English, British titulky

Získať kód na vloženie
1 Language

Ukazujem Revíziu 38 vytvorenú 02/17/2015 od tvincent.

  1. [Talkmeister] Next, we will have zack presenting
    "Debian in the Dark Ages of Free Software"
  2. Can you hear me?
  3. Better.
  4. So, hello everyone.
  5. Welcome again to DebConf, I guess.
  6. It's a great pleasure to be back again
    at one DebConf
  7. and a great honor to be doing one
    of the opening talks.
  8. I confess I wasn't really expecting
    that honor.
  9. I just wanted to propose a session
  10. which was supposed to be
    a self held session
  11. for those of us that think there are
    some worries
  12. about where the free software is going
    in general.
  13. And the role that distributions have to play
    in the current state of affairs.
  14. So this talk will be about a couple of
    journeys at once.
  15. The first journey is a journey
    through emotions,
  16. through good feelings about what
    we have achieved in Free Software
  17. over the past 15 to 20 or 30 years
  18. depending on how long you've been
  19. The second journey is essentially
    my own journey
  20. through software freedom
  21. from the day I started discovering
    Free Software
  22. and what I've ended up doing since then.
  23. Starting with the positive news.
  24. This is how I got involved myself
    in free software in 1997.
  25. I understand that there are people
    in the room
  26. who have been involved
    since way earlier than that,
  27. others that have been involved
    since way later than that.
  28. Well, that's my story.
  29. I hope you'll find ??? points
    with your own story.
  30. When I started as a freshman in a computer
    science class at university of Bologna,
  31. that was a huge tiping point,
  32. a huge hype point for the so-called
    opensource movement.
  33. That was the year the very influencial
    essay by Eric Raymond has been published.
  34. That was the year that Netscape decided to
    opensource its own code.
  35. That was the moment in the history of
    free software
  36. when people were trying to sell
    to the industry
  37. what free software was doing, and
    I'm not using that word in a bad sense.
  38. There was reasonable concern that
    without involvement of the industry,
  39. the free software movement wouldn't have
    got far.
  40. So they were trying to tell about free
    software in an industry-friendly way.
  41. Essentially, the rhetoric at the point
    was that
  42. if you do development of software
    in the free software way,
  43. in a more open way,
    a more participative way,
  44. you will end up having better software
    and that by merely opening up you code
  45. you'll have these flocks of programmers
    coming to you project and end up helping you.
  46. A few years later, I realised that
    I personally didn't believe much in that idea:
  47. it's only because your software is open
    that it's gonna be better,
  48. but it was a fair thing to try
    at the time.
  49. What I discovered a bit later is actually
    what stuck in me
  50. was essentially the philosophy
    of free software.
  51. The fact that computer user should be
    in charge and in control of their own machine,
  52. that should have some basic freedom.
  53. You know about the 4 freedoms,
    I'm not going to repeat them here,
  54. but my personal point is that
    the narrative of free software is something
  55. that resonated with me a lot at the time.
  56. As a student, I realised that by having
    free software at my fingertip
  57. as a computer science student,
  58. I could debug any single layer
    of the software stack
  59. and look at how things are going.
  60. I didn't have to trust the teacher on how
    an operating system should be developed.
  61. I was able to open up sched.c in
    the linux kernel and have a look
  62. at the actual scheduling algorithm that
    was being implemented in the real kernel.
  63. Not that I really got all of it at the time
  64. but the possibility was just breathtaking
    for me.
  65. Later on, I ended up distilling
    the main intuition of free software,
  66. which is the one I used to explain
    free software to people,
  67. which is intuition of control.
  68. So, I ended up believing that the main
    reason why I've been involved in this movement
  69. for about fifteen years is that I really believe
    that every single computer user,
  70. and that's a lot of people these days,
  71. should be in control over
    their own computations.
  72. Everything you're doing with a device
    which is mediated via software
  73. is controled by someone,
    either it is you or it is someone else.
  74. And the best episode, the best narrative
    to explain that to people
  75. that they've been using for quite a while
    is this passage
  76. from the novel "Makers" by Cory Doctorow
  77. which is a bit long so I'm not gonna read it in detail,
  78. but essentially there is one character
    of the novel which is Lester
  79. which is explaining to another character
    the importance of controling
  80. your own devices, your own tools.
  81. The first example he takes is the example
    of a hammer,
  82. a physical hammer,
  83. and he goes on saying that if you own
    a hammer,
  84. essentially you could do
    whatever you want with it.
  85. You can use it for its main purpose,
  86. or you can use it for something
    completely different
  87. which was not meant to be its original
    purpose but it's you that decide.
  88. He compares that another device
    which is the "Disney in a box" in the novel
  89. and Disney in this book is the big evil
    villain which is oppressing people
  90. and essentially Disney in a box is a
    glorified 3D printer that can only print
  91. what Disney wants it to print for that day.
  92. One day, it will print a Goofy character,
  93. another day it will print Donald Duck,
  94. but it's not you who decides.
  95. It's Disney that decides what the printer
    is gonna print for you that day.
  96. You own the device but you are
    not in control of what the device does.
  97. The big quote for me is that if you don't
    control your life, you're miserable.
  98. This notion of oppression is what has
    been motivating me for all these years.
  99. So the fact that if you are not in control
    of your own computation,
  100. then someone is oppressing you.
  101. Someone usually is the person or the company
    or whatever that has created the software,
  102. that has the power to change that software
    instead of you.
  103. This is something that really ??? in me.
  104. What was I doing at the time
    with my computer?
