I am baffled that people in this thread write something along "well, depends what you call win" - the goal of Free Software is quite clear. The goal is freedom, computing freedom, freedom of the software user. It is very easy to notice that in 2025 users have less freedom even if they run some Libre Linux distro on their Thinkpads than they had running Win98, because of everything that happens OUTSIDE PC software ecosystem (phones, SaaS etc), and even inside PC world things sometimes are not obvious.
Free Software is losing, simple as that. Even with Kubernetes, as the goal was never to provide free labor and free software infra to companies.
Yes, basically rent extraction over various forms of cloud capital. The widening societal wealth gap means owners can simply charge workers for access to what they own, without having to produce very much. Perfect in the short term if you are rich. Cash thus flows from the working class to the ownership class in a feedback loop that intensifies the problem.
“ The right of workers to manage the state, the military, various enterprises, and cultural and educational affairs is, in fact, the greatest and most fundamental right of workers under the socialist system. Without this right, other rights of workers—such as the right to work, the right to rest, and the right to education—cannot be guaranteed. … We must not understand the issue of the people's rights as meaning that the state is managed only by a small group of people, while the rest of the people merely enjoy rights such as labor, education, and social security under their management.”
I don't understand the downvotes - parent's right. All regimes today like to trumpet themselves as (exceedingly!!) democratic, the question is: are they? In my estimation, overall, communist countries have done significantly worse in this department. And yes, rule by the many people is the definition of democracy.
The vast majority of software now runs on personal devices and the average user has no knowledge nor interest in it, as long as they press the button and the action is done.
The only ones caring about FOSS are technical minded people already working in the field.
> The only ones caring about FOSS are technical minded people already working in the field.
People that fought for common hygiene standards, or labor rights, or human rights etc in the past were a minority too, because most people didn't care. But this minority was able to organize, push forward and gain support. And the fight was worth it, and improved lives of us all.
Ya think? I mean, I agree 100% that was the good fight. But to take a tangent here? That's falling apart, world wide.
It's falling apart because the average person wants to be "smart". I applaud this, the fact that people want to learn, want to know, want to understand.
Yet now, when they try to learn? To understand? They end up with youtube. Tiktok. Pages of AI slop. They're told what is "astonishing" or "proves that scientists don't have a clue!". They're told that gibberish is real, that those lab-coats are all evil, or trying to poison people, and so on. Or even better to their egos, that the lab-coats aren't so smart, and with this "one simple trick", you can be smarter than them!
This is coupled with outrage!!, when this rarely tends to be the case. Yes, there is corporate greed and it gets caught, recalls happen, mistakes happen, yet 99.99999% of the products and services just work. No one notices that aspect, only the "big news" of the tiny, rare, unusual failures of our system.
And then on top of that, politics enters the scene. Now, it's "us vs them" on matters like medicine?! Or health? Or school? What?! And no it's not just "one side", it's both sides, just in different ways.
People used to say things like "I don't know". Now people who can barely write, and read, have opinions on everything. They have no idea of the science behind things, but they'll just say "Oh! I saw this on youtube by a random person I've never heard of before! That's true, not what I learned in school!"
And the worst part is, we want people to think "being smart" is important. We want intellectual betterment. Yet now this is twisted and warped against the light of knowledge, for now everyone craves it, but are given the ashes of burned truths. All provided by false profits, so they can pocket some coin.
As far as I'm concerned, youtube and tiktok need to die. Social media needs to die. There are other solutions, but Google, Meta, the rest only care about cash, profit, and not one iota about fixing this.
So if they won't fix it? Then we must destroy it.
And can we? Nope! Because the public LOVES it. Loves loves loves it.
So back to FOSS. I've dedicated my entire life to FOSS. But the time of "making people care" about things is gone. They don't care. They never will with all this noise going on.
I'm not happy about it, but if you can't get people to even be interested about privacy violations by Google on their Android device? How will you get them to even remotely care about FOSS?
Probably the speculative FOSS project I'm most excited to think about is an open alternative to YouTube – a universal video hosting platform or network, free from commercial incentives baked into the platform.
I've only started to think about this recently so haven't explored whether it's viable to e.g. run all video hosting in a torrent-like, distributed way, or perhaps a Mastodon-like model, but the goal seems like one of the best things free software could aim to achieve right now. YouTube needs to die, and it needs an alternative that could conceivably kill it.
Social media won't die, but it can be replaced with something that is better in every way, but especially better at actually enriching our lives, rather than better at gluing us to screens and feeding us ads. It rests on us to create these decentralized systems. I think local-first software and some ideas from crypto are some good first guideposts on the way there. AI can surely help too, if used judiciously.
"But the time of "making people care" about things is gone. They don't care. They never will with all this noise going on."
Tragically, that's very true. But society and societal issues being what they are nowadays we should not expect anything else.
Most of the world's addicted users would be bereft and suffer severe withdrawal without their regular dose of Social Media. Same would apply if those 'amazing' apps provided 'freely' by that wonderful magnanimous benefactor Google were to disappear or ever be under threat.
Any notion that their treasured online ecosystem could be disrupted or their 'free' apps might be replaced with FOSS equivalents would cause outrage. With their attention spans already severely reduced, uses would never stop to consider the true benefits of FOSS, instead they'd actively fight against it.
Like a parasitoid wasp taking control of a catapillar's mind/body to benefit its offspring, Big Tech has parasitized the minds of much of the world's population before anyone realized the fact.
That this outrage has actually happened without any effective opposition is a true tragedy, to expect FOSS to reverse the situation without some cataclysmic event intervening is just a fanciful pipedream.
Literally. In pentecostal churches people (even children) are taught to babble out loud as if it's divine revelation. And another to 'interpret' the gibberish in the 'human' language for everyone else to understand.
Many of these people are college educated. Yet they learn to compartmentalize to the extreme.
I always wondered where this belief that progress is given comes from.
Nothing is given in this world. Every real fruit of progress (freedom, democracy, public health etc, not iPhone) was fought for and paid with effort, sweat and blood. People were often put in jail, tortured and murdered. I am not sure what exact price you have in mind when you state you've dedicated your life to FOSS, but I somehow doubt it is comparable. It is naive to think that once we achieved something, we don't need to keep fighting in purpose to keep it. This is equally true about democracy, eradication of diseases through vaccination, and free computing.
Of course only geeks care. My point was that it was always like that. Every big societal and political change was enacted by a relatively small, but coordinated and motivated minority. Majority always is passive, and even if it comes in, it comes in at the very end of the process. The problem is not a small number of geeks that care, but rather geeks' reluctance to organize and act politically. Hell, in this demographics political is always suspicious and unworthy. There won't be any success until this changes.
It is naive to think that once we achieved something, we don't need to keep fighting in purpose to keep it.
I agreed with this in my post, but I suppose not using those words. However, I discussed how people used to pay attention to experts, and they really, really did. Of course nothing is absolute, but there is a massive change, from what I see, between 50 years ago and now.
The average person didn't want to seem "stupid", by trying to claim that germs didn't exist (because they can't see them), or that the world was flat, or whatever may be said.
Yet now, as I said, we have all these sources of just plain stupid, spewing stupid as knowledge. Before, we could enact change and at least get the public behind it.
Now (and you seem to agree here!) it's harder to do so. And we're losing ground!
So I disagree that it's about us not organizing. Very successful ways to organize and educate now fail due to this slop. It's not us, it's the world, fading, dimming, dropping back into the gibberish of the masses.
Perhaps so, but users have not done a damn thing to reverse the situation. It's Social Media and Google's apps as usual.
It's privacy bedamned when those factors get in the way. Even with the strongest will, electronic heroin, like its chemical counterpart, is almost impossible to shed.
Surely you can't be linking to a post on HackerNews, or a response, when trying to say "the average person" cares about privacy, are you?
The fact that the person is even posting on Hacker News invalidates "average person". So you must therefore be talking about the Times article?
The title of this gatewayed article is:
"You Care More About Your Privacy Than You Think"
It's literally saying that "you don't care", then trying to tell people why they should. This actually supports the premise that the average person doesn't care about privacy.
Yet beyond that, my "Only geeks care" clearly was about FOSS. Trying to invalidate my privacy statement, which everyone knows is an issue, doesn't invalidate my "Only geeks care -> FOSS" statement.
Do you really believe that if you stop 100 random people on the street, they'll even know what FOSS is? If they don't know, they do not care.
I wonder how many people know what FOSS is? What if I stopped 1000 random people in 5 rural towns, and 5 urban cities. Out of those 10k people, would even 100 know?
You might say "Oh, well if I explain it to them!". Nope.
Caring implies knowing about the issue, considering it, and worrying about it. This isn't even on the public's radar. They don't know what FOSS is. They don't even know what software is, nor do they know what files are.
Even if you sit them down, get them to listen to all sides of the issue for hours, some still won't care. At all.
And of the ones that do, what does "care" mean?
After all, upthread is discussing how the mildest inconvenience means nope, don't care. In the contexts of this thread, "caring" means "willing to use FOSS even if there are inconveniences".
FOSS software is everywhere. People could be using it. They aren't. Why? They don't care.
People have too many other problems in their life to spend efforts on every (important!) world problem. This is essentially a Maslow's pyramid. Unless it's also your hobby, you simply have no energy to spend on things which aren't immediately beneficial to you. This is not equivalent to not caring.
You seem to, as I do, care about open platforms and open software.
I think to difference here is, you need to believe people care. Meanwhile I know most don't.
The best I've ever gotten from people is economic self interest. "Free" without care for the ecosystem.
Beyond that? It's all posturing and signaling. I've had hundreds of clients, been involved at the community and government levels, worked to make OSS better for all.
And after 30 years it gets worse not better.
Even now, the biggest push is self interest, because "oh software not controlled by US corps?", from clients and government entities I work with.
Understand, I say this with immense sadness. And we must still strive. But for most of the world, simple is all they understand.
Even those, who should know better, choose to not think about the consequences and in masses opt for spyware and non-free software, out of convenience, or laziness. I mean, look at all the computing professionals (?), who use Google Chrome instead of Chromium or Ungoogled Chromium, or another browser entirely. Look at all the web developers, who only test on Chromium-derived browsers, maybe even only Google Chrome. Look at all the IT departments, who mandate use of Windows in companies. Instead of being part of the change, they are part of the dystopia.
I think we have a severe problem, due to influx of too many people, who don't actually care, even though they should be knowledgeable enough to see the consequences. Maybe the paycheck is the only thing that counts for them, but they are actively contributing to the process of us all losing our freedom. If we lose our freedom (more than we have already) in the digital realm, we will lose it outside of the digital realm as well. For example imagine there are no longer any auditable open source/free software messengers you can use and all you can do it trusting proprietary vendors, who can introduce any backdoor they like. What tool will you use to organize protests? What if messenger makers agree to introduce state determined blackouts? Or secretly report your activity to the state and police, so that they appear at your door, before your protest even started? How will you organize any critical number of people, without digital freedom to do so in this day and age?
Our freedom is at stake, but most people don't care, even if you tell them. We are too damn comfortable for our own sake.
Open source produces good infrastructure, but does not build good products. Asking people to use a worse alternative for some ideological reason that they don't feel strongly about is silly. Companies use Windows because it's easy to hire or train professionals capable of managing Windows deployments and there is a good system of getting support externally when needed. Control over source is very costly and companies and individuals rightly want to externalize the cost. Companies that make their product open source have trouble monetizing what they build. Offering paid support isn't always a viable business and other companies can simply repackage your product and sell it. There are a lot more things people prioritize above software freedom.
This is not unique to software. There's no "free&open ball bearing" design out there, let alone for a machine capable of making them, even though the modern world couldn't work without them. The only people caring about ball bearing design are technical minded people already working in the field.
Same as for a thousand other fields essential to operating the modern world. Nobody has time to learn them all, so we specialize.
They're usually very hard to get share because machine manufacturers can smash out cheaper things via processes like castings, mouldings and stampings, then eventually lock down spares (or just don't bother).
The open source option basically only be worse (but maybe more repairable) and/or more expensive than the alternatives, except when there is no alternative in the market. And China is providing so much mid-grade affordable and fairly functional stuff there often is an alternative even in the most isolated places. In 1980, getting a decent lathe in some town in, say, Angola might have been basically impossible. Now, it's still not cheap, but it's not completely impractical. If you can get bearings and induction-hardened shafts you'd need to DIY, you can get the whole thing, and maybe even cheaper.
It's a bit depressing, because of course I want to see the world flooded with high-quality, modular, very standardised, re-usable, repairable, hackable items, but that approach has a limited market in reality.
The GVCS is a totally different beast than open source software. It's been around for at least two decades now, and has been making very little progress in the last ~15 years. It's trying to reproduce the most visible products of mechanical engineering without having a firm grasp of what is needed to get the supply chain working.
Notably lacking from their toolkit is anything large (no refineries, no blast furnaces, no glassworks for making window panes, etc) or anything needing high precision or high purity (medicine, ball bearings, optics, high quality metals, etc). It still assumes the rest of society will be around to source those materials from.
The GVCS is like if FOSS only ever produced leftpad libraries and never a linux or a postgres.
The problem is the GVCS is already bumping against the OSHW curse even for the smallest items: replicating one unit costs real money in materials and processing and if you fuck up, a new version costs real money too. But in the last 15 years, the niche is shrinking - you can get a decent new doohickey from China whereas previously you would have to hope for an ex-first-world or ex-Soviet cast-off.
A 500 million glassworks or foundry is just that times a million (literally). And technology has never stopped - no one would spend a hundreds of millions to build a new plant on a 20-year old design.
Oh I totally agree. One reason open source software is so "easy" is that it costs virtually nothing to share something you made, or to take something someone else shared and build it yourself. The potential pool of hobby contributors drops off drastically even for $10 gadgets, let alone for anything 10k and up.
Even their own manufacturers don’t know what’s in a bearing assembly they manufactured ten years ago, all they can do is sell you a new one with the same spec. Rolling element bearings are specified by application; shaft diameter, load direction, and so on. Manufacturers change important things about bearings, like how many rolling elements they have, without necessarily changing the part number. It’s worse than closed: after some time has passed, nobody anywhere knows how it was made.
Software is unique in a few ways. It has the ability to spy on us, to be insecure and against our best interests if an attacker gains control. It can also lock us in in ways that are harder with just physical objects. Infact printer ink lockin happens using software not e.g. the shape of the cartridge.
Inversely, the only end-users FOSS cares about are those that can compile and build from source themselves. More so if they can also submit good bug reports and patches.
The demographics of the majority of end-users shifted a long time ago but FOSS is stuck with a mindset that treats everyone like their own sovereign sysadmin.
It'll take a big shift in the Free Software movement to make it something that represents regular end-user enough for regular end-users to care about the Free Software movement.
I think this post overstates the "loss" of free software. Yes, closed firmware and locked hardware are real gaps...but that doesn't erase the fact that open software has completely reshaped the modern stack. From Linux and K8s to Postgres and Python, it is the infra of the internet. "Winning" doesn't have to mean owning every transistor; it means setting the norms and powering most of what's built.
I tend to see this kind of absolutist, binary tone a lot from people deeply involved in FOSS... and sometimes I think maybe that mindset is necessary to push the movement forward, but it also feels detached from how much open software has already changed reality.
> "Winning" doesn't have to mean owning every transistor
It absolutely does.
Corporations are pushing remote attestation now. They can detect if we "tampered" with our devices now. They discriminate against us for it. Installed your own open source software? All services denied. Can't even log into your own bank account.
We're marginalized. Second class citizens. There is no choice, it's either corporate owned computers or nothing. What good is free software if we can't run it?
Its a lost battle not a lost war. You have to adapt for the circumstances of the time. Today that seems to be using a device that is closed but gapped only to get the essentials done(government services, banking etc.)
For everything else continue to use and improve the open offerings.
In the meantime, keep fighting and supporting organizations to get laws pushed to ensure open devices can access essential services. (Administrations change, whats dire now may be hope tomorrow).
I've come to realize that a lot of closed digital services are just fluff and not needed. So I try to accept that I dont need them. Its a journey.
This may sound silly but I think desktop linux "winning" is of the utmost importance right now. Free software is pretty much shut off from the appliance/mobile computing platforms but if a sizable portion of personal computers remain using free software it will be hard for the big corporations to fully close the web or make platform attestation truly required for everything.
Preserving such mindshare into the future might enable us to show people why they should care about free software and perhaps finally obviate how much malfeasance the perpetrators of closed platforms can do contrasted to the remaining open platforms on pcs (assuming people don't just completely abandon pcs...). This may also help push and convince law makers into legislating in favor of free software and open platforms.
Desktop is still useful, but it doesn’t matter. Everything important to non-techies outside of work life is happening on the smartphone, which has had hardware attestation since forever.
Those are vital points! Mobile is the battleground. No company now or ever working on classical hardware attestation will understand cryptographic engineering at a basic level..
Thus FOSS has plenty of time (decades to centuries) to learn from for-profit tech's mistakes
Mobile is the battleground but you are forgetting how damn easy it is on android (atleast right now before google's attestation) it is to install f-droid and then install open source.
People don't even do that. They don't even search for software on f-droid first and try the UI. Nope they go to play store and search software which is going to advocate for closed software because ads/review buying...
You really have to expect something from the general populus as well imo. Maybe they don't know about f-droid but people say to me its not about knowledge but rather caring, they don't care and I don't know wtf to say to that.
Within the mobile space there are other possible Schwerpunkte and appstoretech is the most obvious one to work on.
It's also one where superior technology could win out over feelings--> why NLNet wants to fund:
>‘decentralized app stores’, a technology that uses the F-Droid app store architecture, for organizations or other entities that wish to distribute their apps to a select user population (e.g. employees), plus an app distribution system that makes it simple and cost-effective for developers to distribute their applications to multiple app stores.
For mixed approaches, I like to think about why Google et al haven't beaten Apple at the appstore game (outside China)
You mention chicken and egg which suggests that there's a 2-sided-market type of problem to try to solve here even if one isn't well-versed in marketing
Basically that people expect a lot from open source yet they want it right now but nobody mentions anything about donating to them or they will donate to it once the software gets a lot of features but the software will only get it if you donate to them in the first place imo otherwise the whole situation would feel entitled.
There is no reason to expect good UI/UX from open source when at scale, the society doesn't fund open source with donations at all. They are severely underfunded but I don't know what people want from them. Nobody cares about it. Oof.
This is a chicken and egg problem that open source can get really good if people donate to the creators but they will only donate (I doubt that actually as well now) once it gets good but ... it will only get good once they donate.
Open source is stuck in this chicken and egg problem. I was thinking about how the creators of deltarune/ undertale if they were open source, I just checked and undertale has made 114 million $ in sales and its price is 10$ which might be worth it...
10$ isn't that bad and people still pirate it, I think this model can be decent for games which is why people don't open source games. Imagine the amount of money that could've lost if lets say undertale was open source. I am pretty damn sure that nobody would've donated 114 million $ to them if it was open source.
Just some thoughts. I have mixed opinion now. Its a chicken and egg problem and actively hurts the devs financially in the process as well and people don't want anything to do with open source aside from us people who already know about it. Like wtf. We are taking a cut for a ideology and uh I am just a bit speechless. Its messed up & my question is: can we change it? I genuinely didn't want to be pessimistic but I don't think that there is much of a way, is there? I want to find some hope to cling upon but I genuinely can't find any hope. Everyone I talk to is so down right pessimist or nihilist or doesn't care about open source for a fix that I feel like I am in the wrong for looking for ways to change and now I genuinely doubt if change is even possible.
Judging by the lack of upvotes and nondisclosure of how much they get, my guess is that 99% of people have for some reason conflicted feelings about funding opensource even from taxes
I just want a organization that I can trust and share about to have maximum benefit to society for open source.
Now there are 2 ideas that I have: One, to raise more awareness about open source and how it has some gems. The best low hanging fruits of privacy for the world might be f-droid, signal (doesn't require any specific hardware as long as they have android) and grapheneos(depends if they have a pixel)
But that being said, I thought that if I share about open source and how it can be good but it requires your funding to fix the chicken and egg problem. People would feel convinced to donate.
I might say them to donate to nlnet. But I don't think many people would.
I don't think open source needs an evanglist or somebody telling somebody else to do something. I am deeply pessimistic about the state of open source in the sense that it's out of my control and my trust of human society is eroding day by day.
Literally nobody I talk to makes me feel like something can be done about this / gives hope and I doubt it so much now. I was so much optimistic about its future but I am genuinely pessimistic now and the only reason I try to be hopeful is that I don't want hopelessness. I don't want to sit down and watch but fucking hell, the world sure damn well wants me to.
The only hope I got was maybe through raylib creator's github post about history of raylib which inspired me and it seems like the best way for open source could be to become a teacher but I have conflicted opinions about it because I like building things that are niche solutions to niche problems I have. That's how I started loving open source more. Some solution which I can always use. which I have starred with me. Not sure if I should even be a teacher or something else or if how that fixing my own problems attitude goes towards teaching. I don't fucking know and I am tired of pretending that I know. idk wtf is wrong with the world that good things can happen but they won't. We are in a fucked up world in which mediocrity is benefited and like I have convinced myself that maybe this is the equilibra of altruism/evilness in the world maybe directly governed by biology/physics/the laws of the universe. But I can't but see how things got better in the past yet it seems that people have just accepted that things can't change now. How were people in the past doing so many massive changes like french revolution. I was asked by my teacher 3 years or more ago to write about it and I made things on the spot because I read one book (everything is fucked a book about hope) and uh I just somehow translated that people wanted hope and french revolution provided it. I always thought that if we can show the world something which can be better which just requires all of us to put in a little effort, then things would get better since we would all logically agree that this is the better thing, just like how I can show them hope and then we can have another thing like french revolution (I mean something's that good like democracy), but now I am wondering if that's how the things work. Maybe I was naive but I need to do more research on french revolution's hope idea, idk.
Agreed. It's all about leverage. Without huge numbers of users, we have no leverage. Corporations can afford to just drop us because of our software preferences. That would not be the case if there were more of us.
I still feel a bit sad about the changes that happened ~2012. Linux on the desktop really had a strong momentum going around Ubuntu and Gnome 2, where quite a few non-geeks started switching over as well. But then everything fragmented quite rapidly – Gnome Shell was quite unpopular on launch, Ubuntu went in their own direction with Unity, Mint went in a different direction with MATE and Cinnamon, Elementary forked off Pantheon, etc. Similarly, RedHat pushed for Wayland and Flatpack while Canonical pushed for Mir and Snap, and so on.
I'm not saying that Ubuntu/Gnome was everything Linux had to offer (I myself was on Arch and i3wm at the time), but that period was certainly when the largest percentage of people around me were enthusiastically adopting the Linux desktop.
For me, Ubuntu / Gnome 2 came so close to being something tech-savvy people could recommend to non-technical friends and relatives at a time when people who were happy enough with WinXP and Win7 were being corralled into dealing with the Win8 carcrash. And instead of closing that final gap it went scampering off into the far distance again, never to recover.
That's normal in Linux. It's always about to get really good then everything is made crappy again, then slowly improving to get good but then the cycle repeats. I've lived through several of such cycles, it has slowed down Linux adoption a lot.
This leads to a massive transfer of power from end users to corporations and governments. User-owned computers and the open web limit the ability of such institutions to place demands on users. Is that worth a slight reduction in the rate of bank fraud?
Most of the time, it's the bank that's on the hook for fraud, which is why they're motivated not to trust that the user's device is sufficiently secure.
There’s no world where the bank is on the hook for fraud while also not being allowed to prevent it.
Personally I’m ok with the bank being on the hook and their app checking there isn’t malware loaded on the OS. I have my raspberry pi and steam deck for full modding without intermingling it with extremely sensitive computing.
There is such a world, and we live in it. Banks might reduce fraud by repeatedly performing credit checks on customers, for example, but that's usually illegal.
Remote attestation doesn't check that there isn't malware; it checks that the OS is approved by one of a short list of corporations. Passing that check is correlated with a reduced risk of certain types of malware being present, but is not quite the same as checking for malware.
Is this not a solved problem? I used to have a TAN generator for my bank as a separate device I paid like 5 euros for. If you get provided an authenticator and get forced to use it for transfers essentially even if my device is compromised it doesn't matter unless their device also gets compromised. They are then free to lock it as much as they want.
If it’s just one of those 2FA code generators, that still won’t help if your phone has malware on it. The malware can just modify the transfer as you are making it and have typed in the code.
Users would also lose them far more than they lose their phones.
I have one of those 2FA code generators, and used to have a different one with a business account, too.
In both cases the authorisation challenge/response involves part of the destination account number, so if the details are tampered with by malware the code won't work.
I am not an expert, but I think this could be improved if the smartphone operating systems had better security models.
For example, an application needs "access to your disk storage", because it needs e.g. to save photos. Okay, let's give it access to its own directory. Or maybe to a subdirectory of "my pictures". But it doesn't need the access to the entire disk, right? Yet in Android, it is all or nothing.
Perhaps with better system, we wouldn't have to ban installing game mods, only to make sure that those game mods do not have unreasonable access rights. Or maybe the banking operation could state "I can only be installed when no other app has an access to my private data" or something like that.
Open source software lost in this domain fair and absolutely square. Desktop linux has been an extremely accessible and decent option desktops and laptops for, what, three decades; it lost in the open market. I'm typing this comment on arch linux, but even so: It failed to become a force sizable enough to fight back against the tide of corporate-owned attested consumer hardware. Android has been an option for nearly two decades. Its reasonably successful, globally. Google is now toggling the doomsday switch everyone knew they had, to force all applications to go through the Google Mothership. Samsung could fight back; they won't. Motorola could fight back; they won't. The market could revolt; it won't.
Software being open source is not enough to change the tide on what the market wants. Should service providers be forced (e.g. by regulation) to support consumer hardware stacks they prefer not to? By what mechanism do you propose we stop a bank from saying "we'll only support connections from iOS devices", if not the democratic market force of ensuring enough of their customers demand access from devices running free and open source software? You get there by building products people want. Anything else is succumbing to the same authoritarian forces that you're hoping free software will stop, by forcing service providers to behave against their own interests.
If that was unpopular, here's where it gets really unpopular: I don't see a doomsday-level problem with a world where, in addition to whatever awesome FOSS hardware I might have, I also have an iPhone 12 ($130 on swappa) as my "attested device" to do "attested stuff" with, like store my drivers license, banking, whatever. To me, this is... fine. Not ideal; but fine. We should fight like hell to score wins where we can, like in right to repair, parts availability, ensuring old devices are kept up to date for as long as possible (Apple is pretty good at this); but if I have to carry an old iPhone in my backpack to access my bank because they refuse to support my hypothetical GnuPhone 5, the world isn't going to end.
We need nerds who care about this to stop typing on hackernews and go start a phone hardware company. That's it.
> Should service providers be forced (e.g. by regulation) to support consumer hardware stacks they prefer not to?
Yes.
Well, sort of. They don't actually have to do anything. Nobody wants to force them to work for us, that's slavery.
Just don't get in our way when we start writing and using our own software. That's the "support" we want. Just stay out of our way. Leave us alone, without actively discriminating against us for it.
For example, companies wielding DMCA "anti-circumvention" section 1201 [0] to put people in jail.
Or tricks like Nintendo designing their hardware only boot games which show the Nintendo logo on the screen, so that they can shut down any third-party games for trademark infringement.
DMCA anti-circumvention laws have made it attractive to add computers to otherwise simple products in order to reify a business model. Breaking those locks by doing things such as using "pirate" ink cartridge turns legitimate competition into a violation the DMCA. We live in the era of felony contempt of business model:
The trademark security system you mentioned produced such wonderful case law. Not only was it found that this "infringement" was fair use, judges decided that it was the trademark holders themselves who were at fault for creating this stupid system where competitors had to infringe their trademarks in order to create perfectly legal interoperable software.
> Accolade's decompilation of the Sega software constituted fair use.
> the use of the software was non-exploitative, despite being commercial
> the trademark infringement, being required by the TMSS for a Genesis game to run on the system, was inadvertently triggered by a fair use act and the fault of Sega for causing false labeling
That's what the world was like before the DMCA. Corporations would invent all this "clever" nonsense and they'd get destroyed in court. Not anymore.
> Should service providers be forced (e.g. by regulation) to support consumer hardware stacks they prefer not to? By what mechanism do you propose we stop a bank from saying "we'll only support connections from iOS devices", if not the democratic market force of ensuring enough of their customers demand access from devices running free and open source software?
The same mechanism that stops a bank from saying, "sure you can withdraw more than $10,000 from your account and we won't ask any questions about what you plan to do with it" - explicit financial regulation with real penalties attached to it, that banks systematically adhere to. I'm not necessarily a fan of all legal regulations around banks or other financial product providers - this is a huge reason I'm interested in truly decentralized cryptocurrency systems - but given that the regulated fiat financial system does exist and is widely used, we might as well demand that these regulations include provisions that the bank has to let people running free smartphone OSs connect to their systems too.
> We need nerds who care about this to stop typing on hackernews and go start a phone hardware company.
We need nerds who care about this to stop complaining about minor things in existing GNU/Linux phones and other similar devices on the market and go buy them. These hardware companies have been there for years already.
It's hard to build a profitable and sustainable business only basing on the minority that doesn't mind it being "too thick", "too slow", "not high-res enough" or "unable to run modern PC games" (all of these are real things I heard from people here, no kidding). And I assure you that if you really care, you'll easily find a way to live with a (swappable) battery that lasts 20 hours.
I own one of these devices (pinephone) and it is legitimately not good enough for day-to-day use (despite the incredible efforts of the people who are working on it's software). I only use my phone for locally-stored music, text-only web browsing and calls/SMS. The Pinephone cannot perform any of these tasks competently. The thing it does best is playing music, but this drains the battery. It will not reliably place/recieve calls/texts (and 911 doesn't work IIRC). It can barely handle basic web browsing. KDE on this device literally pegs both CPU cores to 100% all of the time. Phosh is better but still dog-slow. This is the case even with the many years of improvements the community has been making to these devices. It used to be significantly worse, and the software is monumentally better than it ever has been. I love this device, and it deeply saddens me that it has such major flaws.
All of the current Linux phones have major showstopper issues, and saying we're complaining about them being "unable to run modern PC games" is a strawman. The simple fact of the matter is there are no decent mobile Linux options available.
The most endemic problem right now is "Linux" phones that use crummy forked vendor kernels and Halium. For all intents and purposes, these devices are trapped in time and can't meaningfully get software updates for major system components. The 2 decent Halium-free options, the Pinephone and the Librem 5, both still use downstream kernels, and the Pinephone's kernel is maintained by 1 person in their spare time. I think it's apparent that this is not sustainable, and one can't reasonably expect megi to maintain this device forever.
