Russia's invasion of Ukraine turns up in Mike Melanson's column "This Week in Programming": While the Open Source Initiative's (OSI) definition of open source software is quite clear on the matter — there must be "no discrimination against persons or groups" and "no discrimination against fields of endeavor" — the issue of who should be allowed to use open source software, according to ethical considerations, has long been debated.

Over the last month, this topic has again become a focus of debate as Russia's invasion of Ukraine has led to developers calling for blanket bans by companies like GitHub and GitLab; and to some developers even taking action. Earlier this month, we wrote about how open source gateway Scarf began limiting access to open source packages for the Russian government and military entities, via its gateway.

As we noted at the time, there was a primary distinction made when Scarf took this action: distribution of open source software is separate from the licensing of it. Those points of the OSI definition pertain to the licensing, not to some entity actively providing the software to others.

Since then, discussions around these ideas have continued, and this week an essay by Bradley M. Kuhn, a policy fellow and hacker-in-residence at the Software Freedom Conservancy, argues that copyleft won't solve all problems, just some of them.

The essay specifically takes to task the idea that open source software can effectively affect change by way of licensing limitations. He spent nearly 3,000 words on the topic, before pointedly addressing the issue of Russia — with a similar conclusion to the one reached by Scarf earlier this month. Kuhn argues that "FOSS licenses are not an effective tool to advance social justice causes other than software freedom" and that, instead, developers have a moral obligation to take stances by way of other methods.

"For example, FOSS developers should refuse to work specifically on bug reports from companies who don't pay their workers a living wage," Kuhn offers in an example.

Regarding Russia specifically, Kuhn again points to distribution as an avenue of protest, while still remaining in line with the principles of free and open source software.

"Every FOSS license in existence permits capricious distribution; software freedom guarantees the right to refuse to distribute new versions of the software. (i.e., Copyleft does not require that you publish all your software on the Internet for everyone, or that you give equal access to everyone — rather, it merely requires that those whom you chose to give legitimate access to the software also receive CCS). FOSS projects should thus avoid providing Putin easy access to updates to their FOSS," writes Kuhn.

An anonymous reader quotes a report from The Register: Last year, the Graph Foundation had to rethink how it develops and distributes its Open Native Graph Database (ONgDB) after it settled a trademark and copyright claim by database biz Neo4j. The Graph Foundation agreed [PDF] it would no longer claim specific versions of ONgDB, its Neo4j Enterprise Edition fork, are a "100 percent free and open source version" of Neo4J EE. And last month, two other companies challenged by Neo4j -- PureThink and iGov -- were also required by a court ruling to make similar concessions.

ONgDB is forked from Neo4j EE, which in May 2018 dropped the GNU Affero General Public License (AGPL) and adopted a new license that incorporates the AGPLv3 alongside additional limitations spelled out in the Commons Clause license. This new Neo4j EE license forbade non-paying users of the software from reselling the code or offering some support services, and thus is not open source as defined by the Open Source Initiative. The Graph Foundation, PureThink, and iGov offered ONgDB as a "free and open source" version of Neo4j in the hope of winning customers who preferred an open-source license. That made it more challenging for Neo4j to compete.

So in 2018 and 2019 Neo4j and its Swedish subsidiary pursued legal claims against the respective firms and their principals for trademark and copyright infringement, among other things. The Graph Foundation settled [PDF] in February 2021 as the company explained in a blog post. The organization discontinued support for ONgDB versions 3.4, 3.5 and 3.6. And it released ONgDB 1.0 in their place as a fork of AGPLv3 licensed Neo4j EE version 3.4.0.rc02. Last May, the judge hearing the claims against PureThink, and iGov granted Neo4j's motion for partial summary judgment [PDF] and forbade the defendants from infringing on the company's Neo4j trademark and from advertising ONgDB "as a free and open source drop-in replacement of Neo4j Enterprise Edition" The defendants appealed, and in February the US Court of Appeals for the Ninth Circuit affirmed a lower court decision that the company's "statements regarding ONgDB as 'free and open source' versions of Neo4j EE are false." "Stop saying Open Source when it's not," said the Open Source Initiative in a blog post. "The US Court of Appeals for the Ninth Circuit recently affirmed a lower court decision concluding what we've always known: that it's false advertising to claim that software is 'open source' when it's not licensed under an open source license."

juul_advocate shares a report from iTWire: A developer who had more than two decades of service in the Debian GNU/Linux project was stripped of his status in December leading to him deciding to leave the project. Norbert Preining told iTWire in response to a query he decided that having been graded down to Debian maintainer was not something he wanted after all these years. He has now joined the Arch Linux project.

Preining said what basically happened was that the [Debian account manager (DAM) team] thought he was bullying members of the project. "I guess they are referring to my run-in with Martina Ferrari where she called me out in very strange and unfounded ways, which started a long lasting disagreement between her and me, and the blog post about Lars [Wirzenius, a project member] which was nothing more than a selection of quotes from Lars' own blogs," he added.

"Anyway, these were all old things, but DAM still prefers to paint me in the light of 'You have been bullying members of the project for years' (quote from Enrico Zini on the debian-private mailing list) and that I cannot communicate with the Community Team, which back then included Martina, and which has again hit me in the back by allowing other members in Debian (I refrain from naming them here, but will do in my blog post) to bully me, even in unrelated forums and on IRC. The bottom line is that Martina, Lars, and those others are close friends of DAM and CT [community team] and the 'leading circle' in Debian, and thus it seems that they are exempted from adhering to the same community standards." Preining said the situation that led to his demotion was "more or less" about political correctness, adding that he'll explain more about the events in a blog post later on.

The nation of Chile "is in the midst of governmental changes," writes the Free Software Foundation, "and with these changes comes the opportunity for the people of Chile to make their voices heard for long-term benefits to their digital rights and freedoms.

"Chilean activists have submitted three constitutional proposals relating to free software and user freedom, but they need signatures in order to have these proposals submitted to the constitutional debate."

FSF community member Felix Freeman writes: Chile is living a historic moment. For the first time, it is drafting a constitution with constituents elected democratically, on a participatory basis, and with the participation of native peoples. 154 people are in charge of drafting the new fundamental charter of the country, and they have arranged a mechanism of popular participation based on the collection of support: 15,000 signatures are required to submit citizen proposals to the constitutional debate directly.

The opportunity to achieve substantive and long-term change for digital rights and freedom of software and other intellectual works is unique in Chile's history, and may not be repeated in our lifetime. This is why four communities historically related to the use and dissemination of free software in Chile got together to draft three of these proposals, which are:

- Access to knowledge
- Technological and digital sovereignty
- Internet privacy

These constitutional proposals explain principles of the nation, the rights of citizens, and the duties of the state concerning them. The inclusion of the constitutional articles will allow and promote the creation of laws that defend our freedoms and rights effectively. They are not the end of the road for intellectual freedoms and digital rights, but only the beginning....

People of any nationality can support us by spreading the word all over the Internet.

[A Spanish-language version is available HERE.]

This week the Free Software Foundation's board announced that for the first time in the organization's 37-year-history, its 5,000-plus associate members will now be able to nominate and evaluate candidates for its board of directors. Under new procedures adopted by the FSF board on January 17 and summarized here, the organization will proactively engage associate members with a sufficient history of association with the FSF in the recruiting process by inviting them to suggest board nominees and then research collectively those nominees' suitability for a position on the board, including most importantly their record of commitment to free software ideals.... Following the new procedures, voting members (which include all current directors and are listed here) can start a process to recruit new directors, or a modified process to reconsider existing directors...

The FSF intends to first add several new directors in 2022, utilizing these new procedures, and then begin a review of existing directors. The FSF staff and board have made this expanded engagement process a high priority and are working together to put in place the necessary infrastructure to support it, with a target to activate it within the first quarter of 2022... Voting members will review the community's nominations.

A nominee may be removed from consideration if at least two voting members vote to do so without opposition from other voting members. The voting members will discuss the candidates and decide which should move forward in the process next. The FSF's associate members will then review each nominee's application, then evaluate and comment on those nominees in a private, staff-moderated discussion forum. Voting members will review this input and privately interview the finalists to assess their candidacy, ideals, and commitment to free software, then vote on their appointment....

The process is designed such that new iterations for both recruiting new directors and reviewing existing directors can be run whenever the need arises in the future.
"Opening the director recruitment process to our associate members is a historic and welcome milestone for the FSF," said FSF president Geoffrey Knauth. "We are pleased to engage the free software community in attracting new talent to our leadership who will keep the freedoms.... We have worked hard to strengthen governance standards at the FSF and to create a transparent leadership recruitment process. We look forward to tackling new challenges and opportunities this year."

The FSF's announcement calls the new "community engagement process" a "key result of a six-month consultant-led review designed to help make FSF governance and recruitment practices more transparent and participatory, while more systematically ensuring their commitment to the FSF's values and principles."

Libreboot.org is publicizing an event this Tuesday of "global importance to Free Software projects, and the movement as a whole... If you live in New Hampshire or in one of the neighbouring states, especially Massachusetts, please listen up!

"If you are further away and unable to reach New Hampshire all that easily, please spread the following news anyway. It's important." An important bill is being proposed in New Hampshire, which would enshrine much of what we know as Free Software into law... [H]ere is a paraphrasing of what it proposes:


- Specifically bans state-run websites from serving non-free javaScript to clients

- Creates a commission to provide oversight, watching the use of Free Software by state agencies

- Bans state agencies from using proprietary software — maybe this could include schools, in the future!

- If a person is tried in a criminal case, they have the right to audit the source code of any proprietary software that collects evidence against them

- Encourages data portability (able to transfer data from one program to another)

- Bans certain non-compete clauses and NDAs (non-disclosure agreements) pertaining to Free Software projects

- Bans state/local law enforcement from assisting with the enforcement of copyright claims against Free Software projects

- Bans state agencies from purchasing non-free software if free software exists, for a given task....


At first glance, it may not seem that the bill affects individuals, but don't be fooled; this is a hugely positive step forward for everyone! If the state is using Free Software, that most likely means it'll be used in education as well. Although perhaps not immediately and readily apparent, this is a stake in the heart of proprietary software's current dominance, because it would remove one key element of its attack against us; its abuse of education services. If education services are using Free Software, that means they'll probably have children (the ones being educated) using it too. This is a huge step, and it will result in more Free Software developers in the future. Free Software will become more and more mainstream to the masses, which can surely only be a good thing...!

