Month: September 2019

Free software and the wish to be good

The free software movement has recently been going through a lot. From the introduction of Commons Clause, to the resignation of Stallman. It seems like the mood in the air is that now is the time for a redefinition of what free and open source software actually is.

My view on this is that free software, and open source, is about software. For instance, I agree to Roman Gilg’s great post about activism. What we share within the FOSS movement is our passion for software licensing. For other political issues, we do not all agree. It is important to recognize this, and that by implying political standpoints, we limit the size of the communities.

To me, we in the FOSS movement need to define tackle two issues: what is distribution (to address the Common Clause issues), and can we be neutral to what the software is used for (to address the activism issues).

When it comes to distribution, the open source definition explicitly says “No Discrimination Against Persons or Groups” and “No Discrimination Against Fields of Endeavor“. I think we all can agree that software is used for both good and evil. However, what is good and what is evil depends on your viewpoint. I believe that the license should be free of this type of politics, as opening the discussion will be like opening a Pandora’s box.

If we, as a community, want to define good and and bad, and restrict usage accordingly, I would argue that we should make sure to use an established, and accepted standard such as The Universal Declaration of Human Rights. This would avoid creating an impenetrable forest of various uses that each author feels strongly about and prohibits. The latter would make it very difficult to ensure compliance.

When it comes to compliance, including a definition of good and restricting usage accordingly has an interesting effect. Common day objects such as cars, can be used for both good and evil. Is it allowed to use FOSS licensed software in a car, if that car could be used in activities breaking the human rights?

Another problem with incorporating human rights into the license, is that those who ignore the human rights probably don’t care about software licenses either.

The second point is the definition of distribution. Here I’m approaching the discussion from a GPL standpoint. The GPL licenses are triggered when software is distributed. By taking the distribution concept further, e.g. including access over a network, the license can be further extended.

Here, the balancing act is going far enough, but not too far, and to provide a range of licenses that make it easy for the authors to control how the software can be used.

The problem that I see with going too far, is that entire fields of endeavor might be excluded by extending the license to far. One example of this is the anti-Tivioization clauses in (L)GPLv3. We all know what purpose they serve. The side effect is that they exclude entire fields where the OEMs feel that, for liability or compliance reasons, they need to introduce Tivioization.

I see this in the automotive sector, but would assume that it exists in medtech and other industries where the final product needs to fulfill safety requirements.

For me, I think that the license should prevent Tivioization from an end-user standpoint. It should be possible to change and deploy the software. I believe it should be explicitly allowed to detect the non-OEM software and, for instance, void warranties and warn the end-user, but not prevent usage of the product (this in itself is interesting – can other physical devices refuse to talk to the device, e.g. a cloud backend, or other ECUs in the same car? – it will be tricky to define the boundaries here). This opens the door for FUD warnings, but it also extends the reach of FOSS.

Both these topics form a complex discussion that needs to be given time. The current open source definition serves us well, and the current licenses are familiar. Introducing more licenses, or even challenging the definition of open source, will introduce complexities and side effects, so we need to tread carefully.

Change of Plans

TL;DR; foss-north IoT and Security Day has been cancelled, or at least indefinitely postponed, due to health reasons.

For the past three weeks (from August 11, to be exact) I have had a fever that I couldn’t really shake. At the same time my wife had pneumonia for which she was successfully treated. Antibiotics is treated with care in Sweden, so I basically waited for my CRP tests to return a high enough value for my doctor to be convinced that I had an infection.

On Friday 24th I got my first round of antibiotics. They did not help, so on the morning of the 27th I returned and got another, stronger, antibiotics. I was also told to go directly to ER if I got any worse. I did. On Thursday morning I landed in ER.

It turns out it was not pneumonia at all, but blood clots throughout my lungs – way too close to a proper game over for comfort. It took me four days to stop degrading, and six days before I could leave the hospital. Right now I’m on ordered rest for at least two weeks. Something I apparently need, as I’m super tired as soon as I do the smallest thing. Right now my exercise consists of walking around the block, ~400m, twice a day.

Hence, there is no way I can arrange the foss-north event planned in the end of October. I’d like to thank all the sponsors who signed up, and those which whom I postponed the meetings. I would also like to thank everyone who submitted talks – the line-up would have been amazing. Finally, I’d like to thank the friendly people who helped cancel everything – it really took a heavy load of my chest.

This is a hugely frustrating situation to me as an individual – I want to work and I want to run, but I guess it is time to slow down for a while and then come back stronger. There will be another foss-north, and I will run 10km trail under the hour. Just not this year.