Free and Open Technologies by Nucleus

This is the second in a series.

A lot of us join various membership and "social networking" sites. Joining such a site, you enter all sorts of personal information, such as your name, your date of birth, your city of residence, zip code, age, educational background, current or past employment, interests, contacts/friends/family, e-mail address, telephone number, and that all-important secret question and answer.

These are all the same pieces of information that identity thieves as well as marketers use to extract your hard-earned money. (If your money is not hard-earned, send it to me.) Identity thieves will obviously prefer it if they can also obtain your social security number.

If you don't want such personal information disseminated for anyone, anywhere, at any time, to use, misuse, and abuse, do not give web sites (including social networking sites) that information. Remember, it isn't just legitimate users that will have access to that information. It is scam collection agencies that will call, write, and otherwise harass you and your family and friends solely because they want you to send them money. I'm not talking only about legitimate debts, either. There are companies that will call you, claiming that a friend or relative used you as a reference on a loan application, and that you are now liable for the person's defaulted loan.

The point is this: without privacy, you have no safety, no security. Better to err on the side of non-disclosure than to expose too much of your private information. Once it gets loose, there is no way to capture it and pull it back. As for the site that wants you to join under your real name and insert your work and educational information, they do this to increase their ad revenue. It has nothing to do with helping you connect to others and everything to do with their pocketbooks. That's why they've suddenly decided that this formerly private information is now public: it gives their customers (advertisers) more information to use in targeting their ads.

Be very stingy about giving personally-identifying information to any website.

Our world of Free software / Open source software may not be enough of a foundation for free culture and the historic Constitutional freedoms we have enjoyed for hundreds of years. Much has been written, and rightfully so, about the way our nation refused to extend to various ethnic groups (and women in general) the rights we claimed were so fundamental that they were self-evidently granted to all "men" by our creator. But we've come a long way toward rectifying those errors. And yet, we are rapidly heading toward a time when it is no longer ancestry or body parts that determines whether one has rights, but whether one is a corporate officer of a small number of corporations.

ACTA: An Orgasmic Festival Of Greed And Glutony

Glyn Moody has done a lot to inform the UK public about the secret treaty called ACTA. ACTA is an effort by the copyright abuse industries (corporations that control music, movies, publishing, and software) to prevent social and technological changes from threatening their business models. Among the provisions being negotiated into this proposed treaty is "three strikes". Essentially, if you or a member of your household are accused--not charged, not convicted: accused--three times of violating copyrights you lose Internet access for life. Your Internet provider would be required to track every site and file, to prevent you from accessing any potential copyright violating material. So no more visiting YouTube, Vimeo, DailyMotion, or any other user-generated content sites, since "The Numa Numa Dance" might feature a copyrighted song.

But that's not all. Draconian copyright-enforcement rules damage freedom-preserving software, such as that which the Free Software Foundation endorses, as well as open source software (such as the Open Source Initiative endorses) because closed-source software may (because no one can see the source) utilize its more open competitors within its products, but those competitors may not utilize the closed source product. Stopping at "exposing source code" isn't good enough. That source code needs to be protected with "cannot close derived code" defenses, such as those advocated by the FSF.

Even there, however, we need to ally our quest for freedom-preservation in software with similar efforts in other creative fields. For example, consider supporting Creative Commons the organization and even more importantly, insisting that you view or listen to only CC-licensed media. Surely there is little on the latest reality show to be worth its toxic effects on your rights as a content consumer and as a potential remixer or other producer of derivative content? This is where the rubber meets the road: these draconian copyright enforcement actions are really about destroying both fair use and derivative rights. Opposing the scam requires both political action and principled purchasing. We cannot win if we continue to give money to the already-huge media corporations that oppose our interests. We have to stop buying music, software, movies, books, magazines, newspapers, and other "content", including removing ourselves from the audience for broadcast operations and web properties, whenever the copyright owner advocates, lobbies, or otherwise promotes copyright extremism.

Snoopware Built In

One of the things that no one talks about, or at least not regularly, loudly, and in public arenas such as the Web, is the incentive for proprietary software companies to include snoopware in their products, so they know about your system's hardware and software environment and can identify when you try and install the software on a different computer. Microsoft has its Genuine (Dis)Advantage, which runs in the background even before your computer will allow you to log in, and which periodically phones home with unknown data. Is it checking what browsers and office suites are installed? Is it reporting which sites you've visited? Does its report include personally-identifying information such as your name or your username? Does it include GeoIP information that can tell what neighborhood you're accessing the Web from? Again, no one knows for sure. But without a clear concern for at least first-order freedom, it is difficult to resist the temptation to try and bump up revenue by suppressing suspected cheating, even if that process tramples individual rights and freedoms or exposes private information.

Now, I am not opposed to companies making money on software. But when their business is built around proprietary (EULA) licensing, it is predictable that their interests and the interests of the users of their products will clash eventually, and that is when snoopware and technological usage restrictions (TUR, often euphemized as digital rights management [DRM]) become tempting for the companies. TUR is the use of technological means to restrict what the user can do with the software. An example of this might be the code built into Apple's operating system to prevent its use on non-Apple hardware, or code which prevents you from using MS Office 2007 once the trial period expires unless you enter the "activation code" or the region code which prevents you from viewing that DVD you got for $3 in Japan. The purpose of those restrictions is to prevent you from using content you purchase in ways the copyright owner does not approve.

It is also predictable that, in the absence of such anti-user provisions, the average selling price of most areas of software will drop over time, just as prices do with most other products. That the price of some companies' office suites or operating systems continues to remain high is a testament to how effective anti-user, anti-competitive technological means can be (especially when coupled with a legal assault to back up the TUR).

I should also point out that this isn't just seen in software. When we obsess on copyrights for corporations, we find music companies infecting people's computers with rootkits; we find movie companies using TUR to prevent a DVD purchased in one part of the world from being viewed in another; we find insanely-rich companies obsessively filing "take-down" orders against teens and parents of small children because they used a song in the background of a video they uploaded to YouTube; and we find the government negotiating secret "intellectual monopoly" treaties with draconian punishments for anyone who is even accused of violating a copyright. The way primary to to stop this is to simply refuse to buy, watch, listen, or otherwise support the products of those companies and anything else that has licensing that is not freedom-preserving. Also: join the Free Software Foundation, donate to the Electronic Frontiers Foundation, Creative Commons, and the Open Source Initiative; and to make sure your congressional representatives (House and Senate) and presidential candidates know that voting with the copyright abuse industries will cost them your vote.

We need to be loud, persistent, and very clear that the power-grab by the copyright abuse industries will not be tolerated. I believe that we can regain control of our nation from the corporate interests. It won't be quick, nor will it be easy. We will have to beat back those who seek to shortcut the process through the rhetoric of revolution. We will have to counteract the proven-effective media promotion of the ultra-copyright viewpoint. We will have to use political pressure and the law to gain control of our state universities; our state legislatures, governors' mansions, and courthouses; and the federal equivalents of those state institutions. We cannot afford to endorse (even through silence) those who seek a violent re-ordering of society, but instead must quickly and loudly oppose their every pronouncement. Above all, we must indoctrinate the teens and twentysomethings of today, recognizing that our own generation will die off someday and theirs will run the ship. It is a long-term effort to bring back common sense to copyright, but it is one that we need to undertake beginning now.

I have not been critical of the Open Source Initiative, even though license proliferation is problematic. Lately, though, I have come to see that open source software and free software, while they often refer to the same software & licenses, have different goals and are promoted by those with different agendas. That is, open source (and OSI) is concerned with first-order freedom: what the immediate recipient of the software can do with it. Free software (and the Free Software Foundation) generally goes beyond this and is concerned with second-order freedom: ensuring that the immediate recipient of the software is not able to remove user freedoms before passing it downstream to others.

