This feed omits posts by jwz. Just 'cause.

US citizens: call on Congress to defund the bully's border wall.

If you sign, please spread the word!

Posted Thu Jan 23 00:00:00 2020 Tags:
Posted Wed Jan 22 00:00:00 2020 Tags:

*Beetles and fire kill dozens of 'indestructible' giant sequoia trees.*

Mature, healthy trees are proving vulnerable in ways that didn't happen before.

Posted Wed Jan 22 00:00:00 2020 Tags:

The UK sentences Islamist extremists to longer prison terms than right-wing extremists, for similar crimes. Three times as long, on the average.

The UK does not fully recognize freedom of speech, and some of the crimes in question involve posting extremist opinions and nothing more. I condemn those opinions, but imprisoning people for their opinions is dangerous too.

Posted Wed Jan 22 00:00:00 2020 Tags:

The IRS has terminated its commitment not to release its own tax-filing software. Does this matter?

When the article says "free", it means "gratis" — zero price. The gratis digital filing options offered by companies almost surely require the user to run a nonfree program. (Can anyone check the facts for me?). In addition, they require trusting the company with your personal data.

A gratis digital filing option from the IRS won't require trusting a company with personal data, but no other improvement is assured.

The IRS would be able to release it as free/libre software, but we can't expect that to happen by itself. More likely it will release that software in the unjust way most software is released. A nonfree program is equally unjust whether it comes from a company or a government agency.

We will need to urge, perhaps pressure, the IRS to respect taxpayers' computing freedom by releasing free/libre tax-filing software.

Posted Wed Jan 22 00:00:00 2020 Tags:

Florida's citizens voted to allow ex-cons convicted of felonies to vote, so the Republican legislature found an excuse to block 80% of them: requiring them to pay all their fines and court fees first.

There is no record of what any ex-con owes, so those who wish to pay these fines and fees have no way to make sure they have done so.

Posted Wed Jan 22 00:00:00 2020 Tags:

*Brazil culture secretary forced out after appearing to paraphrase Nazi Goebbels.*

Bolsonaro often appoints ministers for sharing his extremist ideology.

Posted Wed Jan 22 00:00:00 2020 Tags:

It looks like nothing will convince Australian PM Scott Morrison to stop trying to convert Australia and the rest of the world to ashes. How can Australia bypass his power and protect itself?

Posted Wed Jan 22 00:00:00 2020 Tags:

*Germany will pay billions to speed up coal-fired power plant shutdowns.*

It is important to shut down the coal-burning plants, but the idea that electric utilities should not have to pay any part of the cost of this change seems unfair to me. If it is a matter of supporting the poorer eastern regions of Germany, the support should go to those regions and their people, not to electric utilities.

Posted Wed Jan 22 00:00:00 2020 Tags:

Putin's plan to reduce the president's power seems designed to transfer the power to other offices which he could hold for the rest of his life.

Posted Wed Jan 22 00:00:00 2020 Tags:
[ This blog post was also crossposted to my blog at Software Freedom Conservancy. I hope you will donate now before the challenge match period ends so that you can support work like this that I'm doing at my day job. ]

I would not have imagined even two years ago that expansion of copyleft would become such an issue of interest in software freedom licensing. Historically and for good reason, addition of new forms of copyleft clauses has moved at a steady pace. The early 2000s brought network services clauses (such as that in the Affero GPL), which hinged primarily on requiring provision of source to network-remote users. Affero GPL implemented this via copyright-controlled permission of modification. These licenses began as experiments, and were not approved by some license certification authorities until many years later.

Even with the copyleft community's careful and considered growth, there have been surprising unintended consequences of copyleft licenses. The specific outcome of proprietary relicensing has spread widely and — for stronger copyleft licenses like Affero GPL — has become the more common usage of the license.

As the popularity of Open Source has grown, companies have searched for methods to combine traditional proprietary licensing business models with FOSS offerings. Proprietary relicensing, originally pioneered by MySQL AB (now part of Oracle by way of Sun), uses software freedom licenses to compel purchase of proprietary licenses for the same codebase. Companies accomplish this by ensuring they collect all copyright control of a particular codebase, thus being its sole licensor, and offer the FOSS licenses as a loss-leader (often zero-cost) product. Non-commercial users generally are ignored, and commercial users often operate in fear of captious interpretations of the copyleft license. The remedy for their fear is a purchase of a separate proprietary license for the same codebase from the provider. Proprietary relicensing seems to have been the first mixed FOSS/proprietary business model in history.

