I like the ideals too, but I like Steam and Spotify. As for Wifi, I haven't had driver issues for Wifi in well over a decade, the only propriety driver and I tend to run Fedora. Only propriety driver I have had to install over the last decade or so has been nvidia, and I stopped buying nvidia cards years ago not because of ideals, but because those drivers are a pain.
I think Stallman's mistake here is always needing to verify the integrity of the application. There is a very good and short article by Ken Thompson called "Reflections on Trusting Trust". It basically says that no matter how much you read the source code before bulding an app, you are trusting the compiler. Even if you read all the compiler source codes to the first one and build them in chronological order, you still have to trust your firmware and hardware.
Stallman actually criticizes the Flatpak and Snap repositories, not the package management software itself. And I think he should rethink his answer to point to the actual problem, the repositories itself.
I think what Stallman meant is inspecting when snaps and flatpaks are already built. E.g. deb and rpm can be opened in an archive manager and can thus be checked for proprietary things before installing.
@@marcogenovesi8570 Can't judge if it works for every flatpak and if actual source will come out. Issue #126 (from 2016; Stallman could have tried it earlier) says it isn't that easy at least. Failed myself on my machine. Common archive managers definitely don't work so "still just an archive" is a bit misleading in my opinion.
Can't speak to snap, but at least on the flatpak side of things, you can inspect them on a pretty deep level because all they are is linux namespace containers using bubblewrap, built against a common buildroot which they call the "SDK". The biggest advantage of flatpaks over native distro packages is that the closed source app only has limited access to my filesystem, devices, and dbus session bus since it's containerized. The "debugging" page of flatpak's docs has more info on how to dig into the contents of the flatpak's environment with "flatpak run --command=sh --devel ". The alternative that doesn't require installing the software is using the ostree tooling to extract the delta/bundle as described in the issue you mentioned - the destination filesystem will need to support xattrs though (since that's what was snagging people in that issue thread). At the end of the day, flatpak is just a framework for packaging containerized apps against a common, portable userland with a few desktop integration features (like xdg-dbus-proxy) on the side and a permissions system to limit the containerized app's system access. Yes, there's still closed source software available, but sometimes there is no viable alternative when it's a necessity in your workflow. Third-party (non-flathub) repos are also not obligated to release their build files, so I can understand the concern there too. Ultimately it comes down to the chain of trust and what you consider an acceptable threat model for your use cases.
As someone who amost never builds packages from sources, I entirely agree with the point of the chain of trust. As someone already mentioned in the comments - in many cases you can't trust the upstream dev, and the additional scrutiny that the maintainers put on packages (in a trustworthy distro, at least) adds that layer of trust.
It's an old issue, the tension between developers moving forward with their project and the bug and security fixes they implement, and sometimes create.. With downstream distribution holding that work back because the old version has been more tested. There's no particularly good answer to this other than the fact that it's not particularly tenable for distributions to audit the enormous quantity of software in their distributions. In my view, distributions should be smaller than they are currently, with less commonly needed applications loaded in through some kind of container system which provides robust security controls. Additionally it's worth noting that once a project surpasses a certain level of sophistication, it's completely impossible for a distribution to be expected to do much of anything with it. Imagine a hypothetical situation where a distribution held back AutoCAD, or a video game for example, when a company like that pushes out a change, the user is going to expect that fix is available instantly. Distributions should be common infrastructure only.
@@SnakePlissken25 Is... there a point in there somewhere? An OS is only as relevant as the software it can run. Distributions are currently so fragmented and simultaneously enormous, that almost all of them have a workload that is vastly beyond what they can realistically handle. Nobody is auditing everything in their distro, most stuff is just built and shipped, and that's about it. And even that much is a ton of work... duplicated across every distro. Distro's need to focus on the core stuff that everyone needs, the stuff they can actually do QA for. Everything else should be the developers responsibility, and use more universal packaging systems with security controls.
You know the bar to becoming a distro maintainer is actually not that super high. There's almost nothing that community distro projects do or can do to assure contributors have good intentions. They are usually happy to take almost anybody with the skills and willingness to volunteer. Being a trusted core contributor to a major software project is usually a significantly harder thing. Core maintainers of important projects usually have demonstrated enormous personal investment in their project, through development and interaction with other users and contributors over the course of years. Such people are rarely inclined to sabotage their own projects at the expense of hard earned trust and reputation. A distro maintainer is not normally expected to demonstrate such investment. Some distros do not even have a policy that requires maintainers to share their real identity, and when they do there's usually no verification. This idea that the distro people are somehow more trustworthy is totally backwards, (though they almost always are fine people). On top of all that, few top-level projects distribute binaries, and when they do distros never use them! Even if you didn't trust maintainers, you don't have to - everything is verifiable. If I wanted to covertly tamper with some package to exploit users I'd totally do it by infiltrating some project at the distro level. They're ripe easy targets. The criminal that targets the top-level devs, where people smarter than you and intimately familiar with the code base scrutinize everything that happens, is not mastermind-level. (No need to worry about me - Gentoo person. ^^)
But can you use snap or flatpak to pull down the source code skipping the binary? Something like apt-get source? Not every flatpak repo is forced to make the packaging repo public. I think that's where stallman is coming from, and as usually he just worded it really poorly.
@zekodun most package managers dont actually ship source code nowdays and they use seperate repos for source code and your standard package doesnt actually ship the code just final binaries
most snap/flatpaks are created by repackaging binaries (i.e. for most closed source applications) so even if you know how to build the package it's just a "download binary and make package"
Note that that unofficial snap server/repo project shown at 10:21 appears to have been abandoned by its developer... contrary to what a recent editorial on The Register would have us believe!
I'm not a streamer so I wasn't aware of the OBS thing, but as a software developer it sounds like nonsense to me. If it's got private keys in it then binary vs source doesn't make much difference, it's pretty easy to extract them from the binary, but also you shouldn't distribute private keys or shared secrets anyway, that's what public keys are for.
It may be just some API keys that they can't openly share for legal reasons but are only required to "reasonably" hide from the public. In that case, it makes sense that anyone building their own binaries would need to supply their own keys. I have my own project that's in such a situation, I will release it under a free license once it's ready, but anyone wanting to build it from source must supply their own keys for it to be able to fetch data.
@@BrodieRobertson There's no "just" about it. It's a bloody cyber-security nightmare in distributing private keys out to anyone else, they are "private" for a reason.
What Stallman is saying is you can't simply trust the dev. Your distro maintainer well check the app when compiling it and potentially find any issues. It sounds reasonable but I have no idea whether the maintainers actually do check for issues or not. Do you know?
What rather makes packages from distro repos more secure than packages from outside is that those versions went though numerous hands before they end up on your computer. If you run Debian, those packages were basically tested by all those arch users who had them years before you, all those guys in Debian unstable and testing, Gentoo unstable, Ubuntu etc. etc. That xscreensaver thing was a time bomb that especially targeted Debian, the usual malware is not.
@@mskiptr Thank you. In which case, he's point doesn't really stand. Having said that I hope that Flathub can put in place a verification system to verify that the packager is the actual dev of the app and not a 3rd party. Then at least you can be 100% sure the dev packed it himself/herself. That should alay any doubts.
Xscreensaver isn't malware, I assume you're referring to the warning message telling debian users to update because they're on a 2 year out of date version
I generally avoid what Stallman and his FSF fanboys say, I use open source software when i can, and I use proprietary drivers because I need to and I dont feel like jumping through insane hoops for some philosophical reason. FOSS only when it does not ruin my ease of use.
Setting RMS aside for a moment, you can audit boundaries produced in most official repos, they are built and signed by maintainers, usually with sources available. Snap by comparison was design to be a walled garden managed by Canonical and package authenticity is a rather serious problem. Flathub is slightly better, but unofficial packages are still not marked as such.
It seems to me like some of Stallman's concerns are valid, but more about the repositories than the format itself... but we could have repositories that answer those concerns. The answer is there on Android in the form of the F-Droid, an "app store" and repository which only hosts free and open source applications, AND (critically imo) performs builds of the applications from source centrally, based on the publicly accessible code. That addresses a good chunk of the "It's hard to trust these snaps and flatpaks" point.
Sorry to be that person that nitpicks comments, but there are actually some non-open source apps on F-Droid. But they are flagged with the not open source anti-feature.
@@pandapip1 Maybe you are talking about apps that source code is not longer available in official developer repo, or source code in official developer repo is not open source (have some closed-source parts). I don't think that f-droid have any open source apps, I didn't encountered it. Can you name one so I can check?
@@Daniel_VolumeDownthe majority of apps on F droid are open source, you can examine the contents of the package. When the apps contain non free code or rely on non free web content, F droid will disclose it on the page for the app it will tell you.
3:42 oh i disagree so much. snaps are app + all needed libs bundled together. Licensed on 'trust me bro'. Difference between precompiled and binary packages is their origin. While latter come mainly from vendor's repoistories, the former come mainly from 3rd parties (like github releases). And are ultimately generally dumb idea, because what's the point of having operating system with **shared** libraries if apps come with their own libraries? Is it convienient? Sure. Is it good? subject of discussion:)
The perceived convenience is the only selling point for these things, nothing else. It comes at the expense of bloat, and (not always, but often) at the expense of devs having no incentive to maintain their software to be compatible with newer versions of libraries, with bugfixes and security patches - simply because why the hell would they bother, they can just keep using their janky libs from three years ago in a container, because that's what they're used to. It's not good. It keeps software stale, and it encourages mediocrity.
@@SnakePlissken25 loool, believe or not, i literally made whole paragraph about bundling "hearthbled libssl" in 2023's snaps but i thought to myself "naah, one will point out that i am RMS himself" :D But i can't stress enough that this form of distribution is modern Ubuntu for linux on desktop, serving both edges of the blade of course. After all i am grateful that Canonical made theirs "linux for human beings", despite endless waves of noobs seeking no further but "to just work". Especially mods and power users of these countless forums devoting their time and patience for people that couldn't be bothered with searching forums first ;p. Of course snaps won't force Intel to start/ accelerate work on linux drivers for their devices, but maybe out of these 100k new users 10 will stay and 1 will be next key figure in our linux family? I hope at least.
Containers are whole different level. If we speak about snaps/flatpaks, they are pretty well updated. And provide good foundation for a developers. Unified, sandboxed environment is a win for both sides. User can run his favorite distro and dev has one platform to support. I can speak more about snaps - confined snaps are also quite well isolated, not only with "better chroot" but also with plugs/capabilities and possibly apparmor profiles. You can't say that about most of parts of native OS system... even though this is changing already. Therefore I would be careful with fast takes on this.
@@AlesStibal Fine, not "containers"; "Bundles"; "Environments", "sandboxes", call them what you will. Whether they're well updated or not depends entirely on the upstream dev; "Pretty well" is an entirely subjective statement; Are they updated in sync with the updates on my distro, that is the real, quantifiable question. If there is a critical security issue in a common library, I expect the distro to give a timeline for its update, and I expect the software that depends on that library to be either updated in time for that update if such an update is needed, or to break and stop working, not to sneak another unpatched version of it onto my system without my explicit consent, regardless of whether it's the only piece of software that uses it; I perceive that sort of behaviour as happening at my expense as a sysadmin, as it adds a new patch schedule to keep in mind, in addition to the one provided by the distro, and as disrespectful of me as a user, as, again, explicit consent; That is not to mention the redundancy (which is a polite word for bloat; Resources are still finite. Why TF do I need six different versions of mesa on my system, each around 500MiB?????). Isolation is not a selling point for me; It's quite the opposite. If I explicitly want isolation, I will use an OCI container, I don't want extra features that add complexity forced on me by arbitrary decisions. As such - Yeah, I kinda want the software to be updated in time, and not at the expense of the drawbacks of isolation. Nah man, bundled packaging is a regression to the days of distributing software via static tarballs, only with extra steps, not an "advancement".
@@SnakePlissken25 It looks bit strange you blame me for using inaccurate or subjective expressions, and then using them too. I don't agree with most of conclusions you made, but that's all fine. Use whatever flows your boat. ;)
I kind of agree, at least with the concept that snaps/flatpaks have the potential to be problematic, I think the potential for abuse is just way too high. The last piece of software i want to install is drm-heavy corporate binary blob wrapped in a snap/flatpak.
But really that's always a possibility with any package that depends on proprietary code, ie video drivers. You really have to choose your battles in tech because that crap isn't going away without a major paradigm shift we can't force.
@@cericat I don't know what you've been using, but most of the time the only proprietary blobs on my system are codecs. And the only 'popular' binary driver I can think of seems to be always causing problems.
For me the best distro is Gentoo. You can put a allow list or deny list of licences in a file and the package manager wont install packages that doesnt follow your rules. But, you can install flatpack in gentoo which is great. Some applications are difficult to compile. Freedom is using your system how you want. Executing propietary binaries is freedom as well if you are not enforced to do so. Hakuna Matata.
The last time I ever used a flatpack, snap, appimage, whichever it was. Was a few years ago, it broke, and I went to the dev discord to ask what was up. I got flatly told that my distro had a version of crypto library that wasnt supported, and had this blamed on me for choosing a dumb distro with stupid package management. (note: I was on the most up to date version of debian stable at the time, I cant remember if the library was too old or too new of a version.) ever since I've not bothered with any of these out-of-band package alternatives, if these solutions cant even deal with the intended use case of making programs agnostic to the specific library versions available on the system, I dont see the point of the headache. Devs should do dev work, not packaging work.