  105. Well I was doing pretty standard stuff.
  106. I was using some hardware we had at the time
  107. which was mostly desktops and
    local network servers.
  108. I didn't have a laptop because
    it was really expensive for a student
  109. so I did get a laptop much later.
  110. I was doing some content production,
    some content consumption.
  111. The kind of content I did produce
    at the time was mostly
  112. office suites, desktop publishing
    and this kind of stuffs.
  113. I was doing some communication, some email,
    some IRC, some newsgroup
  114. which was really cool at the time
    for geek communities.
  115. And I was doing some software development
    as a newbie
  116. but it was what I was doing at the time.
  117. I also did some content consumption,
    some gaming
  118. which are arguably some content that
    someone else is producing for you to consume.
  119. I was doing some web browsing.
  120. Internet was not as popular as it is today,
  121. but there were some websites
    you could find interesting.
  122. In that situation,
    with this kind of computing,
  123. the actual path to software freedom
    and to control was fairly clear.
  124. It was difficult, but it was fairly clear
    to me as a new activist in free software.
  125. What I should have done, what we all should
    have done to actually liberate people
  126. from the oppression of people controling
    our own computation.
  127. The idea is that while you have
    a lot of pieces of proprietary software
  128. which you do not control, what you need
    to do is to replace
  129. every such a component of proprietary
    software with a free software equivalent.
  130. Using some local application, some game,
  131. we need to replace it
    with an equivalent free game.
  132. We were using some client-server software,
    some mail ???, some mail client,
  133. some mail server, some IRC client,
    some IRC server.
  134. What we needed to do to actually empower
    people and liberate people was to rewrite
  135. those pieces of software with free software equivalents.
  136. It was difficult, because it was a lot of stuff
    to be rewritten, but it was fairly clear.
  137. The plan was clear.
  138. And also, luckily, we also had, at the time,
    all the heavy lifting was already in place.
  139. The GNU project existed since
    quite a while,
  140. the Linux kernel existed already
    and it was working.
  141. So someone else with shoulders larger
    than I had at the time
  142. had already done a lot of work for me and me
  143. and together with other free software activists,
    what I had to focus on was to rewrite
  144. proprietary application into equivalent
    free software application, possibly better.
  145. That was clear, was hard,
    but it was fairly clear.
  146. That's where, I think, the notion
    of a free software project comes from.
  147. We use very often this term of free
    software project and I never ended up
  148. really thinking about that before a few
    years ago and I think the reason why
  149. we call it free software project is that
    there is an objective.
  150. So there is a mission,
    ideally a time-limited one,
  151. and that mission is writing a replacement
    for a proprietary application using
  152. free software which is as good,
    possibly better than the original.
  153. Having a lot of free software projects
    around gives rise to a lot of releases.
  154. So what we were doing a lot at the time
    in the 90s
  155. was to actually manually install
    software on our own machines.
  156. To be fair, our lab was running
    some Red Hat machines.
  157. At the time there weren't that
    many packages available and
  158. we had to fairly often install stuff
    by hand on the lab machines
  159. in our own directories and also
    on our computers at home.
  160. This is a procedure you all know very well.
  161. You download a tarball, you run "configure",
    you run "make", you run "make install".
  162. The first time I saw that, it was kind of
    a magical recipe for me.
  163. Just follow these steps and you will get
    some software to play with.
  164. Well, except that every single step
    could fail, of course.
  165. Let's keep aside for the moment the fact
    that the website might be down but,
  166. you run "configure" and you miss some software
    you need to fetch from somewhere else.
  167. You run "make", you encounter some
    compilation problem.
  168. You run "make install", maybe the path
    will clash and so on and so forth.
  169. The problem with this procedure for
    installing software we are using by hand
  170. is that you are essentially
    conflicting roles.
  171. You're mixing together the role of
    software user,
  172. the role of system administrator
    and the role of software developper.
  173. You need to have a little bit of all those skills
    together to be able to enjoy software.
  174. In a sense, a free software which works
    like this is essentially a very elistist thing.
  175. It's only an elite which have
    all the needed skills who is able to enjoy
  176. the benefits of free software and is able
    to be in control of their own computation.
  177. This is essentially the reason why distributions
    much earlier had been invented.
  178. We all know very well here
    what distributions do,
  179. they sit in between software developpers
    and software users and make it easy for you
  180. to actually use that software.
  181. We do installer work, we create installers,
    we create package managers,
  182. we do all the integration work that make
    different pieces of software work well together.
  183. We actually make life easy for final users.
  184. So, for me, something that I started believing
    is that the ultimate mission of free software
  185. distributions is to actually democratize
    free software, to enable users
  186. which do not have software development skills
    or do not have system administration skills,
  187. enable them to enjoy the benefit
    of free software.
  188. We offer very simple interface,
  189. we offer the equivalent of what these days
    are called appstores in which
  190. with one click, you can just install
    some software and
  191. enjoy the benefit of that software,
    in particular a free software.
  192. This is for me the historical mission
    of distributions.
  193. Later on, in 1998, our lab decided
    to switch to Debian
  194. and I was really happy about that.
  195. We switch from Red Hat to Debian and
    I look out about this project,
  196. I start learning what this project does
    and I find out that not only
  197. this project Debian was actually up to
    the mission of empowering user
  198. by making it easy for users
    to use free software.
  199. If you read the original announcement of
    Ian Murdock announcing the Debian project,
  200. we'll find this notion of being competitive
    with proprietary operating systems
  201. and it's really clear that the point is
    empowering users.
