Let’s say, I create a bank with the caveat that all of my banking phone apps and webapps are FOSS (or if they depend on non-free components — banks probably do to communicate with each other —, then just OSS). Am I going to be behind the competition by doing this?...
The only false dichotomy I see here is the claim that you can have FOSS /OR/ expert oversight. There’s no reason why you cannot have both and hire expert oversight on a FOSS project (at least apart from reasons of the corp bottom line).
You also appear to equate FOSS with “security by obscurity”, which makes no sense. FOSS is not obscure, it’s the contrary. Non-free software makes use of obscurity, but that obscurity is not used as a basis for security. So neither FOSS nor non-FOSS inherently makes use of security by obscurity.
Financial reasons to not publicize the code are technical reasons. Finance is technical.
This is an equivocation fallacy. The OP’s use of “technical reasons” implied technological feasibility. You’ve introduced a strangely broad version of the OP’s use of that term in order to muddy the waters.
Absolutely, you are the company paying for all the work of the FOSS app, having to ensure it meets FCC regulations for banking. It’s a huge mess. Costs millions to do.
FCC regs, really? That’s comms. First I’m hearing the FCC regulates banks. But surely those regs must be quite lax because banks in the US are quite sloppy. One-factor auth is good enough… if someone gets your username & PW they can spend your money. US banks are putting their websites on Cloudflare, so all sensitive banking info and transactions is shared with a tech giant. Pretty much everything is outsourced, even simply printing statements, which puts a lot of eggs in one basket. US banks get breached regularly, like Capone who didn’t even bother to encrypt data at rest on Amazon’s server, so an Amazon contractor leaked the data.
With such lousy regulation, would it really be hard to get approval for a FOSS app?
Not quite sure what you mean. In the US, banks are constantly giving away free money and free stuff to open an account. Some people make a hobby out of opening accounts just to grab the free stuff and close the account as soon as the rules allow. Works great on college kids who can be bought cheaply… just offer a free t-shirt. Or if you’re in a red state you might get a free shotgun for opening an account (not joking… see Michael Moore’s film).
That was quite vague and still hard to interpret the trade you mention. But I’ll say generally security benefits from:
a good number of careful eyes on the code
bug bounty programs
audits
red teams
Closed source has the false sense of security pitfall, which stems from the mentality that code secrecy is a protection of some kind. That pitfall is avoidable simply by not using it as a crutch for lacking security. Open source automatically avoids that pitfall. Bug bounties (2) help get motivated eyes (1) on the code (eyes motivated by generous legit rewards, as opposed to the reward of a zero day in the wrong hands). From there, I see no advantage to closed-source here.
Think about it from a manager’s position. If they pay something for nothing extra (donate), they won’t last long at the company. They are attracted to 2 benefits:
shedding liability for problems by outsourcing
special pampered treatment (again via outsourcing)
Corps love commercial software because managers whose neck is on the line can point the finger away from themselves if something goes wrong with it (or so they think… which is what matters in the end anyway). They tend to consider FOSS when there is a fall guy. So e.g. they hire RedHat. But as I think the article mentions, that money doesn’t trickle down from there.
We used a FOSS compiler through a separate contract. The company paid a high price for pampering by the compiler supplier. And the support was magnificent. We got the “pro” version (which for the most part was just a newer release than the version in the commons & perhaps a few extras that were just more of a luxury). But it was really about the support. Anyone on the team could file a ticket with the compiler supplier. Not just for bugs and enhancements, but if something was unclear, or if we needed to know how to do something. They always responded well, gave tips, advice, and workarounds, and if there was a bug they fixed it and we got the fix quickly. They never dropped the ball. Our bugs and enhancement requests would then make it into the core product that benefited the commons. It was a good arrangement.
Then you consider our most heavily used FOSS tool apart from the compiler: emacs. We had an internal team who compiled it and injected our internal mods to customize it for the org. Not sure if any of our customizations would have value outside the org or if that team did PRs.
In short, it’s not enough to just maintain the code and hope for donations. You need to offer a support package that gives 1st class treatment to corps who would pay a premium for it. I’m not sure if the emacs project offers anything comparable to the compiler we used, but I could see the folks I worked for signing up for something like that.
