Hello,
A few days ago, I saw Daniel's article about the use of proprietary software and services by the FSFE:
https://danielpocock.com/pmpc-for-fsfe-itself
This follows up on a long discussion last year, starting here...
https://lists.fsfe.org/pipermail/discussion/2017-June/011591.html
...and ending here:
https://lists.fsfe.org/pipermail/discussion/2017-October/011934.html
Firstly, I like the idea of awards to organisations who actually use Free Software to achieve their objectives. These days, it is far too easy for people to use "off the shelf" proprietary services and wave away objections about privacy, surveillance and control. Those who persist with Free Software and who improve it should be acknowledged and rewarded.
Now, I understand that even in the Free Software universe, people do not always want to be bothered to deploy software, especially if the act of doing so is not a familiar one. It seems that more and more expertise is required to deploy software in a secure, defensible fashion. But unless there are people who do so and who are willing to share their expertise, then it will become a less widely practised act with fewer able to benefit from the control and independence that Free Software offers.
I was surprised that Daniel's motion to document the FSFE's proprietary dependencies, and to describe ways of eliminating them, was so strongly opposed. Is it because admitting such dependencies is embarrassing? Or are there other reasons why no-one else was willing to support it?
Many of us commit to using Free Software exclusively where the right to exercise this control has been given to us. Actively using and developing such software is just as important as promoting it, arguably more so. If I were to use proprietary software to advocate Free Software usage, it might be said that I would merely be indulging in a hobby, that I do not lead by example, and so on.
Is it not right for the FSFE to be held to the same standards?
Paul
# Paul Boddie [2018-06-12 21:53 +0200]:
I was surprised that Daniel's motion to document the FSFE's proprietary dependencies, and to describe ways of eliminating them, was so strongly opposed. Is it because admitting such dependencies is embarrassing? Or are there other reasons why no-one else was willing to support it?
I was at the said GA meeting and we discussed a while about it. I'm quite sure Daniel received a more detailed explanation with the reasons stated but I don't find it in my archive any more, and my memories aren't complete any more.
IIRC, the members brought up two main reasons:
1. Which scope should the list of proprietary software in organisation have? Only the OS and applications on our computers and servers? Or does it extend to the landline phones we use? The tax software of our external accountants? The software temporary freelancers like our designers use? Switches in datacenters our servers are located in? Some of the mentioned components will certainly be driven by non-free software.
2. Obviously, we try to use as much Free Software as possible, but unfortunately we cannot avoid all of it, especially on devices and in circumstances we don't a full access to. Does creating such a huge list benefit our work to promote Free Software, or would this create an enormous, ongoing burden for our volunteers and teams, demotivating them because they can't do much about many of those issues?
Because of the unclear scope, and because most believed that the limited advantages of such a project don't outweigh the clear downsides, the GA decided to not adopt this motion.
Disclaimer: all only from the top of my head and IMHO, not speaking for the whole GA.
In my personal opinion, in the FSFE we should trust our people – those deeply caring about Free Software and often spending their free time – that they don't deliberately use proprietary software for essential parts of their FSFE work if there is any better solution. Imposing such a motion on them would create more frustration and distraction from our actual goal than it would bring any positive effect.
If you think that we urgently need such a list of proprietary dependencies, please try to figure out a balanced definition and think of the work involved for different parts of the FSFE.
Best, Max
On Wednesday 13. June 2018 15.47.38 Max Mehl wrote:
# Paul Boddie [2018-06-12 21:53 +0200]:
I was surprised that Daniel's motion to document the FSFE's proprietary dependencies, and to describe ways of eliminating them, was so strongly opposed. Is it because admitting such dependencies is embarrassing? Or are there other reasons why no-one else was willing to support it?
I was at the said GA meeting and we discussed a while about it. I'm quite sure Daniel received a more detailed explanation with the reasons stated but I don't find it in my archive any more, and my memories aren't complete any more.
I appreciate your reply regardless of any reservations you may have about it.
IIRC, the members brought up two main reasons:
- Which scope should the list of proprietary software in organisation have? Only the OS and applications on our computers and servers? Or does it extend to the landline phones we use? The tax software of our external accountants? The software temporary freelancers like our designers use? Switches in datacenters our servers are located in? Some of the mentioned components will certainly be driven by non-free software.
This is something I briefly addressed in my message:
"Many of us commit to using Free Software exclusively where the right to exercise this control has been given to us."
So the embedded software in your phones is probably not an area that would need to be covered, in my opinion. I personally use an ancient feature phone with a proprietary operating system, and my landline phone is a DTMF device that interfaces with the outside world using a voice-over-IP switch delivered by the service provider. Although it would be fun to replace all such embedded software, it wouldn't be reasonable for others to demand it, nor would it be practical or, in the case of the switch, permitted.
- Obviously, we try to use as much Free Software as possible, but unfortunately we cannot avoid all of it, especially on devices and in circumstances we don't a full access to. Does creating such a huge list benefit our work to promote Free Software, or would this create an enormous, ongoing burden for our volunteers and teams, demotivating them because they can't do much about many of those issues?
