Discussion about open source philosophy

Continuing the discussion from:

I have to register an account to reply you

I have to say, some communities DO That. There are many s****y open source communities with dictatorship leaders. Not only Gnome.

Does a corporate oriented project do that? You betcha!

Not really. Some corporate oriented project do listen to the user's opinions.

Pure conspiracy! There are NO evidences that Richard Stallman is bought off by MS. He hasn't resigned as the head of GNU, yes, but why should he? He is the founder of the GNU project, and still willing to contribute his life to it. I don't understand your point. Do you mean he is "trojan horse" just because he didn't resign? It is totally nonsense for me.

And why can't he give speech to promote Free Software in MS campus? It is a good opportunity to advocate free software to proprietory software developers!

I can understand you don't like MS and "big corporations", neither I. but let's be realistic, many corporations are contributing to the FLOSS project, including Linux kernel. (You can find the source code submitted by MS, Google, IBM, ...) Free software does not conflict with commercial behavior. The key point is to follow the principle of FLOSS.

What you worried is the problem of open source community. There are good examples and bad examples. Gnome is a bad example, people should find a way to build a community which listen to its users feedbacks, rather than making decision arbitrarily.

My points are pretty average - nothing revolutionary! I don't like Gnome or the direction it's going - that's why I use MATE. Most of your points about corporations & the Open source community are very valid - so it's just a matter of personal opinion!

As for conspiracy theories - we have to wait 10 years to see who is right. I would be very happy to be wrong - but the way the Gnome project & GTK are going - doesn't give me much hope that they won't divide the community further with their decisions & choices. For me, Gnome likes being divisive for it's own sake - so it's logical to ask - Why do they like being divisive so much? There could be many reasons!

I'm much more of a fan of ESR than RMS - if it wasn't for ESR & his open source initiative - open source would definitely not be as widespread as it is today. RMS was always against corporations from day 1 - he invented the GPL as an anti-corporate licence to stop corporations from having a stranglehold on Open Source projects - and it worked! That's why it's strange that RMS is suddenly so cozy with MS (or any other company for that matter- MS isn't exceptional in any way) - after being so anti-corporation his entire life & setting up the FSF as an anti-corporate initiative. It just doesn't stack up when you look at the entire history of RMS & the FSF - which leaves the door open for people to speculate - including myself. And the truth will come out in 10 years - to confirm or deny these speculations!

You are right - there are good & bad open source projects - and UM & MATE are definitely in the good category!

I think we need both ESR and RMS, and they are not contradict with each other. They just explain one thing from different points, and their works can make up for each other. I am a fan of RMS because his ideology of software freedom (not his political ideology, which is rubbish). However, without ESR's works, those ideologies are destined to stay in the paper. On the other hand, without RMS's free software movement, the concept of open source can easily lost its direction and finally been controlled by the big corporation. Moreover, the GNU project is also really important in the whole open source ecosystem. So, that is why I'd like to say "FLOSS", but I never against to use the term "Free Software" and "Open Source Software".

I also like MATE desktop environment although I left it long time ago. Now, I am preparing to come back again. Currently I am not using Ubuntu, but I think the distribution doesn't matter.

I hope I can get the 'traditional' UI design rather than something like "hamburger menu". I am not saying "hamburger menu" is bad (in fact, I quite enjoy it is used on some software such as evince), but it does not fit for all applications. For example, for the application such as Gimp or Inkscape, which has so many options. It is hard to imaging those options are compressed in just on menu. The large interface element is also meaningless for desktop environment except taking up place on the screen. (We do not run GTK on mobile phone, right?). The point is that as a toolkit, GTK should give people different options, let the developer decide what the UI should like. It would be better give an global option to the desktop user to decide whether to enable "large UI" design or to keep in the normal way. If it is not possible to support both UI style, I prefer to the traditional one. Yes, in this point, GTK4 is s**k, we probably need a fork. @gordon 's project is really important. I can't wait to see it.

In term of architecture issue, I recommend openSUSE Tumbleweed. It is a rolling distribution which provides 32bit system. Most of development toolkits are supported. There is a strong community behind it.

You can also consider to use their OBS (open build system) service. It support building deb, rpm or arch linux package in one time.

Some very good points @noldenpain!

I'll tell you when the whole FLOSS vs Proprietary & the importance of FLOSS really hit home for me. When there was all that stink about malware in the Google Play store about a year ago. People were rightly asking the obvious question - how did Google not pick up the fact that these apps were full of malware? Well what do you know - the malware was being packed into the proprietary/copyrighted part of the apk! So it was much harder for Google to audit & discover the malware. This incident validated the whole FLOSS philosophy for me with a huge tick!

This also proves that proprietary software has to be intrinsically looked at with suspicion as the code hasn't been audited/peer-reviewed - blind trust in the publisher is nonsense! This was essentially the stance of ESR/RMS - with their respective initiatives. That's why I prefer running proprietary software as snaps or appimages as they are sandboxed to an extent & don't have access to the system.

Looking from a security point of view - there is no real security with proprietary software as you can't audit the code - so you can't verify if there are any backdoors or malware built in (like Windows, Android or iOS). I view my android phone as an inherently insecure device - and adjust my behaviour accordingly. People that tell me about "locking down/hardening" Android are just downright insane! The only way to make Android more secure is to make it open source. There is AOSP - but that's still niche & not being pre-installed on the vast majority of devices (I think only Huawei uses it now by default). Thankfully, there are more open source mobile os alternatives coming onto the market (UT, /E/ OS, etc) - so the future looks bright in that respect! :slight_smile:

@nemo careful now. While what you're saying is not wrong per se, the last few years have seen the mantra "many eyes make all bugs shallow" proven hideously horribly wrong multiple times. Yes, open source brings the potential to discover any and all nasty stuff, and yes, that potential goes basically fully not-taken-advantage-of the vast, vast majority of time.

What you are saying @Wooloomooloo is basically correct. This is not a flaw of open source - just a lack of activity around auditing the code - this needs to be taken advantage of much more often! I know that there are some automated tools now that look for bugs & other nasty stuff in the code - but this definitely needs to be taken to the next level! That way the full potential of open source can be realised! My point was that with open source you can audit the code - versus proprietary where you have to trust the publisher implicitly - so it's much harder to hide nasty stuff in open source code than proprietary code (where you need to reverse engineer it) - like with proprietary apks.

Exactly. When you have the source code, you are much easier to find vulnerabilities/weaknesses/backdoors, not only by human, also by using automation tools. This is just like the security of the cryptography algorithms and implementation. People should always keep the Kerckhoffs's principle in mind. Security by obscurity is not a good idea.

About the sandbox tools on Linux platform, I recommend firejail. It utilizes Linux namespaces, seccomp-bpf and Linux capabilities technique to provide a very strong isolation, and it has many options that can be used to control and customize your boxes. Firejail also has options to make it work with AppImage and AppArmor together to provide further hardening.

1 Like

Thank you @noldenpain for the link to the Kerckhoff's principle - very interesting read! Totally agree that "security through obscurity" is a really bad idea! MS does a lot of "security through obscurity" in the Windows registry - but that doesn't stop the bad actors/malware creators from cracking that "security" & using it to their advantage. The Open Source approach is a lot better in that respect!

Thanks for the firejail tip as well! Didn't know it worked with appimages - so I'll have a bit of read of the man pages & set it up on my system!

Hello everyone

In Europe tomorrow, 14 February, is "I love Free Software Day" [https://fsfe.org/activities/ilovefs/index.en.html]. :slightly_smiling_face: :penguin: