[UK] Information about the think tank Doteveryone

• Previous message (by thread): Job at European Commission for FOSSA 2 in Brussels
• Next message (by thread): [UK] Information about the think tank Doteveryone
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There is a reply to this message where I also share the contents that
people shared with me, which is was sent for review to the mailing list
administration due to the size of the content --- that's perfectly fine,
better safe than sorry. ;)

Anyways, while that message doesn't come, here is the message I would
send to the organizations involved.

--8<---------------cut here---------------start------------->8---
This message can be passed on to the organization involved.

I have read the files attached. The page numbers reported in this
message are based on the ones reported by the document viewer, not those
displayed in the document.

I do agree with page 6 of the "Trustworthy tech partners --- 2017
handbook" when it mentions reusing "appropriately licensed code" as good
practice.

However, I also share the same concern raised by others in the parent
thread. Software and other functional data is it self so important to
society, and at the same time somewhat trickier subject that is very
hard for the end-consumer to inspect by himself and also to switch to
another "solution" if one takes into account that there are other forces
that may help keep the not-so-good situation. Stablishing a "trust mark"
requires using a "fake client" approach to do detailed evaluation of the
product periodically.

For such a fast change in functional data, we have projects such as the
Free Software Directory ([1]), evaluators for free/libre system
distributions ([2]), the maintainers of the GNU Linux-libre scripts
([3]) --- which remove non-free parts of Linux (the kernel) ---, the
contributors to the list of computer parts that require non-free
software ([4]), the editors of the list of software and packages that do
not respect the guidelines followed by [2] (see reference [5]), and the
various evaluators inside the various projects for free/libre system
distributions ([6][7]).

Now, if one talks about physical/tangible products that already provide
functional data inside (built-in, with no requirement for Internet
access), then although the problem and requirement for periodic
evaluation, the release of the physical product is slower compared to
the software and other functional data. So a "trust mark" for these is
somewhat easier to set, although care still must be taken so that the
mark isn't used for advertising without permission.

One can see the evaluators that test for Respects Your Freedom
certification compliance ([8]) as an example of "trust mark" verifiers
for such physical products. There is also the testers of h-node ([9])
--- which review if computers/devices and parts are at least friendly to
free/libre system distributions, although the approach provided by
h-node isn't sustainable because it leaves the end-consumer as a hostage
to the "good-will" of the manufacturers and local providers.

Besides, it's already known that simple reuse of "correctly licensed"
things isn't enough if the original project isn't also free/libre and if
it isn't to keep the resulting work free/libre, preferably through
strong copyleft licenses such as the latest version of both GNU GPL and
AGPL, with "or later"/"+" option --- and most importantly: compliant
with these licenses ([10]). Lack of observation of this issue can lead
to issues that affect all the environmental, social and econimic pillars
of sustainability, common cases include the non-compliance of some
device manufacturers that provide their own custom copies of Android
wrapped in Restricted Boot, which forbids the end-user to reuse/use an
adaptation that a person made even when person's perfectly able to
"sign" per own adaptation as trustworthy ([11][12]). This, combined with
the presence of non-free software in the custom copies, causes the
perception of need to change device more often.

Now, if one wants to talk about "web services" or "apps", all of those
deserve to be taken with a grain of salt, because they might not be
sustainable.

In the case of streaming, most of the times it's done in a way such that
you can't get an exact copy of the media easily ([12]), and the provider
doesn't follow any completely "open" standard that allows other
place/website to make exact and complete copies of the content in order
to also be a provider of it (and related things, such as comments,
likes, etc.) ([13][14]). Simply put: the streaming provider would be the
central provider, one greedy attempt from him, or other issues, and any
content can be changed or vanish. Projects like GNU MediaGoblin
and the ActivityPub/ActivityPump standard (in process of
standardization) are an attempt to address this.

The same notes for streaming is valid for social networks and
communication technologies. In the first case, ActivityPub comes as
important again, together with Diaspora, Pump.io, GNU Social and
Mastodon --- if I'm not mistaken, ActivityPub is supposed to integrate
all theese within themselves and GNU MediaGoblin. For the second case
(communication technologies), XMPP/Jabber (with all extensions enabled
by the service provider and the client application being used) and
emails --- yes these ones, preferably shifting the recommendations to
favor independent small local providers (not the bigger ones) and those
which provide at least POP3 and SMTP access to everyone, or at least
IMAP and SMTP access (also to everyone). For this entire paragraph, see
the references [13][14][15].

