Grsecurity stable patches to be limited to sponsors
Grsecurity stable patches to be limited to sponsors
Posted Aug 31, 2015 0:40 UTC (Mon) by RCL (guest, #63264)In reply to: Grsecurity stable patches to be limited to sponsors by pizza
Parent article: Grsecurity stable patches to be limited to sponsors
This makes even LGPL a non-starter in cross-platform software, since cross-platform these days includes platforms where dynamic linking is either forbidden or technically impossible by end user (most mobile and console OS are that way).
Posted Aug 31, 2015 2:07 UTC (Mon)
by pizza (subscriber, #46)
[Link] (16 responses)
At some point, especially once lawyers are involved, one can no longer use the "incompetence" excuse, especially when the liabilities (in the US) for getting it wrong are $150,000 *per copy*. This is especially true for companies that rely on copyright (such as Atari) which quite happily (and publically) wave that number around when someone else supposedly infringes upon their stuff.
> This makes even LGPL a non-starter in cross-platform software, since cross-platform these days includes platforms where dynamic linking is either forbidden or technically impossible by end user (most mobile and console OS are that way).
Given that platform SDKs fall under the "system library exemption" to the (L)GPL, you can't blame anyone but said mobile/console platform owners for deliberately creating that situation.
Posted Aug 31, 2015 2:33 UTC (Mon)
by RCL (guest, #63264)
[Link] (13 responses)
>Given that platform SDKs fall under the "system library exemption" to the (L)GPL, you can't blame anyone but said mobile/console platform owners for deliberately creating that situation.
What I am saying is that we're slowly moving to (or already are in) the world where a small number of developers using (relatively) open platforms create software for consumption by masses that use closed platforms, where exercising (L)GPL-mandated freedoms is both technically and legally impossible.
In such a world, BSD-licensed OSS is clearly preferable - developers can still share it between themselves to mutual benefit, but they can draw a clear border between themselves and the users when shipping the end product. (L)GPL fares much worse since a platform which is not under user's control is incompatible with its spirit, if not letter - FSF did not foresee that billions of people will be willing to give up what they considered essential freedoms for convenience.
Posted Aug 31, 2015 3:54 UTC (Mon)
by pizza (subscriber, #46)
[Link] (12 responses)
The (L)GPL doesn't distinguish between "users" and "developers" -- It reflects the FSF's position that *everyone* should have equal rights to use, inspect, modify, and distribute said software. That lack of distinction is critical, and is basically the entire point of the (L)GPL.
As for the superiority of BSD-licensed OSS, history shows time and again that without something to level the playing field, "developer mutual benefit" tends to rapidly fall to the wayside in the face of "value add" -- Let's not forget that Microsoft won the BSD wars.
> (L)GPL fares much worse since a platform which is not under user's control is incompatible with its spirit, if not letter - FSF did not foresee that billions of people will be willing to give up what they considered essential freedoms for convenience.
I don't think the FSF has ever deluded themselves as to the motivations of the general masses, but I suspect they're dismayed by the sheer number of developers that are jumping onto those closed platforms.
Posted Aug 31, 2015 5:04 UTC (Mon)
by RCL (guest, #63264)
[Link] (11 responses)
I know, and as much as I consider such position noble, I think it is too extreme and is at odds with 1% participation rule ( https://en.wikipedia.org/wiki/1%25_rule_(Internet_culture) ). Whether we want it or not, people split into developers and users themselves, and (L)GPL, by ignoring human nature, deprives developers who put significantly larger effort than someone who simply repackages their software of receiving respectively larger reward.
> I don't think the FSF has ever deluded themselves as to the motivations of the general masses, but I suspect they're dismayed by the sheer number of developers that are jumping onto those closed platforms.
Well, duh. We all want to have a (stable) salary. I don't think I would enjoy being at the mercy of "sponsors" or donations, and I don't think anyone enjoys that, including grsecurity folks.
A lot of commercial developers are only in the industry for money. Yes, they may write worse code compared to those who have intrinsic motivation, but as long as their code does what is needed it does not matter - their sheer number does. Forget freedoms, create a sustainable model for making money on open platforms and you will see a *ton* of developers embrace it (vide Android). Freedoms will come as a side-effect.