The toxicity of this business model has only become apparent in hindsight. Initially, companies engaging in this business model did so somewhat benignly — often offering proprietary licenses only to customers who sought to combine the product with other proprietary software, or as supplemental income along with other consulting businesses. This business model (for some codebases), however, became so lucrative that some companies eventually focused exclusively on it. As a result, aggressive copyleft license overreading and inappropriate, unprincipled enforcement typically came from such companies. For most, the business model likely reached its crescendo when MongoDB began using the Affero GPL for this purpose. I was personally told by large companies at the time (late 2000s into early 2010s) that they'd listed Affero GPL as “Never Allowed Here” specifically because of shake-downs from MongoDB.

Copyleft itself is not a moral philosophy; rather, copyleft is a strategy that software freedom activists constructed to advance a particular set of policy goals. Specifically, software copyleft was designed to ensure that all users received complete, corresponding source for all binaries, and that any modifications or improvements made anywhere in the chain of custody of the software were available in source form to downstream users. As orginially postulated, copyleft was a simple strategy to disarm proprietarization as an anti-software-freedom tactic.

The Corruption of Copyleft

Copyleft is a tool to achieve software freedom. Any tool can be fashioned into a weapon when wielded the wrong way. That's precisely what occurred with copyleft — and it happened early in copyleft's history, too. Before even the release of GPLv2, Aladdin Ghostscript used a copyleft via a proprietary relicensing model (which is sometimes confusingly called the “dual licensing” model). This business model initially presented as benign to software freedom activists; leaders declared the business model “barely legitimate”, when it rose to popularity through MySQL AB (later Sun, and later Oracle)'s proprietary relicensing of the MySQL codebase.

In theory, proprietary relicensors would only offer the proprietary license by popular demand to those who had some specific reason for wanting to proprietarize the codebase — a process that has been called “selling exceptions”. In practice, however, every company I'm aware of that sought to engage in “selling exceptions” eventually found a more aggressive and lucrative tack.

This problem became clear to me in mid-2003 when MySQL AB attempted to hire me as a consultant. I was financially in need of supplementary income so I seriously considered taking the work, but the initial conference call felt surreal and convinced me that MySQL AB was engaging in problematic behavior . Specifically, their goal was to develop scare tactics regarding the GPLv2. I never followed up, and I am glad I never made the error of accepting any job or consulting gig when companies (not just MySQL AB, but also Black Duck and others) attempted to recruit me to serve as part of their fear-tactics marketing departments.

Most proprietary relicensing businesses work as follows: a single codebase is produced by a for-profit company, which retains 100% control over all copyright in the software (either via an ©AA or a CLA). That codebase is offered as a gratis product to the marketplace, and the company invests substantial resources in marketing the software to users looking for FOSS solutions. The marketing department then engages in captious and unprincipled copyleft enforcement actions in an effort to “convert” those FOSS users into paying customers for proprietary licensing for the same codebase. (Occasionally, the company also offers additional proprietary add-ons, improvements, or security updates that are not available under the FOSS license — when used this way, the model is often specifically called “Open Core”.)

Why We Must End The Proprietary Relicensing Exploitation of Copyleft

This business model has a toxic effect on copyleft at every level. Users don't enjoy their software freedom under an assurance that a large community of contributors and users have all been bound to each other under the same, strong, and freedom-ensuring license. Instead, they dread the vendor finding a minor copyleft violation and blowing it out of proportion. The vendor offers no remedy (such as repairing the violation and promise of ongoing compliance) other than purchase of a proprietary license. Industry-wide. I have observed to my chagrin that the copyleft license that I helped create and once loved, the Affero GPL, was seen for a decade as inherently toxic because its most common use was by companies who engaged in these seedy practices. You've probably seen me and other software freedom activists speak out on this issue, in our ongoing efforts to clarify that the intent of the Affero GPL was not to create these sorts of corporate code silos that vendors constructed as copyleft-fueled traps for the unwary. Meanwhile, proprietary relicensing discourages contributions from a broad community, since any contributor must sign a CLA giving special powers to the vendor to continue the business model. Neither users nor co-developers benefit from copyleft protection.

The Onslaught of Unreasonable Copyleft

Meanwhile, and somewhat ironically, the success of Conservancy's and the FSF's efforts to counter this messaging about the Affero GPL has created an unintended consequence: efforts to draft even more restrictive software copyleft licenses that can more easily implement the proprietary relicensing business models. We have partially succeeded in convincing users that compliance with Affero GPL is straightforward, and in the backchannels we've aided users who were under attack from these proprietary relicensors like MongoDB. In response, these vendors have responded with a forceful political blow: their own efforts to redefine the future of copyleft, under the guise of advancing software freedom. MongoDB even cast itself as a “victim” against Amazon, because Amazon decided to reimplement their codebase from scratch (as proprietary software!) rather than use the AGPL'd version of MongoDB.

These efforts began in earnest late last year when (against the advice of the license steward) MongoDB forked the Affero GPL to create the SS Public License. I, with the support of Conservancy, rose in opposition of MongoDB's approach, pointing out that MongoDB would not itself agree to its own license (since MongoDB's CLA would free it from the SS Public License terms). If an entity does not gladly bind itself by its own copyleft license (for example, by accepting third-party contributions to its codebases under that license), we should not treat that entity as a legitimate license steward, nor treat that license as a legitimate FOSS license. We should not and cannot focus single-mindedly on interpretation of the formalistic definitions when we recommend FOSS licensing policy. The message of “technically it's a FOSS license, but don't use” is too complicated to be meaningful.

A Copyleft Clause To Restore Equality

My friend and colleague, Richard Fontana, and I are known for our very public and sometimes heated debates on all manner of software freedom policy. We don't always agree on key issues, but I greatly respect Fontana for his careful thought and his inventive solutions. Indeed, Fontana first formulated “inbound=outbound” into that simple phrasing to more easily explain how the lopsided rights and permissions exchanges through CLAs actually create bad FOSS policy like proprietary relicensing. In the copyleft-next project that Fontana began, he further proposed this innovative copyleft clause that could, when Incorporated in a copyleft license, prevent proprietary licensing before it even starts! The clause still needs work, but Fontana's basic idea is revolutionary for copyleft drafting. The essence in non-legalese is this: If you offer a license that isn't a copyleft license, the copyleft provisions collapse and the software is now available to all under a non-copyleft, hyper-permissive FOSS license.

This solution is ingenious in the way that copyleft itself was an ingenious way to use copyright to “reverse” the rights and ensure software freedom. This provision doesn't prohibit proprietary relicensing per se, but instead simply deflates the power of copyleft control when a copyright holder engages in proprietary relicensing activities.

Given the near ubiquity of proprietary relicensing and the promulgation of stricter copylefts by companies who seek to engage (or help their clients engage) in such business models, I've come to a stark policy conclusion: the community should reject any new copyleft license without a clause that deflates the power of proprietary relicensing. Not only can we incorporate such a clause into new licenses (such as copyleft-next), but Conservancy's Executive Director, Karen Sandler, came up with a basic approach to incorporating similar copyleft equality clauses into written exceptions for existing copyleft licenses, such as the Affero GPL. I have received authorization to spend some of my Conservancy time and the time of our lawyers on this endeavor, and we hope to publish more about it in the coming months.

We've finished the experiment. After thirty years of proprietary relicensing, beginning with Aladdin and culminating with MongoDB and their SS Public License, we now know that proprietary relicensing does not serve or extend software freedom, and in most cases has the opposite effect. We must now categorically reject it, and outright reject any new licenses that can be used for it.

Posted Mon Jan 6 10:44:00 2020 Tags:

Yesterday, I sent out a version of this blog post to Conservancy's donors as a fundraising email. As most people reading this already know, I work (remotely from the west coast) for a 501(c)(3) charity based in NY called Software Freedom Conservancy, which is funded primarily from individuals like you who donate $120/year (or more :). My primary job and career since 1997 has been working for various charities, mostly related to the general cause of software freedom.

More generally, I have dedicated myself since the late 1990s to software freedom activism. Looking back across these two decades, I believe our movement, focused on software users' rights, faces the most difficult challenges yet. In particular, I believe 2019 was the most challenging year in our community's history.