  202. I end up reading about this project and
    not only I found out that their mission
  203. they're up to is the mission I believe in,
    but I found out that the key intuition there
  204. is to make the project a community project.
  205. Not only the target are the users
    and empowering them,
  206. but also the way to reach that objective
    is creating, fostering a community
  207. that will work together to that goal.
  208. I got immediately hooked,
  209. I vividly remember the moment
    a collegue of mine, a student
  210. explained to me the anatomy of
    a Debian source package,
  211. the fact that it was a .orig.tar.gz,
    the fact that it was a diff.gz
  212. with the differences with respect to upstream,
    and all those metadata
  213. that was really thrilling for me
    from a technical point of view.
  214. A few years later, I ended up joining
    the nm-process.
  215. I was doing some OCaml development
    at the time, there were some libraries,
  216. OCaml libraries in Debian, others were
    missing and I said
  217. "Ok, maybe I should help and create
    some libraries for the project as well".
  218. I went through nm and there are a few things
    I've learned doing nm
  219. and also in the subsequent ten years
    or fifteen years or so.
  220. One thing I've learned in all these years in
    Debian is the importance of being principled.
  221. Debian is a project that did not start
    from only technical means
  222. but also decided at some point that
    they needed some guidance,
  223. some clear guidance of what it should do
    technically and what it shouldn't.
  224. And an important document where we have
    distilled this notion are the DFSG.
  225. The Debian Free Software Guidance
  226. which has been very influencial
    on the free software movement as a whole.
  227. They've been used as a base for
    the open source definition as you know,
  228. and what was very thrilling for me
    is that commitment we had in Debian
  229. in keeping the main archive completely
    DFSG-free, keeping it completely free software.
  230. This commitment is depicted here
    by those fearsome character
  231. and his owner on a couch and it's mediating
    and triggering the NEW queue, supposedly,
  232. and the NEW queue is not necessarily
    the best way we could implement
  233. a system which triage all the software
    in the archive and to ensure it's DFSG-free
  234. but it shows our commitment to actually
    only follow the guidance we have set for ourselves.
  235. It was really motivating for me.
  236. The second thing I've learned and which
    will come handy in a bit,
  237. is the importance of the legal knowledge
    and legal geeks in the free software movement.
  238. Like it or not, free software as an ideal
    is philosophical mean,
  239. but its main implementation is through the
    legal system, is through copyright licenses.
  240. To really grok what's happening
    in free software in general,
  241. to understand where the free software
    movement is going, figuring out and
  242. really understand what's going on
    in the legal system is very important.
  243. In Debian, we know that pretty well,
    that's a stumbling block for many people
  244. when joining the Debian project.
  245. It's something we insist people are at least
    basically familiar with and
  246. that's pretty characteristic
    of the Debian project.
  247. In the end, what I've learned is that
  248. in this quest that I feel very much myself
    against the oppression of someone else
  249. controling your own computation,
    law, if you hack around it smartly,
  250. can be a very useful ally,
    a very useful device to liberate users.
  251. Time passes − there was supposed to be an
    image here, which for some reason disappeared.
  252. And, we might argue that, these days,
    we have achieved a lot since that moment.
  253. If I look around the industry or, in general,
    if I look around computing
  254. as people are doing that,
    free software is a little bit everywhere.
  255. In the industry, there are some stats
    that claim that essentially
  256. every single software product you find
    on the market has, inside of it,
  257. a little bit of free software code.
  258. If you look at all the different application
    stacks we have
  259. from webservers to education to clients
    to smartphones,
  260. you find a lot of free software, free software
    infrastructures that are everywhere.
  261. So these are just some stats I figure out
    in the recent years
  262. and for instance if we look at one of the
    key target market for Debian ???
  263. we'll find out one website over ten
    on the Internet in general is running Debian.
  264. If we include also some of our most
    popular derivatives such as Ubuntu,
  265. we'll find that more than 20%
    of the websites
  266. are running something which comes
    from our own work.
  267. And some of the recent hype on free software
    is coming from the Snowden revelation
  268. and most people are starting to be concerned
    about what the software they're using is doing
  269. and is turning to free software and is turning
    to stuff like Tails which is heavily Debian-based
  270. to actually see in which way we can
    help them foster their own security.
  271. In some sense, we have achieved a lot.
  272. In everything we do in computing,
    there is a little bit of what we have done
  273. in free software and also a little bit
    of what we have done in Debian.
  274. This is pretty impressive for me.
  275. We're in a place where I wouldn't have
    dreamed being when I started in 1997.
  276. That's very impressive.
  277. On the other hand, there are some reasons
    of concerns
  278. and this is the main thought
    I wanted to share with you.
  279. There are some technical reasons which
    we discuss often in free software circles
  280. like the fact that "Ok but most of these
    platforms are not 100% free software".
  281. If you look at smartphones for instance,
  282. you will find a lot of non free code every here
    and there and the point can be made that
  283. either you have full control over
    your own computation,
  284. or you are not in control at all,
  285. because if your software stack has a single layer
    which is controlled by someone else,
  286. and is mediating all your communication,
    maybe you're not so sure
  287. that you are the real owner and
    the real controller for your own device.
  288. That's a absolutely fair point.
  289. We can make some more technical points
    about for instance non free JavaScript.
  290. More and more of our computations are
    happening in our browsers
  291. and are happening through code which is
    delivered to our browser
  292. by remote servers and this code
    is not free at all.
  293. I absolutely agree with that but the point
    I want to focus on today is actually
  294. what we call the cloud.
  295. All my images are gone.
  296. You had a very nice image there, sorry.
  297. The remaining point and my main reason of
    concern is what is being called the cloud.