Posted Aug 31, 2015 14:02 UTC (Mon)
by pizza (subscriber, #46)
[Link] (10 responses)
The only sustainable model for making money is to completely control the platform and take a cut of every transaction that happens on it. The other model is to sell services. The big boys do both, and everyone else basically fights over the table scraps.
I'm of the opinion that software in of itself is inherently non-sustainable; it only has long-term value as an enabler for providing a service -- The service is what has value, not the software itself.
But I digress.
The FSF has *always* placed Freedom first -- and relying on Freedom to follow as a side effect of something else is a strategy doomed to utter failure, especially when the trend is towards ever greater lockdown of platforms, not less.
Posted Sep 2, 2015 14:28 UTC (Wed)
by RCL (guest, #63264)
[Link] (9 responses)
I don't share it. Something that takes non-zero effort (sometimes *very* significant effort) cannot has no value.
But more importantly, selling software works. This is the ultimate proof that users are willing to pay not just for the service, but for the product as well.
> The FSF has *always* placed Freedom first -- and relying on Freedom to follow as a side effect of something else is a strategy doomed to utter failure, especially when the trend is towards ever greater lockdown of platforms, not less.
I think bringing ideology into engineering is just wrong. FSF is a mental Taliban fixated on their definition of freedom. Real freedom is being able to do what you want on the platform - if this includes paying a reasonable price, so what. So far "locked down" platforms enabled all sorts of creativity that open platforms still struggle to attract.
Posted Sep 2, 2015 15:21 UTC (Wed)
by pizza (subscriber, #46)
[Link] (8 responses)
Basic economics: everything eventually gets reduced to the marginal cost of producing another copy. Unfortunately for software, that marginal cost is effectively nothing, no matter how much effort went into creating the first unit.
> But more importantly, selling software works. This is the ultimate proof that users are willing to pay not just for the service, but for the product as well.
I'm afraid I don't understand the distinction you're trying to make here; are these users purchasing a product, or a service, or both? If the latter, what distinguishes the "product" from the "service"?
> I think bringing ideology into engineering is just wrong.
Ideologies are the foundations of societies.
> FSF is a mental Taliban fixated on their definition of freedom.
Are you seriously saying that you can't see the difference between a highly repressive group that literally mutilates (if not outright slaughtering) those who oppose them, and an organization that has consistently advocated to improve freedom for users of *software*?
> Real freedom is being able to do what you want on the platform - if this includes paying a reasonable price, so what. So far "locked down" platforms enabled all sorts of creativity that open platforms still struggle to attract.
So.. is "freedom" the point, or is "creativity?" -- You just said that you have to lock down the platform to foster creativity, but if the platform is locked down, you no longer have "real freedom" as you just defined it. You can't have it both ways -- the platform is either open or it isn't. If it's not open, then your freedom is being restricted.
Posted Sep 2, 2015 16:37 UTC (Wed)
by RCL (guest, #63264)
[Link] (7 responses)
Arguably for software a "copy" in that context is more like "next version" than a per-seat copy.
> I'm afraid I don't understand the distinction you're trying to make here; are these users purchasing a product, or a service, or both? If the latter, what distinguishes the "product" from the "service"?
When you are purchasing a game, you aren't (always) purchasing a service. Granted, there are free-to-play games that sell exactly this; however you may be aware of players' negative attitude towards this model. Apart of "pay to win" concerns (games that allow you to gain competitive advantage for money), there is a strong sentiment that players want to make their spending on a game "bounded". Hence traditional market where you pay a per-unit price and then play for ever is still going strong, especially for single-player games.
> Ideologies are the foundations of societies.
We are making software, not politics :)
>> FSF is a mental Taliban fixated on their definition of freedom.
> Are you seriously saying that you can't see the difference between a highly repressive group that literally mutilates (if not outright slaughtering) those who oppose them, and an organization that has consistently advocated to improve freedom for users of *software*?
There are differences in their goals and methods, but not in their dogmatic, inflexible approach. FSF ignores the fact that people, at large, rejected their ideas. They continue to persist at what they envisioned to be good for people and stick to their licensing model even as it slides more and more into radical / fringe corner, being displaced both by more permissive (and thus flexible) licenses and proprietary (but also flexible and affordable) licenses. They basically made a religion out of that, despite that their user base is thinning (I am willing to bet that even you don't type this from gNewSense or Hurd).