Our movement had early success. Most of our primary software development tools remain (for the moment) mostly Free Software. Rarely do new developers face the kinds of challenges that proprietary software originally brought us. In the world today that seemingly embraces Open Source, the problems are more subtle and complex than they once were. Conservancy dedicates its work to addressing those enigmatic problems. That’s why I work here, why I’m glad to support the organization myself, and why I ask you to support it as well.

Early success was easy for software freedom because the technology industry ignored us at first. Copyleft was initially a successful antidote to the very first Digital Restrictions Management (DRM) — separating the binaries from source code and using copyright restrictions to forbid sharing. When companies attacked software freedom and copyleft in the early 2000s, we were lucky that those attacks backfired. However, today, we must solve the enigma that the technology industry seems to embrace software freedom, but only to a point. Most for-profit companies today ask a key question constantly: “what Open Source technologies can we leverage while keeping an unfair proprietary edge?”. FOSS is accepted in the enterprise but only if it allows companies to proprietarize, particularly in areas that specifically threaten user privacy and autonomy.

However, I and my colleagues at Conservancy are realists. We know that a charity like us won't ever have the resources to face well-funded companies on their own playing field, and we’d be fools to try. So, we do what Free Software has always done best: we pick work with the greatest potential to maximize software freedom for as many users as we can.

At Conservancy's founding, Conservancy focused exclusively on providing a charitable home to FOSS projects, so they could focus on software freedom for their users. Through Conservancy, projects make software freedom the project’s top priority rather than an afterthought. In this new environment where (seemingly) every company and trade association has set up a system for organizational homes for projects, Conservancy focuses on projects that make a big impact for the software freedom of individual users.

Today, Conservancy does much more beyond those basics. Given my early introduction to licensing, I learned early and often that copyleft — our community's primary tool and strategy to assure companies and individuals would always remain equals — was and would always be constantly under attack. I've thus been glad to help Conservancy publish and speak regularly about essential copyleft and FOSS policy. (And, I'm personally working right now on even more writing on the subject of copyleft policy.) I'm particularly proud of Conservancy's work with members of the Linux community to assure the software freedoms guaranteed by copyleft for Linux-based devices. It's a big task, and we’re the only organization with that mission. But, Conservancy is resilient, unrelenting, and dedicated to it.

If someone had predicted 28 years ago (when I first installed Linux) that, by 2020, Linux would be the most popular operating system on the most popular small devices in the world, but that almost no one would have the basic freedoms assured by copyleft, the thought would have horrified me. Manufacturers have treated Linux device users like the proverbial frogs in slowly boiling water, so we saw once a trickle and now an onslaught of non-upgradable, non-modifiable, Linux-based IoT and mobile devices as a norm; we’re even sometimes tricked into believing such infringing usage counts as success for software freedom. I'm glad to help Conservancy support and organize the primary group who continues to demand that the GPL matters and should be upheld for Linux. We shouldn't ignore users; their personal rights, privacy, and control of their own technology are at stake — and copyleft should assure their path to software freedom. That path is now deeply buried in complicated legal and political debris, but I believe that Conservancy will clear that path, and I and my colleagues at Conservancy have a plan for it.

As we close out 2018, I must admit how tough this year has been for all of us with regard to leadership in the broader software freedom movement. I spent a large part of 2019 deeply involved with the political and social work of moving forward together in the face of the leadership crises and assuring the software freedom movement spans generations diversely. Having lived through this troubled year, I've come to a simple conclusion: we must be loyal to the principles of software freedom, not to individual people. We must build a welcoming community that is friendly to those who are different from us; those folks are most likely to bring us desperately needed new ideas and perspectives. I’m thus proud that Conservancy continues to host the Outreachy initiative, which is the premier internship program that seeks to bring those who have faced specific hardships related to diversity and inclusion into the wonders of FOSS development and leadership.

We've all had a tough 2019 for many reasons, and I certainly believe it’s the most challenging year I've seen in my many years of software freedom activism. But, I don't shy away from a challenge: I am looking forward to helping Conservancy work tirelessly to lead the way out of difficulty, with new approaches.