This is peak Richard Stallman. The fact that non-free software EXISTS as flatpak or even snap is enough for him to wash his hands of the thing, since he doesn't know what it is. The man wouldn't touch F-Droid because it contains "anti-features" and is probably using a Nokia candy bar, if he's using a mobile phone at all.
7:06 to me, it makes more sense to create reproducible build systems for Flatpaks, distributed storage like IPFS and torrents, signing the builds to systems like cosign, and having the client tools that can check against these systems. So a distro maintainer could set the base config to say only just images built and signed by these trusted groups. Even better start having these build systems build to SLSA spec! I do also think the build and package tooling and code should be downloadable from the same source. This is very much what GUIX is aiming for, but I do very much love OCI and Flatpak images as well. They just don't compare to GUIX or Nix in being able to take a package and modifying it to your hearts content. Again, all of the Guix parts are very much inline with what GNU foundations goals are. That users of a system feel empowered as much as possible to modify and tinker with their systems. This is a divergence from the Flatpak, and immutable images concepts of the dev building the system and knowing that the end user isn't messing with their stuff. You can be a flatpak or OCI dev/maintainer, but you aren't expected to be.
That said flatpaks and OCI images, imo, can be improvements of giving the user easier access to modify the systems by taking advantage of layering and runtimes, meaning users can play around with apps easier than before without borking their systems.
9:53 I think this tangent is missing the point here. Stallman wasn't talking about the tooling for creating a snap/flatpak in general. He's talking about the source code of individual published applications, and the user being able to tell where the source code is, and have some level of assurance that that version of the source code is precisely what was used to create a particular snap/flatpak binary. As you later point out, yes, often you can look at a manifest and find where the source for something is, but that's not a requirement, and there's usually no assurance that it actually matches the binary package that was uploaded. I would tend to favor having major repositories that built the packages centrally from public code for that sort of reason. It's easier to trust a repository maintainer than trust the weakest link among a whole bunch of application developers. That's not to say there aren't issues with trusting repository maintainers too, but the fewer people you're trusting to produce binaries, the better, all else being equal. In an ideal world you also involve reproducible builds, too, etc.
When a repo makes its Manifests public (as seen at 11:26 onwards) for the users to inspect, that's pretty much equivalent to how a distro like Arch makes its PKGBUILDs public.
@@The_Lawnmower_Man Well, that's true, Flathub requires a public manifest, but that doesn't necessarily mean much the way it's implemented. It looks like it can just point to downloading some other binary even when an application is not listed as "proprietary"
I wanted to clarify the point about non-Free binary code within the kernel. The kernel itself does not contain any non-Free binary code, nor are there any non-free drivers shipped with the kernel. This would violate the GPL. However, there are non-Free binary firmware blobs usually distributed with the kernel, including distributions from the official sources. These binary firmware blobs are not part of the kernel in any way, and they do not directly interact with the kernel. Instead, they are loaded into the memory of hardware peripherals as a kind of rudimentary operating system (or sometimes not so rudimentary) for the hardware peripheral itself. Then it is the hardware peripheral that interacts with the kernel through drivers that are Free software. Often, the difference between a hardware peripheral that requires a binary blob to be loaded from disk and one that does not is just that the one that does not has its firmware stored in a ROM chip on the peripheral. Most external peripherals, like printers, store their firmware on internal ROMs, and may even boot up separately, but during operation their firmware comes just as close to being part of the kernel as the blobs that are usually distributed with the kernel. To be clear, Richard Stallman avoids the use of all non-Free software to the extent he finds possible, including non-Free firmware contained on ROMs within hardware peripherals because he feels that all software should be Free software.
I like free Software. I prefer free software. That said, I also play Skyrim. I know Stallman would disapprove, but Stallman will just have to deal with it.
10:20 You completely misunderstood what Stallman meant. He means that he doesn't know if the application inside of the Flatpak has non-free software. He doesn't know if the source of all the software in the snap is available.
@@BrodieRobertson It is completely what he said; but you also seem to think that sharing a private key isn't a big deal in "some circumstances" so... I wouldn't be surprised if you couldn't get the gist of what he said: "How do I know whether that flatpak [as in, THE BUNDLED SOFTWARE, not the flatpak system or how its made] includes some non-free software. How could I check? I don't think they're designed to let people check." And he would be right. There is no simple or convenient way to check whether a snap includes non-free software or not. No, a repo with the build script does not count. We're talking about source availability here. Most people might not care (I certainly do not), but that doesn't make him wrong.
While I fully agree with the world that Stallman champions - one where all software is open source and free to distribute and modify, I must concede that we do not yet live in such a world. Sometimes, the only (practical) option is proprietary garbage, and insofar as this is the case, one should be free to install it as they please and, crucially, have that software available for an open platform.
it's because people use what they accommodated to, but if they shown their interest in open software and protest there would be. It's like what Louis Rossmann talks about how services are bad but many people complain but keep using them.
@@bigpod In the digital world scarcity can be alleviated by the ability to make perfect copies of everything. It could be a post scarcity world. Scarcity is artificially enforced using DRM to generate revenue for the pre-post-scarcity world outside. If we can convince the people that a post-scarcity digital world is beneficial to the world outside of the digital we can change the way people think about the exchange of digital goods.
@@jannikheidemann3805 where in my comment im talking about scarcity of any variaty Im saying there are reasons someone might want their software to remain proprietary including security, trade secrets, baked in access keys and so on
@@jannikheidemann3805 and no DRM doesnt enforce scarcity it enforces access control for use of product because simple reason is making something takes money people and compute(which takes money electricity and so on) which are in turn are scarce it doesnt mattwr if something is digital and therefore not scarce if it doesnt exist because nobody created it we pay for that act
In re 9:45, for what it's worth, neither Flathub nor Snap Store require the inputs for producing the Flatpak/Snap to be published. Technically the Firefox and OBS Studio Flatpaks count in this regard as they are not built through Flathub's infrastructure and there's no meaningful way to verify that the build on the store matches what you can produce through the upstream scripts. Additionally, here's a counterpoint about distro packaging: a large number of contributors to a very large set of projects are distro packagers. They become contributors as a consequence of packaging and shipping the software, as well as adapting it for their needs and environments. This is incredibly important because it implicitly provides consensus on the nature of building the software and often ensures that dependencies are upgraded as distros upgrade (which is often faster than when the developer notices). Keep in mind, without distro packagers, you won't have things like ports of software to new architectures or technologies. They have a place and they're very important for the success of the platform moving forward.
I also know that some application developers package the software they work on for their distro of choice (and if it's a semi-big project with multiple maintainers, that can mean that they don't use the same distro)
Back in the 1990s Stallmans freedom stopped me from doing what I wanted to do for my company, so I installed OpenBSD on a Mac we had laying around :D Ok, I started my IT life with HP-UX, AIX, SCO OpenServer and Infornix, but my first unixoid system at home was more or less based on Yggdrasil with Kernel 0.95 running on a 386 with 2MB RAM and a 200MByte SCSI HD. Yes, I'm that old! And no, I'm not a Stallman fan although I do like the GPL.
It'd probably be the same thing as his comment on systemd “I’ve never seen it, I’ve never used a system that had it; I know it’s free software, so ethically speaking, it’s not an issue - it’s just a convenience question.”
Moreso, it's EASY to build your Flatpaks yourself. You just feed the manifest and an output directory to the flatpak-builder tool... and the build is sandboxed and the manifest contains hashes so you *know* you're only using the listed dependencies and they can't change behind your back. Flathub also supports filtering to only show FOSS results in the web UI and adding a filtered view of the repo to the flatpak client so it only ever accesses FOSS-licensed packages. Beyond that, Firefox is one of the only packages where upstream is allowed to build the package on their own infrastructure rather than uploading a manifest to the Flathub build farm and letting it do the build. (I can vouch for this because I'm the Flathub maintainer for I Have No Tomatoes and did the legwork to get a working build manifest for PySolFC and guide upstream through getting it onto Flathub. I'd have done more if things didn't go pear-shaped for me for a while there and I do still intend to get more classic Linux indie games onto Flathub when I came make time again.)
Packaging proprietary software is what I feel Snaps and Flats are for. Proprietary software requires the dependencies it was built against, open-source software can be rebuilt against the dependencies.
I actually am very fond of Richard Stallman, but he's crazy. The personality traits which were necessary to found the free software foundation and lead the creation of a fully open source clone of Unix are those of a fanatical zealot. Those attributes are not required so much anymore, and there are people who are much more capable of outreach while sharing the same fundamentalist viewpoint. The result of which is that for the last 15-20 years, he has been increasingly out of touch with the average user of GNU software, like for instance from his point of view the whole idea of "open source" is a backing down from the concept of "free software" to compromise with people who want to limit your personal freedom to do whatever you want with your own computer. It must be hard for someone whose work was so fundamental to have watched watered down versions of his ideas promoted by people who don't really care about human rights, become mainstream while his original vision is sidelined, to then come to the table and not sound like an angry lunatic who practically froths at the mouth with evangelism. I cherish RMS though, because ultimately he's right about free software. We wouldn't tolerate it if companies wanted to impose after market limitations on what we could do with, say, a hammer. We're allowed to use and modify most objects that we own in more or less any way we want, as long as we don't cause harm to other people. But for some reason when it comes to software, as a society we practically bend over, drop our pants and apply the KY jelly so that corporations can insert whatever they want whenever they want.
I respect Stallman alot because it's essentially thanks to him that we have Free Software and GNU/Linux. We would all be using windows or Mac right now if it weren't for him. So he's done a tremendous amount. But in this case he should have declined to answer, saying he isn't familiar enough with them to comment. I do think many a new Linux user would do well to at least watch a video by Stallman explaining Free Software and it's importance for user freedom because otherwise they have no idea and think Linux is just a non paid OS which they can dump anytime if it isn't as good as windows, being clueless as to how GNU/Linux is actually protecting their freedom.
Stallman doesn't give a rat's ass about user freedom, as that quote clearly demonstrates. Furthermore, I think it's a bit silly to act like Stallman is solely responsible for the existence of alternative operating systems. That would require that you ignore BSD, Minix, Haiku, Mach/Darwin, and probably a hundred other projects I don't know off the top of my head, which conceivably could've received more focus in a non-GNU timeline.. The GNU Project was just one of many, and it was going nowhere until Torvalds made the Linux kernal. It's just as easy to imagine a scenario where BSD became the preferred FOSS focus.
@@RunePonyRamblings i agree entirely. it's similar to the idea of who's responsible for ideas in philosophy, or discoveries in science. while we may credit Socrates with saying something, or Einstein with discovering something for examples, do we really think that nobody else would have ever thought of it, or even already had already thought of it uncredited in the past? many things are borderline inevitable to happen for a very good reason, often correlating entirely with "logic", and not some mystically fated prophetic reason like "Stallman was the ONLY person who could do it!".
@@ImHeadshotSniper to be fair, Stallman combining GNU with the Linux kernal was instrumental to Linux catching on as quickly as it did (along with lucky timing coinciding with BSD's legal trouble). But yeah, a FOSS movement was inevitable.
Listen to what actual FOSS devs say about GPL vs BSD. Look at X, or any of the BSDs and see the actual massive technical differences that play out between GPL vs BSD software. Perhaps you enjoy using proprietary software but hey "at least I can look at the BSD-backend that was written down somewhere" right? That is fundamentally user freedom, to have access to the source of the software we use. You can dislike Stallman but the GPL is undeniably the source of the FOSS movement. @@RunePonyRamblings
I dread the day all the distrobutions switch to this 'dream ideology' of flatpaks for everything that's 'not different'. If the linux market share was more i'd buy stock in harddrive manufacturers. Funny that microsoft has spent years minimizing duplicate libraries, and the linux community can't wait to get a copy of every library for every application.
I think that Mr. stallman is generally against centralization and instead wants a collective distributed control over software distribution. At the end of the day using snap/flatpak you need to trust the publisher who is incentivized to make money/ship more features (wacom drivers spying on you) whereas a distro is ideologically incentivized to protect your privacy. I personally think it is more efficient to have centralized packages for all of linux which makes it easy for third party developers to target but i think Mr Stallman wants a pure libre system with or without these third party devs.
reality is centralization will exist whether there is one center or 1 million in all honesty we probably dont want too many of them casue there is little control and even more chance for bad things
tbh, flatpak and snap are just the admission that dynamic linking is fundamentally broken. What problem do they solve that is not better and easier done with static linking?
I like Stallman, but he's too extreme for me. A good compromise for me is to use as much free software as I possibly can. If I can find an alternative to proprietary software, I will use it, but if not I'll still use the proprietary software.
Ironically, I am officially more extreme than him, because for some reason he finds the conclusion that licensing a program "under a noncopyleft free software license, such as the X11 license" is unethical "unacceptably extreme" Direct quote from the GNU site's selling-exceptions article by him: "So either we have to conclude that it's wrong to release anything under the X11 license-a conclusion I find unacceptably extreme-or reject the implication. Using a noncopyleft license is weak, and usually an inferior choice, but it's not wrong." It is wrong - any support of unethical products, period, is wrong, though you can be within your rights to do so, so long as you don't actually release unethical products yourself. But then again, this is the guy who doesn't approve of the SSPL - a license which simply patches up one of the major flaws of the GNU AGPL.
