Caretaker of DS8.ZONE. Free (Libre) Software enthusiast and promoter. Pronouns: any

Also /u/CaptainBeyondDS8 on reddit and CaptainBeyond on libera.chat.

  • 2 Posts
  • 101 Comments
Joined 4 years ago
cake
Cake day: March 27th, 2021

help-circle


  • I’ll be “that guy”:

    F-Droid is a software repository, not an app store. The distinction is subtle but important. A software repository offers a community-curated collection of software packages whereas an app store is just a marketplace for software developers to offer products to end-users. A software repository serves the interests of its community first, whereas an app store is merely a means for developers to sell products to end-users.


  • There are those who believe that F-Droid’s role as a “middle man” vetting and building packages from source instead of blindly shipping builds provided by upstream makes it a security risk, because you’re trusting F-Droid in addition to (some say instead of) the upstream developer. Perhaps telling is that none of these critics can offer an alternative solution.

    Before anyone mentions Obtainium and Accrescent, these are not alternatives to F-Droid, they solve completely different problems.


  • This is why the marketing around flatpak bothers me. It’s touted as some kind of “universal Linux package manager” but Linux is just a kernel - all the stuff that apps depend on comes with the distro. So, in order for flatpaks to be “distro independent” they basically have to supply all the stuff that normally comes from the distro - effectively building a second distro on top of your existing one.

    Nix and Guix are the same but at least I think they’re more up front that they are effectively distros that can run on top of your existing distro or as a standalone operating system directly on top of Linux.


  • FUTO changing the definition of open source to suit their business model is like that time US Congress decided that pizza was a vegetable because it has tomato sauce.

    FUTO’s EULA may superficially resemble a true free software license (and may be good enough for you, personally) but it fundamentally undermines core tenets of the free software movement in order to preserve their business interests. All pseudo-FOSS licenses (whether of the “ethical” or the “business” variety) do this, because they prioritize the interests of the rightsholder above those of the community and the user. If important free software projects like Linux and Firefox were released under this license the free software world as we know it would not be possible.

    As proprietary licenses go, it’s certainly far from the worst.


  • Free software is a matter of liberty, not price. It is perfectly legal and ethical to sell free software. Keep in mind if you’re using third party code (whether it’s libraries or external contributions to your application) you must abide by the terms of whatever license it is under, this is whether it’s paid or gratis.

    It’s even perfectly legal to fork an existing free software project and sell it on the play store, although whether that is ethical or not is up for debate - depending on what efforts you put into your fork before selling it, an orthodox Stallmanist might have no problem with it but the original developer(s) of that code may perceive this as “theft.” Keep in mind you must abide by the terms of whatever license the project is under, so if it is a copyleft license like the GNU GPL you must either provide corresponding source code or an offer for such.


  • Assuming they own the copyright (which I believe they do, since they were able to relicense it to begin with) they can absolutely offer it under a dual licensing arrangement even if the licenses are incompatible. It would only be an issue if other peoples’ AGPLv3 licensed code was in there, but as it is not the only copyright they would theoretically be violating is their own, which is literally not possible.

    Dual licensing under a free software license and proprietary EULA is a common business model, especially when the free software license is a strong copyleft like the AGPL, since the proprietary licensors do not have to abide by certain conditions that free license users have to.


  • When one asks if something is free software (a.k.a. FOSS) the concern isn’t so much trust but rather can one view, modify, and share the program. Sandboxes solve a different problem.

    In the case of a javascript bundle, in order for a user to exercise the Four Freedoms they must at minimum be provided with corresponding source code for each component in the bundle, and preferably some way in the browser for the user to inspect and modify it. In other words, it must be treated like any other compiled binary program. A lock file with specific versions probably isn’t necessary (and server configuration and source code definitely isn’t).

    You are right in that this would require cooperation from the service provider to provide this metadata, and most definitely would not do this. Therefore, such an extension as OP suggests would have the effect of blocking the vast majority of javascript on the web today. LibreJS tries to some extent but I don’t know how well it can handle bundled javascript files.






  • “Privacy centric” is irrelevant because because this is the free software movement, not the privacy movement (also, this is not reddit, we have a higher standard of conduct here).

    Further reading on free software philosophy. Most relevant is why software should not have owners (1994) as this is fundamentally where FUTO disagrees with the open source/free software movement.

    I also made a prior comment here about the fundamental difference between “fauxpen source” licenses like FUTO’s and real FOSS licenses. You seem to characterize it as “stealing code and profiting off it” but the strength of free software is in collaboration and community, not so much competition, so sharing is considered a virtue here. I talked more about it here in a reddit comment referencing my previous lemmy comment.

    This will probably be my last comment on FUTO/Grayjay in this thread, since I’ve said all I intend to say several times here and on reddit. I might make a master post about the problems of fauxpen source at some point.





  • The most obvious difference going from Debian stable to GNU Guix is that Guix is a rolling release distro, not stable (in the Debian sense) at all.

    Package management is also very different as it’s fundamentally a source based distro, although sometimes the build servers can provide prebuilt packages if they’re available. Also, Guix has the concept of “profiles” which group sets of installed packages; typically, there is a system profile as well as a profile for each user, but users can also create their own separate profiles. This means that a user can install packages to their own profile without needing root permissions.

    Profile updates are done in an atomic manner, such that changing the set of installed packages (installing, updating, or removing a package) actually creates a new generation of the profile, and it’s possible to roll back to a previous generation if something breaks. This is true of the system as well as the user profile(s), of course. A profile generation can also be exported as a manifest, which can then be imported to create a profile generation on another system, allowing package management to be done in a declarative manner.

    Finally, Guix has a commitment to ship only free software, and uses linux-libre as its kernel. Debian has a clear separation between free and non-free components but does ship non-free software, including firmware blobs, and I believe as of recently the installer provides them by default. There are unofficial Guix channels (=repositories) that provide these things.




  • Currently I run GNU Guix on my desktop, laptop, and servers. I like the dedication to software freedom and the way package management works. Before that I used Debian until 2019, Trisquel until 2014, and Ubuntu until around 2010. Debian and Trisquel are fine and I don’t have anything against them, I just like the Guix package manager more. I’ve used Xfce with all of these (and before then, GNOME 2). I set it up the way I like it and it never changes.

    I typically run LineageOS on my mobile devices, without microG or any proprietary apps. As I’ve said before my preferred OS would be some variant of GNU/Linux, preferably Guix as well, but LineageOS works well enough.

    I run OpenWRT on my router, and had a previous router than ran LibreCMC (a variant of OpenWRT using Linux-libre).

    Windows games are made for Windows so I prefer to use Windows for them. I don’t particularly want to turn GNU/Linux into Windows, I think it deserves better than that.