not all change is progress
October 3, 2016
Direct download links: MP3 & Ogg
01:01:36 Rob Landley Interview
With GPL enforcement back in the news, we thought we’d cut through the bull and speak to someone who’s been there, done that, and only got a very tattered T-shirt in return. So, after our usual news and feedback, we welcomed Rob Landley back on the show to find out about real-world enforcement, and to talk a little about Linux’s rise to prominence.00:04:55 News
B2G OS and Gecko Annoucement (sic)
Pursim phone survey
Chromification Continues: Firefox May Use Chrome’s PDF and Flash Plugins
Mozilla wants woeful WoSign certs off the list
Google Chrome Beta For Android Now Lets You Play YouTube In
Google Announces YouTube Go in India: The Data-Friendly Way to YouTube
Google Allo’s limitations explained in one word: “India”
How Allo and Duo Want to Complicate Messaging by Fracturing the Market
Google Allo review: This is fine
Google backs off on previously announced Allo privacy feature
The Slashdot Interview With Raspberry Pi Founder and CEO Eben Upton
What’s really going on with Microsoft, Lenovo and
Microsoft aren’t forcing Lenovo to block free operating systems
Lenovo, Intel, Synaptics, and PayPal are working to kill passwords on your next laptop
it! begins!! Yahoo! sued! over! ultra-hack! of! 500m!
InfoArmor says Not a State Actor
Congressional Leaders Demand Answers on Yahoo Breach
Defending Against Hackers Took a Back Seat at Yahoo, Insiders Say
2016 On Track To See Over 1 Billion Records Breached
Changing Passwords After a Breach Is Still Way Too Hard
Should you trust sites like https://haveibeenpwned.com?
ORWL – The First Open Source, Physically Secure Computer
A huge thank you to Thomas Denning for your PayPal donation, and to Gabe Norwood and David Lindberg for joining our small but honoured band of Monthly Supporters. Thanks, guys!
We mentioned Linux Presentation Day 2016.2 on October 22, do have a look to see if an event is happening locally.
The age-old question of quantity versus quality in FOSS projects was raised by CubicleNate, and Marian Gasparovic got in touch regarding one of the newest, the Nextcloud Box.
Jon Spriggs pointed out that we’re just entering Hacktoberfest, which is a great excuse to get involved in a project; and Jesse extended his thanks to both Jon, and also Jerry (from the Admin Admin podcast), for their firewall feedback.
Lars Falk-Petersen flagged up his project to us,
which finds an interesting use for the venerable
finger command, and a question from Dave
Lindberg allowed Joe to once again plug Boot-Repair.
01:01:36 Rob Landley Interview
We last spoke to Rob in show #11, so felt it high time we had him back on. Starting off with the recent brouhaha on the Kernel Summit mailing list, we touched upon GPL enforcement, the historical context of the success of Linux, how Rob’s Toybox project (now in vanilla Android) is progressing, and the future for the Linux desktop — which Rob firmly believes is in mobile. Once again, thanks for your time, Rob!
“We mentioned Linux Presentation Day 2016.2 on October 22, do have a look to see if an event is happening locally.”
The more important recommendation would be: “Organise an event. Even a single person has a good chance to get that done.” We have 70+ cities in Germany (2016.1 and 2016.2 altogether nearly 90) but the highest number abroad is five (if you ignore Italy where the situation is special). The LPD does have the potential for many hundred locations in a country the size of Germany but you need somebody with much time for calling enough potential hosting organisations. We cannot do that from Germany for the other countries.
The GPL was a success and gave us Peppermint Linux 7.
The BSD license has not been as successful. Case closed…
The people have voted.
Clearly an unassailable argument. We’ll try to get
Rob on in the future to admit the error of his
[And good to know you’re still out there and listening :)]
Judging by the previous pattern (episode 11, episode 88) you can’t have me on until episode 99 at the earliest, because the first and last digits won’t match until then.
