not all change is progress
March 16, 2015
Direct download links:
MP3 &
Ogg
With the Software Freedom Conservancy leaping into a legal battle that coincidentally supports the MPAA/RIAA, and Linus’ employer and underlings seemingly looking to ease out the grumpy old coot, our news segment this show reflected the old adage that where there’s people, there’s politics.
After your feedback, we revisited the subject of self-hosted cloud products, kicking the tyres of ownCloud, Pydio and Seafile. Each has its positives, but did any match up to the standards set by Drive and Dropbox?
0:06:21 News
Crowdsourcing
Conservancy
Announces Funding for GPL Compliance Lawsuit
A
GPL-enforcement suit against VMware
VMware Update to Mr. Hellwig’s Legal Proceedings
Security
NCC Group to audit OpenSSL for security holes
Lenovo Only Made Up To $250,000 From Nightmare Superfish
Deal, Say Sources
Oddments
BBC
gives children mini-computers in Make it Digital
scheme
Linux adopts conflict resolution code
Linux Foundation begins clampdown on Torvalds
Dead Cat Bouncing
Why I won’t mourn
Mozilla
Mozilla Webmaker:
Empowering the next billion citizens of the web
Our Imperious Overlords
Google to close Google Code open source project
hosting
Chrome OS Switches To “Freon” Graphics Stack To Replace
X11
The Ubuntu podcast has returned, at a new home.
0:38:02 Feedback
A huge thank you to Nigel Green for becoming our latest Monthly Supporter, and to johanv for your continuing support on Flattr.
Further discussion on the topic of energy efficiency was prompted by an email from John O’Brien – thanks, John.
And thank you to Daniel, Will and Pete, who all got in touch to give us their perspectives following our ruminations last show on the frequently inadequate state of GUI free software.
Jezra continued to bang his drum for web-based apps, and both SonOfNed and Will offered some thoughts on ‘secure’ email services. Sticking on the security topic, Topikissa wondered what our thoughts were on hard disk encryption?
And, finally, Brian was concerned by something that he’d heard on a JoeRess podcast.
1:02:41 Self-hosted Cloud Services, Redux
With version 8 of ownCloud recently being released, it was high time for us to revisit the topic of self-hosted cloud services. We set up a server running ownCloud, the attractive Pydio and the utilitarian Seafile, and used them all for a few weeks. Did any prove to be real contenders to the dominant Dropbox and Google Drive…?
The GPL protects the community by restricting people’s rights a little (only a little).
I’m a big fan of Paddy, but he’s totally wrong! With public domain we’d have the tragedy of the commons.
https://en.wikipedia.org/wiki/Tragedy_of_the_commons
John, I thought they were fairly spot-on with their
analysis. I’m not familiar with the “Tragedy of the
commons” so I had to google it. Still that did not
help. “The tragedy of the commons is an economic
theory by Garrett Hardin, which states that
individuals acting independently and rationally
according to each’s self-interest behave contrary to
the best interests of the whole group by depleting
some common resource.”
I don’t see any resource on the horizon that may
become depleted…
Ivor,
I can’t speak for John and look forward to his
response. I’m not up on copy write law but is
there a chance that if company uses free code
mixed with proprietary code they could copy write
the result and then claim they own the free code
as well? Kind of like Games Workshop and the term
“space marine” or Apple suing coffee shops with a
apple for thier logo?
Hmmm. You are right. I wasn’t considering what Apple, Microsoft, and EMC might do. I was thinking more along the lines of how great it would be if all code were open-source so we would not have to put up with more corporations pulling shenanigans on us.
The classic tragedy of the commons is the case of common grazing area in a village that is turned into dirt by all the villagers overgrazing it with their sheep. I think the analogy John is going for is that an open source project is the commons and if it is public domain the tragedy is not that source code is used up and mistreated but that future development of the project withers as private companies take the code and use it to build proprietary products that steal the focus of the original work. With a GPL project, such derived works would have to open sourced as well, allowing the original work to incorporate the private company’s improvements so that it keeps pace. It’s not an exact match for the tragedy of the commons but the argument is similar.
One flipside to this way of thinking is the example of the BSD projects. They all use the permissive BSD license, but, because they have enough moment as a credible, independent project, private companies often submit their improvements any way because they would rather have the BSD project maintain them in the base project itself than have to maintain their own set of proprietary patches.