We can make some headway by pushing govs to adopt OSS. The Italians have a law “public money → public code”. The whole public sector including public schools should be switching to open source. And part of that would compel contributions of some form. Whether it’s code contributions or payment for support. People should be demanding that their tax revenue is not wasted on software that does not enrich the commons. With profit-driven corporations it’s always a game where a number of variables have to be just right for the company. But the public sector is very much overlooked.
I recently looked at a Danish university and was disgusted with what I saw. They used MS Office and Google docs, and students were pushed to use those tools. They used Matlab not GNU Octave, because that’s what they saw industry using. Schools should be leading industry, not following it.
I can’t agree. You could perhaps say Matlab is the default/non-critically-analyzed choice for academia. GNU Octave uses the same language as Matlab. A student who masters GNU Octave will be able to use Matlab just fine.
IIRC, Matlab’s significant difference is Simulink. So if a class actually intends to cover Simulink then it’d perhaps be fair enough for just that class to use Matlab. But even that’s not ideal. Ideal would be the school paying students to add what’s needed in GNU Octave.
Mozilla is ~83% funded by Google. That’s right- the maker of the dominant Chrome browser is mostly behind its own noteworthy “competitor”. When Google holds that much influence over Mozilla, I call it a false duopoly because consumers are duped into thinking the two are strongly competing with each other. In Mozilla’s...
I’ve not been tracking them because I tend to only collect dirt on the greatest of evils. What comes to mind:
default search engine: Google (this is what that Google money is for officially)
Mozilla gave the boot to a lot of plugins and imposed some kind of control-freakish trust mechanism. Plugins/extensions were evicted from the plugin repository and they made it hard for plugin creators to distribute their plugins. I lost several very useful plugins when Mozilla took this controlling protectionist stance.
MAFF ditched. Mozilla abandoned a good format for archiving websites. I had a lot of content saved in *.maff files which Mozilla dropped direct support for and at the same time they blocked MAFF plugins.
Without Firefox, Google would be easily targeted with anti-trust actions. Google props up Mozilla just enough to be able to claim they have “competition”. Google can be most dominant when it has a crippled competitor under its influence.
Google killed the free world JPEG XL format. When a browser as dominant as Chrome withholds support JPEG XL, there is then no reason for web devs to use that format. Google did this because JPEG XL competes with a proprietary Google format. Firefox does not support it out of the box either, likely because of Google’s influence. Firefox users can enable it by going through some config hoops, so if Chrome alone did not kill it, that certainly would.
I vaguely recall a slew of Mozilla actions that were anti-thetical to privacy and user interests which caused me to move them from “a decent browser” to a “lesser of evils”. Hopefully others have better records of Mozilla’s history.
If a gov were to take that kit and create a public option which is then compatible with all web services deployed by that gov, I would applaud that for sure. Would be much better than govs being subservient to tech imposed by tech giants, constraining citizens to the will of a US corporation, and allowing the private sector control so Google can cancel things not profitable for Google (like JPEG XL). The public sector should serve the public people, not the private sector corps of other countries.
Like the default search engine is not an example of Google’s control, it’s Mozilla’s revenue model.
It’s both, of course. Mozilla’s revenue enables Google control. If Mozilla changes the default search to one that is not in Google’s interest, they will lose their revenue.
The remainder sounds like personal gripes that you’re misconstruing as evidence of nefarious intent.
It’s both. I’m a user so I notice when Mozilla makes an anti-user move. Businesses serve their customers. Mozilla’s customer is Google, not me. So Mozilla serves Google, not the users. W.r.t evidence, I gave no evidence. I did not say “this is evidence”. If you want to challenge a claim because you can’t find the evidence on your own, you can ask for the evidence.
And as I said, I did not keep track of all Mozilla’s anti-user shenanigans over the years. So you’re not looking at a complete list of issues. It’s disingenuous to treat it as if it were.
There’s also plenty of evidence to the contrary, total cookie protection to name but one.
I did not mention anything about cookies, so which of my points do you think cookie protection counters what I’ve said?
Additionally, beurocratic processes produce terrible software.
Nonsense.
First of all, capitalism produces terrible software when you’re the product rather than the customer. It’s often shit even when you are a paying customer. The best quality software is produced outside of capitalistic structures.
I’ve worked on both gov and commercial environments. The gov process was superior for quality. On a commercial gig I was actually told not to fix bugs as they were spotted because it was important for the customer to discover the bug & report it so the supplier could charge them extra for the bug fix. The whole commercial work environment was rife with chasing profit (of course) which means cutting corners to cut expenses. If a developer produces something high quality in a fortune 500 company, they get back-roomed for “gold plating” (which means they’ve invested more in quality than necessary for the consumers). That doesn’t happen on gov projects.
It’s also wrong to attribute bureaucratic processes strictly to government projects. You may have a shit-ton of bureaucracy in the governance outside of the project which leads to: “build a Mars rover”. How bureaucratic the processes are within the organization is independent of whether it’s a commercial project or not. Fortune 500 corps are inefficient due to their bureaucratic structures. I could not reuse code from one project to another within the same company because there were rules about one project benefiting from another internal pot of money. So a piece of code had to be rewritten from scratch on the other project which means more bugs than you would have if the audited code could have been reused.
I think I used to know that. Thanks for the reminder.
Regarding your 2nd paragraph, that’s indeed what Cloudflare has started offering. Your browser is moved to the cloud and you effectively run a dumb terminal and get remote desktop of sorts. I think it’s pitched as a security benefit. Cloudflare has a tendency to always assume everyone fully trusts them with everything. Indeed the technology is great for snoops who want to see everything you see and do.
I just had a look at Debian’s official repos. No Safari browser. Did a search… found “how to install Safari on linux… start by installing WINE…” (yikes)
So in terms of a government offering public services that need to serve all people, Safari is not an answer unless the gov finances porting it to linux.
My comment does not imply when the first browsers were developed. Nor is it relevant. The problematic status quo sequence:
offer web-based gov services
leave people to their own devices… to fend for themselves and pawn themselves to the private sector as needed to reach public resources
.
The sequence should have been:
ensure sovereignty-respecting public tools exist
offer web-based gov services that officially support the tools distributed in step 1
.
The internet began as a military project (government). The graphical web later emerged in the 1990s. So all governments have had 25+ years to become sovereign and ensure that the gov itself is not subjecting people to a US surveillance capitalist.
It was only in the past ~2—3 years that my local government closed its doors and decided to force everyone to do public administration tasks online. Indeed things are happening in a reckless sequence of events. Sovereignty from US tech giants should be sorted out before a government forces people to interact with their web-based services. So w.r.t my local gov, the status quo (first sequence) now has a third step:
force people to use the web-based gov services without equipping them.
.
Do you see the problem? Step 3 is the most abusive, and that’s quite recent.
Millions = mere peanuts, for developed countries. That price tag is also a good reflection of the degree of privacy people are being forced to compromise in order to finance the development and maintenance of Google Chrome. A gov has a duty not to subject its people to arbitrary privacy abuses. Yet some govs are designing web services for Google Chrome and then forcing people to access those services online by removing the offline option.
Sounds like a great idea, so long as Servo has not sold out to Google in any way. If Servo is really an independent browser govs would do right by the public to make that browser officially supported by all web services by the gov and do the necessary to ensure the Servo project is funded.
Even in the US people are forced to use the web for public service even if it’s not officially announced.
E.g., suppose you want to see the state secretary’s records for a corporation. A lot of SoS websites try to force you to solve a #CAPTCHA. Fuck CAPTCHAs. I don’t do CAPTCHAs. So there’s an offline option, right? Ha. Try it. Send a snail mail letter to a state secretary requesting the registration records for an arbitrary business you know they should have records on. They just ignore it now. They don’t even have the courtesy to respond to say why they will not treat your request. Offline services have been quietly taken away without people even noticing.
This misses the point. Governments are designing web services for Chrome. So you have two choices:
pawn yourself to Google and use Chrome; or
experiment with unsupported browsers, which even if they work you’re still limited to the window of standards Google decided was good for their business
It’s a lousy idea. The gov should be supplying services that are wholly free of Google’s influence.
SoS records are state records, not federal. Are you saying every state shares their corporate database with LoC?
I would not be as fast as you to call the web a mere “convenience” to 99.9% of the country who are not a walking distance from Washington DC. If the analog way of doing something requires thousands of miles of travel, the online way is not a mere convenience. It’s a requirement, in effect.
BTW, it’s worth noting that the LoC has an access restricted Cloudflare website. So their exclusivity makes an offline option essential. If that means face to face in DC, that’s fucked up indeed. You should be able to use the postal service.
First of all choosing the subset of standards that Google chooses is a sovereignty problem. Gov services should not be constrained to what Google in the US decides to implement. Of the 3 browsers you mention, Chrome is subject to google snooping. Firefox is limited in Google’s influence as well. And Safari only serves Microsoft and Apple users officially.