I agree that the potential impact on volunteers would be problematic. But people regularly argue that hosting one's own wiki and repositories is a burden and that one might switch to, say, GitHub instead. The path of least resistance is increasingly the one most taken. Some people would have everything done within Facebook groups because their own personal convenience is king. Too bad if one is not on Facebook, I guess.
Because of the unclear scope, and because most believed that the limited advantages of such a project don't outweigh the clear downsides, the GA decided to not adopt this motion.
Disclaimer: all only from the top of my head and IMHO, not speaking for the whole GA.
I understand. But did no-one see any merit in the idea? Maybe one of the many other, non-Fellow/member/supporter Assembly members might share their thoughts with us.
In my personal opinion, in the FSFE we should trust our people – those deeply caring about Free Software and often spending their free time – that they don't deliberately use proprietary software for essential parts of their FSFE work if there is any better solution. Imposing such a motion on them would create more frustration and distraction from our actual goal than it would bring any positive effect.
As I see it, the FSFE seeks to provide a platform for campaigning and collaboration. Naturally, people can go off and use whatever they want if it advances their own interests, but I understood that Daniel's motion would be applicable to FSFE-provided facilities. Indeed, Daniel's other motions seemed to have some relevance to the effectiveness of FSFE campaigns, and the two topics seem to be closely related.
If you think that we urgently need such a list of proprietary dependencies, please try to figure out a balanced definition and think of the work involved for different parts of the FSFE.
Well, this matter is not exactly "urgent" to me as such, given that I have other activities with higher priorities, including the development of various Free Software projects.
Paul
Context: Daniel Pocock writes in his own blog that he will repost at the next GA meeting a motion that did not pass at the previous GA meeting. Unchanged, seemingly.
Paul Boddie:
I was surprised that Daniel's motion to document the FSFE's proprietary dependencies, and to describe ways of eliminating them, was so strongly opposed.
Voting against by a large majority doesn't mean it was "strongly opposed". There was discussion and we agreed it's better not to have it. A vote just reflects the balance of pros and cons made by voting members.
Max Mehl explained the refusal:
- Which scope should the list of proprietary software in organisation have? Only the OS and applications on our computers and servers? Or does it extend to [...]
- Obviously, we try to use as much Free Software as possible, but unfortunately we cannot avoid all of it, [...] Does creating such a huge list benefit our work [...] ?
Paul noted about (1) above:
This is something I briefly addressed in my message: "Many of us commit to using Free Software exclusively where the right to exercise this control has been given to us."
So the embedded software in your phones is probably not an area [...]
The problem is "probably" and the vagueness of where the right to exercise is there or not. You also note sometimes it's possible but not reasonable to demand.
And about (2) above:
I agree that the potential impact on volunteers would be problematic.
So it seems even you (paul) acknowledge that the proposal is not "obviously right" when we face the real world, even if it clearly was designed with the aim to do better.
Oh, and what about firmware? I personally shall be damned because I download binary blobs to my hardware's RAM (instead of having it in flash memory).
But did no-one see any merit in the idea? Maybe one of the many other, non-Fellow/member/supporter Assembly members might share their thoughts with us.
I am a member, and I think Max well explained the reasoning. But I see one more: we do not need to publish a "hall of shame". It would mostly help internal frictions, or attacks by anybody who wants to paint himself as holier than us ("himself": women are usually more intelligent than that).
But did no-one see any merit in the idea?
Daniel Pocock I suppose. So much as to claim he will post the same motion again without further arguments. I can't avoid thinking he wants to lose the vote again in order to complain again on his blog and increase his own halo. I'd love to be proved wrong.
/alessandro
On Thursday 14. June 2018 08.01.04 Alessandro Rubini wrote:
Context: Daniel Pocock writes in his own blog that he will repost at the next GA meeting a motion that did not pass at the previous GA meeting. Unchanged, seemingly.
To give Daniel credit, he did state that the text might be improved. That's one reason why I posted my message.
Paul Boddie:
I was surprised that Daniel's motion to document the FSFE's proprietary dependencies, and to describe ways of eliminating them, was so strongly opposed.
Voting against by a large majority doesn't mean it was "strongly opposed". There was discussion and we agreed it's better not to have it. A vote just reflects the balance of pros and cons made by voting members.
Yes, unfortunately we don't see the nuances of the discussion in a presentation of the voting numbers. But in terms of those numbers the motion was strongly opposed.
[Practical aspects of deploying Free Software]
The problem is "probably" and the vagueness of where the right to exercise is there or not. You also note sometimes it's possible but not reasonable to demand.
And about (2) above:
I agree that the potential impact on volunteers would be problematic.
So it seems even you (paul) acknowledge that the proposal is not "obviously right" when we face the real world, even if it clearly was designed with the aim to do better.
