any legal issues, and that it's a great document not because it's a great legal piece of writing, but because of much bigger issues. That may be why I reacted so negatively to seeing it argued that it's pointless without enforcement. Almost none of the successes of the GPL have ever been about the legal side.-- Linus, https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2016-August/003625.html
So basically: "[The release of the hostages was all our doing as brilliant negotiators, and not in any way related to the fact that the perpetrators knew there were snipers outside the building, watching their every move.]"
Let's talk about the lies spread by Bradley Kuhn, and about the projects where the SFLC and SFC killed them and salted the earth with their "help".-- Linus, https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2016-August/003580.html
Assuming this assessment of the Busybox outcome is correct (a big assumption), "salting the earth" is not necessarily a bad thing. It makes me think of the recent Bayesian Conspiracy episode on game theory.
In the Hawk-Dove game*, in a field of Hawks, Dove is the winning strategy, because Hawks are likely to fight other Hawks and get nothing. We don't want a field where all the Hawks are GPL violators and none of the Hawks are GPL enforcers. We want potential violators to see Dove as the winning strategy. All Doves would be nice, but we know from Brad's and Harald's enforcement backlogs that's not where we are.
Evolved cooperative species spend enormous amounts of effort punishing bad behavior, even when the outcome for the enforcing individual is a net negative. @evan and/or @mlinksva have also talked about how social movements need the full "radical fringe" to "pragmatic moderate" spectrum to win.**
* Hawks vs Doves:
H vs D, H gets +5, D gets +1
H vs H both get 0
D vs D both get +3
The Violator/Cooperator-Enforcer/Cooperator game is different of course, because two Violators or two Enforcers never fight (real-life Violators may fight of course, but that's outside the boundaries of this game, and maybe Cooperator vs Enforcer doesn't happen, but let's include it as Enforcers may make mistakes, and proto-Doves may look like Hawks). Also Violator vs Enforcer action has externalities on Cooperators etc. But I think people can still follow the analogy. :-D
** Of course, the list thread may be the display of a theory that "pragmatic moderates" need to publicly denounce the "radical fringe" in order for the dynamic to be maximally effective.I haven't read everything, but now I got to this part. I think this is the killer argument:
One reason (among many) we should bring lawsuits in those rare cases is to show everyone the 99.43% that they are much better off working with the community. We have plenty of evidence from company representatives who say clearly: "I can't get my company to comply unless the threat of lawsuit is realistic; we agree it's totally reasonable to sue the very few bad actors". Greg, representatives of some the same companies that I know you've worked with to improve compliance have told me and Karen that directly.-- @bkuhn, https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2016-August/003648.html
Everyone in the discussion seem to agree that there needs to be a last resort, and the disagreement is when it should come, but less than a handful of "last resort" instances in the 25 years of Linux history really isn't in any way a disproportional response, given the endless stream of violations.
I guess the difference is whether we trust you when you say that you tried really hard over the course of years to be the "good cop". I don't know if it's possible to convince Linus and Greg that you did. On the other hand, I'm not sure it matters.
I guess that means after a long flamewar, status quo reigns. Some people think this was a "last resort" moment, some people don't, almost every think they know one when they see one, but most people weren't even there.
Still, I'm glad you see it as your responsibility to be Kibo when the community talks about your actions. Otherwise, who would?
Software Freedom Doesn't Kill People, Your Security Through Obscurity Kills People
The time has come that I must speak out against the inappropriate rhetoric used by those who (ostensibly) advocate for FLOSS usage in automotive applications.
There was a catalyst that convinced me to finally speak up. I heard a talk today from a company representative of a software supplier for the automotive industry. He said during his talk: "putting GPLv3 software in cars will kill people" and "opening up the source code to cars will cause more harm than good". These statements are completely disingenuous. Most importantly, it ignores the fact that proprietary software in cars is at least equally, if not more, dangerous. At least one person has already been killed in a crash while using a proprietary software auto-control system. Volkswagen decided to take a different route; they decided to kill us all slowly (rather than quickly) by using proprietary software to lie about their emissions and illegally polluting our air.
