1 00:00:16,612 --> 00:00:17,380 Can you hear me? 2 00:00:17,701 --> 00:00:18,420 Better. 3 00:00:18,570 --> 00:00:19,562 So, hello everyone. 4 00:00:19,683 --> 00:00:21,382 Welcome again to DebConf, I guess. 5 00:00:21,522 --> 00:00:25,360 It's a great pleasure to be back again at one DebConf 6 00:00:25,443 --> 00:00:28,447 and a great honor to be doing one of the opening talks. 7 00:00:29,161 --> 00:00:31,801 I confess I wasn't really expecting that honor. 8 00:00:31,870 --> 00:00:33,531 I just wanted to propose a session 9 00:00:33,559 --> 00:00:36,281 which was supposed to be a self held sessions 10 00:00:36,281 --> 00:00:39,326 for those of us that think there are some worries 11 00:00:39,520 --> 00:00:43,320 about where the free software is going in general. 12 00:00:43,763 --> 00:00:47,651 And the role distributions have to play in the current state of affairs. 13 00:00:48,004 --> 00:00:50,925 So this talk will be about a couple of journeys at once. 14 00:00:51,216 --> 00:00:54,286 The first journey is a journey through emotions, 15 00:00:54,569 --> 00:00:58,640 through good feelings about what we have achieved in Free Software 16 00:00:58,921 --> 00:01:01,800 over the past 15 to 20 or 30 years 17 00:01:01,824 --> 00:01:03,860 depending on how long you've been involved. 18 00:01:04,006 --> 00:01:06,284 The second journey is essentially my own journey 19 00:01:06,284 --> 00:01:08,122 through software freedom 20 00:01:08,132 --> 00:01:10,840 from the day I started discovering Free Software 21 00:01:10,866 --> 00:01:13,240 and what I've ended up doing since then. 22 00:01:14,282 --> 00:01:17,240 Starting with the positive news. 23 00:01:17,640 --> 00:01:23,001 This is how I got involved myself in free software in 1997. 24 00:01:23,050 --> 00:01:25,140 I understand that there are people in the room 25 00:01:25,161 --> 00:01:27,920 who have been involved since way earlier than that, 26 00:01:27,949 --> 00:01:30,360 others that have been involved since way later than that. 27 00:01:30,450 --> 00:01:31,561 Well, that's my story. 28 00:01:32,046 --> 00:01:34,802 I hope you'll find ??? points with your own story. 29 00:01:35,560 --> 00:01:41,041 When I started as a freshman in a computer science class at university of Bologna, 30 00:01:41,360 --> 00:01:43,600 that was a huge tiping point, 31 00:01:43,845 --> 00:01:47,121 a huge hype point for the so-called opensource movement. 32 00:01:47,560 --> 00:01:52,040 That was the year the very influencial essay by ??? has been published. 33 00:01:52,404 --> 00:01:58,528 That was the year ??? Netscape decided to opensource its own code. 34 00:01:58,870 --> 00:02:01,210 That was the moment in the history of free software 35 00:02:01,320 --> 00:02:04,000 when people were trying to sell to the industry 36 00:02:04,280 --> 00:02:09,431 what free software was doing, and I'm not using that word in a bad sense. 37 00:02:09,610 --> 00:02:12,970 There was reasonable concern that without involvement of the industry, 38 00:02:13,000 --> 00:02:16,400 the free software movement wouldn't have got far. 39 00:02:16,773 --> 00:02:21,830 So they were trying to tell about free software in an industry-friendly way. 40 00:02:22,283 --> 00:02:25,203 Essentially, the rhetoric at the point was that 41 00:02:25,475 --> 00:02:28,800 if you do development of software in the free software way, 42 00:02:28,960 --> 00:02:31,230 in a more open way, a more participative way, 43 00:02:31,360 --> 00:02:35,693 you will end up having better software and that by merely opening up you code 44 00:02:35,896 --> 00:02:40,526 you'll have these flocks of programmers coming to you project and end up helping you. 45 00:02:41,600 --> 00:02:47,046 A few years later, I realised that I personnaly didn't believe much in that idea: 46 00:02:47,261 --> 00:02:50,390 it's only because your software is open that it's gonna be better, 47 00:02:50,727 --> 00:02:53,521 but it was a fair thing to try at the time. 48 00:02:54,282 --> 00:02:57,304 What I discovered a bit later is actually what ??? me 49 00:02:57,304 --> 00:03:00,336 was essentially the philosophy of free software. 50 00:03:00,336 --> 00:03:05,360 The fact that computer user should be in charge and in control of their own machine, 51 00:03:05,480 --> 00:03:07,200 that should have some basic freedom. 52 00:03:07,241 --> 00:03:10,770 You know about the 4 freedoms, I'm not going to repeat them here, 53 00:03:11,067 --> 00:03:15,922 but my personal point is that the narrative of free software is something 54 00:03:15,960 --> 00:03:17,890 that resonated with me a lot at the time. 55 00:03:18,201 --> 00:03:22,720 As a student, I realised that by having free software at my fingertip as a computer science student, 56 00:03:22,722 --> 00:03:27,600 I could debug any single layer of the software stack and look at how things are going. 57 00:03:27,800 --> 00:03:32,000 I didn't have to trust the teacher on how an operating system should be developed. 58 00:03:32,121 --> 00:03:38,904 I was able to open up ??? in the linux kernel and look at the actual scheduling algorithm 59 00:03:38,904 --> 00:03:41,440 that was being implemented in the real kernel. 60 00:03:41,489 --> 00:03:43,555 Not that I really got all of it at the time 61 00:03:43,555 --> 00:03:46,781 but the possibility was just breathtaking for me. 62 00:03:47,911 --> 00:03:52,982 Later on, I ended up distilling the main intuition of free software, 63 00:03:52,982 --> 00:03:55,980 which is the one I used to explain free software to people, 64 00:03:55,980 --> 00:03:57,600 which is intuition of control. 65 00:03:57,832 --> 00:04:03,303 So, I ended up believing that the main reason why I've been involved in this movement 66 00:04:03,362 --> 00:04:07,750 for about fifteen years is that I really believe that every single computer user, 67 00:04:08,013 --> 00:04:10,249 and that's a lot of people these days, 68 00:04:10,249 --> 00:04:13,755 should be in control over their own computations. 69 00:04:13,755 --> 00:04:17,212 Everything you're doing with a device which is mediated via software 70 00:04:17,440 --> 00:04:20,840 is controled by someone, either it is you or it is someone else. 71 00:04:21,539 --> 00:04:24,350 And the best episode, the best narrative to explain that to people 72 00:04:24,391 --> 00:04:26,794 that they've been using for quite a while is this passage 73 00:04:26,794 --> 00:04:29,197 from the novel "Makers" by Cory Doctorow 74 00:04:29,197 --> 00:04:31,600 which is a bit long so I'm not gonna read it in detail, 75 00:04:31,752 --> 00:04:35,518 but essentially there is one character of the novel which is Lester 76 00:04:35,760 --> 00:04:39,580 which is explaining to another character the importance of controling 77 00:04:39,580 --> 00:04:41,370 your own devices, your own tools. 78 00:04:41,370 --> 00:04:44,170 The first example he takes is the example of the hammer, 79 00:04:44,170 --> 00:04:45,840 a physical hammer, 80 00:04:45,840 --> 00:04:48,570 and he goes on saying that if you own a hammer, 81 00:04:48,750 --> 00:04:50,940 essentially you could do whatever you want with it. 82 00:04:50,980 --> 00:04:53,303 You can use it for its main purpose, 83 00:04:53,303 --> 00:04:55,426 or you can use it for something completely different 84 00:04:55,426 --> 00:04:58,520 which was not meant to be its original purpose but it's you that decide. 85 00:04:58,952 --> 00:05:03,886 He compares that another device which is the "Disney in a box" in the novel 86 00:05:04,155 --> 00:05:08,487 and Disney in this book is the big evil villain which is oppressing people 87 00:05:08,770 --> 00:05:14,271 and essentially Disney in a box is a glorified3D printer that can only print 88 00:05:15,131 --> 00:05:17,960 what Disney wants it to print for that day. 89 00:05:18,632 --> 00:05:22,071 One day, it will print a goofie character, 90 00:05:22,071 --> 00:05:24,600 another day it will print Donald Duck, 91 00:05:24,600 --> 00:05:26,160 but it's not you who decides. 