> So.. is "freedom" the point, or is "creativity?" -- You just said that you have to lock down the platform to foster creativity, but if the platform is locked down, you no longer have "real freedom" as you just defined it. You can't have it both ways -- the platform is either open or it isn't. If it's not open, then your freedom is being restricted.
It's not black and white. Despite all the fear mongering, locked platform aren't locked in any essential way and practically speaking, real freedom is possible on all major desktop platforms. Even on non-desktop platforms, the real freedom is not limited - granted, you are prohibited from turning PS4 into a desktop computer, but this is not what that platform is about anyway. Todays most gaming platforms are rather open to indie games - Steam is of course leading in that regard, but it's not hard to publish on PS4 these days either.
People aren't sheep - if the platform owner imposes unreasonable limitations (i.e. if there are practical use cases that are being restricted), users will either exert sufficient pressure or abandon the platform. So far very few platform owner were suicidal enough to enforce restrictions that go against the will of the majority of their user base (Nintendo did, and slid into obscurity).
Of course, if you take "all or nothing" approach, then you need to run gNewSense with open-source BIOS - not possible on post-2008 hardware. But this is very fringe case - arguing that stuff like that restricts your freedom is like arguing that your freedom is now restricted because you cannot secede from the US and form the CSA. There are some people for whom these "freedoms" are important, but the majority moved on from that to a more "higher level" freedoms.
Posted Sep 2, 2015 18:20 UTC (Wed)
by pizza (subscriber, #46)
[Link] (6 responses)
I suppose I lump games under the same general category as art and entertainment, as opposed to something functional that you depend or rely on.
...But I'm not going to compromise my livelihood or freedom just so someone else can be entertained.
> There are differences in their goals and methods, but not in their dogmatic, inflexible approach.
So.. you're saying that any organization focused on achieving some ideological goal is essentially the same, even if their goals (software freedom vs total domination of all facets of life) and methods (peaceful advocacy vs slaughter) are radically different?
I'm not sure why, but you seem to be under the impression that the FSF somehow forces people to bow to their ideals. At the end of the day, folks are free to do what they choose, and license their software under whatever terms they see fit.
If you can't see the difference between that and forcing folks to submit to your will under penalty of dismemberment and death, then I am truly sorry for you.
> FSF ignores the fact that people, at large, rejected their ideas. They continue to persist at what they envisioned to be good for people and stick to their licensing model even as it slides more and more into radical / fringe corner, being displaced both by more permissive (and thus flexible) licenses and proprietary (but also flexible and affordable) licenses. They basically made a religion out of that, despite that their user base is thinning
Ah, appealing to popularity. I can't help but be reminded of the expression "democracy is two wolves and a sheep deciding what to have for dinner."
The FSF has shown a remarkable ability to correctly predict the future -- Including the inevitability and outcome of the BSD wars, the effects and desired endgame of DRM, and the slow-motion train wreck that is Android and the upcoming IoT popcorn-fest.
The common thread of all of those things are that they are only made possible when users' rights are restricted -- The FSF's attitude from the outset is that users should have the rights (and legal means) to control their own fate. I don't know how anyone can argue against that without also arguing against their own freedoms -- after all, if you can chose to strip that right from someone else, someone else can do that to you too.
On the other side of the coin, the FSF's ideological opponents are even more dogmatic and inflexible, but also have the resources to buy politicians and therefore laws at the national and international level. That sort of fascist collusion is the true threat to freedom, as it seeks to eliminate the very existence of any sort of open platform and in the process, eliminate the freedoms such an open platform would effectively guarantee.
Personally, I am glad *someone* is pushing back against the interests that seek to take away my freedom to practice my trade.
> (I am willing to bet that even you don't type this from gNewSense or Hurd).
No, but I am typing this via a system that has no non-Free software installed -- although on-disk there is firmware/microcode intended to be loaded into hardware. For that reason I see gNewSense as rather silly; I see no moral difference between a blob stored on a hard disk vs the same blob stored on an EEPROM. Neither is Free.
As for the Hurd, its many failures are technical in nature, rather than ideological.