Obviously I'm going to help with my staff time at Conservancy , for which I am (obviously) paid a salary. (As I always joke, my salary has been a matter of public record since 2001, you just have to read the 501(c)(3) Form 990s of the organizations I've worked for.) I am very lucky that I was born into the middle class in a wealthy country. I believe it's important to acknowledge the privilege that comes with advantages we receive due to sheer luck. In recent years, I've focused on how I can use that privilege to help the social justice causes that I care about. In addition to devoting my career to a charity, I also think giving back financially to charity is important. Each year, I usually give my largest charitable donation to the charity where I work, Software Freedom Conservancy.

It does feel strange to me to give money back to an organization that also pays me a salary. However, I do it because: (a) it's entirely voluntary (thus showing clearly that it isn't merely a run-of-the-mill paycut :), (b) it help Conservancy meet our meet our annual match challenge, and (c) I spend some of my time each winter asking everyone I know to also voluntarily give. I hope you'll join me today in becoming (or renewing!) as a Conservancy Supporter. I hope you'll set your Supporter contribution at a level higher than the minimum. Usually, computer geeks love to give amounts that are even powers of 2. This year, I suggested that was perhaps a bit hackneyed, so we set our donor challenge around prime numbers (the original match amount was $113,093). So, I planned ahead a frugal year so that I could give $1,021 today to Conservancy. I generally planned all year to give “about a thousand” at year's end for the match, but I picked $1,021 specifically because it's the closest prime number to 210. I think it makes sense to give to charity amounts of about about $60-100/month, as that's typically the amount that any middle class person in a wealthy country can afford if they just cut out a few luxuries (e.g., DRM-laden streaming services, cooking at home rather than eating at restaurants, etc.).

So, please join me today in contributing to Conservancy. Most importantly, perhaps, today is the last day to donate for a USA tax deduction in 2019! If you pay taxes in the USA, do take a look at the deduction, because I've found in my fiscal planning that it does make a budgeting difference and means I can give a bit more, knowing that I'll get some of it back from both the USA and state government.

Posted Tue Dec 31 09:29:00 2019 Tags:
Last week I worked on my Groovy Cheminformatics book and made a first release for CDK 2.3 (doi:10.5281/zenodo.3590374). One of the new features is that the Groovy code runs on the command line without having to download or install something first:

The CreateAtom3.groovy example with @Grab instruction.
There is yet plenty to migrate from the older paper version and, for example, the Depiction chapter is still missing.

Anyways, I hope you like it :)
Posted Sun Dec 29 18:11:00 2019 Tags:

Long ago, I wrote git-subtree to work around some of my annoyances with git submodules. I've learned a lot since then, and the development ecosystem has improved a lot (shell scripts are no longer the best way to manipulate git repos? Whoa!).

Thus, I bring you: git-subtrac.

It's a bit like git-subtree, except it uses real git submodules. The difference from plain submodules is that, like git-subtree, it encourages you to put all the contents from all your submodules into your superproject repo, rather than scattering it around across multiple repositories (which might be owned by multiple people, randomly disappear or get rebased, etc).

As a result, it's easy to push, pull, fork, merge, and rebase your entire project no matter how many submodules you like to use. When someone does a 'fetch' of your repo, they get all the submodule repos as well.

I wrote a longer git-subtrac README describing how to use it and its internal workings. I think it's pretty cool. Feedback is welcome.

Posted Sun Nov 24 19:04:49 2019 Tags:

I ask that everyone give a thought to proposing at session at one (or both) of two great events on the Open Source and Free Software calendar: the FOSDEM Legal and Policy DevRoom and Copyleft Conf. Both CFPs close tomorrow!

I've been co-organizing the Legal and Policy DevRoom, along with my colleagues Tom Marble, Richard Fontana, and Karen Sandler for the last eight years. Copyleft Conf grew out of this event a few years ago because there was excitement by attendees for another on in Brussels after FOSDEM for more specific content about copyleft policy and licensing.

This year, the DevRoom is taking a new, experimental approach: we're looking for proposals for debates. Take a look at the CFP and see if you'd be willing to take a position (pro or con) on some important issue of debate in Free Software, and perhaps submit a proposal to join a debate team.

Copyleft Conf will be a more traditional conference at an urgent time in copyleft history. This past year, there has been an increasing push by companies and VC-friendly lawyers to redefine the future of copyleft to serve the interests of powerful companies rather than individual users. I hope Copyleft Conf 2020 will be a premier venue to have community-oriented discussion about how copyleft can help users and developers gain more software freedom.

Posted Sat Nov 16 13:00:00 2019 Tags:
Cryptosystem designers successfully predicting, and protecting against, implementation failures. #ecdsa #eddsa #hnp #lwe #bleichenbacher #bkw
Posted Fri Oct 25 04:57:53 2019 Tags:

Upcoming in libinput 1.15 is a small feature to support Wacom tablets a tiny bit better. If you look at the higher-end devices in Wacom's range, e.g. the Cintiq 27QHD you'll notice that at the top right of the device are three hardware-buttons with icons. Those buttons are intended to open the config panel, the on-screen display or the virtual keyboard. They've been around for a few years and supported in the kernel for a few releases. But in userspace, they events from those keys were ignored, casted out in the wild before eventually running out of electrons and succumbing to misery. Well, that's all changing now with a new interface being added to libinput to forward those events.

Step back a second and let's look at the tablet interfaces. We have one for tablet tools (styli) and one for tablet pads. In the latter, we have events for rings, strips and buttons. The latter are simply numerically ordered, so button 1 is simply button 1 with no special meaning. Anything more specific needs to be handled by the compositor/client side which is responsible for assigning e.g. keyboard shortcuts to those buttons.

The special keys however are different, they have a specific function indicated by the icon on the key itself. So libinput 1.15 adds a new event type for tablet pad keys. The events look quite similar to the button events but they have a linux/input-event-codes.h specific button code that indicates what they are. So the compositor can start the OSD, or control panel, or whatever directly without any further configuration required.

This interface hasn't been merged yet, it's waiting for the linux kernel 5.4 release which has a few kernel-level fixes for those keys.

Posted Thu Oct 17 23:23:00 2019 Tags:

For a few years now, libinput has provided button scrolling. Holding a designated button down and moving the device up/down or left/right creates the matching scroll events. We enable this behaviour by default on some devices (e.g. trackpoints) but it's available on mice and some other devices. Users can change the button that triggers it, e.g. assign it to the right button. There are of course a couple of special corner cases to make sure you can still click that button normally but as I said, all this has been available for quite some time now.

New in libinput 1.15 is the button lock feature. The button lock removes the need to hold the button down while scrolling. When the button lock is enabled, a single button click (i.e. press and release) of that button holds that button logically down for scrolling and any subsequent movement by the device is translated to scroll events. A second button click releases that button lock and the device goes back to normal movement. That's basically it, though there are some extra checks to make sure the button can still be used for normal clicking (you will need to double-click for a single logical click now though).

This is primarily an accessibility feature and is likely to find it's way into the GUI tools under the accessibility headers.

Posted Thu Oct 17 22:56:00 2019 Tags:

A few weeks back, I was at XDC and gave a talk about various current and past input stack developments (well, a subset thereof anyway). One of the slides pointed out libinput's bus factor and I'll use this blog to make this a bit more widely known.

If you don't know what the bus factor is, Wikipedia defines it as:

The "bus factor" is the minimum number of team members that have to suddenly disappear from a project before the project stalls due to lack of knowledgeable or competent personnel.
libinput has a bus factor of 1.

Let's arbitrarily pick the 1.9.0 release (roughly 2 years ago) and look at the numbers: of the ~1200 commits since 1.9.0, just under 990 were done by me. In those 2 years we had 76 contributors in total, but only 24 of which have more than one commit and only 6 contributors have more than 5 commits. The numbers don't really change much even if we go all the way back to 1.0.0 in 2015. These numbers do not include the non-development work: release maintenance for new releases and point releases, reviewing CI failures [1], writing documentation (including the stuff on this blog), testing and bug triage. Right now, this is effectively all done by one person.

This is... less than ideal. At this point libinput is more-or-less the only input stack we have [2] and all major distributions rely on it. It drives mice, touchpads, tablets, keyboards, touchscreens, trackballs, etc. so basically everything except joysticks.

Anyway, I'm largely writing this blog post in the hope that someone gets motivated enough to dive into this. Right now, if you get 50 patches into libinput you get the coveted second-from-the-top spot, with all the fame and fortune that entails (i.e. little to none, but hey, underdogs are big in popular culture). Short of that, any help with building an actual community would be appreciated too.