[I]magine if more states like what they see and start to copy the new legislation. Now imagine that countries besides the U.S. start doing it, inspired by the US's success (and I think it will be a resounding success). Imagine a world where Free Software, free as in freedom, is the default everywhere. Imagine a world where Free Software licensing is required reading material in schools. Imagine a world where any five year old can install a free operating system such as GNU+Linux, and Computer Science is mandatory in schools from a young age. Imagine filing your tax returns with Free Software, exclusively. Imagine not even thinking about that, because it became the norm.

Imagine a world where proprietary software doesn't exist, because it is obsolete; entire generations of people are taught to value freedom, and to staunchly defend it, helping each other learn and grow (and produce better software in the process, with less bugs, because people are now free to do that, without relying on some evil company)...

Free Software is a revolution that we in the Free Software movement have rigorously upheld and fought for, over many years, but we still face an uphill battle because children are not taught in schools about free computing, nor are they encouraged to learn; they are taught to view computers as products to throw away every 1-2 years, that they can run a few apps on but otherwise are not allowed to do anything with. The concept of a general purpose, fully reprogrammable computer is heavily suppressed in mainstream culture. Most people in the world do not run a free operating system; the idea of a computer being a mere appliance is normalized (as opposed to the idea of it being a highly liberating tool for development and the expansion of human knowledge)....

Something is happening in New Hampshire, which could redefine our movement and give free software real power instead.
The post links to a state representative's tweet describing how supporters can testify in person to support the bill. "If this bill is passed in New Hampshire, more states will likely follow," argues Libreboot.org. "It will lead to a massively renewed drive to liberate all computer users, and U.S. laws tend to be copied/pasted around the world too. This bill, if passed, will have a hugely positive impact on Free Software at a global level...

"The proprietary software companies like Microsoft and Apple will also be there, trying to argue the case against the use of Free Software."

"Do you need a last-minute gift these upcoming holidays," asks the Free Software Foundation, "one that will keep on giving for the rest of the year?

"Free your own digital life and the ones of those you love by opting to give them a gift that will raise their social consciousness, create more lasting cheer, and defend #UserFreedom: Gift a Free Software Foundation (FSF) associate membership!" After donating, you'll receive a code and a printable page so that you can present your gift as a physical object, if you like. The membership is valid for one year, and includes the many benefits that come with an FSF associate membership, including a USB member card [16GB and pre-loaded with the fully free GNU/Linux distribution Trisquel Live], email forwarding, access to our Jitsi Meet videoconferencing server and member forum, discounts in the FSF shop and on ThinkPenguin hardware, and many more.

Looking for more gifts? You can also check out the latest FSF Giving Guide, or have a look at the great list of potential gifts our operations assistant Davis Remmel made for this very purpose!
"If you're unsure what to get that special someone, or just want to treat yourself," Remmel writes, "consider our Emacs de Luxe Bundle: it has manuals, tutorials, references, mugs, shirts, and just like Emacs it includes the kitchen sink stickers.

"For privacy lovers (or those who have ever uttered the word, "cryptography"), we have a NeuG USB True Random Number Generator (RNG). Your cryptographic keys will be stronger than an ox, without any need to trust your CPU's definition of "random." I recommend this RNG in conjunction with our anti-surveillance webcam stickers, which don't leave residue and can also cover microphone holes."

The Free Software Foundation's board "has approved and implemented two new measures designed to help make FSF governance more transparent, accountable, ethical, and responsible," according to an FSF announcement.

First a Board Member Agreement "enumerates the responsibilities of board members." And there's also a Code of Ethics "that lays out principles to guide their decision-making and activities." The new measures are the first products of a six-month, consultant-led review. They formalize crucial aspects of the FSF's governance, and will guide board members to understand and embrace their responsibilities to the nonprofit's worldwide mission to promote computer user freedom.

The new Board Member Agreement spells out nineteen duties and responsibilities, including minimum expectations for organizational and financial oversight, participation in board activities, the recruitment of associate members, and annual performance reviews. The Code of Ethics details thirteen specific provisions establishing how the board of directors will conduct the business affairs of the organization in good faith and with honesty, integrity, due diligence, and competence.

All current board members have signed and committed to upholding the new governance standards.
The agreement clarifies that Board members "do not have individual direct authority over FSF staff. Individual board members will not try to give staff instructions about what to do in their FSF work, nor try to pressure them about what to do." Board members also agree not to participate in discussions and votes where they might have a conflict of interest.

"In signing this document, I understand that no quotas are being set, that no rigid standards of measurement or achievement are being formed. I have confidence that other board members will operate in good faith to carry out these agreements to the best of their ability."

"The FSF has always been a steady beacon for freedom and against the widespread mistreatment of computer users," says FSF president Geoffrey Knauth in the announcement. "In the last year, the board realized that we faced a challenge and opportunity to improve our governance practices and recruit new leaders to the FSF board. I'm proud of this important step in that ongoing work."

For their fifteenth International Day Against DRM this Friday, the Free Software Foundation's "Defective by Design" campaign is "calling on you to help us send a message to purveyors of Digital Restrictions Management (DRM)".

And this year they're targeting Disney+ The ongoing pandemic has only tightened the stranglehold streaming services have as some of the most dominant forms of entertainment media, and Disney+ is among the worst of them. After years of aggressive lobbying to extend the length of copyright, based on their perceived need to keep a certain rat from entering the public domain, they've now set their sights on "protecting" their various franchises in a different way: by shackling them with digital restrictions. If Disney's stated mission is to keep "inspiring hope and sparking the curiosity of all ages", using DRM to limit that curiosity remains the wrong move.

This year, we'll be using one of Disney's own means of spreading their "service" and the DRM bundled with it: their mobile app. If you're an existing user of the Google Play (Android) or Apple App Stores, you can support the International Day Against DRM by voicing your objection to Disney's subjugation of their users. Streaming services like Netflix and Peacock have the same issues, but by targeting a newer one with such massive investment and capital behind it, we can make sure that we're heard. Disney+ is new: that gives it time to change.

Disney+ is placed near the top of the most frequently downloaded apps on both the Google Play and Apple App Stores. We invite you to write a well-thought objection to Disney's use of DRM, with a fitting review. It is the perfect way to let the corporation, and other users intending to use its services know Disney's grievous mistake in using DRM to restrict customers who already want to view their many films and television shows. It will give you a chance to give them the exact rating that any service that treats its users so poorly: a single star.

DRM isn't the only problem with the Disney+ app. It's also nonfree software. If you're not already an Android or iOS user, we don't recommend starting an account just to participate in this action. You can also choose to send an email to Disney executives following our template.
They're urging supporters to also share the actions they've taken on social media using the tag #DayAgainstDRM. (And there's also an IRC channel "to discuss and share strategies for anti-DRM activism," with more anti-DRM actions still to come.

"While some aspects of the struggle have changed, the core principles remain the same: users should not be forced to surrender their digital autonomy in exchange for media."

The north-German state of Schleswig-Holstein plans to switch to open source software..." reports Mike Saunders from LibreOffice.

"By the end of 2026, Microsoft Office is to be replaced by LibreOffice on all 25,000 computers used by civil servants and employees (including teachers), and the Windows operating system is to be replaced by GNU/Linux."

The tech site Foss Force writes: This seems to be a done deal, as the steps for the transition from proprietary to open have already been codified by the Schleswig-Holstein state parliament, and explained in plain language in an interview with Jan Philipp Albrecht, the state's digital minister, that was published in c't, a German language computer magazine (Google Translate version here). In the interview, Albrecht said that part of the transition to open source is already in the works, and pointed out that 90% of state administration conferencing is conducted using the open source video conferencing platform Jitsi.

"We have been testing LibreOffice in our IT department for two years, and our experience is clear: it works," he said. "This also applies, for example, when editing Microsoft Word documents with comments... No Linux distribution has been chosen yet to use as a standard, although Albrecht said they're currently looking at five distributions that suit their purposes.

Mastodon has sent former President Donald Trump's company a formal notification that it's breaking the rules by using Mastodon's open-source code to build its social network, named Truth. The Verge reports: This news comes from a blog post by Mastodon's founder Eugen Rochko, but others have previously pointed out that the organization behind Truth, the Trump Media and Technology Group (or TMTG), was violating Mastodon's software license by not providing the source code for the site built on top of it. Trump's group has 30 days from when the letter was sent to comply with the license or stop using the software, or it could lose the right to do so.

While Truth hasn't officially launched yet, internet users discovered that a test version basically had the same interface as Mastodon, and that some of the code for the site was unchanged from the other social network's code. By itself, that's actually the intended use of open-source software -- but as the Software Freedom Conservancy pointed out last week, apps or websites based on software that uses the AGPLv3 license have to in turn provide their own source code. According to the foundation that wrote AGPL, it's meant to make the community's software better: if you improve on something that someone else made, they should be able to benefit from your work like you did theirs.

As Mastodon and Rochko reiterated on Friday, though, TMTG hasn't done that -- it even went as far as to call its software "proprietary," and seemingly tried to hide the fact that it was based on Mastodon. Now that the Truth has been revealed, however, TMTG will either have to rebuild it without using Mastodon's code -- a tall order, as bootstrapping a social network site isn't particularly easy -- or release its source code and change the terms of service.

"October 5 marks the official release of Windows 11, a new version of the operating system that doesn't do anything at all to counteract Windows' long history of depriving users of freedom and digital autonomy," writes Free Software Foundation campaigns manager Greg Farough.

"While we might have been encouraged by Microsoft's vague, aspirational slogans about community and togetherness, Windows 11 takes important steps in the wrong direction when it comes to user freedom." Microsoft claims that "life's better together" in their advertising for this latest Windows version, but when it comes to technology, there is no surer way of keeping users divided and powerless than nonfree softwarechoosing to create an unjust power structure, in which a developer knowingly keeps users powerless and dependent by withholding information. Increasingly, this involves not only withholding the source code itself, but even basic information on how the software works: what it's really doing, what it's collecting, and how often it's snitching on users. "Snitching" may sound dramatic, but Windows 11 will now require a Microsoft account to be connected to every user account, granting them the ability to correlate user behavior with one's personal identity. Even those who think they have nothing to hide should be wary of sharing potentially all of their computing activity with any company, much less one with a track record of abuse like Microsoft...

