Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2010/03/15/gpl-consistency.html

Most of you are aware
from one of my
previous posts that It’s a Wonderful Life! is my
favorite film. Recently, I encountered something in the software
freedom community that reminded me of yet another quote from the
flim:

GEORGE:

Look, uh … I think maybe you better not mention getting your wings around here.

CLARENCE:

Why? Don’t they believe in angels?

GEORGE:

I… yeah, they believe in them…

CLARENCE:

Ohhh … Why should they be surprised when
they see one?

Obviously, I don’t believe in angels myself. But, Clarence’s
(admittedly naïve) logic is actually impeccable: Either you
believe in angels or you don’t. If you believe in angels, then you
shouldn’t be surprised to (at least occasionally) see one.

This film quote came to my mind in reference to a concept in GPL
enforcement. Many people give lip service to the idea that the GPL, and
copyleft generally, is a unique force that democratizes software and
ensures that FLOSS cannot be exploited by proprietary software
interests. Many of these same people, though, oppose GPL enforcement
when companies exploit GPL’d code and don’t give the source code and
take away users’ rights to modify and share that software.

I’ve
admitted that the copyleft is merely a strategy to achieve maximal
software freedom. There are other strategies too, such as the Apache
community process. The Apache Software Foundation releases software
under a permissive non-copyleft license, but then negotiates with
companies to convince them to contribute to the code base publicly.
For some projects, that strategy has worked well, and I respect it
greatly.

Some (although not all) people in non-copyleft FLOSS communities (like
the Apache community) are against GPL enforcement. I disagree with
them, but their position is logically consistent. Such folks don’t
agree with us (copyleft-supporting folks) that a license should be used
as a mechanism to guarantee that all published and deployed improved
versions of the software are released in software freedom. It’s not
that those other folks don’t prefer FLOSS; they simply prefer a
non-legally binding social pressure to encourage software sharing rather
than a strategy with legal backup. I prefer a strategy with legal
strength, but I still respect non-copyleft folks who don’t support that.
They take a logically consistent and reasonable approach.

However, it’s ultimately hypocritical to claim support for a copyleft
structure but oppose GPL enforcement. If you believe the license should
have a legal requirement that ensures software is always distributed in
software freedom, then why would you be surprised — or, even
worse, angry — that a copyright holder would seek to uphold users’
rights when that license is violated?

There is great value in having multiple simultaneous strategies ongoing
to achieve important goals. Universal software freedom is my most
important goal, and I expect to spend nearly all of my life focused on
achieving it for all published and deployed software in the world.
However, I don’t expect nor even want everyone else to single-minded-ly
support my exact same strategies in all cases. The diversity of the
software freedom community makes it more likely that we’ll succeed if we
avoid single point of failure on any particular plan, and I support that
diversity.

However, I also think it’s reasonable to expect logically consistent
positions. A copyleft license is effectively indistinguishable from the
Apache license if copyleft is never enforced when violations occur.
Condemning
community-oriented⁰ GPL
enforcement (that seeks primarily to get the code released) while also
claiming to support the idea of copyleft is a logically inconsistent and
self-contradictory position. It’s unfortunate that so many people hold
this contradictory position.

---

⁰There
are certain types of GPL enforcement that are not consistent with the goal
of universal software freedom. For example, some
so-called “Open
Core” companies are well known for releasing their (solely)
copyrighted code under GPL, and then using GPL enforcement as a mechanism
to pressure users to take a proprietary license. GPL enforcement is only
acceptable in my view if its primary goal is to have all code released
under GPL. Such enforcement must never compromise about one point: that
compliance with the GPL is a non-negotiable term of settling the
enforcement action. If the enforcer is willing to sell out the rights
that users’ have to source code, then even I would condemn, as I have
previously, such GPL enforcement as bad for the software freedom
community. For this reason, in all GPL enforcement that I engage in, I
make it a term of my participation that compliance with the terms of the
GPL for the code in question be a non-negotiable requirement.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2010/03/15/gpl-consistency.html

Most of you are aware
from one of my
previous posts that It’s a Wonderful Life! is my
favorite film. Recently, I encountered something in the software
freedom community that reminded me of yet another quote from the
flim:

GEORGE:

Look, uh … I think maybe you better not mention getting your wings around here.

CLARENCE:

Why? Don’t they believe in angels?

GEORGE:

I… yeah, they believe in them…

CLARENCE:

Ohhh … Why should they be surprised when
they see one?

Obviously, I don’t believe in angels myself. But, Clarence’s
(admittedly naïve) logic is actually impeccable: Either you
believe in angels or you don’t. If you believe in angels, then you
shouldn’t be surprised to (at least occasionally) see one.

This film quote came to my mind in reference to a concept in GPL
enforcement. Many people give lip service to the idea that the GPL, and
copyleft generally, is a unique force that democratizes software and
ensures that FLOSS cannot be exploited by proprietary software
interests. Many of these same people, though, oppose GPL enforcement
when companies exploit GPL’d code and don’t give the source code and
take away users’ rights to modify and share that software.

I’ve
admitted that the copyleft is merely a strategy to achieve maximal
software freedom. There are other strategies too, such as the Apache
community process. The Apache Software Foundation releases software
under a permissive non-copyleft license, but then negotiates with
companies to convince them to contribute to the code base publicly.
For some projects, that strategy has worked well, and I respect it
greatly.

Some (although not all) people in non-copyleft FLOSS communities (like
the Apache community) are against GPL enforcement. I disagree with
them, but their position is logically consistent. Such folks don’t
agree with us (copyleft-supporting folks) that a license should be used
as a mechanism to guarantee that all published and deployed improved
versions of the software are released in software freedom. It’s not
that those other folks don’t prefer FLOSS; they simply prefer a
non-legally binding social pressure to encourage software sharing rather
than a strategy with legal backup. I prefer a strategy with legal
strength, but I still respect non-copyleft folks who don’t support that.
They take a logically consistent and reasonable approach.

However, it’s ultimately hypocritical to claim support for a copyleft
structure but oppose GPL enforcement. If you believe the license should
have a legal requirement that ensures software is always distributed in
software freedom, then why would you be surprised — or, even
worse, angry — that a copyright holder would seek to uphold users’
rights when that license is violated?

There is great value in having multiple simultaneous strategies ongoing
to achieve important goals. Universal software freedom is my most
important goal, and I expect to spend nearly all of my life focused on
achieving it for all published and deployed software in the world.
However, I don’t expect nor even want everyone else to single-minded-ly
support my exact same strategies in all cases. The diversity of the
software freedom community makes it more likely that we’ll succeed if we
avoid single point of failure on any particular plan, and I support that
diversity.

However, I also think it’s reasonable to expect logically consistent
positions. A copyleft license is effectively indistinguishable from the
Apache license if copyleft is never enforced when violations occur.
Condemning
community-oriented⁰ GPL
enforcement (that seeks primarily to get the code released) while also
claiming to support the idea of copyleft is a logically inconsistent and
self-contradictory position. It’s unfortunate that so many people hold
this contradictory position.

---

⁰There
are certain types of GPL enforcement that are not consistent with the goal
of universal software freedom. For example, some
so-called “Open
Core” companies are well known for releasing their (solely)
copyrighted code under GPL, and then using GPL enforcement as a mechanism
to pressure users to take a proprietary license. GPL enforcement is only
acceptable in my view if its primary goal is to have all code released
under GPL. Such enforcement must never compromise about one point: that
compliance with the GPL is a non-negotiable term of settling the
enforcement action. If the enforcer is willing to sell out the rights
that users’ have to source code, then even I would condemn, as I have
previously, such GPL enforcement as bad for the software freedom
community. For this reason, in all GPL enforcement that I engage in, I
make it a term of my participation that compliance with the terms of the
GPL for the code in question be a non-negotiable requirement.