Of course. There is a need to define the scope of such a proposal, and here you give an example of how some initiatives have chosen to do so:
Oh, and what about firmware? I personally shall be damned because I download binary blobs to my hardware's RAM (instead of having it in flash memory).
Then again, I did mention that one might confine the scope to the tools used to provide the FSFE's campaigning and collaboration platform, which would rule out the office phones in Berlin (or wherever).
But did no-one see any merit in the idea? Maybe one of the many other, non-Fellow/member/supporter Assembly members might share their thoughts with us.
I am a member, and I think Max well explained the reasoning. But I see one more: we do not need to publish a "hall of shame". It would mostly help internal frictions, or attacks by anybody who wants to paint himself as holier than us ("himself": women are usually more intelligent than that).
I didn't ask for a "hall of shame" and I don't recall Daniel asking for one, either. The merit I see in such a proposal is that it shows people how various kinds of activities can be performed using Free Software. Personally, I don't see that as a big demand for a Free Software advocacy organisation, even if we might discuss whether the demand is formulated in the right way.
But did no-one see any merit in the idea?
Daniel Pocock I suppose. So much as to claim he will post the same motion again without further arguments. I can't avoid thinking he wants to lose the vote again in order to complain again on his blog and increase his own halo. I'd love to be proved wrong.
I get the impression that we are possibly encountering some other interpersonal issues here.
Paul
On 14-06-2018 11:51, Paul Boddie wrote:
Of course. There is a need to define the scope of such a proposal, and here you give an example of how some initiatives have chosen to do so:
Oh, and what about firmware? I personally shall be damned because I download binary blobs to my hardware's RAM (instead of having it in flash memory).
Then again, I did mention that one might confine the scope to the tools used to provide the FSFE's campaigning and collaboration platform, which would rule out the office phones in Berlin (or wherever).
I think Daniel's proposal makes sense and could be a good and constructive approach if the scope is defined properly, as Max pointed about.
I would think of it like this:
The FSFE is an organization that works for software freedom and for the adoption of free software on all levels.
As such, the organization wishes (and no-one doubts this) to use free software on all levels in its operations, i.e. for administrative tasks, communication, collaboration, accounts.
I'd limit the scope as such:
* We're talking of the software used by *the association* as part of its *operations*, i.e. not about the personal choices of employees or volunteers in their spare time.
* We're talking about software used by the organization in its *own* operations - not that of vendors and other third parties (e.g., designers and accountants - if the designer prefers to use Gimp for images that's fine, but they *are* a third party)
* We're talking about *tools*, i.e. mostly userspace software. We should include proprietary JavaScript - so using Twitter or Google is not "using proprietary software" because the service is proprietary, but because they use non-free JavaScript (I mention this to align with the FSF's position). Anything proprietary installed on staff computers for work purposes would be listed, e.g. Skype, if someone were using that (which I have reasons to believe is not the case)
* We're not talking about firmware.
AND, we're not talking "hall of shame", we're talking transparency and documentation. We, as a free software organization, would like to use only free software in our operations, but are currently unable to do so 100% because of these gaps.
I think such a thing makes eminent sense.
Incidentally, does anyone know what the FSF's position on their own possible use of non-free software is?
Regards Carsten
But did no-one see any merit in the idea? Maybe one of the many other, non-Fellow/member/supporter Assembly members might share their thoughts with us.
I am a member, and I think Max well explained the reasoning. But I see one more: we do not need to publish a "hall of shame". It would mostly help internal frictions, or attacks by anybody who wants to paint himself as holier than us ("himself": women are usually more intelligent than that).
I didn't ask for a "hall of shame" and I don't recall Daniel asking for one, either. The merit I see in such a proposal is that it shows people how various kinds of activities can be performed using Free Software. Personally, I don't see that as a big demand for a Free Software advocacy organisation, even if we might discuss whether the demand is formulated in the right way.
But did no-one see any merit in the idea?
Daniel Pocock I suppose. So much as to claim he will post the same motion again without further arguments. I can't avoid thinking he wants to lose the vote again in order to complain again on his blog and increase his own halo. I'd love to be proved wrong.
I get the impression that we are possibly encountering some other interpersonal issues here.
Paul _______________________________________________ Discussion mailing list Discussion@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/discussion
This mailing list is covered by the FSFE's Code of Conduct. All participants are kindly asked to be excellent to each other: https://fsfe.org/about/codeofconduct
Hi, Carsten!
Am 2018-06-14 um 12:06 schrieb Carsten Agger:
I'd limit the scope as such:
- We're talking of the software used by *the association* as part of its
*operations*, i.e. not about the personal choices of employees or volunteers in their spare time.
- We're talking about software used by the organization in its *own*
operations - not that of vendors and other third parties (e.g., designers and accountants - if the designer prefers to use Gimp for images that's fine, but they *are* a third party)
- We're talking about *tools*, i.e. mostly userspace software. We should
include proprietary JavaScript - so using Twitter or Google is not "using proprietary software" because the service is proprietary, but because they use non-free JavaScript (I mention this to align with the FSF's position). Anything proprietary installed on staff computers for work purposes would be listed, e.g. Skype, if someone were using that (which I have reasons to believe is not the case)
- We're not talking about firmware.