We expect Microsoft to use its tighter control on cryptography that happens in Windows as a way to impose more severe Digital Restrictions Management (DRM) onto media and applications, and as a way to ensure that no application can run in Windows without Microsoft's approval. In cases like these, it's no longer appropriate to call a machine running Windows a "personal" computer, as it obeys Microsoft more than it does its user. Indeed, it's bitterly ironic that Microsoft is calling the program that verifies a system's compatibility with Windows 11 a "PC Health Check." We counter that a healthy PC is one that respects its user's wishes, runs free software, and doesn't purposefully restrict them through treacherous computing. It would also never send the user's encryption keys back to its corporate overlords. Intrepid users will likely find a way around this requirement, yet it doesn't change the fact that the majority of Windows users will be forced into a treacherous computing scheme...

Sometimes, Microsoft realizes that it can't be quite so overtly antisocial. We've commented many times before on the hypocrisy involved in saying that Microsoft "loves open source" and "loves Linux," two ways of mentioning free software without reference to freedom. At the same time, Microsoft employees do make contributions to free software, contributions which benefit many others. Yet they do not extend this philosophy to their operating system, and in the last few years, they've made an attempt to impair the ways free software makes "life better together" further by making critical functions of Microsoft GitHub rely on nonfree JavaScript and directing users toward Service as a Software Substitute (SaaSS) platforms. By attacking user freedom through Windows, and the free software community directly by means of nonfree JavaScript, Microsoft proves that it has no plans to loosen its grip on users.

No program that you're forbidden to copy, modify, or share can truly bring people "together" in the way that Microsoft claims.

Thankfully, and right outside the window, there's a true community of users you and your loved ones can join...

Let's stop falling for the trap of chasing short-term, superficial improvements in proprietary software that may seem to make life better, and instead opt for free software, the only software that can support the best versions of ourselves.
The post urges readers to sign (or renew!) their pledge not to use Windows and to help a friend install GNU/Linux, "sending Microsoft the strong message that software that subjugates its users has no place in Windows.... If you don't feel ready to take the plunge and switch entirely, you can use our resources like the Free Software Directory to find programs you can use as starting points for your free software journey."

The post also has harsh words for TPM, warning that "when it's deployed by a proprietary software company, its relationship to the user isn't one based on trust, but based on treachery. When fully controlled by the user, TPM can be a useful way to strengthen encryption and user privacy, but when it's in the hands of Microsoft, we're not optimistic."

And when it comes to Microsoft teams, "it seems that no Windows user can avoid it any longer.... we hope Teams' unpopularity and its newfound, unwanted place in Windows will encourage users to seek out conferencing programs that they themselves can control."

This week the Free Software Foundation (FSF) announced JShelter, "an anti-malware Web browser extension to mitigate potential threats from JavaScript, including fingerprinting, tracking, and data collection."

The browser add-on — supported by NLnet Foundation's Next Generation Internet (NGI) Zero Privacy & Trust Enhancing Technologies fund — is currently "in development and the first release is available." This browser add-on will limit the potential for JavaScript programs to do harmful actions by restricting default behavior and adding a layer of control... Accessing cookies, performing fingerprinting to track users across multiple sites, revealing the local network address, or capturing the user's input before they submit a form are some examples of JavaScript's capabilities that can be used in harmful ways. JShelter adds a safety layer that allows the user to choose if a certain action should be forbidden on a site, or if it should be allowed with restrictions, such as reducing the accuracy of geolocation to the city area. This layer can also aid as a countermeasure against attacks targeting the browser, operating system, or hardware levels... [The extension] will ask — globally or per site — if specific native functions provided by the JavaScript engine and the Document Object Model (DOM) are allowed by the user. It will also link to an explanatory page for each function, to raise awareness of related threats. Depending on the function being addressed, the user will have the option to allow it, block it, or have it return a custom value...

"Our browsers have become perhaps the most critical of tools we depend on, and yet the browser environment is far from healthy," says Michiel Leenaars, director of strategy at NLnet Foundation and coordinator of NGI Zero. "Dominant corporate behavior from a small amount of actors has been aggressively reshaping the evolution of the Web, and that is starting to wreak havoc. Despite an enormous systemic dependency, we as users have very little control over what browsers allow and share — leading to significant risk as the most powerful tools in the shed are essentially left unprotected for every casual Web site to abuse. JShelter is a great initiative to help empower us all, to help us gain better understanding and to better safeguard ourselves from obvious and otherwise unavoidable harm."

The effort is part of a larger, multi-year campaign from FSF on JavaScript on the Web started in 2013, which among others includes the development of GNU LibreJS and outreach to users and developers about nonfree software inside the browser. The GNU LibreJS extension detects JavaScript web labels and assists users with running only JavaScript distributed under a free software license, according to their ethical convictions and individual preferences.
"JShelter will help protect users from critical threats now, and contribute significantly to progress on the necessary longer-term cultural shift of moving away from nonfree JavaScript," said Ruben Rodriguez, former FSF chief technology officer.