If you have ever watched a Richard Stallman interview, he's very thoughtful in his answers. In my humble opinion, he's a highly intelligent person. Let's keep in mind that Linus would have not had a compiler to write Linux with if it wasn't for RMS. In an ideal world, we'd only have free software.
GCC was not the only compiler around. Minix had the Amsterdam Compiler Toolkit. There were other "free" compilers as well. The Portable C Compiler was used to write BSD long before Linux existed. Linus has said that if he knew about 386BSD he may not have created Linux. The major role of GCC may have been to keep Linus from looking too hard. I think that Dave Conroy wrote GCC though. That said, your points are valid. GCC was the most available free compiler on i386 at the time. RMS is clearly intelligent. The GNU Project is certainly historically important. We are lucky to have Linux.
Highly intelligent people don't talk out their ass about stuff they don't know anything about. He was a talented programmer way back when, that's about it. Now he's just an extremist zealot.
@@justinmalcolm6287 Interesting list of acknowledgements which I think illustrate that Stallman wasn't as integral to pushing the movement forward as everyone likes to think. It's not as though other languages couldn't have replaced C as the language of choice for developers at the time, and there have been multiple operating systems that were written in Pascal from that time. However, if one of the BSD variants had won that particular popularity contest instead of Linux, we might actually have a better open source landscape as the BSD licensing is significantly more free than the GPL.
Honestly I wouldn't be surprised if you could make Flatpak build things from source if you forked it, might also be able to add make flags etc. Like Gentoo
So why not just use Gentoo then? It has worked for me for 20 years, I could care less about "universal package managers", Gentoo's Portage package manager does all I need. Yes, Gentoo has a huge learning curve, at least initially, so you sound like someone who knows what the problem is but is desperate not to have to put in the necessary time and effort to teach themselves how to fix the problem.
@@terrydaktyllus1320 You could have a lot of the benefits on Gentoo on any distro and on a selective bias, not to mention you have sand boxing etc.Also because why not?
Flatpak kinda already does this You just check the build manifest for source code/binaries used, and you can add flags to the sources section of said file
12:57 in Guix you can quite easily verify if a substitute is identical to your local build (guix challenge)
10 หลายเดือนก่อน
The problem Stallman have mainly with Flatpaks is the fact it comes with versions of all common system libraries. If one of those libraries have a vulnerability in it, your system is compromised, without even knowing it because you think your entire system is up to date. Would you be at ease with a flatpak of something having your personal informations, having a vulnerable implementation of OpenSSL? That's the dilemma we have to get through with how those packages are made. It's the same dilemma with proprietary software, you don't really know what's included in it. If i have a vulnerable package with classic packages, i can update only the package itself, i can audit for security, and i know it's there, good luck doing that with flatpaks. Just compare some general packages with Flatpaks, for a 50MB software, you end up installing for 1.2GB of libraries and who knows what at this point on your machine with that entire sandbox. Debugging it is also impossible really, which is one of the core principal of Linux, being able to debug, troubleshoot, make a patch and send it to the dev/maintainer. It's huge problems for very little convenience.
One could argue that Stallman, being solicitous for (ideally) everything being FOSS, should be assiduously following the snap and flatpak ecosystems that pose theoretical dangers to it. If he did, he'd probably have some useful suggestions, perhaps for how to make it as easy as possible to determine or ensure that a given snap or flatpak is in fact all FOSS, and to warn about those that aren't. (After all it, or any other binary package distribution, could claim so and yet be incorrect either accidentally or intentionally.) Being absolute doctrinaire about any philosophy of the world has a way of blinding a soul.
Yeah, just RMS being RMS. It's annoying at times but without him it would be even more annoying. I do agree though that it's nice when you have the choice between using a flatpak/snap or something from your default package manager. Also appimages are great! You can just extract them and laugh at the container autism.
just to add debian provided pipewire and wireplumber set works perfect. before , the ones i get from aur and flatpak has problems like easy effects can not pass through permission to start as daemon etc. now is running well. no flatpak involved.
these are private keys for third party services like youtube and twitch and install script what is an install script most pakcage technologies basically spew content of the archive onto your file system and then maybe run a command but prefer not to
I think I know how Stallman meant it. It could be a similar reason why Debian is not seen as a recommended distro by the FSF - because the user COULD install non-free software when he wants to and this is a big problem for the FSF. And with snaps/flatpaks the user COULD install non-free software too, so I think this is an instant killer argument for Stallman
I think issue with Debian was that they provided optional repository with proprietary packages (haven't used Debian in a while, so I may be wrong), with non-free codecs, blobs and drivers.
Ah, okay. Stallman actually has a valid point here, though I don't even think _he_ realizes it. He's saying that Debian, Fedora and Arch play a vital role as _gatekeepers_ who audit the software that's included, even in their nonfree repos. The reason PPAs and the AUR exist is that the distro maintainers (leaders in the free software movement) don't deem that software as an essential part of their experience. Stallman's concern is that the rise of Flatpaks means that people won't be installing the "Debian-approved" build of Blender or Firefox, but the _developer-approved_ bundles, and that this will encourage bad habits. Audacity is a good example. They're FOSS, but they threw in telemetry on a whim, and there was little stopping the Flatpak version from _immediately_ going out to users. To be clear: while I would agree with this stance if distros had all the staffing and funding in the world, *they don't,* and the amount of time and the effort spent reviewing and repackaging software across a dozen distros is squandering precious resources. I also think Flatpak's sandboxing-by-default and dependency isolation features more than outweigh this lack of review. Especially because, ultimately, _these are our systems,_ we're going to install the software we want, and having to apt-add a PPA has never deterred me in the past.
I dislike using flatpaks or any sort of containerized packages, so I always avoid them where possible (Even as far as to installing a different distro on my Steam Deck lol) Howver, I think they're a good choice for Linux newbies.
The problem I have with Stallman, as demonstrated here is, he's a fanatic and they can't be trusted because their perception is skewed from that of reality. I'm glad he exists, he's done a huge amount of good, but nothing's perfect.
Yeah Richard I have all the time in the world to compile my entire OS including the kernel and all its packages from scratch. These guys live in a self masturbatory virtue bubble. Some people just want to use tools to get things done.
hope you're ready to start paying for updates then to cover " remote compilation times" then. Fedora and Ubuntu are going to roll it out next year. flat $20 a month, or $180 for a year
@@angeldirk00 hopefully you got another 30+ years to catch up to those paid for updates that will be used day one on a real os instead of some bootleg alternative.. 😂
5:12 There is a kind of freedom, in the sense of one meaning of that word, which you can't have more or less of. Either you are free, or you aren't. Kind of like you can only ever be alive or dead. I think this absolute and binary freedom is what Richard Stallman deems as most important when it comes to software. It's about being _really_ free. Not just to a certain degree, completely free.
Main reason to use flatpak (for me) is.., because I dont trust the application and its possible bugs! Its just a security thing: dont allow your browser to access your file system, and it just cant do bad thing, even if it wants to. Yes, its possible to acquire same behaviour by utilizing selinux, apparmor or plain cgroups, but why do things, flatpak already doing?
can be good if fsf builds a internal freedesktop runtime without things that can break the GPL and use FFMPEG using just GPL modules including the GStreamer too, and have just freesoftware apps
The only thing I respect about him is that he created the GNU base, but with the rest it seems to me that he has no idea what he's talking about, or he's very much in his free software cloud.
I just think its weird how many adult grown men literally wait around for Stallmans opinions on things just so they can parrot them as if they were some kind of law or something (not you btw just a lot of linux users)
I have lost so much respect for Stallman over the years. I acknowledge his work with GNU and the free software movement, but given his stances, he reminds me of religious evangelicals with his demonization of proprietary software or foss projects that do include some proprietary code in order to function on certain hardware. Also the unsavory things he said in the past do not help.
Same. He's gotten increasingly hypocritical, with his literally r*ded stance on hardware, and his calling the RPL non-free (even stating that "The Reciprocal Public License is a nonfree license because of three problems. [elided] 2. It requires notification of the original developer for publication of a modified version. 3. It requires publication of any modified version that an organization uses, even privately". There is nothing wrong with #2 and #3! In fact, they're extremely beneficial), and then doing the same for the SSPL that literally exists just to patch up one of the most-abused holes in the AGPL, instead of simply making an AGPLv4 that patches it (and more!) up as well. And then add on some of his more r*ded comments from the past and it seems like it might be best for the man to retire and go out of the spotlight - or perhaps not, as his stubborn fight for some stuff might bring more good than bad. Don't get me wrong though, he's done a fuckton of good, and has most assuredly contributed more to the world than 99.9999% of people ever will. He's done good, but "you either die a hero, or live long enough to become the villain" - and he's starting to seem like the villain.
i just removed all flatpak version of apps i used, and use the debian versions of them instead, guess what, some of those that didnt worked before works just fine now. i dont know about stores that sell non free software good or bad or not, i had BAD experiences with flatpak apps. period. and im not the only one.
There's Flatseal app which handles permissions of flatpak apps, by default, flatpak apps have a lot of permissions off/restricted by default which one can turn on for more functionality. I had a problem with Brave browser installed, it didn't remember which folder I saved a downloaded file, until I gave it permission to browse directories through Flatseal.
Yeah I just can't understand the strictness of Richard Stallman on no proprietary anything. I limit what I can but some stuff I just can't ditch. Especially since I love genshin impact(tho haven't played in awhile) and I need steam, heroic and so much other shiz bc I doubt we'll get a good federated streaming service that's legal somehow *shrug*
No, that isn't his argument. In the interview, he said that " _I don't think_ [flatpak and snap] _are designed to let people check_ " whether or not an individual package contains non-free software. And in the case of Flathub specifically, he's *incorrect* about that. As the section of the video starting at 11:26 shows, each Flathub package's webpage has a link to the Manifest for that package; this is just like how each package in the official distro-package repositories for Arch or Debian has its source-package build files linked to from the distro's website.
Some flatpaks are free software some aren't, in the OBS case the build includes a private key that isn't shared to the public. I don't know if 1 line of non code change stops something being free software though
@@BrodieRobertson If that private key is relevant to the functionality of the package, it means that normal users who rebuild the package by themselves will not get a fully functional package. Thus it is not free software.
It sounds like he is against the use of flatpaks and snaps to distribute proprietary software and thinks that they seem tailor-made to enable that. I think his issue is that it's a bit too much like downloading a binary installer on Windows. But I mean, before flatpaks, it's not like developers didn't distribute their own generic RPM and DEB packages. So what was his take on that? Without knowing that, it's hard to say if he's out of touch or is being consistent. If he was against software developers shipping their own RPM or DEB packages rather than relying on distro maintainers, then this position is just a restatement of something he may of said previously. Ironically, I package software for an application that is afraid to use Flatpak because they don't want to be forced to comply with the GPL (we just rely on binary tarballs on Linux that a user has to unzip to their home directory, while on Windows we have an installer). No distro will distribute our software for us, and our maintainer is afraid that using flatpak with GPL dependencies (like glibc, GTK, or libstdc++) would lead to our whole project falling under GPL, and he is specifically avoiding flatpak because he fears the viral licensing of the GPL. The irony is that we distribute the MSVC runtime we use with the Windows version of our binaries, but require Linux users to have the right runtime libraries installed because the GPL scares him. It's just interesting... Stallman hates flatpak because he thinks it will enable proprietary applications. And my friend hates flatpak because he fears it will become a means for GPLv3 to infect non-GPL code through viral licensing if it's distributed together in a bundle. We build and include other stuff, like cairo, zlib, almost all the dependencies... just not GTK, glibc, or libstdc++.
RMS is... purist, see this in his perspective. And that attitude was once very relevant and shaped the entire software industry. This attitude still matters, open source software is generally safer for user. But the job is well done, nearly every software developer prefer to use open source components and tools to make software, and they would not consider anything else. Using closed software technology when building own software is so big risk. So we see that there are kind of two castes of people, developers and non-developers. Non-developers need that software is easy to run and use, developers do what they want and fix things. There was time when people were intimidated open source software, that they take away developers jobs and make impossible to make business. But what happened? Those software building blocks are often made open source license that are even more free than GPL, there are more need developers than ever, and nearly all essential software is open source. So it looks like everyone is won here.
I've read some of Stallman's writings back when I first started using Linux about 25 years ago. And I've always been one to lean toward pragmatism over dogmatism. And Stallman has always rubbed me as dogmatic. Being pragmatic means... use what meets your requirements, whether open or closed source. Since I'm a photographer, this would mean using Photoshop and Lightroom instead of GIMP and Darktable, respectively. (Mostly. There are some places where I do use GIMP.) Being dogmatic, on the other hand, is never not use open source, and if it what you've found doesn't meet your requirements, modify it so it does. Except, even though I'm also a software developer, I don't have the knowledge necessary to add features or functionality to GIMP to give parity to Photoshop.
If Stallman was pragmatic, he would accept things the way they are and its unlikely the open source movement would exist in the form it does today. I've heard it said that all change is dependent on unreasonable men.