That sounds like a reasonable scope to me, except for JavaScript, which I would regard debatable. And if I am not mistaken, apart from JavaScript, FSFE does not use any proprietary software within this scope. Actually I'm not even sure about JavaScript, since the services you mention might also run with JavaScript turned off.
No proprietary software runs on any of FSFE's servers in userspace, and of course all software developed by FSFE staff or by contractors paid by FSFE is free software.
Anything further doesn't seem very reasonable to me: I would, for example, not want our volunteers to spend their time with documenting which web pages they visited where JavaScript was required.
Thanks,
On 15/06/18 09:11, Reinhard Müller wrote:
Hi, Carsten!
Am 2018-06-14 um 12:06 schrieb Carsten Agger:
I'd limit the scope as such:
- We're talking of the software used by *the association* as part of its
*operations*, i.e. not about the personal choices of employees or volunteers in their spare time.
- We're talking about software used by the organization in its *own*
operations - not that of vendors and other third parties (e.g., designers and accountants - if the designer prefers to use Gimp for images that's fine, but they *are* a third party)
- We're talking about *tools*, i.e. mostly userspace software. We should
include proprietary JavaScript - so using Twitter or Google is not "using proprietary software" because the service is proprietary, but because they use non-free JavaScript (I mention this to align with the FSF's position). Anything proprietary installed on staff computers for work purposes would be listed, e.g. Skype, if someone were using that (which I have reasons to believe is not the case)
- We're not talking about firmware.
That sounds like a reasonable scope to me, except for JavaScript, which I would regard debatable. And if I am not mistaken, apart from JavaScript, FSFE does not use any proprietary software within this scope. Actually I'm not even sure about JavaScript, since the services you mention might also run with JavaScript turned off.
No proprietary software runs on any of FSFE's servers in userspace, and of course all software developed by FSFE staff or by contractors paid by FSFE is free software.
So what is Jonas referring to in his blog[1]?
Anything further doesn't seem very reasonable to me: I would, for example, not want our volunteers to spend their time with documenting which web pages they visited where JavaScript was required.
If it is part of any significant FSFE-related process it should be documented in the process and then it should be obvious to any volunteer who reviews the documentation.
If volunteers have non-free stuff that they use for unrelated purposes then I don't expect that to fall under the scope of a motion passed in FSFE's General Assembly.
On the other hand, I would contend that people who want to be in leadership positions in the FSF / FSFE family would have a burning desire to make such a list and work constructively to shorten it and they wouldn't be able to sleep at night without doing this exercise.
Regards,
Daniel
1. https://web.archive.org/web/20170620233433/http://blog.jonasoberg.net/using-...
Am 2018-06-15 um 12:12 schrieb Daniel Pocock:
No proprietary software runs on any of FSFE's servers in userspace, and of course all software developed by FSFE staff or by contractors paid by FSFE is free software.
So what is Jonas referring to in his blog[1]?
I don't know whether he refers to a specific case at all. I read his blog post as a general consideration, and I can't find any mention of FSFE in there.
If you want to know what he refers to, did you consider asking him?
I hope you don't want to tell us that this blog post is the foundation on which you base your complains that FSFE uses proprieatary software??
Thanks,
On 15/06/18 16:45, Reinhard Müller wrote:
Am 2018-06-15 um 12:12 schrieb Daniel Pocock:
No proprietary software runs on any of FSFE's servers in userspace, and of course all software developed by FSFE staff or by contractors paid by FSFE is free software.
So what is Jonas referring to in his blog[1]?
I don't know whether he refers to a specific case at all. I read his blog post as a general consideration, and I can't find any mention of FSFE in there.
If you want to know what he refers to, did you consider asking him?
I hope you don't want to tell us that this blog post is the foundation on which you base your complains that FSFE uses proprieatary software??
It is not just about Jonas' blog post. Some communication apps like Skype and Twitter have been mentioned in various places.
For example, on the team list, there is message 1498121148.fd6avqk03q.mk@vita.none and some other messages in that thread. It is not clear whether anybody has it on FSFE or private devices or not at all.
In this particular thread, another staff member, Erik, has written "I propose you trust us that we use Free Software always and that this is minimum 95%, including our phones, landlines, printers etc." and that leaves open the question about the other 5%
I didn't try to write the motion with lots of little rules and things because I was hoping people would approach the question maturely. If the motion is revised to focus on something like "staff computers" and people reply that only the firmware is non-free but they don't tell us they are using non-free apps on their personal mobile phones to do FSFE stuff then they are not respecting the intention of the motion
The motion should also apply to firmware. Think about some of the following:
- printer firmware: many modern network printers are automatically phoning home to their manufacturer to report about usage and download updates.