  298. Let allow me to be a bit generic here
    for a moment.
  299. I know there are very different parts
    in what we call the cloud
  300. and will be specific in all of them
    in a bit.
  301. But for now I want to focus on the
    common trend that
  302. the cloud is bringing to computing
    these days.
  303. Computing today, for most people, is not
    much different from the kind of computing
  304. I was doing fifteen years ago.
  305. That's the kind of computing that we do
    on very different hardware,
  306. we have way more smartphones, way more
    tablets than in the past and that's true.
  307. But the kind of activities we do − producing
    content, consuming content − is very similar.
  308. The big difference is the kind of
    technological stack we're using
  309. and where the computations are happening.
  310. For most people today, the kind of
    office suites we use is no longer
  311. a software which is installed on
    your machine but it is Google Docs.
  312. I'm an academic myself, I'm very often
    forced to use some Google Docs applications
  313. to work with others, otherwise I'm free
    not to work with them,
  314. because it's a technological choice
    made by someone else.
  315. For many people, e-mail, as you know,
    just means GMail.
  316. All our e-mails, even if your not
    using GMail ourselves,
  317. are passing through some GMail servers.
  318. Asynchronous communications still exist,
    but it is very often mediated
  319. to software like Skype or GTalk.
  320. And so on and so forth.
  321. You have seen this list very often.
  322. Consuming content, there as well,
    we are still doing gaming,
  323. we are still doing browsing but it's often
    mediated by platforms
  324. which are far away from us and just stream
    content to us or,
  325. in the specific case of web browsing,
    they are more and more often hosted
  326. by very few hosters in the world − which
    we often refer to a walled garden −
  327. that can do whatever they want
    with our content.
  328. The point here is not demonizing
    those services.
  329. People are using those services because
    they are convenient and
  330. there is a lot of network effect going on
    that makes it easy for other people
  331. to start using those services.
  332. It's really not the point of demonizing
    those services.
  333. The point here is observing that interesting
    computations that we are doing
  334. as our job, as our life,
  335. are no longer happening on our machines,
    but are happening on other machines
  336. which are far away from us and which
    are not under our direct control.
  337. In this context, for me, I confess, what
    actually is the road to software freedom
  338. and to control, to enable people
    to control their own computation
  339. is no longer clear.
  340. It's no longer enough to say
    "Well, we just need to rewrite
  341. Google or Facebook or Twitter
    in free software".
  342. That's not enough, because even
    if you do that, you have the problem
  343. that when you are using a server
    you don't know if the code it is running
  344. is the one they claim it is running, so
    that's a very difficult problem to solve.
  345. And even if it were the case,
    where do you deploy yourself
  346. a Google-like architecture,
    or a Facebook-like architecture?
  347. You simply can't.
  348. It is no longer enough to just say
  349. "We just need to do
    some software development,
  350. we just need to make it better
    than the alternative."
  351. There is a real tricky combination between
    software development
  352. and software deployment which
    not easy to see how to fix it.
  353. At least for me, it's very ???
  354. So, what about distros?
  355. We are distro people, doing one
    of the most popular distros in existence.
  356. Are we winning or are we losing
    in this situation?
  357. How are we doing in terms of our efforts?
  358. In a sense, we are very much winning.
  359. A lot of our work is being used
    to deploy those infrastructures.
  360. A lot of the infrastructure
    of the big companies are deploying
  361. on top of free software, if not direct
    on top of our very own systems,
  362. maybe modified here and there where
    they need to make things better
  363. as it is their own right
    given it's all free software.
  364. In that sense, we're winning.
  365. We're increasing market share,
  366. ??? are being used a lot
    to make infrastructure.
  367. But we are also losing in the sense that
    we are really not empowering users
  368. to be in control of
    their own computations.
  369. If our final users are the sysadmin
    that are running those infrastructures,
  370. for them we are doing great.
  371. We are making them be sure
  372. they are in control
    of their own infrastructure.
  373. But for the final users of those services,
  374. we are really not empowering them
    at the moment.
  375. So what I call the free software dark ages,
  376. which is an expression I actually borrowed
    from Bradley Kuhn and I find it quite inspiring,
  377. is a situation in which we win
    on the end user market
  378. so every single device out there
    in the hand of people − desktop,
  379. laptop, even smartphones where right now
    we are not doing very well −
  380. all of this is running free software.
  381. All of that is running Debian.
  382. So, total world domination as
    we were talking about a long time ago.
  383. But all interesting computations,
    all the final user application
  384. which is being used to bring on
    with your digital life,
  385. are no longer happening on your devices,
    happening far away from you
  386. on computer you do not control,
    sometime with free software,
  387. sometime with non free software.
  388. But in any case, outside
    of your own control.
  389. In a sense, this is very worrysome for me
    because we have this euphoria of saying
  390. we are very popular.
  391. We are winning the war − we were using a lot
    of this war-like terminology when I started.
  392. But the war we are winning seems to become
    increasingly pointless
  393. because it's not being useful to actually
    empower users to be in control
  394. of their own computation.
  395. To make things worse, there seems to be
    some cultural problems that might be
  396. just a perception of mind, maybe I'm being
    too pessimistic, but it seems to me that,
  397. as developper communities,
    as hacker communities,
  398. we are becoming way more lenient,
    way more lax
  399. about the lack of control on the tools and
    on infrastructure we use
  400. to make free software.
  401. More and more often we see free software
    developed on non-free infrastructure,
  402. meaning infrastructures which are built
    using non-free software
  403. and which are anyhow centralized
    in the hand of a few hosters.