92 00:05:26,217 --> 00:05:30,227 It's Disney that decides what the printer is gonna print for you that day. 93 00:05:30,560 --> 00:05:33,968 You own the device but you are not in control of what the device does. 94 00:05:35,080 --> 00:05:38,831 The big quote for me is that if you don't control your life, you're miserable. 95 00:05:39,560 --> 00:05:45,920 This notion of oppression is what has been motivating me for all these years. 96 00:05:46,160 --> 00:05:49,864 So the fact that if you are not in control of your own computation, 97 00:05:49,864 --> 00:05:52,088 then someone is oppressing you. 98 00:05:52,088 --> 00:05:56,552 Someone usually is the person or the company or whatever that has created the software, 99 00:05:56,588 --> 00:05:59,210 that has the power to change that software instead of you. 100 00:05:59,640 --> 00:06:01,413 This is something that really ??? me. 101 00:06:02,711 --> 00:06:05,440 What was I doing at the time with my computer? 102 00:06:05,440 --> 00:06:08,049 Well I was doing pretty standard stuff. 103 00:06:08,049 --> 00:06:10,596 I was using some hardware we had at the time 104 00:06:10,596 --> 00:06:14,063 which was mostly desktops and local network servers. 105 00:06:14,063 --> 00:06:16,668 I didn't have a laptop because it was really expensive for a student 106 00:06:16,668 --> 00:06:19,003 so I did get a laptop much later. 107 00:06:19,003 --> 00:06:21,930 I was doing some content production, some content consumption. 108 00:06:21,983 --> 00:06:24,836 The kind of content I did produce at the time was mostly 109 00:06:24,836 --> 00:06:29,139 office suites, desktop publishing and this kind of stuffs. 110 00:06:29,139 --> 00:06:32,352 I was doing some communication, some email, some IRC, some newsgroup 111 00:06:32,352 --> 00:06:34,705 which was really cool at the time for geek communities. 112 00:06:34,705 --> 00:06:36,946 And I was doing some software development as a newbie 113 00:06:36,946 --> 00:06:38,987 but it was what I was doing at the time. 114 00:06:38,987 --> 00:06:41,941 I also did some content consumption, some gaming 115 00:06:41,941 --> 00:06:46,075 which are arguably some content that someone else is producing for you to consume. 116 00:06:46,075 --> 00:06:47,361 I was doing some web browsing. 117 00:06:47,461 --> 00:06:49,147 Internet was not as popular as it is today, 118 00:06:49,147 --> 00:06:53,113 but there were some websites you could find interesting. 119 00:06:54,163 --> 00:06:57,565 In that situation, with this kind of computing, 120 00:06:57,565 --> 00:07:02,817 the actual path to software freedom and to control was fairly clear. 121 00:07:02,817 --> 00:07:08,001 It was difficult, but it was fairly clear to me as a new activist in free software. 122 00:07:08,057 --> 00:07:11,674 What I should have done, what we all should have done to actually liberate people 123 00:07:11,674 --> 00:07:14,691 from the oppression of people controling our own computation. 124 00:07:15,031 --> 00:07:18,948 The idea is that while you have a lot of pieces of proprietary software 125 00:07:18,948 --> 00:07:22,883 which you do not control, what you need to do is to replace 126 00:07:22,883 --> 00:07:28,488 every such a component of proprietary software with a free software equivalent. 127 00:07:28,658 --> 00:07:31,626 Using some local application, some game, 128 00:07:31,626 --> 00:07:34,054 we need to replace it with an equivalent free game. 129 00:07:34,054 --> 00:07:39,156 We were using some client-server software, some mail ???, some mail client, 130 00:07:39,156 --> 00:07:42,218 some mail server, some IRC client, some IRC server. 131 00:07:42,218 --> 00:07:47,395 What we needed to do to actually empower people and liberate people was to rewrite 132 00:07:47,395 --> 00:07:50,942 those pieces of software with free software equivalents. 133 00:07:50,942 --> 00:07:55,360 It was difficult, because it was a lot of stuff to be rewritten, but it was fairly clear. 134 00:07:55,599 --> 00:07:56,561 The plan was clear. 135 00:07:56,842 --> 00:08:01,560 And also, luckily, we also had, at the time, all the heavy lifting was already in place. 136 00:08:01,880 --> 00:08:04,570 The GNU project existed ??? since quite a while, 137 00:08:04,570 --> 00:08:07,460 the Linux kernel existed already and it was working. 138 00:08:07,460 --> 00:08:11,963 So someone else with shoulders larger than ??? I had at the time 139 00:08:11,963 --> 00:08:15,252 had already done a lot of work for me and me 140 00:08:15,252 --> 00:08:19,458 and together with other free software activists, what I had to focus on was to rewrite 141 00:08:19,458 --> 00:08:24,514 proprietary application into equivalent free software application, possibly better. 142 00:08:24,514 --> 00:08:27,480 That was clear, was hard, but it was fairly clear. 143 00:08:29,001 --> 00:08:34,570 That's where, I think, the notion of a free software project comes from. 144 00:08:34,813 --> 00:08:39,955 We use very often this term of free software project and never ended up 145 00:08:39,955 --> 00:08:44,323 really thinking about that before a few years ago and I think the reason why 146 00:08:44,323 --> 00:08:46,881 we call it free software project is that there is an objective. 147 00:08:46,881 --> 00:08:49,914 So there is a mission, ideally a time-limited one, 148 00:08:49,914 --> 00:08:54,916 and that mission is writing a replacement for a proprietary application using 149 00:08:54,916 --> 00:08:58,828 free software which is as good, possibly better than the original. 150 00:08:59,338 --> 00:09:03,612 Having a lot of free software projects around gives rise to a lot of releases. 151 00:09:03,960 --> 00:09:06,656 So what we were doing a lot at the time in the 90s 152 00:09:06,656 --> 00:09:10,092 was to actually manually install software on our own machines. 153 00:09:10,092 --> 00:09:14,679 To be fair, our lab was running some Red Hat machines. 154 00:09:14,679 --> 00:09:18,107 At the time there weren't that many packages available and 155 00:09:18,107 --> 00:09:21,895 we had to fairly often install stuff by hand on the lab machines 156 00:09:21,895 --> 00:09:25,033 in our own directories and also on our computers at home. 157 00:09:25,033 --> 00:09:27,633 This is a procedure you all know very well. 158 00:09:27,933 --> 00:09:31,693 You download a tarball, you run "configure", you run "make", you run "make install". 159 00:09:32,000 --> 00:09:35,529 The first time I saw that, it was kind of a magical recipe for me. 160 00:09:35,720 --> 00:09:38,792 Just follow these steps and you will get some software to play with. 161 00:09:38,792 --> 00:09:41,890 Well, except that every single step could fail, of course. 162 00:09:42,200 --> 00:09:47,023 Let's keep aside for the moment the fact that the website might be down but, 163 00:09:47,023 --> 00:09:50,726 you run "configure" and you miss some software you need to fetch from somewhere else. 164 00:09:50,726 --> 00:09:54,480 You run "make", you encounter some compilation problem. 165 00:09:54,791 --> 00:09:58,428 You run "make install", maybe the path will clash and so on and so forth. 166 00:09:58,658 --> 00:10:03,160 The problem with this procedure for install software we are using by hand 167 00:10:04,160 --> 00:10:05,801 is that you are essentially conflicting roles. 