- IP phones on your desk: how do you know the microphone can't be switched on remotely if it runs non-free firmware? In fact, such exploits are well known
Some organizations even generate these reports (or the skeleton of the report) automatically, extracting a list of all known MAC addresses from their switches and access points, installing management agents on every host with a function to detect all installed binaries and also observing all network connections and correlating them back to the respective binaries. Such data could be cross referenced with checksums of trusted binaries and the data could be annotated on a wiki page.
Regards,
Daniel
# Daniel Pocock [2018-06-16 09:50 +0200]:
Some organizations even generate these reports (or the skeleton of the report) automatically, extracting a list of all known MAC addresses from their switches and access points, installing management agents on every host with a function to detect all installed binaries and also observing all network connections and correlating them back to the respective binaries. Such data could be cross referenced with checksums of trusted binaries and the data could be annotated on a wiki page.
Could you please name an example?
I wonder whether such organisations also install video cameras, hidden microphones and tap work phones to micro-control everything.
Best, Max
On Sat, Jun 16, 2018 at 09:50:42AM +0200, Daniel Pocock wrote: ...
In this particular thread, another staff member, Erik, has written "I propose you trust us that we use Free Software always and that this is minimum 95%, including our phones, landlines, printers etc." and that leaves open the question about the other 5%
well, some if he already mentioned.
I didn't try to write the motion with lots of little rules and things because I was hoping people would approach the question maturely. If the motion is revised to focus on something like "staff computers" and people reply that only the firmware is non-free but they don't tell us they are using non-free apps on their personal mobile phones to do FSFE stuff then they are not respecting the intention of the motion
well...if they are their personal phone, we have little power to tell them what to do with them?
The motion should also apply to firmware. Think about some of the following:
- printer firmware: many modern network printers are automatically
phoning home to their manufacturer to report about usage and download updates.
- IP phones on your desk: how do you know the microphone can't be
switched on remotely if it runs non-free firmware? In fact, such exploits are well known
thats true, however: * some if that can quite easyly be mitigated by other methos * with some of that, can you tell me an completly free alternative at the moment that really works in practice? for example, as far as i know there is only one GSM basbend processor for which there is a free firmware, and none for UMTS and LTE. * even if you have source code under a free license that claims that it is whats running on your device, that might not help you there, as it is usually hard to check if that's really the code that's running on it (and it is the only code...there might always be stuff hidden)
Some organizations even generate these reports (or the skeleton of the report) automatically, extracting a list of all known MAC addresses from their switches and access points, installing management agents on every host with a function to detect all installed binaries and also observing all network connections and correlating them back to the respective binaries. Such data could be cross referenced with checksums of trusted binaries and the data could be annotated on a wiki page.
yes, there are organizations that do that, and to some degree even use this information as part of the automated procedure to determinate if a givven user is allow some information from the device this person is currently using to login and might tell them "no not with this device" or "install security updates before you are allowed to do this".
now, this is proably a good idea in a big organitation and might even scale quite well once you have it in place in a big company (one can cut back on other measures if you treat everything as hostile), however we don't have that kind if infrastructure and could not keep it running if we had it, as this would mean that we would have to invest a substantial amount of our funds just for the infrastructure for our very few employees and would not be able to do much else.
why do i single out employees here: we have a lot of volunteers who invest time and money to further the cause of free software, however we can hardly force on them what devices they are using (and very few of them would aggree to any kind of automatic inventarization of the private computers, for obvious reasons).
what i can say is that as far as what is installed on our servers, yes we are as clean as possible (we are mostly working with donated hardware these days, so there are some limitations when it comes to software to interact with suff like raid controllers).
and yes, i would protest strongly if i as an administrator would be asked to install propritery software to provide services on our infrastructure.
so the big questions in the end are:
should we have the goal to run only free software as far as practical and always aim to increase the ratio? yes, imho we must do that.
should we stop all work until we find a way to be 100%? i don't think so.
especialy with external services (that might even run auite a lot of free software in the back, but unless it's agpl this changes little for you) you always have to evalute if it is a good idea to use it, as apart from the question of free software there is also the problem of privacy and other related stuff that is quite important to a big part of our community.
regards, albert
ps: yes printers of course also have a special meaning for free software, but still we have to get work done
pps: desclaimer: yes i do have quite some insight on what's going on our servers, as i have been doing part of the adminstration work for some years now, howver i have no direct insight on what people are doing on laptops and/or other devices in the berlin office, as i'm not there all that often
On 16/06/18 15:29, Albert Dengg wrote:
On Sat, Jun 16, 2018 at 09:50:42AM +0200, Daniel Pocock wrote: ...
In this particular thread, another staff member, Erik, has written "I propose you trust us that we use Free Software always and that this is minimum 95%, including our phones, landlines, printers etc." and that leaves open the question about the other 5%
well, some if he already mentioned.
