Difference between revisions of "FreedSite"
m |
m |
||
Line 1: | Line 1: | ||
+ | [[Category:FsfSysAdmin]] | ||
+ | |||
This page is in progress and isn't intended to make much sense to people other than [[user:Dclark]] yet. It should be fleshed out in time for a lightening talk at [[LibrePlanet2009]]. | This page is in progress and isn't intended to make much sense to people other than [[user:Dclark]] yet. It should be fleshed out in time for a lightening talk at [[LibrePlanet2009]]. | ||
Line 386: | Line 388: | ||
* http://wiki.gnewsense.org/Kernel/linux-ubuntu-modules--non-free-files | * http://wiki.gnewsense.org/Kernel/linux-ubuntu-modules--non-free-files | ||
− | |||
− |
Revision as of 13:01, 8 March 2009
This page is in progress and isn't intended to make much sense to people other than user:Dclark yet. It should be fleshed out in time for a lightening talk at LibrePlanet2009.
Contents
Links
Related Wiki Pages
Related External Pages
Definitions of "Free" and "Open" in various contexts
- The Free Software Definition The original :-)
- freedomdefined.org Definition of Free Cultural Works
- dataportability.org Data Portability is the option to use your personal data between trusted applications and vendors.
- opendefinition.org The Open Knowledge Definition - a piece of knowledge is open if you are free to use, reuse, and redistribute it.
- The Open Software Service Definition The Open Software Service Definition defines 'open' in relation to online (software) services.
- freedsoftware.org (currently a redirect to the gnu.org links page)
- freedsite.org (currently a redirect to this page)
Freed Site Definition
Probably want degrees / types of compliance like Creative Commons cc Licenses
Freed Site Early Draft Definition 0.01
- All configuration changes happen via changes to a source code repostiory.
- The entire source code repository except pieces of information that are private or are auth tokens is available to the public.
- The live versions of all configuration files that differ from those installed by packages are exposed in the source code repostiory.
- The source code packages and binary packages that are included on the machine are made available.
- It is possible for the user to download the site and bring it up within (eg no onerous deps)
Extended version:
- Can get template versions of all data
- Can get all non-private data
Compliance Web Button
Made with http://cssbutton.com/maker/
<a href="http://freedsite.org"> <span style="background: #fff; padding: 1px; font-family: Silkscreen, Geneva, Vera, Arial, Helvetica, sans-serif; font-size: x-small; border: 1px solid #999999;"> <span style="color: #000000; background: #a76bcf; padding: 0px 3px 0px 3px;"> FREED </span> <span style="color: #a76bcf; background: #000000; padding: 0px 22px 0px 3px;"> SITE </span> </span> </a>
Trademark Registration
If this idea becomes popular, should probably apply for trademark so it continues to mean what is decided on by the community:
Misc Notes
Update if/when ready
To update when live:
- Twitter - http://twitter.com/securitytwits
- Beansec - http://www.facebook.com/group.php?gid=8442787841
- Blog - autonomo.us
The 2-clause BSD of Network Services
"Bradley M. Kuhn" <bkuhn@softwarefreedom.org> user:Bkuhn in "GPL, The 2-clause BSD of Network Services" writes:
We need to encourage, and more importantly, make it easy for network service deployers to make source of network applications available, regardless of their particular FLOSS license. No existing non-AGPL FLOSS licenses prohibit making the source available to network users. Network providers can and should simply do it voluntarily out of respect for their users. Developers of network service software, even if they do not choose the AGPL, should make it easy for the deployers to give source to their users.
.deb automatic source
Automatically installing source and build-deps for binary packages?
Is it possible to configure apt to force the install of source and build-deps for the exact versions of all installed binary packages?
Ideally the configuration would cause "apt-get install foo" to fail if the exact same version of the source and build-deps (and down through the chain of sources for those build-deps) could not be installed.
The use case is to have a virtual machine (virtual appliance) that is redistributable to others while being in compliance with the GPL provisions regarding the distribution of “Corresponding Source" when binaries are distributed (I see little difference between a virtual machine and a distribution like MEPIS - see http://www.linux.com/feature/55285 for details).
Note: user:Brett wrote a quick app that does this, mostly, in python... TODO put link here
Notes on how to implement franklin street statement from a technical POV
USER FREEDOM
Work from the other direction - what is technically possible?