I was thinking of writing a comment saying this was the first podcast I agreed with 100%. Until I got to your luddite views on renewable energy. Let’s take China as an example. Ten years ago they had plans to be mostly nuclear, coal, and finally hydro. Wind came out of nowhere and within five years surpassed nuclear. Now thanks to solar and wind continuing to grow at about 30% per year even coal power in 2014 dropped for the first year ever in China. There is no real need to push renewable energy because it is so much more economical. It will continue to grow rapidly. However it would probably be good to acknowledge what is happening rather than sound like an old person talking about windows being the be-all and end-all of the computer world.
I agree. As soon as the technology for renewable energy gets common enough for the production of parts to be moved to China they’ll have access to the tech anyway.
Agreed. I think our favorite Luddites got a bit carried away out of their area of expertise. This is a subject I’m passionate about, so I’m never against there being a discussion of it, though. Another counterpoint to the green energy pessimism on the show: where I live, it is a near certainty that the electrons flowing out of my wall socket have been generated by burning coal, and maybe a small fraction comes from wind turbines. However, I pay $24 extra every month on my utility bill which offsets almost every Joule by requiring that the utility purchase an equivalent amount from renewable sources. So, while I could look southeast and despair at the steam rising from our local coal plant, I know that my community is creating steady economic pressure to replace that with renewable sources. As Ivor pointed out, efficiencies in generation and storage are improving daily. The Japanese have even just made an exciting first step towards practical microwave beaming of energy, which has the potential to bring effectively unlimited solar energy from moon-based or orbiting photovoltaics down to the Earth’s surface.
I think that firefox may be on the decline and isn’t getting better. Although qupzilla while not a well known web browser works still has some issues but has a good ui of like the old firefox.
The GPL was designed to guarantee certain freedoms within
the system. You can’t enforce those by letting vendors of
proprietary software break their on rules.
If Copyright isn’t valid forever the GPL isn’t needed
after a certain length of time. Less hassle for everyone,
still freedom for users.
There are folks using the AGPL to enforce an open core
model. The same kinda people would patent some algorithm,
release an implementation (under public domain or
whatever) and sue those not paying for a proprietary
license. Probably after waiting for widespread
adoption.
This is why we have permissive licenses with patent
grants.
If you’ve listened to (and remember) the FLOSS weekly with the SQLite guy he said some unnamed companies asked for more specific licenses then “public domain”. You can’t sign an agreement not to use code under copyright you’ve infringed any more when you have dozens of planes with this code in the air right now.
Folks might run Public Domain code, but certain companies just can’t base products on them.
Remember when OK Cupid and other websites put up protest click-through banners for Firefox users during the Eich flap? Hard to argue that the general public had no idea about the Prop 8 controversy. How much that drove relative browser market-shares I can’t say.
I’m sure Paddy is pleased with the “freedom” which has resulted from the corporate love of permissively-licensed FreeBSD. Oh, what’s that, Apple hasn’t contributed their changes back? Neither NetApp, nor EMC, nor a dozen other companies which made multi-billion-dollar improvements?
If projects moved en masse to public domain licensing, you wouldn’t even know that the product you were using once contained open code.
Right, NetApp hasn’t contributed their secret sauce WAFL back to FreeBSD. But they just (somewhat) recently released a BSD licensed hypervisor to the community. Other companies like Juniper push patches upstream to reduce the diffs they have to maintain. Take a look at “Who uses FreeBSD” on https://www.freebsd.org/doc/handbook/nutshell.html
Git does a fantastic job syncing because it keeps track of removes and renames unlike rsync. Also most people do not have many binaries that are constantly changing. Peoples personal data consists of mostly songs, pictures, PDFs of important documents, and a few programs they don’t want to lose. Git handles these sorts of binaries fantastically. I’ve been using git to backup about 85GBs of data for years between my personal computers. I think everybody should use git since it just plain works 100% of the time and available everywhere.
As you said, as long as you don’t have big incompressible files (binary is beside the point, Git always stores blobs representing entire files, i.e., it doesn’t store diffs ever) that are constantly changing, Git is a great backup tool. If you want to avoid a double storage hit on your backup repository, make it a bare repository.
One thing to be aware of with git as a backup tool is that git was designed with the assumption that you would never want to delete the history. For some applications this is fine, but if you are backing up large files and want to prune old backups to save space you will find it difficult. The bup backup utility is based on git and can not delete old backups for this reason, though the developers are looking to implement backup pruning in the future.