168 00:10:06,600 --> 00:10:09,800 You're mixing together the role of software user, 169 00:10:10,201 --> 00:10:13,480 the role of system administrator and the role of software developper. 170 00:10:14,080 --> 00:10:19,240 You need to have a little bit of all those skills together to be able to enjoy software. 171 00:10:20,000 --> 00:10:24,760 In a sense, a free software which works like this is essentially a very elistist thing. 172 00:10:25,160 --> 00:10:29,241 It's only an elite which have all the needed skills who is able to enjoy 173 00:10:29,560 --> 00:10:34,440 the benefits of free software and is able to be in control of their own computation. 174 00:10:35,080 --> 00:10:39,240 This is essentially the reason why distributions much earlier had been invented. 175 00:10:39,720 --> 00:10:42,960 We all know very well here what distributions do, 176 00:10:43,320 --> 00:10:48,204 they sit in between software developpers and software users and make it easy for you 177 00:10:48,681 --> 00:10:50,040 to actually use that software. 178 00:10:50,480 --> 00:10:55,600 We do installer work, we create installers, we create package managers, 179 00:10:55,752 --> 00:11:00,040 we do all the integration work that make different pieces of software work well together. 180 00:11:00,480 --> 00:11:04,560 We actually make life easy for final users. 181 00:11:05,480 --> 00:11:11,395 So, for me, something that I started believing is that the ultimate mission of free software 182 00:11:11,395 --> 00:11:16,521 distributions is to actually democratize free software, to enable users 183 00:11:16,720 --> 00:11:20,681 which do not have software development skills or do not have system administration skills, 184 00:11:21,640 --> 00:11:24,547 enable them to enjoy the benefit of free software. 185 00:11:24,960 --> 00:11:27,320 We offer very simple interface, 186 00:11:27,640 --> 00:11:31,601 we offer the equivalent of what these days are called appstores in which 187 00:11:31,760 --> 00:11:34,640 with one click, you can just install some software and 188 00:11:34,800 --> 00:11:38,084 enjoy the benefit of that software, in particular a free software. 189 00:11:39,760 --> 00:11:43,320 This is for me the historical mission of distributions. 190 00:11:44,440 --> 00:11:48,924 Later on, in 1998, our lab decided to switch to Debian 191 00:11:49,920 --> 00:11:51,440 and I was really happy about that. 192 00:11:52,201 --> 00:11:54,120 We switch from Red Hat to Debian and I look out about this project, 193 00:11:54,120 --> 00:11:59,240 I start learning what this project does and I find out that not only 194 00:11:59,440 --> 00:12:02,560 this project Debian was actually up to the mission of empowering user 195 00:12:02,640 --> 00:12:06,480 by making it easy for users to use free software. 196 00:12:06,980 --> 00:12:12,242 If you read the original announcement of Ian Murdock announcing the Debian project, 197 00:12:12,242 --> 00:12:15,880 we'll find this notion of being competitive with proprietary operating systems 198 00:12:16,160 --> 00:12:18,720 and it's really clear that the point is empowering users. 199 00:12:19,403 --> 00:12:24,560 I end up reading about this project and not only I found their mission 200 00:12:24,887 --> 00:12:28,480 they're up to is the mission I believe in, but I found out that the key intuition there 201 00:12:28,760 --> 00:12:30,720 is to make the project a community project. 202 00:12:31,680 --> 00:12:34,121 Not only the target are the users and empowering them, 203 00:12:34,280 --> 00:12:37,840 but also the way to reach that objective is fostering a community 204 00:12:38,120 --> 00:12:40,000 that will work together to that goal. 205 00:12:40,440 --> 00:12:41,760 I got immediately hooked, 206 00:12:41,927 --> 00:12:44,521 I vividly remember the moment a collegue of mine, a student 207 00:12:44,680 --> 00:12:47,441 explained to me the anatomy of a Debian source package, 208 00:12:47,760 --> 00:12:51,120 the fact that it was a .orig.tar.gz, the fact that it was a diff.gz 209 00:12:51,150 --> 00:12:53,881 with the differences with respect to upstream, and all those metadata 210 00:12:53,881 --> 00:12:56,481 that was really thrilling for me from a technical point of view. 211 00:12:57,000 --> 00:13:00,841 A few years later, I ended up joining the nm-process. 