@@theParticleGod Being pragmatic means leaning toward what is practical. And a lot of Stallman's philosophies lean heavily away from practicality. Practical doesn't mean adhering to the status quo. It does mean that in considering changes to the status quo, you go for what is practical over dogmatic adherence to a particular philosophy. And dogmatic adherence is what Stallman desires, as evidenced in his word choice regarding snaps and flatpaks. I've seen similar language from militant vegans. And with software, practicality means making what you write open source if you choose, but not requiring the same of everyone else if they don't have the same desire to do so. Which runs counter to what the GPL requires, which is why I've never agreed that the GPL has anything to do with "freedom". The Apache and MIT licenses are more free than the GPL. Practicality also means considering requirements and whether proprietary or open source software will meet those requirements - leaning toward open source since that tends to be free of cost - over ignoring requirements for a dogmatic adherence to "open source or nothing".
And as usual, YT has shadowhammered one of my comments. Brodie, could you take the extra effort and look for it? It should show up when you sort everything 'by newest'.
@@BrodieRobertson I have plenty experience with that too. But right now It's still there. It just doesn't show up unless a) I'm logged in or b) I change how the comments are sorted.
There are many things Stallman is out of touch because he ideologically refuses to use non-free stuff. Probably, in this case, he heard about flatpaks/snaps and saw that the only thing they can do that you can't normally do is distribute proprietary software. Stallman probably views them as analogous to wine bottles/proton since they're a way of bundling a package with libraries and stuff. Personally, I think Stallman is right but for the wrong reasons. In an ordinary Linux setup, if a library has a security issue then you just update the library package and you're done. However, in a setup that uses containers like this you have to do a wack-a-mole hunt to find out which containers have the problematic library and update each one separately (basically like working in a Windows environment). In general, I think it does not make sense to use these containers EXCEPT when dealing with proprietary software since it is considered normal and encouraged for proprietary software to rely on outdated libraries (only update if something breaks). This is especially the case with video games, where ideally you want to be able to put out a game and have it just work forever without any maintenance. So, imo, it's not that these can only be used for proprietary software, but rather that that's the only use case that is really worth the risk. In particular, your argument about using these to have a "single source of truth" really means "let's have a ton of different versions of the same libraries on our systems" which is, imo, really dangerous.
I hate arguments about DRM, I am a games dev for the Dreamcast and Windows PCs. After people asked for a DRM free Linux version, I gave it to them in a neatly pack tar.gz, and of my 52 Linux users, only 4 of them bought it. Piracy morals aside, I'm an indie dev with a VERY small budget, it can and will put me out of a job if no one buys my games so I can allocate a bigger budget to them. It's honestly put me off making Linux ports for a while. For context, my budget is £32 and a multipack of miso soup. It kinda stings to put in all the effort to make it work on a plethora of complicated distros, only for them to not support me in return.
For further context, the Dreamcast is one of the most easy to pirate for consoles ever, and even that has less pirated players on it; of which there are 12. The statistics are drawn from Steam stats, sales from my own Amazon page, and the universal servers I use for online play. Performance stats show the legitimate and illegitimate copies, as well as the system specifications and OS. I plan to have the dedicated linux server close down since it's causing me to lose money for every new player on there and just have them connect via the Windows one, and if that no longer works, then I may just nixx the Linux ports indefinitely and bring them to MacOS instead. (If Apple approves me at least).
To me it looks like Stallman answered the questions adequately. He could have said, "Yes I have heardof snaps and flatpaks" and left it at that. Instead he gave a little bit of context from his perspective. The single source of truth is never going to work in reality, because it'll just become +1 standard everyone has to care about (or not care). Package management is pretty well established and works well for the vast majority of users, already for decades at this point. Trying to come up with yet another standard is the real waste of time here. OBS is just an example of bad dev practices, and no maintainer should need to change their ways to accommodate for this, and it's fine to compile programs yourself when the situation calls for it. I also think Stallman is a bit too extreme about using free software only, but he makes reasonable points.
There is a reason that shared libraries exist and nobody wants to repeat the log4j 2.x disaster where every app brings its own version. I trust the core OS repo, but adding stuff on top is a security issue ( docker chain, maven, Jenkins plugins, cpan, npm, ...). And even more a matter of maintenance. Installing one OS security package ( liblog4j-2.x.y ) is easy. Getting 100 new versions of your apps ( as zip, snap, flatpak, msi, ...) all with their own log4j copy is not. And installing the latest version might break your system, so you need something that doesn't even exist, a bugfix release of some snap nobody wants to create. And worse, your systems are in a secure network, no access to sexy package servers ...
Linux doesn't contain non-free code tho. The problem that linux-libre is "addressing" is proprietary firmware. There are proprietary drivers (the Nvidia stuff for example), but these are not part of the Linux codebase (GPL), but rather external kernel modules and often userspace blobs.
The part where stallman loses me on this is that if that exact same firmware resides on a flash chip in the device then it's just fine. Frankly if the blob doesn't contain any code that could run on the main machines processor I don't care.
@@dokichokei Yup. FSF's policy on firmware is full of contradictions and that's because they drove themselves to it: They assumed hardware is out of scope for their mission and then the boundary got all fuzzy. Imo, the ideal we should strive for is all free software running on open source hardware. But since that is obviously not viable for most people for now, trade-offs in control (freedom), security and functionality need to be taken by all of us (individually).
Ooof basically wrong at the first sentence. Individual leaders of movements are rarely as important as they're made to be. It only happened because there were enough people interested in open source and did the work. They would've organized someway without him being the leader. It is a somewhat fair argument though that snaps and flatpaks make it _easier_ to distribute closed source/proprietary software, but that's not really the fault or a problem with snaps or flatpaks in general, as especially flatpaks are pretty nice for even open source developers for distributing software to a wider audience without as many distro-specific considerations or testing. He kinda approaches the issues from various wrong perspectives overall because his approach and argument is very individualistic .. and mostly centered around himself. Never really makes an argument about individuals holding property and knowledge to leverage against the whole of everyone else, which is the real harm. But again, this isn't anything specific to at least flatpaks.
I'll say it again, Stallman has been a hindrance on the free software movement, not a driver of it. It's his stringency towards what qualifies as free software that really holds everything back. However, he's right in this particular instance, but he's also not criticizing the technology itself either. He's basically just criticizing binary distributions of packages, which is a general complaint that'll be valid for any method of binary distribution as not every source will show you the build instructions and point you to the source used to build the package. That's not to say that I agree with his stance because while I wish everything was open source I'll use closed source without a problem. One final note, which I've mentioned before in various places but maybe neglected to say here, is that open source was pretty much the norm before software companies started taking over. We had source code printed in manuals and in magazines and posted on bulletin boards, and not the electronic variety. It's the greedy corporations that screwed things up, but they were enabled by governments that didn't understand the technology nor what was going wrong.
It's a mistake to think that it is the mission of the free software movement to be highly popular, you are confused to think that there is a mission for the mass adoption of free software. The principle of the free software movement is that _a free society deserves free software_ and that anybody who chooses to install proprietary software cannot have freedom. This is the principle you need to understand if you want to understand the Free Software Foundation (and Richard Stallman) in its proper context. The people who are holding back free software are the people who insist on developing and distributing proprietary software.
@@FreeSalesTips Striving for free software, as in open source and completely user modifiable, is an admirable goal, but it shouldn't be the only thing to be focused on. Popularity is important if you wish for people to adopt this way of life. You can't merely espouse doom and gloom and say you're a prisoner or some such because they choose to settle for what they can get that still allows them to do most of the things they want to do. And you certainly can't lie to them and say that everything will work and be better because that kind of thing is only valid on a case by case basis and not for the whole. If everyone adopted free software, including the companies making money from software, then the world would indeed be a better place, but it's not something that's going to happen overnight and companies need to be taught that they can still make a profit by releasing the source code to their software. Once they believe that truth, things will change for the better.
@@anon_y_mousse It's a mistake to conflate "open source software" as a synonym for "free software". The Free Software Foundation and Richard Stallman promotes that _free software is the ethical solution to the social problem of proprietary software_ . The Open Source Initiative rejects the ethics of the Free Software Movement, it promotes the practical benefits of free software while ignoring the ethical morality of proprietary software. Please don't conflate these ideas to be synonyms. I am an activist who promotes user software freedom through free software. I agree with the ethical stance that proprietary software is an immoral force for a free society. I teach people about this political opinion and point them towards free software as the ethical solution. Proprietary software is inherently doom and gloom, there is no denying the fact that users are subjugated prisoners every time they accept and choose proprietary software. I tell the truth that proprietary software can be convenient and powerful to use, I don't deny this reason for choosing proprietary software. I don't promote free software on the grounds of being more convenient or more powerful; however it doesn't mean that free software is inherently difficult or weak in features. I always promote free software on the grounds that it is the ethical solution to the social problem of proprietary software. Sometimes people do not care about this morality; that is not my problem, I cannot make that choice for them.
@@FreeSalesTips While I can agree with and admire your idealism, the way you get the message out seems counterproductive to me. You know the old saying, you can catch more flies with honey. Oddly, I think a company that's heavily invested in proprietary software, Valve, may actually increase adoption better than anyone that came before them because of how they're promoting the concept. Maybe you disagree with that viewpoint?
@@anon_y_mousse I have two ideas of "productivity" in regards to free software. The first productivity is to promote an ethical dimension to the distribution of software; i.e. proprietary software is an immoral social concept: proprietary software subjugates users to control their own computer and proprietary software keeps communities divided from sharing with one another. The second productivity is in the writing, development, and sharing of free software. I actively promote the ethics of free software, this knowledge is more important for me to share. whether my audience accepts or rejects this message isn't my problem. I don't promote free software on the basis that it's more convenient or more powerful. This is a shallow way of reasoning to promote free software. The counter to this kind of reasoning is that proprietary software can become more convenient and more powerful; people who choose on the basis of convenience will logically choose the more convenient proprietary software. I make the ethics of free software to be the primary focus, I try to convince particular individuals who also believe that freedom is highly important. With this foundation of freedom, the powerful and convenient free software can follow afterwards because the community can work together to make it happen.
I have a burning hatred for flatpak and snaps . Am some one who don't want my Linux to change but when the Linux completely changes then I'll drink my tears and move on
![เจ็บที่ยังฮัก - ม่อน วรวิทย์ [ Official Mv ] จอนนี่มิวสิค](http://i.ytimg.com/vi/KALIGSRSjFs/mqdefault.jpg)
Don't worry I saw Techrights blog post, I've got plenty to say about it
I do admire the ideals that Stallman holds, and it's a noble cause. But I need my wifi to work.
Can you get a wifi modem that has FOSS drivers and firmware?
@@jannikheidemann3805 look up ddwrt/openwrt
Also chances are your router firmware is a very specialized Linux distro
@@jannikheidemann3805(not really)
@@jannikheidemann3805AR9170 by Qualcomm Atheros fits the bill, but it's old Wi-Fi 4 hardware.
I like the ideals too, but I like Steam and Spotify.
As for Wifi, I haven't had driver issues for Wifi in well over a decade, the only propriety driver and I tend to run Fedora. Only propriety driver I have had to install over the last decade or so has been nvidia, and I stopped buying nvidia cards years ago not because of ideals, but because those drivers are a pain.
I think Stallman's mistake here is always needing to verify the integrity of the application. There is a very good and short article by Ken Thompson called "Reflections on Trusting Trust". It basically says that no matter how much you read the source code before bulding an app, you are trusting the compiler. Even if you read all the compiler source codes to the first one and build them in chronological order, you still have to trust your firmware and hardware.
Stallman actually criticizes the Flatpak and Snap repositories, not the package management software itself. And I think he should rethink his answer to point to the actual problem, the repositories itself.
But we have filters?
@@Beryesa. I'm not sure what you mean by that and how it addresses my point?
isn't the flatpak repository fully open source?
isn't the flatpak repository fully open source?
isn't the flatpak repository fully open source?
A.K.A. Stallman's bizzare adventures.
Stand: Bare Feet
I think what Stallman meant is inspecting when snaps and flatpaks are already built.
E.g. deb and rpm can be opened in an archive manager and can thus be checked for proprietary things before installing.
and what does prevent unpacking a flatpak package? It's still just an archive
@@marcogenovesi8570 Can't judge if it works for every flatpak and if actual source will come out. Issue #126 (from 2016; Stallman could have tried it earlier) says it isn't that easy at least. Failed myself on my machine. Common archive managers definitely don't work so "still just an archive" is a bit misleading in my opinion.
Can't speak to snap, but at least on the flatpak side of things, you can inspect them on a pretty deep level because all they are is linux namespace containers using bubblewrap, built against a common buildroot which they call the "SDK". The biggest advantage of flatpaks over native distro packages is that the closed source app only has limited access to my filesystem, devices, and dbus session bus since it's containerized.
The "debugging" page of flatpak's docs has more info on how to dig into the contents of the flatpak's environment with "flatpak run --command=sh --devel ". The alternative that doesn't require installing the software is using the ostree tooling to extract the delta/bundle as described in the issue you mentioned - the destination filesystem will need to support xattrs though (since that's what was snagging people in that issue thread).
At the end of the day, flatpak is just a framework for packaging containerized apps against a common, portable userland with a few desktop integration features (like xdg-dbus-proxy) on the side and a permissions system to limit the containerized app's system access. Yes, there's still closed source software available, but sometimes there is no viable alternative when it's a necessity in your workflow. Third-party (non-flathub) repos are also not obligated to release their build files, so I can understand the concern there too. Ultimately it comes down to the chain of trust and what you consider an acceptable threat model for your use cases.
You wont get _source code_ from deb package (usually).
How often to you unpack debs and rpms?