"This is a project I've been looking forward to for years, tired of dealing with all kinds of potential antifeatures in the browsers I use and distribute, and having to figure out some countermeasure for them with configuration changes, patches or extensions. Being able to wrap the JavaScript engine in a layer of protection is a game changer."

"2021 Is the Year of Linux on the Desktop," writes PC Magazine. "No, really..." Walk into any school now, and you'll see millions of Linux machines. They're called Chromebooks. For a free project launched 30 years ago today by one man in his spare time, it's an amazing feat.... Linux found its real niche — not as a political statement about "free software," but as a practical way to enable capable, low-cost machines for millions...

Chrome OS and Android are both based on the Linux kernel. They don't have the extra GNU software that distributions like Ubuntu have, but they're descended from Linus Torvalds' original work. Chromebooks are the fastest growing segment of the traditional PC market, according to Canalys. IDC points out that Canalys' estimates of 12 million Chromebooks shipped in Q1 2021 are only a fraction of the 63 million notebooks sold that quarter, but once again, they're where the growth is. Much of that is driven by schools, where Chromebooks dominate now. Schoolkids don't generally need a million apps' worth of generic computing power. They need inexpensive, rugged ways to log into Google Classroom. Linux came to the rescue, enabling cheap, light, easy-to-manage PCs that don't have the Swiss Army Knife cruft of Windows or the premium price of Macs...

One great thing about open-source hacker projects is that they can be taken in unexpected directions. Linux isn't controlled, so it can adapt, Darwinian-style. It was a little scurrying mammal in the time of the dinosaurs, and then the mobile-computing asteroid hit. Linux could evolve. Windows couldn't. When you're building something that fits in your hand and has to sip battery, you can't just keep throwing processors and storage at it. Microsoft had a tough time adapting its monstrous megakernel OS to the new, tiny world. But *nix platforms thrive there: Android (based on Linux) and iOS.
"Android and Chrome water down the Linux philosophy," the article argues, "but they are Linux..."

Does this make any long-time geeks feel vindicated? In the original submission wiredog (Slashdot reader #43,288) looks back to 1995, remembering that "my first Linux was RedHat 2.0 in the beige box, running the 0.95(?) kernel and the F Virtual Window Manager...

"It came with 2 books, a CD, and a boot floppy disk."

destinyland writes: A newly-released video at GNU.org shows an hour-long talk given by free software advocate Richard Stallman for the BigBlueBotton open source conference (which was held online last July). After a 14-minute clip from an earlier speech, Stallman answers questions from the audience — and the first question asked Stallman for his opinion about the AI Copilot [automated pair programming tool] developed for Microsoft's GitHub in collaboration with AI research and deployment company OpenAI.

Stallman's response?

There are many legal questions about Copilot whose answers I don't know, and maybe nobody knows. And it's likely some of theo depend on the country you're in [because of the copyright laws in those countries.] In the U.S. we won't be able to have reliable answers until there are court cases about it, and who knows how many years it'll take for those court cases to arise and be finally decided. So basically what we have is a gigantic amount of uncertainty.

Now the next thing is, what about morally? What can I say morally about Copilot? Well the basic idea seems okay. Why shouldn't a program be able to give you hints like that?

But there is one pitfall, which is that if you follow those hints, you might end up putting a substantial block of code copied from a GPL-covered program, written by someone else, or one hint after another after another after another — it adds up to a substantial amount of code, perhaps, with very little change, perhaps. And then you've infringed the GPL by releasing that code, unless your program is covered by the same versions — plural — of the GPL, in which case it would be permitted. But you might not even know that. Copilot might not tell you — it doesn't endeavor to inform you. So you're likely not to know. Which means Copilot is leading users — some of its users — into a pitfall. Well, they should fix it so it doesn't do that.

But basically, what can you expect from GitHub? GitHub gives people inadequate advice about what it means to choose a license. They tell you you can choose GPL version 2 or GPL version 3. I think they don't tell you that really you could choose GPL version 2 only, or GPL version 2 or later, or GPL version 3 only, or GPL version 3 or later — and those are four different choices. They give users different permissions over the future. So it's important to make each program say clearly which choice covers it. And GitHub doesn't tell you how to do that.

It doesn't tell you that you need to do that. Because the way you do that is with a licensed notice that is supposed to be in every source file. It's unreliable to put just one statement in a free program and say "This program is covered by such-and-such license." What happens if somebody copies one of the files into some other program which says it's covered by a different license? Now that program has been inaccurately mis-licensed, which is illegal and is going to mislead users. So any self-respecting — any repository that wants to be honest has to explain these things, not just tell people to make the licensing of each piece of code clear, but help users do so — make it easy.

So GitHub has had this enormous problem for all of its existence, and Copilot has the similar — a basically, vaguely similar sort of problem, in the same area. It's not exactly the same problem. I don't think that copying a snippet of a few lines of code infringes any license. I think it's de minimus. But I'm not a lawyer.