By the way, the comment about git only storing entire files is not quite accurate. Most of git operates under the assumption that this is true, but under the hood git does make use of what it calls “packfiles” to compress similar files. I don’t know all of the implementation details for the packfile format, but basically it is something that git goes back and creates after the fact to conserve space. Also, the packfile format was designed for speed and does not optimally compress all duplicated data. When other git functions ask for a file, they are given the whole file reconstructed out of the packfile.
The reason the GPL exists is because things released under Public Domain can be taken and then made into a proprietary solution. So you write this “open source” code, someone takes it, does not contribute back to the community and then makes a proprietary product out of it. GPL ensures that code that is taken, and all works derived from it, are made available back to the community. I’m all for copyright dismantling…but in the world we live in now, the copyleft is the only thing remotely providing a tangible protection for people who aren’t completely absorbed by money.
I’m pretty sure the LibreSSL folks at OpenBSD keep track
of all issues discovered in openssl and check their code.
I’ve seen something like this on undeadly.org I think:
“Those are CVEs LibreSSL was affected by, too, and and
are fixed with this patch. Oh, and btw, those are the
CVEs our code wasn’t affected by/not exploitable
with.”
So they’ll benefit from the openssl audit, too. And with
their quite radical stance on correct code and security
over features it will take some time until LibreSSL will
have a widespread adoption (though Kris Moore from PCBSD
is working on pkg-builds with LibreSSL instead of
openssl).
So, this is a quick note on my phone having listened to the podcast.
I seem to recall that the LibreSSL team didn’t just remove unnecessary build targets, they removed all non-FreeBSD build targets because that’s not their target audience. The FreeBSD target also if i remember rightly has a large number of protection frameworks that can prevent several of the common C development issues which are not present in other C libraries, and so as awesome as the progress is that the LibreSSL guys were making was, it means their version can only be applied to a non-FreeBSD target with a lot of work.
The other thing is about the OwnCloud desktop sync app, you absolutely can specify the paths to sync, go into the configuration page, remove the sync all option, and add the paths you do want to sync. As I recall, you can also do the same from that account setup page, but I’ve not done a re-install for a while.
Jon, LibreSSL is maintained by the OpenBSD project, not FreeBSD. The project did start by stripping out a lot of old code that made it initially only run on OpenBSD. However, last year they started releasing portable versions that run on the various Unix-like OS’s starting with version 2.0. Right now, I think only OpenBSD uses LibreSSL as the default SSL library but FreeBSD is on a path in that direction as well.
Regarding the discussion in the show about OpenSSL — I don’t look at the decision to audit OpenSSL as a slight to LibreSSL. The whole LibreSSL project is itself another kind of audit of the OpenSSL project, and as 0xf10e said LibreSSL can benefit from an independent review of the OpenSSL code.
Fair enough. I knew it was one of the BSDs (and was writing it on my phone), and I didn’t know they’d now started releasing a more portable version. I stand (well, sit) corrected. Apologies.
Good bit of news for Joe – Lollipop coming to OnePlus One by the end of March:
http://www.androidcentral.com/oneplus-announces-lollipop-update-schedule-oneplus-one
Or perhaps not:
http://www.androidcentral.com/oneplus-misses-promised-oxygenos-release-date
1. There is a price tag that comes along with dedicated App that is lack of privacy. If you install an App it will ask for a great number of information about you. It may ping your location even when it doesn’t need it. They take space and resources on your phone that are better spent on other things. For example, I need to order Pizza I would just use Pizza Huts web app which is equally good and doesn’t require any permission and it won’t ping your location or do any other nasty stuff once you close the browser.
2. Google and VPS companies both comply to the same law of the land. They will procure your information if asked by the government. If Google can read your information, VPS guys also have root access to your VPS space. You eventually have to trust one or the other entity. The difference is no one from VPS is using your data to serve you ads. I am more open to sharing my data to a robot as long as I am getting benefits off it by the data crunching. We often make it sound like someone from Google is personally reading your emails which obviously is not the case.
3. As far as length of the show is concerned I strongly prefer shows that I listen to be of an hour. An hour is a nice round figure that I usually spend doing trivial tasks like walking, cleaning which I utilize to enrich myself by listening to interesting podcasts. If podcasts are too long many things happen then I would have to listen it in several iterations losing the rhythm. It also becomes hard to get back to you guys with feedback because we ended up discussion world politics of renewal energy to privacy to file sharing. A smaller podcast would also mean we are only pointing out important stuff and not end up discussing obvious matters.