It is a non-issue and I am 100% anti-flatpak and snaps.
lignux
I'll go with BSD
@@henrylonghead bts
sounds like a pelican trying to throw up
@@SIackware brodie did a video on it, stallman is really creative
Lig-dezz-nux?
As someone who amost never builds packages from sources, I entirely agree with the point of the chain of trust. As someone already mentioned in the comments - in many cases you can't trust the upstream dev, and the additional scrutiny that the maintainers put on packages (in a trustworthy distro, at least) adds that layer of trust.
University of Minnesota, log4j and thorium. All varying levels of severity and malice.
It's an old issue, the tension between developers moving forward with their project and the bug and security fixes they implement, and sometimes create.. With downstream distribution holding that work back because the old version has been more tested. There's no particularly good answer to this other than the fact that it's not particularly tenable for distributions to audit the enormous quantity of software in their distributions. In my view, distributions should be smaller than they are currently, with less commonly needed applications loaded in through some kind of container system which provides robust security controls. Additionally it's worth noting that once a project surpasses a certain level of sophistication, it's completely impossible for a distribution to be expected to do much of anything with it. Imagine a hypothetical situation where a distribution held back AutoCAD, or a video game for example, when a company like that pushes out a change, the user is going to expect that fix is available instantly. Distributions should be common infrastructure only.
@@entelin We have macos and windows for that.
@@SnakePlissken25 Is... there a point in there somewhere? An OS is only as relevant as the software it can run. Distributions are currently so fragmented and simultaneously enormous, that almost all of them have a workload that is vastly beyond what they can realistically handle. Nobody is auditing everything in their distro, most stuff is just built and shipped, and that's about it. And even that much is a ton of work... duplicated across every distro. Distro's need to focus on the core stuff that everyone needs, the stuff they can actually do QA for. Everything else should be the developers responsibility, and use more universal packaging systems with security controls.
You know the bar to becoming a distro maintainer is actually not that super high. There's almost nothing that community distro projects do or can do to assure contributors have good intentions. They are usually happy to take almost anybody with the skills and willingness to volunteer.
Being a trusted core contributor to a major software project is usually a significantly harder thing. Core maintainers of important projects usually have demonstrated enormous personal investment in their project, through development and interaction with other users and contributors over the course of years. Such people are rarely inclined to sabotage their own projects at the expense of hard earned trust and reputation. A distro maintainer is not normally expected to demonstrate such investment. Some distros do not even have a policy that requires maintainers to share their real identity, and when they do there's usually no verification. This idea that the distro people are somehow more trustworthy is totally backwards, (though they almost always are fine people).
On top of all that, few top-level projects distribute binaries, and when they do distros never use them! Even if you didn't trust maintainers, you don't have to - everything is verifiable. If I wanted to covertly tamper with some package to exploit users I'd totally do it by infiltrating some project at the distro level. They're ripe easy targets. The criminal that targets the top-level devs, where people smarter than you and intimately familiar with the code base scrutinize everything that happens, is not mastermind-level. (No need to worry about me - Gentoo person. ^^)
But can you use snap or flatpak to pull down the source code skipping the binary? Something like apt-get source?
Not every flatpak repo is forced to make the packaging repo public. I think that's where stallman is coming from, and as usually he just worded it really poorly.
you said it best
Does he realize that most Linux users use a distro where the same can be achieved with the standard package manager?
Not automatically but you can follow the build manifest by hand
@zekodun most package managers dont actually ship source code nowdays and they use seperate repos for source code and your standard package doesnt actually ship the code just final binaries
most snap/flatpaks are created by repackaging binaries (i.e. for most closed source applications) so even if you know how to build the package it's just a "download binary and make package"
Note that that unofficial snap server/repo project shown at 10:21 appears to have been abandoned by its developer... contrary to what a recent editorial on The Register would have us believe!
I'm not a streamer so I wasn't aware of the OBS thing, but as a software developer it sounds like nonsense to me.
If it's got private keys in it then binary vs source doesn't make much difference, it's pretty easy to extract them from the binary, but also you shouldn't distribute private keys or shared secrets anyway, that's what public keys are for.
It may be just some API keys that they can't openly share for legal reasons but are only required to "reasonably" hide from the public. In that case, it makes sense that anyone building their own binaries would need to supply their own keys.
I have my own project that's in such a situation, I will release it under a free license once it's ready, but anyone wanting to build it from source must supply their own keys for it to be able to fetch data.
They're just TH-cam and Twitch API keys
@@BrodieRobertson There's no "just" about it. It's a bloody cyber-security nightmare in distributing private keys out to anyone else, they are "private" for a reason.
@@terrydaktyllus1320 This is how many applications function
@@BrodieRobertson Then those applications are also insecure. There should only ever be one instance of any specific private key.
What Stallman is saying is you can't simply trust the dev. Your distro maintainer well check the app when compiling it and potentially find any issues.
It sounds reasonable but I have no idea whether the maintainers actually do check for issues or not.
Do you know?
What rather makes packages from distro repos more secure than packages from outside is that those versions went though numerous hands before they end up on your computer. If you run Debian, those packages were basically tested by all those arch users who had them years before you, all those guys in Debian unstable and testing, Gentoo unstable, Ubuntu etc. etc. That xscreensaver thing was a time bomb that especially targeted Debian, the usual malware is not.
That really varies between distributions (and individual maintainers) I believe, but full audits are never a thing.
@@mskiptr Thank you. In which case, he's point doesn't really stand.
Having said that I hope that Flathub can put in place a verification system to verify that the packager is the actual dev of the app and not a 3rd party. Then at least you can be 100% sure the dev packed it himself/herself.
That should alay any doubts.
the only person in the world you can truly trust is yourself.
Xscreensaver isn't malware, I assume you're referring to the warning message telling debian users to update because they're on a 2 year out of date version
I generally avoid what Stallman and his FSF fanboys say,
I use open source software when i can, and I use proprietary drivers because I need to and I dont feel like jumping through insane hoops for some philosophical reason.
FOSS only when it does not ruin my ease of use.
Setting RMS aside for a moment, you can audit boundaries produced in most official repos, they are built and signed by maintainers, usually with sources available. Snap by comparison was design to be a walled garden managed by Canonical and package authenticity is a rather serious problem. Flathub is slightly better, but unofficial packages are still not marked as such.
No, but official packages are marked as such
@@razzeeeethe actual cli utility doesn't differentiate them to my knowledge
@@AnEagle there is a subset you can filter by
@@razzeeee that's nice to know, actually, but I think it would be cool if it showed up when you did stuff like flatpak list
Stallman such an extremist. There's absolutely no room for discussion or debate with him. It's his way or the highway.
It seems to me like some of Stallman's concerns are valid, but more about the repositories than the format itself... but we could have repositories that answer those concerns. The answer is there on Android in the form of the F-Droid, an "app store" and repository which only hosts free and open source applications, AND (critically imo) performs builds of the applications from source centrally, based on the publicly accessible code. That addresses a good chunk of the "It's hard to trust these snaps and flatpaks" point.
Sorry to be that person that nitpicks comments, but there are actually some non-open source apps on F-Droid. But they are flagged with the not open source anti-feature.
@@pandapip1 Maybe you are talking about apps that source code is not longer available in official developer repo, or source code in official developer repo is not open source (have some closed-source parts). I don't think that f-droid have any open source apps, I didn't encountered it. Can you name one so I can check?
@@Daniel_VolumeDown Inure App Manager
@@Daniel_VolumeDownthe majority of apps on F droid are open source, you can examine the contents of the package. When the apps contain non free code or rely on non free web content, F droid will disclose it on the page for the app it will tell you.
@@Daniel_VolumeDown I know apps are flagged if they make use of proprietary services.
3:42 oh i disagree so much.
snaps are app + all needed libs bundled together. Licensed on 'trust me bro'. Difference between precompiled and binary packages is their origin. While latter come mainly from vendor's repoistories, the former come mainly from 3rd parties (like github releases). And are ultimately generally dumb idea, because what's the point of having operating system with **shared** libraries if apps come with their own libraries?
Is it convienient? Sure. Is it good? subject of discussion:)
The perceived convenience is the only selling point for these things, nothing else. It comes at the expense of bloat, and (not always, but often) at the expense of devs having no incentive to maintain their software to be compatible with newer versions of libraries, with bugfixes and security patches - simply because why the hell would they bother, they can just keep using their janky libs from three years ago in a container, because that's what they're used to. It's not good. It keeps software stale, and it encourages mediocrity.
@@SnakePlissken25 loool, believe or not, i literally made whole paragraph about bundling "hearthbled libssl" in 2023's snaps but i thought to myself "naah, one will point out that i am RMS himself" :D
But i can't stress enough that this form of distribution is modern Ubuntu for linux on desktop, serving both edges of the blade of course. After all i am grateful that Canonical made theirs "linux for human beings", despite endless waves of noobs seeking no further but "to just work". Especially mods and power users of these countless forums devoting their time and patience for people that couldn't be bothered with searching forums first ;p.
Of course snaps won't force Intel to start/ accelerate work on linux drivers for their devices, but maybe out of these 100k new users 10 will stay and 1 will be next key figure in our linux family?
I hope at least.
Containers are whole different level. If we speak about snaps/flatpaks, they are pretty well updated. And provide good foundation for a developers. Unified, sandboxed environment is a win for both sides. User can run his favorite distro and dev has one platform to support.
I can speak more about snaps - confined snaps are also quite well isolated, not only with "better chroot" but also with plugs/capabilities and possibly apparmor profiles. You can't say that about most of parts of native OS system... even though this is changing already.
Therefore I would be careful with fast takes on this.
@@AlesStibal Fine, not "containers"; "Bundles"; "Environments", "sandboxes", call them what you will. Whether they're well updated or not depends entirely on the upstream dev; "Pretty well" is an entirely subjective statement; Are they updated in sync with the updates on my distro, that is the real, quantifiable question.
If there is a critical security issue in a common library, I expect the distro to give a timeline for its update, and I expect the software that depends on that library to be either updated in time for that update if such an update is needed, or to break and stop working, not to sneak another unpatched version of it onto my system without my explicit consent, regardless of whether it's the only piece of software that uses it; I perceive that sort of behaviour as happening at my expense as a sysadmin, as it adds a new patch schedule to keep in mind, in addition to the one provided by the distro, and as disrespectful of me as a user, as, again, explicit consent;
That is not to mention the redundancy (which is a polite word for bloat; Resources are still finite. Why TF do I need six different versions of mesa on my system, each around 500MiB?????).
Isolation is not a selling point for me; It's quite the opposite. If I explicitly want isolation, I will use an OCI container, I don't want extra features that add complexity forced on me by arbitrary decisions. As such - Yeah, I kinda want the software to be updated in time, and not at the expense of the drawbacks of isolation.
Nah man, bundled packaging is a regression to the days of distributing software via static tarballs, only with extra steps, not an "advancement".
@@SnakePlissken25 It looks bit strange you blame me for using inaccurate or subjective expressions, and then using them too. I don't agree with most of conclusions you made, but that's all fine. Use whatever flows your boat. ;)
I kind of agree, at least with the concept that snaps/flatpaks have the potential to be problematic, I think the potential for abuse is just way too high. The last piece of software i want to install is drm-heavy corporate binary blob wrapped in a snap/flatpak.
But really that's always a possibility with any package that depends on proprietary code, ie video drivers. You really have to choose your battles in tech because that crap isn't going away without a major paradigm shift we can't force.
@@cericat I don't know what you've been using, but most of the time the only proprietary blobs on my system are codecs. And the only 'popular' binary driver I can think of seems to be always causing problems.
For me the best distro is Gentoo.
You can put a allow list or deny list of licences in a file and the package manager wont install packages that doesnt follow your rules.
But, you can install flatpack in gentoo which is great. Some applications are difficult to compile.
Freedom is using your system how you want.
Executing propietary binaries is freedom as well if you are not enforced to do so.
Hakuna Matata.
Can you filter flatpacks by license?
@@jannikheidemann3805 that is a good question.
No, that is a feature that should implement flatpak.
It good be nice to have It.
The last time I ever used a flatpack, snap, appimage, whichever it was. Was a few years ago, it broke, and I went to the dev discord to ask what was up. I got flatly told that my distro had a version of crypto library that wasnt supported, and had this blamed on me for choosing a dumb distro with stupid package management. (note: I was on the most up to date version of debian stable at the time, I cant remember if the library was too old or too new of a version.)
ever since I've not bothered with any of these out-of-band package alternatives, if these solutions cant even deal with the intended use case of making programs agnostic to the specific library versions available on the system, I dont see the point of the headache.
Devs should do dev work, not packaging work.
This is peak Richard Stallman. The fact that non-free software EXISTS as flatpak or even snap is enough for him to wash his hands of the thing, since he doesn't know what it is. The man wouldn't touch F-Droid because it contains "anti-features" and is probably using a Nokia candy bar, if he's using a mobile phone at all.
He claimed he does not use smartphones because he does not trust them, so probably yes
7:06 to me, it makes more sense to create reproducible build systems for Flatpaks, distributed storage like IPFS and torrents, signing the builds to systems like cosign, and having the client tools that can check against these systems. So a distro maintainer could set the base config to say only just images built and signed by these trusted groups. Even better start having these build systems build to SLSA spec! I do also think the build and package tooling and code should be downloadable from the same source. This is very much what GUIX is aiming for, but I do very much love OCI and Flatpak images as well. They just don't compare to GUIX or Nix in being able to take a package and modifying it to your hearts content.