  404. The new generation of developpers
    which is coming up
  405. seems to be totally fine with that.
  406. I'm not gonna argue this point in much detail,
    there is a great essay by Mako
  407. that I encourage all of you to read,
    "Free software needs free tools",
  408. which actually make couple of points.
  409. One is that by using non-free software
    to make free software,
  410. we are sending out a very bad message.
  411. We are telling to the world that
    free software is good for you,
  412. that's why we are developing it,
    but it's not good for us
  413. because we are using non-free tools
    to make it.
  414. That's the kind of "catch 22"
    in our advertising message,
  415. but it's also making the software
    we are creating indirectly less free,
  416. because if the favorite way to contribute
    to that free software
  417. is using some non free infrastructure,
    some non free tools,
  418. indirectly we're making people
    that only want to use free software
  419. less apt to contribute to that software.
  420. So I really recommend reading that essay.
  421. But also technically, we are going back
    to a sort of a cage problem,
  422. which is also a problem which is called
    "the problem of the bug that noone can fix"
  423. by the FSF I think, and essentially
    we're creating software stacks
  424. in which some part of it is entirely
    free software, that we can debug
  425. and some other parts are non free software
    or software run by someone else,
  426. so we have lost the ability to debug
    the full stack.
  427. When I was starting to learn programming,
    this idea that I could debug everything
  428. from the end user I was writing myself
    for an assignment
  429. down to the kernel level
    was just exciting for me.
  430. We seem to be losing sight of this,
    a little bit.
  431. As a second cultural problem,
    we seem to be losing sight of
  432. how much help we could get from
    the legal system
  433. and from new legal solution that
    we might be in need of finding.
  434. An example of that is the post open
    source software "POSS" debate
  435. which some of you might have run into.
  436. That's a debate which actually observes
    that the new generation of
  437. free software developpers actually
    don't care about licenses.
  438. They just want to kick out their code,
    just put it on GitHub,
  439. not declaring their license at all
    and they're just fine with that.
  440. They want to be ??? to have
    the hassle of deciding first of all a license,
  441. second of all also some governance
    model for their projects.
  442. They just want to be hacking and doing,
    and not caring about those annoying details.
  443. This could be intervetedly interpreted
    in positive ways like says that
  444. we want the right to work on the code and
    to do whatever we want with that by default.
  445. We do not want to be expliciting
    which kind of rights we give and
  446. that's a very positive interpretation
    of this phenomenon.
  447. But in the end, for now, it is creating
    a huge bunch of code that
  448. we could not use as free software yet.
  449. For instance we cannot include in Debian
    something that does not have a license at all.
  450. A second example is the debate about
    the non-freeness of AGPL.
  451. If you look up the history of free software,
    there is argument that GPL itself is not free.
  452. It's an argument that was being used
    twenty years ago
  453. when the battle between copyleft and
    liberalizing was very high, was very harsh.
  454. And it's just recurring again.
  455. So maybe for some syntactically
    interpretation of our own guidance,
  456. we could make the point that something
    like the AGPL is non-free, maybe.
  457. But the point is that the way we distribute
    software to final users is really changing.
  458. Twenty years ago or fifteen years ago,
    the main way to enable some user to use
  459. a piece of software was actually to make
    a copy of that software and
  460. give it to him or to her via the network
    or some media.
  461. And all those conveying,
    that kind of conveying software is clearly
  462. distribution and that kind of activity used
    to trigger some sort of license clauses.
  463. These days, a software is no longer
    distributed that way, in large parts.
  464. It's being used over the net and something
    like the AGPL is the equivalent of triggering
  465. some licensing condition via the main way
    of distributing,
  466. of giving access to some software.
  467. I want to enter in details in this debate.
  468. Those are just examples, for me they are
    examples of the fact that
  469. we are kind of losing faith in how much
    the legal system and free software
  470. are intertwined.
  471. And this actually mixes very badly
    with the situation in which
  472. users are losing control because those
    computations are moving away from them.
  473. I think this situation, in general,
    is not going to fix themselves
  474. and we, as distribution people,
    have a role to play in fixing it.
  475. What could be a role for Debian in all this
    computing situation we have these days.
  476. The common trend in the so called cloud
    seems to be that computations
  477. are moving away from user devices.
  478. We cannot just say
    "Well just don't use anything cloudy",
  479. because it is convenient, people will want
    to use that.
  480. We need to do something different.
  481. As distribution people, we could do a lot,
    I think, and I have a couple of thoughts
  482. to share with you that are different
    depending on the so called service model
  483. of the cloud.
  484. One of the first service model of the cloud
    you might have heard about is
  485. "Infrastructure as a Service" (IaaS) where
    essentially you have servers that
  486. give virtual machines to people and
    essentially you get to administer
  487. your own machine which is a virtual machine
    on a virtual machine server
  488. controlled by someone else.
  489. This is potentially very good for people
    because it is lowering the barrier
  490. you need to have your own server.
  491. When I first set up my own server
    with friends, at the end of the 90's,
  492. we had to buy some machine, to find
    someone kind enough to host it,
  493. pay the hosting fees and so on
    and so forth.
  494. It was something that was by far not at all
    accessible to the random user.
  495. These days, a lot of people can simply go
    to some virtual machine provider, rent
  496. a virtual machine with one-click button and
    they have their own machine to administer.
  497. Maybe they don't have the skill to
    administer it, that's a different problem,
  498. but you are definitely lowering the barrier
    to access, to have you own server
  499. and do your own remote computation.
  500. As Debian, we are doing pretty well
    in this area, I think.
  501. We're offering technology like OpenStack
    and other competitors of OpenStack,
  502. which seems to be the market leader on
    that market which are entirely free software.
  503. But I think we should be investing more in
    offering a trivial deployment experience
  504. for Debian users.
  505. We should make trivial for people
    to have their own virtual machine servers.
  506. If they are not computer geeks, they should
    be able to flock together friends
  507. which have system administration ability
    and have their own local IaaS
  508. and have their own virtual machine without
    having to rely on big hosters provided
  509. virtual machines to everyone in the world.
  510. This is a great step to our autonomy.
  511. As Debian, what is the best deployment
    experience we can offer for people
  512. that want to setup their own virtual
    machine servers.
  513. Then, there is another service model which
    is called PaaS, "Platform as a Service".
  514. This is a kind of service model in which
    essentially you have hosters
  515. of application engines, you develop
    application targeting
  516. specific application engine.
  517. Sorry, application servers. You target
    specific application servers.
  518. An exemple of this is Google App Engine.
  519. I think in some sense this service model
    of the cloud is mostly orthogonal to
  520. what we do as a distribution because either
    you're using a full fledge distribution
  521. and you do your own system administration,
    or you are developping an application
  522. for a specific application server and
    you rely on someone else
  523. to do that administration.
  524. So, yes, I think it's mostly orthogonal
    to what we do, but might also be
  525. a symptom that there is a reject from the
    application developper community,
  526. a reject from the way they can target
    distributions like Debian.
  527. So if it is very difficult to have your own
    application running properly on Debian
  528. because we have old software, because we
    change libraries, because we do not accept
  529. multiple copies of the same libraries and
    so on and so forth,
  530. if it is too difficult for application
    developpers to target Debian,
  531. they might be more and more tempted
    to target applications servers like PaaS.
  532. So there might be something we could do
    about this, here, like finding better synergies
  533. between containerization technology,
    we have some work being done in Debian,
  534. and the way we usually develop some,
    we usually maintain a distribution.
  535. There might be something we could do
    about this here.
  536. Oh, and I didn't mention this, but I have
    no specific answer to give to you,
  537. just a train of thoughts I wanted to share
    with you and what we could do
  538. to improve the situation.
  539. The final service model we have in the
    cloud, which is I think worrysome
  540. from the point of view of user control,
    is SaaS, "Software as a Service".
  541. There, essentially your own device,
    your own computer only is thin client
  542. and rely entirely on a remote server
    to do your own computation.
  543. We are back to the mainframe / thin client
    distinction of the early days of computing
  544. and here, there is a lot we could do,
    I think, but also a lot we could not do.
  545. Here, most of the work should come
    from upstreams.
  546. We need better free software and federated
    replacement for
  547. popular centralized proprietary applications
    in which users can participate
  548. in some kind of network by using
    their own node.
  549. This is work that should not come from
    distribution itself, it should really come
  550. from application developpers upstream.
  551. But still, there are useful things
    we could do here.
  552. We already have a lot of building blocks.
  553. We have stuff like Owncloud, Git-annex,
    mediagoblin, pump.io, Yacy.
  554. We have a lot of good building blocks,
    most of them are not yet up to par
  555. with the centralized proprietary equivalent,
    but I'm confident we could get there.
  556. What we lack is the equivalent ease of
    deployment of these services on user machines.
  557. In some sense, if we have democratized
    the installation of software twenty years ago
  558. with distributions, these days, to face the
    challenge of control of our own computation,
  559. we need to make it as easy as using a
    package manager to install
  560. your own nodes using those applications.
  561. Ideally, everyone in the world without
    nothing more than basic computer user skills
  562. should be able to have its own machine
    at home doing some anonymous browsing,
  563. doing some mail handling, doing web hosting,
    doing storage calendar,
  564. doing encrypted peer to peer backup,
    and so and so forth.
  565. I'm maintaining my own mail server and it is
    a user ???, I struggle myself
  566. to keep up with the need of knowledge and
    of surveillance that I need to make
  567. to my own mail server to be able to run it
    properly and I get blacklisted
  568. from time to time from providers and
    it's a pain.
  569. Something that no one without having at least
    some basic system administration ability
  570. could do properly.
  571. This is the thing we need,
    the nut we need to crack.
  572. We need to empower everyone out there
    to have its own computer with
  573. its own node of those services.
  574. Of course, you are all thinking of
    the FreedomBox now.
  575. That's a great example of a project who
    wants to tackle precisely that problem.
  576. It's a project that's been announced by
    Eben Moglen a few years ago at a Debconf
  577. if my memory serves me well.
  578. It's heavily based on Debian and it's doing
    exactly that.
  579. But my question from the Debian
    point of view is:
  580. maybe this project should not only be
    a spin-off of Debian,
  581. should not only be a derivative distribution
    of Debian,
  582. maybe we should think at making something
    like this a first class citizen in Debian.
  583. I don't know exactly what that means yet,
    it's something we could think about
  584. having the main administration interface
    for Debian something
  585. that targets these specific scenarios.
  586. We could generalize that, we do not need
    to target only specific plug devices
  587. because people at home might have desktop
    computers, might have media center.
  588. They might want something like the
    FreedomBox at home and
  589. collaborate with others immediately.
  590. My point here is that if our mission back
    in the days was to
  591. democratize free software by making it
    easier to install software
  592. on your machine, today our mission is to
    democratize free software by making it
  593. trivial to install some node of some
    federation of free services on your machine.
  594. Another thing we could do,
    it is the last one for me today,
  595. is to step in the free service debate.
  596. When I started looking up these arguments
    a few years back, I was surprised by
  597. the fact that it's still not clear what
    it does mean to be a free service.
  598. When I started working on free software
    fifteen years ago,
  599. it was fairly clear what does
    free software mean.
  600. Sure, it was some terminology debate
    between free software and open source
  601. which still exists today,
  602. but the basic freedoms, the basic rights
    you should have to call something
  603. free and open source was fairly clear.
  604. That kind of intellectual debate had
    already happened at the time.
  605. Today, where the problem of computations
    moving away from indivual user
  606. is raging, there is no clear consensus
    on that matter.
  607. There is some great work, for instance
    there is the Franklin Street statement on
  608. free network service,
    I think that's a full ???,
  609. dating back to 2008, six years ago, in
    which you find a lot of very useful
  610. recommendations for users, for software
    developpers and for system administrators
  611. to make sure that you maximize your control
    over your own computation on the network,
  612. but they take no stance on what it does mean
    to be a free service.
  613. Is it enough to have something which is free,
    do you need more specific license.
  614. There are some recommendation
    on that point, but still,
  615. there are no clear answers
    to this question.
  616. There is another work by RMS in 2010
    about Software as a Service or
  617. "service as a software substitute"
    as he calls it.
  618. Here, essentially what you have is a main
    recommandation about
  619. not using Software as a Service at all.
  620. Essentially there is a recommandation of
    doing your own computation
  621. on your own machines.
  622. I think that might be a generally good
    recommandation but it's not gonna scale,
  623. it's not gonna be enough in my opinion
    to convince people
  624. not to use very convenient services.
  625. Think we need more gradual and blurry
    lines saying, encouraging people
  626. to keep computation closer to them,
    to rely on federation of friends of people
  627. to do computation together.
  628. And we, as distribution people, could
    make easier for them to do so.
  629. And then there is another work which is
    "Network Services Aren't Free or Nonfree"
  630. which is a couple of years later, still by RMS,
    which essentially tries to walk the fine line
  631. between what's the difference between
    a pure service, so a service that
  632. just for instance convey messages,
    as opposed to a service which does
  633. computation that could have been
    done instead on your machine.
  634. That's a very fine line to work, it's very
    difficult to stay there and
  635. what we might need there is a strong
    opposition, actually, and we should try
  636. to replace everything which is centralized
    with federated equivalent and say that
  637. we as free software people and distribution
    people should work in that direction.
  638. So what we could do in Debian.
  639. Well, I think we should try to step
    in this debate.
  640. Surprisingly for me, we still have no clear
    answer to what it means to be a free service
  641. today and we have quite a bit of
    experience in Debian
  642. in leading debates in free sotfware.
  643. We have created the DFSG which is being
    used as an example for
  644. many other communities, we have participated
    in the GPLv3 discussion for instance.
  645. Our decisions in terms of free license
    are looked up by other projects.
  646. So we might have the authority and
    the reputation to step in this debate
  647. and we also have a lot of technical
    knowledge in the area.
  648. Being a distribution commited to free software,
    we know a thing or two not only about
  649. software freedom, but also about how you
    deploy software, how difficult it is
  650. and how difficult it should be for people
    to deploy free software.
  651. So I think we are in just the sweet spot
    to actually enter this debate
  652. with the needed authority and make
    a contribution to actually help people
  653. realize what it means today
    to use a free service.
  654. The concluding question
    I have for you is
  655. "What's Debian take today
    on liberating users?".
  656. Would we be happy enough to have Debian
    on every machine in the world
  657. if people are using completely
    remote services?
  658. And if we were not, what should we do,
    what should we be working on to change
  659. that future which seems very much
    the future that we have at hand.
  660. Pictures are gone, so there was a cloud
    on the left,
  661. there was Debian here and a sun here.
  662. LaTeX, beamer or Tikz or something
    is playing tricks on me.
  663. So that's all I have for you, I hope
    I've given you some food for thoughts
  664. for this week and if you have any question
    or comments in these topics,
  665. I'm very much happy to hear about that.
  666. Thank's a lot.
  667. [applause]
  668. There seems to be a mic which is floating
    around down there.
  669. [Q] ??? quite a lot and quite brilliantly
    about what cloud computing buzzwords
  670. mean for free software, but I think what important
    battle we are actually losing is ???
  671. in the minds of people.
  672. [Q] Why is it young developpers or
    newcommers to free software
  673. don't care about software being free?
  674. [Q] Why don't they care about using non free
    tools, why don't they care about
  675. which license declare for their software
    if any license is at all? and so on.
  676. [Q] You mention that problem, but what do
    we do about it? Do you have any ideas?
  677. [Zack] Well, a friend of mine we asked
    a similar question I think once answered
  678. "What could they say more that
    'Oh those young kids' ".
  679. So, I don't know, maybe it's our fault,
    maybe we have failed as a generation
  680. to convey the importance that being
    in control of our own computation had,
  681. or maybe it's just that the public that
    is open to coding and
  682. hacking is much larger than in the past so
    we are reaching out other communities.
  683. It's very good for them to be coding because
    I think every citizen in the world need
  684. to have basic knowledge of coding to
    understand what's happening in the world,
  685. but maybe they just have different mission
    than we had in the past.
  686. So, very good question, I don't have
    a very good answer, sorry.
  687. [Q] Hello.
  688. Thank you so much for the wonderful talk,
    I think it's great to talk about these
  689. political issues and I see there's a challenge
    between the sort of very individual focus
  690. of each person being able to use their own
    computer as the wish which has its own values,
  691. but there's a different sort of value that
    relates to power structures in general.
