Watching an extended flame war between Richard Stallman and Theo de Raadt
is an interesting experience. The realization that one can sit back and
watch without having to really care about the result brings a sense of
profound tranquility and relief. Along the way, one gets to learn things
like how mean Theo can be
, or that Richard does not use a web browser
. It all
seems like good fun. Even so, when the discussion reaches levels like this
Richard, your pants are full of hypocritical poo.
it becomes impossible not to wonder if one hasn't wandered into an
elementary school yard by mistake.
Most observers would probably conclude that Mr. Stallman has chosen to
express himself with less childish terms than Mr. de Raadt. Still, this
conversation came about as a result of a statement made by Mr. Stallman,
one which upset the OpenBSD community greatly. It is worthwhile to look at
where the disagreement was.
In particular, Richard Stallman started
the discussion by saying that he cannot "recommend" OpenBSD because the
"ports" system they use facilitates the installation of certain non-free
packages. His reasoning comes down to this:
Since I consider non-free software to be unethical and antisocial,
I think it would be wrong for me to recommend it to others.
Therefore, if a collection of software contains (or suggests
installation of) some non-free program, I do not recommend it. The
systems I recommend are therefore those that do not contain (or
suggest installation of) non-free software.
There are all kinds of things which can be said about the OpenBSD
community, but statements that they lack a proper appreciation for freedom
are not among them. This community's view of what makes a system truly free
differs from that of the Free Software Foundation, but what they produce is
undeniably free software. It is, arguably, one of the most free systems
available, with careful attention paid to the licensing of even things like
firmware blobs which are not part of the system itself. So folks in the
OpenBSD community resent this sort of claim, even if they profess to
care little about the opinions of the person making it.
Of course, it's not only OpenBSD which fails to pass Mr. Stallman's test.
of recommended distributions from the GNU web site has grown recently;
it now contains gNewSense, Ututo, Dynebolic, Musix, BLAG, and GNUstep.
True statistics are hard to come by, of course, but your editor would be
most surprised if the combined installed base of these distributions added
up to a full 1% of the Linux systems in use. Most of us, in other words,
are using systems which Mr. Stallman is unable to recommend.
Many of us will be using distributions like Fedora or Debian which are
strongly committed to the creation of free systems. The developers behind
these distributions have gone to considerable trouble to be sure that
everything which is part of their system is truly free software, even when,
as has happened at times, the result has been trouble for users. These
distributors have clearly advanced the cause of free software greatly
through their efforts over many years. One might well wonder just why
Mr. Stallman cannot bring himself to recommend the result of this work.
The OpenBSD developers, though, have been asking a different question: why is the
GNU project happy to enable its software to be installed on non-free
systems? That is where the charges of hypocrisy come from. Mr. Stallman
answered both questions together. It seems
that, in his view, there is little risk of leading users astray by letting
them install programs like Emacs on proprietary systems:
People already know about non-free systems such as Windows, so it
is unlikely that the mention of them in a free package will tell
them about a system and they will then switch to it. Also,
switching operating systems is a big deal. People are unlikely to
switch to a non-free operating system merely because a free program
runs on it.
Thus, the risk of leading people to use a non-free system by making
a free program run on it is small.
It would appear, however, that proprietary applications carry a much higher
degree of risk:
By contrast, many non-free applications are not well known, and
installing one is much easier--it does not require changing
everything else you do. Thus, even telling people about a non-free
application could very well lead them to install it.
It is not all that hard to see, embodied within a statement like this, a
somewhat condescending view of computer users, who have to be "led" to
install the right software. It is a position which disallows the
recommendation of completely-free operating systems which most of us use.
It places a sort of ideological purity above the vast amounts of work which
have gone into the creation of a variety of free systems available for all
It is, in other words, an unreasonable position - as can be seen by the
fact that almost no free software users actually follow Mr. Stallman's
advice when they choose their systems. Before condemning this unreasonable
position, though, it's worth a quick review of the famous George Bernard
The reasonable man adapts himself to the world; the unreasonable
man persists in trying to adapt the world to himself. Therefore,
all progress depends on the unreasonable man.
There is no doubt that we have benefited from Mr. Stallman's lengthy,
sometimes unreasonable campaign. Certainly he
has no doubt on that score, saying "Free operating systems exist
today because of the campaign which I started in 1983." But it's
worthwhile to remember that free operating systems also exist because
thousands of others have put in hard work for many years. It seems
appropriate to wonder whether telling those people that their work
still is not free enough really helps the cause of free software.