Again, all of the Guix parts are very much inline with what GNU foundations goals are. That users of a system feel empowered as much as possible to modify and tinker with their systems. This is a divergence from the Flatpak, and immutable images concepts of the dev building the system and knowing that the end user isn't messing with their stuff. You can be a flatpak or OCI dev/maintainer, but you aren't expected to be.
That said flatpaks and OCI images, imo, can be improvements of giving the user easier access to modify the systems by taking advantage of layering and runtimes, meaning users can play around with apps easier than before without borking their systems.
9:53 I think this tangent is missing the point here. Stallman wasn't talking about the tooling for creating a snap/flatpak in general. He's talking about the source code of individual published applications, and the user being able to tell where the source code is, and have some level of assurance that that version of the source code is precisely what was used to create a particular snap/flatpak binary. As you later point out, yes, often you can look at a manifest and find where the source for something is, but that's not a requirement, and there's usually no assurance that it actually matches the binary package that was uploaded. I would tend to favor having major repositories that built the packages centrally from public code for that sort of reason. It's easier to trust a repository maintainer than trust the weakest link among a whole bunch of application developers. That's not to say there aren't issues with trusting repository maintainers too, but the fewer people you're trusting to produce binaries, the better, all else being equal. In an ideal world you also involve reproducible builds, too, etc.
" _but that's not a requirement_ " -- For Flathub specifically, though, it sure looks like it's a requirement.
When a repo makes its Manifests public (as seen at 11:26 onwards) for the users to inspect, that's pretty much equivalent to how a distro like Arch makes its PKGBUILDs public.
@@The_Lawnmower_Man Well, that's true, Flathub requires a public manifest, but that doesn't necessarily mean much the way it's implemented. It looks like it can just point to downloading some other binary even when an application is not listed as "proprietary"
@@rougenaxela That's correct, but traditional distro packages sometimes are also like that.
@@The_Lawnmower_Man EYES HP printer drivers.
I wanted to clarify the point about non-Free binary code within the kernel.
The kernel itself does not contain any non-Free binary code, nor are there any non-free drivers shipped with the kernel. This would violate the GPL.
However, there are non-Free binary firmware blobs usually distributed with the kernel, including distributions from the official sources. These binary firmware blobs are not part of the kernel in any way, and they do not directly interact with the kernel. Instead, they are loaded into the memory of hardware peripherals as a kind of rudimentary operating system (or sometimes not so rudimentary) for the hardware peripheral itself. Then it is the hardware peripheral that interacts with the kernel through drivers that are Free software.
Often, the difference between a hardware peripheral that requires a binary blob to be loaded from disk and one that does not is just that the one that does not has its firmware stored in a ROM chip on the peripheral. Most external peripherals, like printers, store their firmware on internal ROMs, and may even boot up separately, but during operation their firmware comes just as close to being part of the kernel as the blobs that are usually distributed with the kernel.
To be clear, Richard Stallman avoids the use of all non-Free software to the extent he finds possible, including non-Free firmware contained on ROMs within hardware peripherals because he feels that all software should be Free software.
I like free Software. I prefer free software. That said, I also play Skyrim. I know Stallman would disapprove, but Stallman will just have to deal with it.
10:20 You completely misunderstood what Stallman meant. He means that he doesn't know if the application inside of the Flatpak has non-free software. He doesn't know if the source of all the software in the snap is available.
That's not what he said though
@@BrodieRobertson It is completely what he said; but you also seem to think that sharing a private key isn't a big deal in "some circumstances" so... I wouldn't be surprised if you couldn't get the gist of what he said:
"How do I know whether that flatpak [as in, THE BUNDLED SOFTWARE, not the flatpak system or how its made] includes some non-free software. How could I check? I don't think they're designed to let people check."
And he would be right. There is no simple or convenient way to check whether a snap includes non-free software or not. No, a repo with the build script does not count. We're talking about source availability here.
Most people might not care (I certainly do not), but that doesn't make him wrong.
@@spell105 if build scripts don't count when you can build it yourself and verify it then source code also doesn't count
Stallman has made great contrubutions to humanity.
He should have also retired years ago.
While I fully agree with the world that Stallman champions - one where all software is open source and free to distribute and modify, I must concede that we do not yet live in such a world. Sometimes, the only (practical) option is proprietary garbage, and insofar as this is the case, one should be free to install it as they please and, crucially, have that software available for an open platform.
it's because people use what they accommodated to, but if they shown their interest in open software and protest there would be. It's like what Louis Rossmann talks about how services are bad but many people complain but keep using them.
reality is we never will there are variaty of reasons why properitary software exists and will exist
@@bigpod In the digital world scarcity can be alleviated by the ability to make perfect copies of everything.
It could be a post scarcity world.
Scarcity is artificially enforced using DRM to generate revenue for the pre-post-scarcity world outside.
If we can convince the people that a post-scarcity digital world is beneficial to the world outside of the digital we can change the way people think about the exchange of digital goods.
@@jannikheidemann3805 where in my comment im talking about scarcity of any variaty
Im saying there are reasons someone might want their software to remain proprietary including security, trade secrets, baked in access keys and so on
@@jannikheidemann3805 and no DRM doesnt enforce scarcity it enforces access control for use of product because simple reason is making something takes money people and compute(which takes money electricity and so on) which are in turn are scarce it doesnt mattwr if something is digital and therefore not scarce if it doesnt exist because nobody created it we pay for that act
In re 9:45, for what it's worth, neither Flathub nor Snap Store require the inputs for producing the Flatpak/Snap to be published. Technically the Firefox and OBS Studio Flatpaks count in this regard as they are not built through Flathub's infrastructure and there's no meaningful way to verify that the build on the store matches what you can produce through the upstream scripts.
Additionally, here's a counterpoint about distro packaging: a large number of contributors to a very large set of projects are distro packagers. They become contributors as a consequence of packaging and shipping the software, as well as adapting it for their needs and environments. This is incredibly important because it implicitly provides consensus on the nature of building the software and often ensures that dependencies are upgraded as distros upgrade (which is often faster than when the developer notices).
Keep in mind, without distro packagers, you won't have things like ports of software to new architectures or technologies. They have a place and they're very important for the success of the platform moving forward.
I also know that some application developers package the software they work on for their distro of choice (and if it's a semi-big project with multiple maintainers, that can mean that they don't use the same distro)
Stallman is such a self-important bawbag 😂
One of the few men fighting the good fight for software freedom. People making fun of such an important person is gross
Richard Stallman is an international treasure!
Back in the 1990s Stallmans freedom stopped me from doing what I wanted to do for my company, so I installed OpenBSD on a Mac we had laying around :D
Ok, I started my IT life with HP-UX, AIX, SCO OpenServer and Infornix, but my first unixoid system at home was more or less based on Yggdrasil with Kernel 0.95 running on a 386 with 2MB RAM and a 200MByte SCSI HD.
Yes, I'm that old! And no, I'm not a Stallman fan although I do like the GPL.
Wonder what Stallman thinks of Wayland, Pipewire, etc?
Considering GNU Guix advertise Sway with Wayland support on it front page, I doubt he has a negative opinion towards Wayland and such.
Nothing bad, since they are FOSS.
It'd probably be the same thing as his comment on systemd
“I’ve never seen it, I’ve never used a system that had it; I know it’s free software, so ethically speaking, it’s not an issue - it’s just a convenience question.”
Stallman can talk out of his ass about many topics.
I did enjoy your take on snaps and flatpaks though.
Moreso, it's EASY to build your Flatpaks yourself. You just feed the manifest and an output directory to the flatpak-builder tool... and the build is sandboxed and the manifest contains hashes so you *know* you're only using the listed dependencies and they can't change behind your back.
Flathub also supports filtering to only show FOSS results in the web UI and adding a filtered view of the repo to the flatpak client so it only ever accesses FOSS-licensed packages.
Beyond that, Firefox is one of the only packages where upstream is allowed to build the package on their own infrastructure rather than uploading a manifest to the Flathub build farm and letting it do the build.
(I can vouch for this because I'm the Flathub maintainer for I Have No Tomatoes and did the legwork to get a working build manifest for PySolFC and guide upstream through getting it onto Flathub. I'd have done more if things didn't go pear-shaped for me for a while there and I do still intend to get more classic Linux indie games onto Flathub when I came make time again.)
Packaging proprietary software is what I feel Snaps and Flats are for. Proprietary software requires the dependencies it was built against, open-source software can be rebuilt against the dependencies.
0:52 To be fair, Stallman is also asked about his opinion for a lot of software related things.
He's famous afterall.
I actually am very fond of Richard Stallman, but he's crazy. The personality traits which were necessary to found the free software foundation and lead the creation of a fully open source clone of Unix are those of a fanatical zealot. Those attributes are not required so much anymore, and there are people who are much more capable of outreach while sharing the same fundamentalist viewpoint.
The result of which is that for the last 15-20 years, he has been increasingly out of touch with the average user of GNU software, like for instance from his point of view the whole idea of "open source" is a backing down from the concept of "free software" to compromise with people who want to limit your personal freedom to do whatever you want with your own computer.
It must be hard for someone whose work was so fundamental to have watched watered down versions of his ideas promoted by people who don't really care about human rights, become mainstream while his original vision is sidelined, to then come to the table and not sound like an angry lunatic who practically froths at the mouth with evangelism.
I cherish RMS though, because ultimately he's right about free software. We wouldn't tolerate it if companies wanted to impose after market limitations on what we could do with, say, a hammer. We're allowed to use and modify most objects that we own in more or less any way we want, as long as we don't cause harm to other people. But for some reason when it comes to software, as a society we practically bend over, drop our pants and apply the KY jelly so that corporations can insert whatever they want whenever they want.
I respect Stallman alot because it's essentially thanks to him that we have Free Software and GNU/Linux.
We would all be using windows or Mac right now if it weren't for him. So he's done a tremendous amount. But in this case he should have declined to answer, saying he isn't familiar enough with them to comment.
I do think many a new Linux user would do well to at least watch a video by Stallman explaining Free Software and it's importance for user freedom because otherwise they have no idea and think Linux is just a non paid OS which they can dump anytime if it isn't as good as windows, being clueless as to how GNU/Linux is actually protecting their freedom.
He should know what they are. They are like lisp images for C with a wrapper.
Stallman doesn't give a rat's ass about user freedom, as that quote clearly demonstrates.
Furthermore, I think it's a bit silly to act like Stallman is solely responsible for the existence of alternative operating systems. That would require that you ignore BSD, Minix, Haiku, Mach/Darwin, and probably a hundred other projects I don't know off the top of my head, which conceivably could've received more focus in a non-GNU timeline.. The GNU Project was just one of many, and it was going nowhere until Torvalds made the Linux kernal. It's just as easy to imagine a scenario where BSD became the preferred FOSS focus.
@@RunePonyRamblings i agree entirely. it's similar to the idea of who's responsible for ideas in philosophy, or discoveries in science. while we may credit Socrates with saying something, or Einstein with discovering something for examples, do we really think that nobody else would have ever thought of it, or even already had already thought of it uncredited in the past?
many things are borderline inevitable to happen for a very good reason, often correlating entirely with "logic", and not some mystically fated prophetic reason like "Stallman was the ONLY person who could do it!".
@@ImHeadshotSniper to be fair, Stallman combining GNU with the Linux kernal was instrumental to Linux catching on as quickly as it did (along with lucky timing coinciding with BSD's legal trouble). But yeah, a FOSS movement was inevitable.
Listen to what actual FOSS devs say about GPL vs BSD. Look at X, or any of the BSDs and see the actual massive technical differences that play out between GPL vs BSD software. Perhaps you enjoy using proprietary software but hey "at least I can look at the BSD-backend that was written down somewhere" right? That is fundamentally user freedom, to have access to the source of the software we use. You can dislike Stallman but the GPL is undeniably the source of the FOSS movement. @@RunePonyRamblings
at the end of the day you can always download the package itself and unpack it when it comes to snaps and see everything about it
I dread the day all the distrobutions switch to this 'dream ideology' of flatpaks for everything that's 'not different'. If the linux market share was more i'd buy stock in harddrive manufacturers. Funny that microsoft has spent years minimizing duplicate libraries, and the linux community can't wait to get a copy of every library for every application.
I think that Mr. stallman is generally against centralization and instead wants a collective distributed control over software distribution. At the end of the day using snap/flatpak you need to trust the publisher who is incentivized to make money/ship more features (wacom drivers spying on you) whereas a distro is ideologically incentivized to protect your privacy.
I personally think it is more efficient to have centralized packages for all of linux which makes it easy for third party developers to target but i think Mr Stallman wants a pure libre system with or without these third party devs.
Privacy, end user control, and trustworthiness > efficiency.
reality is centralization will exist whether there is one center or 1 million in all honesty we probably dont want too many of them casue there is little control and even more chance for bad things
Aren't those the same folks that decredited non-gnu libre git remotes for not worshipping GNU each minute?
tbh, flatpak and snap are just the admission that dynamic linking is fundamentally broken.
What problem do they solve that is not better and easier done with static linking?
How do you know if flatpak is builded with that source available and not other??
I like Stallman, but he's too extreme for me. A good compromise for me is to use as much free software as I possibly can. If I can find an alternative to proprietary software, I will use it, but if not I'll still use the proprietary software.