- Site that tries to mirror existing AGPLv3 services -- Sort of Freedom Verification for AGPLv3
- TODO link to other freedom verification efforts (linux-libre, gNewSense) - also http://freedsoftware.org
- The equivalent of free software for online services (mailing list post)
Data Access
Taken for granted until recently because our data has always lived on local drives, or on servers we controlled. As a result, this is implied by the Free Software Definition and yet not protected by the GPL (even v3). DRM falls into this area- the software or hardware takes away your data access, and hence deprives you of the user rights. Sliding scale includes not having any data access (many web services), having access to the data, but only as a binary blob (most end-user proprietary software), or having access to the data stored in standardized or otherwise open formats.
Source Access
As noted in the Free Software definition, this is a precondition for all other user rights. Sliding scale can include (among other options) mandatory provision (GPL v2), mandatory provision and reuse (v3’s tivo clauses), or no such (BSD.)
Configuration Access
Roughly defined as the files that tell the compiled source what to do.
Hardware Access
Never much discussed because, unlike everything else here, hardware actually is scarce, and so can’t be provisioned merely by good intent or good licensing. May make some sense to discuss in the context of servers, though- for example, if all your source is available, but it can only be run on multi-billion dollar server farms, is it actually meaningfully open? Does dealing with this angle require p2p solutions, or will single-point of failure solutions (with other safeguards) be sufficient?
SkW: System Administration / Freedom / Web Services
Quotes from Hackers / Heros of the Computer Revolution / Steven Levy
The thing he [rms] liked about the AI lab at Tech Square was that "there were no artificial obstacles, things that are insisted upon that make it hard for people to get any work done - things like bureaucracy, security, refusals to share with other people."
[...] administrator of the AI lab [...] hired Stallman as a systems programmer [...]
The first incursion was when passwords were assigned to Officially Sanctioned Users [...] RMS despised passwords [...] computers he was paid to maintain did not use them.
The outside world, with its affection for security and bureaucracy, was closing in.
AI lab steadfastly refused to limit access to its computers [...] anyone could walk in off the street and use the AI machine [...]
[...] the behavior of the new "tourists" taking advantage of the freedom of the AI computer [...] did not seem as well intentioned, or as eager to immerse themselves into the culture, as their predecessors. In previous times, people seemed to recognize that the open system was in invitation to do good work [...] new users could not handle the freedom to poke around a system, with everyone's files open to them.
"More and more people come in having used other computer systems. Elsewhere it's taken for granted that if anybody else can modify your files you'll be unable to do anything, you'll be sabotaged every five minutes. Fewer and fewer people are around who grew up here the old way, and know that it's possible, and it's a reasonable way to live."
[...] not the only problem [...]
To RMS, who still believed that all information should flow freely, this was blasphemy.
The people remaining at the lab were the professors, students, and non-hacker researchers, who did not know how to maintain the system, or the hardware, or want to know. [...] Needed changes in software could not be made.
The emergence of hackerism at MIT twenty-five years before was a concentrated attempt to fully ingest the magic of the computer; to absorb, explore, and expand the intricacies of those bewitching systems; to use those perfectly logical systems as an inspiration for a culture and a way of life.
TODOs
- Think of what appropriate libre license would look like w.r.t. entire computer infrastructures (vs web services/AGPLv3 or single programs/GPLv3)
- Get quote from maybe config-mgmt mailing list about only way of figuring out how to use software was because of accidental release of actual real-site config files (think this was Luke/puppet related)
- Make Bcfg2 know about / be able to template everything, and have metadata available about things that are not directly available via web interface / expose entire filesystem via web interface
- Google Summer of Code application
Ideas for Bulletin / Blog Posts
Nix Packages Bcfg2 / Puppet / autonomo.us / "freedom meter" / Arusha gNewSense Builder Prophet / Clipperz / CounchDB / etc
Developers: Think of the user's freedom, and the user's ease of sharing freedom, as the ultimate features for your project. Think of sys admins (configuration) and end users (data), not only the source code of the project itself.
Sys Admins: Make your sites available. Register (with prophet-based freedsite.org service?) - (Ontology)
cc-like ontology of both freenesses
Goal of member card: be an example of Literate System Administration
How to do distributed compliance checking / freedom verification
Some ideas from gNewSense conversations:
7/11 On Fri, 2008-07-11 at 07:07 +0200, Sam Geeraerts wrote: > > Danny Clark wrote: >> > > Bake Timmons wrote: >>> > >> Danny Clark <dclark-dGWS0fDw8IM@public.gmane.org> writes: >>> > >> >>>> > >>> (Q1) Is a version control program not used just because no one has had >>>> > >>> time to implement it, or are there arguments against it? >>> > >> Lack of time has been my impression of the problem. The wiki tables >>> > >> have been a quick and easy solution, but just a first step. I agree >>> > >> with your comments and am eager to help adapt KFV Mode to a better >>> > >> back end. I would be surprised if git were not the most efficient >>> > >> back end. >> > > >> > > Git is efficient, but also a real pain in the ass to work with >> > > (extremely nonobvious behavior - and this is coming to me from top >> > > percentile programmers (former OLPC colleagues), not newbies), and it is >> > > not (yet) well integrated with a bunch of other tools. >> > > >> > > As I recall this is partly because Linus wanted git to be more of a core >> > > library that others wrote front ends to, but I think he has since >> > > changed course, and is trying to make git easier to use. I'm not sure >> > > what the current state of that is, as I haven't touched git in >6 months. >> > > > > > > If we're going to use version control, it might be worth looking at > > Bazaar. If we're going to use similar tools as Ubuntu, we might as well > > use the same ones. It makes cooperation between the two distros easier > > (and Mark and Jono have expressed even more interest in that since the > > downfall of Gobuntu) and make it easier for Ubuntu contributors to work > > on gNewSense. This is a good point. > > >>> > >> Moreover, I hope that this new back end could be adapted for *all* >>> > >> freedom verification work, including what gNewSense started to do for >>> > >> packages (PFV). One difference between KFV and PFV is that PFV >>> > >> typically involved looking not at a file of source code but at a file >>> > >> of license text that covered a whole package. >> > > >> > > Or even a step beyond that, to freedom verification work even for >> > > non-gNS projects, and then have the gNS-specific stuff be separated out >> > > (there really shouldn't be that much packaging code that's separate from >> > > the pristine sources). >> > > >> > > This seems like it's abstractable to "we need to maintain a database of >> > > information about a set of files that changes over time, and have nice >> > > front ends to maintaining that information". I have to think that there >> > > are - or really should be - nice Free Software products / sites covering >> > > that problem space. Fossology - http://fossology.org/ - was recently >> > > pointed out to me, but I haven't had a chance to look at it in depth yet. >> > > >> > > I have a few related memos circulating around the FSF offices about >> > > this, so soon I should have rms etc. opinions. >> > > >> > > Also re: PFV, I just had a talk with Deb (IRC freedeb), maintainer of >> > > directory.fsf.org, and it turns out that there are plenty of cases where >> > > you need to look at every file with packages as well, or at least use >> > > some simple (grep/keyword) heuristics to scan through the files. She has >> > > some nice (but internally-focussed) write-ups on how she does that that >> > > may make it to the resources section of the FSF website in the fullness >> > > of time. >> > > > > > > I don't really know how FOSSology works or what it does exactly, but it > > sounds like something that we can use. Too bad their live demo is not up. Seems that it didnt get recorded at LCA which is a pity. kk -- Karl Goetz <karl-gjSFtu7vIzwXC2x5gXVKYQ@public.gmane.org> 7/12(?) Moreover, percent calculations on some section pages are wrong, so I will look into that using the kfv.el program. 