Meanwhile, there has been not a single example yet about use of GPLv3 software that has harmed anyone. If you have such an example, email it to me and I promise to add it right here to this blog post.
So, to the auto industry folks and vendors who market to/for them: until you can prove that proprietary software assures safety in a way that FLOSS cannot, I will continue to tell you this: in the long and sad tradition of the Therac 25, your proprietary software has killed people, both quickly and slowly, and your attacks on GPLv3 and software freedom are not only unwarranted, they are clearly part of a political strategy to divert attention from your own industry's bad behavior and graft unfair blame onto FLOSS.
As a side note, during the talk's Q&A session, I asked this company's representatives how they assure compliance with the GPLv2 — particularly their compliance with provision of scripts used to control compilation and installation of the executable, which are so often missing for many products, including vehicles. The official answer was: Oh, I don't know. Not only does this company publicly claim security through obscurity is a viable solution, accuse copyleft advocates of endangering the public safety, they also seem to have not fully learned the lessons of making FLOSS license compliance a clear part of their workflow.
This is, unfortunately, my general impression of the status of the automotive industry.Show all 13 replies
@MikeLinksvayer, I do think license politics matter. I can't get past the fact that the bifrication of "non-copyleft good", 'copyleft bad" has won and been a great part of the cooption by Open Source of software freedom. But you and I should talk more about how I can modify advocacy to avoid it better so as to succeed in reaching those who are annoyed by such -- I suspect there is a way that I just don't see yet. I've been meaning to call anyway so I will after my current trip. :)
@Richard Fontana, I decided not to call out the specific name of the person who gave the talk. The statements were typical of those made by many different automotive industry representatives and their providers over a period of years. The fact that this particular individual wasn't any better or worse than others I've heard, so there was no reason to single him out. The problem is the general auto-industry rhetoric and talking points, not one person's version of it.@bkuhn While I agree with most of your post, I don't know if it's fair to say that the Tesla crash was due to proprietary software.The Tesla self-driving system, I'm almost certain, relies on machine learning and a neural network. I suspect that even if their algorithms were free software, accidents would occur at the same rate, at least in the short term. The way I understand it, the source code isn't all that important, it's the training data gathered during all the millions of miles driven on the road. Without the data, you're not able to run the program yourself in any useful way other than what you already do by just driving the car. Even if you had access to the data, the volume is so gigantic that you probably wouldn't be able to train the program without expensive infrastructure. Neither would you be able to study the program in a meaningful way, since the neural network isn't "source code" comprehensible to a human.I do think self-driving cars would eventually be safer if their training data were open; the more training data, the better, and self-driving car manufacturers would be able to make self-driving cars safer for everyone if they would make their accumulated training data interoperable, so we would benefit in the long term. But for this particular accident I don't believe the blame rests with proprietary software.I'm curious what you think. I tend to think that many machine learning applications don't fit within the traditional separation between free versus proprietary software, because even if they are open, they don't afford a user the four freedoms. This is something I've been musing about recently, which is why I reacted to that particular portion of your post, but I don't know the answer.@bkuhn the key word in my comment is 'retreat'. Apparently this person said "putting GPLv3 software in cars will kill people". Instead of extracting the substance from the license politics and making the case that safety is compatible with (or even requires) that car owners be able to install modified versions of software running on computers in cars, you took the license politics hook line and sinker, making facile claims about GPLv3 software never harming people (for what definition of harm? but nevermind, uninteresting) worthy of a TV soundbite but unworthy of any other form of discourse.
They just don't make reliable things.
The ziploc freezer bag in which I kept all my small travel maps, left over currency, public transit cards for travel, which I've used since I returned from my student exchange to Munich in 1991 just ripped completely along the bottom.