As sad as it makes me feel to say this, I don't foresee these problems improving for a long time. As of now, I remain stuck with a Moto E6 from 2019 (Android 9.0) as it seems to be the final device ever produced with a replaceable battery, headphone jack, SD card slot, and screws instead of glue.
Man, I just want to get a rapsberry pi and screw together a touch display screen with some sim attachment as my phone.
Or a device which can just take a X server running on the same port of sorts but I have found that sure you can do something like it, but its gonna be of inferior / subpar than a phone but definitely possible.
If you wait around to be purist on this issue all day, nothing will ever change. Something like e.g FuriLabs is good for growing the ecosystem and getting people actually exposed to something other than iOS/Android.
Halium is a hack around crummy vendors doing sub-par work. It is technically impressive but it doesn't resolve the underlying issue that the crummy vendor kernel will never be updated. Saying that Halium is not a good enough solution in the long-term does not make one a purist, it's a simple fact. Devices that rely on Halium are dead-on-arrival.
And yet I've been using these devices for 17 years now (first Neo Freerunner, then Nokia N900, now Librem 5) and they've been good enough for day-to-day use. With some compromises, sometimes effort, maybe not for everyone, but they sure were usable by a determined person who cares.
I do have a replaceable battery, headphone jack, SD card slot and screws. I do some Web browsing, reliable calls/SMS, playing music for hours. It's starting to get a bit slow and old over the years, but I still see no reason to switch to any less user-respectful device.
What I worry about is whether there will be an upgrade path within the next decade. So far there was the Liberux campaign, and it failed. I already had to use an Android device as a secondary phone for 2-3 years before I got my Librem 5 because the N900 eventually aged too much to be usable for the Web and there was nothing on the market that could properly replace it. I don't want to need to do that again.
PinePhone is a low-end device with no support other than what you get from the community. It was a good option for those who couldn't afford anything else and wanted to invest their time and skills instead of money, but there are no miracles. The community of people who did actually care turned out to be small enough that you can still find some low-hanging fruits to work on today - and that's the thing I wanted to point out. I see lots of people who talk about how much they want Linux phones, but it's a tiny subset that actually acts like it. They won't fall from the sky - not when the sales of existing devices can't finance developing their successors.
Which software stack were you using on the Neo Freerunner that was usable as a phone and had working power management?
I tried to use a Freerunner as a phone for well over 2 years before I gave up and just bought another nokia. As far as I'm aware, it was never really usable as a phone, partly due to the power management never really working properly (there was a point where we finally got power management and a battery life of >4hrs, but the phone often wouldn't wake to ring when somebody called). When using several of the available distros I was frequently mocked by my friends for using the "echophone", due to their own voice being echoed back at them, making it extremely disconcerting to talk to.
I tried a bunch of different distros. And I spent hours and hours and hours trying to tweak settings and test to eliminate the echo. qtmoko was the best distro IIRC, but it had its own issues.
To say that "they sure were usable by a determined person" severely overstates the usability of the freerunner IMO - I'll be extremely curious to hear about the software stack that you characterise as "usable", particularly with regard to the ability to make and receive calls and the ability to have the phone on standby for more than about 4 hours away from a charger.
I used SHR (initially Om2007.2, but switched after a few months as it wasn't maintained anymore). Echo could be eliminated by configuring Calypso modem's DSP and IIRC FSO distros did it by default at some point. Buzz and not waking up to ring (the infamous bug #1024) were hardware issues on early units and could be fixed pretty easily by anyone who knows how to use a soldering iron (I didn't back then, so a friend did it for me). There was a software workaround as well, though at a cost of elevated power usage in suspend. I don't remember exactly how long it lasted on battery, but it sure did last a day at school. A quick search through my e-mail archives shows people on mailing lists talking about 100 hours in suspend with modem deep sleep fixed and about 70 hours with it disabled (though I can see someone complaining in one mail that they couldn't reach more than 50 hours), but of course it could quickly burn through the battery when under active use - especially with Wi-Fi on, as I remember its power saving mode to be quite flaky.
Freerunner was the roughest of these devices, but that was more than 15 years ago. Things have changed meanwhile ;)
I tried SHR too. That original 2007.2 distro that it shipped with was almost usable as a phone before OM released the much worse one.
Interesting to hear, I never managed to get anything like that many hours out of mine - as I say I never managed a full day because it wouldn't wake from sleep to ring. And I spent a LOT of time trying to eliminate the echo but never quite managed it (though I think it might have been gone in qtmoko, it's been a long time so hard to remember exactly).
Still I'm glad to hear that it was usable for someone, I guess.
> Things have changed meanwhile ;)
I wish. But my experience with the pinephone was somehow even worse.
Yeah, Om2008 was a disaster. I liked Om2007.2 as a user, but as a developer I can see why it was abandoned. Eventually it was FSO what made the phone actually solid and with proper foundations. If your device shipped with 2007.2 still, it must have been one of the earliest ones, so you've got the whole set of hardware bugs that were fixed in later batches (but so did I).
Still, Freerunner, while usable, required plenty of patience. My current experiences with Librem 5 are so much better - but whenever I play with a PinePhone it does somewhat remind me of my old Freerunner (which still works, BTW!).
I don't understand what you're talking about. SXMo (https://sxmo.org/) is fast on Pinephone. Even Phosh is pretty usable. Firefox with NoScript is more than good enough to browse web sites with pictures.
Also, Librem 5 is much faster than Pinephone, and I've been using it as a daily driver for quite some time already.
I have to second this. I've bought two of these devices over the years: first the Neo Freerunner and then a Pinephone Pro.
I spent over two years persisting, trying to get the Freerunner to a state where it was usable as a phone. Openmoko were more interested in rewriting from scratch and making sure it had pretty animations than things that some might consider more important, like working power management and phone calls.
For a long time I called the Freerunner "the worst phone ever made"...
...but then I bought a Pinephone. Which couldn't even play mp3s without stuttering - something even the freerunner could manage over a decade earlier. Don't get me started on the "quirkiness" of trying to use it to make and receive calls. Also the keyboard attachment I bought with it never worked. I tried multiple distros and whatnot, but I didn't get to spend a huge amount of time experimenting, because less than a month after I started to try actually using it, I dropped it, and it was so fragile that the screen was destroyed, despite me having bought a screen protector for it.
I've looked at a lot of these devices over the years and been tempted many times. I was very put off by the freerunner experience. The pinephone experience was actually almost impressive that it managed to be somehow worse.
I've just been scanning the postmarketos wiki looking at how that works with a few different devices. The number of devices that have some feature like calls / gps / camera / etc "partially working" is dismaying, particularly for open devices like the pinephone and librem.
Personally I switched to using lineageos on phones a long time ago. It's not ideal but at least it's usable as a phone.
> By what mechanism do you propose we stop a bank from saying "we'll only support connections from iOS devices", if not the democratic market force of ensuring enough of their customers demand access from devices running free and open source software?
Similar to all the accessibility requirements, of course. Do you think the society / government should force banks to provide services to blind or deaf people? Or should we just let the market decide?
I never stated that its never reasonable or good to force corporations to behave against their interests. What you stated is that the "mechanism" might be to treat a person's chosen software stack as a protected class. I can't agree with this, in any sense, and I think you're just trying to distract the conversation by suggesting it.
In a sense, that is the solution: ensure availability through open standards (like the web platform) through legislation.
My bank has stopped issuing physical TOTP tokens years ago, and I am holding on to one from 2006: when that one dies, I won't be able to use their e-banking web site if I do not have an Android or iOS locked-down phone.
Not, that does not mean making it a protected class. But instead, guaranteeing access through open protocols and open platforms should be sufficient.
I also hope legislation, like CRA/NIS2 in EU and different e-waste regulations combined, will push manufacturers to consider FOSS approach as a get-out-of-jail card too.
I've done research on this, and have considered it but it's capital and time intensive even if I think it's viable.
There are two reasons I think it's viable now:
1. It's possible to wire an agentic system management service into the OS to handle a lot of the routine stuff, so non-technical users will be able to just talk to their computer and it'll be fine tuned to be good at fixing system issues, installing/removing software, managing windows, etc. I developed a scheduling inversion of control executor for enterprise agent control that I've looked into adapting for this use case.
2. The steam deck has proven a new model. Game friendly and a simplified UI is enough to carry Linux. New Arch rices like Omarchy are pushing the envelope of usability. I've been ricing desktops since enlightenment on slackware 96, so I'm pretty familiar with this world.
Regarding form factor, I'm not a huge fan of phones, too many tradeoffs. I think with strong AI voice systems, the optimal setup is buds + tablet. That's a better setup for mobile linux anyhow, and it makes the hardware almost a non-issue.
This is a valid take. I do not agree with it in general: if we look beside the consumer devices, FOSS software us everywhere. and powers almost everything consequential.
But the mobile phones specifically turned from phones into trusted terminal which institutions like banks and governments use to let users control large amounts of money and responsibility. And the first rule of a secure device is to be limited. In particular, the device should limit the ability of its owner to fake its identity, or do unauthorized things with networking, camera, etc.
This junction of a general portable computer and a secure terminal is very unfortunate, because it exerts a very real pressure on the general computing part. Malicious users exist, hence more and more locking, attestation, etc, so that the other side could trust the mobile phone as a secure terminal.
It would be great to have a mobile computer where you can run whatever you please, because it's nobody's business. And additionally there'd be a security attachment that runs software which is limited, vetted, signed, completely locked-up and tamper-proof on the hardware level (also open-source), which sides of the communication would trust. Think about a Yubikey, or a TPM, but larger and more capable. The cellular modem and a SIM card are other examples, even though they may be not as severely hardened. They are still quite severely limited, and this is good.
If I were to offer an open-source phone (and, frankly, any mobile phone), I would consider following this principle. Much like the cellular modem, it would carry a locked up and certified security block, which would not be user-alterable. It would be also quite limited, unable to snoop into the rest of the phone. The rest of the phone would be a general-purpose computer with few limitations. Anything that would want to run on it securely would connect to the unforgeable interface of the security module, and do encryption / decryption / signing / secure storage that other parties, local and remote, would be able to verify and thus trust.
If they want to manage their hedge fund from their phone, then maybe they should consider using a special device for that. It doesn’t really matter for the rest of the people as status quo shows
Locked devices are created to supposedly ensure the security of a device user, not because malicious users exist.
SIM card is a good example. Technically, that's trivially solvable with a PKI infrastructure (a malicious user can't trivially and successfully misrepresent as google.com): operator runs their CA, and by signing your certificate, they attest that you are the owner of a particular phone number. No malicious user can mess with that (other than attacking the CA).
What they can do is attack end-user devices through different cheaper means (social engineering, malicious apps, exploits...), and extract individuals' private keys, thus allowing them to misrepresent as that individual. A SIM card protects against this by not making private key accessible in the first place.
This is exactly what locked devices do: they protect customers from not knowing how to properly (including securely) use their devices.
This is what we need to focus on as technologists: if we know how to securely use our devices, how do we opt out of others "protecting" us, and take full responsibility and liability for security lapses?
It's got nothing to do with protecting users. It's got everything to do with protecting the corporation from the users. Especially the corporation's bottom line.
If you have a free computer, you can make it save a copy of the film the corporation is streaming to you. It's your computer, you are in control.
If you have a corporate owned computer, it will not let you do that. They own the computer, they are in control. If you manage to subvert their control, it will be detected and they will not stream the movie to you.
Substitute corporation with government, and streaming with cryptography. Now consider the fact Europe is trying hard to enact laws that force client-side scanning of our end-to-end encrypted messages.
That is the war we are fighting. The fact we are losing hurts me deeply. It is hard to put into words my disillusionment.
I did use "supposedly" in there. While media lobbies are strong, that's not how they are convincing governments to line up: it's about protecting the naive, non-techy user in this tech-heavy world.
To me, that's why we need to rise and say: I need no protection! Media companies can do what they please and still insist on "secure attestation" (like Netflix does with Chrome on Linux, still limiting to lower quality streams), without essential services like government services, banking services, communication services etc. being allowed to do the same if the user decides against that "protection".
Not sure who are "they" and where are they "representing themselves" in your question?
My point was that you can be protected as a user even without the "secure enclave": that's how GPG, SSH and HTTPS PKI works (a user has their own private key, and they are as safe as their key is). Leaking any one of those only impacts that single user, similar to someone stealing your phone and using your logged in accounts or even secure chips if they get your PIN or password (or biometrics) — if you even have it set up, which most people outside the tech bubble don't.
You might be misunderstanding some of the nuances I brought up: what are you talking about?
> We need nerds who care about this to stop typing on hackernews and go start a phone hardware company. That's it.
We need nerds that are more politically conscious than that, and are not naive enough to believe they can solve political problems through creating companies and hardware.
At this point there are only two things stopping me from using kde or gnome on my work box: Apple and my employer, and I could probably convince my employer. The hardware though is something I’m not willing to compromise on and Apple is in a tier above everyone else currently, so I’m stuck with subpar macOS, not planning upgrading to Tahoe for as long as possible.
Nerd have been at it since the OpenMoko days, the problem is that they don't understand what the general public cares about, thus all those efforts end up failing, as the few nerds that care about being customers all get a phone, and there isn't anyone left to keep the business going, buying new devices.
Eh? Samsung still maintains a whole suite of independent alternative apps, providing things ranging from NFC payments to calendaring and contact management, that they stuff onto their phones in addition to the usual Google fare.
Until very recently, most/all of their phones had alternative Samsung-produced chipsets available in various markets (Exynos).
They've got their own app store as a built-in.
And they also maintain their own small-system operating system, with Tizen, in case it all goes to shit.
They've been working very hard on parallel development for quite a long time. They're probably better-prepared to jump ship than any other top-tier manufacturer of Android cell phones is.
Motorola Mobility? That was spun out of the stodgy-big batwing mothership in Chicago a long time ago -- and first purchased by Google, before being sold to Lenovo. Subsequent to Google's influence, whatever remains is ill-prepared to jump ship, but that was certainly a design intent. That behemoth is much more dug-in.
So the outlook is certainly gloomy, but it's not all darkness.
(In terms of things like banks only supporting one OS or another: Gosh. Prior to the entrenchment of the smart phone age, I never installed a company-specific consumer banking application on any computing devices at all. It was OK. I just used Sir Tim Berners-Lee's World Wide Web to do that stuff, sometimes with a side dose of SMS on my dumb-phone for active notifications.
And still today, I don't have banking apps for most of the companies that I do banking-stuff with -- and I get along fine with keeping track of the money I have, the money I owe, and the bills I need to pay.
Maybe the right answer here is to shore up the utility of the platform-independent WWW.)
>Eh? Samsung still maintains a whole suite of independent alternative apps, providing things ranging from NFC payments to calendaring and contact management, that they stuff onto their phones in addition to the usual Google fare.
Which is EVEN WORSE in maintaining device attestation than Android. Read about the Knox warranty bits.
> To me, this is... fine. Not ideal; but fine. We should fight like hell to score wins where we can, like in right to repair, parts availability, ensuring old devices are kept up to date for as long as possible (Apple is pretty good at this); but if I have to carry an old iPhone in my backpack to access my bank because they refuse to support my hypothetical GnuPhone 5, the world isn't going to end.
But even as you say, as you're using Arch as your desktop computer, things may be fine now, but they're only going to get worse.
Should we all have to carry two laptops because anything running a free software core is just utterly unusable due to remote attestation?
> We need nerds who care about this to stop typing on hackernews and go start a phone hardware company. That's it.
Didn't you just spend most of your comment talking about how the market forces don't care anyway? Would good is starting up a phone hardware company that will ultimately go bust due to total apathy of the general consumer?
Agreed. Its only going to get worse and all current trends validate that. It’s clearly trending towards closed source big brother platforms. E.g ios, android, windows and macos.
It does look that way. Though there is one potential silver lining around the madness going on in geopolitics: much of the rest of the world is rethinking it's long-standing strategy of relying on American software. That makes Open solutions look a lot more attractive, even to the average politician, than say a year ago.
"free and open web" isn't even used to be anymore, many are using bots and AI to make things worse and many people especially young people didn't even do "surfing" on the web anymore
like it or not but internet that need verification on personal level is the future, I don't agree with it either but if you see from the progress perspective its always been like that
As I said other times: we need a Free Hardware Foundation now like we needed the Free Software Foundation for many years. The GSD (GNU software distribution) is basically a standard GNU-Linux distro using GUIX as the package manager seems very interesting, but if you want to run 100% free software on a RYF-certified device you'll have to pay a lot of extra money for 15 years old class hardware.
We need the equivalent of a Linus Torvalds + Richard Stallman but hardware. We were lucky to have had both for software at the same time. We need the same luck again now.
Pointless. Silicon fabs currently cost billions of dollars. They are single points of failure. Even if the market starts trending towards openness, governments can just regulate a backdoor into these fabs. They have every incentive in the world to do it. Democratized access to cryptography is subversive.
We need some kind of 3D printer that can print computer chips. We need the ability to make our own hardware at home, just like we can make our own
software at home. Democratized electronics fabrication. That's the only way we'll be saved.
While I, for the most part, agree to this in principle, at the moment, general compute hardware production is relatively safe (or so it seems).
But when it comes to humongous costs, the fact that even "open source AI models" don't have their training data available (the actual "source") is one thing, but even if it was, it'd be impossible to retrain a model "at home". But if data was available, I am sure any of the existing free software foundations, or a new one, could rally users around sponsoring one DC.
We are back in the "mainframe" days where top-end compute is accessible only to few (with lots of money).
I'm not sure I follow. Corporations are free to impose requirements for access to their platforms. FOSS didn't start by demanding that MS release the source code for Windows and Office. It started with developers writing their own alternatives. What helped was the open and standardized nature of the IBM/PC stack that made it all possible. Without it, FOSS would have died before birth.
> Corporations are free to impose requirements for access to their platforms.
To wit, hardware that I bought is not "their platform", but many corporations sure like to pretend it is.
It's already not illegal to reverse engineer hardware you have bought (for the purpose of maintaining it or compatibility), regardless of how much IP lawyers like to pretend otherwise. (And even if it were illegal, I would contend that reverse engineering is a fundamental right that laws cannot rob you of.)
When BlackRock has stake in 95% of fortune 500 companies, and we are forced to use software and services provided by them because no viable FOSS alternatives exist, it becomes, and already is, a big problem.
You have to own a phone to participate in society these days. I need one to even log onto my laptop for work. Eventually I'm sure some form of digital ID / biometric information will be required for verifying my online identity.
It's a slippery slope, and we're sliding into the abyss.
> Corporations are free to impose requirements for access to their platforms.
Yeah? They shouldn't be. Any attempt to deny us service on the basis of the software we use should be classified as discrimination. It should be a crime of the same caliber as racial discrimination.
Sure, I can get behind that statement for certain things that we consider essential to a person's dignity and safety. Demanding access to Gmail or Facebook doesn't sound like it.
> Demanding access to Gmail or Facebook doesn't sound like it.
I would argue that Gmail (or at least some kind of email service) is actually a necessity for modern life -- and if "access" includes sending emails to @gmail.com without being black-holed into the spam folder then I would argue it is one of the most essential digital rights these days. For most of the public, no access to Gmail would make it impossible to get a job, use most online services, or communicate with most people. Arguably this is a right more people exercise every day than some fundamental human rights (like the right to a fair trial -- most people are never a party to a criminal trial).
Facebook is somewhat less relevant than it was a decade or two ago, but if you include all of the services under the Facebook umbrella (Instagram and WhatsApp) then I think there is an argument it is would also inch close to that line. I remember it being incredibly difficult to attend events and interact socially with classmates without having a Facebook account when I was in university ~10 years ago.
(All of that being said, I don't necessarily think this is the key issue here.)
The ability to run our own software in all contexts is absolutely essential for our dignity and safety.
It is the only thing that allows us the chance to resist their surveillance capitalism. Being surveilled and having algorithms extract value out of us is exploitation which absolutely goes against basic human dignity. It also creates the potential for information leaks which are safety risks.
Think about it. The only thing that separates corporate software from literal malware is a huge terms of service document filled with legal boilerplate that nobody actually reads. Everybody theoretically "agrees" to this stuff.
Consumers don't know anything about what's being done to them. Even on Hacker News I get accused of being a paranoid schizophrenic "tinfoil hat" user when I point out the fact we have trillion dollar corporations building digital fiefdoms with users as the serfs. You think non-technologists can grasp this? You have far more optimism and faith in humanity than me if you truly believe that.
> building digital fiefdoms with users as the serfs
I wouldn't call you names, but this does sound rather extreme. It also sounds rather imprecise. Is this a metaphor, or a hyperbole, or do you actually mean this literally? If so, in what way I, an iOS user, going to be an Apple serf?
That is the definition of idiot. A person who's so alienated they don't participate in these public matters.
> they do care if the situation get worse
By the point normal people start caring, the system will be so thoroughly entrenched that violent revolution will be the only option avaliable to them.
You cannot participate in all public matters, that’s naive and unrealistic. And stop calling people idiots for not doing that, this definition is outdated.
This looks like a loser's move, but if your bank has no other options except for mobile app, you can buy a cheap phone for that app only, and connect it over WiFi (without SIM card) so the bank would only get your IP address from this and nothing more.
This is indeed a way to cope. But why should we have to merely cope? Why do we accept the world getting objectively worse? The necessary technology is cheaper, better and more abundant than ever – so why are we letting a few megacorps and some power-hungry politicians decide how we use it?
In my country, creating a new bank used to require presidential approval. That was the status quo until only a few years ago. Things only started to improve after that requirement went away, and they certainly haven't improved enough.
It's hard to describe just how deeply entrenched institutions like banks are. Normal people see all of this stuff and they do not even react at all. It's all just mindless bureaucracy that they have to put up with. Nothing can be done about it. Can't be helped, so they just accept it.
So it's not wise to treat banks like normal corporations which compete with each other on the open market. They are directly legally and financially incentivized to do everything we are fighting against.
For example, our banks still require us to install "security modules" on our computers in order to log into our accounts. Once upon a time I tried to reverse engineer one of those things to see why they made the computer so unusably slow. I caught it intercepting every single network connection. Told me all I needed to know.
At some point society has to simply determine that it's immoral and make it illegal. It doesn't matter how much money they lose to fraud of whatever, just write it off as a business expense or something.
I’ve lived in Africa, Europe, and the US, but I’ve never experienced a situation where I couldn’t just switch to a different bank if I wanted to. That’s the context for my comment. All I’m saying is that if you’re in a situation where a bank’s services are overly restrictive, and switching to a different bank will solve that, it makes sense to switch. I can’t speak to places where such choices aren’t available.
I take the same position on countries - it’s why I no longer live in Africa, where I grew up. And why I soon won’t be living in the US any more. Life is too short to waste it having other people’s mistakes inflicted on you.
> I take the same position on countries - it’s why I no longer live in Africa, where I grew up. And why I soon won’t be living in the US any more. Life is too short to waste it having other people’s mistakes inflicted on you.
You have my applause. But that certainly looks like you are in for a lot of moving around, going forward. I guess it is not an option for everyone.
Looking at immigration and refugee numbers around the world, more people take it as an option than you might imagine.
For many of those that don't, that's a choice. Keep in mind that emigrating doesn't necessarily mean adhering to all the bureaucratic procedures involved, all the time.
I lived in my home country and then Botswana for nearly 30 years.
I've been in the US for over 30 years. I don't anticipate many more moves.
I think it's worth distinguishing between what "winning" should mean and what's still possible in the world we're in. We may not win by owning every transistor, but we sure as hell lose if we stop demanding the right to.
Come on, this kind of defeatism only emboldens entrenched players.
Yes, we're awkwardly cornered - hardware used to be open or easily reverse-engineered. Now it isn't. The solution is to demonstrate the demand for open hardware. No one is going to walk away from money that can be made even if the market is smaller.
This movement was strong enough that the incumbents themselves offered Linux-friendly hardware. We continue to see momentum in the mobile space as well with /e/OS, Fairphone, etc. GrapheneOS is pursuing alternatives to Pixel.
What did it take to port Linux to M1 series Macs (which at least has an unlocked bootloader)?
How do I install GNU/Linux distribution on a latest Galaxy S25 or iPhone or Google Pixel or Apple Watch or... (these are likely top-selling general compute devices in the world)?
Yes, on Windows PCs, Linux usually works better than Windows itself (except for the very newest stuff for a short while). But I think you missed the point of the GP.
> No one is going to walk away from money that can be made even if the market is smaller.
Unfortunately the tech industry has shown us that isn't true. For example, look at the iPhone mini - I forget the exact sales numbers others have cited, but it sold very well. There is clearly a solid market there, even if it is smaller. But Apple isn't willing to chase it, and nor are the various Android OEMs. The same may well prove true for open hardware.
Sold very well for your home business is very different than sold very well for Apple. At the time the first Mini was released, when the previous regulat iPhone (5s) was available for cheap and the new Mini had few compromises not dictated by size, it was may be 1/6 of Apple’s sales in the first year and dropped precipitously after that. It never sold well.
Are you able to source all (or even the majority) of goods and services that YOU use, within the crypto ecosystem? Are you getting paid directly in crypto (or if you offer goods/services, do you only accept crypto)? i.e. direct exchange of crypto for goods and services? If not, you are using an intermediary to convert crypto into fiat and vice-versa. Do you invest in ANY non-crypto assets? If not, you are relying on a financial intermediary. Do you practice true self-custody of your crypto? If not, you are relying on intermediaries.
For all the theory about the being financially independent of intermediaries, in practice it is nigh on impossible for most folks living in the real economy. Meaning that for most of them, even the crypto-knowledgeable, "embracing crypto" means a compromise with the "absurd" as you put it.
This, and especially when the intermediaries attempt to police what you can and can't purchase with your own money when you wish to purchase a fully legal good/service (see: Visa and Mastercard fiasco)
But they did, there's even people in this thread saying the FSF/GNU is too strict with their requirements and is akin to the "old man yelling at cloud".
What else are they supposed to do then? Start Luigi'ing people?
Often times the problem is literally yelling at Cloud.
Cloud doesn't have an automatic philosophical match to the way the Freedoms were justified originally. The Freedoms are based on the notion that you should have the right to do what you will with hardware you own; you don't own someone else's hardware in the Cloud.
> The Freedoms are based on the notion that you should have the right to do what you will with hardware you own
Then why do they keep trying to own our devices? Why do we have all this attestation nonsense designed to subvert our ability to do what we will with the hardware we own?
> you don't own someone else's hardware in the Cloud
Then they should keep their ownership in the cloud where it belongs. My software will talk to their software through the network boundary. All is well.
Dictating what software I can or can't use on my machine to talk to their software is an invasion of my territory. It shouldn't matter whether I use their official app, my own custom client or some curl script to achieve my own ends. If they're going to try and usurp control of my machine, then I'm gonna start relativizing their "freedoms" as well.
The problem is that the philosophy doesn't extend to networking.
You are free to do whatever you want with your hardware. Rip the chip out and install firmware that will boot anyway when the missing chip doesn't POST.
... and when you try to connect to my server, I will send a challenge-response that you needed that chip to answer. When that fails, I'm free to do what I want with my hardware. Which is drop or reject your incoming request because I don't trust you.
So far, this situation has been stable because it's a lot more valuable to me to trust you than not; the benefit I get from having you as a user outweighs the harm that can happen if your machine has been modified and does something that breaks my protocols. In fact, the rule on the Internet has basically been "What happens in your house you have control over; what comes in from the outside is assumed to be pure screaming madness until it's validated" for that reason (among others).
... but validation is expensive and I can see why some companies would want to push the whole validation story onto "We use attestation to confirm that we can trust the software works the way we expect it to on the other side of the machine." I personally think it's a bit of a dumb experiment (I don't trust attestation itself to succeed, not when the end-user fundamentally still owns the device and every hacker on the planet can attack the attestation protocol all day if they want; I haven't seen a system that pretends it controls both sides of the network ultimately succeed yet and I don't expect I will this time either). But if companies want to win stupid prizes I don't think we need to do anything more than "not work with them" to help them along.
It's hard to do otherwise without doing injury to the core concept "You own your own machine" whether 'you' is one person with a smartphone or a corporation with a datacenter.
Where does this resigned opinion that open source can not do attestation come from? Do you really think it's impossible to build the attestation mechanisms inside open source OSs?
Checking what software a user is running can be done with open source software, but actually doing so takes away the user's right to run modified copies of software. The fact that it basically needs hardware-backed DRM also doesn't help.
I see, it makes sense. But I feel like it is a worth while compromise.
Attestation as I understand it is to allow third parties to trust a user's computing device for purposes of handling their sensitive data (both from the user's and the third party's point of view) in a way that doesn't rely strictly on the user's savvy for keeping everything leak proof.
Even if this data belongs to me - as said user - I still think that the existence of open source attested software is a net benefit in the bigger picture because the future looks more and more dependent on secure computation.
You can run it, I'm just under no obligation to let your machine send signals to my machine that my machine will respond to if you are running software I do not trust.
And that's the complexity of this era of computing. We just got finished convincing people that it made sense that they should have the right to run whatever software they wanted on hardware they owned... And then immediately the technology shifted so that most things no longer get done using exclusively hardware that you own. The RMS four freedoms approach is only chipping away at the larger problem: capitalism (I mean that literally in that the problem is that the machines that do the work, the capital, are owned by a tiny ownership class).
> You can run it, I'm just under no obligation to let your machine send signals to my machine that my machine will respond to if you are running software I do not trust.
If some piece of software I'm running is the only reason for you to refuse the connection, then you should be obligated.
It's slightly similar to how protected class laws work. You can block me for no reason, but not that reason.
This is especially important when I just want to run my own OS and not have people go out of their way to deliberately break things because of that.
The same violence that stops you from running a red light, yeah.
In my view, it's more important to have freedom of software choice than to have the very narrow freedom of association based on what software someone else chooses.
Because again I'm fine with you rejecting me for just about any other reason. But that one? No, I think we should all have to interoperate.
Another way to look at it is that I should be able to keep what software I use private.
Also the important part is applying this rule to companies with 7+ figures of revenue. Not so much to actual people.
I mean, we all have things we'd rather not have people reject us for, that doesn't mean it should be illegal to do so. We already have the (legal) right to keep our software preferences private.
In general I'd caution against trying to use legalisation to solve problems like this because they usually introduce more problems. At the very least I'd expect banks to no longer carry liability for fraud, so perhaps one intended consequence of this is that if you get defrauded the bank no longer protects you. That would suck imo.