Either way, lest it be said that no-one saw it coming, let's ring the alarm bells now before it's too late. Ding ding!

[1] Only as of a few days ago can we run the test suite as part of the CI infrastructure, thanks to Benjamin Tissoires. Previously it was run on my laptop and virtually nowhere else.
[2] fyi, xf86-input-evdev: 5 patches in the same timeframe, xf86-input-synaptics: 6 patches (but only 3 actual changes) so let's not pretend those drivers are well-maintained.

Posted Wed Oct 16 05:56:00 2019 Tags:

The last 33 days have been unprecedentedly difficult for the software freedom community and for me personally. Folks have been emailing, phoning, texting, tagging me on social media (— the last of which has been funny, because all my social media accounts are placeholder accounts). But, just about everyone has urged me to comment on the serious issues that the software freedom community now faces. Until now, I have stayed silent regarding all these current topics: from Richard M. Stallman (RMS)'s public statements, to his resignation from the Free Software Foundation (FSF), to the Epstein scandal and its connection to MIT. I've also avoided generally commenting on software freedom organizational governance during this period. I did this for good reason, which is explained below. However, in this blog post, I now share my primary comments on the matters that seem to currently be of the utmost attention of the Open Source and Free Software communities.

I have been silent the last month because, until two days ago, I was an at-large member of FSF's Board of Directors, and a Voting Member of the FSF. As a member of FSF's two leadership bodies, I was abiding by a reasonable request from the FSF management and my duty to the organization. Specifically, the FSF asked that all communication during the crisis come directly from FSF officers and not from at-large directors and/or Voting Members. Furthermore, the FSF management asked all Directors and Voting Members to remain silent on this entire matter — even on issues only tangentially related to the current situation, and even when speaking in our own capacity (e.g., on our own blogs like this one). The FSF is an important organization, and I take any request from the FSF seriously — so I abided fully with their request.

The situation was further complicated because folks at my employer, Software Freedom Conservancy (where I also serve on the Board of Directors) had strong opinions about this matter as well. Fortunately, the FSF and Conservancy both had already created clear protocols for what I should do if ever there was a disagreement or divergence of views between Conservancy and FSF. I therefore was recused fully from the planning, drafting, and timing of Conservancy's statement on this matter. I thank my colleagues at the Conservancy for working so carefully to keep me entirely outside the loop on their statement and to diligently assure that it was straight-forward for me to manage any potential organizational disagreements. I also thank those at the FSF who outlined clear protocols (ahead of time, back in March 2019) in case a situation like this ever came up. I also know my colleagues at Conservancy care deeply, as I do, about the health and welfare of the FSF and its mission of fighting for universal software freedom for all. None of us want, nor have, any substantive disagreement over software freedom issues.

I take very seriously my duty to the various organizations where I have (or have had) affiliations. More generally, I champion non-profit organizational transparency. Unfortunately, the current crisis left me in a quandary between the overarching goal of community transparency and abiding by FSF management's directives. Now that I've left the FSF Board of Directors, FSF's Voting Membership, and all my FSF volunteer roles (which ends my 22-year uninterrupted affiliation with the FSF), I can now comment on the substantive issues that face not just the FSF, but the Free Software community as a whole, while continuing to adhere to my past duty of acting in FSF's best interest. In other words, my affiliation with the FSF has come to an end for many good and useful reasons. The end to this affiliation allows me to speak directly about the core issues at the heart of the community's current crisis.

Firstly, all these events — from RMS' public comments on the MIT mailing list, to RMS' resignation from the FSF to RMS' discussions about the next steps for the GNU project — seem to many to have happened ridiculously quickly. But it wasn't actually fast at all. In fact, these events were culmination of issues that were slowly growing in concern to many people, including me.