Post Syndicated from Oglaf! -- Comics. Often dirty. original https://www.oglaf.com/ingratitude/

Post Syndicated from Oglaf! -- Comics. Often dirty. original https://www.oglaf.com/potion/

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2010/03/05/crypto-fear.html

Boy, do I hate it when a
FLOSS
project is given a hard time unfairly. I was this morning greeted
with news
from many
places that OpenSSL, one of the
most common FLOSS software libraries used for cryptography, was
somehow severely vulnerable.

I had a hunch what was going on. I quickly downloaded
a copy
of the academic paper that was cited as the sole source for the
story and read it. As I feared, OpenSSL was getting some bad press
unfairly. One must really read this academic computer science article
in the context it was written; most commenting about this paper
probably did not.

First of all, I don’t claim to be an expert on cryptography, and I
think my knowledge level to opine on this subject remains limited to a
little blog post like this and nothing more. Between college and
graduate school, I worked as a system administrator focusing on network
security. While a computer science graduate student, I did take two
cryptography courses, two theory of computation courses, and one class
on complexity theory⁰. So, when
compared to the general population I probably am an expert, but compared to
people who actually work in cryptography regularly, I’m clearly a
novice. However, I suspect many who have hitherto opined about this
academic article to declare this severe vulnerability have even
less knowledge than I do on the subject.

This article, of course, wasn’t written for novices like me, and
certainly not for the general public nor the technology press. It was
written by and for professional researchers who spend much time each
week reading dozens of these academic papers, a task I haven’t done
since graduate school. Indeed, the paper is written in a style I know
well; my “welcome to CS graduate school” seminar in 1997
covered the format well.

The first thing you have to note about such papers is that informed
readers generally ignore the parts that a newbie is most likely focus
on: the Abstract, Introduction and Conclusion sections. These sections
are promotional materials; they are equivalent to a sales brochure
selling you on how important and groundbreaking the research is. Some
research is groundbreaking, of course, but most is an incremental step
forward toward understanding some theoretical concept, or some report
about an isolated but interesting experimental finding.

Unfortunately, these promotional parts of the paper are the sections
that focus on the negative implications for OpenSSL. In the rest of the
paper, OpenSSL is merely the software component of the experiment
equipment. They likely could have used GNU TLS or any other
implementation of RSA taken from a book on
cryptography¹. But this fact
is not even the primary reason that this article isn’t really that big
of a deal for daily use of cryptography.

The experiment described in the paper is very difficult to reproduce.
You have to cause very subtle faults in computation at specific times.
As I understand it, they had to assemble a specialized hardware copy of
a SPARC-based GNU/Linux environment to accomplish the experiment.

Next, the data generated during the run of the software on the
specially-constructed faulty hardware must be collected and operated
upon by a parallel processing computing environment over the course of
many hours. If it turns out all the needed data was gathered, the
output of this whole process is the private RSA key.

The details of the fault generation process deserve special mention.
Very specific faults have to occur, and they can’t occur such that any
other parts of the computation (such as, say, the normal running of the
operating system) are interrupted or corrupted. This is somewhat
straightforward to get done in a lab environment, but accomplishing it
in a production situation would be impractical and improbable. It would
also usually require physical access to the hardware holding the private
key. Such physical access would, of course, probably give you the
private key anyway by simply copying it off the hard drive or out of
RAM!

This is interesting research, and it does suggest some changes that
might be useful. For example, if it doesn’t slow a system down too
much, the integrity of RSA signatures should be verified, on a closely
controlled proxy unit with a separate CPU, before sending out to a wider
audience. But even that would be a process only for the most paranoid.
If faults are occurring on production hardware enough to generate the
bad computations this cracking process relies on, likely something else
will go wrong on the hardware too and it will be declared generally
unusable for production before an interloper could gather enough data to
crack the key. Thus, another useful change to make based on this
finding is to disable and discard RSA keys that were in use on
production hardware that went faulty.

Finally, I think this article does completely convince me that I would
never want to run any RSA computations on a system where the CPU was
emulated. Causing faults in an emulated CPU would only require changes
to the emulation software, and could be done with careful precision to
detect when an RSA-related computation was happening, and only give the
faulty result on those occasions. I’ve never heard of anyone running
production cryptography on an emulated CPU, since it would be too slow,
and virtualization technologies like Xen, KVM, and QEMU all
pass-through CPU instructions directly to hardware (for speed reasons)
when the virtualized guest matches the hardware architecture of the
host.

The point, however, is that proper description of the dangers of a
“security vulnerability” requires more than a single bit
field. Some security vulnerabilities are much worse than others. This
one is substantially closer to the “oh, that’s cute” end of
the spectrum, not the “ZOMG, everyone’s going to experience
identity theft tomorrow” side.

---

⁰Many casual
users don’t realize that cryptography — the stuff that secures your
networked data from unwanted viewers — isn’t about math problems
that are unsolvable. In fact, it’s often based on math problems that are
trivially solvable, but take a very long time to solve. This is why
algorithmic complexity questions are central to the question of
cryptographic security.

¹ I’m
oversimplifying a bit here. A key factor in the paper appears to be the
linear time algorithm used to compute cryptographic digital signatures,
and the fact that the signatures aren’t verified for integrity before
being deployed. I suspect, though, that just about any RSA system is
going to do this. (Although I do usually test the integrity of my GnuPG
signatures before sending them out, I do this as a user by hand).

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2010/03/05/crypto-fear.html

Boy, do I hate it when a
FLOSS
project is given a hard time unfairly. I was this morning greeted
with news
from many
places that OpenSSL, one of the
most common FLOSS software libraries used for cryptography, was
somehow severely vulnerable.

I had a hunch what was going on. I quickly downloaded
a copy
of the academic paper that was cited as the sole source for the
story and read it. As I feared, OpenSSL was getting some bad press
unfairly. One must really read this academic computer science article
in the context it was written; most commenting about this paper
probably did not.

First of all, I don’t claim to be an expert on cryptography, and I
think my knowledge level to opine on this subject remains limited to a
little blog post like this and nothing more. Between college and
graduate school, I worked as a system administrator focusing on network
security. While a computer science graduate student, I did take two
cryptography courses, two theory of computation courses, and one class
on complexity theory⁰. So, when
compared to the general population I probably am an expert, but compared to
people who actually work in cryptography regularly, I’m clearly a
novice. However, I suspect many who have hitherto opined about this
academic article to declare this severe vulnerability have even
less knowledge than I do on the subject.

This article, of course, wasn’t written for novices like me, and
certainly not for the general public nor the technology press. It was
written by and for professional researchers who spend much time each
week reading dozens of these academic papers, a task I haven’t done
since graduate school. Indeed, the paper is written in a style I know
well; my “welcome to CS graduate school” seminar in 1997
covered the format well.

The first thing you have to note about such papers is that informed
readers generally ignore the parts that a newbie is most likely focus
on: the Abstract, Introduction and Conclusion sections. These sections
are promotional materials; they are equivalent to a sales brochure
selling you on how important and groundbreaking the research is. Some
research is groundbreaking, of course, but most is an incremental step
forward toward understanding some theoretical concept, or some report
about an isolated but interesting experimental finding.

Unfortunately, these promotional parts of the paper are the sections
that focus on the negative implications for OpenSSL. In the rest of the
paper, OpenSSL is merely the software component of the experiment
equipment. They likely could have used GNU TLS or any other
implementation of RSA taken from a book on
cryptography¹. But this fact
is not even the primary reason that this article isn’t really that big
of a deal for daily use of cryptography.

The experiment described in the paper is very difficult to reproduce.
You have to cause very subtle faults in computation at specific times.
As I understand it, they had to assemble a specialized hardware copy of
a SPARC-based GNU/Linux environment to accomplish the experiment.

Next, the data generated during the run of the software on the
specially-constructed faulty hardware must be collected and operated
upon by a parallel processing computing environment over the course of
many hours. If it turns out all the needed data was gathered, the
output of this whole process is the private RSA key.

The details of the fault generation process deserve special mention.
Very specific faults have to occur, and they can’t occur such that any
other parts of the computation (such as, say, the normal running of the
operating system) are interrupted or corrupted. This is somewhat
straightforward to get done in a lab environment, but accomplishing it
in a production situation would be impractical and improbable. It would
also usually require physical access to the hardware holding the private
key. Such physical access would, of course, probably give you the
private key anyway by simply copying it off the hard drive or out of
RAM!