Posted Sep 7, 2015 2:02 UTC (Mon)
by RCL (guest, #63264)
[Link] (5 responses)
Games are the bulk of software market - have always been and still are. What other software is sold to end customers in bestbuys of the world? Pretty much every other need is covered by "software as a service" approach.
> So.. you're saying that any organization focused on achieving some ideological goal is essentially the same, even if their goals (software freedom vs total domination of all facets of life) and methods (peaceful advocacy vs slaughter) are radically different?
Maybe comparing them to NRA would be better, but I indeed lump ideological fanatics together. They *do* try to impose their world view - just read any essay by them and you'll instantly get the impression that licensing software in any other way than copyleft is somehow unethical, and that commercial vendors are evil.
> The common thread of all of those things are that they are only made possible when users' rights are restricted -- The FSF's attitude from the outset is that users should have the rights (and legal means) to control their own fate. I don't know how anyone can argue against that without also arguing against their own freedoms -- after all, if you can chose to strip that right from someone else, someone else can do that to you too.
This rests on assumptions that
#1 is certainly not true in vast majority of cases today - specialized hardware made the situation asymmetric. Game consoles, mobile, embedded devices - all those appliances are not sold with the expectation that users will tamper with them. This can be outright dangerous when the software in question is controlling your car.
#2 is even worse - copyleft licenses make free software essentially free as beer as well. As Linux Hater (the blog) once bluntly put it, you need to be "someone's bitch" in order to ship free software - and unfortunately, this is spot on. Copyleft licenses did not allow commercial vendors to base successful products on top of the free software (unless they hold the complete copyright and can dual-license the whole project); very few exceptions (Android, Red Hat, Code Sourcery) function against the spirit of GPL, jumping through hoops to avoid violating the letter.
> Personally, I am glad *someone* is pushing back against the interests that seek to take away my freedom to practice my trade.
If you are practicing your trade, this perhaps means that you are employed by a commercial company or run one. Even Linux the kernel these days is being worked on primarily by commercial entities, enthusiasts that have sufficient free time constitute a minority (and perhaps could have made a better use of their free time).
In that case, GPL is of no use for you; you cannot sell GPL'd product, nor can you incorporate GPL'd code in your product. What is the freedom we're talking about then? Freedom to do something at home in your free time? BSD takes care of that - and unlike GPL, the end result of your work can be used by you.
Although if you work in the area that truly interests you, you don't have any free time for moonlighting - hence first and foremost you should be thinking about your freedoms as a professional, not as a dabbling enthusiast.
Posted Sep 7, 2015 14:21 UTC (Mon)
by pizza (subscriber, #46)
[Link] (4 responses)
I'll repeat myself yet again -- the FSF takes pains to state that folks are free to chose whatever license they want for their own software. They strongly believe that many of those choices are unethical, do their best to present a compelling case, and put their money where their mouth is by writing a considerable body of software via methods they consider ethical.
Ignoring the false equivalacies with the NRA, you're still claiming that advocating for something somehow forces or imposes it upon you. By that same token, what you are I are writing here is also fanatical imposition or coercion.
> Games are the bulk of software market - have always been and still are. What other software is sold to end customers in bestbuys of the world? Pretty much every other need is covered by "software as a service" approach.
Ah, I am beginning to see the underlying flaw in your assumptions -- The bulk of software market consists of stuff that is not sold to the general public. Most programmers are employed writing or customizing software for internal, non-public use (eg business middleware, stuff to power web services, internal IT stuff, and the like). Only a small fraction is ever sold at retail, and even that is shrinking -- The modern approach (as practiced by web services and smartphone platfoms) tend to give the software away and rely on advertising or the truly awful euphamism that is called in-app-purchases. (I have nothing against IAP in principle, but in practice it consists primarily of practices that would make casinos and tobacco companies blush with embarassment. or envy.)
But I digress. Retail, sold-to-consumer software is a small portion of the overall software market. If that's what you want to target your efforts, it is of course your choice, but understand that there are other options that have different dynamics and implications, and that your principals/values/ethics/whatever are not universal.
> If you are practicing your trade, this perhaps means that you are employed by a commercial company or run one. Even Linux the kernel these days is being worked on primarily by commercial entities, enthusiasts that have sufficient free time constitute a minority (and perhaps could have made a better use of their free time).