Ironically, I am officially more extreme than him, because for some reason he finds the conclusion that licensing a program "under a noncopyleft free software license, such as the X11 license" is unethical "unacceptably extreme"
Direct quote from the GNU site's selling-exceptions article by him: "So either we have to conclude that it's wrong to release anything under the X11 license-a conclusion I find unacceptably extreme-or reject the implication. Using a noncopyleft license is weak, and usually an inferior choice, but it's not wrong."
It is wrong - any support of unethical products, period, is wrong, though you can be within your rights to do so, so long as you don't actually release unethical products yourself. But then again, this is the guy who doesn't approve of the SSPL - a license which simply patches up one of the major flaws of the GNU AGPL.
If you have ever watched a Richard Stallman interview, he's very thoughtful in his answers. In my humble opinion, he's a highly intelligent person. Let's keep in mind that Linus would have not had a compiler to write Linux with if it wasn't for RMS. In an ideal world, we'd only have free software.
GCC was not the only compiler around. Minix had the Amsterdam Compiler Toolkit. There were other "free" compilers as well. The Portable C Compiler was used to write BSD long before Linux existed. Linus has said that if he knew about 386BSD he may not have created Linux. The major role of GCC may have been to keep Linus from looking too hard. I think that Dave Conroy wrote GCC though. That said, your points are valid. GCC was the most available free compiler on i386 at the time. RMS is clearly intelligent. The GNU Project is certainly historically important. We are lucky to have Linux.
Now that is a bit of an exaggeration as well, as rms did not invent C compilers
Highly intelligent people don't talk out their ass about stuff they don't know anything about. He was a talented programmer way back when, that's about it. Now he's just an extremist zealot.
@@justinmalcolm6287 Well said!
@@justinmalcolm6287 Interesting list of acknowledgements which I think illustrate that Stallman wasn't as integral to pushing the movement forward as everyone likes to think. It's not as though other languages couldn't have replaced C as the language of choice for developers at the time, and there have been multiple operating systems that were written in Pascal from that time. However, if one of the BSD variants had won that particular popularity contest instead of Linux, we might actually have a better open source landscape as the BSD licensing is significantly more free than the GPL.
"I have approximate knowledge of many things..."
what the hell is that weird outro "music" are they killing a cat or something?
Honestly I wouldn't be surprised if you could make Flatpak build things from source if you forked it, might also be able to add make flags etc. Like Gentoo
Build steps in case of flathubs manifests are just download manifest and
flatpak-builder --install thing
So there's not a lot to automate.
So why not just use Gentoo then? It has worked for me for 20 years, I could care less about "universal package managers", Gentoo's Portage package manager does all I need.
Yes, Gentoo has a huge learning curve, at least initially, so you sound like someone who knows what the problem is but is desperate not to have to put in the necessary time and effort to teach themselves how to fix the problem.
@@terrydaktyllus1320 You could have a lot of the benefits on Gentoo on any distro and on a selective bias, not to mention you have sand boxing etc.Also because why not?
Flatpak kinda already does this
You just check the build manifest for source code/binaries used, and you can add flags to the sources section of said file
same vibe as refusing to differrenciate between wayland and its implementations
12:57 in Guix you can quite easily verify if a substitute is identical to your local build (guix challenge)
The problem Stallman have mainly with Flatpaks is the fact it comes with versions of all common system libraries. If one of those libraries have a vulnerability in it, your system is compromised, without even knowing it because you think your entire system is up to date. Would you be at ease with a flatpak of something having your personal informations, having a vulnerable implementation of OpenSSL? That's the dilemma we have to get through with how those packages are made. It's the same dilemma with proprietary software, you don't really know what's included in it. If i have a vulnerable package with classic packages, i can update only the package itself, i can audit for security, and i know it's there, good luck doing that with flatpaks. Just compare some general packages with Flatpaks, for a 50MB software, you end up installing for 1.2GB of libraries and who knows what at this point on your machine with that entire sandbox. Debugging it is also impossible really, which is one of the core principal of Linux, being able to debug, troubleshoot, make a patch and send it to the dev/maintainer. It's huge problems for very little convenience.
One could argue that Stallman, being solicitous for (ideally) everything being FOSS, should be assiduously following the snap and flatpak ecosystems that pose theoretical dangers to it. If he did, he'd probably have some useful suggestions, perhaps for how to make it as easy as possible to determine or ensure that a given snap or flatpak is in fact all FOSS, and to warn about those that aren't. (After all it, or any other binary package distribution, could claim so and yet be incorrect either accidentally or intentionally.) Being absolute doctrinaire about any philosophy of the world has a way of blinding a soul.
Yeah, just RMS being RMS. It's annoying at times but without him it would be even more annoying. I do agree though that it's nice when you have the choice between using a flatpak/snap or something from your default package manager. Also appimages are great! You can just extract them and laugh at the container autism.
just to add debian provided pipewire and wireplumber set works perfect. before , the ones i get from aur and flatpak has problems like easy effects can not pass through permission to start as daemon etc. now is running well. no flatpak involved.
7:24 Putting private keys into a binary blob does not solve the problem.
The install script should generate private keys as needed.
these are private keys for third party services like youtube and twitch and install script what is an install script most pakcage technologies basically spew content of the archive onto your file system and then maybe run a command but prefer not to
I think I know how Stallman meant it. It could be a similar reason why Debian is not seen as a recommended distro by the FSF - because the user COULD install non-free software when he wants to and this is a big problem for the FSF. And with snaps/flatpaks the user COULD install non-free software too, so I think this is an instant killer argument for Stallman
Well for me it is freedom if I can install what I want. Free software or not. It is none of the FSFs business.
I think issue with Debian was that they provided optional repository with proprietary packages (haven't used Debian in a while, so I may be wrong), with non-free codecs, blobs and drivers.
@@hikkamorii yeah, iirc this was the case
Huh, someone is offended that flatpak runs on gnu-less distros /s
Ah, okay. Stallman actually has a valid point here, though I don't even think _he_ realizes it. He's saying that Debian, Fedora and Arch play a vital role as _gatekeepers_ who audit the software that's included, even in their nonfree repos. The reason PPAs and the AUR exist is that the distro maintainers (leaders in the free software movement) don't deem that software as an essential part of their experience.
Stallman's concern is that the rise of Flatpaks means that people won't be installing the "Debian-approved" build of Blender or Firefox, but the _developer-approved_ bundles, and that this will encourage bad habits. Audacity is a good example. They're FOSS, but they threw in telemetry on a whim, and there was little stopping the Flatpak version from _immediately_ going out to users.
To be clear: while I would agree with this stance if distros had all the staffing and funding in the world, *they don't,* and the amount of time and the effort spent reviewing and repackaging software across a dozen distros is squandering precious resources.
I also think Flatpak's sandboxing-by-default and dependency isolation features more than outweigh this lack of review.
Especially because, ultimately, _these are our systems,_ we're going to install the software we want, and having to apt-add a PPA has never deterred me in the past.
I dislike using flatpaks or any sort of containerized packages, so I always avoid them where possible (Even as far as to installing a different distro on my Steam Deck lol)
Howver, I think they're a good choice for Linux newbies.
The problem I have with Stallman, as demonstrated here is, he's a fanatic and they can't be trusted because their perception is skewed from that of reality.
I'm glad he exists, he's done a huge amount of good, but nothing's perfect.
fanatic? fanatic of what?
Does you not subscribing to him because he is too resolute in what you think not just show weakness on your part instead of error in him?
@@phillipanselmo8540Fanatic of software respecting the user's freedom, awful I know.
@@WoodsSooperDooperShop Every individual word you typed, is English. The comment as a whole however, is gibberish.
@@ChrispyNut : Not gibberish, but certainly irrational from the instigation of fanatacism.
Typo in the description lol
(Stallma is supposed to be Stallman, first word in the desc)
Maybe it's a ligma joke.
The description has a typo in it, "Stallma"
Stallma nutz
I don't like Green Eggs and Ham Sam I Am. I don't like Green Eggs and Ham. I don't like them ...
Yeah Richard I have all the time in the world to compile my entire OS including the kernel and all its packages from scratch.
These guys live in a self masturbatory virtue bubble. Some people just want to use tools to get things done.
Well like they say. Linux is free if you don't value your time. Sounding like a fake Linux fan is going on here.. 😆
hope you're ready to start paying for updates then to cover " remote compilation times" then. Fedora and Ubuntu are going to roll it out next year. flat $20 a month, or $180 for a year
@@angeldirk00 hopefully you got another 30+ years to catch up to those paid for updates that will be used day one on a real os instead of some bootleg alternative.. 😂
Some people have principles, other don't.
5:12 There is a kind of freedom, in the sense of one meaning of that word, which you can't have more or less of.
Either you are free, or you aren't.
Kind of like you can only ever be alive or dead.
I think this absolute and binary freedom is what Richard Stallman deems as most important when it comes to software.
It's about being _really_ free.
Not just to a certain degree,
completely free.
Main reason to use flatpak (for me) is.., because I dont trust the application and its possible bugs! Its just a security thing: dont allow your browser to access your file system, and it just cant do bad thing, even if it wants to. Yes, its possible to acquire same behaviour by utilizing selinux, apparmor or plain cgroups, but why do things, flatpak already doing?
Given some time a fart becomes old and irrelevant to the point you can't smell it anymore.
what about nix? it behave same like flatpak/snap
can be good if fsf builds a internal freedesktop runtime without things that can break the GPL and use FFMPEG using just GPL modules including the GStreamer too, and have just freesoftware apps
The only thing I respect about him is that he created the GNU base, but with the rest it seems to me that he has no idea what he's talking about, or he's very much in his free software cloud.
I just think its weird how many adult grown men literally wait around for Stallmans opinions on things just so they can parrot them as if they were some kind of law or something (not you btw just a lot of linux users)
Flatpack are nice, but their security model isn't good. It is not secure from what I've seen in the sense that it seems to be a bad sandbox.
Don't install discord run in browser always has mem leaks for me if installed.
I have lost so much respect for Stallman over the years. I acknowledge his work with GNU and the free software movement, but given his stances, he reminds me of religious evangelicals with his demonization of proprietary software or foss projects that do include some proprietary code in order to function on certain hardware. Also the unsavory things he said in the past do not help.
Same. He's gotten increasingly hypocritical, with his literally r*ded stance on hardware, and his calling the RPL non-free (even stating that "The Reciprocal Public License is a nonfree license because of three problems. [elided] 2. It requires notification of the original developer for publication of a modified version. 3. It requires publication of any modified version that an organization uses, even privately". There is nothing wrong with #2 and #3! In fact, they're extremely beneficial), and then doing the same for the SSPL that literally exists just to patch up one of the most-abused holes in the AGPL, instead of simply making an AGPLv4 that patches it (and more!) up as well. And then add on some of his more r*ded comments from the past and it seems like it might be best for the man to retire and go out of the spotlight - or perhaps not, as his stubborn fight for some stuff might bring more good than bad. Don't get me wrong though, he's done a fuckton of good, and has most assuredly contributed more to the world than 99.9999% of people ever will. He's done good, but "you either die a hero, or live long enough to become the villain" - and he's starting to seem like the villain.
i just removed all flatpak version of apps i used, and use the debian versions of them instead, guess what, some of those that didnt worked before works just fine now. i dont know about stores that sell non free software good or bad or not, i had BAD experiences with flatpak apps. period. and im not the only one.
There's Flatseal app which handles permissions of flatpak apps, by default, flatpak apps have a lot of permissions off/restricted by default which one can turn on for more functionality.
I had a problem with Brave browser installed, it didn't remember which folder I saved a downloaded file, until I gave it permission to browse directories through Flatseal.
i use fedora silverblue, only things i can install are webapps and flatpaks
Yeah I just can't understand the strictness of Richard Stallman on no proprietary anything. I limit what I can but some stuff I just can't ditch. Especially since I love genshin impact(tho haven't played in awhile) and I need steam, heroic and so much other shiz bc I doubt we'll get a good federated streaming service that's legal somehow *shrug*
gotta CONSOOOOOOOOM
7:38 This is precisely Stallman's argument: You have just confirmed than OBS flatpaks are not free software!
No, that isn't his argument. In the interview, he said that " _I don't think_ [flatpak and snap] _are designed to let people check_ " whether or not an individual package contains non-free software.
And in the case of Flathub specifically, he's *incorrect* about that. As the section of the video starting at 11:26 shows, each Flathub package's webpage has a link to the Manifest for that package; this is just like how each package in the official distro-package repositories for Arch or Debian has its source-package build files linked to from the distro's website.
(redundant comment removed -- spam filter is a nuisance...)
Some flatpaks are free software some aren't, in the OBS case the build includes a private key that isn't shared to the public. I don't know if 1 line of non code change stops something being free software though
@@BrodieRobertson If that private key is relevant to the functionality of the package, it means that normal users who rebuild the package by themselves will not get a fully functional package. Thus it is not free software.
@@Bruno_Haible fair enough
Just don’t ask stallman about the age of consent
lmao
As long as snaps auto-update with no ability to disable that feature, they're garbage.
Sounds like Stallman's getting old or replaced himself with an LLM.
I for one agree with stallman on this. Spend the afford and build deb/rpm. These flatpak/snaps are against linux ethos.