The gov need not produce a browser from scratch, but they need to officially support a non-controversial browser that is not tied to US tech giants.
Pre-web, postal correspondence was treated. Now it’s not. Convenience and difficulty are inversely proportional measures of the same thing. When you take away one out of two options, the other option is not a convenience. It’s a requirement.
The idea that you think people nationwide traveling to DC to get a business record is mere inconvenience is absurd. Are you drunk? You’re making a lot of bizarre assumptions, starting with assuming the travel is even possible for everyone nationwide who needs the service. If someone needs to sue a company for $200 and travel costs to DC to get the registered agent of the company is $400, you’ve effectively killed their access public service by nixing correspondence.
Your perverse understanding of convenience is ultimately just a language game that changes the language but not the problem. So let’s say traveling from California to DC to get an address is a mere “inconvenience” and using the web is “convenient”. That so-called “convenience” is essential in countless scenarios. And because what you refer to as “inconvenient” is actually not plausible in a scenario, the need for convenience in your language becomes essential.
Yes, these things are inconvenient. Meaning they are achievable items but at some personal cost and effort. They are not insurmountable.
You’re not getting it. It’s not achievable.
Pre-web:
cost of posting a letter to the secretary of state: 55¢
filing a lawsuit for $200: $90
return: $289.45 ← achievable because this is a positive number
Post-web:
cost of travel to Washington DC: $400
filing a lawsuit for $200: $90
return: -$110 ← unachievable because this is a negative number
Do you understand the math? Pre-web, it was possible to sue a corporation for $200 and recover $199.45 of that. Post-web, that is insurmountable. If you try, you lose even if you win the judgement. Post-web, the only way to win that case is to use the web. You are therefore forced to use the web in the US.
And a new browser isn’t going to change anything.
Of course it does. A public option can give sovereignty from US tech giants. Otherwise you have the injustice of a government forcing people not only to use technology but to subject themselves and the people to the influence of surveillance capitalists.
It’s not the governments responsibility to ensure that a law suit is profitable.
Nonsense. Of course we expect to get a court remedy when a business or person scams or cheats another. Otherwise why even have civil courts? It’s a foolish idea to think the government has no responsibility in providing a functional justice system. Where do you think the responsibility for justice in disputes lies, if not the government? You have don’t even have leverage to negotiate an out of court settlement unless the threat of losing your ass in court is real. Even if you live in a small indigenous tribal community, there’s a tribal leader serving as the “government” to arbitrate disputes.
It’s noteworthy that you used the term “profitable”. When I wrote the example I had recovery of actual damages in mind. But that’s fine, we can run with that too. When a lawsuit generates profit, that means we’re dealing with tort or statutory damages. Since it would be small claims, we can nix tort. Statutory damages refer to situations where the law sets out a penalty for violators whereby victims need not show actual damages. E.g. telemarketers breaking the TCPA, or credit bureaus breaking the FCRA. In these cases, the people elected Congress to write law to protect consumers, and as representatives of the people Congress opted to codify statutory penalties that are directly actionable by victims. Of course the gov has a responsibility to support their own law and make violations thereof actionable. This is what they were elected to do.
And a new browser isn’t going to do what you think it is. Any attempt by a government to create a browser is just going to use Blink anyways.
You’ve misunderstood my position. This is also non-sequitur logic. Blink is not a browser, so if you build a new browser which makes use of Blink, it’s still a new browser. (Hence the non-sequitur). From there, whether Blink is sufficiently brand-agnostic to effectively offer sovereignty from tech giants is a separate question. If yes, then Blink inside of a Google-free creation is fit for purpose. If not (due to Google steering things even from the rendering engine), then Blink would defeat the purpose and thus it would be unfit for purpose.
In that case it would depend on whether “reskinning” implies forking. If they fork and exercise control over the code thereafter, that’s fair enough. Otherwise, no… it’d be insufficient to secure sovereignty from Google if the code continues to simply automatically mirror Google’s.
It does. That’s the reason for forking. You get control. If you don’t, then you’ve done something wrong.
A forked version of chromium would still want to keep up to date with the upstream project.
That’s the choice of the fork owners, because they get control. They can take or leave upstream changes at will.
You seem to view this public option with an unrealistic view of how software development works. Especially in the public sector.