I didn't try to write the motion with lots of little rules and things because I was hoping people would approach the question maturely. If the motion is revised to focus on something like "staff computers" and people reply that only the firmware is non-free but they don't tell us they are using non-free apps on their personal mobile phones to do FSFE stuff then they are not respecting the intention of the motion
well...if they are their personal phone, we have little power to tell them what to do with them?
An employer can't really intrude on an employee's personal device.
However, FSFE may be able to make rules about which personal devices can be used for employment related activities, ban the devices from the office or offer more suitable devices to staff.
In the case of messaging apps, the contact data, attachments or messages themselves may contain data that is work related or falls under legitimate FSFE policies.
Regards,
Daniel
Hi Daniel,
I think the inventory you propose can be interesting. If we do it, we might want to include what Free Software people use so we can say to others: "Here are tools that have proven useful to us in our work as a non-profit organization." That might be useful to others.
Daniel Pocock daniel@pocock.pro writes:
If the motion is revised to focus on something like "staff computers" and people reply that only the firmware is non-free but they don't tell us they are using non-free apps on their personal mobile phones to do FSFE stuff then they are not respecting the intention of the motion
I am sorry, but I cannot see any way in which we could regulate what people do privately. What people do as part of their job for a Free Software organization, yes, but there has to be a limit when it comes to personal space. We do not want to run the FSFE like a police state that checks people's every move.
The motion should also apply to firmware. Think about some of the following:
- printer firmware: many modern network printers are automatically
phoning home to their manufacturer to report about usage and download updates.
- IP phones on your desk: how do you know the microphone can't be
switched on remotely if it runs non-free firmware? In fact, such exploits are well known
Ok, that is a good point. What about (potentially malicious) circuitry? Should we include that as well?
Some organizations even generate these reports (or the skeleton of the report) automatically, extracting a list of all known MAC addresses from their switches and access points, installing management agents on every host with a function to detect all installed binaries and also observing all network connections and correlating them back to the respective binaries. Such data could be cross referenced with checksums of trusted binaries and the data could be annotated on a wiki page.
That sounds like a great way to not spend staff time on this. So I see a path here to gather more support because spending limited staff time on such an inventory is really a blocker. It looks like you are familiar with some of those tools for generating reports and you would certainly be qualified to do annotations or possibly write software to automate the annotation process. Would you be willing to work on this?
Happy hacking! Florian
I'll go back for the last time to Daniel's proposal to document use of non-free software within FSFE. (Thanks Reinhard for reminding that it doesn't happen). I'd better explain the "hall of shame" idea.
Carsten Agger:
[...] AND, we're not talking "hall of shame", we're talking transparency and documentation.
Paul Boddie:
I didn't ask for a "hall of shame" and I don't recall Daniel asking for one, either. The merit I see in such a proposal is that it shows people how various kinds of activities can be performed using Free Software.
Not really, rather what "is not" performed using free software.
3 different proposals could be made, towards the same stated goal:
1- We are aware we may sometimes use non-free tools during our activity, and we make a point of taking note of any "unclean" activity, so to be able to improve based on that internal record.
2- Most if not all of our work is done according to our principles, so we make a public page where we document how to achive in freedom what most other people think requires proprietart tool X or service Y.
3- Probably not all of our work is done according to our principlese, so we make a public page with names and activities where we fail to.
I would be positive to 1, positive to 2 if we have resources to write and maintain it, but I'm definitilely against 3. Let's get the exact text as quoted by Daniel himself from https://danielpocock.com/pmpc-for-fsfe-itself
[...] FSFE will maintain a public inventory on the wiki listing the non-free software and services in use, including details of which people/teams are using them, [...]
This, in my view, *is* an hall of shame: "Stephan made a phone call with a politician using service Froboz, in his FSFE activities"
And, in my opinion, the will to repost the same motion makes no sense. If the motion has a reason, the proponent should explain such reason and discuss within the voting group, to draft a proposal that would pass. For example option 2 or 3 above.
We usually have large majorities in our votes, because we discuss about the issues beforehand. I'd personally retire a motion if the discussion shows an amble majority against it. Unless I want to play the victim.
Paul again:
To give Daniel credit, he did state that the text might be improved.
The text (the way it is worded), not the proposal. Exact wording again:
If you can see something wrong with the text of the motion, please help me improve it so it may be more likely to be accepted.
Finally. Paul is right here:
I get the impression that we are possibly encountering some other interpersonal issues here.
Yes, I'm really upset by this blog post. The motion didn't pass, and the proponent goes to a different audience, using his ouput-only channel, to complain and say he'll do it again, because he is right. My expected outcome: loose, complain, repeat.
And it's not the first time I get on fire for similar reasons. Repeating over and over, not listening, wasting everybody's time in endless loops, flooding discussion with irrelevant nitpicking and theoretical problems...
And for me it's over. I thank both Paul and Carsten for the positive attitude but this proposal is going nowhere positive, unless the proponent changes attitude.