Perhaps they could make it so you waive all protections by using unauthorised software. That would probably require changes to existing legislation, and then of course people would complain that the banks have too much power etc...
> At the very least I'd expect banks to no longer carry liability for fraud
Respectfully to you but not to banks, fuck that. You can use your computer under your control to access a bank and it's fine. You don't have to give up fraud protection. Phone apps should be the same way.
In Germany, the banking system had an open API, so you could even access your bank account from KMyMoney and do transactions. And you still had proper fraud protections.
How is it that accessing my bank account with KMyMoney is fine, but banks don't even allow me to access my smartphone's root account without blocking me?
> If some piece of software I'm running is the only reason for you to refuse the connection, then you should be obligated.
In general, the obligation has been soft: "If everything adheres to the protocols, it will interoperate" is how we got the Internet. And the Internet was generally useful and so self-incentivized making software work with it with minimal stumbling blocks; nobody was gating FTP clients on only working with Oracle-branded FTP servers because then you couldn't access all the other FTP servers.
But that's not the only model, and I don't see an obvious argument for why should enters into it here. How does that "should" work? Is there legal compulsion? On what moral or philosophical grounds?
> It's slightly similar to how protected class laws work. You can block me for no reason, but not that reason.
Yes, and instituting those laws was a messy uphill battle over immutable properties of human beings. That is a far philosophical cry from "No thank you; I'd like to use all that Apple cloud tech without buying an Apple computer please." I suppose, unless we break the back of capitalism as a societal structuring model, in which case... Yep. We can make whatever laws we want if we throw out the current system.
Hackers will be fine. If anything, this kind of measure-countermeasure foolishness from corporations gives them a really meaty problem to dig into.
It's just very unclear that the force of law is the right tool for the job to address that problem.
(Also, people on Hacker News can care about a lot of things simultaneously. One of them can be that adding the government's cudgel to the problem may very well make it worse; do we really want the government having to well-define things like "protocol" and "communication" to craft that law?)
> It's just very unclear that the force of law is the right tool for the job to address that problem.
Remote hardware attestation is cryptograhic proof of corporate ownership of the machine.
They're using cryptography against us. Everyone here knows how devastating cryptography is. Cryptography is subversive. It can defeat police, judges, governments, militaries, spies.
I'm actually worried that the force of law might turn out to be not nearly enough.
> do we really want the government having to well-define things like "protocol" and "communication" to craft that law?
Just ban corporations from using remote attestation to discriminate against us. If they try something else, ban it too. Don't even ban the technology, it's useful to us when used with our own keys. Just stop this abuse and discrimination.
If the future hopes for openness in computing rely on ending capitalism, we're already toast. Nobody's going to be building the next generation of chip fabs without gargantuan amounts of funding.
Smartphones have cryptographic hardware that can provide proof that a device has not been "tampered with". This is called attestation. The hardware attests to the fact trust has been preserved since boot.
Your device will not attest to this if you install your own operating system, if you root your phone, if you do anything that they don't like, anything at all.
You install your bank's app and try to use it. The bank's servers ask for the attestation. You will not have one. They decide you cannot be trusted and deny you service.
Even if you can program your own keys into your device, nobody is gonna trust those keys. Why would your bank trust your own keys? They'll trust Google's keys, Apple's keys, the government's keys. You? You don't get to participate.
The corporations and governments want to own your computer. They demand cryptographic proof that your device is owned by them and that they have complete control. If you don't provide it, you're banned and ostracized from everything.
These days banking is one of the things for which a phone is required for. It is used as the primary banking device for most people, and for the rest it is required for two factor authentication when logging in on a PC or to verify online transactions.
Maybe some bank would allow you to use some third party two factor authentication device to log in sometimes, but most (if not all) would require you to use their "app".
In my country, banks force us to install "security modules" in order to do this. Once upon a time, back when I used Windows, I got bored and tried to pry one of these things open to see why they made the computer so unusably slow. I caught it intercepting every single network connection and doing god knows what with them. That told me all I needed to know.
It used to be that Linux users like me were exempt but at some point they added Linux support. Now there's a goddamn AUR package for this thing.
Remote attestation on Android is one of the primary examples. Banking apps and a bunch of other apps that will cut you off if you do something like root your phone.
(This is not directed to you but the wider community writ large, you just happened to be the one to kick the hornets nest)
You know… there was time before this latest generation started calling everyone that complained to a manager a karen… that complaining to manager would resolve issues… and if that failed, publishing your story and refusing to do business with someone was seen as proper conduct.
Banks!!! Lol! Are the most fragile institutions ever! Fdic, exists for a reason… get enough people to withdraw their money all at once and see what happens.
Open source people that want to stick to your grit… don’t work with banks that won’t let you use open source software. Oh is that too hard for ya? If you’re not compiling your own slackware distro than you have no leg to stand on (/s)
But seriously, use a local bank and try solving human problems by dealing with human’s. Quit trying to tech everything… if the open source community would get unified and actualize… thats a fuck ton of people!
Here’s another crazy concept that the oss community could do… they could literally just open their own bank… voila (its not as hard as it seems and takes way less money than you think)
> try solving human problems by dealing with human’s
Welp. I actually tried it. Here's my experience.
I contacted my banks and got in touch with their managers and devs. They do have APIs. I wanted to use those to create my own software with read only access to my account. I didn't even want to transfer money anywhere, just get my transactions for accounting purposes. I was using ledger at the time and was getting tired of manually inputting everything into the journal.
I eventually discovered I would need to incorporate and beg the central bank for permission to touch the financial system.
> But seriously, use a local bank and try solving human problems by dealing with human’s. Quit trying to tech everything… if the open source community would get unified and actualize… thats a fuck ton of people!
Wise, and thus downvoted. Many FOSS enthusiasts are antisocial, sometimes even misanthropic, fragile snowflakes ("I should be able to run any software I like, on any device I like"), so any call for collective political action, that actually could achieve something more, is disregarded.
I think free software has to adapt. I find it very difficult to run QGIS on a modern Mac with an up-to-date OS. It won't run for genuine security reasons, not because some corporation doesn't want me to run free software.
> Things programmers care about directly, like the OS and the kernel, are quite well covered. Whatever we need, there's an open version
What devs can build without much oversight or business pressure usually works well open sourced.
Almost everything else (hardware, non technical "productivity" software, services) doesn't, and that's most of our life. We live in a world that's still massively closed source.
I wouldn't call someone absolutist for wanting printers, coffee machines, laptops, TVs, cars, "smart" lights to be more open than closed.
That's true. Wanting openness in everyday tech isn't "absolutist" in itself. But the article's tone (and a lot of the FOSS movement's rhetoric) frames it as failure rather than frontier.
Of course we'd all prefer open printers and cars, but those domains aren't mainly limited by software ideology; they're limited by regulation, liability, and econ. The fact that programmers can build entire OSs, compilers, and global infra as open projects is already astonishing.
So yes, the world is still full of closed systems... but that doesn't mean FOSS lost. It means it's reached the layer where the obstacles are social, legal, and physical, not technical. IMO that's a harder, slower battle, not evidence that the earlier ones were meaningless.
I think it's fair to put it as a failure, as the overtone window moved so much it now sounds normal that regulation, liability or econ interfere with openness.
The very fact "right to repair" had to be coined, proclaimed and we're fighting for it is a regression from the early days when repairing a radio wouldn't be violating some clause.
Of course, the openness was more accidental or pragmatic than really intended, and we saw companies slowly put up the barriers as they found technical and legal ways to do it (like forbidding plugging third party phones to the network for instance). If it's a frontier, IMHO it would be more akin to the battlefields front lines than anything else.
Put another way, the battle has always been social and legal.
The other famous example which people have mentioned here is that "sideloading" is now used to refer to installing software on a computer, which used to be a normal, routine (and required) thing to do in order to use any computer. So the idea that someone curates what software you're allowed to run, and there's no way to even opt out of that, has become normalized for huge numbers of users and parts of the tech industry.
It's true that malware authors are much better funded and more aggressive than they were a few decades ago, so we have some long threads talking about how there is an element of the paternalism here that's protecting people from some pretty malicious stuff, which could also cause a lot of harm. However, seeing this paternalism as the basic normal way that software is used shows that we've lost a lot.
> Wanting openness in everyday tech isn't "absolutist" in itself. But the article's tone (and a lot of the FOSS movement's rhetoric) frames it as failure rather than frontier.
It is a failure. Things have been moving away from openness. A frontier would move toward it.
Yeah. I'd say open source won in the basic infrastructure of the tech world, but actual political free software is just barely holding on. I want users to be free not some base shared code you can't actually modify running somewhere in the stack of a closed source SASS.
In most places that I have been, free software is basically the way to not pay for software, for most companies free === gratis.
In the 1980's and 1990's, the same kind of places would be pirating software.
In Portugal, we used to have shops with catalogs during those days, hardly anyone at goverment level cared about software sales, nowadays it is controlled by an economic agency and those kind of shops aren't as easy to find as they were up to early 2000's.
Free software allows them to now be in a legal state, yet the authors get the same as before most of the time, nothing.
Which is why in the end many FOSS projects end up pivoting for something commercial, preferbly in ways where even piracy isn't possible, like SaaS.
> From Linux and K8s to Postgres and Python, it is the infra of the internet.
I may be unable to control the software in the device I am holding in my hands right now, but the important thing is that a few corporations can externalize the costs of maintaining their infrastructure to "the open-source community". And even get free publicity from doing so!
Google recently changed their security policy regarding Android, where there's now a 3-4 month delay between when OEMs get access to security patches and when they're posted to AOSP (it was previously 1 month). The patches are broadly distributed to OEMs, so there's no significant barrier to attackers and companies like NSO Group and Cellebrite obtaining them. GrapheneOS has access to the patches, but the embargoed nature means they're not able to publish the patch source code or any details about what vulnerabilities are being patched. This means that GrapheneOS users are forced to choose whether to opt into the closed source patches and get recent vulnerabilities patched, but lose out on having an open OS.
> "Winning" doesn't have to mean owning every transistor; it means setting the norms and powering most of what's built.
I remember when winning meant you can modify your computer as you please because you have all the sources. We’re locked down in a world of apps, saas, and whatnot.
Free software may have won on the infrastructure side, but it is people's computing that deserves freedom first and foremost. The good news is that Linux is gaining ground on the desktop, and we may eventually see the "year of the Linux desktop."
The issue is that most people's computing has now shifted to mobile devices, and these are quickly becoming fully locked down. Apple has been a lost cause for a long time, but Google is now aggressively attempting to kill Android as a FOSS platform. Projects like Lineage and Graphene are more important than ever for this reason.
> "Winning" doesn't have to mean owning every transistor; it means setting the norms and powering most of what's built.
It doesn't matter if software published under free licenses sets the norms and powers most of what is built if critical transistors that are necessary to use important hardware at all are powered by unfree software. That is precisely what this article is decrying. If you don't own every transistor, whoever does own those transistors can use their control over them to prevent you from using your hardware as you wish, or attempting to get money out of you for the privilege; and preventing this state of affairs is actually more important in many ways than being able to use free software to create novel internet applications.
Winning does has many different outcomes, only some which is similar enough that the historical records will see it as such. A comparison I would make is the war on encryption that was won. It is no longer illegal to sell encryption. The question becomes how much of a victory that is if then government impose laws that dictate backdoor, like say chat control.
What did that NSA official said. They lost the battle over control of encryption, but won the war against privacy?
I don't think the article was absolutist, binary, at all.
The issue is that for a lot of things, there is exactly zero foss options. The problem is not, and the article doesn't imply, that there should be a 100% foss, so that foss finally "wins".
Hopefully this lawsuit will be won by SFC, if it is, then anyone can sue their TV maker for the Linux kernel sources for their device and access to install modified versions of it, then replace their TV OS with AOSP/etc, or KDE Plasma Bigscreen or similar on a standard Linux distro.
But there is a simple alternative here: don't connect your TV to the Internet, use it as a dumb monitor for a FOSS streaming box (Linux PC or Lineage Android TV among others).
The infrastructure it powers is mostly cloud hosted SaaS which is far and away the most closed model of software. Cloud SaaS is far more closed than closed source software on a personal device. Often it’s not even possible to export your own data.
Very few people use much open source software directly. With a few notable exceptions it’s only used by developers and IT pros.
I suppose the Darwin kernel in Apple OSes and Linux in Android kind of count but people really don’t interact with those directly in a tangible way. They are way deep down under the hood from a user POV.
> I suppose the Darwin kernel in Apple OSes and Linux in Android kind of count but people really don’t interact with those directly in a tangible way. They are way deep down under the hood from a user POV.
The XNU kernel is only partially open-sourced. And it has a very non-open development model - development happens behind closed doors, no process to accept outside contributions, chuck a source code dump over the fence some time after each binary release.
It is better than nothing, but is more “technically open source” than “open source in spirit”. A lot of Darwin code can’t even be compiled outside of Apple because the open source code includes closed source headers.
It wasn’t always like this… in the early days of OS X, you could download an ISO of open source Darwin, install it on your PPC Mac, and it was actually a useable Unix-like OS (missing Apple’s GUI, but it offered X11 as an alternative). Then Apple lost interest-and got scared their (relative) openness was making life easier for jailbreakers and Hackintoshes-and nowadays you aren’t getting a usable open source Darwin without a huge amount of work to reconstruct and substitute the missing bits (which I know some people are working on, but no idea how much success they’ve had)
> it has a very non-open development model - development happens behind closed doors, no process to accept outside contributions, chuck a source code dump over the fence some time after each binary release.
Mostly agree re: your entire post, but, re: OSS above, does not matter, you don't owe an open development model to anyone.
I think there can be a difference between the literal and official meaning of a term, and what it most commonly means in practice - and that’s a descriptive claim about how words get used, not a prescriptive claim that anyone has some moral or legal obligation to do anything in particular
> The infrastructure it powers is mostly cloud hosted SaaS which is far and away the most closed model of software. Cloud SaaS is far more closed than closed source software on a personal device. Often it’s not even possible to export your own data.
That's fair, but I think it misses the distinction between who owns the infra and what the infra is built on. Yes, SaaS is often closed to end users, but the reason those companies could even exist at scale is because the underlying layers (OS, databases, frameworks, orchestration, etc.) are open.
You're right that control shifted from users to cloud vendors, but that's a business model problem, not a failure of open software. If anything, FOSS won so decisively on the supply side that it enabled an entire generation of companies to build closed services faster and cheaper than ever before.
"FOSS won so decisively on the supply side" because it's basically giving away something that would ordinarily cost money. Anyone can "win" by giving away something of value away for free; it's not a victory that's worth anything.
What those adopters are not doing is opening their own source code as FOSS or contributing back to FOSS. That means that there isn't a path to future success.
You are so close. Or maybe you’re there and I misread that.
FOSS killed the profit margin in just making software. That shifted profits to hosting it, and in so doing shifted the industry to a more closed model than it had before.
In other words the net effect over time on the system from FOSS was to close things more. It had the opposite of the intended effect. We incentivized closed.
The result had been horribly dystopian. Before we had PCs that ran closed source but still local software and had our own data. Now we have cloud they runs opaque software we can’t even run ourselves and our data is not ours and is subject to mass surveillance. (By “our” I mean most people. Tech savvy people can opt out with some effort.)
This is super common. It’s hard to predict the actual incentive structure that something will create, and it is incentives not intentions that determine outcomes. Large scale socioeconomic systems are mindless gradient descent machines that chase profits of various kinds the way a plant grows toward sunlight.
>he infrastructure it powers is mostly cloud hosted SaaS which is far and away the most closed model of software.
Free software was conceptualized at the dawn of the personal computing era. As it is defined, it could never prevent isolating users from the software by isolating them from the hardware, because it was assumed that the software would run on the hardware that the user interacted with directly. You could build an SaaS product on entirely copyleft software without breaching any licenses. It's only specific kinds of free software that require giving users the source code. And even then, they don't require the service provider to implement any changes. If Google Docs was free software, Google isn't going to integrate your patch if it doesn't want to.
>Very few people use much open source software directly. With a few notable exceptions it’s only used by developers and IT pros.
>I suppose the Darwin kernel in Apple OSes and Linux in Android kind of count but people really don’t interact with those directly in a tangible way. They are way deep down under the hood from a user POV.
I mean, what does it even mean to "interact directly" with something, at that point? If I'm using Firefox on Android to watch a YouTube video, is that direct enough or not? Firefox, like the kernel, is just a facilitator for a task I'm interested in. Hell, arguably, so is YouTube. Then it follows that almost no one actually "interacts directly" with software; people interact directly with their task, and software is ultimate just a tool that's more or less practical to accomplish it.
You're focusing on the benefits of open source in booming the technological sector, but his emphasis is that openness ends at the developer's, not consumer's stage and this is particularly bad when more and more of your life is technology dependant and de facto you cannot control nor modify it.
But it doesn’t set the norms. Enshittification is setting the norms. The positive effects of free software being tangible for the users is very much the exception.
> that doesn't erase the fact that open software has completely reshaped the modern stack
What stack?
You give a bunch of web stack examples, great. The vast majority of people will never run a server nor benefit from the licenses of the code running on the server. They overwhelming give their money to the companies benefiting from those licenses and get typical crummy consumer EULAs in return.
Meanwhile phones tablets iot tvs appliances cars tractors pacemakers videogame consoles security cameras coffee makers printers juicers friggin Christmas lights routers, all that stuff, is overwhelmingly closed source.
Speaking as one of the less-technically inclined HN users all I know is Linux has never been easier to install for even the slightly motivated and while there are lots of gaps, you really can run a lot of key tasks on FOSS without much fuss.
If someone wants to “break free” of Mac/Windows and regain some semblance of privacy and control, it’s never been easier. Not easy, to be clear. But compared to when I was in college (late 2000’s) it’s sooooo much easier.
On installing Linux, I think it always has been relatively easy to do on previous generation hardware.
20 years ago if you didn't care about decent laptops, you'd easily find a mid-level desktop tower and it would mostly work. You'd be in pain if you wanted the best GPU or best hardware, but mid-tier stuff would work fine.
Nowadays you can get Linux very easily on ThinkPads or a mid-tier business laptop for instance. Or Framework. But it will be PITA on a Surface Pro, or the best Asus laptop.
I'm with you in that the market has matured so much mid-tier is now viable enough for most office or everyday life, trying to get top hardware isn't really needed. But there's still definitely a gap if your use case spills out in a more demanding area (games, VR, CAD etc.)
Yeah to be clear I’d never say it’s “easy” and ready for mass adoption. But I also had 0 issues getting bazzite going on my PC I built with an AMD 9800x3d/9070 working out the gate. I played expedition 33 the day I finished building! Kind of remarkable given the GPU was only a month or two old. What’s striking was that I never had to open a terminal window or install a single driver. Some of the distros are near-turnkey at this point.
I work in solar, so we have quite a lot of hardware which doesn't run on free software. We couldn't patch part of our inverter pipeline because the hardware was proprietary and had no open alternatives. We had to pay quite a lot of money to find one of the original engineers and have them flown in to help us unlock it, so that we could replace the firmware with some we had a security clearance holding contractor write for us.
To be fair this is a story about not doing your due diligence and buying the wrong hardware, but I think it can give you some insight into what the article talks about. Because yes, you can install Linux, but can you install something on your blender when "BRAND" decides you need to pay a subscription to run the self-cleaning program?
Oh I definitely don’t have a choice at work unfortunately so I’m all too aware of this. I’m mostly just talking about personal computing. But point taking!
This topic provokes a question, what exactly is "winning" anyway? As others point out, how could there be absolute winning, or complete dominance of the whole gamut of software used for every purpose. Of course, no one ever proposed such a definition of open-source success.
Since the 1990s I've been thoroughly committed to using and developing open-source programs. I strongly prefer using open-source products even when they've been less robust than proprietary options. In recent years, that's changed in favor of open-source, a number of open-source programs have become best-in-class. To name a few Blender, postgresql, Firefox, most developer tools. Still, proprietary products dominate areas like OSs, enterprise programs, etc., and will probably continue to do so.
But even if not as widely used, the fact that quality alternatives exist to a significant share of proprietary offerings speaks to open-source success. It's noteworthy that giants like Microsoft have open-sourced some of their products, a practice unheard of a couple of decades ago that shows influence of the open-source movement.
A winner-take-all philosophy is bound to be as deleterious to open-source advocacy as in any other endeavor. Realistically, producing excellent, bug-free, well-documented open-source software is what it takes to find an appreciative user-base. Perhaps not the majority of users of that category of software, but is that necessary to call a project successful? To say it is seems a prelude to enduring a constant sense of failure and missing out on authentic victories.
The goal of the Free Software movement is to build a usable computing environment for which all software (i.e., "code") is free. If you include things like cell phones, tablets, web services, firmware, or basically anything other than core os components in the computing environment, that goal is very far off.
Sure, the FSF is as idealistic as it has been influential. Can't fault FSF for unrelenting commitment to stated purposes. While the totally free OS was a goal that never quite materialized, a large proportion of modern open-source systems is composed of free (in the FSF sense) software. What FSF advocates has indeed mattered.
I think the question is this: is having totally free cell phones, etc., the essential criterion of success? Or is something less than embodying FSF-style ideology acceptable? To be sure, there's no definitive answer to such a question. But ideological purity is a luxury in the real world that even FSF acknowledges, compromises sometimes have to be made, pragmatic considerations have to be taken into account.
Nothing wrong with keeping lofty goals, but as practical necessity frequently dictates, graciously accepting less than total victory more often than not best serves our interests.
> a large proportion of modern open-source systems is composed of free (in the FSF sense) software.
The critical parts aren't though, and that's where it matters the most, IMHO intentionally so.
An HP printer being 99% based on free components won't be a tangible improvement if the last 1% vehemently prevents it's free use. Open source being the core of the OS doesn't help if nothing can replace iOS on an iPhone.
We're in a world where free software has massively grown, while the day to day impacts are IMHO comparatively small. It feels like we're more free than ever, inside our new confinement cells.
The victory situation for free software is that it becomes socially unacceptable, and rare, for individuals and for organizations to claim IP rights over software, to restrict its dissemination, to hide its source code, etc. When it is clear that software is shared commons, and nothing else.
Why would that ever happen? Software is too important for people to not sell outside of communism and free software people aren’t as good as making consumer products as capitalists
I would kill for decent NURBS oriented 3D CAD software. I feel like the 3D printing community would absolutely thrive if they stopped dealing with polygons for things meant to exist in the real world.
Rhino is really the only fully featured tool in town, at least available to the general public at a somewhat "affordable" price (~$700 from the right reseller). I end up paying to upgrade every few years when compatibility with my existing OS finally breaks. Apple announced the removal of Rosetta in 2027 (dear god why?! I use so many apps that'll likely never be made native) so I'm gonna have to pay again then.
At least, so far, it's software I'm allowed to *own* rather than rent. I can run my old versions in perpetuity, particularly on an emulator. As someone who has 3D models going back to around the year 2000 in his collection, the idea of using any of these hosted solutions just sends absolute shivers down my spine.
OpenSCAD is really the best we have in open source non-polygonal modeling tools, and it honestly wouldn't be too bad if someone could slap a decent WYSIWYG GUI on it.
This and a good RAW image processor are the two reasons I ever boot up the Windows VM these days. None of the options available on Linux come close to the software I use on Windows for those tasks.
You can get Fusion360 to work on Linux through some scripts someone created, but I don't like how Fusion works at all after using SolidWorks (and Pro/E) professionally.
FreeCAD is actually pretty good since the 1.0 release. Far better than OpenSCAD for anything but highly regular and parametric objects (basically fasteners and art).
The fundamental conflict here is that software developers want/need to get paid. We have mortgages/rent/medical bills/groceries and none of those are free.
The root problem, in my opinion, is combining "free as in beer" with "free as in speech". The latter cannot be achieved if you insist on the former. I.e., if your solution to privacy is only use free-as-in-beer software then you will fail because developers want/need to get paid.
What we need is a business model in which people are willing to pay for privacy-respecting software. That's the only sustainable path. And it's frustrating to me that the people who are most vocal about software freedom are actively working against that with this kind of article.
[p.s.: I realize I'm ranting and not offering enough detail to change minds, much less offer a solution. Sorry about that.]
I think people are willing to pay for privacy protecting software. The problem is I don’t think people trust companies who claim that because there are too many instances of that “privacy” coming with a subtle asterisk. Businesses can’t seem to resist eroding trust in the interest of $ (growth! Shareholder value!) or caving to authorities. Plus, it’s rare that companies are transparent enough to earn the trust they claim we should give them.
I do agree with the sentiment: people need to get paid to write software, and people want freedoms to be respected by that software. It seems to be challenging to rectify the two in most cases (yes, there are cases where it works - those are the exception not the norm).
100% agree. Regulation is part of the answer. For instance, we trust that a gas pump is accurate because we know the government inspects it.
But I think we need more companies where trust/privacy is a brand promise. Apple, I think, is trying because they can. As long as they make money selling hardware, they don't have to rely on ad revenue.
In my opinion, the reason there aren't more companies that brand themselves as privacy-protecting is because people aren't willing to pay that much for it--at least not as much as the companies can make by selling data.
Part of my reaction to the article, however, is that the people who most value privacy are the least willing to pay for software--their solution is always about free-as-in-beer software. That obviously shrinks the market for privacy-respecting software.
John Deere bricking someone’s tractor because they put in an unrecognized spare part has nothing to do with supporting some poor hard working software developer who would otherwise starve.
It’s using software for evil. (And if I had to bet I would bet a software engineer was nowhere near that decision. They just implemented it!)
What replaces YouTube is a symmetrical internet where people can upload lots, and probably something like popcorn time. Then some discoverability. The only issue is lack of moderation because of "bad videos". Can't have nice things :(
With branding like "free software", it could have have lost the battle for hearts and minds for that reason alone, if not for all the other reasons.
Of course the public thinks "free software" is software for which you do not pay money.
And everyone immediately goes on their way with their downloads, without you getting the chance to give your hour-long spiel on "I'm glad you asked what I mean by 'free software'."
Because no one would ever ask what "free software" means, because they already know what it means.
It is the advocates who are terrible at advocacy who keep trying to give a term new meaning, and failing for a few decades to get the public to understand or pay attention.
You could even say that's the philosophical/awareness barrier, right there: people thinking in terms of free software, rather than in terms of Free Software(tm)(R).
(If you liked this comment, please subscribe to my newsletter about renewable clean energy, called Burn Fossil Fuels. My team has been working to get the message out, with a clever bit of wordplay there, in which we actually mean more the opposite of what we're saying. This is all explained in our hundred-page manifesto whitepaper, and we are also available for speaking engagements, at select events where we can preach to the choir.)
Thats why I like enshittification as a phrase as it attacks the bad side of things.
If you want to propagandise against the cloud the thing most average (and indeed smart and dumb also) people hate about the cloud is: the software keeps morphing. the buttons keep moving. the menu disappeared.
Lets call it shapeshifting software. Different from this morning-ware!
This touches on something I've noticed the past few years - it seems to me many advocates of most topics often do more harm than good for their cause - taking hardline positions normal people simply can't relate to, even if they do agree in theory.
Anyway, on the topic of "free" software - how might you recommend we try to frame this to be more clear to the public? I think people tried to make "libre software" a thing, but doesn't that have the exact same issue - that is, that people will misunderstand what it is?
> What picture does this paint? Things programmers care about directly, like the OS and the kernel, are quite well covered. Whatever we need, there's an open version.
I think this is the wrong conclusion. It’s rather the opposite: when there’s money to be made (applications, device drivers), businesses have came in and managed to dominate it with proprietary versions (music, video, etc).
When they don’t, it’s because of strategic business interests: you’re probably going to want to make your programming language open source in order to gain developer interests, but the applications you make on top of that closed source.
It sounds to me like the biggest problem are the users.
There’s no shortage of meaningfully free and open software to use that will do what you need, but as soon as you have to sacrifice any sort of convenience, non techies stops listening.
I really don’t know how you’re going to change that. I don’t think anybody can at this point now that Google and Microsoft are having extremely successful trial runs with fully managed systems.
> There’s no shortage of meaningfully free and open software to use that will do what you need, but as soon as you have to sacrifice any sort of convenience, non techies stops listening.
It's often beyond just sacrificing "any sort of convenience" - but rather "it's effectively impossible for someone who's not at least a compentent IT hobbyist to install this software".
> I really don’t know how you’re going to change that.
You need to change the culture in free/open software. The current goal seems to be something like "as long as it works, and I can install it --no matter how convoluted or unreliable that process is-- then that's good enough". Mainstream users don't want to use the shell, or have to search internet forums for solutions, or use Docker, or whatever.
If you genuinely want FOSS to win, the goal should be to be better than the commercial alternatives: easier to install, more reliable, better more intuitive UIs, smaller, faster, more features, whatever.
It isn't like it shouldn't be easier on Linux either as it already is much of the time. I can open up my command line and type "yay ProgramName" and hit enter a couple times to install most things. Its even easier on a distro that uses a store for distributing applications. But as soon as you get away from that curated selection the process becomes so much more difficult very quickly. Users will give up if it is more complicated than downloading an executable and clicking on it.
It should be easy to make FOSS Web apps especially ones that favour front end (and hence web standards) for most of what they do. Someone does need to be the server though so you end up with a bit of cloud.
I think another problem is marketing. The SaaS can afford to advertise. The free libre app has to be discovered.
You can lead a horse to water but you can’t make it drink
Yeah we can Properly Educate non techies all day, but when they sit down to watch Netflix and have to deal with low quality video because their FOSS tech stack doesn’t pass the DRM sniff test with flying colors, I’ve yet to get a single person to care after that.
> and have to deal with low quality video because their FOSS tech stack doesn’t pass the DRM sniff test with flying colors
They shouldn't have to if the software is properly made. I am not talking about teaching normies to install Docker apps, but teaching them why FOSS is important and the implications of using corporate-owned tools.
My point is that DRM isn’t something that FOSS has any control over, and is becoming an increasingly common strategy to discourage using third party software because it forces compromises.
So when the DRM doesn’t work and you get a degraded experience, pitching anybody who isn’t really interested in the ecosystem of technology is pretty much impossible. One tech stack works well, one doesn’t. That’s all one cares about
I'm not sure users such as myself using non free stuff, Apple in my case, are a problem. We do our thing, people wanting to use Linux do theirs, no real problem.
So much software is “open source”,
but it’s either de jure or de facto controlled by a single company.
Sure you could fork it, but for complex projects you’re not gonna. 99.99% of users of open source software will never meaningfully contribute. So the only option most people have is to hope someone else forks the project if something goes wrong, and for complex projects maintaining a fork requires serious resources.
We really need to distinguish between generic “open source” and actual community built and controlled projects.
The term open source itself was popularized by the open source initiative. A group funded by Tim O’Reilly and big tech to co-opt the free software movement and make it more business friendly.
They’ve spent so much time and money promoting the term, that there’s an enormous amount of good will around it. To the point that any project that doesn’t use an OSI approved license is widely considered dirty.
You could have a project controlled by the community with a nearly completely free license with the caveat that companies making more than $100 million in annual revenue can’t resell it, and the majority of devs would trust it less than an “open source” project completely controlled by a trillion dollar company.
Complex puzzle, I feel a key part is that the financing / financial sustainability of free software has not been solved. The author touches on it a bit by saying "when you sell hardware..." which kinda means no hardware == no revenue since you can't sell the software. I don't discount that Redhat is a thing, but it is the exception not the norm.
I do see it on exactly same way. A lot of people are conflating opensource with free. That model is not really sustainable if you want to do it for living.
Free software has won on servers. It is making inroads into desktop/gaming PCs (above 5% market share now), and the exodus from Windows 10 could well push it over 10% soon.
But the computing landscape has shifted towards mobile devices and this is where our freedoms are now the most at risk. It is time that we turn our back on Apple and Google and exclusively buy devices that can run operating systems that are community-controlled such as Linux phones, and devices that can be flashed to Lineage and Graphene.
I am quite convinced a lot of open source is not open for ideology reasons but rather are a result of competition and the market itself.
When the competition publishes its software for no price, the next way to make it even better is by improving the license. And if thats not enough you can even pay users to use your software, just like brave does (or did) through ads.
Now theres software which has less competition. Usually this is software that requires large amounts of investments, often coupled with hardware. Smartphones are the perfect example for this.
Also, software which is tied to hardware that you have to buy has less pressure, because there's a price anyway for the hardware. So you wont suddenly have some competition offering the same thing for free.
Free software will win in the long run. But it depends on what you call "win". For me it means that, provided idealsim is still a thing, there will be dev/scientists that will want to open knowledge to others. They will write free software and each year, that free software, although years behind commercial offerings, will be better than the software of ten years ago. With the GPL, that software will stick and won't be appropriated. So in the long run, free software will produce value.
See KiCad, Inkscape, emacs, etc. Are those better than commercial offering ? Sure not. But compare that with 10 years ago: it's much better.
And in the long run (say, 50-100 years), it will come out positively.
And to do that, blog posts like this one are necessary.
> provided idealsim is still a thing, there will be dev/scientists that will want to open knowledge to others
They don't spawn in a vacuum and rarely arrive at a significant formed idea of Free Software from first principles, so providing education and awareness into that direction is important. In the last decade free software discourse (at least in my perception) has significantly quieted down, to a point where I'm not sure that newcomers to the topic satisfy a replacement rate.
If one wants to keep the spirit alive, now would definitely be a time to push!
I think being a programmer we must understand that there's never a one size fits all needs.
Each project has different needs having an option never hurts, as long as there is competition, there will exist a chance of open sourcing the source.
Because, closed source softwares die faster in their lifetimes, while open source remain remembered even after being unmaintained.
Had it not been for GitHub(a closed source software) we'd had never reached this stage of open source expansion and understanding, because hosting a git to open source a project was and still isn't cost effective solution. Meanwhile torrents are mildly successful with this, yet faced by the lawful resistance in many regions.
Basic goals, should be to always have a choice, if there isn't much then create one if you can. Rest is just fog in hindsight, I'd say.
Gaming is one such usecase that requires and works well, currently, with proprietary software.
As such, gaming is a sport and as long as a game is competitive, there's always a chance to bypass a n obstacle with a hack, just as there was misconceptions with OSes.
But unlike OSes, games don't have a commercial application yet, we still have a long time before the realisation of freeware gaming.
If winning means mass adoption, I think by definition free software won't win while remaining free.
If a tech becomes main stream, corporations (and people) begin commercializing it. The de facto strategy in our era for commercializing any tech is surveilling its users.
If a technology can't be harnessed, corporations will contain if not outright kill it.
We've seen this time and time again. So, the only way to win, in the sense of surviving and thriving, would be for that tech to fly under the radar. Remain in the hands of individuals who care and build it for themselves. In that sense, there are many free software that have already won.
My question is, why on earth are people obsessed with things like the year of the Linux desktop, and more people adopting their software.
Fragmentation is probably the only way free software will remain free.
It's quoting people who say that it has won because of extensive adoption. However, that adoption doesn't mean that most people are allowed even in principle to change most of the software in embedded devices they own, or even on most of the computing devices they own.
I've also found this really weird. Like, we have Linux kernels on most cloud instances, and most data center servers, and most academic and research computing systems, and probably lately on most embedded microprocessors that are big enough to run it. (And various ecosystems for computing infrastructure and software development are mainly using free software userspace and tools.) Meanwhile, almost all user-facing software that almost all people interact with almost all of the time is proprietary. Why would someone say it's "won"? Thinking really small?
Even Linux hasn't "won" in those areas. It has just replaced what we would call a common API layer or a communication standard. The virtualization products are still proprietary. Servers and their firmware are too. People needed a Unix-like OS that hasn't been riddled with patent issues and wasn't outrageously expensive. They needed it because they were also price-sensitive or outright cheap. They didn't want to change APIs or modularize their software. Linux was there. Startup culture happened which demanded cutting all the costs you can. Linux was free of charge. Linux wasn't the best OS for the job sometimes. But it was there and it was gratis. So it became the middleware for Unix-compatible software.
We have open standards and even open/free software for anything that companies aren't making money out of. FOSS by itself cannot make money. In places where software matters the most or, if the software hides the trade secrets the most or, if it is the main money maker, creating FOSS is economically infeasible.
For FOSS to win, we need to change the economic and legal system. Current capitalist system in many West-aligned countries is actively hostile against sharing in any kind, except the ones that profit the biggest players in their non-critical areas. In a market where the first one to market gets to buy all competitors, in a market the one that has the biggest secrecy wins and gets all the money from investors like Y-Combinator, there cannot be any truly FOSS software-only products. They need to do rug pulls to support the exponential growth. Startup culture is fundamentally anti-FOSS. It is pro-FOSS in only consuming. Even a startup releasing some middleware can be interpreted as mishandling investment.
We need to make sure our governments support FOSS infrastructure and FOSS user-facing software. They need to be equal employers and competitors to Big Tech or they need to directly support smaller competitors for decades. Otherwise, I am afraid, FOSS cannot win.
I may have glossed over this detail, but I didn't think the article was saying that "open source" had actually won either (perhaps that people who preferred the term "open source" have tended to accept much narrower wins as "victory" in practice?).
My takeaway was that the article was looking at common Open Source claims, and then locating the only " 100% true" example of that.
Like you cant make a 100% open hardware mobile phone. Theres lots of near enough cases. But that Qualcomm chip is proprietary for the phone bit. So they exaggerate by going back to an old, open source rotary phone.
It didn't succeed because he was always against making money from software. He also has pushed for governments to be forced to use FOSS.
I remember him doing some interviews in the 90s, and he would put his coat over the camera, if it wasn't using FOSS. This sort of zealot mindset will always be on the fringes of society and eventually abandoned for something more liberal (which is what we've seen in the last decade or so).
FOSS used to win by being able to run on anything. Now hardware chooses you. If you’re not running the sanctioned OS, even the browser might be crippled. I’m not sure if that’s progress, but it’s definitely not freedom.
The reality is that since the invention of ICs, electronic devices have become 'black-boxes' that the vast majority of people can't hope to understand the entire workings of. Free software licenses were never going to change that.
The pacemaker example is an interesting one. Medical devices are shrouded in secrecy, ostensibly for "good reasons", but in reality they're often insecure garbage. I'm not sure if an open source pacemaker would be safer than a proprietary one. It would be nice to be able to audit the source code, but I'm not sure whether contributions from random committers would have a net positive impact in this space?
People seem to think Free Software ought to have won purely as being free, as if that was somehow going to overcome the heinous acts f profit motivated groups to try and take away your end user freedom for their own gain. Its an idealogical battle not an economic one, though sadly we havent won its true
In many cases you shouldn't need a computer, and for many where a computer is helpful, a very simple one should be possible which can use less power and with small enough ROM and RAM, and not needing any Wi-Fi and stuff like that. You also should not rely on computers too much even in the circumstances where they are helpful.
I do think that different computers (and other stuff) can be made which do not use proprietary software (and which do not use excessive software; I think it is also important, for a different reason). Free open specifications can also be made, too. Many people don't, but it can be done (although in some cases it is difficult, for various reasons).
“When you create a machine to do the work of a man, you take something away from the man.” — Star Trek: Insurrection.
A month ago I watched animatronic dogs herd sheep around a paddock just minutes after some Border Collie did the same thing. What came to mind straight away was: that’s not a problem that needs solving. Yet here we are, injecting technology into every nook and cranny we can and ultimately all it’ll do is free us from our own freedom as people and enslave us to the rich, who will own all the tech and knowledge to support those animatronic dogs.
>You can't vibe code without using a service from a big company, and obeying their rules.
In abstract, probably true, but so vague to be useless.
I can probably vibe code with qwen on debian. But are you then going to pivot from your microsoft example to like, my ISP? And if I point out I can move to an ISP with less than 5 staff, you will probably just move the goalposts further right?
Might be better to let you establish your goalposts first hey.
I use it on Windows, I am just loosely aware that I could run it on debian if I wished. I use 7b and its roughly as useful as GPT 3.5. I dont have any tools linked to it yet.
I'm implementing an MCP client using Qwen3 4B and its tool call capabilities are impressive! I'm sure it will only improve and the 30B is probably already much better.
Eh, this I cannot abide with. There are dozens of hosted model providers, from the foundational providers (OpenAI, Anthropic, etc) to cloud re-hosting (Azure, GCP, AWS) to routing proxies (OpenRouter, Vercel, etc). There are huge open source models that are quite competitive (Qwen3-Coder). There are smaller open source models that can run on your laptop and easily help with function writing. There are walled garden, highly integrated tools (Claude Code, Codex) and there are plug-and-play bring your own API key or model tools (Charm Crush, etc). The ecosystem is vast, and every facet of it appears to be getting better.
It may surprise you to learn that some people actually like programming, so yes I will. If AI tools are 20x faster then I guess I'll have to use them to get paid, but I'll be damned if I start letting a computer do the fun part for me on personal projects.
That said I'm not too worried. Vibe coding is currently slower due to how bad it is at writing software. In several years companies pouring billions into improving LLMs still haven't been able to make them not suck. That suggests to me that it's a fundamental limitation of the tech at present, and won't get better until another research breakthrough happens.
These two statements can coexist. Yes, AI is amazing. And yes, it is not good enough yet to significantly speed up my work beyond research and writing tests.
The last 60 years of software gave us amazing projects, and if you go through their code, you'll see the same principles that is outlined in every good software engineering book: Good organization, hackish when needs be to resolve some accidental complexity, good comments,...
Most of those things rely on having the right mindset/philosophy first, then having a good grasp about the domain and the technologies (programming languages, platforms, libraries,...). After that you need to start thinking about the tools you used to help you (editors, test runners, static analyzers, debuggers,...). Most LLM users put the latter above all others. Like using the agent precludes knowing about the domain, the technology, and the tooling. And what philosophy? Craftmanship? Sir, here it's all about YOLO.
This is one of my biggest problems with AI coding assistance. And how they will shape the development of less human friendly APIs and libraries over time.
Age verification laws in the US are chipping away at Internet anonymity. You might not be able to get another account because your legal identity might be required (and can be banned).
All major platforms have mechanisms to identify ban evasion. It's not so easy to create another account when, for example, they ask for a phone number.
In the U.S. at least, it is trivial to buy a new SIM anonymously. But really, you should refuse to use any platform that requires a phone number in the first place. These companies make it implicitly very clear that they want to control you and extract every bit of information that they can from you.
Haiku will win in the end, at least win what many in the free software world are trying to win. Or at least what I think this blog is trying to get at, but it is a weird post I am not completely sure what it is trying to get at. But I do appreciate its methods even if I am somewhat confused by them.
The year of the linux desktop is not going to happen, far too much baggage. The year of the Haiku deaktop will happen; they are doing everything right and staying under the radar until they are ready.
Like all permissively licensed software, it certainly will win what many in the free software world are trying to win: a bunch of nerds will do a ton of free work for corporations in exchange for absolutely nothing. Not even the drivers they need to run their own software on their own hardware. See: BSD, Minix, etc.
Permissively licensed software is everywhere. It's winning. What exactly it's winning, I'm not sure. Permissively licensed software is in my hypervisor. It's in my ankle monitor. Permissively licensed software will power the terminator drone that kills me in WW3. But it isn't in my laptop because the drivers don't work.
I've been using desktop linux for 15 years, at least. I play Steam Games on my Linux Desktop. I work on one. It's not prefect, but neither are the other OSes.
I have been using desktop linux for more than a decade longer than you and have config files older than 15 years. No idea what our individual experiences have to do with this but I win, I guess?
I guess what I am saying is that its been the year of the linux desktop for 15 years for me. What is the status of Haiku running on real hardware? Can it use linux device drivers yet?
I think Haiku is a neat project and I wish it well, its just hard to imagine what path it has to desktop dominance.
What do you want to bet and which assertion are we betting on?
Haiku has stayed out of the open source drama and focused on its goals; slowly and steadily working towards them even when the goalposts move. The big thing is their determination and staying focused on the user experience in a way Linux has not and can not without a single distro wining which is not going to happen. When it comes to the desktop, Haiku is offering everything Linux doesn't.
Huh? I like haiku and all but have never seen it running anywhere. At least Linux has a few percent market share. While not huge it is in the millions of folks successfully using it across the world every day.
Microsoft, Google, Amazon. They will all open source wash themselves and have a cadre of former red hat and other equivalent employees speaking about how they are the center of open source.
Meanwhile there's an entire parallel universe where people view things using different terms than these tired 1990s battles.
The next generation of software cannot be controlled by a small number of hyperscalers.. that is the new center of freedom focus. Times change
The title undersells it, it retreated. We open sourced the visible parts and then built a surveillance and firmware monoculture underneath. Every “smart” thing is a dumb terminal for code we can’t audit. The GPL didn’t fail, we just stopped applying it where it mattered most.
Note that non-free firmware in a network card, for example, doesn't affect anything, if the traffic is encrypted (and ideally routed through VPN so that the card has no direct Internet connection). So in some cases we can isolate non-free components so that they cannot do any harm. Modem in a phone, probably can be isolated also.
As a quasi-tech person I can’t imagine what more can be (or what isn’t being) achieved within reason by FOSS. And when it comes to Life’s Big Problems™ showing me someone playing Snake on an ULTRAK 435 Digital Pitch Counter doesn’t instill me with confidence that free software is as big a solution as its proponents would like to think.
The main benefit that I see it of having the source code to the software running on the devices you own is that you can always fix or modify it if and when you want to. Lots of things can happen such as the law changing, the company going out of business, the company stopping support for your device, or you just wanting to make some changes to how it works to better suit your lifestyle.
This doesn't mean that everyone will dive right in and make the code changes by themselves, but it does allow for paying someone knowledgeable to come in and make the changes for you. The same kind of way that you can (or used to be able to) get someone knowledgeable in cars to come in to fix or change things for you.
Think of it as having access to the device's schematics so that you (or someone knowledgable) can make repairs to the device when you need to.
This brings me to another point, that in addition to having the source code for the device available, there way to build and deploy the code to the device also has to be made available, otherwise it's only a shadow of a solution.
"Within reason" is doing a lot of lifting in that sentence, isn't it? What I define as reasonable FOSS solutions, many executives would not agree with, but that doesn't mean they're not practical or acheivable.
Your Snake example also doesn't seem very fair - there are many large, concentrated FOSS movements and organizations that are doing good. More and more - albeit very slowly and sporadically - there are governments and organizations choosing to invest in self-hosted FOSS solutions. And you focus on hackers expressing curiosity doing silly but interesting things on various types of systems. Come on.
Isn't the author confusing closed platforms for closed software? There are open platforms out there (Mastodon, Bluesky), but they lack traction. For any closed platform, the owner of the platform gets to decide what the stack looks like.
I think the free software model underestimates how much people dislike being compelled to operate on other peoples terms when it comes to exercising discrete with their intellectual property. Even if they get "free" software.
The suggestion free software is free is intellectually dishonest, I don't think free software is really free, the nature of it is very controlling towards those who decide to depend it. I publish most of the code I do for small side projects publicly, but I would never use free software if I arbitrary forgo to my ability to make the decision for myself. It deprives contributions of dignity, any suggestion a contribution comes from a willingness to share is undermined by the fact they are compelled to do so.
There's a reason why their interpretation of free is prefaced by a bunch of precondition, because it's a force framing that is odds with what people actually understand to be free.
Someone with authoritarian viewpoint is of course going to chafe against principles of liberty, and that is how it should be. Same is true in software.
But it literally isn't that, as an author in depending on it you reduce your liberty. The software is free, those dependent on are not free.
You could argue well it's free to users, but there's a level of survivorship bias due to the fact this is confined to the software people will publish under this license.
Edit: Back to "free software losing" is unsurprising given the above. All the benefit to the user are ultimately irrelevant to the growth of software when doesn't come from users, it comes from people weighing up if they want to forgo this ability to exercise control over software they made. And the portion of users who actually care are negligible to the point it has zero incentive to the software provider. The one exception I would say is, the "Free" softwares model works well for public goods like shared infrastructure like database software and such, but for end user software it is insane licensing model.
> Someone with authoritarian viewpoint is of course going to chafe against principles of liberty, and that is how it should be
Do you even hear yourself. This is the rhetoric why no one takes this seriously. Your suggesting my desire not to be deprived of my own personal liberty and act on my own terms (without causing harm to anyone else) is somehow authoritarian? It's such a narcissistic / manipulative entitled framing, to suggest this embodies anything resembling liberty.
To me, having different ideals, that sounds as strange as saying 'why would anyone help an old lady cross the street without getting paid for it?'. Sometimes one may want to do something without needing to get money for it.
Nothing is truly free. All developer time is bought and paid for. Even leisure time. What pays for the software developer to be able to not starve and be able to spend leisure time on free software? Paid software. Obviously. Somewhere in the equation someone needs to be paid.
Usually if software is open source, it won't be paid for. So whatever is funding it... well if it's a software company funding open source software where does the money come from? Obviously paid software. And people won't pay for open source software because it's basically free.
Follow the money trail it ends at roughly three places: 1. donations, 2. tech support 3. ads 4. closed source software.
What's not mentioned here is that every single successful OSS project is funded by multi-million dollar corporations and the reason it's so prevalent today.
The rest usually become abandonware because maintainers don't have the time or energy to continue with it for years at a time, especially if they can't make money from it.
I mean the reactions to posts on HN when a developer dares to make their OSS/MIT project sustainable by adding paid extensions is part of the problem. Almost to the point where I believe most developers are acting in the interest of the large corperations by bullying OSS developers into keeping their work free as in gratis.
The same people lose their minds if a project is GPL or copyleft.
I guess there will always be people who think in black and white. I'm pretty sure that if Stallman had been born in the 19th century, he would have been the first to write "The Communist Manifesto" before the other two guys had a chance.
I highly doubt that, considering Stallman's stance on freedom and personal sovereignty. Free software often operates like market anarchy (pure meritocracy), similar to the Internet. Coercive structures of centralized power that dictate what the 'common good' is do not align with the principles of the GPL.
Also the GPL is focused on enforcing property rights ("this is yours unconditionally"), while communism emphasizes transferring property to the government ("this is ours but you might have some if you behave").
But I would say Free software also has not lost. It also has the advantage that it will get better with time and a lot of commercial software gets worse throug enshittification. We also saw this with blender, I think free software will win eventually
Blender is an interesting case. It's seeing wider adoption in studios generally - an Oscar win has helped and the recent Blender Conference had talks from Framestores vizdev[1] and Paramounts in-house teams[2]. Blender 5.0 is around the corner, which is adding more and more industry standard features[3][4], though recently there was a discussion about pulling away from the VFX Reference Platform[5][6], which they have walked back from[7]. It's not there yet, but it's gaining mindshare rapidly. Enshittification in DCCs is interesting. Arguably the two dominant companies, Autodesk (Maya, 3ds Max) and Maxon (Cinema 4D) are on that path, whereas SideFX (Houdini) is kicking ass!
That's unfortunate, mainly because they will find out that they can clone closed devices as well, in fact it's their default mode (not much of HW is open).
They even clone stuff that you send them to manufacture but forgot to include the sources (or have them outdated) as part of providing a good service :)
Fundamentally, the issue is that only a small number of people know what free/"libre" software is, and only a small subset of those people think it is a good tradeoff.
For that reason alone, there's just not going to be a lot of people working on building something the vast majority of people very clearly do not want.
As someone who recently made a post on how to change it just recently and has been thinking about why[1] Here are some of my thoughts.
Your article is great and that is a reality I also want to live in where everyone completely "owns" their device and lives free from proprietory stuff and you are approaching things from a hardware perspective because you maybe more familiar with that and I am more familiar with software (as compared to hardware) but here's the shocking part that I want to share
People don't even use open source software. Something which just works as compared to hardware. There are sooo many low hanging fruits for privacy in this world that we haven't picked.
Even if I have a completely open source laptop, if the only way to message my school's teacher some message that he will look or send me is whatsapp, all of that falls apart.
We need to advocate on both sides & I 100% agree that we should want the same thing for hardware as well (proprietory blobs Intel ME are scary with proprietory blobs) but we need to definitely prioritize in the process as well.
What are some low hanging fruits of privacy/open source we can share that people aren't using because they are unaware.
Also, as someone deeply interested in advocating for open source and to those comments on that ask HN I made, I am deeply saddened to see the state.
Since I feel from those comments on my post that there is no hope. Everyone expects a better UI/UX but nobody said anything about donating to the contributors.
We expect so much from open source and we give so little back as a society.
And its just funny that on my post which is about how to give back to open source contributors so that they might work full time on it so that they can make a better UI/UX, people expect the better UI/UX first. I can understand them but...
It becomes a chicken and egg problem. Open source is itself a chicken and egg problem. Why do we want unpaid labour abused by big tech which is then used for surveillance/ad-tech and then if we can't create a better UI/UX then stop trying to expect any payment. Why do we want perfection before giving open source guys some donations. They are competing with a company which might have full time guys working on a project funded by a VC fund only to enshitten stuff later.
Please, I genuinely want to change it. Give me any ideas on how we, the people interested in open source, can change/fix this chicken and egg problem.
(also I should've probably changed it to say how can we change that but the HN limits the text of a title and I had to modify some of it, and now after writing it, I am genuinely not sure if we even a "how can we change" or if my title was correct and its now "can we even change")
I am baffled that people in this thread write something along "well, depends what you call win" - the goal of Free Software is quite clear. The goal is freedom, computing freedom, freedom of the software user. It is very easy to notice that in 2025 users have less freedom even if they run some Libre Linux distro on their Thinkpads than they had running Win98, because of everything that happens OUTSIDE PC software ecosystem (phones, SaaS etc), and even inside PC world things sometimes are not obvious.
Free Software is losing, simple as that. Even with Kubernetes, as the goal was never to provide free labor and free software infra to companies.
Free Software isn'r just losing, it's being co-opted, hollowed out and sold back to us without the freedom it was meant to protect
Yes, basically rent extraction over various forms of cloud capital. The widening societal wealth gap means owners can simply charge workers for access to what they own, without having to produce very much. Perfect in the short term if you are rich. Cash thus flows from the working class to the ownership class in a feedback loop that intensifies the problem.
I shall quote:
“ The right of workers to manage the state, the military, various enterprises, and cultural and educational affairs is, in fact, the greatest and most fundamental right of workers under the socialist system. Without this right, other rights of workers—such as the right to work, the right to rest, and the right to education—cannot be guaranteed. … We must not understand the issue of the people's rights as meaning that the state is managed only by a small group of people, while the rest of the people merely enjoy rights such as labor, education, and social security under their management.”
Meaningless. You can replace socialist by capitalist and it would be equally meaningless.
The correct word is democracy. The people (or "workers") having a say or not has nothing to do with socialism or capitalism IMO.
I don't understand the downvotes - parent's right. All regimes today like to trumpet themselves as (exceedingly!!) democratic, the question is: are they? In my estimation, overall, communist countries have done significantly worse in this department. And yes, rule by the many people is the definition of democracy.
The vast majority of software now runs on personal devices and the average user has no knowledge nor interest in it, as long as they press the button and the action is done.
The only ones caring about FOSS are technical minded people already working in the field.
> The only ones caring about FOSS are technical minded people already working in the field.
People that fought for common hygiene standards, or labor rights, or human rights etc in the past were a minority too, because most people didn't care. But this minority was able to organize, push forward and gain support. And the fight was worth it, and improved lives of us all.
Good point. Wasn't going to say the fight is useless, just that those who know are the minority.
Ya think? I mean, I agree 100% that was the good fight. But to take a tangent here? That's falling apart, world wide.
It's falling apart because the average person wants to be "smart". I applaud this, the fact that people want to learn, want to know, want to understand.
Yet now, when they try to learn? To understand? They end up with youtube. Tiktok. Pages of AI slop. They're told what is "astonishing" or "proves that scientists don't have a clue!". They're told that gibberish is real, that those lab-coats are all evil, or trying to poison people, and so on. Or even better to their egos, that the lab-coats aren't so smart, and with this "one simple trick", you can be smarter than them!
This is coupled with outrage!!, when this rarely tends to be the case. Yes, there is corporate greed and it gets caught, recalls happen, mistakes happen, yet 99.99999% of the products and services just work. No one notices that aspect, only the "big news" of the tiny, rare, unusual failures of our system.
And then on top of that, politics enters the scene. Now, it's "us vs them" on matters like medicine?! Or health? Or school? What?! And no it's not just "one side", it's both sides, just in different ways.
People used to say things like "I don't know". Now people who can barely write, and read, have opinions on everything. They have no idea of the science behind things, but they'll just say "Oh! I saw this on youtube by a random person I've never heard of before! That's true, not what I learned in school!"
And the worst part is, we want people to think "being smart" is important. We want intellectual betterment. Yet now this is twisted and warped against the light of knowledge, for now everyone craves it, but are given the ashes of burned truths. All provided by false profits, so they can pocket some coin.
As far as I'm concerned, youtube and tiktok need to die. Social media needs to die. There are other solutions, but Google, Meta, the rest only care about cash, profit, and not one iota about fixing this.
So if they won't fix it? Then we must destroy it.
And can we? Nope! Because the public LOVES it. Loves loves loves it.
So back to FOSS. I've dedicated my entire life to FOSS. But the time of "making people care" about things is gone. They don't care. They never will with all this noise going on.
I'm not happy about it, but if you can't get people to even be interested about privacy violations by Google on their Android device? How will you get them to even remotely care about FOSS?
Parent is right. Only geeks care.
I agree with this sentiment 100%.
Probably the speculative FOSS project I'm most excited to think about is an open alternative to YouTube – a universal video hosting platform or network, free from commercial incentives baked into the platform.
I've only started to think about this recently so haven't explored whether it's viable to e.g. run all video hosting in a torrent-like, distributed way, or perhaps a Mastodon-like model, but the goal seems like one of the best things free software could aim to achieve right now. YouTube needs to die, and it needs an alternative that could conceivably kill it.
It seems you're talking about PeerTube.
Social media won't die, but it can be replaced with something that is better in every way, but especially better at actually enriching our lives, rather than better at gluing us to screens and feeding us ads. It rests on us to create these decentralized systems. I think local-first software and some ideas from crypto are some good first guideposts on the way there. AI can surely help too, if used judiciously.
"But the time of "making people care" about things is gone. They don't care. They never will with all this noise going on."
Tragically, that's very true. But society and societal issues being what they are nowadays we should not expect anything else.
Most of the world's addicted users would be bereft and suffer severe withdrawal without their regular dose of Social Media. Same would apply if those 'amazing' apps provided 'freely' by that wonderful magnanimous benefactor Google were to disappear or ever be under threat.
Any notion that their treasured online ecosystem could be disrupted or their 'free' apps might be replaced with FOSS equivalents would cause outrage. With their attention spans already severely reduced, uses would never stop to consider the true benefits of FOSS, instead they'd actively fight against it.
Like a parasitoid wasp taking control of a catapillar's mind/body to benefit its offspring, Big Tech has parasitized the minds of much of the world's population before anyone realized the fact.
That this outrage has actually happened without any effective opposition is a true tragedy, to expect FOSS to reverse the situation without some cataclysmic event intervening is just a fanciful pipedream.
> They're told that gibberish is real,
Literally. In pentecostal churches people (even children) are taught to babble out loud as if it's divine revelation. And another to 'interpret' the gibberish in the 'human' language for everyone else to understand.
Many of these people are college educated. Yet they learn to compartmentalize to the extreme.
I always wondered where this belief that progress is given comes from.
Nothing is given in this world. Every real fruit of progress (freedom, democracy, public health etc, not iPhone) was fought for and paid with effort, sweat and blood. People were often put in jail, tortured and murdered. I am not sure what exact price you have in mind when you state you've dedicated your life to FOSS, but I somehow doubt it is comparable. It is naive to think that once we achieved something, we don't need to keep fighting in purpose to keep it. This is equally true about democracy, eradication of diseases through vaccination, and free computing.
Of course only geeks care. My point was that it was always like that. Every big societal and political change was enacted by a relatively small, but coordinated and motivated minority. Majority always is passive, and even if it comes in, it comes in at the very end of the process. The problem is not a small number of geeks that care, but rather geeks' reluctance to organize and act politically. Hell, in this demographics political is always suspicious and unworthy. There won't be any success until this changes.
It is naive to think that once we achieved something, we don't need to keep fighting in purpose to keep it.
I agreed with this in my post, but I suppose not using those words. However, I discussed how people used to pay attention to experts, and they really, really did. Of course nothing is absolute, but there is a massive change, from what I see, between 50 years ago and now.
The average person didn't want to seem "stupid", by trying to claim that germs didn't exist (because they can't see them), or that the world was flat, or whatever may be said.
Yet now, as I said, we have all these sources of just plain stupid, spewing stupid as knowledge. Before, we could enact change and at least get the public behind it.
Now (and you seem to agree here!) it's harder to do so. And we're losing ground!
So I disagree that it's about us not organizing. Very successful ways to organize and educate now fail due to this slop. It's not us, it's the world, fading, dimming, dropping back into the gibberish of the masses.
> Only geeks care.
This is false, https://news.ycombinator.com/item?id=20207348
Perhaps so, but users have not done a damn thing to reverse the situation. It's Social Media and Google's apps as usual.
It's privacy bedamned when those factors get in the way. Even with the strongest will, electronic heroin, like its chemical counterpart, is almost impossible to shed.
Surely you can't be linking to a post on HackerNews, or a response, when trying to say "the average person" cares about privacy, are you?
The fact that the person is even posting on Hacker News invalidates "average person". So you must therefore be talking about the Times article?
The title of this gatewayed article is:
"You Care More About Your Privacy Than You Think"
It's literally saying that "you don't care", then trying to tell people why they should. This actually supports the premise that the average person doesn't care about privacy.
Yet beyond that, my "Only geeks care" clearly was about FOSS. Trying to invalidate my privacy statement, which everyone knows is an issue, doesn't invalidate my "Only geeks care -> FOSS" statement.
Do you really believe that if you stop 100 random people on the street, they'll even know what FOSS is? If they don't know, they do not care.
I wonder how many people know what FOSS is? What if I stopped 1000 random people in 5 rural towns, and 5 urban cities. Out of those 10k people, would even 100 know?
You might say "Oh, well if I explain it to them!". Nope.
Caring implies knowing about the issue, considering it, and worrying about it. This isn't even on the public's radar. They don't know what FOSS is. They don't even know what software is, nor do they know what files are.
Even if you sit them down, get them to listen to all sides of the issue for hours, some still won't care. At all.
And of the ones that do, what does "care" mean?
After all, upthread is discussing how the mildest inconvenience means nope, don't care. In the contexts of this thread, "caring" means "willing to use FOSS even if there are inconveniences".
FOSS software is everywhere. People could be using it. They aren't. Why? They don't care.
People have too many other problems in their life to spend efforts on every (important!) world problem. This is essentially a Maslow's pyramid. Unless it's also your hobby, you simply have no energy to spend on things which aren't immediately beneficial to you. This is not equivalent to not caring.
You seem to, as I do, care about open platforms and open software.
I think to difference here is, you need to believe people care. Meanwhile I know most don't.
The best I've ever gotten from people is economic self interest. "Free" without care for the ecosystem.
Beyond that? It's all posturing and signaling. I've had hundreds of clients, been involved at the community and government levels, worked to make OSS better for all.
And after 30 years it gets worse not better.
Even now, the biggest push is self interest, because "oh software not controlled by US corps?", from clients and government entities I work with.
Understand, I say this with immense sadness. And we must still strive. But for most of the world, simple is all they understand.
And OSS is a nuanced argument.
Even those, who should know better, choose to not think about the consequences and in masses opt for spyware and non-free software, out of convenience, or laziness. I mean, look at all the computing professionals (?), who use Google Chrome instead of Chromium or Ungoogled Chromium, or another browser entirely. Look at all the web developers, who only test on Chromium-derived browsers, maybe even only Google Chrome. Look at all the IT departments, who mandate use of Windows in companies. Instead of being part of the change, they are part of the dystopia.
I think we have a severe problem, due to influx of too many people, who don't actually care, even though they should be knowledgeable enough to see the consequences. Maybe the paycheck is the only thing that counts for them, but they are actively contributing to the process of us all losing our freedom. If we lose our freedom (more than we have already) in the digital realm, we will lose it outside of the digital realm as well. For example imagine there are no longer any auditable open source/free software messengers you can use and all you can do it trusting proprietary vendors, who can introduce any backdoor they like. What tool will you use to organize protests? What if messenger makers agree to introduce state determined blackouts? Or secretly report your activity to the state and police, so that they appear at your door, before your protest even started? How will you organize any critical number of people, without digital freedom to do so in this day and age?
Our freedom is at stake, but most people don't care, even if you tell them. We are too damn comfortable for our own sake.
Open source produces good infrastructure, but does not build good products. Asking people to use a worse alternative for some ideological reason that they don't feel strongly about is silly. Companies use Windows because it's easy to hire or train professionals capable of managing Windows deployments and there is a good system of getting support externally when needed. Control over source is very costly and companies and individuals rightly want to externalize the cost. Companies that make their product open source have trouble monetizing what they build. Offering paid support isn't always a viable business and other companies can simply repackage your product and sell it. There are a lot more things people prioritize above software freedom.
> opt for spyware and non-free software, out of convenience, or laziness
Surely you can think of more reasons than that.
When I choose to play Mario Kart with my kids, it's not because I'm too lazy to download and install Tux Racer.
This is not unique to software. There's no "free&open ball bearing" design out there, let alone for a machine capable of making them, even though the modern world couldn't work without them. The only people caring about ball bearing design are technical minded people already working in the field.
Same as for a thousand other fields essential to operating the modern world. Nobody has time to learn them all, so we specialize.
There are some attempts at things like this: https://www.opensourceecology.org/gvcs
They're usually very hard to get share because machine manufacturers can smash out cheaper things via processes like castings, mouldings and stampings, then eventually lock down spares (or just don't bother).
The open source option basically only be worse (but maybe more repairable) and/or more expensive than the alternatives, except when there is no alternative in the market. And China is providing so much mid-grade affordable and fairly functional stuff there often is an alternative even in the most isolated places. In 1980, getting a decent lathe in some town in, say, Angola might have been basically impossible. Now, it's still not cheap, but it's not completely impractical. If you can get bearings and induction-hardened shafts you'd need to DIY, you can get the whole thing, and maybe even cheaper.
It's a bit depressing, because of course I want to see the world flooded with high-quality, modular, very standardised, re-usable, repairable, hackable items, but that approach has a limited market in reality.
The GVCS is a totally different beast than open source software. It's been around for at least two decades now, and has been making very little progress in the last ~15 years. It's trying to reproduce the most visible products of mechanical engineering without having a firm grasp of what is needed to get the supply chain working.
Notably lacking from their toolkit is anything large (no refineries, no blast furnaces, no glassworks for making window panes, etc) or anything needing high precision or high purity (medicine, ball bearings, optics, high quality metals, etc). It still assumes the rest of society will be around to source those materials from.
The GVCS is like if FOSS only ever produced leftpad libraries and never a linux or a postgres.
The problem is the GVCS is already bumping against the OSHW curse even for the smallest items: replicating one unit costs real money in materials and processing and if you fuck up, a new version costs real money too. But in the last 15 years, the niche is shrinking - you can get a decent new doohickey from China whereas previously you would have to hope for an ex-first-world or ex-Soviet cast-off.
A 500 million glassworks or foundry is just that times a million (literally). And technology has never stopped - no one would spend a hundreds of millions to build a new plant on a 20-year old design.
Oh I totally agree. One reason open source software is so "easy" is that it costs virtually nothing to share something you made, or to take something someone else shared and build it yourself. The potential pool of hobby contributors drops off drastically even for $10 gadgets, let alone for anything 10k and up.
Even their own manufacturers don’t know what’s in a bearing assembly they manufactured ten years ago, all they can do is sell you a new one with the same spec. Rolling element bearings are specified by application; shaft diameter, load direction, and so on. Manufacturers change important things about bearings, like how many rolling elements they have, without necessarily changing the part number. It’s worse than closed: after some time has passed, nobody anywhere knows how it was made.
Software is unique in a few ways. It has the ability to spy on us, to be insecure and against our best interests if an attacker gains control. It can also lock us in in ways that are harder with just physical objects. Infact printer ink lockin happens using software not e.g. the shape of the cartridge.
Inversely, the only end-users FOSS cares about are those that can compile and build from source themselves. More so if they can also submit good bug reports and patches.
The demographics of the majority of end-users shifted a long time ago but FOSS is stuck with a mindset that treats everyone like their own sovereign sysadmin.
It'll take a big shift in the Free Software movement to make it something that represents regular end-user enough for regular end-users to care about the Free Software movement.
> The only ones caring about FOSS are technical minded people already working in the field.
It was this way when I was loading Linux from floppies and compiling 3c509 drivers. Same as it ever was.
I think this post overstates the "loss" of free software. Yes, closed firmware and locked hardware are real gaps...but that doesn't erase the fact that open software has completely reshaped the modern stack. From Linux and K8s to Postgres and Python, it is the infra of the internet. "Winning" doesn't have to mean owning every transistor; it means setting the norms and powering most of what's built.
I tend to see this kind of absolutist, binary tone a lot from people deeply involved in FOSS... and sometimes I think maybe that mindset is necessary to push the movement forward, but it also feels detached from how much open software has already changed reality.
> "Winning" doesn't have to mean owning every transistor
It absolutely does.
Corporations are pushing remote attestation now. They can detect if we "tampered" with our devices now. They discriminate against us for it. Installed your own open source software? All services denied. Can't even log into your own bank account.
We're marginalized. Second class citizens. There is no choice, it's either corporate owned computers or nothing. What good is free software if we can't run it?
Its a lost battle not a lost war. You have to adapt for the circumstances of the time. Today that seems to be using a device that is closed but gapped only to get the essentials done(government services, banking etc.)
For everything else continue to use and improve the open offerings.
In the meantime, keep fighting and supporting organizations to get laws pushed to ensure open devices can access essential services. (Administrations change, whats dire now may be hope tomorrow).
I've come to realize that a lot of closed digital services are just fluff and not needed. So I try to accept that I dont need them. Its a journey.
This may sound silly but I think desktop linux "winning" is of the utmost importance right now. Free software is pretty much shut off from the appliance/mobile computing platforms but if a sizable portion of personal computers remain using free software it will be hard for the big corporations to fully close the web or make platform attestation truly required for everything.
Preserving such mindshare into the future might enable us to show people why they should care about free software and perhaps finally obviate how much malfeasance the perpetrators of closed platforms can do contrasted to the remaining open platforms on pcs (assuming people don't just completely abandon pcs...). This may also help push and convince law makers into legislating in favor of free software and open platforms.
Desktop is still useful, but it doesn’t matter. Everything important to non-techies outside of work life is happening on the smartphone, which has had hardware attestation since forever.
Those are vital points! Mobile is the battleground. No company now or ever working on classical hardware attestation will understand cryptographic engineering at a basic level..
Thus FOSS has plenty of time (decades to centuries) to learn from for-profit tech's mistakes
Mobile is the battleground but you are forgetting how damn easy it is on android (atleast right now before google's attestation) it is to install f-droid and then install open source.
People don't even do that. They don't even search for software on f-droid first and try the UI. Nope they go to play store and search software which is going to advocate for closed software because ads/review buying...
You really have to expect something from the general populus as well imo. Maybe they don't know about f-droid but people say to me its not about knowledge but rather caring, they don't care and I don't know wtf to say to that.
It's a very weird chicken and egg problem.
Within the mobile space there are other possible Schwerpunkte and appstoretech is the most obvious one to work on. It's also one where superior technology could win out over feelings--> why NLNet wants to fund:
https://nlnet.nl/mobifree/eligibility/
>‘decentralized app stores’, a technology that uses the F-Droid app store architecture, for organizations or other entities that wish to distribute their apps to a select user population (e.g. employees), plus an app distribution system that makes it simple and cost-effective for developers to distribute their applications to multiple app stores.
For mixed approaches, I like to think about why Google et al haven't beaten Apple at the appstore game (outside China)
You mention chicken and egg which suggests that there's a 2-sided-market type of problem to try to solve here even if one isn't well-versed in marketing
When I mean the chicken and egg problem I mean this https://news.ycombinator.com/item?id=45562286#45565446 and originally this https://news.ycombinator.com/item?id=45565346
Basically that people expect a lot from open source yet they want it right now but nobody mentions anything about donating to them or they will donate to it once the software gets a lot of features but the software will only get it if you donate to them in the first place imo otherwise the whole situation would feel entitled.
There is no reason to expect good UI/UX from open source when at scale, the society doesn't fund open source with donations at all. They are severely underfunded but I don't know what people want from them. Nobody cares about it. Oof.
This is a chicken and egg problem that open source can get really good if people donate to the creators but they will only donate (I doubt that actually as well now) once it gets good but ... it will only get good once they donate.
Open source is stuck in this chicken and egg problem. I was thinking about how the creators of deltarune/ undertale if they were open source, I just checked and undertale has made 114 million $ in sales and its price is 10$ which might be worth it...
10$ isn't that bad and people still pirate it, I think this model can be decent for games which is why people don't open source games. Imagine the amount of money that could've lost if lets say undertale was open source. I am pretty damn sure that nobody would've donated 114 million $ to them if it was open source.
Just some thoughts. I have mixed opinion now. Its a chicken and egg problem and actively hurts the devs financially in the process as well and people don't want anything to do with open source aside from us people who already know about it. Like wtf. We are taking a cut for a ideology and uh I am just a bit speechless. Its messed up & my question is: can we change it? I genuinely didn't want to be pessimistic but I don't think that there is much of a way, is there? I want to find some hope to cling upon but I genuinely can't find any hope. Everyone I talk to is so down right pessimist or nihilist or doesn't care about open source for a fix that I feel like I am in the wrong for looking for ways to change and now I genuinely doubt if change is even possible.
NLNet (backed by EU) is a society that also funds opensource dev by donations
https://nlnet.nl/donating/
They should get more wellknown
Judging by the lack of upvotes and nondisclosure of how much they get, my guess is that 99% of people have for some reason conflicted feelings about funding opensource even from taxes
I just want a organization that I can trust and share about to have maximum benefit to society for open source.
Now there are 2 ideas that I have: One, to raise more awareness about open source and how it has some gems. The best low hanging fruits of privacy for the world might be f-droid, signal (doesn't require any specific hardware as long as they have android) and grapheneos(depends if they have a pixel)
But that being said, I thought that if I share about open source and how it can be good but it requires your funding to fix the chicken and egg problem. People would feel convinced to donate.
I might say them to donate to nlnet. But I don't think many people would.
I don't think open source needs an evanglist or somebody telling somebody else to do something. I am deeply pessimistic about the state of open source in the sense that it's out of my control and my trust of human society is eroding day by day.
Literally nobody I talk to makes me feel like something can be done about this / gives hope and I doubt it so much now. I was so much optimistic about its future but I am genuinely pessimistic now and the only reason I try to be hopeful is that I don't want hopelessness. I don't want to sit down and watch but fucking hell, the world sure damn well wants me to.
The only hope I got was maybe through raylib creator's github post about history of raylib which inspired me and it seems like the best way for open source could be to become a teacher but I have conflicted opinions about it because I like building things that are niche solutions to niche problems I have. That's how I started loving open source more. Some solution which I can always use. which I have starred with me. Not sure if I should even be a teacher or something else or if how that fixing my own problems attitude goes towards teaching. I don't fucking know and I am tired of pretending that I know. idk wtf is wrong with the world that good things can happen but they won't. We are in a fucked up world in which mediocrity is benefited and like I have convinced myself that maybe this is the equilibra of altruism/evilness in the world maybe directly governed by biology/physics/the laws of the universe. But I can't but see how things got better in the past yet it seems that people have just accepted that things can't change now. How were people in the past doing so many massive changes like french revolution. I was asked by my teacher 3 years or more ago to write about it and I made things on the spot because I read one book (everything is fucked a book about hope) and uh I just somehow translated that people wanted hope and french revolution provided it. I always thought that if we can show the world something which can be better which just requires all of us to put in a little effort, then things would get better since we would all logically agree that this is the better thing, just like how I can show them hope and then we can have another thing like french revolution (I mean something's that good like democracy), but now I am wondering if that's how the things work. Maybe I was naive but I need to do more research on french revolution's hope idea, idk.
Agreed. It's all about leverage. Without huge numbers of users, we have no leverage. Corporations can afford to just drop us because of our software preferences. That would not be the case if there were more of us.
I still feel a bit sad about the changes that happened ~2012. Linux on the desktop really had a strong momentum going around Ubuntu and Gnome 2, where quite a few non-geeks started switching over as well. But then everything fragmented quite rapidly – Gnome Shell was quite unpopular on launch, Ubuntu went in their own direction with Unity, Mint went in a different direction with MATE and Cinnamon, Elementary forked off Pantheon, etc. Similarly, RedHat pushed for Wayland and Flatpack while Canonical pushed for Mir and Snap, and so on.
I'm not saying that Ubuntu/Gnome was everything Linux had to offer (I myself was on Arch and i3wm at the time), but that period was certainly when the largest percentage of people around me were enthusiastically adopting the Linux desktop.
For me, Ubuntu / Gnome 2 came so close to being something tech-savvy people could recommend to non-technical friends and relatives at a time when people who were happy enough with WinXP and Win7 were being corralled into dealing with the Win8 carcrash. And instead of closing that final gap it went scampering off into the far distance again, never to recover.
That's normal in Linux. It's always about to get really good then everything is made crappy again, then slowly improving to get good but then the cycle repeats. I've lived through several of such cycles, it has slowed down Linux adoption a lot.
Multiple devices is the answer. Otherwise you end up with people having their banking hacked because they installed a game mod.
This leads to a massive transfer of power from end users to corporations and governments. User-owned computers and the open web limit the ability of such institutions to place demands on users. Is that worth a slight reduction in the rate of bank fraud?
Depends if you ask someone who gets defrauded of their life savings and work and is financially ruined I suppose.
Most of the time, it's the bank that's on the hook for fraud, which is why they're motivated not to trust that the user's device is sufficiently secure.
There’s no world where the bank is on the hook for fraud while also not being allowed to prevent it.
Personally I’m ok with the bank being on the hook and their app checking there isn’t malware loaded on the OS. I have my raspberry pi and steam deck for full modding without intermingling it with extremely sensitive computing.
There is such a world, and we live in it. Banks might reduce fraud by repeatedly performing credit checks on customers, for example, but that's usually illegal.
Remote attestation doesn't check that there isn't malware; it checks that the OS is approved by one of a short list of corporations. Passing that check is correlated with a reduced risk of certain types of malware being present, but is not quite the same as checking for malware.
Is this not a solved problem? I used to have a TAN generator for my bank as a separate device I paid like 5 euros for. If you get provided an authenticator and get forced to use it for transfers essentially even if my device is compromised it doesn't matter unless their device also gets compromised. They are then free to lock it as much as they want.
If it’s just one of those 2FA code generators, that still won’t help if your phone has malware on it. The malware can just modify the transfer as you are making it and have typed in the code.
Users would also lose them far more than they lose their phones.
I have one of those 2FA code generators, and used to have a different one with a business account, too.
In both cases the authorisation challenge/response involves part of the destination account number, so if the details are tampered with by malware the code won't work.
I'm not okay with owning a cuck device where the bank manages my OS. So we have a problem.
We? or you :P
lolwut
define "malware".
Careful, recently someone made a similar argument around gun-laws in the US, and it didn't go well for him...
/s
I am not an expert, but I think this could be improved if the smartphone operating systems had better security models.
For example, an application needs "access to your disk storage", because it needs e.g. to save photos. Okay, let's give it access to its own directory. Or maybe to a subdirectory of "my pictures". But it doesn't need the access to the entire disk, right? Yet in Android, it is all or nothing.
Perhaps with better system, we wouldn't have to ban installing game mods, only to make sure that those game mods do not have unreasonable access rights. Or maybe the banking operation could state "I can only be installed when no other app has an access to my private data" or something like that.
Here's a take on this which might be unpopular:
Open source software lost in this domain fair and absolutely square. Desktop linux has been an extremely accessible and decent option desktops and laptops for, what, three decades; it lost in the open market. I'm typing this comment on arch linux, but even so: It failed to become a force sizable enough to fight back against the tide of corporate-owned attested consumer hardware. Android has been an option for nearly two decades. Its reasonably successful, globally. Google is now toggling the doomsday switch everyone knew they had, to force all applications to go through the Google Mothership. Samsung could fight back; they won't. Motorola could fight back; they won't. The market could revolt; it won't.
Software being open source is not enough to change the tide on what the market wants. Should service providers be forced (e.g. by regulation) to support consumer hardware stacks they prefer not to? By what mechanism do you propose we stop a bank from saying "we'll only support connections from iOS devices", if not the democratic market force of ensuring enough of their customers demand access from devices running free and open source software? You get there by building products people want. Anything else is succumbing to the same authoritarian forces that you're hoping free software will stop, by forcing service providers to behave against their own interests.
If that was unpopular, here's where it gets really unpopular: I don't see a doomsday-level problem with a world where, in addition to whatever awesome FOSS hardware I might have, I also have an iPhone 12 ($130 on swappa) as my "attested device" to do "attested stuff" with, like store my drivers license, banking, whatever. To me, this is... fine. Not ideal; but fine. We should fight like hell to score wins where we can, like in right to repair, parts availability, ensuring old devices are kept up to date for as long as possible (Apple is pretty good at this); but if I have to carry an old iPhone in my backpack to access my bank because they refuse to support my hypothetical GnuPhone 5, the world isn't going to end.
We need nerds who care about this to stop typing on hackernews and go start a phone hardware company. That's it.
> Should service providers be forced (e.g. by regulation) to support consumer hardware stacks they prefer not to?
Yes.
Well, sort of. They don't actually have to do anything. Nobody wants to force them to work for us, that's slavery.
Just don't get in our way when we start writing and using our own software. That's the "support" we want. Just stay out of our way. Leave us alone, without actively discriminating against us for it.
For example, companies wielding DMCA "anti-circumvention" section 1201 [0] to put people in jail.
Or tricks like Nintendo designing their hardware only boot games which show the Nintendo logo on the screen, so that they can shut down any third-party games for trademark infringement.
[0] https://www.eff.org/pages/unintended-consequences-fifteen-ye...
DMCA anti-circumvention laws have made it attractive to add computers to otherwise simple products in order to reify a business model. Breaking those locks by doing things such as using "pirate" ink cartridge turns legitimate competition into a violation the DMCA. We live in the era of felony contempt of business model:
https://www.eff.org/deeplinks/2019/06/felony-contempt-busine...
The trademark security system you mentioned produced such wonderful case law. Not only was it found that this "infringement" was fair use, judges decided that it was the trademark holders themselves who were at fault for creating this stupid system where competitors had to infringe their trademarks in order to create perfectly legal interoperable software.
https://en.wikipedia.org/wiki/Sega_v._Accolade
> Accolade's decompilation of the Sega software constituted fair use.
> the use of the software was non-exploitative, despite being commercial
> the trademark infringement, being required by the TMSS for a Genesis game to run on the system, was inadvertently triggered by a fair use act and the fault of Sega for causing false labeling
That's what the world was like before the DMCA. Corporations would invent all this "clever" nonsense and they'd get destroyed in court. Not anymore.
> Should service providers be forced (e.g. by regulation) to support consumer hardware stacks they prefer not to? By what mechanism do you propose we stop a bank from saying "we'll only support connections from iOS devices", if not the democratic market force of ensuring enough of their customers demand access from devices running free and open source software?
The same mechanism that stops a bank from saying, "sure you can withdraw more than $10,000 from your account and we won't ask any questions about what you plan to do with it" - explicit financial regulation with real penalties attached to it, that banks systematically adhere to. I'm not necessarily a fan of all legal regulations around banks or other financial product providers - this is a huge reason I'm interested in truly decentralized cryptocurrency systems - but given that the regulated fiat financial system does exist and is widely used, we might as well demand that these regulations include provisions that the bank has to let people running free smartphone OSs connect to their systems too.
> We need nerds who care about this to stop typing on hackernews and go start a phone hardware company.
We need nerds who care about this to stop complaining about minor things in existing GNU/Linux phones and other similar devices on the market and go buy them. These hardware companies have been there for years already.
It's hard to build a profitable and sustainable business only basing on the minority that doesn't mind it being "too thick", "too slow", "not high-res enough" or "unable to run modern PC games" (all of these are real things I heard from people here, no kidding). And I assure you that if you really care, you'll easily find a way to live with a (swappable) battery that lasts 20 hours.
I own one of these devices (pinephone) and it is legitimately not good enough for day-to-day use (despite the incredible efforts of the people who are working on it's software). I only use my phone for locally-stored music, text-only web browsing and calls/SMS. The Pinephone cannot perform any of these tasks competently. The thing it does best is playing music, but this drains the battery. It will not reliably place/recieve calls/texts (and 911 doesn't work IIRC). It can barely handle basic web browsing. KDE on this device literally pegs both CPU cores to 100% all of the time. Phosh is better but still dog-slow. This is the case even with the many years of improvements the community has been making to these devices. It used to be significantly worse, and the software is monumentally better than it ever has been. I love this device, and it deeply saddens me that it has such major flaws.
All of the current Linux phones have major showstopper issues, and saying we're complaining about them being "unable to run modern PC games" is a strawman. The simple fact of the matter is there are no decent mobile Linux options available.
The most endemic problem right now is "Linux" phones that use crummy forked vendor kernels and Halium. For all intents and purposes, these devices are trapped in time and can't meaningfully get software updates for major system components. The 2 decent Halium-free options, the Pinephone and the Librem 5, both still use downstream kernels, and the Pinephone's kernel is maintained by 1 person in their spare time. I think it's apparent that this is not sustainable, and one can't reasonably expect megi to maintain this device forever.
As sad as it makes me feel to say this, I don't foresee these problems improving for a long time. As of now, I remain stuck with a Moto E6 from 2019 (Android 9.0) as it seems to be the final device ever produced with a replaceable battery, headphone jack, SD card slot, and screws instead of glue.
> Pinephone's kernel is maintained by 1 person in their spare time
Most open source projects, except few popular ones, are maintained by 1 person in their spare time.
But most open source projects are not the kernel beneath your bank app.
Man, I just want to get a rapsberry pi and screw together a touch display screen with some sim attachment as my phone.
Or a device which can just take a X server running on the same port of sorts but I have found that sure you can do something like it, but its gonna be of inferior / subpar than a phone but definitely possible.
Halium is fine.
If you wait around to be purist on this issue all day, nothing will ever change. Something like e.g FuriLabs is good for growing the ecosystem and getting people actually exposed to something other than iOS/Android.
Halium is a hack around crummy vendors doing sub-par work. It is technically impressive but it doesn't resolve the underlying issue that the crummy vendor kernel will never be updated. Saying that Halium is not a good enough solution in the long-term does not make one a purist, it's a simple fact. Devices that rely on Halium are dead-on-arrival.
And yet I've been using these devices for 17 years now (first Neo Freerunner, then Nokia N900, now Librem 5) and they've been good enough for day-to-day use. With some compromises, sometimes effort, maybe not for everyone, but they sure were usable by a determined person who cares.
I do have a replaceable battery, headphone jack, SD card slot and screws. I do some Web browsing, reliable calls/SMS, playing music for hours. It's starting to get a bit slow and old over the years, but I still see no reason to switch to any less user-respectful device.
What I worry about is whether there will be an upgrade path within the next decade. So far there was the Liberux campaign, and it failed. I already had to use an Android device as a secondary phone for 2-3 years before I got my Librem 5 because the N900 eventually aged too much to be usable for the Web and there was nothing on the market that could properly replace it. I don't want to need to do that again.
PinePhone is a low-end device with no support other than what you get from the community. It was a good option for those who couldn't afford anything else and wanted to invest their time and skills instead of money, but there are no miracles. The community of people who did actually care turned out to be small enough that you can still find some low-hanging fruits to work on today - and that's the thing I wanted to point out. I see lots of people who talk about how much they want Linux phones, but it's a tiny subset that actually acts like it. They won't fall from the sky - not when the sales of existing devices can't finance developing their successors.
Which software stack were you using on the Neo Freerunner that was usable as a phone and had working power management?
I tried to use a Freerunner as a phone for well over 2 years before I gave up and just bought another nokia. As far as I'm aware, it was never really usable as a phone, partly due to the power management never really working properly (there was a point where we finally got power management and a battery life of >4hrs, but the phone often wouldn't wake to ring when somebody called). When using several of the available distros I was frequently mocked by my friends for using the "echophone", due to their own voice being echoed back at them, making it extremely disconcerting to talk to.
I tried a bunch of different distros. And I spent hours and hours and hours trying to tweak settings and test to eliminate the echo. qtmoko was the best distro IIRC, but it had its own issues.
To say that "they sure were usable by a determined person" severely overstates the usability of the freerunner IMO - I'll be extremely curious to hear about the software stack that you characterise as "usable", particularly with regard to the ability to make and receive calls and the ability to have the phone on standby for more than about 4 hours away from a charger.
I used SHR (initially Om2007.2, but switched after a few months as it wasn't maintained anymore). Echo could be eliminated by configuring Calypso modem's DSP and IIRC FSO distros did it by default at some point. Buzz and not waking up to ring (the infamous bug #1024) were hardware issues on early units and could be fixed pretty easily by anyone who knows how to use a soldering iron (I didn't back then, so a friend did it for me). There was a software workaround as well, though at a cost of elevated power usage in suspend. I don't remember exactly how long it lasted on battery, but it sure did last a day at school. A quick search through my e-mail archives shows people on mailing lists talking about 100 hours in suspend with modem deep sleep fixed and about 70 hours with it disabled (though I can see someone complaining in one mail that they couldn't reach more than 50 hours), but of course it could quickly burn through the battery when under active use - especially with Wi-Fi on, as I remember its power saving mode to be quite flaky.
Freerunner was the roughest of these devices, but that was more than 15 years ago. Things have changed meanwhile ;)
I tried SHR too. That original 2007.2 distro that it shipped with was almost usable as a phone before OM released the much worse one.
Interesting to hear, I never managed to get anything like that many hours out of mine - as I say I never managed a full day because it wouldn't wake from sleep to ring. And I spent a LOT of time trying to eliminate the echo but never quite managed it (though I think it might have been gone in qtmoko, it's been a long time so hard to remember exactly).
Still I'm glad to hear that it was usable for someone, I guess.
> Things have changed meanwhile ;)
I wish. But my experience with the pinephone was somehow even worse.
Yeah, Om2008 was a disaster. I liked Om2007.2 as a user, but as a developer I can see why it was abandoned. Eventually it was FSO what made the phone actually solid and with proper foundations. If your device shipped with 2007.2 still, it must have been one of the earliest ones, so you've got the whole set of hardware bugs that were fixed in later batches (but so did I).
Still, Freerunner, while usable, required plenty of patience. My current experiences with Librem 5 are so much better - but whenever I play with a PinePhone it does somewhat remind me of my old Freerunner (which still works, BTW!).
> It can barely handle basic web browsing
I don't understand what you're talking about. SXMo (https://sxmo.org/) is fast on Pinephone. Even Phosh is pretty usable. Firefox with NoScript is more than good enough to browse web sites with pictures.
Also, Librem 5 is much faster than Pinephone, and I've been using it as a daily driver for quite some time already.
You do not expect any 'normal' person to ever use this SXMo shell, right? Hell, most nerds I know wouldn't want to touch this with a 10ft pole.
SXMo simply proves that slow hardware isn't a problem. I also said that Phosh worked well enough for me, even on a Pinephone.
I have to second this. I've bought two of these devices over the years: first the Neo Freerunner and then a Pinephone Pro.
I spent over two years persisting, trying to get the Freerunner to a state where it was usable as a phone. Openmoko were more interested in rewriting from scratch and making sure it had pretty animations than things that some might consider more important, like working power management and phone calls.
For a long time I called the Freerunner "the worst phone ever made"...
...but then I bought a Pinephone. Which couldn't even play mp3s without stuttering - something even the freerunner could manage over a decade earlier. Don't get me started on the "quirkiness" of trying to use it to make and receive calls. Also the keyboard attachment I bought with it never worked. I tried multiple distros and whatnot, but I didn't get to spend a huge amount of time experimenting, because less than a month after I started to try actually using it, I dropped it, and it was so fragile that the screen was destroyed, despite me having bought a screen protector for it.
I've looked at a lot of these devices over the years and been tempted many times. I was very put off by the freerunner experience. The pinephone experience was actually almost impressive that it managed to be somehow worse.
I've just been scanning the postmarketos wiki looking at how that works with a few different devices. The number of devices that have some feature like calls / gps / camera / etc "partially working" is dismaying, particularly for open devices like the pinephone and librem.
Personally I switched to using lineageos on phones a long time ago. It's not ideal but at least it's usable as a phone.
> By what mechanism do you propose we stop a bank from saying "we'll only support connections from iOS devices", if not the democratic market force of ensuring enough of their customers demand access from devices running free and open source software?
Similar to all the accessibility requirements, of course. Do you think the society / government should force banks to provide services to blind or deaf people? Or should we just let the market decide?
I never stated that its never reasonable or good to force corporations to behave against their interests. What you stated is that the "mechanism" might be to treat a person's chosen software stack as a protected class. I can't agree with this, in any sense, and I think you're just trying to distract the conversation by suggesting it.
In a sense, that is the solution: ensure availability through open standards (like the web platform) through legislation.
My bank has stopped issuing physical TOTP tokens years ago, and I am holding on to one from 2006: when that one dies, I won't be able to use their e-banking web site if I do not have an Android or iOS locked-down phone.
Not, that does not mean making it a protected class. But instead, guaranteeing access through open protocols and open platforms should be sufficient.
I also hope legislation, like CRA/NIS2 in EU and different e-waste regulations combined, will push manufacturers to consider FOSS approach as a get-out-of-jail card too.
Accessibility requirements are completely unrelated to protected classes.
I've done research on this, and have considered it but it's capital and time intensive even if I think it's viable.
There are two reasons I think it's viable now:
1. It's possible to wire an agentic system management service into the OS to handle a lot of the routine stuff, so non-technical users will be able to just talk to their computer and it'll be fine tuned to be good at fixing system issues, installing/removing software, managing windows, etc. I developed a scheduling inversion of control executor for enterprise agent control that I've looked into adapting for this use case.
2. The steam deck has proven a new model. Game friendly and a simplified UI is enough to carry Linux. New Arch rices like Omarchy are pushing the envelope of usability. I've been ricing desktops since enlightenment on slackware 96, so I'm pretty familiar with this world.
Regarding form factor, I'm not a huge fan of phones, too many tradeoffs. I think with strong AI voice systems, the optimal setup is buds + tablet. That's a better setup for mobile linux anyhow, and it makes the hardware almost a non-issue.
This is a valid take. I do not agree with it in general: if we look beside the consumer devices, FOSS software us everywhere. and powers almost everything consequential.
But the mobile phones specifically turned from phones into trusted terminal which institutions like banks and governments use to let users control large amounts of money and responsibility. And the first rule of a secure device is to be limited. In particular, the device should limit the ability of its owner to fake its identity, or do unauthorized things with networking, camera, etc.
This junction of a general portable computer and a secure terminal is very unfortunate, because it exerts a very real pressure on the general computing part. Malicious users exist, hence more and more locking, attestation, etc, so that the other side could trust the mobile phone as a secure terminal.
It would be great to have a mobile computer where you can run whatever you please, because it's nobody's business. And additionally there'd be a security attachment that runs software which is limited, vetted, signed, completely locked-up and tamper-proof on the hardware level (also open-source), which sides of the communication would trust. Think about a Yubikey, or a TPM, but larger and more capable. The cellular modem and a SIM card are other examples, even though they may be not as severely hardened. They are still quite severely limited, and this is good.
If I were to offer an open-source phone (and, frankly, any mobile phone), I would consider following this principle. Much like the cellular modem, it would carry a locked up and certified security block, which would not be user-alterable. It would be also quite limited, unable to snoop into the rest of the phone. The rest of the phone would be a general-purpose computer with few limitations. Anything that would want to run on it securely would connect to the unforgeable interface of the security module, and do encryption / decryption / signing / secure storage that other parties, local and remote, would be able to verify and thus trust.
One can dream.
If they want to manage their hedge fund from their phone, then maybe they should consider using a special device for that. It doesn’t really matter for the rest of the people as status quo shows
Locked devices are created to supposedly ensure the security of a device user, not because malicious users exist.
SIM card is a good example. Technically, that's trivially solvable with a PKI infrastructure (a malicious user can't trivially and successfully misrepresent as google.com): operator runs their CA, and by signing your certificate, they attest that you are the owner of a particular phone number. No malicious user can mess with that (other than attacking the CA).
What they can do is attack end-user devices through different cheaper means (social engineering, malicious apps, exploits...), and extract individuals' private keys, thus allowing them to misrepresent as that individual. A SIM card protects against this by not making private key accessible in the first place.
This is exactly what locked devices do: they protect customers from not knowing how to properly (including securely) use their devices.
This is what we need to focus on as technologists: if we know how to securely use our devices, how do we opt out of others "protecting" us, and take full responsibility and liability for security lapses?
It's got nothing to do with protecting users. It's got everything to do with protecting the corporation from the users. Especially the corporation's bottom line.
If you have a free computer, you can make it save a copy of the film the corporation is streaming to you. It's your computer, you are in control.
If you have a corporate owned computer, it will not let you do that. They own the computer, they are in control. If you manage to subvert their control, it will be detected and they will not stream the movie to you.
Substitute corporation with government, and streaming with cryptography. Now consider the fact Europe is trying hard to enact laws that force client-side scanning of our end-to-end encrypted messages.
That is the war we are fighting. The fact we are losing hurts me deeply. It is hard to put into words my disillusionment.
I did use "supposedly" in there. While media lobbies are strong, that's not how they are convincing governments to line up: it's about protecting the naive, non-techy user in this tech-heavy world.
To me, that's why we need to rise and say: I need no protection! Media companies can do what they please and still insist on "secure attestation" (like Netflix does with Chrome on Linux, still limiting to lower quality streams), without essential services like government services, banking services, communication services etc. being allowed to do the same if the user decides against that "protection".
Jails are created to secure users. Jailbreak is created to make users insecure!!!
?
They can represent themselves as users just fine without extracting keys from the Secure Enclave. What are you talking about?
Not sure who are "they" and where are they "representing themselves" in your question?
My point was that you can be protected as a user even without the "secure enclave": that's how GPG, SSH and HTTPS PKI works (a user has their own private key, and they are as safe as their key is). Leaking any one of those only impacts that single user, similar to someone stealing your phone and using your logged in accounts or even secure chips if they get your PIN or password (or biometrics) — if you even have it set up, which most people outside the tech bubble don't.
You might be misunderstanding some of the nuances I brought up: what are you talking about?
> We need nerds who care about this to stop typing on hackernews and go start a phone hardware company. That's it.
We need nerds that are more politically conscious than that, and are not naive enough to believe they can solve political problems through creating companies and hardware.
At this point there are only two things stopping me from using kde or gnome on my work box: Apple and my employer, and I could probably convince my employer. The hardware though is something I’m not willing to compromise on and Apple is in a tier above everyone else currently, so I’m stuck with subpar macOS, not planning upgrading to Tahoe for as long as possible.
How do you price this? How many flops per watt for freedom?
Can you be more specific about why you are not upgrading to Tahoe concerning software freedom?
I’m not upgrading to Tahoe because liquid glass is dumb.
You can run Linux on Apple devices using the work of these folks:
https://asahilinux.org/
Nerd have been at it since the OpenMoko days, the problem is that they don't understand what the general public cares about, thus all those efforts end up failing, as the few nerds that care about being customers all get a phone, and there isn't anyone left to keep the business going, buying new devices.
Eh? Samsung still maintains a whole suite of independent alternative apps, providing things ranging from NFC payments to calendaring and contact management, that they stuff onto their phones in addition to the usual Google fare.
Until very recently, most/all of their phones had alternative Samsung-produced chipsets available in various markets (Exynos).
They've got their own app store as a built-in.
And they also maintain their own small-system operating system, with Tizen, in case it all goes to shit.
They've been working very hard on parallel development for quite a long time. They're probably better-prepared to jump ship than any other top-tier manufacturer of Android cell phones is.
Motorola Mobility? That was spun out of the stodgy-big batwing mothership in Chicago a long time ago -- and first purchased by Google, before being sold to Lenovo. Subsequent to Google's influence, whatever remains is ill-prepared to jump ship, but that was certainly a design intent. That behemoth is much more dug-in.
So the outlook is certainly gloomy, but it's not all darkness.
(In terms of things like banks only supporting one OS or another: Gosh. Prior to the entrenchment of the smart phone age, I never installed a company-specific consumer banking application on any computing devices at all. It was OK. I just used Sir Tim Berners-Lee's World Wide Web to do that stuff, sometimes with a side dose of SMS on my dumb-phone for active notifications.
And still today, I don't have banking apps for most of the companies that I do banking-stuff with -- and I get along fine with keeping track of the money I have, the money I owe, and the bills I need to pay.
Maybe the right answer here is to shore up the utility of the platform-independent WWW.)
>Eh? Samsung still maintains a whole suite of independent alternative apps, providing things ranging from NFC payments to calendaring and contact management, that they stuff onto their phones in addition to the usual Google fare.
Which is EVEN WORSE in maintaining device attestation than Android. Read about the Knox warranty bits.
> To me, this is... fine. Not ideal; but fine. We should fight like hell to score wins where we can, like in right to repair, parts availability, ensuring old devices are kept up to date for as long as possible (Apple is pretty good at this); but if I have to carry an old iPhone in my backpack to access my bank because they refuse to support my hypothetical GnuPhone 5, the world isn't going to end.
But even as you say, as you're using Arch as your desktop computer, things may be fine now, but they're only going to get worse.
Should we all have to carry two laptops because anything running a free software core is just utterly unusable due to remote attestation?
> We need nerds who care about this to stop typing on hackernews and go start a phone hardware company. That's it.
Didn't you just spend most of your comment talking about how the market forces don't care anyway? Would good is starting up a phone hardware company that will ultimately go bust due to total apathy of the general consumer?
Agreed. Its only going to get worse and all current trends validate that. It’s clearly trending towards closed source big brother platforms. E.g ios, android, windows and macos.
It does look that way. Though there is one potential silver lining around the madness going on in geopolitics: much of the rest of the world is rethinking it's long-standing strategy of relying on American software. That makes Open solutions look a lot more attractive, even to the average politician, than say a year ago.
Yep
"free and open web" isn't even used to be anymore, many are using bots and AI to make things worse and many people especially young people didn't even do "surfing" on the web anymore
like it or not but internet that need verification on personal level is the future, I don't agree with it either but if you see from the progress perspective its always been like that
As I said other times: we need a Free Hardware Foundation now like we needed the Free Software Foundation for many years. The GSD (GNU software distribution) is basically a standard GNU-Linux distro using GUIX as the package manager seems very interesting, but if you want to run 100% free software on a RYF-certified device you'll have to pay a lot of extra money for 15 years old class hardware.
We need the equivalent of a Linus Torvalds + Richard Stallman but hardware. We were lucky to have had both for software at the same time. We need the same luck again now.
Pointless. Silicon fabs currently cost billions of dollars. They are single points of failure. Even if the market starts trending towards openness, governments can just regulate a backdoor into these fabs. They have every incentive in the world to do it. Democratized access to cryptography is subversive.
We need some kind of 3D printer that can print computer chips. We need the ability to make our own hardware at home, just like we can make our own software at home. Democratized electronics fabrication. That's the only way we'll be saved.
While I, for the most part, agree to this in principle, at the moment, general compute hardware production is relatively safe (or so it seems).
But when it comes to humongous costs, the fact that even "open source AI models" don't have their training data available (the actual "source") is one thing, but even if it was, it'd be impossible to retrain a model "at home". But if data was available, I am sure any of the existing free software foundations, or a new one, could rally users around sponsoring one DC.
We are back in the "mainframe" days where top-end compute is accessible only to few (with lots of money).
> It absolutely does.
I'm not sure I follow. Corporations are free to impose requirements for access to their platforms. FOSS didn't start by demanding that MS release the source code for Windows and Office. It started with developers writing their own alternatives. What helped was the open and standardized nature of the IBM/PC stack that made it all possible. Without it, FOSS would have died before birth.
> Corporations are free to impose requirements for access to their platforms.
To wit, hardware that I bought is not "their platform", but many corporations sure like to pretend it is.
It's already not illegal to reverse engineer hardware you have bought (for the purpose of maintaining it or compatibility), regardless of how much IP lawyers like to pretend otherwise. (And even if it were illegal, I would contend that reverse engineering is a fundamental right that laws cannot rob you of.)
When BlackRock has stake in 95% of fortune 500 companies, and we are forced to use software and services provided by them because no viable FOSS alternatives exist, it becomes, and already is, a big problem.
You have to own a phone to participate in society these days. I need one to even log onto my laptop for work. Eventually I'm sure some form of digital ID / biometric information will be required for verifying my online identity.
It's a slippery slope, and we're sliding into the abyss.
> Corporations are free to impose requirements for access to their platforms.
Yeah? They shouldn't be. Any attempt to deny us service on the basis of the software we use should be classified as discrimination. It should be a crime of the same caliber as racial discrimination.
Sure, I can get behind that statement for certain things that we consider essential to a person's dignity and safety. Demanding access to Gmail or Facebook doesn't sound like it.
> Demanding access to Gmail or Facebook doesn't sound like it.
I would argue that Gmail (or at least some kind of email service) is actually a necessity for modern life -- and if "access" includes sending emails to @gmail.com without being black-holed into the spam folder then I would argue it is one of the most essential digital rights these days. For most of the public, no access to Gmail would make it impossible to get a job, use most online services, or communicate with most people. Arguably this is a right more people exercise every day than some fundamental human rights (like the right to a fair trial -- most people are never a party to a criminal trial).
Facebook is somewhat less relevant than it was a decade or two ago, but if you include all of the services under the Facebook umbrella (Instagram and WhatsApp) then I think there is an argument it is would also inch close to that line. I remember it being incredibly difficult to attend events and interact socially with classmates without having a Facebook account when I was in university ~10 years ago.
(All of that being said, I don't necessarily think this is the key issue here.)
The ability to run our own software in all contexts is absolutely essential for our dignity and safety.
It is the only thing that allows us the chance to resist their surveillance capitalism. Being surveilled and having algorithms extract value out of us is exploitation which absolutely goes against basic human dignity. It also creates the potential for information leaks which are safety risks.
Think about it. The only thing that separates corporate software from literal malware is a huge terms of service document filled with legal boilerplate that nobody actually reads. Everybody theoretically "agrees" to this stuff.
> It should be a crime of the same caliber as racial discrimination.
Universal, but unmentionable and with no consequences in practice?
"Yeah? They shouldn't be. Any attempt to deny us service on the basis of the software we use should be classified as discrimination"
but this doesn't work in real world are they??? I mean look at apple, the iOS is locked down device and consumer know what they buy into
and its user also fine with it
> consumer know what they buy into
Consumers don't know anything about what's being done to them. Even on Hacker News I get accused of being a paranoid schizophrenic "tinfoil hat" user when I point out the fact we have trillion dollar corporations building digital fiefdoms with users as the serfs. You think non-technologists can grasp this? You have far more optimism and faith in humanity than me if you truly believe that.
> building digital fiefdoms with users as the serfs
I wouldn't call you names, but this does sound rather extreme. It also sounds rather imprecise. Is this a metaphor, or a hyperbole, or do you actually mean this literally? If so, in what way I, an iOS user, going to be an Apple serf?
but that just late-stage capitalism ?????
I understand where your coming from but the words of choice make it maybe more hyperbole
also stop acting like most user is idiot tbh they just dont care enough for this shit
they do care if the situation get worse, and until then if said corporation is "refuse" to
serve customer like they used to be people can retaliate
> they just dont care enough for this shit
That is the definition of idiot. A person who's so alienated they don't participate in these public matters.
> they do care if the situation get worse
By the point normal people start caring, the system will be so thoroughly entrenched that violent revolution will be the only option avaliable to them.
You cannot participate in all public matters, that’s naive and unrealistic. And stop calling people idiots for not doing that, this definition is outdated.
Absolutely.
The takeover of "free software" by the enemies of freedom is not the "winning" of free software.
This looks like a loser's move, but if your bank has no other options except for mobile app, you can buy a cheap phone for that app only, and connect it over WiFi (without SIM card) so the bank would only get your IP address from this and nothing more.
This is indeed a way to cope. But why should we have to merely cope? Why do we accept the world getting objectively worse? The necessary technology is cheaper, better and more abundant than ever – so why are we letting a few megacorps and some power-hungry politicians decide how we use it?
> This looks like a loser's move, but if your bank has no other options except for mobile app, you can…
…switch banks.
I think it's easier just to buy a shitty iPhone...
Why would you stick with such a bad or incompetent bank? I just don’t understand that mentality.
In my country, creating a new bank used to require presidential approval. That was the status quo until only a few years ago. Things only started to improve after that requirement went away, and they certainly haven't improved enough.
It's hard to describe just how deeply entrenched institutions like banks are. Normal people see all of this stuff and they do not even react at all. It's all just mindless bureaucracy that they have to put up with. Nothing can be done about it. Can't be helped, so they just accept it.
So it's not wise to treat banks like normal corporations which compete with each other on the open market. They are directly legally and financially incentivized to do everything we are fighting against.
For example, our banks still require us to install "security modules" on our computers in order to log into our accounts. Once upon a time I tried to reverse engineer one of those things to see why they made the computer so unusably slow. I caught it intercepting every single network connection. Told me all I needed to know.
At some point society has to simply determine that it's immoral and make it illegal. It doesn't matter how much money they lose to fraud of whatever, just write it off as a business expense or something.
I’ve lived in Africa, Europe, and the US, but I’ve never experienced a situation where I couldn’t just switch to a different bank if I wanted to. That’s the context for my comment. All I’m saying is that if you’re in a situation where a bank’s services are overly restrictive, and switching to a different bank will solve that, it makes sense to switch. I can’t speak to places where such choices aren’t available.
I take the same position on countries - it’s why I no longer live in Africa, where I grew up. And why I soon won’t be living in the US any more. Life is too short to waste it having other people’s mistakes inflicted on you.
> I take the same position on countries - it’s why I no longer live in Africa, where I grew up. And why I soon won’t be living in the US any more. Life is too short to waste it having other people’s mistakes inflicted on you.
You have my applause. But that certainly looks like you are in for a lot of moving around, going forward. I guess it is not an option for everyone.
Looking at immigration and refugee numbers around the world, more people take it as an option than you might imagine.
For many of those that don't, that's a choice. Keep in mind that emigrating doesn't necessarily mean adhering to all the bureaucratic procedures involved, all the time.
I lived in my home country and then Botswana for nearly 30 years. I've been in the US for over 30 years. I don't anticipate many more moves.
At around 4% of the world’s population, it is a tiny fraction that hardly matters.
I think it's worth distinguishing between what "winning" should mean and what's still possible in the world we're in. We may not win by owning every transistor, but we sure as hell lose if we stop demanding the right to.
Come on, this kind of defeatism only emboldens entrenched players.
Yes, we're awkwardly cornered - hardware used to be open or easily reverse-engineered. Now it isn't. The solution is to demonstrate the demand for open hardware. No one is going to walk away from money that can be made even if the market is smaller.
This movement was strong enough that the incumbents themselves offered Linux-friendly hardware. We continue to see momentum in the mobile space as well with /e/OS, Fairphone, etc. GrapheneOS is pursuing alternatives to Pixel.
Be brave!
> Yes, we're awkwardly cornered - hardware used to be open or easily reverse-engineered. Now it isn't.
When exactly was that? The 1980s?
Linux hardware support is better now than its ever been.
What did it take to port Linux to M1 series Macs (which at least has an unlocked bootloader)?
How do I install GNU/Linux distribution on a latest Galaxy S25 or iPhone or Google Pixel or Apple Watch or... (these are likely top-selling general compute devices in the world)?
Yes, on Windows PCs, Linux usually works better than Windows itself (except for the very newest stuff for a short while). But I think you missed the point of the GP.
> No one is going to walk away from money that can be made even if the market is smaller.
Unfortunately the tech industry has shown us that isn't true. For example, look at the iPhone mini - I forget the exact sales numbers others have cited, but it sold very well. There is clearly a solid market there, even if it is smaller. But Apple isn't willing to chase it, and nor are the various Android OEMs. The same may well prove true for open hardware.
Sold very well for your home business is very different than sold very well for Apple. At the time the first Mini was released, when the previous regulat iPhone (5s) was available for cheap and the new Mini had few compromises not dictated by size, it was may be 1/6 of Apple’s sales in the first year and dropped precipitously after that. It never sold well.
> Apple isn't willing to chase it
They are, it returns next year as iPhone Fold for $2K.
This is one of the reasons to embrace crypto - having an intermediary with direct control over your finances is absurd.
Are you able to source all (or even the majority) of goods and services that YOU use, within the crypto ecosystem? Are you getting paid directly in crypto (or if you offer goods/services, do you only accept crypto)? i.e. direct exchange of crypto for goods and services? If not, you are using an intermediary to convert crypto into fiat and vice-versa. Do you invest in ANY non-crypto assets? If not, you are relying on a financial intermediary. Do you practice true self-custody of your crypto? If not, you are relying on intermediaries.
For all the theory about the being financially independent of intermediaries, in practice it is nigh on impossible for most folks living in the real economy. Meaning that for most of them, even the crypto-knowledgeable, "embracing crypto" means a compromise with the "absurd" as you put it.
This, and especially when the intermediaries attempt to police what you can and can't purchase with your own money when you wish to purchase a fully legal good/service (see: Visa and Mastercard fiasco)
Nothing is stopping your crypto exchange from requiring remote attestation.
Nothing is stopping you from keeping fiat under your mattress.
This isn't really a crypto issue.
I agree. I really like Monero.
That’s the value proposition of banks actually. Unfortunately we have let them delegate responsibility for fraud.
People like you are arguing that one should give up on society because of society's flaws. I think your attitude is sad and poisonous.
We need societies, and we need to work to fix their flaws. Every person cannot be an island.
If you're definition of winning is owning every transistor, then it is an unproductive definition.
Under that definition, we have and will always lose.
Y'all should've pushed back far more strongly against their "security" long ago... but now the only way forward is to keep fighting.
But they did, there's even people in this thread saying the FSF/GNU is too strict with their requirements and is akin to the "old man yelling at cloud".
What else are they supposed to do then? Start Luigi'ing people?
Often times the problem is literally yelling at Cloud.
Cloud doesn't have an automatic philosophical match to the way the Freedoms were justified originally. The Freedoms are based on the notion that you should have the right to do what you will with hardware you own; you don't own someone else's hardware in the Cloud.
> The Freedoms are based on the notion that you should have the right to do what you will with hardware you own
Then why do they keep trying to own our devices? Why do we have all this attestation nonsense designed to subvert our ability to do what we will with the hardware we own?
> you don't own someone else's hardware in the Cloud
Then they should keep their ownership in the cloud where it belongs. My software will talk to their software through the network boundary. All is well.
Dictating what software I can or can't use on my machine to talk to their software is an invasion of my territory. It shouldn't matter whether I use their official app, my own custom client or some curl script to achieve my own ends. If they're going to try and usurp control of my machine, then I'm gonna start relativizing their "freedoms" as well.
The problem is that the philosophy doesn't extend to networking.
You are free to do whatever you want with your hardware. Rip the chip out and install firmware that will boot anyway when the missing chip doesn't POST.
... and when you try to connect to my server, I will send a challenge-response that you needed that chip to answer. When that fails, I'm free to do what I want with my hardware. Which is drop or reject your incoming request because I don't trust you.
So far, this situation has been stable because it's a lot more valuable to me to trust you than not; the benefit I get from having you as a user outweighs the harm that can happen if your machine has been modified and does something that breaks my protocols. In fact, the rule on the Internet has basically been "What happens in your house you have control over; what comes in from the outside is assumed to be pure screaming madness until it's validated" for that reason (among others).
... but validation is expensive and I can see why some companies would want to push the whole validation story onto "We use attestation to confirm that we can trust the software works the way we expect it to on the other side of the machine." I personally think it's a bit of a dumb experiment (I don't trust attestation itself to succeed, not when the end-user fundamentally still owns the device and every hacker on the planet can attack the attestation protocol all day if they want; I haven't seen a system that pretends it controls both sides of the network ultimately succeed yet and I don't expect I will this time either). But if companies want to win stupid prizes I don't think we need to do anything more than "not work with them" to help them along.
It's hard to do otherwise without doing injury to the core concept "You own your own machine" whether 'you' is one person with a smartphone or a corporation with a datacenter.
Yes. This is not even an exaggeration as it is, and they've barely even started.
Where does this resigned opinion that open source can not do attestation come from? Do you really think it's impossible to build the attestation mechanisms inside open source OSs?
Checking what software a user is running can be done with open source software, but actually doing so takes away the user's right to run modified copies of software. The fact that it basically needs hardware-backed DRM also doesn't help.
I see, it makes sense. But I feel like it is a worth while compromise.
Attestation as I understand it is to allow third parties to trust a user's computing device for purposes of handling their sensitive data (both from the user's and the third party's point of view) in a way that doesn't rely strictly on the user's savvy for keeping everything leak proof.
Even if this data belongs to me - as said user - I still think that the existence of open source attested software is a net benefit in the bigger picture because the future looks more and more dependent on secure computation.
You can run it, I'm just under no obligation to let your machine send signals to my machine that my machine will respond to if you are running software I do not trust.
And that's the complexity of this era of computing. We just got finished convincing people that it made sense that they should have the right to run whatever software they wanted on hardware they owned... And then immediately the technology shifted so that most things no longer get done using exclusively hardware that you own. The RMS four freedoms approach is only chipping away at the larger problem: capitalism (I mean that literally in that the problem is that the machines that do the work, the capital, are owned by a tiny ownership class).
> You can run it, I'm just under no obligation to let your machine send signals to my machine that my machine will respond to if you are running software I do not trust.
If some piece of software I'm running is the only reason for you to refuse the connection, then you should be obligated.
It's slightly similar to how protected class laws work. You can block me for no reason, but not that reason.
This is especially important when I just want to run my own OS and not have people go out of their way to deliberately break things because of that.
> If some piece of software I'm running is the only reason for you to refuse the connection, then you should be obligated.
Obligated how? Like through violence? What happened to freedom of association?
The same violence that stops you from running a red light, yeah.
In my view, it's more important to have freedom of software choice than to have the very narrow freedom of association based on what software someone else chooses.
Because again I'm fine with you rejecting me for just about any other reason. But that one? No, I think we should all have to interoperate.
Another way to look at it is that I should be able to keep what software I use private.
Also the important part is applying this rule to companies with 7+ figures of revenue. Not so much to actual people.
I mean, we all have things we'd rather not have people reject us for, that doesn't mean it should be illegal to do so. We already have the (legal) right to keep our software preferences private.
In general I'd caution against trying to use legalisation to solve problems like this because they usually introduce more problems. At the very least I'd expect banks to no longer carry liability for fraud, so perhaps one intended consequence of this is that if you get defrauded the bank no longer protects you. That would suck imo.
Perhaps they could make it so you waive all protections by using unauthorised software. That would probably require changes to existing legislation, and then of course people would complain that the banks have too much power etc...
> At the very least I'd expect banks to no longer carry liability for fraud
Respectfully to you but not to banks, fuck that. You can use your computer under your control to access a bank and it's fine. You don't have to give up fraud protection. Phone apps should be the same way.
In Germany, the banking system had an open API, so you could even access your bank account from KMyMoney and do transactions. And you still had proper fraud protections.
How is it that accessing my bank account with KMyMoney is fine, but banks don't even allow me to access my smartphone's root account without blocking me?
> If some piece of software I'm running is the only reason for you to refuse the connection, then you should be obligated.
In general, the obligation has been soft: "If everything adheres to the protocols, it will interoperate" is how we got the Internet. And the Internet was generally useful and so self-incentivized making software work with it with minimal stumbling blocks; nobody was gating FTP clients on only working with Oracle-branded FTP servers because then you couldn't access all the other FTP servers.
But that's not the only model, and I don't see an obvious argument for why should enters into it here. How does that "should" work? Is there legal compulsion? On what moral or philosophical grounds?
> It's slightly similar to how protected class laws work. You can block me for no reason, but not that reason.
Yes, and instituting those laws was a messy uphill battle over immutable properties of human beings. That is a far philosophical cry from "No thank you; I'd like to use all that Apple cloud tech without buying an Apple computer please." I suppose, unless we break the back of capitalism as a societal structuring model, in which case... Yep. We can make whatever laws we want if we throw out the current system.
> I don't see an obvious argument for why should enters into it here
This threatens to destroy everything the word "hacker" stands for. Everything this site is about. Gone.
I can't even get people on Hacker News to care about this. It's over.
Hackers will be fine. If anything, this kind of measure-countermeasure foolishness from corporations gives them a really meaty problem to dig into.
It's just very unclear that the force of law is the right tool for the job to address that problem.
(Also, people on Hacker News can care about a lot of things simultaneously. One of them can be that adding the government's cudgel to the problem may very well make it worse; do we really want the government having to well-define things like "protocol" and "communication" to craft that law?)
> It's just very unclear that the force of law is the right tool for the job to address that problem.
Remote hardware attestation is cryptograhic proof of corporate ownership of the machine.
They're using cryptography against us. Everyone here knows how devastating cryptography is. Cryptography is subversive. It can defeat police, judges, governments, militaries, spies.
I'm actually worried that the force of law might turn out to be not nearly enough.
> do we really want the government having to well-define things like "protocol" and "communication" to craft that law?
Just ban corporations from using remote attestation to discriminate against us. If they try something else, ban it too. Don't even ban the technology, it's useful to us when used with our own keys. Just stop this abuse and discrimination.
> Just ban corporations from using remote attestation to discriminate against us.
Whelllp, there goes my OneTouch login on my MacBook. :(
Using one device to authenticate another device can work just fine without any anti-consumer lockdowns.
It can right now. Get the government in the business of deciding what is and is not "remote attestation" and good luck with that.
If the future hopes for openness in computing rely on ending capitalism, we're already toast. Nobody's going to be building the next generation of chip fabs without gargantuan amounts of funding.
Capitalism isn't a necessary prerequisite for gargantuan amounts of funding.
> I'm just under no obligation
You should be.
What are you talking about?
Smartphones have cryptographic hardware that can provide proof that a device has not been "tampered with". This is called attestation. The hardware attests to the fact trust has been preserved since boot.
Your device will not attest to this if you install your own operating system, if you root your phone, if you do anything that they don't like, anything at all.
You install your bank's app and try to use it. The bank's servers ask for the attestation. You will not have one. They decide you cannot be trusted and deny you service.
Even if you can program your own keys into your device, nobody is gonna trust those keys. Why would your bank trust your own keys? They'll trust Google's keys, Apple's keys, the government's keys. You? You don't get to participate.
The corporations and governments want to own your computer. They demand cryptographic proof that your device is owned by them and that they have complete control. If you don't provide it, you're banned and ostracized from everything.
The most absurd part is that you totally can access the home banking from your desktop PC with Linux, without any need of hardware attestation.
Suddenly it's mandatory because the device is a phone?
These days banking is one of the things for which a phone is required for. It is used as the primary banking device for most people, and for the rest it is required for two factor authentication when logging in on a PC or to verify online transactions.
Maybe some bank would allow you to use some third party two factor authentication device to log in sometimes, but most (if not all) would require you to use their "app".
In my country, banks force us to install "security modules" in order to do this. Once upon a time, back when I used Windows, I got bored and tried to pry one of these things open to see why they made the computer so unusably slow. I caught it intercepting every single network connection and doing god knows what with them. That told me all I needed to know.
It used to be that Linux users like me were exempt but at some point they added Linux support. Now there's a goddamn AUR package for this thing.
https://aur.archlinux.org/packages/warsaw
https://aur.archlinux.org/packages/warsaw-bin
> Banking security tool developed by GAS Tecnologia
Yeah. Banking security tool. Who the fuck even knows what it does? It sure as hell isn't me. That thing is not going anywhere near my system.
I really don't understand why they do this - what is so special about banking apps vs a banking site in a web browser.
What is the particular threat model of a rooted phone?
People in Europe no longer can, thanks to PSD2.
Of course we can, even HBCI still works, and you can even access your (German) bank account from within KMyMoney.
For the website, it's also easy, even with PSD2 you can just get a physical TAN generator.
Remote attestation on Android is one of the primary examples. Banking apps and a bunch of other apps that will cut you off if you do something like root your phone.
(This is not directed to you but the wider community writ large, you just happened to be the one to kick the hornets nest)
You know… there was time before this latest generation started calling everyone that complained to a manager a karen… that complaining to manager would resolve issues… and if that failed, publishing your story and refusing to do business with someone was seen as proper conduct.
Banks!!! Lol! Are the most fragile institutions ever! Fdic, exists for a reason… get enough people to withdraw their money all at once and see what happens.
Open source people that want to stick to your grit… don’t work with banks that won’t let you use open source software. Oh is that too hard for ya? If you’re not compiling your own slackware distro than you have no leg to stand on (/s)
But seriously, use a local bank and try solving human problems by dealing with human’s. Quit trying to tech everything… if the open source community would get unified and actualize… thats a fuck ton of people!
Here’s another crazy concept that the oss community could do… they could literally just open their own bank… voila (its not as hard as it seems and takes way less money than you think)
> try solving human problems by dealing with human’s
Welp. I actually tried it. Here's my experience.
I contacted my banks and got in touch with their managers and devs. They do have APIs. I wanted to use those to create my own software with read only access to my account. I didn't even want to transfer money anywhere, just get my transactions for accounting purposes. I was using ledger at the time and was getting tired of manually inputting everything into the journal.
I eventually discovered I would need to incorporate and beg the central bank for permission to touch the financial system.
Open source people that want to stick to your grit… don’t work with banks that won’t let you use open source software
there is not a single bank in my area that would let me do that, unless it is by accident. so the choice you suggest is de facto not available.
Cryptocurrency says hi?
> But seriously, use a local bank and try solving human problems by dealing with human’s. Quit trying to tech everything… if the open source community would get unified and actualize… thats a fuck ton of people!
Wise, and thus downvoted. Many FOSS enthusiasts are antisocial, sometimes even misanthropic, fragile snowflakes ("I should be able to run any software I like, on any device I like"), so any call for collective political action, that actually could achieve something more, is disregarded.
M-x dispute-charge
[flagged]
[dead]
I think free software has to adapt. I find it very difficult to run QGIS on a modern Mac with an up-to-date OS. It won't run for genuine security reasons, not because some corporation doesn't want me to run free software.
I think the article properly addresses that:
> Things programmers care about directly, like the OS and the kernel, are quite well covered. Whatever we need, there's an open version
What devs can build without much oversight or business pressure usually works well open sourced.
Almost everything else (hardware, non technical "productivity" software, services) doesn't, and that's most of our life. We live in a world that's still massively closed source.
I wouldn't call someone absolutist for wanting printers, coffee machines, laptops, TVs, cars, "smart" lights to be more open than closed.
That's true. Wanting openness in everyday tech isn't "absolutist" in itself. But the article's tone (and a lot of the FOSS movement's rhetoric) frames it as failure rather than frontier.
Of course we'd all prefer open printers and cars, but those domains aren't mainly limited by software ideology; they're limited by regulation, liability, and econ. The fact that programmers can build entire OSs, compilers, and global infra as open projects is already astonishing.
So yes, the world is still full of closed systems... but that doesn't mean FOSS lost. It means it's reached the layer where the obstacles are social, legal, and physical, not technical. IMO that's a harder, slower battle, not evidence that the earlier ones were meaningless.
I think it's fair to put it as a failure, as the overtone window moved so much it now sounds normal that regulation, liability or econ interfere with openness.
The very fact "right to repair" had to be coined, proclaimed and we're fighting for it is a regression from the early days when repairing a radio wouldn't be violating some clause.
Of course, the openness was more accidental or pragmatic than really intended, and we saw companies slowly put up the barriers as they found technical and legal ways to do it (like forbidding plugging third party phones to the network for instance). If it's a frontier, IMHO it would be more akin to the battlefields front lines than anything else.
Put another way, the battle has always been social and legal.
The other famous example which people have mentioned here is that "sideloading" is now used to refer to installing software on a computer, which used to be a normal, routine (and required) thing to do in order to use any computer. So the idea that someone curates what software you're allowed to run, and there's no way to even opt out of that, has become normalized for huge numbers of users and parts of the tech industry.
It's true that malware authors are much better funded and more aggressive than they were a few decades ago, so we have some long threads talking about how there is an element of the paternalism here that's protecting people from some pretty malicious stuff, which could also cause a lot of harm. However, seeing this paternalism as the basic normal way that software is used shows that we've lost a lot.
It has lost in it's goal of giving freedom to the end users which is the real goal.
John Deere has built a great tractor that the company itself prevents you from repairing without their involvement.
The only beneficiary of open source there is John Deere.
> Wanting openness in everyday tech isn't "absolutist" in itself. But the article's tone (and a lot of the FOSS movement's rhetoric) frames it as failure rather than frontier.
It is a failure. Things have been moving away from openness. A frontier would move toward it.
https://en.wikipedia.org/wiki/Openmoko
That’s predicated on the assumption that FOSS is preferable to the alternative- maybe it isn’t.
Yeah. I'd say open source won in the basic infrastructure of the tech world, but actual political free software is just barely holding on. I want users to be free not some base shared code you can't actually modify running somewhere in the stack of a closed source SASS.
In most places that I have been, free software is basically the way to not pay for software, for most companies free === gratis.
In the 1980's and 1990's, the same kind of places would be pirating software.
In Portugal, we used to have shops with catalogs during those days, hardly anyone at goverment level cared about software sales, nowadays it is controlled by an economic agency and those kind of shops aren't as easy to find as they were up to early 2000's.
Free software allows them to now be in a legal state, yet the authors get the same as before most of the time, nothing.
Which is why in the end many FOSS projects end up pivoting for something commercial, preferbly in ways where even piracy isn't possible, like SaaS.
> From Linux and K8s to Postgres and Python, it is the infra of the internet.
I may be unable to control the software in the device I am holding in my hands right now, but the important thing is that a few corporations can externalize the costs of maintaining their infrastructure to "the open-source community". And even get free publicity from doing so!
As someone not deeply involved in FOSS I am starting to get the absolutist mindset.
I run graphene on my phone and this new restricted security patch limit by google is nothing short of a shit show.
Can you shed light on this new patch? Does it hinder your freedoms as a user of graphene OS?
I wonder if switching to a Jolla C2 [0] is a reasonable alternative.
[0] https://commerce.jolla.com/products/jolla-community-phone
Google recently changed their security policy regarding Android, where there's now a 3-4 month delay between when OEMs get access to security patches and when they're posted to AOSP (it was previously 1 month). The patches are broadly distributed to OEMs, so there's no significant barrier to attackers and companies like NSO Group and Cellebrite obtaining them. GrapheneOS has access to the patches, but the embargoed nature means they're not able to publish the patch source code or any details about what vulnerabilities are being patched. This means that GrapheneOS users are forced to choose whether to opt into the closed source patches and get recent vulnerabilities patched, but lose out on having an open OS.
That means that Graphene OS is "eventually open source", which is a practice as old as open source (call it free software, if you prefer) itself. More on https://opensource.org/delayed-open-source-publication
> "Winning" doesn't have to mean owning every transistor; it means setting the norms and powering most of what's built.
I remember when winning meant you can modify your computer as you please because you have all the sources. We’re locked down in a world of apps, saas, and whatnot.
Free software may have won on the infrastructure side, but it is people's computing that deserves freedom first and foremost. The good news is that Linux is gaining ground on the desktop, and we may eventually see the "year of the Linux desktop."
The issue is that most people's computing has now shifted to mobile devices, and these are quickly becoming fully locked down. Apple has been a lost cause for a long time, but Google is now aggressively attempting to kill Android as a FOSS platform. Projects like Lineage and Graphene are more important than ever for this reason.
> "Winning" doesn't have to mean owning every transistor; it means setting the norms and powering most of what's built.
It doesn't matter if software published under free licenses sets the norms and powers most of what is built if critical transistors that are necessary to use important hardware at all are powered by unfree software. That is precisely what this article is decrying. If you don't own every transistor, whoever does own those transistors can use their control over them to prevent you from using your hardware as you wish, or attempting to get money out of you for the privilege; and preventing this state of affairs is actually more important in many ways than being able to use free software to create novel internet applications.
You're not wrong, but "reshaped" can mean all kinds of things. If the goal was user freedom for the broad public, than it clearly hasn't won.
Getting put to good use by your opponent isn't winning.
Winning does has many different outcomes, only some which is similar enough that the historical records will see it as such. A comparison I would make is the war on encryption that was won. It is no longer illegal to sell encryption. The question becomes how much of a victory that is if then government impose laws that dictate backdoor, like say chat control.
What did that NSA official said. They lost the battle over control of encryption, but won the war against privacy?
I don't think the article was absolutist, binary, at all.
The issue is that for a lot of things, there is exactly zero foss options. The problem is not, and the article doesn't imply, that there should be a 100% foss, so that foss finally "wins".
Can you provide some examples of things for which there are zero FOSS options?
Read the article, it has examples.
Modern TVs are a simple one.
You can't control any of them fully. Most you can't root.
Hopefully this lawsuit will be won by SFC, if it is, then anyone can sue their TV maker for the Linux kernel sources for their device and access to install modified versions of it, then replace their TV OS with AOSP/etc, or KDE Plasma Bigscreen or similar on a standard Linux distro.
https://sfconservancy.org/copyleft-compliance/vizio.html https://plasma-bigscreen.org/
But there is a simple alternative here: don't connect your TV to the Internet, use it as a dumb monitor for a FOSS streaming box (Linux PC or Lineage Android TV among others).
That doesn't necessarily work anymore, some TVs now have Amazon WhisperNet built in, and will just update ads via your neighbor's Alexa.
That's not an alternative: at the end you don't get a TV, you get a streaming box.
Perhaps you don't care about OTA TVs in the first place, but that's a different point.
How's that relevant to me not controlling the device?
Maybe it's not "overstating the loss"... it's just focusing on a different kind of loss
The infrastructure it powers is mostly cloud hosted SaaS which is far and away the most closed model of software. Cloud SaaS is far more closed than closed source software on a personal device. Often it’s not even possible to export your own data.
Very few people use much open source software directly. With a few notable exceptions it’s only used by developers and IT pros.
I suppose the Darwin kernel in Apple OSes and Linux in Android kind of count but people really don’t interact with those directly in a tangible way. They are way deep down under the hood from a user POV.
> I suppose the Darwin kernel in Apple OSes and Linux in Android kind of count but people really don’t interact with those directly in a tangible way. They are way deep down under the hood from a user POV.
The XNU kernel is only partially open-sourced. And it has a very non-open development model - development happens behind closed doors, no process to accept outside contributions, chuck a source code dump over the fence some time after each binary release.
It is better than nothing, but is more “technically open source” than “open source in spirit”. A lot of Darwin code can’t even be compiled outside of Apple because the open source code includes closed source headers.
It wasn’t always like this… in the early days of OS X, you could download an ISO of open source Darwin, install it on your PPC Mac, and it was actually a useable Unix-like OS (missing Apple’s GUI, but it offered X11 as an alternative). Then Apple lost interest-and got scared their (relative) openness was making life easier for jailbreakers and Hackintoshes-and nowadays you aren’t getting a usable open source Darwin without a huge amount of work to reconstruct and substitute the missing bits (which I know some people are working on, but no idea how much success they’ve had)
> it has a very non-open development model - development happens behind closed doors, no process to accept outside contributions, chuck a source code dump over the fence some time after each binary release.
Mostly agree re: your entire post, but, re: OSS above, does not matter, you don't owe an open development model to anyone.
I think there can be a difference between the literal and official meaning of a term, and what it most commonly means in practice - and that’s a descriptive claim about how words get used, not a prescriptive claim that anyone has some moral or legal obligation to do anything in particular
> The infrastructure it powers is mostly cloud hosted SaaS which is far and away the most closed model of software. Cloud SaaS is far more closed than closed source software on a personal device. Often it’s not even possible to export your own data.
That's fair, but I think it misses the distinction between who owns the infra and what the infra is built on. Yes, SaaS is often closed to end users, but the reason those companies could even exist at scale is because the underlying layers (OS, databases, frameworks, orchestration, etc.) are open.
You're right that control shifted from users to cloud vendors, but that's a business model problem, not a failure of open software. If anything, FOSS won so decisively on the supply side that it enabled an entire generation of companies to build closed services faster and cheaper than ever before.
"FOSS won so decisively on the supply side" because it's basically giving away something that would ordinarily cost money. Anyone can "win" by giving away something of value away for free; it's not a victory that's worth anything.
What those adopters are not doing is opening their own source code as FOSS or contributing back to FOSS. That means that there isn't a path to future success.
You are so close. Or maybe you’re there and I misread that.
FOSS killed the profit margin in just making software. That shifted profits to hosting it, and in so doing shifted the industry to a more closed model than it had before.
In other words the net effect over time on the system from FOSS was to close things more. It had the opposite of the intended effect. We incentivized closed.
The result had been horribly dystopian. Before we had PCs that ran closed source but still local software and had our own data. Now we have cloud they runs opaque software we can’t even run ourselves and our data is not ours and is subject to mass surveillance. (By “our” I mean most people. Tech savvy people can opt out with some effort.)
This is super common. It’s hard to predict the actual incentive structure that something will create, and it is incentives not intentions that determine outcomes. Large scale socioeconomic systems are mindless gradient descent machines that chase profits of various kinds the way a plant grows toward sunlight.
>he infrastructure it powers is mostly cloud hosted SaaS which is far and away the most closed model of software.
Free software was conceptualized at the dawn of the personal computing era. As it is defined, it could never prevent isolating users from the software by isolating them from the hardware, because it was assumed that the software would run on the hardware that the user interacted with directly. You could build an SaaS product on entirely copyleft software without breaching any licenses. It's only specific kinds of free software that require giving users the source code. And even then, they don't require the service provider to implement any changes. If Google Docs was free software, Google isn't going to integrate your patch if it doesn't want to.
>Very few people use much open source software directly. With a few notable exceptions it’s only used by developers and IT pros.
>I suppose the Darwin kernel in Apple OSes and Linux in Android kind of count but people really don’t interact with those directly in a tangible way. They are way deep down under the hood from a user POV.
I mean, what does it even mean to "interact directly" with something, at that point? If I'm using Firefox on Android to watch a YouTube video, is that direct enough or not? Firefox, like the kernel, is just a facilitator for a task I'm interested in. Hell, arguably, so is YouTube. Then it follows that almost no one actually "interacts directly" with software; people interact directly with their task, and software is ultimate just a tool that's more or less practical to accomplish it.
I think you completely miss the point.
You're focusing on the benefits of open source in booming the technological sector, but his emphasis is that openness ends at the developer's, not consumer's stage and this is particularly bad when more and more of your life is technology dependant and de facto you cannot control nor modify it.
> setting the norms
But it doesn’t set the norms. Enshittification is setting the norms. The positive effects of free software being tangible for the users is very much the exception.
> that doesn't erase the fact that open software has completely reshaped the modern stack
What stack?
You give a bunch of web stack examples, great. The vast majority of people will never run a server nor benefit from the licenses of the code running on the server. They overwhelming give their money to the companies benefiting from those licenses and get typical crummy consumer EULAs in return.
Meanwhile phones tablets iot tvs appliances cars tractors pacemakers videogame consoles security cameras coffee makers printers juicers friggin Christmas lights routers, all that stuff, is overwhelmingly closed source.
Speaking as one of the less-technically inclined HN users all I know is Linux has never been easier to install for even the slightly motivated and while there are lots of gaps, you really can run a lot of key tasks on FOSS without much fuss.
If someone wants to “break free” of Mac/Windows and regain some semblance of privacy and control, it’s never been easier. Not easy, to be clear. But compared to when I was in college (late 2000’s) it’s sooooo much easier.
On installing Linux, I think it always has been relatively easy to do on previous generation hardware.
20 years ago if you didn't care about decent laptops, you'd easily find a mid-level desktop tower and it would mostly work. You'd be in pain if you wanted the best GPU or best hardware, but mid-tier stuff would work fine.
Nowadays you can get Linux very easily on ThinkPads or a mid-tier business laptop for instance. Or Framework. But it will be PITA on a Surface Pro, or the best Asus laptop.
I'm with you in that the market has matured so much mid-tier is now viable enough for most office or everyday life, trying to get top hardware isn't really needed. But there's still definitely a gap if your use case spills out in a more demanding area (games, VR, CAD etc.)
Yeah to be clear I’d never say it’s “easy” and ready for mass adoption. But I also had 0 issues getting bazzite going on my PC I built with an AMD 9800x3d/9070 working out the gate. I played expedition 33 the day I finished building! Kind of remarkable given the GPU was only a month or two old. What’s striking was that I never had to open a terminal window or install a single driver. Some of the distros are near-turnkey at this point.
I work in solar, so we have quite a lot of hardware which doesn't run on free software. We couldn't patch part of our inverter pipeline because the hardware was proprietary and had no open alternatives. We had to pay quite a lot of money to find one of the original engineers and have them flown in to help us unlock it, so that we could replace the firmware with some we had a security clearance holding contractor write for us.
To be fair this is a story about not doing your due diligence and buying the wrong hardware, but I think it can give you some insight into what the article talks about. Because yes, you can install Linux, but can you install something on your blender when "BRAND" decides you need to pay a subscription to run the self-cleaning program?
Oh I definitely don’t have a choice at work unfortunately so I’m all too aware of this. I’m mostly just talking about personal computing. But point taking!
This topic provokes a question, what exactly is "winning" anyway? As others point out, how could there be absolute winning, or complete dominance of the whole gamut of software used for every purpose. Of course, no one ever proposed such a definition of open-source success.
Since the 1990s I've been thoroughly committed to using and developing open-source programs. I strongly prefer using open-source products even when they've been less robust than proprietary options. In recent years, that's changed in favor of open-source, a number of open-source programs have become best-in-class. To name a few Blender, postgresql, Firefox, most developer tools. Still, proprietary products dominate areas like OSs, enterprise programs, etc., and will probably continue to do so.
But even if not as widely used, the fact that quality alternatives exist to a significant share of proprietary offerings speaks to open-source success. It's noteworthy that giants like Microsoft have open-sourced some of their products, a practice unheard of a couple of decades ago that shows influence of the open-source movement.
A winner-take-all philosophy is bound to be as deleterious to open-source advocacy as in any other endeavor. Realistically, producing excellent, bug-free, well-documented open-source software is what it takes to find an appreciative user-base. Perhaps not the majority of users of that category of software, but is that necessary to call a project successful? To say it is seems a prelude to enduring a constant sense of failure and missing out on authentic victories.
The goal of the Free Software movement is to build a usable computing environment for which all software (i.e., "code") is free. If you include things like cell phones, tablets, web services, firmware, or basically anything other than core os components in the computing environment, that goal is very far off.
Sure, the FSF is as idealistic as it has been influential. Can't fault FSF for unrelenting commitment to stated purposes. While the totally free OS was a goal that never quite materialized, a large proportion of modern open-source systems is composed of free (in the FSF sense) software. What FSF advocates has indeed mattered.
I think the question is this: is having totally free cell phones, etc., the essential criterion of success? Or is something less than embodying FSF-style ideology acceptable? To be sure, there's no definitive answer to such a question. But ideological purity is a luxury in the real world that even FSF acknowledges, compromises sometimes have to be made, pragmatic considerations have to be taken into account.
Nothing wrong with keeping lofty goals, but as practical necessity frequently dictates, graciously accepting less than total victory more often than not best serves our interests.
(Edited re: grammar.)
> a large proportion of modern open-source systems is composed of free (in the FSF sense) software.
The critical parts aren't though, and that's where it matters the most, IMHO intentionally so.
An HP printer being 99% based on free components won't be a tangible improvement if the last 1% vehemently prevents it's free use. Open source being the core of the OS doesn't help if nothing can replace iOS on an iPhone.
We're in a world where free software has massively grown, while the day to day impacts are IMHO comparatively small. It feels like we're more free than ever, inside our new confinement cells.
I love firefox, but it is NOT best in class. What kind of copium are you huffing? I want some!
The victory situation for free software is that it becomes socially unacceptable, and rare, for individuals and for organizations to claim IP rights over software, to restrict its dissemination, to hide its source code, etc. When it is clear that software is shared commons, and nothing else.
Why would that ever happen? Software is too important for people to not sell outside of communism and free software people aren’t as good as making consumer products as capitalists
I would kill for decent NURBS oriented 3D CAD software. I feel like the 3D printing community would absolutely thrive if they stopped dealing with polygons for things meant to exist in the real world.
Rhino is really the only fully featured tool in town, at least available to the general public at a somewhat "affordable" price (~$700 from the right reseller). I end up paying to upgrade every few years when compatibility with my existing OS finally breaks. Apple announced the removal of Rosetta in 2027 (dear god why?! I use so many apps that'll likely never be made native) so I'm gonna have to pay again then.
At least, so far, it's software I'm allowed to *own* rather than rent. I can run my old versions in perpetuity, particularly on an emulator. As someone who has 3D models going back to around the year 2000 in his collection, the idea of using any of these hosted solutions just sends absolute shivers down my spine.
OpenSCAD is really the best we have in open source non-polygonal modeling tools, and it honestly wouldn't be too bad if someone could slap a decent WYSIWYG GUI on it.
This and a good RAW image processor are the two reasons I ever boot up the Windows VM these days. None of the options available on Linux come close to the software I use on Windows for those tasks.
You can get Fusion360 to work on Linux through some scripts someone created, but I don't like how Fusion works at all after using SolidWorks (and Pro/E) professionally.
Darktable gets quite good results - even compared to Photoshop and DXO.
Are raw therapee or dark table not enough?
FreeCAD is actually pretty good since the 1.0 release. Far better than OpenSCAD for anything but highly regular and parametric objects (basically fasteners and art).
And better still in the upcoming 1.1 release. Lots of improvements.
The fundamental conflict here is that software developers want/need to get paid. We have mortgages/rent/medical bills/groceries and none of those are free.
The root problem, in my opinion, is combining "free as in beer" with "free as in speech". The latter cannot be achieved if you insist on the former. I.e., if your solution to privacy is only use free-as-in-beer software then you will fail because developers want/need to get paid.
What we need is a business model in which people are willing to pay for privacy-respecting software. That's the only sustainable path. And it's frustrating to me that the people who are most vocal about software freedom are actively working against that with this kind of article.
[p.s.: I realize I'm ranting and not offering enough detail to change minds, much less offer a solution. Sorry about that.]
I think people are willing to pay for privacy protecting software. The problem is I don’t think people trust companies who claim that because there are too many instances of that “privacy” coming with a subtle asterisk. Businesses can’t seem to resist eroding trust in the interest of $ (growth! Shareholder value!) or caving to authorities. Plus, it’s rare that companies are transparent enough to earn the trust they claim we should give them.
I do agree with the sentiment: people need to get paid to write software, and people want freedoms to be respected by that software. It seems to be challenging to rectify the two in most cases (yes, there are cases where it works - those are the exception not the norm).
100% agree. Regulation is part of the answer. For instance, we trust that a gas pump is accurate because we know the government inspects it.
But I think we need more companies where trust/privacy is a brand promise. Apple, I think, is trying because they can. As long as they make money selling hardware, they don't have to rely on ad revenue.
In my opinion, the reason there aren't more companies that brand themselves as privacy-protecting is because people aren't willing to pay that much for it--at least not as much as the companies can make by selling data.
Part of my reaction to the article, however, is that the people who most value privacy are the least willing to pay for software--their solution is always about free-as-in-beer software. That obviously shrinks the market for privacy-respecting software.
It is possible if the software is a byproduct of something else that pays the bills (e.g. scientific research).
Except the "something else that pays the bills" is usually ads. And I think we all see why that's a bad idea.
Yep, open source developers don't want/need to get paid, so give them f*ck and use their code for free.
John Deere bricking someone’s tractor because they put in an unrecognized spare part has nothing to do with supporting some poor hard working software developer who would otherwise starve.
It’s using software for evil. (And if I had to bet I would bet a software engineer was nowhere near that decision. They just implemented it!)
Blender seems like a good example of how this can actually happen.
Sure--but the article is saying that there are many cases where it doesn't work--where no good free software exists.
Could the Blender model replace YouTube, for example? I don't think it can, until hosting costs drop significantly. Maybe that's part of the answer.
What replaces YouTube is a symmetrical internet where people can upload lots, and probably something like popcorn time. Then some discoverability. The only issue is lack of moderation because of "bad videos". Can't have nice things :(
With branding like "free software", it could have have lost the battle for hearts and minds for that reason alone, if not for all the other reasons.
Of course the public thinks "free software" is software for which you do not pay money.
And everyone immediately goes on their way with their downloads, without you getting the chance to give your hour-long spiel on "I'm glad you asked what I mean by 'free software'."
Because no one would ever ask what "free software" means, because they already know what it means.
It is the advocates who are terrible at advocacy who keep trying to give a term new meaning, and failing for a few decades to get the public to understand or pay attention.
You could even say that's the philosophical/awareness barrier, right there: people thinking in terms of free software, rather than in terms of Free Software(tm)(R).
(If you liked this comment, please subscribe to my newsletter about renewable clean energy, called Burn Fossil Fuels. My team has been working to get the message out, with a clever bit of wordplay there, in which we actually mean more the opposite of what we're saying. This is all explained in our hundred-page manifesto whitepaper, and we are also available for speaking engagements, at select events where we can preach to the choir.)
I really don’t like this comment but have to admit it’s pretty damn true.
Thats why I like enshittification as a phrase as it attacks the bad side of things.
If you want to propagandise against the cloud the thing most average (and indeed smart and dumb also) people hate about the cloud is: the software keeps morphing. the buttons keep moving. the menu disappeared.
Lets call it shapeshifting software. Different from this morning-ware!
Confusionware!
This touches on something I've noticed the past few years - it seems to me many advocates of most topics often do more harm than good for their cause - taking hardline positions normal people simply can't relate to, even if they do agree in theory.
Anyway, on the topic of "free" software - how might you recommend we try to frame this to be more clear to the public? I think people tried to make "libre software" a thing, but doesn't that have the exact same issue - that is, that people will misunderstand what it is?
That’s what open is meant to stand for, but Google et al have successfully caged that.
Back in the day, it was the X/Open group that was muddying the waters:
https://en.wikipedia.org/wiki/X/Open
Freedom Software?
Beats Open Software because open is still ambiguous to non-technical people.
"Freedom Apps" if you truly want to talk to the masses.
Libre software (as in Liberty).
> What picture does this paint? Things programmers care about directly, like the OS and the kernel, are quite well covered. Whatever we need, there's an open version.
I think this is the wrong conclusion. It’s rather the opposite: when there’s money to be made (applications, device drivers), businesses have came in and managed to dominate it with proprietary versions (music, video, etc).
When they don’t, it’s because of strategic business interests: you’re probably going to want to make your programming language open source in order to gain developer interests, but the applications you make on top of that closed source.
It sounds to me like the biggest problem are the users.
There’s no shortage of meaningfully free and open software to use that will do what you need, but as soon as you have to sacrifice any sort of convenience, non techies stops listening.
I really don’t know how you’re going to change that. I don’t think anybody can at this point now that Google and Microsoft are having extremely successful trial runs with fully managed systems.
> There’s no shortage of meaningfully free and open software to use that will do what you need, but as soon as you have to sacrifice any sort of convenience, non techies stops listening.