7/13 OK, I have updated the section pages in question, and am glad to say that we are indeed done with linux-ubuntu-modules, with the exception of just two files that Eric is waiting to get an email reply for. These are the two files that I took the liberty of adding to the non-free page; I would happy to be found wrong about adding them. Thanks to everyone who pitched in on this reporting! The effort, however, does continue, since we have much more to verify in the rest of the kernel as well as packages. Moreover, we should always try to improve our process, such as handling upgrades in a civilized way. One immediate issue that we should sort out is what "DONE" means. To me, it means that one *intends* no further changes to an entry in the table. That implies that either the entry is found to be 100% free (noted with a "N/A" report) or that it has been completely reported (noted with a "Yes" report) using whichever mechanism the project recommends, such as reporting a bug. The %done for an individual non-free file can be interpreted differently: e.g., one might say 50% if it has not yet been reported. However, I think the main thing is not any intermediate percent values but whether it is 100% done, implying a "Yes" report. That explains why I also took the liberty of marking Eric's two files as not done, since he is still waiting on a reply about their status. Please correct me if I am missing something about the "DONE" issue. In looking back on the KFV process, I recall the time that Brian reminded us that the big problem is non-free firmware (i.e., binary blobs). I felt a little stupid at that point, since I had mostly thought about license details. Then Danny mentioned a possible evolution of our process to have a more sophisticated back end. We are also considering what place license-guessing tools such as Fossology might have. Change always risks some discomfort, so I hope everyone voices their concerns as we move beyond linux-ubuntu-modules. 7/22 It'd be nice to finish off the Kernel. While we've completed sound+drivers, which is where I'd expect the vast majority of the non-free stuff to be, there's still a few thousand files to be checked and we've been caught by suprise before. Checking external BTS is a good idea from a tactical standpoint, but strageically we need to do the full check of kernel/main/universe to be sure we're free. http://wiki.gnewsense.org/External-BTS-freedom-bugs
Since Brian seems to want just a simple list for now, it now is available at http://wiki.gnewsense.org/Kernel/linux-ubuntu-modules--non-free-files The script that generated the list, filter-non-free-files, had a problem related to sorting, so I ended up redoing it in bash and have attached it. Other than working properly, the other (very slight) improvement is that no items in a directory are listed if the directory itself is to be deleted (i.e., is 100% non-free). I agree with Karl that it would be nice to convert the list to hyperlinks, so just let me know, Brian, and I will do that. #!/bin/bash # -*- Mode: Bash -*- # # Usage: filter-non-free-files [file of sorted path names] # # Given gNewSense KFV table source on standard input, print on # standard output relative file paths corresponding to any table rows # specifying non-free files. Such table rows are converted to regular # expressions that are matched against a special file of sorted, # relative file paths. A single optional argument can indicate the # location of the special file, otherwise the default value is # "all-file-paths". # Here is an example of creating the special file: # # $ find linux-ubuntu-modules-2.6.24_16.23/ \ # | sort -t/ -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 -k6,6 -k7,7 -k8,8 -k9,9 \ # > ~/kernel-files # # Here is an extended example of use: # # $ find /var/www/wiki.d/ -mtime -1 -type f -exec cat '{}' ';' \ # | filter-non-free-files ~/kernel-files > to-remove-new # $ rm -fr $(cat to-remove-new) # $ touch removed \ # && cp removed removed-old \ # && sort --unique --merge removed-old to-remove-new > removed # # The "removed" file in this case is a record of removed files and # could be included in a web page, for example. lastpath=^$ if [[ $1 ]]; then filepaths=$1 else filepaths=all-file-paths fi grep --only-matching 'linux.\+||0%||[^|]*|\?\(N\|Y\)[^/]' \ | sed -n -e 's/\([^|]\+\).\+/\1/' -e 's/--/\//g' -e 's/-/./gp' \ | sort -t/ -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 -k6,6 -k7,7 -k8,8 -k9,9 \ | while read pattern; do while read -u 4 path && [[ ! ($path =~ $pattern) ]]; do false; done if [[ $path && ! $path =~ $lastpath ]]; then echo $path lastpath=$path fi done 4<$filepaths
> > no, scuse me > > is ok... > > Il giorno mer, 16/07/2008 alle 14.29 +0200, crap0101 ha scritto: >> >> what's appened at the table??? >> >> http://wiki.gnewsense.org/Kernel/Image >> >> >> >> new formatting rules? The only problem I noticed with KFV tables is some excessive updating of summary dates, which could have resulted from a bug in kfv.el 0.8. Interested readers can find this and other fixes at: https://gna.org/svn/?group=pfv-mode In the announcement for the project page that includes KFV Mode, I could have been clearer about the URL containing screenshots for the new version: http://home.gna.org/pfv-mode/#sec1 I should also note my *adoption* of the arch directory, where I have checked 245 files so far. The checking has been done on the relatively obscure mips directory. (I did this because I was using quite experimental kfv.el code at the time and wanted to minimize the impact of any bugs.)