There is a new setting in Pocket casts that automatically cuts silences. You should try that with unedited version and see if it saves you some time.
The editing done makes Linux Luddites quite enjoyable to listen to. I think they are the best show available. However I do miss their beautiful put-downs that sometimes reached artistic levels that would leave a grin from ear-to-ear. Still many podcast players allow you to speed up playback. I don’t do this with Linux Luddites but some of the twit broadcasts I play back at 3x the speed and wish for 4x playback speeds.
You spoke about Google+ being rather overlooked by most folks, which is generally true, and that only geeks favour it. Actually, numerous communities exist on it and seem to be thriving. As I’m in charge of social networking for a tea and coffee company, some the ones I’ve joined are Japanese Tea, Coffee Fans, Tea Drinkers, and the list goes on. Arguably, these folks are also pretty geeky, but about their favourite beverage, not about tech. I really hope Google doesn’t eventually pull the plug on G+. For me it functions somewhat like an RSS feed of unique info, which I can share with others elsewhere, i.e. Facebook and Twitter.
Just a quick opinion about diversity initiatives over at Mozilla and the BBC. I agree that Mozilla lost its way (although I still use Thunderbird because no email client has yet to sway win me over, and Zillow is too difficult for me to install using command line). I appreciate efforts to get more girls into coding and development, regardless of language or platform. I agree that in the open source world, the door might be more open, as word of mouth and forum feedback can propel good apps and products no matter who made them. What we want to avoid, however, is bullying. We see women journalists who cover video games and sport get bullied and smeared simply for being a woman in a male-dominated sphere. I have not seen any bullying or attempts to silence women involved in open source software. We have a responsibility to maintain that record.
Paddy, what do you use to encrypt files that you upload to the cloud? In the past, I have used encfs and it worked pretty well. It allows you to mount a directory as a FUSE file system and each file and directory within that directory is encrypted individually. It seemed like development dried up on the project a couple years ago though so I shifted away from using (it also received a mediocre grade on a security audit). The project recently moved to GitHub and seems to be more active now. The other project I have looked at is ecryptfs which can function similarly, but I haven’t used it myself, and in a discussion of encfs’ security audit on the Debian mailing list one of the developers (Michael Halcrow) of ecryptfs said he could not recommend using it now.
Hi Will – yep, I use EncFS as a container filesystem for doing this, with the odd particularly sensitive file GPG encrypted within it. We talked about the EncFS audit on a couple of earlier shows, but I’ve got to a point in life where I’m not convinced that anything can be truly secured from a particularly motivated state actor, so casual snooping is all I’m looking to really mitigate – which this relatively straightforward setup provides.
Oops, my last comment was supposed to be a reply to this one.
I am sure EncFS will provide more than enough protection for your purposes. The main reason I haven’t used it recently is that I haven’t used major cloud services for anything worth encrypting. I got dissatisfied with the service of the cloud storage provider I was using and so far haven’t got round to using a new one for offsite backup of my files. For my local files, I have switched to using LUKS to encrypt entire partitions or file containers mounted as loopback devices. For small, important files, I have been using tarsnap for offsite backup. Right now on the top of my list of offsite backup solutions to look into, I have the Least Authority service and the tools zbackup and attic in conjunction a major cloud storage provider.
I just stumbled upon a new alternative for document sharing/collaboration: ONLYOFFICE: https://www.onlyoffice.com/ It positions itself as a Google services killer, isn’t just file sharing like OwnCloud, and seems to offer a self-hosted version (https://www.onlyoffice.com/community-server.aspx) under the GNU Affero GPL v.3 license.
I’ve done OwnCloud installs in the past, just like you guys, and my enthusiasm is mostly tempered by the fact that I want a free-software, on-my-own-server version of Google Docs, where a whole team can collaborate on documents in real time, and not just file sharing.
I guess LibreOffice is going to try to do this … eventually, but this ONLYOFFICE at least seems to be there now. (Or not. I can’t tell for sure how far they’ve gone with the self-hosted version.)
That I’ve never before heard of it makes me suspicious, but it’s certainly worth checking out.
Comments are now closed.
The content of this website, and that of the podcasts produced by the website owners, is licensed under the Creative Commons Attribution-NonCommercial 4.0 International License.