On 15/06/18 10:49, Alessandro Rubini wrote:
To give Daniel credit, he did state that the text might be improved.
The text (the way it is worded), not the proposal. Exact wording again:
If you can see something wrong with the text of the motion, please help me improve it so it may be more likely to be accepted.
[snip]
And it's not the first time I get on fire for similar reasons. Repeating over and over, not listening, wasting everybody's time in endless loops, flooding discussion with irrelevant nitpicking and theoretical problems...
My blog explicitly asked people how the motion could be improved and I'm listening for the responses from the community.
It is sad that a lot of the mails I see, rather than addressing the issues, are one of the following:
- excuses why making this list is so hard that we can't even begin
- excuses why people can't have elections (other thread)
- attempts to twist my message into something else with negative emotive language like "hall of shame"
- personal attacks on me or how well I perform my role as a representative
I hope other people won't be deterred from speaking up about how this motion could be improved. I already received some suggestions privately and started drafting a new version of the motion.
Regards,
Daniel
On 14.06.2018 08:01, Alessandro Rubini wrote:
But did no-one see any merit in the idea? Maybe one of the many other, non-Fellow/member/supporter Assembly members might share their thoughts with us.
I am a member, and I think Max well explained the reasoning. But I see one more: we do not need to publish a "hall of shame". It would mostly help internal frictions, or attacks by anybody who wants to paint himself as holier than us ("himself": women are usually more intelligent than that).
totally agree here. And as a staffer that is also hired for doing a good outreach I see two problems here:
a) the work-time I need to invest to "[...] maintain a public inventory on the wiki listing the non-free software and services in use, including details of which people/teams are using them, the extent to which FSFE depends on them, a list of any perceived obstacles within FSFE for replacing/abolishing each of them, and for each of them a link to a community-maintained page or discussion with more details and alternatives."
I am sorry, but I really think my work time is better invested in promoting FSFE and Free Software instead of overanalysing every single step or supervise my colleagues.
b) the negative approach in the proposal aka "hall of shame". I second, it would mostly help internal frictions and give unnecessary arguments into the hands of our opponents ("look, even the FSFE is not able to operate without proprietary software" [link] or "the FSFE is a not reliable in their request to use Free Software because they do not do this themselves" etc).
If at all, we should maintain a public inventory to list all the Free Software we are using to run our services, that we self-develop and what we achieve with them. In contrast to Daniel's proposal, this could help our own reputation and the reputation of Free Software. And it would show the FSFE to lead by example (what we actually do).
However, I still fear this list will create internal frictions about the purity of some software.
So, I propose you trust us that we use Free Software always and that this is minimum 95%, including our phones, landlines, printers etc.
And then we concentrate on our work not our software in use.
Best, Erik
btw: I also cannot follow the argument in Daniel's blog post, that "tax deductions given to our supporters" means we are supported by public money. But well, this is another story.
Dear list,
On 15-06-18 11:21, Erik Albers wrote:
btw: I also cannot follow the argument in Daniel's blog post, that "tax deductions given to our supporters" means we are supported by public money. But well, this is another story.
Money of Dutch tax payers does not flow through FSFE members to the FSFE.
FSFE members can get a (small!) discount on the tax we have to pay. This is something completely different.
Best regards,
On Friday 15. June 2018 11.21.52 Erik Albers wrote:
totally agree here. And as a staffer that is also hired for doing a good outreach I see two problems here:
a) the work-time I need to invest to "[...] maintain a public inventory on the wiki listing the non-free software and services in use, including details of which people/teams are using them, the extent to which FSFE depends on them, a list of any perceived obstacles within FSFE for replacing/abolishing each of them, and for each of them a link to a community-maintained page or discussion with more details and alternatives."
I am sorry, but I really think my work time is better invested in promoting FSFE and Free Software instead of overanalysing every single step or supervise my colleagues.
I don't interpret the text as being as demanding as needing to document "every single step". I interpret it as referring to continuous usage of non-free software and services, not whether (from Alessandro's example) someone used a proprietary service to talk to some politician on a single occasion.
(Although it is actually interesting to people if politicians and others insist on being contacted using proprietary services. I have had the experience of applying for employment positions and being asked for my Skype details, of which I have none, of course. The insistence of organisations - in one case, a semi-public one getting substantial taxpayer funding - on proprietary, non-interoperable technologies is exactly what we should be opposing.)
b) the negative approach in the proposal aka "hall of shame". I second, it would mostly help internal frictions and give unnecessary arguments into the hands of our opponents ("look, even the FSFE is not able to operate without proprietary software" [link] or "the FSFE is a not reliable in their request to use Free Software because they do not do this themselves" etc).
So this actually answers a question I asked in the beginning: "Is it because admitting such dependencies is embarrassing?" Of course it would be regrettable if people were to make an issue of it, but there are also the matters of recognising any such problem and striving to do something about it.