Because of the confusion that comes when we refer to "free software", I tend to use the more explicit term "freedom-preserving software" instead.

If you run a big company like Google or IBM, you're may desire to support first-order freedom, so that you can do as you wish to enhance applications to fit your needs, but you may not be as concerned about enabling others to share in those enhancements, especially if the enhancement must carry the same kind of licensing. On the other hand, if you run a smallish company, and you're sponsoring an open source project to develop your primary product, you'd better be concerned about second-order freedom, or you'll regret it when a competitor takes your code, enhances it, and then uses that improved version of your own product to compete with you without releasing the changes under the same license.

Likewise, if you are really concerned with education, you'll be interested in first-order freedom and likely also interested in second-order freedom, so that students can legally explore, extend, and improve the software. That is, you should be interested in those things. It seems that many so-called computer-skills training classes are click-here-click-there walkthroughs of a particular brand and version of widely-used proprietary software. Sadly, this is brittle training, because two years down the road, the vendor comes out with a new version that rearranges the buttons and menus, and the student hasn't a clue about how to use the product any more.

I'm firmly in the smaller, locally-owned businesses (SLOBs) camp, and therefore both first-order and second-order freedom are important to me. I look for freedom-preserving software, and I loathe dealing with rights-curtailing EULA-licensed sofware. (EULA is the end user license agreement found primarily in proprietary software. It typically bans a long list of things that are otherwise legal, including publishing comparisons of the product to a competing product.)

There's one more reason that I hope Mr. Phipps' impact helps OSI to focus more on both first-order and second-order freedoms. The leader of the Free Software Foundation, which has always focused on second-order freedoms, is deeply entangled in the extremo-liberal NPR-talking-points thing. Paying some attention to his output on Identi.ca, I see his stream is filled with messages about the cruel & inhuman Israelis refusing to stand still and let the valiant Palestinian freedom fighters blow them up. Typical NPR left-wing ignore-the-facts stuff. But coming from the head of the FSF, it is off-putting to those who aren't in that political camp to read this from the same mouth that proclaims a freedom that any Constitution-lover immediately identifies with and craves. (US conservatives used to talk in favor of similar freedoms until they realized that big corporations like Microsoft as well as the dictatorial state may be threatened by such unbridled bottom-up freedom.) OSI could be, and should be, an organization that pushes hard on the first-order freedoms that have been its major focus, while educating people about second-order freedoms (such as freedom-preserving software and creative commons content), serving as an important back-up to the FSF. OSI should make second-order freedoms a second focus, taking a cue from Richard M. Stallman (perhaps modifying his more extreme political views with some input from Theo de Raadt and the American founding fathers).

One area I would like to see OSI look at is using open source software within the schools and teaching students about first-order and second-order software freedoms. It is totally backwards that we take students, sit them down in front of software which does not confer either first-order or second order freedoms, software which they cannot use at home unless they buy a license (and the versions used are generally higher-priced than the home versions they are likely to have at school), and then lecture them about "hacking" and unauthorized access. So if they discover an area of interest, they are unable to pursue that interest any farther than the two hours of guided computer lab time each week. Instead, OSI, FSF, and others should be promoting the idea of software freedom both to educators, students, and their families.

(Whatever else one may say about OLPC, at least it does have the idea of carrying software that gives first-order and sometimes second-order freedom to its users. That is so much more important than just another step-by-step tutorial on using Microsoft Word. Mark Pilgrim wrote (about the iPad's closed, uptight environment) about how computer makers (and specifically Apple) used to produce computers that inspired people to examine and modify the internals, which helped launch a generation of programmers. I'm still hopeful that because of the OLPC, there will be thousands if not millions of low-income children who grow up in control of their systems, who go on to launch independent business ventures in countries all around the world, and who do not depend upon the big software and media companies, but go around them to help define, refine, and meet the needs of people in their respective parts of the globe. However, it would be good if OSI made more noise about the need for open platforms like OLPC to be the foundation of "computer education".)

