Sources: It’s FOSS, OMG!Ubuntu and plenty more (if they make it enough of a pain or a risk, they hope people will stay with Windows and maybe use WSL, not real GNU/Linux)
Dr. Roy Schestowitz: I want to know how big a threat you think the so-called “secure” boot is considered to be to the Free software movement.
Dr. Richard Stallman: It’s a disaster. Well, except that it’s not secure boot that’s a disaster, it’s restricted boot. Those are not the same. When it’s front of the control of the user, secure boot is a security feature. It allows the user to control what programs can run on a machine and thus prevent — you might say — unexpected malware from running. We have to distinguish the unexpected malware such as viruses from the expected malware such as Windows or Mac OS or Flash Player and so on, which are also malware; they have features that hurt the user but users know what they are installing. In any case, what secure boot does is that it causes the machine to only work with (?) programs that are signed with a certain key, your keys. And as long as the user controls which keys they are, then it’s a security feature. However, it can be chained into a set of digital handcuffs when the user doesn’t control the keys. And this [is] happening.
“We have to distinguish the unexpected malware such as viruses from the expected malware such as Windows or Mac OS…”Microsoft demands that ARM computers sold for Windows 8 be set up so that the user cannot change the keys; in other words, turn it into restricted boot. Now, this is not a security feature. This is abuse of the users. I think it ought to be illegal.
It’s a matter of control by the vendor of course, not control by the user himself
Exactly, and that’s why it’s wrong. That’s why non-free software is wrong. The users deserve to have control of their computers/
I think that not only Windows is going to be an issue in fact, if you consider the fact that even a modified kernel is going to be in a position where it’s perhaps not seen as verified for execution. Right, I’m saying, it might not only be a malicious feature in case of something like Windows running on it, it’s also for — let’s say — a user of the offered operating system but it’s free if the user wants to modify the operating system, for example…
The thing is, if the user doesn’t control the keys, then it’s a kind of shackle, and that would be true no matter what system it is. After all, why is GNU/Linux better than Windows? Not just ’cause it has a different name. The reason it’s better is because it’s freedom-respecting Free software that the users control. But if the machine has restricted boot and the users can’t control the system, then it would be just as bad as Windows. So, if the machine will only run a particular version of GNU/Linux, that is a restriction feature. And I haven’t heard anyone doing that yet with GNU/Linux, but that’s what Red Hat and Ubuntu are proposing to do things — somewhat like that — for future PCs that are shipped for Windows. But it’s not exactly that. And my reason is, the users will be able to change the keys. They will be able to boot their own modified version of the system of Fedora or Ubuntu if they want. So, what Fedora and Ubuntu were proposing doesn’t go all the way there. They’re proposing to do things to make it more convenient for users to install the standard version of those systems. But if things go as it has been announced, users will still be able to change the keys and boot their own versions. So, if all the restricted boot — but it will be something that goes sort of half-way there — it’s somewhat distasteful.
“The thing is, if the user doesn’t control the keys, then it’s a kind of shackle, and that would be true no matter what system it is.”On the other hand, with Android, which is another mostly Free operating system which contains Linux but doesn’t contain GNU, it’s quite common for the product to have something equivalent to restricted boot, and people have to struggle to figure out how they can install a modified and more free version of Android. So, the presence of the kernel Linux in a system doesn’t guarantee it’s going to be better. And I’ve heard someone say — oh, it hasn’t been checked — that a particular or kind of Android device is actually using an Intel chip with restricted boot.
One of the concerns that I think is worth raising is the fact that, as far as I know, with many of the embedded devices, especially those based on ARM, I believe it’s not even possible to get into boot menu to disable so-called “secure”…
That’s where Microsoft is really going all out, because Microsoft has ordered essentially — demanded — that those shipping ARM devices for Windows 8 make it restricted boot with no way to get around it.
Yeah, which also means of course waste of… all sorts of impacts on the environment. Any time that hardware become obsolete with the operating system itself is not being used of course…
“So it’s a very damaging thing that Microsoft is doing and so we need to look for every possible way to stop them or tweak what they’re doing.”Well, it’s worse than that. It means basically that those devices, you have to throw them out if you want to escape to the free world. And this — in the past — we were able to install, to liberate a computer by installing Free software on it instead of its user-restricting operation system, and this of course was tremendously helpful to the spread of GNU/Linux because it meant that users could move to freedom. It would be much harder if they had to buy another computer to do so. So it’s a very damaging thing that Microsoft is doing and so we need to look for every possible way to stop them or tweak what they’re doing.
Summary: Only days after Ubuntu/Canonical staff defended what the Raspberry Pi Foundation had quietly done with Microsoft (behind users’ or customers’ backs) we see Canonical under fire — yes, once again! — for privacy abuses, facilitated in part by Microsoft
THE latest breach of trust (and breach of privacy) at Canonical isn’t going to help Ubuntu’s image. That’s a fact. The community that once existed in an orbit around Ubuntu is long gone, so what’s left to lose, right? Let’s get closer to Microsoft, through Canonical…
“The video above goes through some other ramifications and mentions some older privacy scandals implicating Ubuntu/Canonical.”The issue isn’t exactly breaking news; we mentioned this in passing in relation to the Raspberry Pi-Microsoft scandal the other day because the ‘news’ site The Registerhad covered the issue (it had also been mentioned in some podcasts and new videos, social control media aside).
Over at ZDNet, albeit days late (4 days after The Register), SJVN has just mentioned this. “Bongiorni was a little more “frank” about his annoyance and surprise that a Canonical salesperson had tracked him down on an entirely different service and knew that he had just used Ubuntu on Microsoft Azure,” SJVN wrote.
Microsoft is spying and this has long been a reason for concern about the Raspberry Pi-Microsoft blunder. That Microsoft also shares the private data with other companies is certainly noteworthy and it may merit a GDPR complaint. The video above goes through some other ramifications and mentions some older privacy scandals implicating Ubuntu/Canonical. █
On 8 March 2020, International Women’s Day, somebody forged Mark Shuttleworth’s email address to distribute or leak the email below.
The Debian Project Leader, Sam Hartman, accused another volunteer of distributing it. Eleven months have passed. Nobody ever gave any proof about the source of this message. Sam Hartman lied. He whipped up a mob much like Donald Trump at the US Capitol siege.
There is so much fake news on the Internet today. Why was Sam Hartman, leader of Debian, so enraged when somebody leaked the concerns about unethical romantic relationships in GSoC and Outreachy mentoring? Where there’s smoke, there’s fire. That’s why.
Rogue elements of Debian take the approach that this is a hobby and they can do what they want. If we care about diversity that is not good enough.
Is the email below sexist itself? Or does this email simply expose the sexism and misogyny that Debian doesn’t want the world to know about? █
Subject: Fwd: debconf19 diversity girls
Date: Sun, 08 Mar 2020
From: Mark Shuttleworth <shuttleworthless@protonmail.com>
behave yourselves!
brazilians!
please don’t name the girl
——– Forwarded Message ——–
Subject: debconf19 diversity girls
Date: Wed, 12 Feb 2020 08:31:50 +0000 (UTC)
From: Sam Hartman <hartmans@debian.org>
To: debian-private@lists.debian.org <debian-private@lists.debian.org>
Debian is not an employer and when we gather at DebConf
we are not under any centralized control. Some of us are
paid to be there by our employers and some of us choose
to come as volunteers. Nobody works 24 hours per day
for 10 days at DebConf and when people are not working
there is no reason they can’t engage in any romances.
Our diversity programs have become overwhelmingly popular
and at every event now we have young women coming
on diversity bursaries. Some of these women are
participants in the current round of GSoC or Outreachy
and some of these women want to join the next round.
So many of these diversity bursarie girls are having
a connection with internships. Almost all the others
have no jobs, they are looking for jobs and they are
under pressure to please people.
Debian has never said anything to ban romances with
these women. We already assumed the mentors would
not get romantic with the interns in the current round.
But it needs to be really clear that no Debian Developer
should become intimate with any woman in the current
round or any woman who is preparing to apply for
subsequent rounds of GSoC and Outreachy.
A problem has been discussed at DebConf19 and it was
seen too at DebConf18. The boy involved is a member
of the Debian mentors team so this is one case where it
is definitely off-limits. The relationship did
not involve a woman he mentors personally but
it was also very clear to the mentor that this
woman had an interest in the program, there is no
way he could have been unaware of that.
He is also a Canonical/Ubuntu employee. We believed he
comes to DebConf as an employee, he is not a Debian
employee of course, so there was discussion with Canonical.
Canonical said they would resolve the issue as an internal
company issue. Some other people became concerned because
Canonical is a DebConf sponsor and maybe I’m being too
lenient on their employee. If other Canonical management
were not at DebConf, how would we handle this issue with
any other volunteer from a different company?
The woman and the other people who share her room don’t
want to comment on the issue. We thought this was a dead end.
There is nothing more going to happen here but please
now remember if you are a Debian Developer, even
if you are not a mentor, if you meet somebody at an
event who indicates any interest in our mentoring
programs within the next year, you need to maintain
It competes with Windows Server, but not with Microsoft
Summary: The community ought to stop pretending that one monopoly seeks to replace another despite close partnerships (some would say “collusion”) between the two
THE trio above (IBM, Red Hat, and Microsoft) is closer than ever. Many projects of IBM, Red Hat, and Fedora are still being outsourced to a proprietary monopoly of Microsoft and there’s no true evidence of real competition, except perhaps against Windows Server.
“There are still fine communities around (e.g. Arch, Gentoo) and they’re a lot more worthy of volunteer efforts.”Surely this frustrates some people, including volunteers who gave a lot of their time to the Fedora project. IBM itself is a former monopolist, so it can relate to Microsoft, to which it offloaded some of its business to avert antitrust-induced break-ups (in a sense, giving business to Microsoft was a surrogate of a break-up).
Recently, as the news sites put it, IBM responded to the correct perception that people were getting seriously upset at IBM and at Red Hat, mostly because of what they had done to CentOS. Planet Fedora has been eerily quiet since then, except for employees (IBM) and interns.
A very long time ago Canonical enjoyed the support of many volunteers who donated their time and efforts to the Ubuntu community (gardening bug reports, reporting bugs, contributing artwork and so on). Canonical’s dealings with Microsoft did irreversible harm. Those started well over a decade ago.
The inability to tackle issues like monopolies and various ethical or practical issues (e.g. Ubuntu adding Amazon spyware) led to erosion of trust and devotion. When Canonical marked Ubuntu’s bug #1 (basically the need to replace Windows) as resolved or “wontfix” that said a lot about Canonical’s objectives. Instead of seeking to remove a monopoly Canonical sought to participate in the monopoly and Canonical is nowadays still outsourcing much of its code to Microsoft's monopoly, which thankfully lost inertia.
More than 20 years ago I joined the Free software community, motivated primarily by the need to replace Windows, which had become very abusive (even well before Windows XP and the Windows back doors for the NSA, as exposed by Edward Snowden). If companies like Canonical and Red Hat (now IBM) don’t intend to tackle the Windows monopoly on desktops and laptops, then why should the community support such companies? There are still fine communities around (e.g. Arch, Gentoo) and they’re a lot more worthy of volunteer efforts. █
Summary: A discussion about the state of volunteer efforts going into the development, maintenance (in the ‘maintainership’ sense) and support/advocacy of GNU/Linux distros
FOLLOWING last night’s article about erosion of fake communities (not grassroots but corporate) I’ve recorded a quick video. It’s snowing and very cold here this morning, our connection issues persist (20th day now!) due to COVID-related network congestion, so there’s usually a significant lag between time of recording and time of publication. █
Summary: Despite the attempts to manipulate/trick developers (and sometimes users) into becoming unpaid workforce of for-profit companies, there’s an exodus back to real communities, which aren’t subjected to the fury of wealthy shareholders who utterly dislike or simply don’t care for software freedom
“We’ve noticed that more and more developers nowadays speak of “Free software” instead of “Open Source” and that’s a very encouraging sign as it means people go back to the roots and the principles, which are connected to altruism rather than profit motive.”The GNU Project is still doing well. We recently wrote a series about the FSF, which nearly reached its goal (number of new members) after a deadline extension. GNU is a real community; it has been so since 1983.
We’re also seeing a growing realisation that companies like IBM mean no good for Fedora and other parts of Red Hat. We see some developers walking away to real and genuine communities. We’ve noticed that more and more developers nowadays speak of “Free software” instead of “Open Source” and that’s a very encouraging sign as it means people go back to the roots and the principles, which are connected to altruism rather than profit motive.
Assuming we go down the trajectory of software freedom, the (wo)manpower will still be there, albeit redirected or funnelled into projects and initiatives that don’t merely ‘farm’ volunteers for free labour.
“We’ve had enough of those corporate coups and hopefully lessons are still being learned.”To those who joined the FSF as members, thank you! Based on what we’ve been hearing, there are signs that the anti-RMS coup is mostly over (and it failed). Those who pushed for the removal of RMS are still out there, but not in positions where they can do further harm.
Long live real, authentic community. We’ve had enough of those corporate coups and hopefully lessons are still being learned. More coups will come and go.
Openwashing is the most they can offer (an “open” spin on proprietary offerings) and smaller companies, such as Red Hat, can be taken over by vastly bigger ones (IBM) with another agenda/vision
Summary: When GNU/Linux becomes more corporate it can also become more detached from users’ needs
THE Free software movement is about as old as I am and it sought to preserve the “hacker culture” (which was prevalent in academia at the time; Microsoft had only been established several years earlier). Scholars would exercise the freedom to share code; such sharing accelerated research.
“IBM has come up with some new excuses for cutting CentOS support (support window shortened almost tenfold, followed by a complete redefinition of what CentOS actually is).”The GNU Project was a great success because many hackers were persuaded to join the new movement and create a free UNIX-like system (the UNIXes were very expensive at the time). In the early days many of them were labeled “hobbyists” because they did not do this for a salary. A decade later the media collectively called their work “Linux”, Red Hat hired many key hackers, and one decade later Canonical hired many key development folks from Debian.
As we noted earlier today, neither Red Hat nor Canonical would criticise Microsoft because Microsoft pays them to play along. It is a truly sad situation which occurs when corporations strive for nothing other than increasing revenue; they’re easily compromised and they can be made to cooperate with their competitors. Competition between GNU/Linux and Microsoft/Windows isn’t a brand war; it’s about licensing and inherent philosophy. Even if GNU/Linux was technically behind Windows in some area, it would still be favourable to users. The realm of ideology goes all the way back to the 80s — back when the antiwar movement was also very powerful and people wanted to take back control from corporations (rather than strive to buy the latest “smart” phone).
IBM has come up with some new excuses for cutting CentOS support (support window shortened almost tenfold, followed by a complete redefinition of what CentOS actually is).
Nobody is naive enough to believe that IBM chose this direction because of the users. It is all about money.
Well, money is not inherently evil (it’s a straw man argument to suggest those who oppose IBM are generally against capitalism). However, if profit alone is the guiding hand, we’ll see more corporate domination over GNU/Linux (systemd, Wayland and so on). Selling support is a lot easier when the pertinent bits are developed ‘in house’.
It’s important to shelter and nurture distros developed by passionate volunteers rather than employees. We may otherwise end up with another UNIX (opaque and bloated). We don’t need another Apple, do we? █
Summary: Another Linux Foundation (LF) group seems to have been taken over by the company that’s attacking Linux and attacking real security (as opposed to fake security or back doors in the name of “national security” — the Trojan horse for imperialistic coercion, worldwide)
THE Linux Foundation-linked boosters are at it again. They’ve been doing puff pieces this Thursday night (in CBS/ZDNet/TechRepublic and the LF’s spam site). Well, between the lines we find that OpenSSF was already infiltrated — and is now headed — by Microsoft (the NSA’s back doors giant, not to mention the PRISM pioneer), so the so-called ‘Linux’ Foundation is a total farce again, serving imperialism and monopolistic agenda rather than true security that laughs off/rejects this agenda (disguised as “national security”).
“These people are indebted to and are thus obliged by their employer to put back doors in things.”Even Huawei has joined in (then SUSE wrote about it). Is that supposed to inspire confidence? The opposite might be true. Either way, this is another example of ‘Linux’ Foundation stuff getting taken over by Microsoft staff (taking salaries — and loyalty/obligations — from Microsoft, not the LF). These people are indebted to and are thus obliged by their employer to put back doors in things.
Incidentally, right about now Canonical associates with OpenSSF and uses its official Ubuntu blog to promote Windows and Microsoft agenda:
Phoronix and Liliputing are boosting this agenda again. Never mind if hardly anyone uses this EEE-type assault on GNU/Linux (we’ve seen similar tactics in the Bill Gates deposition). This is a natural extension of the anti-Linux agenda of Microsoft and it doesn’t bother these people/sites that WSL2 is a tiny niche of fools. As one comment put it: “I still don’t get that name. Shouldn’t it be the Linux subsystem for Windows?” (It’s Windows, not “Linux”, and it’s all about Microsoft being on top)
We suppose that in the coming days Microsoft will googlebomb the word “Linux” some more (to promote Vista 10). Forget about any notion of privacy and security in WSL/2, defeating the very purpose of this platform. █
Dr. Richard Stallman: It’s a disaster. Well, except that it’s not secure boot that’s a disaster, it’s restricted boot. Those are not the same. When it’s front of the control of the user, secure boot is a security feature. It allows the user to control what programs can run on a machine and thus prevent — you might say — unexpected malware from running. We have to distinguish the unexpected malware such as viruses from the expected malware such as Windows or Mac OS or Flash Player and so on, which are also malware; they have features that hurt the user but users know what they are installing. In any case, what secure boot does is that it causes the machine to only work with (?) programs that are signed with a certain key, your keys. And as long as the user controls which keys they are, then it’s a security feature. However, it can be chained into a set of digital handcuffs when the user doesn’t control the keys. And this [is] happening.
The Debian Project Leader, Sam Hartman, accused another volunteer of distributing it. Eleven months have passed. Nobody ever gave any proof about the source of this message. Sam Hartman lied. He whipped up a mob much like Donald Trump at the US Capitol siege.
Rogue elements of Debian take the approach that this is a hobby and they can do what they want. If we care about diversity that is not good enough.
A very long time ago Canonical enjoyed the support of many volunteers who donated their time and efforts to the Ubuntu community (gardening bug reports, reporting bugs, contributing artwork and so on). Canonical’s dealings with Microsoft did irreversible harm. Those started well over a decade ago.
Assuming we go down the trajectory of software freedom, the (wo)manpower will still be there, albeit redirected or funnelled into projects and initiatives that don’t merely ‘farm’ volunteers for free labour.
Content is available under CC-BY-SA