This is interesting research, and it does suggest some changes that
might be useful. For example, if it doesn’t slow a system down too
much, the integrity of RSA signatures should be verified, on a closely
controlled proxy unit with a separate CPU, before sending out to a wider
audience. But even that would be a process only for the most paranoid.
If faults are occurring on production hardware enough to generate the
bad computations this cracking process relies on, likely something else
will go wrong on the hardware too and it will be declared generally
unusable for production before an interloper could gather enough data to
crack the key. Thus, another useful change to make based on this
finding is to disable and discard RSA keys that were in use on
production hardware that went faulty.

Finally, I think this article does completely convince me that I would
never want to run any RSA computations on a system where the CPU was
emulated. Causing faults in an emulated CPU would only require changes
to the emulation software, and could be done with careful precision to
detect when an RSA-related computation was happening, and only give the
faulty result on those occasions. I’ve never heard of anyone running
production cryptography on an emulated CPU, since it would be too slow,
and virtualization technologies like Xen, KVM, and QEMU all
pass-through CPU instructions directly to hardware (for speed reasons)
when the virtualized guest matches the hardware architecture of the
host.

The point, however, is that proper description of the dangers of a
“security vulnerability” requires more than a single bit
field. Some security vulnerabilities are much worse than others. This
one is substantially closer to the “oh, that’s cute” end of
the spectrum, not the “ZOMG, everyone’s going to experience
identity theft tomorrow” side.

---

⁰Many casual
users don’t realize that cryptography — the stuff that secures your
networked data from unwanted viewers — isn’t about math problems
that are unsolvable. In fact, it’s often based on math problems that are
trivially solvable, but take a very long time to solve. This is why
algorithmic complexity questions are central to the question of
cryptographic security.

¹ I’m
oversimplifying a bit here. A key factor in the paper appears to be the
linear time algorithm used to compute cryptographic digital signatures,
and the fact that the signatures aren’t verified for integrity before
being deployed. I suspect, though, that just about any RSA system is
going to do this. (Although I do usually test the integrity of my GnuPG
signatures before sending them out, I do this as a user by hand).

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2010/03/04/mobile.html

I started using GNU/Linux and Free Software in 1992. In those days,
while everything I needed for a working computer was generally available
in software freedom, there were many components and applications that
simply did not exist. For highly technical users who did not need many
peripherals, the Free Software community had reached a state of complete
software freedom. Yet, in 1992, everyone agreed there was still much work
to be done. Even today, we still strive for a desktop and server
operating system, with all relevant applications, that grants complete
software freedom.

Looked at broadly, mobile telephone systems are not all that different
from 1992-era GNU/Linux systems. The basics are currently available as
Free, Libre, and Open Source Software (FLOSS). If you need only the bare
minimum of functionality, you can, by picking the right phone hardware,
run an almost completely FLOSS operating system and application set. Yet,
we have so far to go. This post discusses the current penetration of
FLOSS in mobile devices and offers a path forward for free software
advocates.

A Brief History

The mobile telephone market has never functioned like the traditional
computer market. Historically, the mobile user made arrangements with some
network carrier through a long-term contract. That carrier
“gave” the user a phone or discounted it as a loss-leader. Under
that system, few people take their phone hardware choice all that
seriously. Perhaps users pay a bit more for a slightly better phone, but
generally they nearly always pick among the limited choices provided by
the given carrier.

Meanwhile, Research in Motion was the first to provide
corporate-slave-oriented email-enabled devices. Indeed, with the very
recent focus on consumer-oriented devices like the iPhone, most users
forget that Apple is by far not the preferred fruit for the smart phone
user. Today, most people using a “smart phone” are using one
given to them by their employer to chain them to their office email 24/7.

Apple, excellent at manipulating users into paying more for a product
merely because it is shiny, also convinced everyone that now a phone
should be paid for separately, and contracts should go even longer. The
“race to mediocrity” of the phone market has ended. Phones
need real features to stand out. Phones, in fact, aren’t phones
anymore. They are small mobile computers that can also make phone calls.

If these small computers had been introduced in 1992, I suppose I’d be
left writing the Mobile GNU Manifesto, calling for developers
to start from scratch writing operating systems for these new computers,
so that all users could have software freedom. Fortunately, we have
instead been given a head start. Unlike in 1992, not every company in the
market today is completely against releasing Free Software. Specifically,
two companies have seen some value in releasing (some parts of) phone
operating systems as Free Software: Nokia and Google. However, the two
companies have done this for radically different reasons.

The Current State of Mobile Software Freedom

For its part, Nokia likely benefited greatly from the traditional
carrier system. Most of their phones were provided relatively cheaply with
contracts. Their interest in software freedom was limited and perhaps even
non-existent. Nokia sold new hardware every time a phone contract was
renewed, and the carrier paid the difference between the loss-leader price
and Nokia’s wholesale cost. The software on the devices was simple and
mostly internally developed. What incentive did Nokia have to release
software in software freedom? (Nokia realized too late this was the wrong
position, but more on that later.)

In parallel, Nokia had chased another market that I’ve never fully
understood: the tablet PC. Not big enough to be a real computer, but too
large to be a phone, these devices have been an idea looking for a user
base. Regardless of my personal views on these systems, though, GNU/Linux
remains the ideal system for these devices, and Nokia saw that. Nokia
built the Debian-ish Maemo system as a
tablet system, with no phone. However, I can count on one hand all the
people I’ve met who bothered with these devices; I just don’t think a
phone-less small computer is going to ever become the rage, even if Apple
dumps billions into marketing the iPad. (Anyone remember the Newton?)

I cannot explain, nor do I even understand, why Nokia took so long to
use Maemo as a platform for a tablet-like telephone. But, a few months
ago, they finally released
one. This N900 is among only a
few available phones that make any strides toward a fully free software
phone platform. Yet,
the list of
proprietary components required for operation remains quite long. The
common joke is that you can’t even charge the battery on your N900 without
proprietary software.

While there are surely people inside Nokia who want more software
freedom on their devices, Nokia is fundamentally a hardware company
experimenting with software freedom in hopes that it will bolster hardware
sales. Convincing Nokia to shorten that proprietary list will prove
difficult, and the community based effort to replace that long list with
FLOSS (called Mer) faces many
challenges. (These challenges will likely increase with the recent Maemo
merger with Moblin to form MeeGo).

Fortunately, hardware companies are not the only entity interested in
phone operating systems. Google, ever-focused on routing human eyes to its
controlled advertising, realizes that even more eyes will be on mobile
computing platforms in the future. With this goal in mind, Google released
the Android/Linux system, now available on a variety of phones in varying
degrees of software freedom.

Google’s motives are completely different than Nokia’s. Technically,
Google has no hardware to sell. They do have a set of proprietary
applications that yield the “Google online experience” to
deliver Google’s advertising. From Google’s point of view, an
easy-to-adopt, licensing-unencumbered platform will broaden their
advertising market.

Thus, Android/Linux is a nearly fully non-copylefted phone operating
system platform where Linux is the only GPL licensed component essential
to Android’s operation. Ideally, Google wants to see Android adopted
broadly in both Free Software and mixed Free/proprietary deployments.
Google’s goals do not match that of the software freedom community, so in
some cases, a given Android/Linux device will give the user more software
freedom than the N900, but in many cases it will give much less.

The HTC
Dream is the only Android/Linux device I know of where a careful
examination of the necessary proprietary components have been
analyzed. Obviously, the “Google experience” applications are
proprietary. There also
are about
20 hardware interface libraries that do not have source code available
in a public repository. However, when lined up against the N900 with
Maemo, Android on the HTC Dream can be used as an operational mobile
telephone and 3G Internet device using only three proprietary components:
a proprietary GSM firmware, proprietary Wifi firmware, and two audio
interface libraries. Further proprietary components are needed if you
want a working accelerometer, camera, and video codecs as their hardware
interface libraries are all proprietary.