As you know, I’m from Oklahoma. A state where we can not
vote for Jill Stein and we are forced to buy “earthquake
insurance”,,, mainly because Oklahoma feels corporations
have some right to destroy other people’s property at
will, so long as can produce some oil and make jobs.
Let me just say, the people who claim that by just releasing your code with a BSD license can somehow reduce your chances of being sued are making fraudulent and inaccurate statements.
Secondly, the contents of the interview showed us that if these idiots just released their ‘worthless patches”, they wouldn’t have had to go through this pain to being with. It seems he has some sympathy for corporations who have been punished by unfair systems,,, or some crap like that. I mean it’s worse than stupid.
And he’s upset that the FSF went after some corporations which were run by stupid people.
Damn my soul to hell for being anti-corporate, anti-stupid, and pro GPL.
Oklahoma is deeply screwed up, yes. (And Kansas even more so.) But thinking that the enemy of your enemy is your ally means that if two lions fight over who gets to eat you one of them is on your side. I think that everything the FSF has done for the past quarter-century ranges from ineffective to counterproductive. I think the DMCA and the Sonny Bono copyright extension act were BAD things, yet the FSF is _for_ them if it makes the GPL more enforceable.
The Linux Foundation (which is a trade association, not a 501c3) does not speak for Linux Torvalds (who’s in his 40’s now and less world-changing than he used to be), nor does the FSF (outright loons), nor does OSI (don’t get me _started_ on them, my longest writeup of “Why 0BSD” so far is also an anti-OSI rant, https://lists.spdx.org/pipermail/spdx-legal/2015-December/001574.html although not as much of one as https://lists.spdx.org/pipermail/spdx-legal/2015-December/001600.html), nor does the Austin Group (the people who update Posix and have Jorg “Linux Sux Solaris Rules” Schilling as its most prominent member)…
Nobody’s perfect. You ally with people and organizations to promote certain issues and play them off against each other to block others. As the old saying goes, a fanatic is somebody who redoubles their efforts once they’ve lost track of their goals, and that’s the FSF in spades these days.
A BSD license is not public domain, there was a whole section they edited out (or possibly it was after we stopped recording) about public domain vs BSD. The reason lawyers _like_ BSD is you can sue people over it, the big case of course being https://www.bell-labs.com/usr/dmr/www/bsdi/bsdisuit.html The reason I did “zero clause BSD” (and walked it through the spdx approval process, and then defended it from OSI’s cluelessness) is it’s a public domain license that _looks_ like BSD: http://www.openwall.com/lists/musl/2016/03/23/11
I.E. I gave them something that LOOKS like what they want, but does what I want, and both sides walked away happy.
Seriously, I linkbomed the Luddites with SO MANY REFERENCES to so much backstory on all this. Maybe I should try to glue it together into a post somewhere, but there’s always more backstory…
Very interesting discussion with Rob, especially the parts about the fruitless lawsuits and the reasoning for Google closing off more and more of Android to shield it from terrible code from carriers and manufacturers. The history was interesting as well, though I think he mainly explained that Linux was initially created without a thought about its license and did not get to the question of why something with a more permissive license like one of the BSD’s has not overtaken it in the twenty plus years since.
It would be interesting to hear you bring on someone with whom you disagreed more — maybe someone aligned with the FSF or SFC?
I usually say something about the Mozilla stories you cover. All can say is that I didn’t realize there parts of Firefox that could still be made more like Chrome. I guess I’ll start preparing myself for the announcements that they are switching from Spidermonkey to V8 and Gecko to Blink now. You can use Firefox in multiprocess mode now if you disable extensions or make sure that you use only compatible extensions (see e.g. https://blog.mozilla.org/addons/2016/09/07/help-make-add-ons-multiprocess-compatible-with-add-on-compatibility-reporter/).
