[GNU-linux-libre] yes, this is great freedom problem

Discussion:

a***@riseup.net

2018-08-02 08:51:27 UTC

hi
to day
my friend installed PureOS 8 on His computer with gnome desktop
environment by using the official .iso file from PureOS website, and
after installed it on His machine, he found an options for making online
accounts to microsoft, facebook, google and some other companies they
working againts freedom philosophy

iso file name = pureos-8.0-gnome-live_20180706-amd64.hybrid.iso
sha256sum =
6b61964ad2640fdec3aaa8e5a029f5eb2eca22c6679efda0bc8fed176ae2bae7
now I ask Hisself and ask everyone
How it was approved to be in gnu free list??!!!
The images in the attachments
have fun and be free
alimiracle

Jean Louis

2018-08-02 15:29:16 UTC

Permalink

Post by a***@riseup.net
hi
to day
my friend installed PureOS 8 on His computer with gnome desktop
environment by using the official .iso file from PureOS website, and
after installed it on His machine, he found an options for making online
accounts to microsoft, facebook, google and some other companies they
working againts freedom philosophy
iso file name = pureos-8.0-gnome-live_20180706-amd64.hybrid.iso
sha256sum =
6b61964ad2640fdec3aaa8e5a029f5eb2eca22c6679efda0bc8fed176ae2bae7
now I ask Hisself and ask everyone
How it was approved to be in gnu free list??!!!
The images in the attachments
have fun and be free
alimiracle

Pure OS is free software distribution and is
committed to maintain distribution.

You are advised to submit bug report here:
https://tracker.pureos.net/

In regards to free software distribution guideline
as here:
http://www.gnu.org/distros/free-system-distribution-guidelines.html

and problem that you described, I can see 2
issues:

1. trademark issue, it is questionable if the icons
that point to centralized networks such as
Facebook or Google or others are free graphics
and may be problematic for the distribution of
the whole distribution.

The other issue is related to the usage of word
"Cloud" as in
http://www.gnu.org/philosophy/words-to-avoid.html#CloudComputing

Quoting from above linkL

Post by a***@riseup.net
The term “cloud computing” (or just “cloud”, in
the context of computing) is a marketing
buzzword with no coherent meaning. It is used
for a range of different activities whose only
common characteristic is that they use the
Internet for something beyond transmitting
files. Thus, the term spreads confusion. If you
base your thinking on it, your thinking will be
confused (or, could we say, “cloudy”?).
When thinking about or responding to a statement
someone else has made using this term, the first
step is to clarify the topic. What scenario is
the statement about? What is a good, clear term
for that scenario? Once the topic is clearly
formulated, coherent thought about it becomes
possible.
One of the many meanings of “cloud computing” is
storing your data in online services. In most
scenarios, that is foolish because it exposes
you to surveillance.
Another meaning (which overlaps that but is not
the same thing) is Service as a Software
Substitute, which denies you control over your
computing. You should never use SaaSS.
Another meaning is renting a remote physical
server, or virtual server. These practices are
ok under certain circumstances.
Another meaning is accessing your own server
from your own mobile device. That raises no
particular ethical issues.
The NIST definition of "cloud computing"
mentions three scenarios that raise different
ethical issues: Software as a Service, Platform
as a Service, and Infrastructure as a
Service. However, that definition does not match
the common use of “cloud computing”, since it
does not include storing data in online
services. Software as a Service as defined by
NIST overlaps considerably with Service as a
Software Substitute, which mistreats the user,
but the two concepts are not equivalent.
These different computing practices don't even
belong in the same discussion. The best way to
avoid the confusion the term “cloud computing”
spreads is not to use the term “cloud” in
connection with computing. Talk about the
scenario you mean, and call it by a specific
term.
Curiously, Larry Ellison, a proprietary software
developer, also noted the vacuity of the term
“cloud computing.” He decided to use the term
anyway because, as a proprietary software
developer, he isn't motivated by the same ideals
as we are.

In regards to driving people to those surveillance
networks, myself, I would not suggest to users to
do it, I would suggest decentralized networks.

But that was decision of PureOS and I think you
better submit bug report on their website.

I did not see pointers in Free Software
Distribution guidelines to avoid centralized
surveillance networks such as Facebook.

Hyperbola in that regard is doing very well, they
have eliminated such networks.

Yet PureOS is free software distribution,
maintainers are commited and bug reports shall be
filed on their website.

Can you do that now?