Based on this analysis, it appears that the HTC Dream currently gives
the most software freedom among Android/Linux deployments. It is unlikely
that Google wants anything besides their applications to be proprietary.
While Google has been unresponsive when asked why these hardware interface
libraries are proprietary, it is likely that HTC, the hardware maker with
whom Google contracted, insisted that these components remain proprietary,
and perhaps
fear patent
suits like the one filed this week are to blame here. Meanwhile,
while no detailed analysis of
the Nexus One is yet available,
it’s likely similar to the HTC Dream.

Other Android/Linux devices are now available, such as those from
Motorola and Samsung. There appears to have been no detailed analysis done
yet on the relative proprietary/freeness ratio of these Android
deployments. One can surmise that since these devices are from
traditionally proprietary hardware makers, it is unlikely that these
platforms are freer than those available from Google, whose maximal
interest in a freely available operating system is clear and in contrast
to the traditional desires of hardware makers.

Whether the software is from a hardware-maker desperately trying a new
hardware sales strategy, or an advertising salesman who wants some
influence over an operating system choice to improve ad delivery, the
software freedom community cannot assume that the stewards of these
codebases have the interests of the user community at heart. Indeed, the
interests between these disparate groups will only occasionally be
aligned. Community-oriented forks, as has begun in the Maemo community
with Mer, must also begin in the Android/Linux space too. We are slowly
trying with
the Replicant
project, founded by myself and my colleague Aaron Williamson.

A healthy community-oriented phone operating system project will
ultimately be an essential component to software freedom on these devices.
For example, consider the fate of the Mer project now that Nokia has
announced the merger of Maemo with Moblin. Mer does seek to cherry-pick
from various small device systems, but its focus was to create a freer
Maemo that worked on more devices. Mer now must choose between following
the Maemo in the merge with Moblin, or becoming a true fork. Ideally, the
right outcome for software freedom is a community-led effort, but there
may not be enough community interest, time and commitment to shepherd a
fork while Intel and Nokia push forward on a corporate-controlled
codebase. Further, Moblin will likely push the MeeGo project toward more
of a tablet-PC operating system than a smart phone.

A community-oriented Android/Linux fork has more hope. Google has
little to lose by encouraging and even assisting with such forks; such
effort would actually be wholly consistent with Google’s goals for wider
adoption of platforms that allow deployment of Google’s proprietary
applications. I expect that operating system
software-freedom-motivated efforts will be met with more support from
Google than from Nokia and/or Intel.

However, any operating system, even a mobile device one, needs many
applications to be useful. Google experience applications for
Android/Linux are merely the beginning of the plethora of proprietary
applications that will ultimately be available for MeeGo and Android/Linux
platforms. For FLOSS developers who don’t have a talent for low-level
device libraries and operating system software, these applications
represent a straightforward contribution towards mobile software
freedom. (Obviously, though, if one does have talent for low-level
programming, replacing the proprietary .so’s on Android/Linux would be the
optimal contribution.)

Indeed, on this point, we can take a page from Free Software history.
From the early 1990s onward, fully free GNU/Linux systems succeeded as
viable desktop and server systems because disparate groups of developers
focused simultaneously on both operating systems and application software.
We need that simultaneous diversity of improvement to actually compete
with the fully proprietary alternatives, and to ensure that the
“mostly FLOSS” systems of today are not the “barely
FLOSS” systems of tomorrow.

Careful readers have likely noticed that I have ignored Nokia’s other
release, the Symbian> codebase. Every time I write or speak about the
issues of software freedom in mobile devices, I’m chastised for leaving it
out of the story. My answer is always simple: when a FLOSS version of
Symbian can be compiled from source code, using a FLOSS compiler or SDK,
and that binary can be installed onto an actual working mobile phone
device, then (and only then) will I believe that the Symbian source
release has value beyond historical interest. We have to get honest as a
community about the future of Symbian: it’s a ten-year-old proprietary
codebase designed for devices of that era that doesn’t bootstrap with any
compilers our community uses regularly. Unless there’s a radical change
to these facts, the code belongs in a museum, not running on a phone.

Also, lest my own community of hard-core FLOSS advocates flame me, I
must also mention
the Neo FreeRunner
device and the
OpenMoko project.
This was a noble experiment: a freely specified hardware platform running
100% FLOSS. I used an OpenMoko FreeRunner myself, hoping that it would be
the mobile phone our community could rally around. I do think the device
and its (various) software stack(s) have a future as an experimental,
hobbyist device. But, just as GNU/Linux needed to focus on x86 hardware
to succeed, so must software freedom efforts in mobile systems focus on
mass-market, widely used, and widely available hardware.

Jailbreaking and the Self-Installed System

When some of us at my day-job office decided to move as close to a
software freedom phone platform as we could, we picked Android/Linux and
the HTC Dream. However, we carefully considered the idea of permission to
run one’s own software on the device. In the desktop and server system
market, this is not a concern, but on mobile systems, it is a central
question.

The holdover of those carrier-controlled agreements for phone
acquisition is the demand that devices be locked down. Devices are locked
down first to a single carrier’s network, so that devices cannot (legally)
be resold as phones ready for any network. Second, carriers believe that
they must fear the FCC if device operating systems can be reinstalled.

On the first point, Google is our best ally in this
regard. The
HTC Dream developer models, called the Android Dev Phone 1 (aka ADP1),
while somewhat more expensive than T-Mobile branded G1s, permit the user
to install any operating system on the phone, and the purchase agreement
extract no promises from the purchaser regarding what software runs on the
device. Google has no interest in locking you to a single carrier, but
only to a single Google experience application vendor. Offering a user
“carrier freedom of choice”, while tying those users tighter
to Google applications, is probably a central part of their marketing
plans.

The second point — fear of an FCC crack down when mobile users
have software freedom — is beyond the scope of this
article. However, what Atheros has done with their Wifi devices shows that
software freedom and FCC compliance can co-exist. Furthermore, the
central piece of FCC’s concern — the GSM chipset and firmware
— runs on a separate processor in modern mobile devices. This is a
software freedom battle for another day, but it shows that the FCC can be
pacified in the meantime by keeping the GSM device a black box to the Free
Software running on the primary processor of the device.

Conclusion

Seeking software freedom on mobile devices will remain a complicated
endeavor for some time. Our community should utilize the FLOSS releases
from companies, but should not forget that, until viable community forks
exist, software freedom on these devices exists at the whim of these
companies. A traditional “get some volunteers together and write
some code” approach can achieve great advancement toward
community-oriented FLOSS systems on mobile devices. Developers could
initially focus on applications for the existing “mostly
FLOSS” platforms of MeeGo and Android/Linux. The challenging and
more urgent work is to replace lower-level proprietary components on these
systems with FLOSS alternatives, but admittedly needs special programming
skills that aren’t easy to find.

(This blog post first appeared
as an
article in
the March
2010 issue of the Canadian online
journal, The Open Source Business Resource.)

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2010/03/04/mobile.html

I started using GNU/Linux and Free Software in 1992. In those days,
while everything I needed for a working computer was generally available
in software freedom, there were many components and applications that
simply did not exist. For highly technical users who did not need many
peripherals, the Free Software community had reached a state of complete
software freedom. Yet, in 1992, everyone agreed there was still much work
to be done. Even today, we still strive for a desktop and server
operating system, with all relevant applications, that grants complete
software freedom.

Looked at broadly, mobile telephone systems are not all that different
from 1992-era GNU/Linux systems. The basics are currently available as
Free, Libre, and Open Source Software (FLOSS). If you need only the bare
minimum of functionality, you can, by picking the right phone hardware,
run an almost completely FLOSS operating system and application set. Yet,
we have so far to go. This post discusses the current penetration of
FLOSS in mobile devices and offers a path forward for free software
advocates.

A Brief History

The mobile telephone market has never functioned like the traditional
computer market. Historically, the mobile user made arrangements with some
network carrier through a long-term contract. That carrier
“gave” the user a phone or discounted it as a loss-leader. Under
that system, few people take their phone hardware choice all that
seriously. Perhaps users pay a bit more for a slightly better phone, but
generally they nearly always pick among the limited choices provided by
the given carrier.