I’ve worked on software projects in both the private sector and public sector.
Somebody comes in with a requirement to do something in the fastest and cheapest way possible.
This reflects an unrealistic view of how public sector software development works. What you describe is how the private sector works. You cannot superimpose your understanding of the private sector on the public sector and assume it works that way.
The engineers go off and fork chromium and simply reskin it because that meets the brief.
It depends on the budget. Public budgets can be tight and they can be loose. It’s a spend-it-or-lose-it scenario. If you do not spend every dime of your annual budget, you get a smaller budget next year. So there’s a unique incentive to spend in the public sector. If (and only if) the budget is tight, indeed they would fork something (not necessarily Chrome).
And that’s merely the start of the project. In software development, we don’t just build something and walk away from it. Especially for government projects - the software is continually under maintenance. So after the fork (if that’s what the budget is limited to) the project does the necessary to meet new requirements as they emerge.
The public sector isn’t going to be interested in trying to make the optimal browser if they are forced to create one. They are going to be interested in meeting the brief in the fastest and easiest way possible.
That’s not how the public sector works. It’s a world of difference between the private sector. What you’re describing is the private sector. Unlike the private sector, public sector workers are not blocked from “gold plating”. Public sector workers have the freedom to produce polished work. Their wages tends to be lower than what they would fetch in the private sector, but what they gain is intellectual freedom and creative license. This is why NASA workers love their work environment and employee retention is high despite relatively low wages.
It doesn’t matter what that expenditure amounts to. Whatever that figure is, Microsoft recovers it. I guarantee you it’s profitable for Microsoft in the end.
The reason why firefox and chrome work so well, is that they literally have been in development for over a decade.
How can you say they work well?
Basic functionality is still crippled. For example, when images are disabled in Chrome, animated GIFs are still downloaded and played. Chrome does not even have the option to disable animations. When both images & animations are disabled in Firefox, animated GIFs are also still downloaded (wasting the credit of those on fixed bandwidth plans and thus defeating the purpose for those who would use the feature)… but they are simply not played automatically. Great.
These are not just bugs… these are the sort of blunt stark defects that do not reflect the quality of mature projects. I mean shit, still today cannot disable animations in Chrome despite bug report 14 years ago. WTF. That is not “working well” when it can’t do something that basic.
Since last year, republicans have launched a campaign to get conservatives on school boards. This is the political party in the US who favors privatization of everything. They are sympathetic to giant corporations and champion #citizensUnited (which elevates corporations above humans). #Ohio has a large number of extremists...
#Apnews is Tor-hostile. I do not support excluding people so I shared a link that is open to the public and inclusive.
If AP News would have also blocked archive.org (thus public libraries) then I would not have shared the link at all — out of respect for #netneutrality (access equality).
The #FSD purpose is to help people “find freedom-respecting programs”. Browsing the directory reveals copious freedom-disrespecting resources. For example:...
As far as Cloudflair… they are a CDN. relax. Nothing is locked there
Nonsense. Cloudflare (a proxy not a CDN) is exclusive. People like myself are in the excluded group. If Cloudflare gives you no problems personally, then you are in the included group. It’s designed so those excluded are invisible to the included group. You can only see the barriers to entry if you are actually excluded.
First of all Cloudflare does not disclose to excluded communities why they are excluded. This non-transparency keeps the marginalized in the dark about both the technical criteria for exclusion and also the business reason for exclusion.
Why I personally have been excluded is irrelevant trivia. The full extent of CF’s exclusion is unknown but it’s evident that at a minimum these groups of people are excluded:
public libraries
Tor users
VPN users
CGNAT users (often poor people in impoverished regions whose ISPs have fewer IPv4 addresses to allocate than the number of users)
people who use scripts to access web resources (and interactive users who merely appear to be bots by using non-graphical FOSS tools, blind people IIRC as they are not loading images)
all people with a moral objection to exposing ~20—30% of their web traffic (metadata & payloads both) to one single centralized tech giant in a country without privacy safeguards.
I personally experience exclusion by all of the above except CGNAT.
Going way overboard to the point of being pure is one of the biggest issues the FSF has in terms of relevance and your suggesting they go further down the rabbit hole.
Framing inclusion of all people as a “purist” agenda is a bit rich. The Universal Declaration of Human Rights doesn’t say it’s okay to deny equal access to some people. for example. And we don’t call the UDHR “purist” or extremist for being all inclusive. Being inclusive is where the bar should be set. It’s achievable and there are some projects that prove that.