Jean

Isaac David

2018-08-02 16:01:48 UTC

Permalink

Post by Jean Louis
I did not see pointers in Free Software
Distribution guidelines to avoid centralized
surveillance networks such as Facebook.

wouldn't that count as an invitation to run nonfree Javascript through
those websites though? also, what about the broad provision against

Post by Jean Louis
The distro must contain no DRM, no back doors, and no spyware.

technically speaking, no Facebook software is run on the user's
machine; but i'm pretty sure we can take the premise that Facebook
spies its "useds" at face value. is that the kind of behaviour we want
ethical software to promote?

i've also heard from other people in this list that some Gnome
applications routinely download and interpret nonfree Javascript.

the bulk of the Gnome dev community doesn't share the FSF's vision,
yet it still gets touted as the official GNU desktop environment.
i am a Gnome user myself, but this has always struck me as weird.

--
Isaac David
GPG: 38D33EF29A7691134357648733466E12EC7BA943
Ring: c8ba5620e080bef9470efb314c257304ff9480f5
Tox:
0C730E0156E96E6193A1445D413557FF5F277BA969A4EA20AC9352889D3B390E77651E816F0C
<https://isacdaavid.info/donate>

Jean Louis

2018-08-02 21:09:37 UTC

Permalink

Post by Isaac David

Post by Jean Louis
I did not see pointers in Free Software
Distribution guidelines to avoid centralized
surveillance networks such as Facebook.

wouldn't that count as an invitation to run nonfree Javascript through
those websites though? also, what about the broad provision against
spyware?

Maybe allmiracle can say that, I did not yet try
it out. It looks like connection to "Cloud"
service which is for me totally nuclear what it
does if I just look on that screenshot.

I remember back in time everybody could send email
to Facebook used from outside of Facebook, and
XMPP connection was possible.

All could be encrypted back then, unreadable from
inside.

They blocked the feature since ten.

Post by Isaac David

Post by Jean Louis
The distro must contain no DRM, no back doors, and no spyware.

Facebook have used with consent. That is fine. And
there are spy agencies that use the Facebook to
spy on useds by data mining.

In that sense I do not see much difference to
email. Email is just centralized and very insecure
system. Then whoever uses Google as example gave
the consent for spying as well.

Post by Isaac David
i've also heard from other people in this list that some Gnome
applications routinely download and interpret
nonfree Javascript.

Be specific and file any bugs:
https://tracker.pureos.net/

Post by Isaac David
the bulk of the Gnome dev community doesn't share the FSF's vision,
yet it still gets touted as the official GNU desktop environment.
i am a Gnome user myself, but this has always
struck me as weird.

File bugs.

Jean

Isaac David

2018-08-02 23:24:33 UTC

Permalink

i'd like to point out the issue raised by the OP isn't really about
PureOS. any distro shipping regular Gnome 3 is equally concerned.

Post by Jean Louis

Post by Isaac David
wouldn't that count as an invitation to run nonfree Javascript through
those websites though? also, what about the broad provision against
spyware?

Maybe allmiracle can say that, I did not yet try
it out.

well, as a matter of fact, all of the usual client interfaces for
interacting with Facebook (web, mobile applications) are nonfree. the
question therefore is: is Gnome _inciting_ users to run those?

Post by Jean Louis
It looks like connection to "Cloud"
service which is for me totally nuclear what it
does if I just look on that screenshot.

this should give the basic idea:
https://wiki.gnome.org/Projects/GnomeOnlineAccounts/Providers

Post by Jean Louis
Facebook have used with consent. That is fine. And
there are spy agencies that use the Facebook to
spy on useds by data mining.

let's assume useds gave Facebook their informed consent. that's still
missing the point! the guidelines don't exist to try to stop users
from hurting themselves (providing them with free software is the
worst method imaginable to achieve that). rather, we're trying to
determine whether software is trying to hurt the user, or recommend
something along those lines. we evaluate software, not users.

Post by Jean Louis
In that sense I do not see much difference to
email. Email is just centralized and very insecure
system. Then whoever uses Google as example gave
the consent for spying as well.

yeah, no. someone needs to call you out on this one.

email is a prime example of a decentralized *and* federated
system. our very exchange is living proof of it. Whereas Facebook is
effectively a monopoly on its communications protocols, Gmail is not,
so I need not be subject to Google's shenanigans in order to use
email. the difference is like day and night.

if by "email" you only mean Gmail and the likes, then I agree Gnome
_may_ be doing the wrong thing there too.

Caleb Herbert

2018-08-02 16:28:43 UTC

Permalink

And don't forget that they STILL promote Chromium and Etcher.

Jean Louis

2018-08-02 20:57:55 UTC

Permalink

Post by Caleb Herbert
And don't forget that they STILL promote Chromium and Etcher.

Maybe you should point out to specific freedom
issue on their bug system:
https://tracker.pureos.net/

What is Etcher?