Meanwhile, Research in Motion was the first to provide
corporate-slave-oriented email-enabled devices. Indeed, with the very
recent focus on consumer-oriented devices like the iPhone, most users
forget that Apple is by far not the preferred fruit for the smart phone
user. Today, most people using a “smart phone” are using one
given to them by their employer to chain them to their office email 24/7.

Apple, excellent at manipulating users into paying more for a product
merely because it is shiny, also convinced everyone that now a phone
should be paid for separately, and contracts should go even longer. The
“race to mediocrity” of the phone market has ended. Phones
need real features to stand out. Phones, in fact, aren’t phones
anymore. They are small mobile computers that can also make phone calls.

If these small computers had been introduced in 1992, I suppose I’d be
left writing the Mobile GNU Manifesto, calling for developers
to start from scratch writing operating systems for these new computers,
so that all users could have software freedom. Fortunately, we have
instead been given a head start. Unlike in 1992, not every company in the
market today is completely against releasing Free Software. Specifically,
two companies have seen some value in releasing (some parts of) phone
operating systems as Free Software: Nokia and Google. However, the two
companies have done this for radically different reasons.

The Current State of Mobile Software Freedom

For its part, Nokia likely benefited greatly from the traditional
carrier system. Most of their phones were provided relatively cheaply with
contracts. Their interest in software freedom was limited and perhaps even
non-existent. Nokia sold new hardware every time a phone contract was
renewed, and the carrier paid the difference between the loss-leader price
and Nokia’s wholesale cost. The software on the devices was simple and
mostly internally developed. What incentive did Nokia have to release
software in software freedom? (Nokia realized too late this was the wrong
position, but more on that later.)

In parallel, Nokia had chased another market that I’ve never fully
understood: the tablet PC. Not big enough to be a real computer, but too
large to be a phone, these devices have been an idea looking for a user
base. Regardless of my personal views on these systems, though, GNU/Linux
remains the ideal system for these devices, and Nokia saw that. Nokia
built the Debian-ish Maemo system as a
tablet system, with no phone. However, I can count on one hand all the
people I’ve met who bothered with these devices; I just don’t think a
phone-less small computer is going to ever become the rage, even if Apple
dumps billions into marketing the iPad. (Anyone remember the Newton?)

I cannot explain, nor do I even understand, why Nokia took so long to
use Maemo as a platform for a tablet-like telephone. But, a few months
ago, they finally released
one. This N900 is among only a
few available phones that make any strides toward a fully free software
phone platform. Yet,
the list of
proprietary components required for operation remains quite long. The
common joke is that you can’t even charge the battery on your N900 without
proprietary software.

While there are surely people inside Nokia who want more software
freedom on their devices, Nokia is fundamentally a hardware company
experimenting with software freedom in hopes that it will bolster hardware
sales. Convincing Nokia to shorten that proprietary list will prove
difficult, and the community based effort to replace that long list with
FLOSS (called Mer) faces many
challenges. (These challenges will likely increase with the recent Maemo
merger with Moblin to form MeeGo).

Fortunately, hardware companies are not the only entity interested in
phone operating systems. Google, ever-focused on routing human eyes to its
controlled advertising, realizes that even more eyes will be on mobile
computing platforms in the future. With this goal in mind, Google released
the Android/Linux system, now available on a variety of phones in varying
degrees of software freedom.

Google’s motives are completely different than Nokia’s. Technically,
Google has no hardware to sell. They do have a set of proprietary
applications that yield the “Google online experience” to
deliver Google’s advertising. From Google’s point of view, an
easy-to-adopt, licensing-unencumbered platform will broaden their
advertising market.

Thus, Android/Linux is a nearly fully non-copylefted phone operating
system platform where Linux is the only GPL licensed component essential
to Android’s operation. Ideally, Google wants to see Android adopted
broadly in both Free Software and mixed Free/proprietary deployments.
Google’s goals do not match that of the software freedom community, so in
some cases, a given Android/Linux device will give the user more software
freedom than the N900, but in many cases it will give much less.

The HTC
Dream is the only Android/Linux device I know of where a careful
examination of the necessary proprietary components have been
analyzed. Obviously, the “Google experience” applications are
proprietary. There also
are about
20 hardware interface libraries that do not have source code available
in a public repository. However, when lined up against the N900 with
Maemo, Android on the HTC Dream can be used as an operational mobile
telephone and 3G Internet device using only three proprietary components:
a proprietary GSM firmware, proprietary Wifi firmware, and two audio
interface libraries. Further proprietary components are needed if you
want a working accelerometer, camera, and video codecs as their hardware
interface libraries are all proprietary.

Based on this analysis, it appears that the HTC Dream currently gives
the most software freedom among Android/Linux deployments. It is unlikely
that Google wants anything besides their applications to be proprietary.
While Google has been unresponsive when asked why these hardware interface
libraries are proprietary, it is likely that HTC, the hardware maker with
whom Google contracted, insisted that these components remain proprietary,
and perhaps
fear patent
suits like the one filed this week are to blame here. Meanwhile,
while no detailed analysis of
the Nexus One is yet available,
it’s likely similar to the HTC Dream.

Other Android/Linux devices are now available, such as those from
Motorola and Samsung. There appears to have been no detailed analysis done
yet on the relative proprietary/freeness ratio of these Android
deployments. One can surmise that since these devices are from
traditionally proprietary hardware makers, it is unlikely that these
platforms are freer than those available from Google, whose maximal
interest in a freely available operating system is clear and in contrast
to the traditional desires of hardware makers.

Whether the software is from a hardware-maker desperately trying a new
hardware sales strategy, or an advertising salesman who wants some
influence over an operating system choice to improve ad delivery, the
software freedom community cannot assume that the stewards of these
codebases have the interests of the user community at heart. Indeed, the
interests between these disparate groups will only occasionally be
aligned. Community-oriented forks, as has begun in the Maemo community
with Mer, must also begin in the Android/Linux space too. We are slowly
trying with
the Replicant
project, founded by myself and my colleague Aaron Williamson.

A healthy community-oriented phone operating system project will
ultimately be an essential component to software freedom on these devices.
For example, consider the fate of the Mer project now that Nokia has
announced the merger of Maemo with Moblin. Mer does seek to cherry-pick
from various small device systems, but its focus was to create a freer
Maemo that worked on more devices. Mer now must choose between following
the Maemo in the merge with Moblin, or becoming a true fork. Ideally, the
right outcome for software freedom is a community-led effort, but there
may not be enough community interest, time and commitment to shepherd a
fork while Intel and Nokia push forward on a corporate-controlled
codebase. Further, Moblin will likely push the MeeGo project toward more
of a tablet-PC operating system than a smart phone.

A community-oriented Android/Linux fork has more hope. Google has
little to lose by encouraging and even assisting with such forks; such
effort would actually be wholly consistent with Google’s goals for wider
adoption of platforms that allow deployment of Google’s proprietary
applications. I expect that operating system
software-freedom-motivated efforts will be met with more support from
Google than from Nokia and/or Intel.

However, any operating system, even a mobile device one, needs many
applications to be useful. Google experience applications for
Android/Linux are merely the beginning of the plethora of proprietary
applications that will ultimately be available for MeeGo and Android/Linux
platforms. For FLOSS developers who don’t have a talent for low-level
device libraries and operating system software, these applications
represent a straightforward contribution towards mobile software
freedom. (Obviously, though, if one does have talent for low-level
programming, replacing the proprietary .so’s on Android/Linux would be the
optimal contribution.)

Indeed, on this point, we can take a page from Free Software history.
From the early 1990s onward, fully free GNU/Linux systems succeeded as
viable desktop and server systems because disparate groups of developers
focused simultaneously on both operating systems and application software.
We need that simultaneous diversity of improvement to actually compete
with the fully proprietary alternatives, and to ensure that the
“mostly FLOSS” systems of today are not the “barely
FLOSS” systems of tomorrow.

