Opensource and Pseudo-Opensource
When we talk about software that is on Github, as I did with Matrix and Signal, we are overwhelmed by the "standard bearers of OpenSOurce", those who, as usual, have to make the revolution because they have recycled themselves from some social center or are escaped from the collapse of Rifondazione, and they tell me "but the code is here".
Good. Let's try to clarify.
If I asked you which is the most used opensource operating system in the Desktop world, what would you answer? Linux? No. (sure, 2022 will be the year of the Linux Desktop. Like every year).
And this:
You will say: Apple?
Yes, Apple. The ones who sue you for damage if you make a kitchen cutting board that resembles a tablet because it has a round hole in the side. Those.
Then you will start saying that there must be the trick, and that Darwin is the base of the system and all, and you are right: you are pointing out all those TRICKS that are used to say that your software is "opensource" (COOOOLLL !!!) without it really being.
Here is the MacOS kernel: https://github.com/apple/darwin-xnu
On github. So it's like FreeBSD and Linux, right? Um…. no.
Here we go to the point: since they have few but very confused ideas, many cialtroopensourciari (who try / dream of founding a new codacons to get paid a salary) confuse a lot "opensource" with "free software", according to the definition of Stallmann. And mind you, it is now the second time that I find myself defending a character that I found very unpleasant. Maybe I was wrong.
Because when we talk about "free software" then we are talking about principles that are political and that must apply:
- The user must be free to use the program for any purpose;
- The user has the freedom to modify the program for his needs;
- The user has the freedom to distribute copies of the program, free of charge or for a fee;
- The user has the freedom to distribute modified copies of the program and its components.
So if we put this too into it, your idea of "opensource", skilfully fed by politicians who are very good at perceiving the political part but unaware of the technological one, begins to square. And now you say: hey, but Apple can also release everything on github, but without the four freedoms I don't recognize it as "opensource", which I identify (rightly or wrongly) with "free software".
Because Apple has put Darwin's code online, but it does NOT respect ANY of the 4 freedoms.
And so we discover the catch: so many who only enlisted in the political world of open source (those who will make us the revolution against GAFAM, capitalism, surveillance capitalism, and whatever contains "capitalism"), actually have 'embraced the ideals of "free software", only that their politicians were too incompetent to explain it: they just wanted to found their Codacons and get paid a salary, be politicians, become city councilors, in short, make ends meet.
Here you are.
So, let's go back to Signal because you defend it so much.
As I wrote, Signal has a mirror on github, and hasn't published any updates to its software for about a year. (not even Apple does, it only publishes the finished product). This is apparently opensource, but if we go and see how much "free software is", we fall badly.
- the first freedom is…. ni. In short, the user only has a one-year old copy, while the foundation uses a recent copy, which it has not yet published. We can use what we have, but "for any purpose", like having the latest security fixes and the latest encryption algorithms as well… no.
- the freedom to modify the program is limited to the latest release for the entire past year without release.
- obviously, the freedom to distribute copies or install them is limited to older versions.
- same thing, it would be old versions, updates and fixes were not present throughout the year.
So if you want to make the revolution against gabidalism and evil nationalities because you want to be Free Software evangelists, then with Signal you have found the wrong software.
After all, it is from the founder of Whatsapp. What could possibly go wrong?
That said, even in the opensource item there are several notes to make.
In the sense that there are quibbles. The four freedoms we talked about are actually a ghost. To say, Signal has limited them for a year by blocking the distribution of the software, but it is also possible to do other things to… make them more difficult. Don't deny them: make them inaccessible or difficult to access. Do you know your freedom to own a Bentley? Here you are. We can make it just as difficult to enjoy the 4 freedoms in many ways:
- not documenting the software.
- not commenting on the software.
- programming in a way that makes it difficult to understand or modify the software.
- not letting a community of independent developers form.
- creating catastrophically complex software so that selfhosting is impossible. (it's still one of the 4 freedoms, remember?)
- using services and software that could be denied to the user in the future, compromising the functionality of the software (amazon S3, CDN, etc)
- inventing "non-standard standards", which change over time, in order to make it difficult / expensive for those who write clients and make an ecosystem to keep up.
And if we look at how much "free software" Matrix and Signal are, we immediately notice that we are quite lacking, on the spectrum I would say that a MINIMUM requirement to publish the software on a public repo is met.
A BIG problem when it comes to E2E encryption and privacy, aside from the ones I mentioned, is that we can't know if what's on Github is the same software running on the very centralized Signal instance, for example. The best way would be to install it on your own servers.
The trouble then starts here. They start here because Signal doesn't federate, and the Signal Foundation encourages everyone to use THEIR servers (which run on Amazon AWS, by the way, because we fight against GAFAM) and if you want to install it go ahead, but zero support.
In practice, it is a super-centralized platform.
It will not be the first time that these politicians have pushed lemmings to sneak into platforms with a bad reputation and even worse practices. Telegram is an example. But in Signal's case, ridicule is being struck.
If at least we can hope that the CEO of Telegram dislikes spies because of his past, we certainly cannot hope that the one who sold Whatsapp to Facebook, becoming very rich, has something against a pile of money to deliver Signal to him. The narrative just doesn't stand up.
In the world of the Popular Front of Judea (TM), all a confusion made up of people who:
- are supporters of open source but also of free software cazzosenefrega enough that I become a city councilor.
- they are supporters of open source but also of free software but I was sick with computers I find them cold but maybe I do a non-profit organization and then I pay my bills.
these gentlemen also try to fight each other for visibility, making sites that propose alternatives-that-are-not-really-alternatives, giving catastrophic advice and pushing lemmings towards platforms that are declared spyware (Signal) or that are undeclared spyware (Telegram, which does not publish the sources with pathetic excuses), make a tremendous confusion in using the terms, and ultimately resent when someone dots the I.
And let's be clear: the difference between free software and simple opensource is even more complex than the summary I have done. Do we want to enter the licensing zoo, for example?
But the point is that this ignorance spread by a class of politicians simply has
educated users to the idea that "opensource" is a nuanced concept, made up of "free software", more or less Bolshevik revolutions, post-adolescent rebellious, a repo on github (but now it's evil) and not a series of STRICT criteria, applied which most of the "alternatives" are not such at all.
And especially, creating the conditions under which many companies do a good "opensource-washing", and suddenly become "cool".
Remaining the same pieces of shit as before.