And there is a difference between "FSFE uses proprietary software but doesn't care" and "FSFE uses proprietary software but actively seeks to eliminate it", the latter obviously making the organisation appear more honest, more genuine and even easier for others in a similar position to relate to.
If at all, we should maintain a public inventory to list all the Free Software we are using to run our services, that we self-develop and what we achieve with them. In contrast to Daniel's proposal, this could help our own reputation and the reputation of Free Software. And it would show the FSFE to lead by example (what we actually do).
Yes, this would be interesting and helpful. I see that the need to document data handling procedures has probably set this kind of thing in motion.
However, I still fear this list will create internal frictions about the purity of some software.
Maybe increased transparency brings its own problems, but it being something that the FSFE tends to demand of others, and given that a perceived lack of transparency seems to be affecting confidence in the organisation, it becomes a matter of choosing to live with certain problems and managing them in a way that most people will find acceptable.
So, I propose you trust us that we use Free Software always and that this is minimum 95%, including our phones, landlines, printers etc.
Well, this would conflate a bunch of different factors, which is why I noted that there are practical limitations to deploying software that should not be considered here. No reasonable person expects you to get the in-circuit programmers out and to break open phones, printers, and so on, to reprogram devices for which there won't be any Free Software to deploy, anyway.
And then we concentrate on our work not our software in use.
I don't feel that these are necessarily always different things.
btw: I also cannot follow the argument in Daniel's blog post, that "tax deductions given to our supporters" means we are supported by public money. But well, this is another story.
It does effectively mean that revenue that would have been raised by the state has instead appeared in the accounts of another organisation. In certain countries, such deductions are advertised almost as being like contribution matching by the state, so Daniel is hardly the first person to portray it in this way. For example:
https://en.wikipedia.org/wiki/Gift_Aid
One can, of course, note that since these public donations are directed by individuals then the state should not really dictate conditions applying to these donations. Then again, the state does impose various conditions when recognising the charitable status of organisations and whether they are eligible for such deductions.
Paul
So this actually answers a question I asked in the beginning: "Is it because admitting such dependencies is embarrassing?" Of course it would be regrettable if people were to make an issue of it, but there are also the matters of recognising any such problem and striving to do something about it.
Or maybe because there are no such dependencies. Since most people seem to agree that it doesn't make sense to list things like Printer firmware as dependencies, I haven't yet read any concrete example of proprietary software dependency within FSFE. The only example I can think of is Twitter, which hardly qualifies as dependency since the content shared there is also distributed through Free "cloud" services.
~niks
# Nikos Roussos [2018-06-15 14:26 +0200]:
So this actually answers a question I asked in the beginning: "Is it because admitting such dependencies is embarrassing?" Of course it would be regrettable if people were to make an issue of it, but there are also the matters of recognising any such problem and striving to do something about it.
Or maybe because there are no such dependencies. Since most people seem to agree that it doesn't make sense to list things like Printer firmware as dependencies, I haven't yet read any concrete example of proprietary software dependency within FSFE.
Good observation! Some people seem to be very motivated to compile such a list, and I don't see an issue with them starting to draft its scope and collect userspace software inside our organisation which is proprietary. Many FSFE projects have its roots in some people beginning with something, other people picking up the efforts and so forth, and this list could be such an activity – even if it's empty in the end.
What I don't like is demanding from other – mainly volunteers in their teams – to create such a list without having a clear idea what this would encompass and whether it would actually contain any tangible results, and without making the first step.
Best, Max
Hi Paul,
Paul Boddie paul@boddie.org.uk writes:
Many of us commit to using Free Software exclusively where the right to exercise this control has been given to us. Actively using and developing such software is just as important as promoting it, arguably more so. If I were to use proprietary software to advocate Free Software usage, it might be said that I would merely be indulging in a hobby, that I do not lead by example, and so on.
I am such a person that is very strict about using only Free Software when it comes to my computing. There are areas where I feel it can be benefitial for an organization to be present on social media, even if that means using non-free Javascript for example. I think Richard Stallman as the founder of our movement recognizes that reaching people can be very important. For example, in the Rapid Responders team of the FSF, he sent links to sites that required non-free Javascript to post comments. When we pointed that problem out to him (he may not have been aware of the requirement), he said he would never ask anyone to run non-free software, but if there was someone in the group that did not mind, then posting a comment would be helpful to our movement. So I would say when it comes to communicating to people we would not otherwise reach, we have to carefully analyze the situation and make a decision. So there may be cases that are not quite clear cut.
That being said, I would support an inventory of software we use under the right circumstances. If we were to do that, we would need a clear scope and volunteer time to actually maintain the inventory. Staff time is very limited and precious and I would not want it spent on an inventory that may not be all that interesting. From what I have seen personally, the FSFE staff uses Free Software exclusively, but there are probably devices that require non-free firmware. When it comes to printers and networking devices, there is probably more non-free software on those devices, but I am not sure how much of it could be updated. If it cannot be changed, it could be considered hardware. But that brings up the question of scope again.
Happy hacking! Florian