It sounds like he is against the use of flatpaks and snaps to distribute proprietary software and thinks that they seem tailor-made to enable that. I think his issue is that it's a bit too much like downloading a binary installer on Windows. But I mean, before flatpaks, it's not like developers didn't distribute their own generic RPM and DEB packages. So what was his take on that? Without knowing that, it's hard to say if he's out of touch or is being consistent. If he was against software developers shipping their own RPM or DEB packages rather than relying on distro maintainers, then this position is just a restatement of something he may of said previously. Ironically, I package software for an application that is afraid to use Flatpak because they don't want to be forced to comply with the GPL (we just rely on binary tarballs on Linux that a user has to unzip to their home directory, while on Windows we have an installer). No distro will distribute our software for us, and our maintainer is afraid that using flatpak with GPL dependencies (like glibc, GTK, or libstdc++) would lead to our whole project falling under GPL, and he is specifically avoiding flatpak because he fears the viral licensing of the GPL. The irony is that we distribute the MSVC runtime we use with the Windows version of our binaries, but require Linux users to have the right runtime libraries installed because the GPL scares him. It's just interesting... Stallman hates flatpak because he thinks it will enable proprietary applications. And my friend hates flatpak because he fears it will become a means for GPLv3 to infect non-GPL code through viral licensing if it's distributed together in a bundle. We build and include other stuff, like cairo, zlib, almost all the dependencies... just not GTK, glibc, or libstdc++.
RMS is... purist, see this in his perspective. And that attitude was once very relevant and shaped the entire software industry.
This attitude still matters, open source software is generally safer for user.
But the job is well done, nearly every software developer prefer to use open source components and tools to make software, and they would not consider anything else. Using closed software technology when building own software is so big risk.
So we see that there are kind of two castes of people, developers and non-developers. Non-developers need that software is easy to run and use, developers do what they want and fix things.
There was time when people were intimidated open source software, that they take away developers jobs and make impossible to make business. But what happened? Those software building blocks are often made open source license that are even more free than GPL, there are more need developers than ever, and nearly all essential software is open source.
So it looks like everyone is won here.
I've read some of Stallman's writings back when I first started using Linux about 25 years ago. And I've always been one to lean toward pragmatism over dogmatism. And Stallman has always rubbed me as dogmatic. Being pragmatic means... use what meets your requirements, whether open or closed source. Since I'm a photographer, this would mean using Photoshop and Lightroom instead of GIMP and Darktable, respectively. (Mostly. There are some places where I do use GIMP.) Being dogmatic, on the other hand, is never not use open source, and if it what you've found doesn't meet your requirements, modify it so it does. Except, even though I'm also a software developer, I don't have the knowledge necessary to add features or functionality to GIMP to give parity to Photoshop.
If Stallman was pragmatic, he would accept things the way they are and its unlikely the open source movement would exist in the form it does today.
I've heard it said that all change is dependent on unreasonable men.
@@theParticleGod Being pragmatic means leaning toward what is practical. And a lot of Stallman's philosophies lean heavily away from practicality. Practical doesn't mean adhering to the status quo. It does mean that in considering changes to the status quo, you go for what is practical over dogmatic adherence to a particular philosophy. And dogmatic adherence is what Stallman desires, as evidenced in his word choice regarding snaps and flatpaks. I've seen similar language from militant vegans.
And with software, practicality means making what you write open source if you choose, but not requiring the same of everyone else if they don't have the same desire to do so. Which runs counter to what the GPL requires, which is why I've never agreed that the GPL has anything to do with "freedom". The Apache and MIT licenses are more free than the GPL. Practicality also means considering requirements and whether proprietary or open source software will meet those requirements - leaning toward open source since that tends to be free of cost - over ignoring requirements for a dogmatic adherence to "open source or nothing".
And as usual, YT has shadowhammered one of my comments.
Brodie, could you take the extra effort and look for it? It should show up when you sort everything 'by newest'.
Sometimes youtube just deletes a comment and I even I can't see it
@@BrodieRobertson I have plenty experience with that too. But right now It's still there. It just doesn't show up unless a) I'm logged in or b) I change how the comments are sorted.
Those that give up freedom for easy don't desevered it. Fools always try to lead others into chains.
There are many things Stallman is out of touch because he ideologically refuses to use non-free stuff. Probably, in this case, he heard about flatpaks/snaps and saw that the only thing they can do that you can't normally do is distribute proprietary software. Stallman probably views them as analogous to wine bottles/proton since they're a way of bundling a package with libraries and stuff.
Personally, I think Stallman is right but for the wrong reasons. In an ordinary Linux setup, if a library has a security issue then you just update the library package and you're done. However, in a setup that uses containers like this you have to do a wack-a-mole hunt to find out which containers have the problematic library and update each one separately (basically like working in a Windows environment). In general, I think it does not make sense to use these containers EXCEPT when dealing with proprietary software since it is considered normal and encouraged for proprietary software to rely on outdated libraries (only update if something breaks). This is especially the case with video games, where ideally you want to be able to put out a game and have it just work forever without any maintenance. So, imo, it's not that these can only be used for proprietary software, but rather that that's the only use case that is really worth the risk. In particular, your argument about using these to have a "single source of truth" really means "let's have a ton of different versions of the same libraries on our systems" which is, imo, really dangerous.
stallman apologists are coping hard on the comment section.
I hate arguments about DRM, I am a games dev for the Dreamcast and Windows PCs.
After people asked for a DRM free Linux version, I gave it to them in a neatly pack tar.gz, and of my 52 Linux users, only 4 of them bought it.
Piracy morals aside, I'm an indie dev with a VERY small budget, it can and will put me out of a job if no one buys my games so I can allocate a bigger budget to them.
It's honestly put me off making Linux ports for a while.
For context, my budget is £32 and a multipack of miso soup. It kinda stings to put in all the effort to make it work on a plethora of complicated distros, only for them to not support me in return.
For further context, the Dreamcast is one of the most easy to pirate for consoles ever, and even that has less pirated players on it; of which there are 12.
The statistics are drawn from Steam stats, sales from my own Amazon page, and the universal servers I use for online play.
Performance stats show the legitimate and illegitimate copies, as well as the system specifications and OS.
I plan to have the dedicated linux server close down since it's causing me to lose money for every new player on there and just have them connect via the Windows one, and if that no longer works, then I may just nixx the Linux ports indefinitely and bring them to MacOS instead. (If Apple approves me at least).
To me it looks like Stallman answered the questions adequately. He could have said, "Yes I have heardof snaps and flatpaks" and left it at that. Instead he gave a little bit of context from his perspective. The single source of truth is never going to work in reality, because it'll just become +1 standard everyone has to care about (or not care). Package management is pretty well established and works well for the vast majority of users, already for decades at this point. Trying to come up with yet another standard is the real waste of time here. OBS is just an example of bad dev practices, and no maintainer should need to change their ways to accommodate for this, and it's fine to compile programs yourself when the situation calls for it. I also think Stallman is a bit too extreme about using free software only, but he makes reasonable points.
There is a reason that shared libraries exist and nobody wants to repeat the log4j 2.x disaster where every app brings its own version. I trust the core OS repo, but adding stuff on top is a security issue ( docker chain, maven, Jenkins plugins, cpan, npm, ...). And even more a matter of maintenance. Installing one OS security package ( liblog4j-2.x.y ) is easy. Getting 100 new versions of your apps ( as zip, snap, flatpak, msi, ...) all with their own log4j copy is not. And installing the latest version might break your system, so you need something that doesn't even exist, a bugfix release of some snap nobody wants to create. And worse, your systems are in a secure network, no access to sexy package servers ...
Linux doesn't contain non-free code tho. The problem that linux-libre is "addressing" is proprietary firmware. There are proprietary drivers (the Nvidia stuff for example), but these are not part of the Linux codebase (GPL), but rather external kernel modules and often userspace blobs.
The part where stallman loses me on this is that if that exact same firmware resides on a flash chip in the device then it's just fine. Frankly if the blob doesn't contain any code that could run on the main machines processor I don't care.
@@dokichokei Yup. FSF's policy on firmware is full of contradictions and that's because they drove themselves to it: They assumed hardware is out of scope for their mission and then the boundary got all fuzzy.
Imo, the ideal we should strive for is all free software running on open source hardware. But since that is obviously not viable for most people for now, trade-offs in control (freedom), security and functionality need to be taken by all of us (individually).
We don't talk about the FSF actively supporting proprietary firmware if it's baked into the hardware and can't be changed
@@BrodieRobertson My comment was re 4:52. I should have specified that I guess
Ooof basically wrong at the first sentence. Individual leaders of movements are rarely as important as they're made to be. It only happened because there were enough people interested in open source and did the work. They would've organized someway without him being the leader.
It is a somewhat fair argument though that snaps and flatpaks make it _easier_ to distribute closed source/proprietary software, but that's not really the fault or a problem with snaps or flatpaks in general, as especially flatpaks are pretty nice for even open source developers for distributing software to a wider audience without as many distro-specific considerations or testing.
He kinda approaches the issues from various wrong perspectives overall because his approach and argument is very individualistic .. and mostly centered around himself. Never really makes an argument about individuals holding property and knowledge to leverage against the whole of everyone else, which is the real harm. But again, this isn't anything specific to at least flatpaks.
Mr Toenail munchies
He munches them with source
yummy yummy yummy
three times a day
Now there's toenail deluxe takeaway
I'll say it again, Stallman has been a hindrance on the free software movement, not a driver of it. It's his stringency towards what qualifies as free software that really holds everything back. However, he's right in this particular instance, but he's also not criticizing the technology itself either. He's basically just criticizing binary distributions of packages, which is a general complaint that'll be valid for any method of binary distribution as not every source will show you the build instructions and point you to the source used to build the package. That's not to say that I agree with his stance because while I wish everything was open source I'll use closed source without a problem. One final note, which I've mentioned before in various places but maybe neglected to say here, is that open source was pretty much the norm before software companies started taking over. We had source code printed in manuals and in magazines and posted on bulletin boards, and not the electronic variety. It's the greedy corporations that screwed things up, but they were enabled by governments that didn't understand the technology nor what was going wrong.
It's a mistake to think that it is the mission of the free software movement to be highly popular, you are confused to think that there is a mission for the mass adoption of free software. The principle of the free software movement is that _a free society deserves free software_ and that anybody who chooses to install proprietary software cannot have freedom. This is the principle you need to understand if you want to understand the Free Software Foundation (and Richard Stallman) in its proper context.
The people who are holding back free software are the people who insist on developing and distributing proprietary software.
@@FreeSalesTips Striving for free software, as in open source and completely user modifiable, is an admirable goal, but it shouldn't be the only thing to be focused on. Popularity is important if you wish for people to adopt this way of life. You can't merely espouse doom and gloom and say you're a prisoner or some such because they choose to settle for what they can get that still allows them to do most of the things they want to do. And you certainly can't lie to them and say that everything will work and be better because that kind of thing is only valid on a case by case basis and not for the whole. If everyone adopted free software, including the companies making money from software, then the world would indeed be a better place, but it's not something that's going to happen overnight and companies need to be taught that they can still make a profit by releasing the source code to their software. Once they believe that truth, things will change for the better.
@@anon_y_mousse It's a mistake to conflate "open source software" as a synonym for "free software". The Free Software Foundation and Richard Stallman promotes that _free software is the ethical solution to the social problem of proprietary software_ . The Open Source Initiative rejects the ethics of the Free Software Movement, it promotes the practical benefits of free software while ignoring the ethical morality of proprietary software. Please don't conflate these ideas to be synonyms.
I am an activist who promotes user software freedom through free software. I agree with the ethical stance that proprietary software is an immoral force for a free society. I teach people about this political opinion and point them towards free software as the ethical solution. Proprietary software is inherently doom and gloom, there is no denying the fact that users are subjugated prisoners every time they accept and choose proprietary software. I tell the truth that proprietary software can be convenient and powerful to use, I don't deny this reason for choosing proprietary software. I don't promote free software on the grounds of being more convenient or more powerful; however it doesn't mean that free software is inherently difficult or weak in features. I always promote free software on the grounds that it is the ethical solution to the social problem of proprietary software. Sometimes people do not care about this morality; that is not my problem, I cannot make that choice for them.
@@FreeSalesTips While I can agree with and admire your idealism, the way you get the message out seems counterproductive to me. You know the old saying, you can catch more flies with honey. Oddly, I think a company that's heavily invested in proprietary software, Valve, may actually increase adoption better than anyone that came before them because of how they're promoting the concept. Maybe you disagree with that viewpoint?
@@anon_y_mousse I have two ideas of "productivity" in regards to free software. The first productivity is to promote an ethical dimension to the distribution of software; i.e. proprietary software is an immoral social concept: proprietary software subjugates users to control their own computer and proprietary software keeps communities divided from sharing with one another. The second productivity is in the writing, development, and sharing of free software. I actively promote the ethics of free software, this knowledge is more important for me to share. whether my audience accepts or rejects this message isn't my problem.
I don't promote free software on the basis that it's more convenient or more powerful. This is a shallow way of reasoning to promote free software. The counter to this kind of reasoning is that proprietary software can become more convenient and more powerful; people who choose on the basis of convenience will logically choose the more convenient proprietary software. I make the ethics of free software to be the primary focus, I try to convince particular individuals who also believe that freedom is highly important. With this foundation of freedom, the powerful and convenient free software can follow afterwards because the community can work together to make it happen.
I have a burning hatred for flatpak and snaps . Am some one who don't want my Linux to change but when the Linux completely changes then I'll drink my tears and move on
Great video Brodie,
and great opinion.