On the other hand, one need not wonder about the value of responding to a
"refusal to recommend" with an extensive attack which ventures into pure
character assassination. Vitriolic flaming helps nobody's cause. One may
not agree with Mr. Stallman's position in this discussion, but one thing
should be said: he kept his cool, remained respectful and stayed on-topic
when others lost it completely. That is the way to promote free
Comments (85 posted)
Rails (aka Ruby on Rails
or RoR) is a framework for building web applications. It has gotten
a lot of attention – some would say hype – over the past few years as easy to
use and learn, while allowing the creation of complex database-backed web
services. In the year since Rails 1.2, the team has not been idle, with
their work culminating in
the release of Rails 2.0 this month.
RoR is based around the idea of using the model-view-controller (MVC)
pattern to cleanly separate the user interface from the
application logic and data storage. All of the Ruby code written or
generated for a
Rails application is organized into a directory hierarchy based on what
part of the MVC they implement. All of the parts of the application know
how to find the others because of this convention, which is in keeping with the two principles
that guided the development of RoR.
Fundamentally, RoR is built around two principles. The first is "convention over
configuration", which is the idea that only things that deviate
from standard practices need to be specified via configuration. One can
get surprisingly far by sticking with these standard practices. The other
principle is "don't repeat yourself", which means that there is a
single place to go to specify something about the application; other places
that need it or things derived from it, retrieve it from the canonical
place. This is most evident in the specification of database
table and column names; they are described in the model and other parts of
the application retrieve them as required.
The principles are interrelated, of course, and are two of the innovations
that RoR has popularized for web application frameworks. Many previous
attempts required a huge amount of configuration information to be
specified, often nearly identically in multiple places. Simplifying this
configuration headache was explicitly a goal for Rails. It can take a bit
of time to come to grips with the conventions used, but once that is done
it is straightforward to use the framework.
Generating code to handle simple modifications to the database data, known
as scaffolding, is another technique popularized by RoR. From the
specification of the data model, Rails will generate an interface to
create, read, update, and delete data in that model. It can also generate
"migrations" which contain
the SQL necessary to create or modify the database tables to reflect
changes in the model. Migrations can be used in both a forward and
backward direction to keep the
database in sync with the state of the application as changes are made.
Rails itself is broken up into multiple components implementing each piece
of the MVC architecture: ActiveRecord for the model, ActionPack for the
view and controller, along with a number of lesser players. It provides
extensive test harness facilities that allow testing of the web application
without using a browser or network at all. RoR is a comprehensive
solution, with a large number of very vocal supporters.
The new release provides a number of new features, some performance
enhancements, as well as the requisite bug fixes. The bulk of the changes
in 2.0 are in the controllers. The first is better support for "representational
state transfer" (REST) style web application APIs, which were introduced in
Rails 1.2. Better support for multiple different views based on
application criteria were also added, allowing the interface to change
based on the device accessing it, for example.
Security enhancements were made as well, with code being added to help protect against
cross-site scripting and cross-site request forgery attacks. These two
web application flaws are becoming rather popular to exploit, so any
assistance a web framework can give is welcome. The default session
objects have changed to be cookie-based, rather than stored in a file or
the database. This allows snooping of the session data, but the data is
hashed to prevent forgery.
Performance and scalability have been the traditional knocks against Rails,
and though there were some enhancements, especially to ActiveRecord, that
should provide some boost, it is not clear how well Rails handles huge
sites. It is something the Rails team is aware of, so, over time,
those kinds of problems should be solved. RoR is a very capable framework
and the 2.0 release looks very good. The Rails community should find much
Comments (4 posted)
Consistent with our usual practice, LWN will not be publishing a Weekly
Edition during the last full week of the year. This is thus the last such
for 2007; the next weekly will be published on January 3, 2008. Also
consistent with usual practice, you editor will look back on the year which
is about to end, with an emphasis on evaluating how his predictions made at the beginning of
came out. There is amusement to be had in exposing the flaws in
one's crystal ball, but there is also value in seeing how one's view of the
world has changed over the course of the year.
Your editor bravely predicted that GPLv3 would be finalized and adopted by
the FSF; sure enough, that happened right on schedule. Your editor also
admitted to having "no clue" of how the FSF would respond to the criticism
of the anti-DRM provisions of GPLv3. Certainly it would have been hard to
predict the addition of the "user product" language and associated
exemptions. So far, the impact of GPLv3 has been relatively small, but use
of this license will surely grow over time.
Another prediction said that somebody would be sued for the distribution of
proprietary kernel modules. That did not happen - at least, not in
a way that the public (or your editor) heard about it. What your editor
did not foresee was the burst of energy coming from the Software Freedom
Law Center on behalf of the BusyBox developers. Thus far, GPL enforcement
activities continue to focus on the relatively clear-cut cases. They also
continue to have a very high success rate. Still, going after a company
like Verizon is an ambitious move; it will be interesting to see how that
one settles out.