As for the online or "app-based" payments, it's also a mess. GNU Taler
provides ways for standardization ([16]), allowing payments or donations
in any currency and requiring less computing power/energy than
blockchain --- thus, it will be in compliance with the future Regulation
(EU) 2016/679 (GDPR), which requires privacy by design and data
minimization for all data processing in Europe after 25/05/2018 ([16]).

There's always the problem with websites that make the visitor's/guest's
web browser run non-free software automatically (generally done through
JavaScript). This results in privacy and accessibility problems ([17]),
and either the website is made without JavaScript, or these are
liberated --- this can be tested with GNU LibreJS
([18]). Unfortunatelly, its not yet common for website designers and
programmers to free/liberate their JavaScript.

Finally, all of this should be taken into account in the case of public
procurement, so it would be a good idea to have a step to differentiate
each of these items from those related to functionallity. So that the
items mentioned here weight more in favor of those who comply than those
who don't, that is: simple "+1" points might not be enough if all the
other items also give "+1".


Respectfully, Adonay.

[1] <https://directory.fsf.org/wiki/Main_Page>.

[2] <https://www.gnu.org/distros/free-distros.html#NewDistro>.

[3] <https://www.fsfla.org/ikiwiki/selibre/linux-libre/>.

[4] <https://libreplanet.org/wiki/LinuxLibre:Devices_that_require_non-free_firmware>.

[5] <https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines>.

[6] <https://www.gnu.org/distros/free-distros.html>.

[7] <https://www.gnu.org/distros/free-non-gnu-distros.html>.

[8] <https://www.fsf.org/resources/hw/endorsement/respects-your-freedom>.

[9] <https://h-node.org/>.

[10] <https://copyleft.org/guide/comprehensive-gpl-guide.pdf>.

[11] <https://media.libreplanet.org/u/libby/m/embracing-secure-boot-and-rejecting-restricted-boot-matthew-garrett/>.

[12] <http://audio-video.gnu.org/video/2015-10-24--rms--free-software-and-your-freedom--seagl--speech.ogv>.

[13] <https://media.libreplanet.org/u/libreplanet/m/christopher-webber-federation-and-gnu-2b47/>.

[14] <http://cdn.media.ccc.de/congress/2015/webm-hd/32c3-7403-en-de-A_New_Kid_on_the_Block_webm-hd.webm>.

[15] <https://media.libreplanet.org/u/libreplanet/m/the-surreptitious-assault-on-privacy-security-and-freedom/>.

[16] <http://cdn.media.ccc.de/events/eh2017/webm-hd/eh17-8471-eng-Taler_-_Talk_webm-hd.webm>.

[17] <https://media.libreplanet.org/u/libreplanet/m/the-surreptitious-assault-on-privacy-security-and-freedom/>.

[18] <https://media.libreplanet.org/u/zakkai/m/javascript-if-you-love-it-set-it-free-54ab/>.
--8<---------------cut here---------------end--------------->8---

Andres Muniz Piniella <a75576 at alumni.tecnun.es> writes:

> So they have had an open page open for comments and they are going over the
> first draft. Hopefully we are not late to the party this time. 
>
> They have an open document where they accept input. I have done my bit, but I
> really don't have a completely full understanding of free software as many of
> you here. 
> So please comment: 
> https://docs.google.com/document/d/1bAScKd1eIKgPX3T8nXOkwbB2h8GC01SUP_du3O7H7oU/edit#heading=h.exstkxcrxuof
>
>
> Sorry that they are currently using googledocs, but I guess that is something
> we can address later down the line. 

-- 
- https://libreplanet.org/wiki/User:Adfeno
- Palestrante e consultor sobre /software/ livre (não confundir com
  gratis).
- "WhatsApp"? Ele não é livre. Por favor, veja formas de se comunicar
  instantaneamente comigo no endereço abaixo.
- Contato: https://libreplanet.org/wiki/User:Adfeno#vCard
- Arquivos comuns aceitos (apenas sem DRM): Corel Draw, Microsoft
  Office, MP3, MP4, WMA, WMV.
- Arquivos comuns aceitos e enviados: CSV, GNU Dia, GNU Emacs Org, GNU
  GIMP, Inkscape SVG, JPG, LibreOffice (padrão ODF), OGG, OPUS, PDF
  (apenas sem DRM), PNG, TXT, WEBM.

• Previous message (by thread): Job at European Commission for FOSSA 2 in Brussels
• Next message (by thread): [UK] Information about the think tank Doteveryone
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]