For the last two years, I had been a loud internal voice in the FSF leadership regarding RMS' Free-Software-unrelated public statements; I felt strongly that it was in the best interest of the FSF to actively seek to limit such statements, and that it was my duty to FSF to speak out about this within the organization. Those who only learned of this story in the last month (understandably) believed Selam G.'s Medium post raised an entirely new issue. In fact, RMS' views and statements posted on stallman.org about sexual morality escalated for the worse over the last few years. When the escalation started, I still considered RMS both a friend and colleague, and I attempted to argue with him at length to convince him that some of his positions were harmful to sexual assault survivors and those who are sex trafficked, and to the people who devote their lives in service to such individuals. More importantly to the FSF, I attempted to persuade RMS that launching a controversial campaign on sexual behavior and morality was counter to his and FSF's mission to advance software freedom, and told RMS that my duty as an FSF Director was to assure the best outcome for the FSF, which IMO didn't include having a leader who made such statements. Not only is human sexual behavior not a topic on which RMS has adequate academic expertise, but also his positions appear to ignore significant research and widely available information on the subject. Many of his comments, while occasionally politically intriguing, lack empathy for people who experienced trauma.

IMO, this is not and has never been a Free Speech issue. I do believe freedom of speech links directly to software freedom: indeed, I see the freedom to publish software under Free licenses as almost a corollary to the freedom of speech. However, we do not need to follow leadership from those whose views we fundamentally disagree. Moreover, organizations need not and should not elevate spokespeople and leaders who speak regularly on unrelated issues that organizations find do not advance their mission, and/or that alienate important constituents. I, like many other software freedom leaders, curtail my public comments on issues not related to FOSS. (Indeed, I would not even be commenting on this issue if it had not become a central issue of concern to the software freedom community.) Leaders have power, and they must exercise the power of their words with restraint, not with impunity.

RMS has consistently argued that there was a campaign of “prudish intimidation” — seeking to keep him quiet about his views on sexuality. After years of conversing with RMS about how his non-software-freedom views were a distraction, an indulgence, and downright problematic, his general response was to make even more public comments of this nature. The issue is not about RMS' right to say what he believes, nor is it even about whether or not you agree or disagree with RMS' statements. The question is whether an organization should have a designated leader who is on a sustained, public campaign advocating about an unrelated issue that many consider controversial. It really doesn't matter what your view about the controversial issue is; a leader who refuses to stop talking loudly about unrelated issues eventually creates an untenable distraction from the radical activism you're actively trying to advance. The message of universal software freedom is a radical cause; it's basically impossible for one individual to effectively push forward two unrelated controversial agendas at once. In short, the radical message of software freedom became overshadowed by RMS' radical views about sexual morality.

And here is where I say the thing that may infuriate many but it's what I believe: I think RMS took a useful step by resigning some of his leadership roles at the FSF. I thank RMS for taking that step, and I wish the FSF Directors well in their efforts to assure that the FSF becomes a welcoming organization to all who care about universal software freedom. The FSF's mission is essential to our technological future, and we should all support that mission. I care deeply about that mission myself and have worked and will continue to work in our community in the best interest of the mission.

I'm admittedly struggling to find a way to work again with RMS, given his views on sexual morality and his behaviors stemming from those views. I explicitly do not agree with this “(re-)definition” of sexual assault. Furthermore, I believe uninformed statements about sexual assault are irresponsible and cause harm to victims. #MeToo is not a “frenzy”; it is a global movement by individuals who have been harmed seeking to hold both bad actors and society-at-large accountable for ignoring systemic wrongs. Nevertheless, I still am proud of the essay that I co-wrote with RMS and still find many of RMS' other essays compelling, important, and relevant.

I want the FSF to succeed in its mission and enter a new era of accomplishments. I've spent the last 22 years, without a break, dedicating substantial time, effort, care and loyalty to the various FSF roles that I've had: including employee, volunteer, at-large Director, and Voting Member. Even though my duties to the FSF are done, and my relationship with the FSF is no longer formal, I still think the FSF is a valuable institution worth helping and saving, specifically because the FSF was founded for a mission that I deeply support. And we should also realize that RMS — a human being (who is flawed like the rest of us) — invented that mission.

As culture change becomes more rapid, I hope we can find reasonable nuance and moderation on our complex analysis about people and their disparate views, while we also hold individuals fully accountable for their actions. That's the difficulty we face in the post-post-modern culture of the early twenty-first century. Most importantly, I believe we must find a way to stand firm for software freedom while also making a safe environment for victims of sexual assault, sexual abuse, gaslighting, and other deplorable actions.

Posted Tue Oct 15 09:11:00 2019 Tags: