IRC #olimex 2023-01-02[00:00:16] <joepublic> me and the olinuxino are both plugged into the same ethernet switch, no firewalling to speak of
[00:00:54] <Shane[m]> 🤔
[00:01:21] <joepublic> i can ssh to it fine when it's booted to the ancient image that works
[00:02:54] <joepublic> nmap shows "80/tcp open http" for that host
[00:03:37] <Shane[m]> curl it? or try to force http?
[00:04:41] <joepublic> curl gives me a 302 redirect to http://192.168.0.38/plinth/
[00:05:01] <Shane[m]> try that then?
[00:05:19] <joepublic> that gives me a 301 redirect to https://192.168.0.38/plinth/ ... which ...
[00:05:42] <Shane[m]> 🤔
[00:05:47] <joepublic> gives me a curl error about self-signed certificate
[00:06:26] <Shane[m]> --insecure ?
[00:06:48] <Shane[m]> will allow curl to open self-signed certificates
[00:07:20] <joepublic> `curl --insecure https://192.168.0.38/plinth/` returns nothing
[00:08:21] <Shane[m]> without the plinth?
[00:08:45] <joepublic> a 302 redirect to https://192.168.0.38/plinth/
[00:09:19] <Shane[m]> try to force web browser to open "insecure" websites then?
[00:09:29] <Shane[m]> my hypothesis is that it's failing bcs of the cert
[00:10:13] <joepublic> [litany of curses] the darned thing opens in chromium, just not in firefox-ESR
[00:10:26] <Shane[m]> xDDD
[00:10:38] <Shane[m]> well you can just install the cert i guess O.o
[00:12:17] <joepublic> libre distributions don't even have chromium. sigh.
[00:12:38] <Shane[m]> We have degoogled-chromium on GNU Guix ^-^
[00:12:56] <Shane[m]> which complies with GNU FSDG
[00:13:09] <joepublic> cool
[00:13:52] <Shane[m]> you should be able to just `apt-get install guix && guix pull && guix shell degoogled-chromium -- chromium` for it to work in theory 🤔
[00:16:16] <Shane[m]> joepublic: quick search said that toggling `security.certerrors.permanentOverride` in about:config might fix it for you?
[00:16:41] <Shane[m]> test website: https://self-signed.badssl.com/
[00:16:57] <Shane[m]> which works for me on GNU IceCat 🤔
[00:17:21] <joepublic> should I be setting that to true, or false?
[00:17:38] <Shane[m]> true i think
[00:17:41] <joepublic> it's currently true
[00:17:50] <Shane[m]> false then! >_<
[00:19:12] <joepublic> yep setting it false lets me in with firefox-ESR
[00:19:16] <Shane[m]> hmm it's true on my end though and i have that "accept risk and continue" button
[00:19:20] <Shane[m]> joepublic: yay!
[00:19:43] <Shane[m]> consider contributing this solution to the wiki ^-^
[00:19:50] <joepublic> yes with the accept risk and continue button. i trust this freedombox image enough to risk connecting a darned web browser to it.
[00:20:46] <Shane[m]> well is everything working now? O.o
[00:21:31] <joepublic> I am paging through the freedombox setup. seems to be working perfectly as designed.
[00:21:43] <Shane[m]> yay!~ ^-^
[00:24:40] <joepublic> I am sorry to have taken so much of everyone's time on what turned out to be probably a bad card and I really appreciate the help.
[00:37:37] <bill-auger> Shane[m] just FWIW, no variant of chromium has been approved by the FSDG - the FSDG explicitly requires to replaces chromium with something else (Eg: icecat)
[00:38:34] <Shane[m]> joepublic: take more time i am happy to help :p
[00:38:47] <Shane[m]> bill-auger: approved by GNU FSDG according to guix bcs it's in the main repo
[00:39:24] <bill-auger> "according to guix" yes - but "approved by GNU FSDG" no
[00:39:32] <Shane[m]> and they are like nerds with automatic weapons if you even try to push something close to non-free or violating FSDG and they will aim those at you if you try
[01:06:52] <Shane[m]> bill-auger: where do you see that it's not approved by GNU FSDG? It seems to fit the requirements
[01:07:25] <Shane[m]> https://www.gnu.org/distros/free-distros.html and guix is stil llicensed for GNU FSDG if it like broke the guidelines it would be enforced
[01:17:01] <bill-auger> that is what we would hope, but sad to say, that was not the case with guix and chromium - pureos was asked to remove it about 6 months earlier, and they did
[01:17:46] <Shane[m]> pureOS had regular chromium to my knowledge
[01:18:36] <bill-auger> as far as anyone knows, there is no difference between regular chomium and ungoogled-chromium, WRT software freedom
[01:19:30] <bill-auger> ungoogled-chromium treats privacy issues only - those were decided to be necessary but not sufficient
[01:20:43] <Shane[m]> https://github.com/Eloston/ungoogled-chromium there seems to be a lot of difference based on the github
[01:20:54] <Shane[m]> > Strip binaries from the source code (known as binary pruning; see docs/design.md for details)
[01:21:33] <bill-auger> this is a summary https://lists.parabola.nu/pipermail/dev/2022-March/008203.html
[01:22:47] <bill-auger> the problem is that the code-base is over 4 GB - no one ever has read it all nor identified all of the licenses, and probably no one ever will - that factor alone, is a _huge_ problem
[01:22:49] <Shane[m]> that seems to talk about 'chromium' not 'degoogled-chromium'
[01:23:14] <bill-auger> because ungoogled chromium is not verry significant
[01:24:44] <bill-auger> the ungoogled treatments were decided to be necessary; but not sufficient - so that part of the chromium's problems are solved already - but the software freedom problem imposed by such a huge code-base is much more significant
[01:27:42] <Shane[m]> 🤔
[01:27:56] <Shane[m]> don't we have like things to scan the code for copyright issues
[01:28:33] <Shane[m]> e.g. https://github.com/oss-review-toolkit/ort
[01:28:53] <Shane[m]> or even https://github.com/nexB/scancode-toolkit
[01:28:56] <bill-auger> even if it were proven to be 100% libre (which is infeasible, even the chromium devs can not claim so), still it is effectively non-free , due to the massive code-base that no one actually wil read
[01:29:25] <Shane[m]> why is that a requirement?
[01:29:26] <bill-auger> yes i know about those - also fossology - fossology existed first
[01:29:26] <Shane[m]> for like people to read the thing
[01:29:49] <bill-auger> the abilty to read source code is freedom #1
[01:30:01] <bill-auger> the abilty to practically modify the source code is freedom #2
[01:30:13] <joepublic> ok, it's readable. there's a lot of it, but it's readable. [X] 1
[01:30:20] <bill-auger> a 4 GB code-base pretty much precludes that
[01:30:25] <joepublic> you can change any part of it you want [X] 2
[01:30:33] <bill-auger> sure, if you can find the part
[01:30:55] <bill-auger> maybe in 20 years, when you find that code, then you can modify it
[01:31:05] <Shane[m]> freedom #1 is use the software for any purpose, you meant freedom #2 which is the freedom to study how the program works and change it however you wish
[01:31:10] <Shane[m]> the freedom #2 is not violated
[01:31:12] <joepublic> as with any software, collective groups can do the work of those less experienced individually.
[01:31:37] <bill-auger> the numbers start at #0
[01:32:03] <Shane[m]> mb
[01:32:25] <bill-auger> joepublic: seriously though = how large would that collective need to be, to audio 4 GB of source-code, say within one year ?
[01:32:26] <Shane[m]> still you are changing the wording which seems bad faith in relation to the software freedom
[01:32:32] <Shane[m]> > Freedom 1: The freedom to study how the program works, and change it to make it do what you wish.
[01:32:37] <Shane[m]> this is not violated on ungoogled-chromium
[01:33:04] <joepublic> bill-auger, it would be a large, probably distributed project if undertaken.
[01:33:28] <Shane[m]> i don't think it would be huge it depends on too many variables
[01:33:30] <bill-auger> ok and IFF that were undertaken, then we could make some claims about it
[01:33:41] <bill-auger> but that is never goiung to happen
[01:34:02] <Shane[m]> like chromium was audited we can just ask the people who did the auditing
[01:34:25] <Shane[m]> the claim of "unclear licenses" also seems like bs
[01:34:31] <bill-auger> not because it is forbidden by any licenses, but because it just too much code - no one wants to do it
[01:35:16] <joepublic> nonfree is nonfree, but "large code base" would violate freedom #sqrt(-2), "freedom to have small, easily readable bites of source code"
[01:36:05] <bill-auger> the large codebase does not violate the 4 freedom - it simply makes it nearly impossible to prove that you have the 4 freedoms
[01:36:16] <joepublic> well put. we agree there.
[01:36:22] <Shane[m]> i disagree
[01:36:41] <Shane[m]> i can't objectively argue that any freedom is being violated on ungoogled-chromium
[01:36:57] <bill-auger> to be mre explicit - there only needs to be one unlicensed file in the entire code-base, to make it non-free
[01:37:11] <joepublic> oh? what's its name?
[01:37:36] <bill-auger> that is the problem - no one knows, no even the chromium devs can answer that question
[01:37:54] <Shane[m]> bill-auger: that's what the fossology and alike is for and google did audit on the code so the licensing is handled as well with the auditor bearing legal responsibility if not
[01:38:04] <bill-auger> there is too many files - too many places for a non-free file to be hinding and never seen
[01:38:05] <Shane[m]> depending on the used legal
[01:38:17] <bill-auger> Shane[m]: i know - but no one is ever going to do it
[01:38:33] <Shane[m]> So is in firefox and linux and you use them too 🤷
[01:39:48] <bill-auger> firefox is about 1/10 th the size though
[01:40:50] <Shane[m]> still objectively large codebase to review to fit that requirement that is not highlighted in four freedoms
[01:41:42] <bill-auger> not explicitly - but effectively
[01:41:58] <Shane[m]> none is legally preventing you from doing a resource management to audit the code -> compatible with freedom #1
[01:42:39] <bill-auger> but no one ever hzas
[01:42:54] <joepublic> imo that's a lousy criteria to call something non-free. "We don't know of anything nonfree in it, but it's big, so it must be considered nonfree"
[01:42:55] <Shane[m]> i would agree that chromium is bloated and therefor objectively worse option to firefox and alike but labeling that as non-free bcs it's too big is insane to me
[01:43:07] <bill-auger> and no one ever will - so no one will ever know the true answer "is this libre?"
[01:43:28] <bill-auger> its not labeled as "non-free"
[01:43:53] <bill-auger> it is labeled as "not yet proven to be libre"
[01:44:15] <joepublic> I apologize for participating in this wholly off-topic side chat, by the way, despite quite enjoying the viewpoints of others therein.
[01:44:46] <Shane[m]> How do you even prove that something is libre? Software patents are a problem in the US and you can write a software that is identical to something someone write X years ago and has patent on
[01:45:35] <bill-auger> that imples two prescriptions 1) use something else - or 2) audit it, fix and document any freedom issues, and submit the treatment for approval (so that may become the new recomendation
[01:49:32] <Shane[m]> you have to register copyright within 3 months to the U.S. Copyright Office or it's alternative in other juridistical areas so if fossology detects anything then it's a problem else not really?
[02:05:38] <Shane[m]> oh the copyright office doesn't by itself know what copyright they have
[02:05:38] <Shane[m]> smh
[02:06:27] <Shane[m]> seems more like a legal issue than a copyright one.. like we either have a definitions to use to check copyright on the code or it's impossible to verify thus things that can't be verified should have their copyright revoked
[02:06:54] <Shane[m]> might be a cool project in the EU ^-^
[02:07:23] <Shane[m]> to make thing like fossology that everyone has to declare copyright definition to and if they fail to do so then their copyright is non-enforcable
[02:18:21] <bill-auger> thats not a EU thing - you would need to over-turn the global copyright law, per the bern convention
[02:19:33] <bill-auger> copyright is automatic and always enforcable, as long as the copytright holder can prove their identity
[02:20:59] <bill-auger> perhaps the biggest prblem with this "opensiource" thing, is that many copytright holders would refuse to identity themselves - in that case, the copyright is non-enforcable; and its is probably quite common
[02:21:17] <bill-auger> but if the copyright is non-enforcable; that kinda implies that the license is invalid
[02:33:49] <epony> so this is where GNU and FSF make their monthly sessions now ;-)
[02:34:50] <epony> got a licensing problem, invide 5 lawyers on dinner and don't show up
[02:36:59] <bill-auger> yea just some off-topic ranting - we are abusing this channel
[02:37:25] <epony> where on the map is USA?
[02:38:10] <bill-auger> IIRC the entire olimex company is closed for vacation this month - it started as a legitimate suport issue
[02:39:40] <bill-auger> "where on the map is USA?" <- dunno can you see waldo? - or carmen sandiego?
[02:39:54] <joepublic> Olimex: We have Chrismas vacation from 26 Dec 2022 to 2 Jan 2023 - In this period you can place your orders online but they will be processed on 3 Jan 2023!
[02:40:15] <bill-auger> oh ok - so only on week
[13:05:58] <Shane[m]> <bill-auger> "thats not a EU thing - you would..." <- Brussel's effect ftw
[13:06:38] <Shane[m]> <bill-auger> "perhaps the biggest prblem..." <- i use GPG in the copyright declaration for that reason and i think that everyone else should too
[14:42:59] <nedko> Shane[m]: do you GPG-sign LICENSE file or commits or?
[15:01:07] <Shane[m]> commits + gpg hash in the header of all files
[15:01:20] <Shane[m]> would be great if i could like sign source files though
[15:03:01] <Shane[m]> nedko:
[15:05:23] <Shane[m]> but like commits are signed so i don't think it's a good thing 🤔
[15:27:06] <nedko> ACTION tries to imagine lawyer verifying gpg hashes in header files
[16:11:53] <Shane[m]> there are lawyers who use GPG on daily bases you know
[16:14:54] <Shane[m]> like me!.. theorectically though i didn't finish the degree bcs medicine is more important to me 🤔
[17:32:03] <bill-auger> i think you misunderstood me - the copyright notices are only helpful notes - they are not very important
[17:32:03] <bill-auger> by "many copytright holders would refuse to identity themselves", i meant that people need to be willing to meet in-person, to verify the flesh-and-blood human who claims some key, eg: by inspecting each other's photo ID
[17:38:01] <bill-auger> ie: internet personas with email addresses are not entitled to copyrights - only flesh-and-blood humans with a verifyable legal identity may claim copyright - the persona would need to be identified with a real person before anyone could claim copyright (the copyright notice does not do that); and nothing about a key itself identifies any real person
[17:38:43] <joepublic> I am a pretty real person, although my name on my photo ID is not really "Joseph Public"
[17:40:12] <bill-auger> well surely there is a person behind every internet persona, capable of writing software (at least until AI can pass the turing test)
[17:42:47] <bill-auger> but if it is not possible to prove who that real person is, then how to know which person actually wrote the code (which person has any right to give it any license or persue violators)