It is better to direct people to good FOSS they can and will use then some imagined pure breed that no one will ever use.
You’re not grounded in reality. Tagging anti-features does not lead to “some imagined pure breed that no one will ever use.” Nor would anyone avoid listings which have no anti-feature tags. It’s the contrary. Projects that lack anti-features are superficially attractive.
Biggest issue with github is that it mixes FOSS and non-FOSS and even worse not all projects have clear licensing.
That is not the biggest issue with Github. Github is exclusive, feeds copilot, feeds a company that’s antithetical to the FSF mission, among other issues that were listed in the OP.
Also, loading images has nothing to do with not passing the Cloudflare check.
Cloudflare is anti-robot. It’s one of the things they’re not secretive about. Robots do not load images because they are scraping textual information into a DB. Not loading images is relevant to bot detection and triggers anti-bot blockades. So bot creators will sometimes code their bots to needlessly fetch images in order to appear more human.
Like, phone screens could just display black for a blind user. But they don’t.
But they should. The reason they don’t can only be attributed to no one making the effort to extend the battery life for blind users. If the option existed, why wouldn’t blind people use it?
I have a few disabilities myself, and know a couple people who are blind. They just use Firefox.
Certainly you can’t speak for blind people by finding a few who have not realized they can disable images. This does not mean more advanced blind people have not done that. My vision is fine and I still disable images in Firefox in part to not waste bandwidth. Obviously I would keep image loading disabled if I were to go blind. The only reason for a blind person to load images (apart from getting help from someone else) is the same reason bot authors do it: to avoid being treated like a bot.
Sounds to me like this is the kind of abuse blocking any site would use not just cloudflair. Do you have any evidence that Cloudflair is unique in any way in this?
That’s not a meaningful comparison. Blocking sites do indeed block differently in various different circumstances & discriminate against different groups of people. There are patterns (like Tor blocking) but the meaningful comparison is CF to inclusive sites. E.g. gnucash.org. Gnucash demonstrates how a website can be deployed in an inclusive manner that respects user’s rights.
Cloudflare is unique in how it deceives its users (e.g. tells its users they have a “zero trust” model when in fact you must trust CF with visibility on all traffic payloads). CF holds the SSL keys, unlike other implementations. The recommendation to anti-feature tag CF sites would cover the vast majority of exclusive access-restricted projects. But if a link leads to a rare Siteground site, that should also get an anti-feature tag for being exclusive.
I mention this because I am not sure not using Cloudflair would change much.
Of course it would. Cloudflare brings in a long list of problems. Not using CF (like gnucash.org does) solves all those problems of exclusivity and privacy.
You would have to use another CDN or build your own solution. Abuse is a real thing and is the reason we cannot have nice things.
The Gnucash project disproves this. Furthermore, a CF link can often be replaced with an archive.org link.
Bruce Schneiere has frequently covered data sharing between US tech giants and intelligence agencies in his blog. It’s widely accepted. To call that a “conspiracy theory” is severely out of touch, post-Snowden revelations. At best, it’s only true as a technicality (that is, the US does not admit that the Snowden leaks are real so the official narrative still differs). It’s naïve to accept the official narrative and ignore Snowden’s leaks. Bruce Schneiere concurs with Snowden’s revelations & often acknowledges in his blog that that info sharing is going on.
That said, I do not see your specific claim about the NSA in the document that I linked, which is well cited. Which paragraph number are you referring to?
Being able to see bug reports is not required to use the software.
That doesn’t quite answer the question. Nor is it strictly true. Bug tracker info is rich in workarounds for problems that hinder the use of the software.
You’ve made the decision to block Cloudflare,
Cloudflare’s decision, not mine. Cloudflare along with projects that use it made the (often unwitting) decision to block me, among other excluded people. Could I have executed Cloudflare’s non-free javascript to use the website, which is pushed contrary to FSF criteria C0? Perhaps, I didn’t try. Though I’ve run their garbage in the past and found that it rarely works anyway because the CAPTCHA servers themselves tend to be tor-hostile.
It’s worth noting that when execution of JavaScript of any kind is imposed in order to obtain information, it’s not a document; it’s an application.
Expecting free software developers to ensure that every single part of the experience is seamless for users who decide to block certain services is not reasonable.