Jean

bill-auger

2018-08-02 22:58:48 UTC

Permalink

Post by Jean Louis

Post by Caleb Herbert
And don't forget that they STILL promote Chromium and Etcher.

Maybe you should point out to specific freedom

Caleb -

what exactly did you mean by "promote"? - are you saying that the chromium browser is available today from the pureos repos using its package manager?

several months ago, one of the pureos developers stated on this list[1] that the chromium browser should be blacklisted from pureos; and the freedom bug on the pureos tracker[2] was closed about a month later as "resolved"

[1]: https://lists.nongnu.org/archive/html/gnu-linux-libre/2018-03/msg00045.html
[2]: https://tracker.pureos.net/T57

Caleb Herbert

2018-08-03 06:00:20 UTC

Permalink

Post by bill-auger
what exactly did you mean by "promote"? - are you saying that the
chromium browser is available today from the pureos repos using its
package manager?

To be honest, I'm more concerned about Etcher. In their tutorial on
how to write an installation medium, they used a bloated Chromium
(Electron) based program called Etcher that does the same thing as dd.

Post by bill-auger
several months ago, one of the pureos developers stated on this
list[1] that the chromium browser should be blacklisted from pureos;
and the freedom bug on the pureos tracker[2] was closed about a month
later as "resolved"

This is great news.

bill-auger

2018-08-03 08:34:58 UTC

Permalink

Post by Caleb Herbert
(Electron) based program called Etcher that does the same thing as dd.

aw, thats just a little harmelss javascript reaching out of the "sandbox" of a disguised, yet network-enabled web-browser to write some system files to the boot sector of your boot device - what's to worry? - i cant see how that could possibly go wrong

bill-auger

2018-08-02 23:34:43 UTC

Permalink

there was a message forwarded recently to the parabola mailing list[1] from a user who has asked RMS if the GPLv3 telegram desktop client that has as its only possible use to interact with proprietary servers constituted a freedom concern - RMS stated very clearly that the client was acceptable because it is freely licensed, and the software running on remote network services is fully exempt from the FSDG - so there may be "trademark" issues, and there may be "privacy" or other "ethical" concerns, but the official position is that proprietary network services are not a "freedom" issue

i can only speak with direct experience of parabola; but i can say that parabola removes anything that so much as smells of proprietary, trade-marked, or encourages the use of proprietary network services - that is not strictly required by the FSDG though, it is done more for those "philosophical" reasons

so just to use the correct words here: in order for this to a "freedom" concern, you first have to state explicitly in which way do you suppose those buttons remove user's freedom - i dont think that because those businesses "working againts freedom philosophy" is quite enough - RMS contends that merely using a proprietary network service does not impede the user's freedom; so you would need to have something more concrete in mind for us to discuss here

as isaacdavid points out there is the freedom concern that can be raised if the distro is directing users directly into running non-free javascripts - i asked RMS a follow-up question regarding that subtlety; but he did not answer that conclusively

[1]: https://lists.parabola.nu/pipermail/assist/2018-July/001141.html

Denis 'GNUtoo' Carikli

2018-08-03 22:32:44 UTC

Permalink

On Thu, 2 Aug 2018 19:34:43 -0400

Post by bill-auger
there was a message forwarded recently to the parabola mailing
list[1] from a user who has asked RMS if the GPLv3 telegram desktop
client that has as its only possible use to interact with proprietary
servers constituted a freedom concern - RMS stated very clearly that
the client was acceptable because it is freely licensed, and the
software running on remote network services is fully exempt from the
FSDG - so there may be "trademark" issues, and there may be "privacy"
or other "ethical" concerns, but the official position is that
proprietary network services are not a "freedom" issue
i can only speak with direct experience of parabola; but i can say
that parabola removes anything that so much as smells of proprietary,
trade-marked, or encourages the use of proprietary network services -
that is not strictly required by the FSDG though, it is done more for
those "philosophical" reasons
so just to use the correct words here: in order for this to a
"freedom" concern, you first have to state explicitly in which way do
you suppose those buttons remove user's freedom - i dont think that
because those businesses "working againts freedom philosophy" is
quite enough - RMS contends that merely using a proprietary network
service does not impede the user's freedom; so you would need to have
something more concrete in mind for us to discuss here
as isaacdavid points out there is the freedom concern that can be
raised if the distro is directing users directly into running
non-free javascripts - i asked RMS a follow-up question regarding
that subtlety; but he did not answer that conclusively

Personally I think that user should be able to trust FSDG compliant
distributions. This means that the distribution should not mislead
users into installing or running proprietary software.