Open Source software, as defined by the Open Source Initiative, has a different definition (and a different set of restrictions). This is because open source isn't about preserving the user's freedom the way that "free" software is. In fact, I would prefer the term "freedom-preserving software", because that makes it clear what the purpose of these licenses really is. Yes, open source is provided with few restrictions than proprietary EULAs give you. But open source may not always preserve that freedom--at an intermediate step, someone may have obtained open source software and bundled it with proprietary-licensed software in such a way that said freedom is gone. Or they may have made some changes but not provided the end user with the source of those changes (and may not have contributed that source back upstream to the open source project)--free licenses such as the GNU General Public License are designed to protect against these types of freedom-eroding measures.

An example of what I mean would be to look at Microsoft Windows, which is not freedom-preserving. When you turn the computer on and connect it to a network, it attempts to call home to Microsoft. No one knows exactly what it is reporting, so it could be telling such things as serial numbers for key hardware pieces as well as a list of installed software. Or, perhaps, it could be carrying information about where you've been online. That foreign online casino, for example, isn't legal for Americans to use. If some anti-gambling task force shows up at your home around 3AM, it could be that they showed up in Redmond WA with some legal papers. Then again, I would assume that some online bad guy may have already penetrated Microsoft's database where they keep this information, so there's no telling what said bad guy may plant there.

Now, I'm not singling out Microsoft here. Anti-user activities are a natural consequence of proprietary commercial software, because the whole model is based on scarcity: they make it difficult to obtain and utilize the software without paying for it, and that necessitates an ever-increasing amount of suspicion toward even legitimate paid customers. The bits are free (zero-price), or close to it, so the scarcity is artificial. And let's make it clear: Apple is at least as guilty of anti-user activities as Microsoft is. I'm told, for example, that there is code within OS X that is meant to detect when it is installed in non-Apple hardware and to prevent it from running there.

Important: Free software is not necessarily zero-price software. We are discussing software that preserves your freedoms, not discussing the price of software.

Anyway, Richard M. Stallman's article has more information and is a better summary, so go read it there.

Years ago, browsers didn't have the ability to use tabs to organize multiple pages, so opening a new window was an assault on the user's computer resources. For a resource-constrained computer, opening a new window could freeze everything up, forcing a hard reboot. These days, the computer is in the trash can long before it reaches that stage, and with the advent of tabbed browsing, it doesn't take much more resources to open a new tab than were already being used.

Meanwhile, we have lots of bad guys taking advantage of uninformed users that leave sites while logged in--particularly those who are logging in on a public computer, such as might be found in a public library or a hotel lobby. Yes, if you go to Yahoo mail, Hotmail, Gmail, or another well-known webmail provider's site, you often find that someone didn't log off. It would be easy for someone with malicious intentions to impersonate that person.

At work, I tell the people I support to be sure they log off of every site they log into before they leave the computer. Additionally, I tell them to lock the screen or shut the machine down. All it takes is one person without character to ruin someone's career.

So it should be no surprise that I detest sites that send logged in users offsite while they are logged in. It is very easy to get carried away with the content found at another site and forget to hit the back button twenty times to come back and log off. For this reason, it is bad design for a site to send logged in users to another site in the same tab. Open another tab, so the user has some indication that there is unfinished business to deal with.

Now, I know that there are many sites that do this. But then, there are many sites that can send you current password in an e-mail message. Current standard practice is to do an HMAC (or at least an MD5 hash of password + a "nonce"), so that there is not an unhashed version of the password anywhere except in the user's mind. But I was at a state government site about a year ago, where they showed me my username, password, e-mail address, and other information that shouldn't be so easy to access. I didn't even have to wait for an e-mail message.

Meanwhile, the bad guys of the Internet are about at the point where no one should be using a human-rememberable password anymore. Instead, we should be using password managers to generate, store, and enter passwords on every site. Now, no one is doing this yet (or very few of us), but it does no good to have a complex, hard to guess password if you click on a link while you are logged into a site and it sends you somewhere else. Until your session times out, anyone that uses that computer is "you" as far as the site is concerned.

So, to sum up, don't use password storage techniques from the 1990s. Use a modern, secure password storage method, and make sure the passwords are "strong" enough to slow down bad guys who would seek to fraudulently log in as one of your users. Encourage them to use software such as Password Safe or KeePass, both of which have versions which can ride on a USB flash drive. And make sure that all links outside your site open in a new tab when users are logged in. If they aren't logged in, you don't have to do this, but when they are logged in, try to make it clear that they need to log out before they leave.

I have loved the Ubuntu family of operating systems every since I first encountered version 5.04 in 2005. Prior to that, I had been very much a Red Hat / Fedora user. But I am facing a problem that I find difficult to resolve. I dislike the GNOME desktop and most GNOME software. SuSE was my first distro, but I've long since moved past it. I do still install Mandriva about once a year, but it rarely lasts a week before I return to the Ubuntu fold.

Xubuntu is a wonderful desktop. It is now my main environment and my personal recommendation. However, I don't use it stock. I install some software and uninstall other software to make it useful.

1. Evince / Okular--Like most GNOME applications, Evince is not very configurable. Further, the GNOME file dialog doesn't generally handle files that are somewhere else (e.g., on an HTTP server somewhere). With Okular, I can copy a link for a PDF file that is on a website somewhere and the KDE file dialog will open it.


2. GDM / KDM--GDM sometimes has trouble starting other desktop environments or window managers. I first switched to KDM because I was starting to use IceWM on low-resource older computers, and GDM wouldn't launch it properly. Since KDM is part of the K Desktop Environment (KDE), I go ahead and install it, and then make Xfce my default environment. Newer versions of GDM haven't had the same problem, but why go back when KDM works so well? (For the record, I typically install LXDE, too.)
   


3. Gnumeric / OpenOffice.org--While Gnumeric is fine for the functionality it implements, I tire of fighting with it over every spreadsheet someone e-mails me. OOo isn't perfect by any means (slow-acting and a memory hog), at least it works for most files. I generally leave AbiWord installed, but I don't use it much, unless I already have a lot of things open and don't want to make the computer lag.


4. I cannot recall what media players were preinstalled, nor what photo manager. It doesn't matter, because I changed them. For photo managers, I haven't found anything that matches the functionality of digiKam. So when I have to deal with F-spot, for example, I get frustrated. Media players ... I always install VLC and Amarok. I install K3B for burning CDs and DVDs, and get rid of GNOME-based burners. Xubuntu uses Xfce, so I also install xfmedia and xfburn.


5. Browsers: I always make sure to have Firefox and Opera. I've been known to install Konqueror, Arora, reKonq, and Epiphany. Epiphany, Arora, and reKonq are based on Webkit, the same engine behind Safari (which isn't available on Linux) and Chrome. All Webkit browsers take a while to start loading the page. In the case of Chrome, I can actually completely load a page in SeaMonkey (which must be the world's slowest modern browser) before Chrome finishes "resolving host". Once they start loading, the Webkit browsers are fast. Epiphany, being a GNOME product, relies on something similar to the Windows registry. If you are using a non-GNOME desktop, you may not have a GUI interface to Gconf. What this means is that there might be some (advanced) functions that you cannot easily change.

These are my personal customizations. I am considering a move to Arch Linux, because I like the idea of a rolling release. No more having to re-customize periodically. (I generally upgrade to the latest Ubuntu/Kubuntu/Xubuntu version within days of release, which rolls back my customized software selection before doing the upgrade.) However, I wish that there was something with the rolling release of Arch Linux, with the common-sense layout of Gobo Linux (FHS, the file hierarchy standard, is way overdue for replacement), and the compiled-from-source design of Gentoo Linux, but which is Debian-ized enough to use a modified version of Synaptic as its graphical "package management" interface and has the Ubuntu fit and polish.