Expecting FSF to facilitate exclusion of free software documentation and resources (the status quo) is not reasonable.
All important site functionality that’s enabled for use with that package works correctly (though it need not look as nice) in free browsers, including IceCat, without running any nonfree software sent by the site. (C0)
Does not discriminate against classes of users, or against any country. (C2)
Permits access via Tor (we consider this an important site function). (C3)
V. A person’s right to use a library should not be denied or abridged because of origin, age, background, or views.
VI. Libraries which make exhibit spaces and meeting rooms available to the public they serve should make such facilities available on an equitable basis, regardless of the beliefs or affiliations of individuals or groups requesting their use.
VII. All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.
The Universal Declaration of Human Rights is also reasonable:
art.21 ¶2. Everyone has the right of equal access to public service in his country.
art.27 ¶1. Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.
These are good ideas. These fundamental principles & rights are a minimum low bar to set that cannot be construed as “not reasonable.”
If Cloudflare links in the #FSF#FSD are replaced with archive.org mirrors, that automatically invokes the Library Bill of Rights (as InternetArchive is an ALA member). The LBR is also consistent with FSF’s principles.
30% at most. Cloudflare compromises ~20—30% of the web and non-CF tor blocking is almost insignificant (likely in the 5—10% of non-CF sites range).
and for good reason
Most of the above-mentioned CF portion blocks Tor out of naïvety. They’re just blindly running with the shitty CF defaults not knowing they can whitelist Tor. Most don’t even know they’re blocking Tor & many don’t even know what Tor is.
But the legit users pale in comparison.
Nonsense. Most Tor users are legit. You’ve apparently been reading Cloudflare’s propaganda where they claim irrationally Tor users are mostly bad actors. It’s a false claim.
If you run a financial institution, for example, or anything that houses sensitive personal information, are you willing to allow an entire threat model to attack, just to let the handful of legit users from that model? No. You wouldn’t.
I insist on using Tor to access my bank account. Banks admit in their ToS that they use customer’s IP address for the express purpose of tracking & logging their realtime location. Some banks are more competent than others. If a bank’s security relies on arbitrary pre-emptive blocking based IP reputation, their security is not up to scratch.
Likewise, there are FOSS projects that also demonstrate ability to serve Tor users. This will stand out when anti-feature tags are applied.
For example would you visit a website if it was hosted on Windows server?
It depends on how it is hosted. Is Tor blocked, thus forcing me to reveal metadata that identifies me to MS in order to reach the resource? If yes, then no, I would walk. Is it enshitified with popups & CAPTCHAs? If yes, then no. It comes down to what information must I share with who and what hoops do I have to go through.
If the website is sufficiently usable without unreasonable data compromise, then the mere fact that MS is in the supply chain would not stop me using it. This is only due to global lack of social advancement. That is, when we are up to our necks in garbage, who we choose to support (and to what extent) is relative. If Cloudflare did not exist and the communities being marginalized by CF were liberated, then there would be a theoretical point where a 100% boycott on all things Microsoft would be sensible. ATM, we’re not even close to that degree of progress where picking that battle would be wise.
I’ve known people who were absolutely like this, who wouldn’t use a site/service/etc. because it wasn’t on a 100% FOSS stack. It’s tiresome.
It’s tiresome that exclusivity & enshitification persists on such a huge scale which encumbers people on a daily basis because there are so many pushovers feeding & pushing shitty websites. The digital rights movements are starving for more people with integrity.
I’m all for open source, open standards, being able to modify and share the tools you use, etc. But people like that are extremists who seem to go out of their way to undermine their own credibility and message.
It’s the hypocrisy of not practicing what you preach that undermines one’s own credibility and the digital rights mission. Quite perverse to claim the contrary— that adherence to one’s own ideology in practice would “undermine their own credibility and message.” It’s tiresome to see digital rights activists needlessly using contradictory tech that’s antithetical to the purpose they claim to support.
I just encountered a website that uses alt=“” on buttons. That means the text description of the button is unreadable in GUI browsers. Mouseovers were coded so you can only get the description in GUI browsers like Firefox by hovering the mouse over the icon. Lynx renders the mouseover text in place of the button. So a screen reader would work on Lynx but not on Firefox for that website.