Careful readers have likely noticed that I have ignored Nokia’s other
release, the Symbian> codebase. Every time I write or speak about the
issues of software freedom in mobile devices, I’m chastised for leaving it
out of the story. My answer is always simple: when a FLOSS version of
Symbian can be compiled from source code, using a FLOSS compiler or SDK,
and that binary can be installed onto an actual working mobile phone
device, then (and only then) will I believe that the Symbian source
release has value beyond historical interest. We have to get honest as a
community about the future of Symbian: it’s a ten-year-old proprietary
codebase designed for devices of that era that doesn’t bootstrap with any
compilers our community uses regularly. Unless there’s a radical change
to these facts, the code belongs in a museum, not running on a phone.

Also, lest my own community of hard-core FLOSS advocates flame me, I
must also mention
the Neo FreeRunner
device and the
OpenMoko project.
This was a noble experiment: a freely specified hardware platform running
100% FLOSS. I used an OpenMoko FreeRunner myself, hoping that it would be
the mobile phone our community could rally around. I do think the device
and its (various) software stack(s) have a future as an experimental,
hobbyist device. But, just as GNU/Linux needed to focus on x86 hardware
to succeed, so must software freedom efforts in mobile systems focus on
mass-market, widely used, and widely available hardware.

Jailbreaking and the Self-Installed System

When some of us at my day-job office decided to move as close to a
software freedom phone platform as we could, we picked Android/Linux and
the HTC Dream. However, we carefully considered the idea of permission to
run one’s own software on the device. In the desktop and server system
market, this is not a concern, but on mobile systems, it is a central
question.

The holdover of those carrier-controlled agreements for phone
acquisition is the demand that devices be locked down. Devices are locked
down first to a single carrier’s network, so that devices cannot (legally)
be resold as phones ready for any network. Second, carriers believe that
they must fear the FCC if device operating systems can be reinstalled.

On the first point, Google is our best ally in this
regard. The
HTC Dream developer models, called the Android Dev Phone 1 (aka ADP1),
while somewhat more expensive than T-Mobile branded G1s, permit the user
to install any operating system on the phone, and the purchase agreement
extract no promises from the purchaser regarding what software runs on the
device. Google has no interest in locking you to a single carrier, but
only to a single Google experience application vendor. Offering a user
“carrier freedom of choice”, while tying those users tighter
to Google applications, is probably a central part of their marketing
plans.

The second point — fear of an FCC crack down when mobile users
have software freedom — is beyond the scope of this
article. However, what Atheros has done with their Wifi devices shows that
software freedom and FCC compliance can co-exist. Furthermore, the
central piece of FCC’s concern — the GSM chipset and firmware
— runs on a separate processor in modern mobile devices. This is a
software freedom battle for another day, but it shows that the FCC can be
pacified in the meantime by keeping the GSM device a black box to the Free
Software running on the primary processor of the device.

Conclusion

Seeking software freedom on mobile devices will remain a complicated
endeavor for some time. Our community should utilize the FLOSS releases
from companies, but should not forget that, until viable community forks
exist, software freedom on these devices exists at the whim of these
companies. A traditional “get some volunteers together and write
some code” approach can achieve great advancement toward
community-oriented FLOSS systems on mobile devices. Developers could
initially focus on applications for the existing “mostly
FLOSS” platforms of MeeGo and Android/Linux. The challenging and
more urgent work is to replace lower-level proprietary components on these
systems with FLOSS alternatives, but admittedly needs special programming
skills that aren’t easy to find.

(This blog post first appeared
as an
article in
the March
2010 issue of the Canadian online
journal, The Open Source Business Resource.)

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2010/03/03/jeremy-on-sun.html

Leslie Hawthorn referred
me to
an excellent
article by Jeremy Allison about Sun merging with Oracle. It was a
particularly interesting read for me since, while I knew that Jeremy
worked for Sun early in his career, I didn’t realize that he started in
engineering tech support.

The most amusing part to me is that it’s quite possible Jeremy was on
the UK tech support hotline during the same time frame when I was
calling USA Sun tech support while working for Westinghouse. I probably
would have had a different view of proprietary software if Jeremy had
answered the USA phone calls. One of the major life experiences that
led me down the path of hard-core software freedom beliefs were my many
calls to Sun tech support, who would usually tell me they just weren’t
going to fix the bugs I was reporting because Westinghouse just wasn’t
“big enough” (it was ironically one of the largest employers
in Maryland in the 1980s and early 1990s) to demand that Sun fix such
bugs (notwithstanding our monthly Sun maintenance fees).

But, more fascinating still is Jeremy’s analysis of why Sun failed as a
FLOSS
company. Specifically, Jeremy points out that the need for corporate
control over all software technologies that Sun released, specifically
demanding the exclusive right to proprietarize non-Sun contributions,
was a primary reason that Sun just never succeeded as a FLOSS
company.

Meanwhile, I’m less optimistic than Jeremy on the future of Oracle. I
have paid attention to Oracle’s contributions
to btrfs
in light of recent events. Amusingly, btfs exists in no small part
because ZFS was never licensed correctly and never turned into a truly
community-oriented project. While the two projects don’t have identical
goals, they
are similar enough that it seems unlikely btrfs would exist if Sun
had endeavored to become a real FLOSS contributor and shepherd ZFS into
Linux upstream using normal Linux community processes. It’s thus
strange to think that Oracle controls ZFS, even while it continues to
contribute to btrfs, in a normal, upstream way (i.e., collaborating
under the terms of GPLv2 with community developers and employees of
other companies such as Red Hat, HP, Intel, Novell, and
Fujitsu).

I have mostly considered Oracle’s contributions to btrfs (and to Xen,
to which they contribute to in much the same way) as a complete fluke.
Oracle is third only to Apple and Microsoft in its predatory,
proprietary software marketing practices and mistreatment of users.
Other than these notable exceptions, Oracle’s attitude generally matches
Sun’s long-ago roots (and Apple’s current attitude) in this regard:
non-copyleft FLOSS without giving contributions back is the best
“Open Source” plan.

Software corporations usually oscillate between treating users and
developers well and treating them poorly. Larger companies are often
completely self-contradictory on this issue across multiple
divisions. Microsoft and Apple are actually unique in their
consistency of anti-software-freedom attitudes; I’ve typically assessed
Oracle as roughly equivalent to the two of
them⁰. I don’t really
see Oracle’s predatory proprietary licensing models changing, and I
expect them to try to manipulate FLOSS to bolster their proprietary
licensing. Oracle was never an operating system company before the Sun
acquisition, and therefore contributing to operating system components
like btrfs and Xen were historically a non-issue. My pessimistic view
is that Oracle’s FLOSS involvement won’t go beyond what currently exists
(and I even find myself worrying if others can pick up the slack on btrfs if
(when?) Oracle starts marketing a proprietarized ZFS-based solution
instead). In short, I expect Oracle’s primary business will still be
anti-FLOSS. Nevertheless, I’ll try to quickly acknowledge it if it
turns out I’m wrong.

---

⁰ Contrary to the
popular receptions at the time, I was actually quite depressed both when,
in
1999, Oracle
announced first that they’d have a certified version of Oracle’s database
available for Red Hat Linux and when, in
2002, Oracle
announced so-called “Unbreakable” Linux. These moves were
not toward more software freedom, but rather to leverage the availability
of a software freedom operating system, GNU/Linux, to sell proprietary
licenses for Oracle databases. Neither event should have been heralded as
anything but negative for software freedom.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2010/03/03/jeremy-on-sun.html

Leslie Hawthorn referred
me to
an excellent
article by Jeremy Allison about Sun merging with Oracle. It was a
particularly interesting read for me since, while I knew that Jeremy
worked for Sun early in his career, I didn’t realize that he started in
engineering tech support.