I mean, plastic doesn't degrade easily. Shouldn't a freezer bag last longer than a quarter century?
BTW, if you're curious, the bag's writing is particularly proud of the fact it has a "color loc zipper". I think that was a new thing in those days.
Why You Should Speak At & Attend LinuxConf Australia
[ This blog was crossposted on Software Freedom Conservancy's website. ]
Monday 1 February 2016 was the longest day of my life, but I don't mean that in the canonical, figurative, and usually negative sense of that phrase. I mean it literally and in a positive way. I woke up that morning Amsterdam in the Netherlands — having the previous night taken a evening train from Brussels, Belgium with my friend and colleague Tom Marble. Tom and I had just spent the weekend at FOSDEM 2016, where he and I co-organize the Legal and Policy Issues DevRoom (with our mutual friends and colleagues, Richard Fontana and Karen M. Sandler).
Tom and I headed over to AMS airport around 07:00 local time, found some breakfast and boarded our flights. Tom was homeward bound, but I was about to do the crazy thing that he'd done in the reverse a few years before: I was speaking at FOSDEM and LinuxConf Australia, back-to-back. In fact, because the airline fares were substantially cheaper this way, I didn't book a “round the world” flight, but instead two back-to-back round-trip tickets. I boarded the plane at AMS at 09:30 that morning (local time), and landed in my (new-ish) hometown of Portland, OR as afternoon there began. I went home, spent the afternoon with my wife, sister-in-law, and dogs, washed my laundry, and repacked my bag. My flight to LAX departed at 19:36 local time, a little after US/Pacific sunset.
I crossed the Pacific ocean, the international dateline, left a day on deposit to pickup on the way back, after 24 hours of almost literally chasing the sun, I arrived in Melbourne on the morning of Wednesday 3 February, road a shuttle bus, dumped my bags at my room, and arrived just in time for the Wednesday afternoon tea break at LinuxConf Australia 2016 in Geelong.
Nearly everyone who heard this story — or saw me while it was happening — asked me the same question: Why are you doing this?. The five to six people packed in with me in my coach section on the LAX->SYD leg are probably still asking this, because I had an allergic attack of some sort most of the flight and couldn't stop coughing, even with two full bags of Fisherman's Friends over those 15 hours.
But, nevertheless, I gave a simple answer to everyone who questioned my crazy BRU->AMS->PDX->LAX->SYD->MEL itinerary: FOSDEM and LinuxConf AU are two of the most important events on the Free Software annual calendar. There's just no question. I'll write more about FOSDEM sometime soon, but the rest of this post, I'll dedicate to LinuxConf Australia (LCA).
One of my biggest regrets in Free Software is that I was once — and you'll be surprised by this given my story above — a bit squeamish about the nearly 15 hour flight to get from the USA to Australia, and therefore I didn't attend LCA until 2015. LCA began way back in 1999. Keep in mind that, other than FOSDEM, no major, community-organized events have survived from that time. But LCA has the culture and mindset of the kinds of conferences that our community made in 1999.
LCA is community organized and operated. Groups of volunteers each year plan the event. In the tradition of science fiction conventions and other hobbyist activities, groups bid for the conference and offer their time and effort to make the conference a success. They have an annual hand-off meeting to be sure the organization lessons are passed from one committee to the next, and some volunteers even repeat their involvement year after year. For organizational structure, they rely on a non-profit organization, Linux Australia, to assist with handling the funds and providing infrastructure (just like Conservancy does for our member projects and their conferences!)
I believe fully that the success of software freedom and GNU/Linux in particularly has not primarily been because companies allow developers to spend some of their time coding on upstream. Sure, many Free Software projects couldn't survive without that component, but what really makes GNU/Linux, or any Free Software project, truly special is that there's a community of users and developers who use, improve, and learn about the software because it excites and interests them. LCA is one of the few events specifically designed to invite that sort of person to attend, and it has for almost an entire generation stood in stark contrast the highly corporate, for-profits events that slowly took over our community in the years that followed LCA's founding. (Remember all those years of LinuxWorld Expo? I wasn't even sad when IDG stopped running it!) Your browser does not support the element. Perhaps you can or .