The Open Source Initiative (OSI) has finally named its first Executive Director, Stefano Maffulli. ZDNet's Steven J. Vaughan-Nichols reports: Maffulli is a long-time developer community manager. He co-founded and led the Italian chapter of Free Software Foundation Europe (FSFE) from 2001 to 2007. He also worked for the FreedomBox Foundation. This organization, led by Columbia law professor Eben Moglen, created an inexpensive open-source server for those who wanted to avoid proprietary internet and cloud services. From there, Maffulli moved to OpenStack, the open-source Infrastructure-as-a-Service cloud, and other open-source projects.

He'll be taking over from Deb Nicholson, who served as the OSI's interim general manager. This key step in the move of the OSI OSI into a professionally managed organization. "Bringing Stefano Maffulli on board as OSI's first Executive Director is the culmination of a years-long march toward professionalization so that OSI can be a stronger and more responsive advocate for open source," says Joshua Simmons, the OSI board's chairperson. "We can now deprecate the role of President transitioning to Chair of the Board with confidence about OSI's future."

An enthusiastic open source user, Maffulli contributed documentation patches, translations and advocated for projects as diverse as GNU, QGIS, OpenStreetMap, and WordPress. He knows he'll face new, bigger challenges at the OSI. "Open source software is everywhere, but its definition is constantly being challenged," said Maffulli. "The zombies of shared source, limited-use, and proprietary software are emerging from the graves where we put them to rest in the 90s, threatening the whole ecosystem." The OSI has to keep up with these and many other changes. For example, there have been several failed efforts to force ethical rules into open-source licenses. To keep up with these whiplash fast advances, Maffulli said, "mobile devices, cloud, artificial intelligence/machine learning, and blockchain offer new opportunities for developers, entrepreneurs, and society as a whole who all deserve a strong OSI not only to maintain a definition of open source that works in modern settings but also forges a path for how to effectively produce modern open-source software."

Five years ago Linus Torvalds commemorated Linux's 25th anniversary in an interview with ZDNet's Steven J. Vaughan-Nichols. Now that Linux is celebrating its 30th birthday, Vaughan-Nichols interviewed Torvalds again, who makes an important philosophical point: Trying to look at the bigger picture, Torvalds now thinks the period in early 1992 — when Linux switched to using the Gnu Public License version 2 (GPLv2) — was especially important. He recalls, "It wasn't the original license, but I'm convinced it's a big part of why Linux became so widespread. Not everybody loves the GPL, and I've had my own issues with the FSF [Free Software Foundation], but I do think the GPLv2 has been a huge deal, and people shouldn't dismiss the licensing issues."

He adds:

"I think the companies getting involved has been hugely important — and that may sound so obvious as to be trite and stupid, but some corners of the open-source community have been fairly negative to any commercial involvement."
Torvalds points out that from its earliest days Linux has experienced "fairly continual" interest from major companies.

The interview also revisits Linux's version control systems and the name Torvalds had originally chosen for the operating system back in 1991. ("Freax," for "Free Unix.") But 10 years ago, the same reporter got a surprise when he'd asked Torvalds where he thought Linux would be on its 40th birthday. Torvalds' answer?

"Bah. I don't plan that far ahead. I can barely keep my calendar for the next week in mind. I really have no idea."

So this week Steven J. Vaughan-Nichols instead asked Torvalds how he's envisioning his own future: Looking ahead, Torvalds sees himself keeping on. "I'm 51 years young, I enjoy what I'm doing. What would I do if I didn't do Linux? Puttering around in the garden? Not bloody likely.
Slashdot reader juul_advocate shares some context. Torvalds was also contacted by IT Wire to get his thoughts on the 30th birthday of Linux. "There's literally a few people who are still active and around that got involved in '91..." Torvalds told them: "I like having been around for that long, and it's also nice how many other people have actually been around for almost that long...

"But I just don't have anything new to say about it, I'm afraid. And while today is an anniversary date, it's not even the only one. This was the anniversary of the first public announcement, but it wasn't actually the actual first code drop. That came later — 17 September.

"And even that second anniversary isn't the 'last' anniversary, because the Linux 0.01 code drop on 17 September was only privately announced to people who had shown some interest from the first announcement.

"So the first actually public and real *announced* code drop was 5 October 1991, which is when 0.02 was dropped. So I actually have three anniversaries, and they are all equally valid in my mind."

A fix that was made in early June to the GNU C Library (glibc) introduced a new and nastier problem. Steven J. Vaughan-Nichols writes via ZDNet: The first problem wasn't that bad. As Siddhesh Poyarekar, a Red Hat principal software engineer wrote, "In order to mount a minimal attack using this flaw, an attacker needs many pre-requisites to be able to even crash a program using this mq_notify bug." Still, it needed patching and so it was fixed. Alas, the fix contained an even nastier bug. While checking the patch, Nikita Popov, a member of the CloudLinux TuxCare Team, found the problem. It turns out that it is possible to cause a situation where a segmentation fault could be triggered within the library. This can lead to any application using the library crashing. This, of course, would cause a Denial-of-Service (DoS) issue. This problem, unlike the earlier one, would be much easier to trigger. Whoops.

Red Hat gives the problem in its Common Vulnerability Scoring System (CVSS) a score of 7.5, which is "high." An attack using it would be easy to build and requires no privileges to be made. In short, it's bad news. Popov himself thinks "every Linux application including interpreters of other languages (python, PHP) is linked with glibc. It's the second important thing after the kernel itself, so the impact is quite high." [...] The good news is both the vulnerability and code fix have been submitted to the glibc development team. It has already been incorporated into upstream glibc.