The most amusing part to me is that it’s quite possible Jeremy was on
the UK tech support hotline during the same time frame when I was
calling USA Sun tech support while working for Westinghouse. I probably
would have had a different view of proprietary software if Jeremy had
answered the USA phone calls. One of the major life experiences that
led me down the path of hard-core software freedom beliefs were my many
calls to Sun tech support, who would usually tell me they just weren’t
going to fix the bugs I was reporting because Westinghouse just wasn’t
“big enough” (it was ironically one of the largest employers
in Maryland in the 1980s and early 1990s) to demand that Sun fix such
bugs (notwithstanding our monthly Sun maintenance fees).

But, more fascinating still is Jeremy’s analysis of why Sun failed as a
FLOSS
company. Specifically, Jeremy points out that the need for corporate
control over all software technologies that Sun released, specifically
demanding the exclusive right to proprietarize non-Sun contributions,
was a primary reason that Sun just never succeeded as a FLOSS
company.

Meanwhile, I’m less optimistic than Jeremy on the future of Oracle. I
have paid attention to Oracle’s contributions
to btrfs
in light of recent events. Amusingly, btfs exists in no small part
because ZFS was never licensed correctly and never turned into a truly
community-oriented project. While the two projects don’t have identical
goals, they
are similar enough that it seems unlikely btrfs would exist if Sun
had endeavored to become a real FLOSS contributor and shepherd ZFS into
Linux upstream using normal Linux community processes. It’s thus
strange to think that Oracle controls ZFS, even while it continues to
contribute to btrfs, in a normal, upstream way (i.e., collaborating
under the terms of GPLv2 with community developers and employees of
other companies such as Red Hat, HP, Intel, Novell, and
Fujitsu).

I have mostly considered Oracle’s contributions to btrfs (and to Xen,
to which they contribute to in much the same way) as a complete fluke.
Oracle is third only to Apple and Microsoft in its predatory,
proprietary software marketing practices and mistreatment of users.
Other than these notable exceptions, Oracle’s attitude generally matches
Sun’s long-ago roots (and Apple’s current attitude) in this regard:
non-copyleft FLOSS without giving contributions back is the best
“Open Source” plan.

Software corporations usually oscillate between treating users and
developers well and treating them poorly. Larger companies are often
completely self-contradictory on this issue across multiple
divisions. Microsoft and Apple are actually unique in their
consistency of anti-software-freedom attitudes; I’ve typically assessed
Oracle as roughly equivalent to the two of
them⁰. I don’t really
see Oracle’s predatory proprietary licensing models changing, and I
expect them to try to manipulate FLOSS to bolster their proprietary
licensing. Oracle was never an operating system company before the Sun
acquisition, and therefore contributing to operating system components
like btrfs and Xen were historically a non-issue. My pessimistic view
is that Oracle’s FLOSS involvement won’t go beyond what currently exists
(and I even find myself worrying if others can pick up the slack on btrfs if
(when?) Oracle starts marketing a proprietarized ZFS-based solution
instead). In short, I expect Oracle’s primary business will still be
anti-FLOSS. Nevertheless, I’ll try to quickly acknowledge it if it
turns out I’m wrong.

---

⁰ Contrary to the
popular receptions at the time, I was actually quite depressed both when,
in
1999, Oracle
announced first that they’d have a certified version of Oracle’s database
available for Red Hat Linux and when, in
2002, Oracle
announced so-called “Unbreakable” Linux. These moves were
not toward more software freedom, but rather to leverage the availability
of a software freedom operating system, GNU/Linux, to sell proprietary
licenses for Oracle databases. Neither event should have been heralded as
anything but negative for software freedom.

Post Syndicated from Oglaf! -- Comics. Often dirty. original https://www.oglaf.com/goodship/

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2010/02/22/scale-8x.html

I just returned today (unfortunately on an overnight flight, which
always causes me to mostly lose the next day to sleep problems) from
SCALE 8x.
I spoke
about GPL enforcement efforts, and also was glad to spend all day
Saturday and Sunday at the event.

These are my highlights of SCALE 8x:

• Karsten
  Wade’s keynote was particularly good. It’s true that some of his
  talk was the typical messaging we hear from Corporate Open Source PR
  people (which are usually called “Community Managers”,
  although Karsten calls himself a “Senior Community
  Gardener” instead). Nevertheless, I was persuaded that Karsten
  does seek to educate Red Hat internally to have the right attitude
  about FLOSS contribution. In particular, he opened
  with a
  an illuminating literary analogy (from Chris Grams) about Tom Sawyer
  manipulating his acquaintances into paying him to do his
  work. I hadn’t seen Chris’ article when it was published back in
  September, and found this (“new to me”) analogy quite
  compelling. This is precisely the kind of activity that I see
  happening
  with problematic
  copyright assignments. I think the Tom Sawyer analogy fits aptly
  to that situation, because a contributor first does some work without
  compensation (the original patch), and then is manipulated even
  further into giving up something of value (signing away copyrights for
  nothing in return) for the mere honor of being able to do someone
  else’s work. It was no surprised that after Karsten’s keynote, jokes
  abounded in the SCALE 8x hallways all weekend that we should nickname
  Canonical’s new COO, Matt Asay, the “Tom Sawyer of Open
  Source”. I am sure Red Hat will be happy that their keynote
  inspired some anti-Canonical jokes.
• Another Red Hat employee (who is also my good friend and former
  cow-orker), Richard Fontana, also
  gave an
  excellent talk that many missed, as it was scheduled in the very
  final session slot. Fontana put forward more details about his theory
  of the “Lex Mercatoria” of FLOSS and how it works in
  resolving licensing conflicts and incompatibility inside the community.
  He contrasted it specifically against the kinds
  of disputes
  that happen in normal GPL violations, which are primarily perpetrated by
  those outside the FLOSS world). I agreed with Fontana’s
  conclusions, but his argument seemed to assume that these in-community
  licensing issues were destabilizing. I asked him about
  this, pointing out that the
  community is really good at solving these issues before they destabilize
  anything. Fontana agreed that they do get easily resolved, and
  revised his point to say that the main problem is that distribution
  projects (like Debian and Fedora) hold the majority of responsibility
  for resolving these issues, and
  that upstreams need to take
  more responsibility on this. (BTW, Karsten was also in the audience
  for Fontana’s talk,
  has written
  a more detailed blog post about it.) Fontana noted to me after his
  talk that he thought I wasn’t paying attention, as I was using my
  Android phone a lot during the talk. I was
  actually dent’ing various
  points from his
  talk. I realized when Fontana expressed this concern that perhaps we as
  speakers have to change our views about what it means when people seem
  focused on computing devices during a talk. (I probably would have
  thought the same as Fontana in the situation.) The online conversation
  during a talk is a useful part of the
  interaction. Stormy Peters
  even once suggested before a talk at Linux World that we should have a
  way to put dents up on the screen as people comment during a talk. I
  may actually try to find a way to do this next time I give a talk.
• I also
  saw Brian
  Aker‘s presentation about
  Drizzle, which is
  a fork of the MySQL codebase that he began inside Sun and now
  maintains further (having left Sun before the Oracle merger
  completed). I was impressed to see how much Drizzle has grown in just
  a few years, and how big its user base is. (Being a database
  developer, Brian thinks user numbers in the tens of thousands
  is just a start, but there are many FLOSS projects that would
  be elated even to max out at tens of thousands users. While I admire
  his goals of larger user bases, I think they’ve already accomplished a
  lot.) I talked with Brian for an hour after his talk all about the
  GPL and the danger of single-copyright-held business models. He’s
  avoided this for Drizzle, and it sounds like none of the consulting
  companies spouting up around the user community has too much power
  over the project. (Brian also
  blogged a summary of
  some of the points in the discussion we had.)
• Because it directly time-conflicted Brian’s talk, I missed my friend
  and
  colleague’s Karen
  Sandler’s talk about trademarks, but I hear it went well. Karen
  told me not to attend anyway since she said I already knew everything it
  contained, and that she would have went to Brian’s talk too if my talk
  was against it. She did however make a brief appearance at my talk, so
  I feel bad my post-talk chat with Brian made it impossible for me to do
  the same for her talk.
• I spoke extensively with Matt Kraai
  in the Debian booth. It
  was great to meet Matt for the first time, as he had previously
  volunteered on the
  Free Software Directory project
  when I was at FSF, and he’s also contributed a lot of development effort to
  BusyBox. It’s always strange but great
  to finally meet someone in person you’ve occasionally been in touch with
  for nearly a decade online.
• Don Armstrong was also in
  the Debian booth. I got to know Don when we served
  on one of the GPLv3
  discussion committees together, and I hadn’t been in touch with him
  regularly since the GPLv3 process ended. He’s continuing to do massive
  amounts of volunteer work for Debian, including being in charge of the bug
  tracking system! I asked him for some ideas in how to help Debian more,
  and he immediately mentioned
  the Debian/GNOME Bug
  Weekend coming up this weekend. I’m planning to get involved this
  weekend, and I hope others will too.
• Finally, I had a number of important meetings with lots of people in
  the FLOSS world, such as Tarus
  Balog, Michael
  Dexter, Bob
  Gobeille, Deb Nicholson,
  Rob Savoye
  and Randal Schwartz.
  Ok, enough name-dropping. (BTW, Tarus
  has written about his
  trip as well, and mentioned our ongoing copyright assignment debate.
  Tarus argues that he can do non-promise copyright assignment in OpenNMS
  and still avoid
  the normal
  Open Core shareware-like outcomes, which he dubs
  “fauxpen source” for “fake open source”. Time will
  tell.)