For instance many users without much computer knowledge may expect that
if the distribution says that everything in it is free software and
that the distribution has been "certified by the FSF"(FSDG compliant),
everything that the user install through that distribution is really
free software.

For instance using the web browser's "add-on package manager" should
also result in having installed only free software add-ons.

Technical users also benefit from that as they don't have to check the
source code themselves of each add-ons or software installed in
a similar way.

Preventing users from using a web browser (that is provided by such
FSDG distribution) to willingly download and install nonfree software
like flash, to willingly run nonfree JavaScript, or to willingly
destroy the very little privacy/intimacy they have left (along with the
one of the people they're interacting with), ought not to be mandatory
in the FSDG guidelines.

In my opinion, the distribution shall not be responsible of what is
available on the Web and shall not force its users to have some filters
imposed on them.

That said it might be interesting to inform users in some way
(especially non-technical ones) about common threats for freedom on the
Web or the Internet such as nonfree JavaScript, and privacy violation,
and give them pointers on how to deal with that.

However in my opinion, programs or packages (like youtube-dl or weboob)
that may run non-free JavaScript from websites without informing its
users, should be modified to make sure that the users is aware of the
issue.

Last time I checked the FSDG guidelines, as I understand it,
blocking privacy violating Web or Internet services was not mandatory,
and free software applications for Facebook was not against such
guidelines.

Denis.

bill-auger

2018-08-04 01:38:33 UTC

Permalink

Post by Denis 'GNUtoo' Carikli
Personally I think that user should be able to trust FSDG compliant
distributions.
In my opinion, the distribution shall not be responsible of what is
available on the Web and shall not force its users to have some filters
imposed on them.
Last time I checked the FSDG guidelines, as I understand it,
blocking privacy violating Web or Internet services was not mandatory,
and free software applications for Facebook was not against such
guidelines.

that final paragraph is concurring exactly with my post - the only reason i sent it was to say that, in addition to that common presumption, RMS has recently confirmed that presumption explicitly

the additional concern i added though, it seems you mis-understood - it was not merely about what is "available on the Web" to be run or avoided at the discretion of the user - the issue was regarding the case where the one and only functionality of a free client was to run arbitrary scripts sent to it willy-nilly from the server to be executed blindly on the client - such a program would be necessarily running non-free software locally on the user's machine and would be utterly useless if that behaviour was removed; unless perhaps someone, someday in the future, reverse engineers the proprietary server to write their own compatible server that only triggers fully licensed and published behaviours on the client; which would then, on that future day, but not before, give that client it's first use-case that does not entail running non-free scripts

i can not name any such clients off-hand, but i raise this issue because i was told that this is how the telegram client works

how about if your distro packages this little beauty for it's users:

curl http://proprietary-service.com/random-unpublished.cgi | sudo bash

ok? - let's say it is GPL-licensed; so no FSDG conflict here right? - and let's say some people really enjoy this program - can't live without it - so the distro packages it and claims "it would be a dis-service to our users to remove this valuable program" - what does this do for your trust in your distro?

Denis 'GNUtoo' Carikli

2018-08-04 23:31:21 UTC

Permalink

On Fri, 3 Aug 2018 21:38:33 -0400

Post by bill-auger
the additional concern i added though, it seems you mis-understood -
it was not merely about what is "available on the Web" to be run or
avoided at the discretion of the user - the issue was regarding the
case where the one and only functionality of a free client was to run
arbitrary scripts sent to it willy-nilly from the server to be
executed blindly on the client - such a program would be necessarily
running non-free software locally on the user's machine and would be
utterly useless if that behaviour was removed;

I understood correctly. I was just explaining my thoughts about where
to draw the line on theses issues as they seems to pop-up often.

I think that being as clear as possible towards users is a good way to
help draw that line.

I also often advocate for FSDG compatible distribution by focusing on
freedom and clarity to the users (everything is free software and users
won't install any nonfree software by accident, however some hardware
may not work so it's better to choose the hardware accordingly).

[...]

Post by bill-auger
i can not name any such clients off-hand, but i raise this issue
because i was told that this is how the telegram client works

I don't know if it's still the case but I heard of:
- youtube-dl that downloads and runs nonfree JavaScript without warning
the user about it for youtube.
- If I remember correctly, The paypal plugin in weboob.

Post by bill-auger
curl http://proprietary-service.com/random-unpublished.cgi | sudo bash
ok? - let's say it is GPL-licensed; so no FSDG conflict here right? -
and let's say some people really enjoy this program - can't live
without it - so the distro packages it and claims "it would be a
dis-service to our users to remove this valuable program" - what does
this do for your trust in your distro?

This would count as a security bug (arbitrary execution of code by the
people controlling that website, or anyone in between (http)...

Denis.