Will — there is actually more of a spread of opinion on ‘software freedom’ amongst us than I think you’ve picked up on. I’m very much of the opinion that there is no ethical or utilitarian case for IP per se, so I clearly believe that even the existence of the FSF is ‘negative in the freedom dimension’ (to quote a certain rms ;), what with their whole shtick being predicated around the preservation and furtherance of (one part of) the IP regimen. Joe and Jesse have rather different opinions on the matter! And ever since airing our first interview with Rob well over two years ago, we’ve had a standing invite out there for Bradley to come on to make his case. That offer still stands, but we can’t force reluctant guests on air, I’m afraid.
Linux got three big boost’s in the 90’s: absorbing the minix community, pairing with apache to be the cheap way to deploy a webserver on an old 386 in a closet back when nobody had a budget for websites, and the 212% growth in 1998 was the Java developers switching over en masse after the 1997 usenix paper The Cathedral And the Bazaar convinced Netscape’s CEO to open source their browser make Linux a tier 1 platform. (Netscape had united the Anything but Microsoft crowd behind Java, all the old Amiga and Mac and OS/2 developers collected together and then funneled into Linux a few years later).
Yes, BSD had a problem of its developers getting harvested every 7 years or so: from Bill Joy hired by sun in 1982, BSDi hiring away Bill Jolitz and co around 1990, and Apple hiring Jordan Hubbard and to work on OSX in 1997. And people credited the GPL for preventing that (see the “fear of forking” essay)… but Apache never had that problem. It turns out that doing your development in realtime on the internet is a _more_ effective defense than any project license, but the full explanation of all this is longer than I want to type here.
Linux development was as online as Apache development. During Linux’s explosive growth in the 90’s there were tons of newbies and tons of people explaining things to newbies. Lots of other people had just learned this stuff and wouldn’t expect you to know it or look down on your for not knowing it. BSD was 20 years old when Linux 1.0 came out and its developers were set in their pre-internet ways. (They’ve crawled out of that hole a bit more recently, but breaking up the “base” package so the kernel, libc, and command line tools aren’t a single unified build was still “experimental” when I talked to them earlier this year.) Linux had perceived momentum at a time when BSD didn’t. (And despite that lots of stuff like Yahoo and Hotmail was based on BSD anyway during the dot-com boom.)
Also, Linux is modular in a way BSD isn’t. I didn’t need permission from the FSF or the kernel developers to work on busybox. On Linux if you want to swap fileutils for busybox and openssh for dropbear and cycle through libc5/glibc/uclibc/musl-libc/bionic you can just do it. BSD is a giant unified single build done by the same set of people, and I STILL haven’t managed to build the BSD kernel under Linux despite help from Kirk McKusick and Randi Harper. A Linux distro and a BSD fork are different because of that modularity, you can have Ubuntu fork off Debian and Mint Linux fork off that without any of them maintaining their own kernel. In BSD, you have a single source control tree with the ENTIRE OS in it, and any package that ISN’T in the base OS unified source repository is a second class citizen. That hampers your development scalability in a big way (and is what they’re _finally_ moving away from 15 years into the 21st century).
But again, I’m just touching on some highlights and not giving you the full details here because “way too long”…
About the 6:30 mark you were talking about android having fewer competitors. Related to that, I point you at this recent interview with Clay Shirky (the NYU professor who did all those excellent talks I keep pointing you at videos of) who spent last year teaching at NYU’s Shanghi China campus. He talks about chinese phone manufacturers and how they do and don’t use Google code on their android-ish devices.
Hey Rob, great interview (would have been happy for it to be longer!)
Regarding GPL enforcement. Agree that that *catching-out* vendors for non-compliance (only to get source code with no worthwhile modifications), does more harm than good. *
On the other hand if improvements are made to LibreOffice
and sold as binaries, without making source
I think this is an example where taking legal action (as a last resort), is reasonable.
* Of course you don’t know beforehand if the modifications are useful or not, assuming the software is in an area the company isn’t likely to attempt to have a competitive advantage… its fairly safe to assume they aren’t trying to out do everyone else by having a slightly better “ls” or “cat” :)
Glad you liked it. Sorry to be so rambling but there’s so much backstory to cover. (If you don’t understand why some projects succeeded and others didn’t, saying “it’s because Linus eats peanut butter, that’s why” is hard to argue with.)
These days we have an easier time reverse engineering hardware than merging vendor driver patches. A bunch of the drivers currently in the linux kernel (forcedeth, noveau, the r300 stuff…) were created by reverse engineering. There’s articles on how to do it https://www.linuxvoice.com/drive-it-yourself-usb-car-6/ usenix papers about it (https://www.usenix.org/legacy/event/hotdep08/tech/full_papers/chipounov/chipounov.pdf) and so on. Heck, lwn.net took people to task for spending more effort on reverse engineering than on supporting cooperating vendors: https://lwn.net/Articles/269562/
Even when people gift-wrap code and give to to the kernel developers, it often doesn’t go in for years. Here’s the squashs maintainer describing the multi-year saga of getting squashfs into the vanilla kernel AFTER it was already shipped in every major distro: https://lwn.net/Articles/563578/
Worrying about somebody else doing a fork (open _or_ closed) that’s better than yours: who cares? Busybox can take any toybox code they like, mine’s public domain, it’s one way convertible to GPL. But the only toybox commands that have gone into busybox are the ones _I_ ported (patch, nbd-client, etc).
As for “the license makes them give us the code and that’s an advantage!” look at Android, a project that regularly releases code with binaries but doesn’t make too much effort to get it upstream. They go out of their way to publicize their code locations, provide repos with full history, make sure that it’s reproducible for people other than them, and yet large chunks of their kernels stay out of vanilla for a decade.
(Remember when MacOS X had “darwin”, because NOT having an open source base OS was considered a liability, even though it was all BSD licensed and nobdy was required to release anything? Darwin atrophied due to lack of interest, there wasn’t an open source community outside of Apple doing anything with it. OpenSolaris had more of a community than Darwin did. I gave an entire talk about open source community management at Flourish in 2010, but the recording is missing the first minute or so and has the audio screwed up. Sigh…)
Now look at somebody like https://github.com/EmcraftSystems/linux-emcraft which ports Linux to cortex-m back in 2010 and yet today (6.5 years later) there’s sort of cortex-m support in vanilla now but no actual boards that support it (and not one defconfig), let alone the boards that thing was supporting back in 2012 and such… (sure it’s public, completely GPL compliant, but nobody _cares_).
Then you get to “minimal legal compliance” stuff like Red Hat did when Oratroll started repeating everything they said verbatim (ticking off the community but being within their rights): https://lwn.net/Articles/432012/ where they’re not QUITE intentionally obfuscating it, but they’re not doing one thing more than the license explicitly requires.
Now imagine a company that forked its work off a 2.6.33 kernel, and their fork isn’t directly off vanilla but their own changes are based on their BSP vendor’s fork of android’s fork of the “stable branch” of vanilla. (Yes I’ve had to deal with that situation at previous employers). They provide source as one-big-tarball (no patches, no history) with generated files included in the tarball (no defconfig, they checked in .config) and a couple files that aren’t actually used but it takes some work to notice that (there’s a subjunction.c and subjunction2.c that 80% indentical and it’s using subjunction2.c and nothing uses the first one), and when you DO diff it you find they deleted a dozen files for drivers they’re not using and stuff out of Documentation for NO OBVIOUS REASON, and it’s on an obscure website with an 800 character URL full of punctuation that pulls stuff out of a database with a robots.txt that prevents search engines or archive.org from seeing it, the original development was done by russians who don’t speak english and then outsourced to taiwan for 2 years (ditto)… I could go on. Been there, done that. Not exaggeration, this is not even (remotely) a complete list of ways people screw this stuff up. (Why did you hardwire a cross-compiler name into your make files? Why do you run a series of scripts using python 2 _and_ python 3? No you do NOT get to use C++ in your driver, I don’t care how much “extern C” you spray it down with. It just goes on…)
And that’s before you get to “GPL shim” code and talking to another process through a pipe and various barriers to derived work status where this other code is not covered by the GPL. (Propietary firmware loaded into an on-device processor, the wireless card having a userspace helper so it can set the frequencies it’s allowed to use in this regulatory jurisdiction… How long until precompiled BPF filter binaries start doing significant processing?)
Technical compliance with GPL version du jour is less useful than you’d think.
As for an OpenOffice fork, whatever the “improvements” are, a healthy open source community tends to reverse engineer and implement new versions of them faster than you’d get anything via legal channels. Of course OpenOffice wasn’t a healthy open source community when it was run by sun (let alone Oratroll), but then X11 wasn’t a healthy open source community for many years either (until Keith Packard finally forked it back to x.org, but that was what, 15 years into Linux development?)
The Linux guys breaking their ABI every single release and ruthlessly mocking “out of tree” drivers (with taint flags and so on), even when those drivers are open source, has at _least_ as much to do with their success as getting drivers upstream into their tree than any licensing terms.
And yes, it’s official policy: https://www.kernel.org/doc/Documentation/stable_api_nonsense.txt Get your driver into the tree (even if, like Philip Lougher, you spend over 5 years doing it) or suffer forever.
P.S. Until recently we _had_ two active forks of OpenOffice. One maintained by Apache and one maintained by LibreOffice. Neither particularly pulled code fro the other after the fork, and the original (openOffice) doesn’t have a functional community because when Oratroll bought the code the developer base fled en masse to a fork.
x.org is under the original license xfree86 was under, in theory xfree86 could have pulled x.org code all they wanted. But x.org had the larger developer base (and keith packard, one of the original developers) and became what people wanted to use.
Back during that “patch penguin” thing (https://www.cnet.com/au/news/torvalds-developers-at-odds-over-linux/) I was talking to a bunch of kernel developers behind the scenes, and one of the burned out developers was Alan Cox, whose -ac tree was eclipsing Linus’s because Alan took patches faster than Linus did. Alan worried that his tree was on the verge of rendering Linus’s irrelevant, so Alan stepped back and took a year off from kernel development (went and got an MBA) to FORCE the community to fix the problem rather than routing around Linus (who is an excellent _architect_, and was just overwhelmed with the administrative work of patch review and email reading Alan is famously very fast at). In the long run they added a third layer of code review (the “lieutenants” or subsystem maintainers, between the MAINTAINERS file list and linus), and started using distributed source control systems (first bitkeeper, then git) to marshall large patch stacks between trees with the same amount of effort individual patches used to take.
That had nothing to do with license. They had to let development fork into multiple trees to increase scalability (the -ac tree already existed), and then adopted tools to merge trees faster and more easily.
The fact the various BSDs had their entire OS repo in a giant CVS repository at this time, and didn’t see scalability problems from it, had nothing to do with license. It had to do with how the projects were run: recruitment, training materials, sites like the old kernel-traffic and lwn.net and kernelnewbies providing development summaries (Jon Masters used to do a kernel podcast, there was a german magazine that had an excellent kernel column…) It was participatory, not exclusive. You didn’t have to be “good enough” to be a kernel developer, they used to take patches from anybody.
Less so now. I worry about the health of the community going forward. If the average age of your developers is Linus’s age, and he’s in his mid 40’s, what does the NEXT 20 years look like?
(The dominant OS 20 years from now will be what today’s teenagers want to play with as they level up. If you can’t interest newbies in your thing, it won’t outlast you. The barrier to entry for kernel development is a _lot_ higher than it used to be, and only getting higher…)
wow, very comprehensive reply :)
To address the comment: “Worrying about somebody else doing a fork (open _or_ closed) that’s better than yours: who cares?”
I think this works for areas where open-source has largely won, where the user-base expect free & open solutions and NOT being open-source is a hassle (kernels, compilers, system utilities, text editor, web-browser…).
Don’t forget there are still popular applications that have no good open-source alternatives (high end cad software, music composition, video editing, possibly accounting too).
If you’re starting out in a field dominated by closed products, where you may need to invest years of time before having usable software. This is an example where I think you *might* care if others fork your code-base into a proprietary product.
Also, your example of reverse engineering only works when you have enough developers.
As for all your other points, covering practical issues
overshadowing licensing issues – this matches my
experience, though I didn’t do kernel development.
I recall listening to some interviews where companies who forked FreeBSD regretted it, having a real hard time syncing their changes back with the latest version.
What a great episode with such great content! Everything, was simply tip-top.
Concerning the discussion on phones and mobile devices. I have done a lot of reading on the subject and it seems like there is still room for a 3rd party, of sorts. iOS and Android certainly have the lions share of the user base but I still think there is room for a FirefoxOS or a true Linux phone (or the others you mentioned… whatever). My thought is, it would be nice to see some sort of consortium of Plasma mobile, Firefox, Ubuntu, openSUSE, Fedora, etc pool some resources and develop real hard in the mobile space so that there is some kind of room for freedom in such a way that the work of one could feed into the other as it does on the x86 platform. I feel that there could be a really good mix of synergy combined with enough room individual expression… and I realize that could just be a pipe dream…
Selfishly, I want a little more “freedom” with my mobile devices. I appreciate all the work done on Android but the rumblings of walling off the garden is making me a little uneasy.
Thanks again for all you do.
Who is the #3 after PC and Mac? Who is the current #3 after Android and iPhone? Who is the #3 after Coke and Pepsi? Some markets seem to stabilize with a market leader, a designated alternative, and “everybody else”. It’s not that RC Cola is excluded, but http://www.theonion.com/article/rc-cola-celebrates-10th-purchase-1674 is funny because rings true. Blackberry, sailfish, mozilla’s phone, ubuntu phone…
I totally sympathize with wanting more freedom in mobile devices, it’s something we have to work at. Remember the PC didn’t start open: Compaq cloned it (and survived a lawsuit) and the platform gradually commoditized and got forced open. If I learned anything from OS/2 and BeOS and Linux On The Desktop, it’s that preinstalls matter. 20 years ago about 2% of the market was willing to replace the OS on their device, and if anything it’s gone down since then. We have plenty of open alternatives, OpenMoko predated the iPhone, let alone Android.
I have a concrete goal: I’m trying to turn android devices into a platform capable of authoring native software out of the box, and so far the android developers have been going along with it (although we’re maybe halfway there so far; I’m maybe 3/4 through my toybox todo list for 1.0, you still have to install “terminal” via the app store to get a command prompt even though the source is in AOSP, they don’t yet install a native llvm C compiler on target and although BSD is building with lld now android is still using binutils…) But we’re making progress, in a way that the FSF is directly opposed to because incremental progress doesn’t satisfy their need for ideological purity.
There’s plenty of other axes along which phones could be opened. Did you know that “baseband software” on most android phones is running on Hexagon processors, which Linux was ported to circa 2010? The “Qualcomm Snapdragon” SOC has 4 processors in it, an old armv5 boot processor, a modern arm “scorpion”, a QDSP4 embedded thing, and a QDSP6 which got renamed “Hexagon” a few years ago. Grab a hexagon version of objdump -d, point it at the baseband software blob, and reverse engineer it.
No shortage of todo items here…
This was a really good interview, and was the first time I’ve properly questioned my choice of software licenses, so thank you very, very much Rob.
The interview was imho very ranty, I couldn’t get through
it, and might have benefited from some moderation from
our luddites. (I get that that guy has strong passioned
opinions about this subject but no need to rant?)
but thats just my .973 euros.
Yeah… I had to fast forward through most of that massive filibuster. It might have been interesting if it was a conversation, not just one long preach.
Comments are now closed.
The content of this website, and that of the podcasts produced by the website owners, is licensed under the Creative Commons Attribution-NonCommercial 4.0 International License.