But for now, it is Xubuntu for me (with a small dose of Linux Mint and a small dose of Fedora). If it weren't for Xubuntu, I might have to go with a Linux-from-Scratch thing. I'd like that, but it would be hellacious to maintain everything that goes into a modern desktop. Xubuntu has rescued me from much of that maintenance work.

What about Windows or Mac OSX, you might ask. Well, I've purchased three computers with Vista on it in the past 18 months. Two of them (mine and my nephew's) now run Linux. One of them still runs Vista, but is rarely used, because my youngest son uses his Mac instead. That Mac is interesting. I paid for it, but I never use it, and it takes me days to get up to speed whenever he asks me to do something with it (such as set up printing). I can't imagine a computer that is so simplified that no one can figure out how to set up printing! (I had to find the terminal, install the developer tools, and compile the driver, even though the printer is on a remote machine that already had the driver. It took two days to find this out, and then an hour to do it.)

I am glad to hear that both YouTube and Vimeo now support the HTML5 tag. However, it makes little sense to do the work to add HTML5 support when over 90% of Web users have Adobe Flash Player installed (and some of those who do not have Adobe's player have swfdec or Gnash). The only way it could make sense is if the sites were seeking a significant market of users who could not view Flash (e.g., mobile users). Unless, of course, the eventual plan is to replace Flash with HTML5

If that is the case, an open format like Ogg Theora or Dirac is a better choice than a codec like H.264, which is covered by software patents in some countries (including the USA). Why? With an open format, it is possible for every browser to implement it without fees or bothersome restrictions on passthrough rights. And if certain browser makers also have their own proprietary audio / video formats to protect, it is still possible for someone to produce codec packs that will help those products to be able to play the videos. It is likewise possible for site owners to post such videos without fearing a visit from the patent patrol.

Mozilla is building in Ogg support (with both Theora [video] and Vorbis [audio] codecs). So current or future versions of Firefox, SeaMonkey, Flock, Songbird, K-Meleon, and Wyzo should all soon be ready. Opera is also building that support in. I would hope that the KHTML / WebKit browsers will also gain this, although Apple has its own proprietary codecs that it will also want to support (and Google recently purchased a company that owns some video codecs [including the successor to the codec that became Theora]). Assuming that this happens, only Microsoft will be missing. As mentioned above, the essential patent-free and license-free nature of Vorbis, Theora, and Dirac

If you don't already know it, software patents are evil, and that includes patents on physical apparatuses in which firmware plays an essential part of its patentable functionality. They don't drive innovation or invention, because patents are written in vague, legalistic terms to make them both harder to copy and easier to use against a competitor. In addition, patent examiners lack specific field expertise (and so are not able to know whether something is truly an advance in its field versus "putting old wine in new bottles"). And patent examiners, who should be paid based on the quality of what they let through, are actually under pressure to meet a quota of approvals.

One final thing: In taking up this battle, Mozilla is taking a long-term view, thinking about the implications of its decisions. This is good. It makes me wonder why so few others have the brains to do this? For all those who want to trash-talk RMS, this is one area where he's been right again and again. And Theo (from OpenBSD) also. If you make short-term choices that compromise your freedoms based on convenience, eventually, being non-free will be inconvenient, but you will not have maintained a defensible ground upon which to stand. As the Free Software Foundation notes, "free software is not about the price" of that software, but about protecting your freedoms to use and modify the software as you see fit (and to distribute your modifications). This is why you should be looking for these licenses on your (end-user) software: GPLv2/GPLv3/AGPLv3/LGPLv2/LGPLv3. Only if you cannot find acceptable software with said licenses should you look at software with any other license.