  692. So, we're talking about not just how free
    is each individual person but whether
  693. an entity like Twitter, Google or Facebook
    or some these other services
  694. is a very powerful entity that has power over
    the majority of us who use their services.
  695. And so, I wonder if and I'd like your
    thoughts on thinking about it
  696. less as a "Is this software free?" but
    about "Who is in power in the community?"
  697. and so in a democratic sense, you could have
    the community that builds the tools together
  698. as government structures or as mechanisms
    for handling power that make the power
  699. bottom-up and more democratic and maybe
    that's more important than
  700. the technical status of each
    individual user.
  701. [Zack] So, as a concerned citizen and also
    as a political activist,
  702. I very much share your concern.
  703. I think we need to focus on what is in
    reach on us as geeks in this circle
  704. and have this kind of discussion
    in a different circle.
  705. So, as someone with activity in politics
    and as a geek, I very much try
  706. to actually explain to politicians and
    to activists the role of
  707. what we are doing here in very technical
    ways and the impact that it has
  708. on politics in general.
  709. And I think the ??? the talk later on
    this evening might have
  710. a thing or two to say about that as well.
  711. So from our part we need to understand it
    in some sense even if
  712. we advance a lot the status quo of user
    control of technology
  713. that we had thirty years ago.
  714. We have also started to lag behind
    many other areas.
  715. Something that I wanted to mention before
    but I fail to do so is that
  716. when I was doing my computing in the
    nineties, a lot of computations
  717. were mediated by clearly defined
  718. So we had RFCs or equivalent documents
    by other organisations which were like
  719. clearly marked paths to how to collaborate
    technically on the internet
  720. and how to make software talk together.
  721. In a sense, that culture of interoperability
    of protocols has actually started lagging
  722. behind a lot with respect
    to popular technology.
  723. So stuff like social networks, most of them
    except the good ones that free software guys
  724. try to build like pump.io or like diaspora,
    well all those technologies started up
  725. without any kind of interoperability
    in mind.
  726. So technically I think we need to push
    again on the direction of interoperability
  727. of protocols, and that's a technical
    contribution that we could do that
  728. will have an impact.
  729. You know, code is law, as Lessig was saying,
    and that would have a technical impact
  730. on the power structures you mention.
  731. That's my thought on this matter.
  732. [Q] I have an answer.
  733. Hello.
  734. I have an answer, sort of an answer
    to the previous question.
  735. This is of course the heart of the difference
    between free software and open source.
  736. The difference between free software and
    open source isn't nothing at all
  737. and it's not about licenses.
  738. It's about goals and aims.
  739. Over the past decades, many of us have
    chosen not to pick a fight with
  740. open source people just for an easy life and,
    you know, it's always easy to have somebody
  741. who might share some of your goals and
    to be able to collaborate with them.
  742. But less and less is it becoming
    the case that
  743. the goals of people who are doing open
    source are the same as the goals
  744. of people doing free software.
  745. You can see that very clearly
    in the responses from people like
  746. Google to things like the AGPL.
  747. And there are a lot of examples.
  748. So, one of the things that we can do
    to try and bring some of
  749. the new crop of developpers along with us
    is to actually make it
  750. a bit more of a fuss about…
  751. You know, let's not come ??? all Stallman
    about that,
  752. Stallman is not the best PR guy, but I think
    Debian can do a lot better than he can
  753. and we've probably got
    a lot more credibility.
  754. And individually, we have as well.
  755. What we need to do is we need to explain
    our vision to those new developpers
  756. who mostly are just being, you know, they
    see an open source marketing machine
  757. and we are something different.
  758. [Zack] Thanks.
  759. So there's not need to be questions and
    answers, so if you have comments, feel free.
  760. [Talkmeister] I think we're running short of
    time and we need to take one more question.
  761. So maybe one last or, Stefano, one last?
  762. [Talkmeister] We can.
  763. Ok, one last question or comment?
  764. [Q] Just a quick comment if I may.
  765. You talked about federated services and
    facebook and dropbox and that sort of thing.
  766. I think maybe the issue here is less about
    federated services but is about identity.
  767. If I have my own dropbox alike and you have
    your own dropbox alike,
  768. the problem is not that the two couldn't
    talk to each other,
  769. we have no way of negotiation of identity
    authentication, access kind of problem.
  770. I think maybe part of the answer to your
    question is
  771. "Can we come up with some way of allowing
    federated identity management
  772. for people in general and just us say".
  773. [Zack] I think this is very much related
    to what I was answering before to Aaron,
  774. in the sense "yes we could".
  775. We have shown in the past that we can
    come up with very smart protocols
  776. that allow people to technically
    interoperate over the net.
  777. But we are coming to late for that.
  778. Those big entities which now have the power
    to attract a lot of users to them
  779. developped before those standard
    that we could have used to make
  780. smaller entities interoperate could
    have been put in place.
  781. So yes, I agree with you, there is technical
    work to be done but in some sense
  782. we are late in doing that work and
    the question now is not only
  783. "How could we do the technical work that
    allows us to have smaller entities
  784. that interoperate for authentication or
    everything else?" and also
  785. "How do we migrate from the status quo to
    the ideal world that would be possible
  786. if those standards existed
    in the first place?".
  787. So in a sense I think we are a bit late
    and we have twice the work to be done
  788. before reaching the optimal and more
    federated situation which I think
  789. would solve the problem.
  790. So, thanks a lot.
  791. [applause]