Speaking particularly of earlier this year, LCA 2016 in Geelong, Australia was a particular profound event for me. LCA is one of the few events that accepts my rather political talks about what's happening in Open Source and Free Software, so I gave a talk on Friday 5 February 2016 entitled Copyleft For the Next Decade: A Comprehensive Plan, which was recorded, so you can watch it. I do warn everyone that the jokes did not go over well (mine never do), so after I finished, I was feeling a bit down that I hadn't made the talk entertaining enough. But then, something amazing happened: people started walking up to me and telling me how important my message was. One individual even came up and told me that he was excited enough that he'd like to match any donation that Software Freedom Conservancy received during LCA 2016. Since it was the last day of the event, I quickly went to one of the organizers, Kathy Reid, and asked if they would announce this match during the closing ceremonies; she agreed. In a matter of just an hour or two, I'd gone from believing my talk had fallen flat to realizing that — regardless of whether I'd presented well — the concepts I discussed had connected with people.
Then, I sat down in the closing session. I started to tear up slightly when the organizers announced the donation match. Within 90 seconds, though, that turned to full tears of joy when the incoming President of Linux Australia, Hugh Blemings, came on stage and said:
[I'll start with] a Software Freedom Conservancy thing, as it turns out. … I can tell that most of you weren't at Bradley's talk earlier on today, but if there is one talk I'd encourage you to watch on the playback later it would be that one. There's a very very important message in there and something to take away for all of us. On behalf of the Council I'd like to announce … that we're actually in the process of making a significant donation from Linux Australia to Software Freedom Conservancy as well. I urge all of you to consider contributing individual as well, and there is much left for us to be done as a community on that front.
I hope that this post helps organizers of events like LCA fully understand how much something like this means to us who run a small charities — and not just with regard to the financial contributions. Knowing that the organizers of community events feel so strongly positive about our work really keeps us going. We work hard and spend much time at Conservancy to serve the Open Source and Free Software community, and knowing the work is appreciated inspires us to keep working. Furthermore, we know that without these events, it's much tougher for us to reach others with our message of software freedom. So, for us, the feeling is mutual: I'm delighted that the Linux Australia and LCA folks feel so positively about Conservancy, and I now look forward to another 15 hour flight for the next LCA.
And, on that note, I chose a strategic time to post this story. On Friday 5 August 2016, the CFP for LCA 2017 closes. So, now is the time for all of you to submit a talk. If you regularly speak at Open Source and Free Software events, or have been considering it, this event really needs to be on your calendar. I look forward to seeing all of you Hobart this January.
I submitted a talk on Propellor and a followup tutorial for LCA. On the off chance they can fly me down there I want to provide maximum value. The one time I attended, in 2013 was really great experience. The travel time to SYD from here is nearly a full 24 hours, so I wouldn't want to do it every year though.
BTW, my sister told me there's a train from SYD up to an overnight ferry to Hobart. Seems like a great way to make the last leg of the trip.I'm surprised to hear you thought your talk didn't go over very well. I was in the audience and really enjoyed it. I'd also like to echo the sentiments of those who were telling you how important your message was. Unfortunately I wasn't able to make it to the Conservancy lunch to say this in person.
Hopefully you will be able to make it to LCA 2017, which just happens to be in my home town, to present another great talk.
EFF Website Privacy
If you want to unsubscribe from the EFF's mailing list, managed by their CiviCRM instance, you can't use private browsing mode. Specifically, they require that you accept a cookie just to unsubscribe.
I accepted the cookie temporarily -- and I'm extra-glad I unsubscribed given this fact. :)