I can't disagree with any of that, though none of us really have the right to judge how other people spend their free time.
> In that case, GPL is of no use for you; you cannot sell GPL'd product, nor can you incorporate GPL'd code in your product. What is the freedom we're talking about then? Freedom to do something at home in your free time? BSD takes care of that - and unlike GPL, the end result of your work can be used by you.
LOLwut? You just said that "Linux the kernel" is mostly commercial, yet every single one of those contributing vendors incorporates GPL code into their products, which they presumably sell for a profitable amount of money. On the same token, all of my former employers have sold products incorporating GPL code -- and have had no difficulty complying with the license terms while making a buck or three.
Also, where do you think said BSD code comes from? The same arguments you are making against writing/releasing copyleft stuff applies even more so to writing/releasing any source code at all, preculding the very existence of BSD-licensed source code.
As for personal moonlighting -- these days it consists mostly of hacking on Gutenprint -- Fully GPL'd code. It started (not unlike the FSF) because I wanted to be able to directly use a specific printer with Linux. I'll spare you the history, but suffice it to say that original printer now works *better* than with the manufacturer's official Windows/OSX drivers, and this GPL printer driver work led to various commercial concerns paying me to further improve things.
They don't do it out of altruism; they do it because this approach leads to a greater ROI than their alternatives. In the process, they benefit, I benefit, and everyone else benefits in the form of a greater, more useful, body of software.
> Although if you work in the area that truly interests you, you don't have any free time for moonlighting - hence first and foremost you should be thinking about your freedoms as a professional, not as a dabbling enthusiast.
You fail to see that those freedoms are equivalent -- they enable enthusiasts to become amateurs, and enable amateurs to become professionals. My own career is demonstration that this is not a theoretical benefit -- My involvement in copyleft software has directly led to all but one of my day jobs.
Posted Sep 13, 2015 17:46 UTC (Sun)
by RCL (guest, #63264)
[Link] (3 responses)
No; I am saying that FSF is advocating for destroying our trade, and that destructive angle puts them on the same shelf as NRA, Taliban and such. They sincerely believe that somehow limiting the contractual freedom that exists between software vendor and software user, the freedom that allows you to license software in a way that provides a sustainable monetary feedback and prevents your users from re-releasing it with little to no effort, will somehow make the software more "free".
Gladly, FSF were largely unsuccessful in their crusade against "proprietary" software.
> Ah, I am beginning to see the underlying flaw in your assumptions -- The bulk of software market consists of stuff that is not sold to the general public. Most programmers are employed writing or customizing software for internal, non-public use (eg business middleware, stuff to power web services, internal IT stuff, and the like).
I frankly question that - even if you argue that the most software is not sold in retail, it is still being licensed to its customers in a way that provides a monetary reward for making the software itself available, and not just services around it. E.g. when you license a business-to-business software you will have a per-seat and/or per-user pricing (sometimes per-CPU or per-core).
That changes nothing for the purposes of our discussion since GPL would not allow such an arrangement. GPL makes it impossible for you to get money (in a sustainable way, excluding donations and sponsorship) for writing the software itself, so it is destructive to our core trade.
> LOLwut? You just said that "Linux the kernel" is mostly commercial, yet every single one of those contributing vendors incorporates GPL code into their products, which they presumably sell for a profitable amount of money. On the same token, all of my former employers have sold products incorporating GPL code -- and have had no difficulty complying with the license terms while making a buck or three.
Commercial developers around the kernel do not "sell" the kernel at large, they sell services built around the OS. A few that do sell the OS themselves (Red Hat, Google, firmware vendors), jump through hoops to satisfy GPL and would be happier if the kernel was BSD-licensed.
> Also, where do you think said BSD code comes from? The same arguments you are making against writing/releasing copyleft stuff applies even more so to writing/releasing any source code at all, preculding the very existence of BSD-licensed source code.
No. There is still value in making your code open to others for reviews and improvements. Companies do open up their code base for this reason; however, BSD and custom licenses allow you to regulate how much of the code base you prefer to be developed in-house and how much you want to make open.