SCALE is really the gold standard of community-run, local FLOSS
conferences. It is the inspiration for many of the other regional
events such as OLF, SELF, and the like. A major benefit of these
regional events is that while they draw speakers from all over the
country, the average attendee is a local who usually cannot travel to
the better-known events like OSCON.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2010/02/22/scale-8x.html

I just returned today (unfortunately on an overnight flight, which
always causes me to mostly lose the next day to sleep problems) from
SCALE 8x.
I spoke
about GPL enforcement efforts, and also was glad to spend all day
Saturday and Sunday at the event.

These are my highlights of SCALE 8x:

• Karsten
  Wade’s keynote was particularly good. It’s true that some of his
  talk was the typical messaging we hear from Corporate Open Source PR
  people (which are usually called “Community Managers”,
  although Karsten calls himself a “Senior Community
  Gardener” instead). Nevertheless, I was persuaded that Karsten
  does seek to educate Red Hat internally to have the right attitude
  about FLOSS contribution. In particular, he opened
  with a
  an illuminating literary analogy (from Chris Grams) about Tom Sawyer
  manipulating his acquaintances into paying him to do his
  work. I hadn’t seen Chris’ article when it was published back in
  September, and found this (“new to me”) analogy quite
  compelling. This is precisely the kind of activity that I see
  happening
  with problematic
  copyright assignments. I think the Tom Sawyer analogy fits aptly
  to that situation, because a contributor first does some work without
  compensation (the original patch), and then is manipulated even
  further into giving up something of value (signing away copyrights for
  nothing in return) for the mere honor of being able to do someone
  else’s work. It was no surprised that after Karsten’s keynote, jokes
  abounded in the SCALE 8x hallways all weekend that we should nickname
  Canonical’s new COO, Matt Asay, the “Tom Sawyer of Open
  Source”. I am sure Red Hat will be happy that their keynote
  inspired some anti-Canonical jokes.
• Another Red Hat employee (who is also my good friend and former
  cow-orker), Richard Fontana, also
  gave an
  excellent talk that many missed, as it was scheduled in the very
  final session slot. Fontana put forward more details about his theory
  of the “Lex Mercatoria” of FLOSS and how it works in
  resolving licensing conflicts and incompatibility inside the community.
  He contrasted it specifically against the kinds
  of disputes
  that happen in normal GPL violations, which are primarily perpetrated by
  those outside the FLOSS world). I agreed with Fontana’s
  conclusions, but his argument seemed to assume that these in-community
  licensing issues were destabilizing. I asked him about
  this, pointing out that the
  community is really good at solving these issues before they destabilize
  anything. Fontana agreed that they do get easily resolved, and
  revised his point to say that the main problem is that distribution
  projects (like Debian and Fedora) hold the majority of responsibility
  for resolving these issues, and
  that upstreams need to take
  more responsibility on this. (BTW, Karsten was also in the audience
  for Fontana’s talk,
  has written
  a more detailed blog post about it.) Fontana noted to me after his
  talk that he thought I wasn’t paying attention, as I was using my
  Android phone a lot during the talk. I was
  actually dent’ing various
  points from his
  talk. I realized when Fontana expressed this concern that perhaps we as
  speakers have to change our views about what it means when people seem
  focused on computing devices during a talk. (I probably would have
  thought the same as Fontana in the situation.) The online conversation
  during a talk is a useful part of the
  interaction. Stormy Peters
  even once suggested before a talk at Linux World that we should have a
  way to put dents up on the screen as people comment during a talk. I
  may actually try to find a way to do this next time I give a talk.
• I also
  saw Brian
  Aker‘s presentation about
  Drizzle, which is
  a fork of the MySQL codebase that he began inside Sun and now
  maintains further (having left Sun before the Oracle merger
  completed). I was impressed to see how much Drizzle has grown in just
  a few years, and how big its user base is. (Being a database
  developer, Brian thinks user numbers in the tens of thousands
  is just a start, but there are many FLOSS projects that would
  be elated even to max out at tens of thousands users. While I admire
  his goals of larger user bases, I think they’ve already accomplished a
  lot.) I talked with Brian for an hour after his talk all about the
  GPL and the danger of single-copyright-held business models. He’s
  avoided this for Drizzle, and it sounds like none of the consulting
  companies spouting up around the user community has too much power
  over the project. (Brian also
  blogged a summary of
  some of the points in the discussion we had.)
• Because it directly time-conflicted Brian’s talk, I missed my friend
  and
  colleague’s Karen
  Sandler’s talk about trademarks, but I hear it went well. Karen
  told me not to attend anyway since she said I already knew everything it
  contained, and that she would have went to Brian’s talk too if my talk
  was against it. She did however make a brief appearance at my talk, so
  I feel bad my post-talk chat with Brian made it impossible for me to do
  the same for her talk.
• I spoke extensively with Matt Kraai
  in the Debian booth. It
  was great to meet Matt for the first time, as he had previously
  volunteered on the
  Free Software Directory project
  when I was at FSF, and he’s also contributed a lot of development effort to
  BusyBox. It’s always strange but great
  to finally meet someone in person you’ve occasionally been in touch with
  for nearly a decade online.
• Don Armstrong was also in
  the Debian booth. I got to know Don when we served
  on one of the GPLv3
  discussion committees together, and I hadn’t been in touch with him
  regularly since the GPLv3 process ended. He’s continuing to do massive
  amounts of volunteer work for Debian, including being in charge of the bug
  tracking system! I asked him for some ideas in how to help Debian more,
  and he immediately mentioned
  the Debian/GNOME Bug
  Weekend coming up this weekend. I’m planning to get involved this
  weekend, and I hope others will too.
• Finally, I had a number of important meetings with lots of people in
  the FLOSS world, such as Tarus
  Balog, Michael
  Dexter, Bob
  Gobeille, Deb Nicholson,
  Rob Savoye
  and Randal Schwartz.
  Ok, enough name-dropping. (BTW, Tarus
  has written about his
  trip as well, and mentioned our ongoing copyright assignment debate.
  Tarus argues that he can do non-promise copyright assignment in OpenNMS
  and still avoid
  the normal
  Open Core shareware-like outcomes, which he dubs
  “fauxpen source” for “fake open source”. Time will
  tell.)

SCALE is really the gold standard of community-run, local FLOSS
conferences. It is the inspiration for many of the other regional
events such as OLF, SELF, and the like. A major benefit of these
regional events is that while they draw speakers from all over the
country, the average attendee is a local who usually cannot travel to
the better-known events like OSCON.

Post Syndicated from Oglaf! -- Comics. Often dirty. original https://www.oglaf.com/cavalcade/