It's often beyond just sacrificing "any sort of convenience" - but rather "it's effectively impossible for someone who's not at least a compentent IT hobbyist to install this software".
> I really don’t know how you’re going to change that.
You need to change the culture in free/open software. The current goal seems to be something like "as long as it works, and I can install it --no matter how convoluted or unreliable that process is-- then that's good enough". Mainstream users don't want to use the shell, or have to search internet forums for solutions, or use Docker, or whatever.
If you genuinely want FOSS to win, the goal should be to be better than the commercial alternatives: easier to install, more reliable, better more intuitive UIs, smaller, faster, more features, whatever.
It isn't like it shouldn't be easier on Linux either as it already is much of the time. I can open up my command line and type "yay ProgramName" and hit enter a couple times to install most things. Its even easier on a distro that uses a store for distributing applications. But as soon as you get away from that curated selection the process becomes so much more difficult very quickly. Users will give up if it is more complicated than downloading an executable and clicking on it.
It should be easy to make FOSS Web apps especially ones that favour front end (and hence web standards) for most of what they do. Someone does need to be the server though so you end up with a bit of cloud.
I think another problem is marketing. The SaaS can afford to advertise. The free libre app has to be discovered.
> I really don’t know how you’re going to change that.
Better education, which is definitely not the current trend.
You can lead a horse to water but you can’t make it drink
Yeah we can Properly Educate non techies all day, but when they sit down to watch Netflix and have to deal with low quality video because their FOSS tech stack doesn’t pass the DRM sniff test with flying colors, I’ve yet to get a single person to care after that.
> and have to deal with low quality video because their FOSS tech stack doesn’t pass the DRM sniff test with flying colors
They shouldn't have to if the software is properly made. I am not talking about teaching normies to install Docker apps, but teaching them why FOSS is important and the implications of using corporate-owned tools.
My point is that DRM isn’t something that FOSS has any control over, and is becoming an increasingly common strategy to discourage using third party software because it forces compromises.
So when the DRM doesn’t work and you get a degraded experience, pitching anybody who isn’t really interested in the ecosystem of technology is pretty much impossible. One tech stack works well, one doesn’t. That’s all one cares about
I'm not sure users such as myself using non free stuff, Apple in my case, are a problem. We do our thing, people wanting to use Linux do theirs, no real problem.
Freedom lost not because it was taken, but because most people didn't care to keep it.
So much software is “open source”, but it’s either de jure or de facto controlled by a single company.
Sure you could fork it, but for complex projects you’re not gonna. 99.99% of users of open source software will never meaningfully contribute. So the only option most people have is to hope someone else forks the project if something goes wrong, and for complex projects maintaining a fork requires serious resources.
We really need to distinguish between generic “open source” and actual community built and controlled projects.
The term open source itself was popularized by the open source initiative. A group funded by Tim O’Reilly and big tech to co-opt the free software movement and make it more business friendly.
They’ve spent so much time and money promoting the term, that there’s an enormous amount of good will around it. To the point that any project that doesn’t use an OSI approved license is widely considered dirty.
You could have a project controlled by the community with a nearly completely free license with the caveat that companies making more than $100 million in annual revenue can’t resell it, and the majority of devs would trust it less than an “open source” project completely controlled by a trillion dollar company.
Complex puzzle, I feel a key part is that the financing / financial sustainability of free software has not been solved. The author touches on it a bit by saying "when you sell hardware..." which kinda means no hardware == no revenue since you can't sell the software. I don't discount that Redhat is a thing, but it is the exception not the norm.
Free Software doesn't imply someone has to write what I need for me for free.
It means that if the end user wants to control his devices he/she should be able to.
I do see it on exactly same way. A lot of people are conflating opensource with free. That model is not really sustainable if you want to do it for living.
Free software has won on servers. It is making inroads into desktop/gaming PCs (above 5% market share now), and the exodus from Windows 10 could well push it over 10% soon.
But the computing landscape has shifted towards mobile devices and this is where our freedoms are now the most at risk. It is time that we turn our back on Apple and Google and exclusively buy devices that can run operating systems that are community-controlled such as Linux phones, and devices that can be flashed to Lineage and Graphene.
I am quite convinced a lot of open source is not open for ideology reasons but rather are a result of competition and the market itself.
When the competition publishes its software for no price, the next way to make it even better is by improving the license. And if thats not enough you can even pay users to use your software, just like brave does (or did) through ads.
Now theres software which has less competition. Usually this is software that requires large amounts of investments, often coupled with hardware. Smartphones are the perfect example for this.
Also, software which is tied to hardware that you have to buy has less pressure, because there's a price anyway for the hardware. So you wont suddenly have some competition offering the same thing for free.
I don't think things can be explained by competition alone.
People don't use free software Compiler and Web browser and OS just because it's free software, but there is no better alternative.
Free software will win in the long run. But it depends on what you call "win". For me it means that, provided idealsim is still a thing, there will be dev/scientists that will want to open knowledge to others. They will write free software and each year, that free software, although years behind commercial offerings, will be better than the software of ten years ago. With the GPL, that software will stick and won't be appropriated. So in the long run, free software will produce value.
See KiCad, Inkscape, emacs, etc. Are those better than commercial offering ? Sure not. But compare that with 10 years ago: it's much better.
And in the long run (say, 50-100 years), it will come out positively.
Just keep the spirit alive.
> Just keep the spirit alive.
And to do that, blog posts like this one are necessary.
> provided idealsim is still a thing, there will be dev/scientists that will want to open knowledge to others
They don't spawn in a vacuum and rarely arrive at a significant formed idea of Free Software from first principles, so providing education and awareness into that direction is important. In the last decade free software discourse (at least in my perception) has significantly quieted down, to a point where I'm not sure that newcomers to the topic satisfy a replacement rate.
If one wants to keep the spirit alive, now would definitely be a time to push!
We need a right to repair for software, perhaps embedded in copyright law. No right to repair software by replacing it, no copyright.
I think being a programmer we must understand that there's never a one size fits all needs.
Each project has different needs having an option never hurts, as long as there is competition, there will exist a chance of open sourcing the source.
Because, closed source softwares die faster in their lifetimes, while open source remain remembered even after being unmaintained.
Had it not been for GitHub(a closed source software) we'd had never reached this stage of open source expansion and understanding, because hosting a git to open source a project was and still isn't cost effective solution. Meanwhile torrents are mildly successful with this, yet faced by the lawful resistance in many regions.
Basic goals, should be to always have a choice, if there isn't much then create one if you can. Rest is just fog in hindsight, I'd say.
Gaming is one such usecase that requires and works well, currently, with proprietary software.
As such, gaming is a sport and as long as a game is competitive, there's always a chance to bypass a n obstacle with a hack, just as there was misconceptions with OSes.
But unlike OSes, games don't have a commercial application yet, we still have a long time before the realisation of freeware gaming.
If winning means mass adoption, I think by definition free software won't win while remaining free.
If a tech becomes main stream, corporations (and people) begin commercializing it. The de facto strategy in our era for commercializing any tech is surveilling its users.
If a technology can't be harnessed, corporations will contain if not outright kill it.
We've seen this time and time again. So, the only way to win, in the sense of surviving and thriving, would be for that tech to fly under the radar. Remain in the hands of individuals who care and build it for themselves. In that sense, there are many free software that have already won.
My question is, why on earth are people obsessed with things like the year of the Linux desktop, and more people adopting their software.
Fragmentation is probably the only way free software will remain free.
> I think by definition free software won't win while remaining free.
The Linux kernel is widely adopted and remains kind-of-free.
LibreOffice is widely adopted and remains quite free.
> If a tech becomes main stream, corporations (and people) begin commercializing it
Not necessarily. That is, they may engage in commercial activity surrounding it, but that's not the same thing.
> So, the only way to win, in the sense of surviving and thriving, would be for that tech to fly under the radar.
Your "winning" requires not-winning, i.e. most people not using the relevant software.
I read through half the article, and I don't understand what it's trying to say. Has free software won? Or not? And what does it mean? No clue.
It's quoting people who say that it has won because of extensive adoption. However, that adoption doesn't mean that most people are allowed even in principle to change most of the software in embedded devices they own, or even on most of the computing devices they own.
I've also found this really weird. Like, we have Linux kernels on most cloud instances, and most data center servers, and most academic and research computing systems, and probably lately on most embedded microprocessors that are big enough to run it. (And various ecosystems for computing infrastructure and software development are mainly using free software userspace and tools.) Meanwhile, almost all user-facing software that almost all people interact with almost all of the time is proprietary. Why would someone say it's "won"? Thinking really small?
Even Linux hasn't "won" in those areas. It has just replaced what we would call a common API layer or a communication standard. The virtualization products are still proprietary. Servers and their firmware are too. People needed a Unix-like OS that hasn't been riddled with patent issues and wasn't outrageously expensive. They needed it because they were also price-sensitive or outright cheap. They didn't want to change APIs or modularize their software. Linux was there. Startup culture happened which demanded cutting all the costs you can. Linux was free of charge. Linux wasn't the best OS for the job sometimes. But it was there and it was gratis. So it became the middleware for Unix-compatible software.
We have open standards and even open/free software for anything that companies aren't making money out of. FOSS by itself cannot make money. In places where software matters the most or, if the software hides the trade secrets the most or, if it is the main money maker, creating FOSS is economically infeasible.
For FOSS to win, we need to change the economic and legal system. Current capitalist system in many West-aligned countries is actively hostile against sharing in any kind, except the ones that profit the biggest players in their non-critical areas. In a market where the first one to market gets to buy all competitors, in a market the one that has the biggest secrecy wins and gets all the money from investors like Y-Combinator, there cannot be any truly FOSS software-only products. They need to do rug pulls to support the exponential growth. Startup culture is fundamentally anti-FOSS. It is pro-FOSS in only consuming. Even a startup releasing some middleware can be interpreted as mishandling investment.
We need to make sure our governments support FOSS infrastructure and FOSS user-facing software. They need to be equal employers and competitors to Big Tech or they need to directly support smaller competitors for decades. Otherwise, I am afraid, FOSS cannot win.
Corporations are not really a capitalist thing. They get misconstrued as one.
Yes, it is never a true capitalism.
they're suggesting that "open source" has won (attention, mind share, funding, whatever) while "free software" as defined by richard stallman has not
I may have glossed over this detail, but I didn't think the article was saying that "open source" had actually won either (perhaps that people who preferred the term "open source" have tended to accept much narrower wins as "victory" in practice?).
My takeaway was that the article was looking at common Open Source claims, and then locating the only " 100% true" example of that.
Like you cant make a 100% open hardware mobile phone. Theres lots of near enough cases. But that Qualcomm chip is proprietary for the phone bit. So they exaggerate by going back to an old, open source rotary phone.
It didn't succeed because he was always against making money from software. He also has pushed for governments to be forced to use FOSS.
I remember him doing some interviews in the 90s, and he would put his coat over the camera, if it wasn't using FOSS. This sort of zealot mindset will always be on the fringes of society and eventually abandoned for something more liberal (which is what we've seen in the last decade or so).
FOSS used to win by being able to run on anything. Now hardware chooses you. If you’re not running the sanctioned OS, even the browser might be crippled. I’m not sure if that’s progress, but it’s definitely not freedom.
The reality is that since the invention of ICs, electronic devices have become 'black-boxes' that the vast majority of people can't hope to understand the entire workings of. Free software licenses were never going to change that.
The pacemaker example is an interesting one. Medical devices are shrouded in secrecy, ostensibly for "good reasons", but in reality they're often insecure garbage. I'm not sure if an open source pacemaker would be safer than a proprietary one. It would be nice to be able to audit the source code, but I'm not sure whether contributions from random committers would have a net positive impact in this space?
People seem to think Free Software ought to have won purely as being free, as if that was somehow going to overcome the heinous acts f profit motivated groups to try and take away your end user freedom for their own gain. Its an idealogical battle not an economic one, though sadly we havent won its true
In many cases you shouldn't need a computer, and for many where a computer is helpful, a very simple one should be possible which can use less power and with small enough ROM and RAM, and not needing any Wi-Fi and stuff like that. You also should not rely on computers too much even in the circumstances where they are helpful.
I do think that different computers (and other stuff) can be made which do not use proprietary software (and which do not use excessive software; I think it is also important, for a different reason). Free open specifications can also be made, too. Many people don't, but it can be done (although in some cases it is difficult, for various reasons).
Well said.
“When you create a machine to do the work of a man, you take something away from the man.” — Star Trek: Insurrection.
A month ago I watched animatronic dogs herd sheep around a paddock just minutes after some Border Collie did the same thing. What came to mind straight away was: that’s not a problem that needs solving. Yet here we are, injecting technology into every nook and cranny we can and ultimately all it’ll do is free us from our own freedom as people and enslave us to the rich, who will own all the tech and knowledge to support those animatronic dogs.
It's about to get much worse.
You can't vibe code without using a service from a big company, and obeying their rules.
If Microsoft terminates your account, your programming career is over.
>You can't vibe code without using a service from a big company, and obeying their rules.
In abstract, probably true, but so vague to be useless.
I can probably vibe code with qwen on debian. But are you then going to pivot from your microsoft example to like, my ISP? And if I point out I can move to an ISP with less than 5 staff, you will probably just move the goalposts further right?
Might be better to let you establish your goalposts first hey.
What has your experience vibecoding with Qwen on Debian been like so far? What tooling and approaches have you found to work best?
I use it on Windows, I am just loosely aware that I could run it on debian if I wished. I use 7b and its roughly as useful as GPT 3.5. I dont have any tools linked to it yet.
Does that mean "pretty useful" or "a total waste of time"? I never got much useful code out of GPT 3.5.
I'm implementing an MCP client using Qwen3 4B and its tool call capabilities are impressive! I'm sure it will only improve and the 30B is probably already much better.
What are you running it in, ollama? Did you have to install some additional software to enable it to call tools (also via MCP?)
LM Studio. No additional software but I implemented the MCP client myself using the typescript-sdk[0]
0. https://github.com/modelcontextprotocol/typescript-sdk
Thank you very much!
Eh, this I cannot abide with. There are dozens of hosted model providers, from the foundational providers (OpenAI, Anthropic, etc) to cloud re-hosting (Azure, GCP, AWS) to routing proxies (OpenRouter, Vercel, etc). There are huge open source models that are quite competitive (Qwen3-Coder). There are smaller open source models that can run on your laptop and easily help with function writing. There are walled garden, highly integrated tools (Claude Code, Codex) and there are plug-and-play bring your own API key or model tools (Charm Crush, etc). The ecosystem is vast, and every facet of it appears to be getting better.
What if you just like do normal programming instead?
What if vibe coding becomes 20x faster than normal coding? Are you going to stay old school and write artisanal code?
It may surprise you to learn that some people actually like programming, so yes I will. If AI tools are 20x faster then I guess I'll have to use them to get paid, but I'll be damned if I start letting a computer do the fun part for me on personal projects.
That said I'm not too worried. Vibe coding is currently slower due to how bad it is at writing software. In several years companies pouring billions into improving LLMs still haven't been able to make them not suck. That suggests to me that it's a fundamental limitation of the tech at present, and won't get better until another research breakthrough happens.
We've had AI assisted coding for less than half a decade.
The rapidity of development is astonishing.
These two statements can coexist. Yes, AI is amazing. And yes, it is not good enough yet to significantly speed up my work beyond research and writing tests.
Quantity was never an issue, quality is.
There's no silver bullet in software development.
Universal statements have a high burden of proof.
People used to claim we'd never fly. Shortly after we started, we reached the moon.
The entirety of the last 60 years of software may have been a low energy local optima.
The last 60 years of software gave us amazing projects, and if you go through their code, you'll see the same principles that is outlined in every good software engineering book: Good organization, hackish when needs be to resolve some accidental complexity, good comments,...
Most of those things rely on having the right mindset/philosophy first, then having a good grasp about the domain and the technologies (programming languages, platforms, libraries,...). After that you need to start thinking about the tools you used to help you (editors, test runners, static analyzers, debuggers,...). Most LLM users put the latter above all others. Like using the agent precludes knowing about the domain, the technology, and the tooling. And what philosophy? Craftmanship? Sir, here it's all about YOLO.
> You can't vibe code without using a service from a big company, and obeying their rules.
True, but that's also not exactly a good thing to be doing to begin with.
This is one of my biggest problems with AI coding assistance. And how they will shape the development of less human friendly APIs and libraries over time.
> If Microsoft terminates your account, your programming career is over.
Why wouldn't you just get another account?
Age verification laws in the US are chipping away at Internet anonymity. You might not be able to get another account because your legal identity might be required (and can be banned).
This isn’t just a US thing. Many countries require KYC for a lot of online accounts
All major platforms have mechanisms to identify ban evasion. It's not so easy to create another account when, for example, they ask for a phone number.
In the U.S. at least, it is trivial to buy a new SIM anonymously. But really, you should refuse to use any platform that requires a phone number in the first place. These companies make it implicitly very clear that they want to control you and extract every bit of information that they can from you.
Slightly unrelated but GH's ToS clearly only permit one free account per person and I've heard they sometimes enforce this
Can't tell if this is a joke or not...
i'm guessing you've never seen r/LocalLLaMA?
It's a miracle that open-weight LLMs are even a thing at all, let alone as good as they are (very).
You need thousands of dollars of hardware to run a decent coding model with bearable tokens/s.
Freedom isn't free. That is why GPL does allow charging money for software.
Freedom isn't free.
Haiku will win in the end, at least win what many in the free software world are trying to win. Or at least what I think this blog is trying to get at, but it is a weird post I am not completely sure what it is trying to get at. But I do appreciate its methods even if I am somewhat confused by them.
The year of the linux desktop is not going to happen, far too much baggage. The year of the Haiku deaktop will happen; they are doing everything right and staying under the radar until they are ready.
Like all permissively licensed software, it certainly will win what many in the free software world are trying to win: a bunch of nerds will do a ton of free work for corporations in exchange for absolutely nothing. Not even the drivers they need to run their own software on their own hardware. See: BSD, Minix, etc.
Permissively licensed software is everywhere. It's winning. What exactly it's winning, I'm not sure. Permissively licensed software is in my hypervisor. It's in my ankle monitor. Permissively licensed software will power the terminator drone that kills me in WW3. But it isn't in my laptop because the drivers don't work.
I've been using desktop linux for 15 years, at least. I play Steam Games on my Linux Desktop. I work on one. It's not prefect, but neither are the other OSes.
I have been using desktop linux for more than a decade longer than you and have config files older than 15 years. No idea what our individual experiences have to do with this but I win, I guess?
I guess what I am saying is that its been the year of the linux desktop for 15 years for me. What is the status of Haiku running on real hardware? Can it use linux device drivers yet?
I think Haiku is a neat project and I wish it well, its just hard to imagine what path it has to desktop dominance.
That is a hot take. I’d take the other side of that bet.
What do you want to bet and which assertion are we betting on?
Haiku has stayed out of the open source drama and focused on its goals; slowly and steadily working towards them even when the goalposts move. The big thing is their determination and staying focused on the user experience in a way Linux has not and can not without a single distro wining which is not going to happen. When it comes to the desktop, Haiku is offering everything Linux doesn't.
Huh? I like haiku and all but have never seen it running anywhere. At least Linux has a few percent market share. While not huge it is in the millions of folks successfully using it across the world every day.
Microsoft, Google, Amazon. They will all open source wash themselves and have a cadre of former red hat and other equivalent employees speaking about how they are the center of open source.
Meanwhile there's an entire parallel universe where people view things using different terms than these tired 1990s battles.
The next generation of software cannot be controlled by a small number of hyperscalers.. that is the new center of freedom focus. Times change
The title undersells it, it retreated. We open sourced the visible parts and then built a surveillance and firmware monoculture underneath. Every “smart” thing is a dumb terminal for code we can’t audit. The GPL didn’t fail, we just stopped applying it where it mattered most.
Note that non-free firmware in a network card, for example, doesn't affect anything, if the traffic is encrypted (and ideally routed through VPN so that the card has no direct Internet connection). So in some cases we can isolate non-free components so that they cannot do any harm. Modem in a phone, probably can be isolated also.
A non-free firmware in a network card can
1) deny you service at the will of its true owner,
2) stop receiving updates rendering this piece of hardware dangerous to use with no recourse.
As a quasi-tech person I can’t imagine what more can be (or what isn’t being) achieved within reason by FOSS. And when it comes to Life’s Big Problems™ showing me someone playing Snake on an ULTRAK 435 Digital Pitch Counter doesn’t instill me with confidence that free software is as big a solution as its proponents would like to think.
The main benefit that I see it of having the source code to the software running on the devices you own is that you can always fix or modify it if and when you want to. Lots of things can happen such as the law changing, the company going out of business, the company stopping support for your device, or you just wanting to make some changes to how it works to better suit your lifestyle.
This doesn't mean that everyone will dive right in and make the code changes by themselves, but it does allow for paying someone knowledgeable to come in and make the changes for you. The same kind of way that you can (or used to be able to) get someone knowledgeable in cars to come in to fix or change things for you.
Think of it as having access to the device's schematics so that you (or someone knowledgable) can make repairs to the device when you need to.
This brings me to another point, that in addition to having the source code for the device available, there way to build and deploy the code to the device also has to be made available, otherwise it's only a shadow of a solution.
"Within reason" is doing a lot of lifting in that sentence, isn't it? What I define as reasonable FOSS solutions, many executives would not agree with, but that doesn't mean they're not practical or acheivable.
Your Snake example also doesn't seem very fair - there are many large, concentrated FOSS movements and organizations that are doing good. More and more - albeit very slowly and sporadically - there are governments and organizations choosing to invest in self-hosted FOSS solutions. And you focus on hackers expressing curiosity doing silly but interesting things on various types of systems. Come on.
Well, you seem capable enough at shouldering the load that the phrase imposed.
Free software has been killed by all the companies offering 'open source' solutions...
Soo open source "won" commercially, but Free Software hasn't won philosophically
Isn't the author confusing closed platforms for closed software? There are open platforms out there (Mastodon, Bluesky), but they lack traction. For any closed platform, the owner of the platform gets to decide what the stack looks like.
I think the free software model underestimates how much people dislike being compelled to operate on other peoples terms when it comes to exercising discrete with their intellectual property. Even if they get "free" software.
The suggestion free software is free is intellectually dishonest, I don't think free software is really free, the nature of it is very controlling towards those who decide to depend it. I publish most of the code I do for small side projects publicly, but I would never use free software if I arbitrary forgo to my ability to make the decision for myself. It deprives contributions of dignity, any suggestion a contribution comes from a willingness to share is undermined by the fact they are compelled to do so.
There's a reason why their interpretation of free is prefaced by a bunch of precondition, because it's a force framing that is odds with what people actually understand to be free.
It's free as in freedom/libre - liberty.
Someone with authoritarian viewpoint is of course going to chafe against principles of liberty, and that is how it should be. Same is true in software.
But it literally isn't that, as an author in depending on it you reduce your liberty. The software is free, those dependent on are not free.
You could argue well it's free to users, but there's a level of survivorship bias due to the fact this is confined to the software people will publish under this license.
Edit: Back to "free software losing" is unsurprising given the above. All the benefit to the user are ultimately irrelevant to the growth of software when doesn't come from users, it comes from people weighing up if they want to forgo this ability to exercise control over software they made. And the portion of users who actually care are negligible to the point it has zero incentive to the software provider. The one exception I would say is, the "Free" softwares model works well for public goods like shared infrastructure like database software and such, but for end user software it is insane licensing model.
> Someone with authoritarian viewpoint is of course going to chafe against principles of liberty, and that is how it should be
Do you even hear yourself. This is the rhetoric why no one takes this seriously. Your suggesting my desire not to be deprived of my own personal liberty and act on my own terms (without causing harm to anyone else) is somehow authoritarian? It's such a narcissistic / manipulative entitled framing, to suggest this embodies anything resembling liberty.
Why would anyone want free software to win? Dont most of us here draw an income from software that’s explicitly not free?
To me, having different ideals, that sounds as strange as saying 'why would anyone help an old lady cross the street without getting paid for it?'. Sometimes one may want to do something without needing to get money for it.
Free as in Freedom not as in free beer.
Yeah I'm not exactly sure what the appeal is of a world in which none of us are rewarded for our time and labor...
It's 2025. Code is worthless and becoming more so. The distinction of free versus open-source is moot.
Blog styling is a bit weird and for the actual copy I kind of don't get its direction
Nothing is truly free. All developer time is bought and paid for. Even leisure time. What pays for the software developer to be able to not starve and be able to spend leisure time on free software? Paid software. Obviously. Somewhere in the equation someone needs to be paid.
Usually if software is open source, it won't be paid for. So whatever is funding it... well if it's a software company funding open source software where does the money come from? Obviously paid software. And people won't pay for open source software because it's basically free.
Follow the money trail it ends at roughly three places: 1. donations, 2. tech support 3. ads 4. closed source software.
1 and 2 are too miniscule to be effective.
All this time and people still do not understand the difference between Freedom and Gratis.
And 3 is worse than 4.
What's not mentioned here is that every single successful OSS project is funded by multi-million dollar corporations and the reason it's so prevalent today.
The rest usually become abandonware because maintainers don't have the time or energy to continue with it for years at a time, especially if they can't make money from it.
I think we vastly underestimate the impact that AI will have on open-source capabilities and technology.
I mean the reactions to posts on HN when a developer dares to make their OSS/MIT project sustainable by adding paid extensions is part of the problem. Almost to the point where I believe most developers are acting in the interest of the large corperations by bullying OSS developers into keeping their work free as in gratis.
The same people lose their minds if a project is GPL or copyleft.
I guess there will always be people who think in black and white. I'm pretty sure that if Stallman had been born in the 19th century, he would have been the first to write "The Communist Manifesto" before the other two guys had a chance.
I highly doubt that, considering Stallman's stance on freedom and personal sovereignty. Free software often operates like market anarchy (pure meritocracy), similar to the Internet. Coercive structures of centralized power that dictate what the 'common good' is do not align with the principles of the GPL. Also the GPL is focused on enforcing property rights ("this is yours unconditionally"), while communism emphasizes transferring property to the government ("this is ours but you might have some if you behave").
But I would say Free software also has not lost. It also has the advantage that it will get better with time and a lot of commercial software gets worse throug enshittification. We also saw this with blender, I think free software will win eventually
Blender is an interesting case. It's seeing wider adoption in studios generally - an Oscar win has helped and the recent Blender Conference had talks from Framestores vizdev[1] and Paramounts in-house teams[2]. Blender 5.0 is around the corner, which is adding more and more industry standard features[3][4], though recently there was a discussion about pulling away from the VFX Reference Platform[5][6], which they have walked back from[7]. It's not there yet, but it's gaining mindshare rapidly. Enshittification in DCCs is interesting. Arguably the two dominant companies, Autodesk (Maya, 3ds Max) and Maxon (Cinema 4D) are on that path, whereas SideFX (Houdini) is kicking ass!
[1] https://youtu.be/BtZ-ien0WOk
[2] https://youtu.be/DJu7C6tVM8o
[3] https://youtu.be/UiIJytlTFPc
[4] https://landscape.aswf.io
[5] https://devtalk.blender.org/t/blender-and-vfx-reference-plat...
[6] https://vfxplatform.com
[7] https://devtalk.blender.org/t/vfx-reference-platform-stateme...
Yet ;-)
Sybase and Ingres disagree.
how does Linux's world domination feel ?
Prusa has already said they will start closing their devices to fight against Chinese clones.
That's unfortunate, mainly because they will find out that they can clone closed devices as well, in fact it's their default mode (not much of HW is open).
They even clone stuff that you send them to manufacture but forgot to include the sources (or have them outdated) as part of providing a good service :)
Fundamentally, the issue is that only a small number of people know what free/"libre" software is, and only a small subset of those people think it is a good tradeoff.
For that reason alone, there's just not going to be a lot of people working on building something the vast majority of people very clearly do not want.
If AI is actually a software revolution, OS/Freeware will close the gap with non-gaming proprietary software.
I hate to complain about styling, but when I can’t read it, I have to say something about it.
This has a strange CSS styling problem on my phone. There’s no left margin in portrait, so it’s basically unreadable, but if I go landscape it’s fine.
Use firefox. Click "reader view" on any page and read it according to your own theme. Maybe help free software win.
Flipping into reader mode constantly is clunky and jarring. People shouldn’t use that as an excuse for poor styling.
As someone who recently made a post on how to change it just recently and has been thinking about why[1] Here are some of my thoughts.
Your article is great and that is a reality I also want to live in where everyone completely "owns" their device and lives free from proprietory stuff and you are approaching things from a hardware perspective because you maybe more familiar with that and I am more familiar with software (as compared to hardware) but here's the shocking part that I want to share
People don't even use open source software. Something which just works as compared to hardware. There are sooo many low hanging fruits for privacy in this world that we haven't picked.
Even if I have a completely open source laptop, if the only way to message my school's teacher some message that he will look or send me is whatsapp, all of that falls apart.
We need to advocate on both sides & I 100% agree that we should want the same thing for hardware as well (proprietory blobs Intel ME are scary with proprietory blobs) but we need to definitely prioritize in the process as well.
What are some low hanging fruits of privacy/open source we can share that people aren't using because they are unaware.
Also, as someone deeply interested in advocating for open source and to those comments on that ask HN I made, I am deeply saddened to see the state.
Since I feel from those comments on my post that there is no hope. Everyone expects a better UI/UX but nobody said anything about donating to the contributors.
We expect so much from open source and we give so little back as a society.
And its just funny that on my post which is about how to give back to open source contributors so that they might work full time on it so that they can make a better UI/UX, people expect the better UI/UX first. I can understand them but...
It becomes a chicken and egg problem. Open source is itself a chicken and egg problem. Why do we want unpaid labour abused by big tech which is then used for surveillance/ad-tech and then if we can't create a better UI/UX then stop trying to expect any payment. Why do we want perfection before giving open source guys some donations. They are competing with a company which might have full time guys working on a project funded by a VC fund only to enshitten stuff later.
Please, I genuinely want to change it. Give me any ideas on how we, the people interested in open source, can change/fix this chicken and egg problem.
[1]: https://news.ycombinator.com/item?id=45558430 (Ask HN: Why are most people not interested in FOSS/OSS and can we change that)
(also I should've probably changed it to say how can we change that but the HN limits the text of a title and I had to modify some of it, and now after writing it, I am genuinely not sure if we even a "how can we change" or if my title was correct and its now "can we even change")
[flagged]