The end of SCO was predicted. Your editor thought it might happen in
March, when new dispositive motions would once again be entertained by
Judge Kimball. Instead, the clear end of SCO happened in August when the
court ruled that Novell still owned the Unix source and that SCO owed
Novell a chunk of money. Like a fish thrown on the shore, SCO will
continue to flop around for a while, but there can be little doubt about
its ultimate fate.
The prediction that there would be serious talk of patent reform did not
really come through. There were a couple of U.S. court decisions in 2007
which, arguably, raised the bar slightly for patent trolls. In general,
though, the software patent situation remains unchanged - and as dangerous
There were a couple of predictions about closed hardware, together saying,
essentially, that the situation would get better but that the problem would
not go away. Things clearly got better when AMD decided to open up
information about ATI's video hardware and assist with the creation of free
drivers for that hardware. The progress toward a viable Atheros wireless
chipset driver for Linux is also a happy development. The situation
has improved, and will continue to do so.
Your editor predicted a serious war on bloat as people got tired of running
out of memory. Wishful thinking, it seems, is alive and well.
Your editor predicted a serious war on bloat as people got tired of running
out of memory. Wishful thinking, it seems, is alive and well. In
practice, people just bought more memory; even the OLPC project decided it
had to increase the amount of memory in its XO system. Your editor will
not be repeating this prediction for 2008.
"Fedora will come into its own as a free, community-oriented distribution"
has, beyond any doubt, come true. The Fedora 7 release brought
community developers in from the margins, and Fedora 8 solidified the
new process. The bulk of the packages in Fedora are now maintained by
community developers. Red Hat's controlling hand, while still clearly
present, is weaker than before. Fedora leader Max Spevack has presided
over a crucial transformation of this important project; he will be moving
on to other challenges early in 2008, but will be leaving behind a
distribution in far better shape than the one he inherited a few years ago.
Predicting Debian releases is a dangerous business, but, in this case,
Debian Etch was close enough to make it a relatively safe proposition.
Your editor had also suggested (facetiously) that the Debian developers
would subsequently go back to arguing about firmware in the kernel; that
quite clearly did not happen.
The prediction that free software would play a larger role in online gaming
was, for the most part, wishful thinking again. The release of the Second
Life client code was a step in the right direction, but not much happened
after that. Your editor still hopes that free software will be at the core
of the games of the future, or he may never see his children again.
The Microsoft/Novell deal, predicted your editor, would blow over with
relatively few consequences. In many ways that was true. One could argue
that the whole "235 patents" routine would have come out anyway - we heard
similar claims before Novell signed this deal. Your editor failed to guess
that a whole stream of companies (Samsung, Xandros, LG Electronics,
Linspire, Turbolinux) would follow Novell into similar agreements, though.
Your editor suggested that the "open source" term would suffer as a result
of companies trying to retain higher levels of control over "open source"
code. Certainly the OSI's approval of the CPAL "badgeware" license will
not have helped in this regard. On the other hand, SugarCRM decided to
just go with the GPLv3 in favor of its attribution-required license. As a
whole, "open source" means almost what it meant one year ago.
Contrary to prediction, there have not been OLPC systems distributed to
millions of children - though thousands should start getting them soon. We
are still waiting to see what impact the OLPC project will really have - on
free software, and on the world as a whole. Stay tuned.
Finally, the growth of desktop Linux was predicted, though your editor
refrained from saying that 2007 would be the year of the Linux desktop.
Clearly, progress has been made in that direction - we now have major
vendors like Dell selling desktop systems, Wal-Mart's desktop offering sold
out in days, and the number of pocket-sized "desktops" running Linux
continues to grow.
Perhaps the biggest thing which your editor missed entirely was the fight
over Microsoft's proposed OOXML standard. This issue came to light in
January of this year, though it had been simmering for a little while
before - the ECMA TC45 committee was already considering this proposal in
the middle of 2006. The fight over the fast-tracking of OOXML and the
ensuing questions on just how the community should work with the standards
practice will continue to echo into 2008.
Overall, your editor feels like the predictions went reasonably well. Too
well, perhaps; next year's predictions may need to be a little more
adventurous. Those predictions will be posted in the January 3
edition. In the mean time, your editor wishes for a great holiday season
and new year for everybody in the community; we have accomplished much over
the last year and have many things to celebrate.
Comments (9 posted)
Page editor: Jonathan Corbet
Next page: Security>>