> They don't do it out of altruism; they do it because this approach leads to a greater ROI than their alternatives. In the process, they benefit, I benefit, and everyone else benefits in the form of a greater, more useful, body of software.
Exactly, but they would be better off opening it on BSD terms, because that way they can still sell the final product.
> You fail to see that those freedoms are equivalent -- they enable enthusiasts to become amateurs, and enable amateurs to become professionals. My own career is demonstration that this is not a theoretical benefit -- My involvement in copyleft software has directly led to all but one of my day jobs.
You sound as if GPL were the only means to achieve it. Before and after GPL companies made their code available to hobbyists for many reasons, including evangelism of their technology. If GPL were to die today, nothing would change in that regard - you would still be able to hack on OS kernels (Darwin), improve compilers or mod your favorite games. Copyleft is not an enabler of that; vice versa, it makes your intellectual property vulnerable to someone who will simply repackage your effort.
Posted Sep 13, 2015 18:28 UTC (Sun)
by corbet (editor, #1)
[Link]
Posted Sep 13, 2015 18:50 UTC (Sun)
by pizza (subscriber, #46)
[Link] (1 responses)
> Exactly, but they would be better off opening it on BSD terms, because that way they can still sell the final product.
So.. you're saying that my customers can't sell *what they're already selling* because it incorporates software that is not BSD based? Or are you saying that I can't sell the software *that I'm already selling* because it's not BSD-based?
As I said at the outset, you're entitled to your own opinions, but you're not entitled to your own facts. Good day.
Posted Sep 20, 2015 16:49 UTC (Sun)
by RCL (guest, #63264)
[Link]
I am saying that with licenses other than GPL, you could find ways to be better protected from someone repackaging and selling your software while adding little or no value to it at all.
I guess selling GPL software can work for certain markets where software itself is not the key component of the solution, but I fail to see how complicated software that requires extensive R&D (like https://www.youtube.com/watch?v=3ugVuyCXjss) could be developed under that model in a sustainable way.
But I agree it's time to end this discussion. Have a nice day.
Posted Aug 31, 2015 3:25 UTC (Mon)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
Posted Aug 31, 2015 3:42 UTC (Mon)
by pizza (subscriber, #46)
[Link]
I understand why they did that -- allowing *any* modifications renders their entire DRM scheme useless. The mobile/console owners' goal was to create a completely locked-down platform, which happens to be entirely at odds with the (L)GPL's goals of user empowerment.
Grsecurity stable patches to be limited to sponsors
Grsecurity stable patches to be limited to sponsors
Grsecurity stable patches to be limited to sponsors
Grsecurity stable patches to be limited to sponsors
Grsecurity stable patches to be limited to sponsors
Grsecurity stable patches to be limited to sponsors
Grsecurity stable patches to be limited to sponsors
Grsecurity stable patches to be limited to sponsors
Grsecurity stable patches to be limited to sponsors
Grsecurity stable patches to be limited to sponsors
> I'm not sure why, but you seem to be under the impression that the FSF somehow forces people to bow to their ideals. At the end of the day, folks are free to do what they choose, and license their software under whatever terms they see fit.
> If you can't see the difference between that and forcing folks to submit to your will under penalty of dismemberment and death, then I am truly sorry for you.
1) the platform for that software is a general purpose platform where you can actually "control your fate"
2) the interests of the user trump the interests of the software vendor.
Grsecurity stable patches to be limited to sponsors
Grsecurity stable patches to be limited to sponsors
> Ignoring the false equivalacies with the NRA, you're still claiming that advocating for something somehow forces or imposes it upon you. By that same token, what you are I are writing here is also fanatical imposition or coercion.
OK, so comparing the FSF to the Taliban might not constitute a proper, technical invocation of Godwin's Law, but it's getting pretty close. Maybe it's about time for this discussion to wind down?
Enough?
Grsecurity stable patches to be limited to sponsors
Grsecurity stable patches to be limited to sponsors
Grsecurity stable patches to be limited to sponsors
LGPL requires that the end-users be able to replace the LGPL-ed library with a modified version. This is not possible for consoles and other similar platforms. Xamarin made quite a bit of money this way selling proprietary licenses for otherwise LGPL-ed Mono.
Grsecurity stable patches to be limited to sponsors