Caretaker of DS8.ZONE. Free (Libre) Software enthusiast and promoter. Pronouns: any
Also /u/CaptainBeyondDS8 on reddit and CaptainBeyond on libera.chat.
Vivaldi’s target audience is people who don’t mind proprietary blobs as long as they are “good” or make things “work better.” Given that Vivaldi itself is essentially a proprietary blob combined with a Chromium backend this makes sense.
Everyone can write a new version of the GPL.
The standard GPL permission statement explicitly clarifies that the license is “as published by the Free Software Foundation” so any later version of the license has to come from the FSF.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
The reason for the “or later” clause is to allow the FSF to update the GPL in response to flaws that are discovered. The “or later” clause is controversial because it effectively allows the FSF to change the licensing terms of any software licensed under such a clause, and so some developers who don’t trust the FSF with this authority omit this clause. Famously, Linux is licensed only under GPLv2 with no or-later option (Linus has been a vocal opponent of GPLv3)
I don’t think the ffmpeg maintainer is complaining that Microsoft is using ffmpeg, rather that they are opening “high priority” bug reports based on customer complaints. This might be a high priority problem for Microsoft but that does not make it so for ffmpeg.
The license allows Microsoft to use ffmpeg but they aren’t entitled to demand free labor from the project. Really, no one is entitled to do so, but Microsoft being a large company who can definitely afford to put money or talent on the problem makes it only that much more egregious.
edit: I would note that asking for help or reporting a bug is usually welcome, the problematic part is demanding help because it’s a high priority issue for YOUR customers.
Software freedom is about what you, the user, run on your own hardware. Different concerns apply to server software. The client side is what matters as that’s what you run on your hardware, but if the server side is free as well then you are not tied to the service provider and can use a different service provider or run your own instance.
With server software, the main concern is “Service as a Software Substitute” - doing your computing on “cloud” (someone else’s computer). See Who does that server really serve?.
You don’t need windows. Remove all your windows and adopt a gnu and a penguin. They’ll keep you safe and private.
Not an endorsement of ExpressVPN, I’ve learned to avoid companies that sponsor on youtube. However, I believe you don’t need the proprietary app to use the service, you could use a free software OpenVPN client such as this one.
They do offer support for OpenVPN although, unsurprisingly, they heavily push their proprietary client as the preferred way to use the service. This alone would be enough to discourage me from using it or recommending it.
FOSS/privacy community
These are not the same community. The actual free software community has been a thing for 40 years, and the privacy/security people spend as much time attacking free software as they do big tech. I’ve come to believe no security or privacy guy is trustworthy in the free software space. Reject Rossman, return to Stallman.
edit: security guys will say “free software isn’t always more secure!” and privacy guys will say “freedom, what is this freedom? it has no internet access, that’s the only thing that matters!” and meanwhile stuff like WEI is being implemented, that we’ve been warning about for the last 40 years. The security and privacy guys will say you don’t need freedom, just the “best tool for the job” - Chrome was the best browser when it came out, now it’s being used to subjugate the free web. WEI is the end result of treating freedom as a second thought behind security.
The reason F-Droid builds from source is to ensure that they can enforce their inclusion criteria. If you go outside F-Droid you lose that guarantee. For example, self-published apks in github or google play may contain anti-features or proprietary code that are forbidden by the F-Droid standards.
From another point of view, what you call a single point of failure is a third party that represents the interests of the user community, independent from individual developers. This is the same model used in GNU/Linux distributions, and Drew DeVault explains here the role that software distributions play in the free software community.
Of course, this represents a trade-off, in that you are placing trust in the software distribution instead of or in addition to the upstream developer. The question is, how can you solve the problem without foregoing F-Droid’s inclusion standards? The answer is reproducible builds, where F-Droid builds from source and compares to the developer’s apk, and publishes the developer’s apk with their signature if the build reproduces successfully.
Until Reproducible builds are the norm in the Android free software world, I accept the trade-off because I value having software freedom in my computing, and I know I can’t trust upstream developers to care about that as much as F-Droid or I do.
They can, but their very existence increases the Chromium engine’s market share and therefore Google’s control of the web, allowing them to do stuff like this. Once this is implemented in Chrome then these browsers will just become “Chrome but it can’t play netflix/access bank websites/etc” or whatever.
I’m specifically interested in those instances where Micay/GrapheneOS tried to pressure other projects to stop using their code, because this would indicate that GrapheneOS is not truly free (libre) software as it is believed to be. This image clearly insinuates that he used this type of threat against DivestOS and this post from TimSchumi (LineageOS team member) suggests it’s a regular occurrence with them.
He also requested that Bromite remove all GrapheneOS/Vanadium related code, while he seems to walk that back later (and clarifies it’s not a legal demand) he does threaten to change the license in his initial post here.
I feel like there’s a lot of FUD around this subject, because people bring it up as if it’s purely a negative without talking about the reasons why it’s done the way it is. The whole point of F-Droid is that it’s a repository (not a store) of free software applications. They have an inclusion policy forbidding proprietary code and dependencies, and in order to enforce this policy they have to build from publicly available source code, and in order to do so they need to sign the builds themselves. This means, yes, you are trusting F-Droid instead of the upstream developer - but given F-Droid has higher standards than upstream developers this is a tradeoff I am willing to make.
Reproducible builds solves this in a way that preserves the standards of F-Droid, however, “security peoples’” favored “alternatives” (such as Accrescent, Obtainium, and Google Play Store/Aurora Store) forego this entirely, showing they don’t either have a viable solution to offer or that they don’t really care about the problem that F-Droid is addressing to begin with.