In addition, a new test has been submitted to glibc's automated test suite to pick up this situation and prevent it from happening in the future. The bottom line is sometimes changed in unrelated code paths can lead to behaviors changing elsewhere without the programmer realizing what's going on. This test will catch this situation. The Linux distributors are still working out the best way to deploy the fix. In the meantime, if you want to be extra careful -- and I think you should be -- you should upgrade to the newest stable version of glibc 2.34 or higher.

GitHub's new "Copilot" tool (created by Microsoft and OpenAI) shares the autocompletion suggestions of an AI trained on code repositories. But can that violate the original coder's license? Now the Free Software Foundation (FSF) is calling for a closer look at these and many other issues...

"We already know that Copilot as it stands is unacceptable and unjust, from our perspective," they wrote in a blog post this week, arguing that Copilot "requires running software that is not free/libre (Visual Studio, or parts of Visual Studio Code), and Copilot is Service as a Software Substitute. These are settled questions as far as we are concerned."

"However, Copilot raises many other questions which require deeper examination..." The Free Software Foundation has received numerous inquiries about our position on these questions. We can see that Copilot's use of freely licensed software has many implications for an incredibly large portion of the free software community. Developers want to know whether training a neural network on their software can really be considered fair use. Others who may be interested in using Copilot wonder if the code snippets and other elements copied from GitHub-hosted repositories could result in copyright infringement. And even if everything might be legally copacetic, activists wonder if there isn't something fundamentally unfair about a proprietary software company building a service off their work.

With all these questions, many of them with legal implications that at first glance may have not been previously tested in a court of law, there aren't many simple answers. To get the answers the community needs, and to identify the best opportunities for defending user freedom in this space, the FSF is announcing a funded call for white papers to address Copilot, copyright, machine learning, and free software.

We will read the submitted white papers, and we will publish ones that we think help elucidate the problem. We will provide a monetary reward of $500 for the papers we publish.
They add that the following questions are of particular interest:

• Is Copilot's training on public repositories infringing copyright? Is it fair use?
• How likely is the output of Copilot to generate actionable claims of violations on GPL-licensed works?
• How can developers ensure that any code to which they hold the copyright is protected against violations generated by Copilot?
• Is there a way for developers using Copilot to comply with free software licenses like the GPL?
• If Copilot learns from AGPL-covered code, is Copilot infringing the AGPL?
• If Copilot generates code which does give rise to a violation of a free software licensed work, how can this violation be discovered by the copyright holder on the underlying work?
• Is a trained artificial intelligence (AI) / machine learning (ML) model resulting from machine learning a compiled version of the training data, or is it something else, like source code that users can modify by doing further training?
• Is the Copilot trained AI/ML model copyrighted? If so, who holds that copyright?
• Should ethical advocacy organizations like the FSF argue for change in copyright law relevant to these questions?

Slashdot reader Hmmmmmm shares a blog post from Stockfish announcing a lawsuit against ChessBase: The Stockfish project strongly believes in free and open-source software and data. Collaboration is what made this engine the strongest chess engine in the world. We license our software using the GNU General Public License, Version 3 (GPL) with the intent to guarantee all chess enthusiasts the freedom to use, share and change all versions of the program. Unfortunately, not everybody shares this vision of openness. We have come to realize that ChessBase concealed from their customers Stockfish as the true origin of key parts of their products (see also earlier blog posts by us and the joint Lichess, Leela Chess Zero, and Stockfish teams). Indeed, few customers know they obtained a modified version of Stockfish when they paid for Fat Fritz 2 or Houdini 6 -- both Stockfish derivatives -- and they thus have good reason to be upset. [ChessBase released Fat Fritz 2, described on their website as the "new number 1" chess engine "with a massive new neural network, trained by Albert Silver with the original Fat Fritz." They advertise Fat Fritz 2 as using novel strong ideas compared to existing chess engines, but in reality Fat Fritz 2 is just Stockfish with a different neural network and minimal changes that are neither innovative nor appear to make the engine stronger.] ChessBase repeatedly violated central obligations of the GPL, which ensures that the user of the software is informed of their rights. These rights are explicit in the license and include access to the corresponding sources, and the right to reproduce, modify and distribute GPLed programs royalty-free.

In the past four months, we, supported by a certified copyright and media law attorney in Germany, went through a long process to enforce our license. Even though we had our first successes, leading to a recall of the Fat Fritz 2 DVD and the termination of the sales of Houdini 6, we were unable to finalize our dispute out of court. Due to Chessbase's repeated license violations, leading developers of Stockfish have terminated their GPL license with ChessBase permanently. However, ChessBase is ignoring the fact that they no longer have the right to distribute Stockfish, modified or unmodified, as part of their products. Thus, to enforce the consequences of the license termination, we have filed a lawsuit. This lawsuit is broadly supported by the team of maintainers and developers of Stockfish. We believe we have the evidence, the financial means and the determination to bring this lawsuit to a successful end. We will provide an update to this statement once significant progress has been made.