Indeed there is a big difference between warranted sharing and unwarranted sharing. The Snowden leaks are not about warranted sharing. There is no controversy over warranted sharing. You only muddy the waters to bring that up. It’s wholly irrelevant unless you are still actually claiming that the only sharing going on is warranted, which again is severely out of touch. You’ve not been paying attention to the Schneiere blogs. You should read them before discussing this topic. There are dozens of ways the unwarranted sharing occurs between intel agencies and tech giants, from simply buying the data commercially to backroom deals to inteligence insiders to outright malicious hacking exfiltration (which sometimes includes paying or pursuading the tech giant to simply neglect to fix a bug that the exfiltration relies on) to intelligence agencies handing a box over to the tech giant saying “here, just plug this box in on your LAN and pretend it’s not there - ask no questions”. All of those methods have been detected and exposed. It’s all there; inform yourself; I’m not going to do your homework for you. The HOW is irrelevant to the mere point that the data sharing happens without a warrant.
Look through the repository you linked, it’s in there.
We all are pretty annoyed at how the printer industry is screwing customers over. There are a few printers that are really good but most of them suck and try to suck out your money by demanding ink when none is needed....
the manipulators are doing their job and are to blame
Yes, I agree. But our blame on them doesn’t matter if we aren’t going to make the blame accountable by boycotting. Shareholders are happy to pat them on the back when the manipulation succeeds & brings profits.
Also what does boycotting matter when the government will bail out a company that is failing.
I do not believe that if HP were to fall due to a boycott that the gov would bail them out. Such a bailout would be extremely unpopular among the public (who opted to boycott HP).
Boycotting is the only tool in our toolbox. I would love to have a different toolbox.
HP has their hands in a lot of places. They even work as contractors for the IDF (Israeli Defense Forces). They offer services to govs who instead of buying HP computers they hire HP to deliver PCs that HP maintains. If private individuals would boycott HP extensively it would not sink HP but it would force HP to shrink by killing off their most shitty flimsy consumer products. A corp cannot justify to its shareholders an unsustainable money losing endeavor. HP would be forced to just focus on their industrial products.
The problem with the Boeing comparison is Boeing does not need a bailout due to a boycott. The pandemic is one of the cited factors for Boeing’s failure (accurate or not; optics matter. It’s a shame they had that excuse). So Congress believes a bailout is not wasted money. If Boeing were boycotted into need for bailout, it would not be feasible for Congress to save them. Boeing also has its hands in aerospace and defense to a much greater extent than just 7(X)7s, but those segments of the business could always be sold off to Lockheed Martin.
BTW, I boycott #Boeing myself. Boeing is an #ALEC member among other wrongdoing particularly in how their greed caused the aircraft crashes, death, and coverups. Ethical consumers have no choice but to boycott Boeing.
[resolved] Finance community unreachable
When trying to access beehaw.org/c/finance it gives a 502 bad gateway – “Worker Bees are busy updating the website”.
What's stopping banks from creating FOSS (or atleast open-source) banking solutions (apps)?
Let’s say, I create a bank with the caveat that all of my banking phone apps and webapps are FOSS (or if they depend on non-free components — banks probably do to communicate with each other —, then just OSS). Am I going to be behind the competition by doing this?...
The Lack of Compensation in Open Source Software is Unsustainable (trstringer.com)
Chrome & Firefox are a false duopoly. Do we need another option? Should there be a public option? Should it come from Italy?
Mozilla is ~83% funded by Google. That’s right- the maker of the dominant Chrome browser is mostly behind its own noteworthy “competitor”. When Google holds that much influence over Mozilla, I call it a false duopoly because consumers are duped into thinking the two are strongly competing with each other. In Mozilla’s...
A new pilot will investigate the use of Forgejo (A non profit FOSS alternative to github and gitea) in german schools (blog.codeberg.org)
Free software in education will take a step back -- republicans are going after school board positions nationwide in the US (web.archive.org)
Since last year, republicans have launched a campaign to get conservatives on school boards. This is the political party in the US who favors privatization of everything. They are sympathetic to giant corporations and champion #citizensUnited (which elevates corporations above humans). #Ohio has a large number of extremists...
When the FSF Free Software Directory directs people to freedom-lacking places
The #FSD purpose is to help people “find freedom-respecting programs”. Browsing the directory reveals copious freedom-disrespecting resources. For example:...
FOSS-Firmware for printers?
We all are pretty annoyed at how the printer industry is screwing customers over. There are a few printers that are really good but most of them suck and try to suck out your money by demanding ink when none is needed....