212 00:13:01,369 --> 00:13:05,480 I was doing some OCaml development at the time, there were some libraries, 213 00:13:05,521 --> 00:13:08,200 OCaml libraries in Debian, others were missing and I said 214 00:13:08,440 --> 00:13:12,960 "Ok, maybe I should help and create some libraries for the project as well". 215 00:13:13,240 --> 00:13:20,239 I went through nm and there are a few things I've learned doing nm 216 00:13:20,280 --> 00:13:23,360 and also in the subsequent ten years or fifteen years or so. 217 00:13:23,840 --> 00:13:29,720 One thing I've learned in all these years in Debian is the importance of being principled. 218 00:13:30,520 --> 00:13:34,761 Debian is a project that did not start from only technical means 219 00:13:35,280 --> 00:13:37,680 but also decided at some point that they needed some guidance, 220 00:13:37,720 --> 00:13:40,400 some clear guidance of what it should technically and what it shouldn't. 221 00:13:41,240 --> 00:13:45,920 And an important document where we have distilled this notion are the DFSG. 222 00:13:46,602 --> 00:13:47,960 The Debian free software guidance 223 00:13:48,161 --> 00:13:50,961 which has been very influencial on the free software movement as a whole. 224 00:13:51,320 --> 00:13:54,280 They've been used as a base for the open source definition as you know, 225 00:13:54,761 --> 00:13:58,240 and what was very ??? for me is that commitment we had in Debian 226 00:13:58,521 --> 00:14:03,057 in keeping the main archive completely DFSG-free, keeping it completely free software. 227 00:14:03,601 --> 00:14:08,167 This commitment is depicted here by those fearsome character 228 00:14:08,668 --> 00:14:14,400 and his owner on a couch and it's mediating and triggering the NEW queue, supposedly, 229 00:14:14,801 --> 00:14:17,479 and the NEW queue is not necessarily the best way we could implement 230 00:14:17,837 --> 00:14:21,641 a system which triage all the software in the archive and to ensure it's DFSG-free 231 00:14:21,760 --> 00:14:27,320 but it shows our commitment to actually only follow the guidance we have set for ourselves. 232 00:14:27,600 --> 00:14:29,480 It was really motivating for me. 233 00:14:29,760 --> 00:14:32,121 The second thing I've learned and which will come handy in a bit, 234 00:14:32,121 --> 00:14:37,240 is the importance of the legal knowledge and legal geeks in the free software movement. 235 00:14:37,440 --> 00:14:42,400 Like it or not, free software as an ideal is philosophical mean, 236 00:14:42,480 --> 00:14:48,082 but its main implementation is through the legal system, is through copyright licenses. 237 00:14:48,561 --> 00:14:52,280 To really ??? what's happening in free software in general, 238 00:14:52,280 --> 00:14:55,840 to understand where the free software movement is going, figuring out and 239 00:14:55,840 --> 00:14:59,321 really understand what's going on in the legal system is very important. 240 00:15:00,200 --> 00:15:03,920 In Debian, we know that pretty well, that's a stumbling block for many people 241 00:15:04,061 --> 00:15:06,120 when joining the Debian project. 242 00:15:06,120 --> 00:15:09,960 It's something we insist people are at least basically familiar with and 243 00:15:09,960 --> 00:15:14,280 that's pretty characteristic of the Debian project. 244 00:15:14,520 --> 00:15:17,040 In the end, what I've learned is that 245 00:15:17,840 --> 00:15:22,660 in this quest that I feel very much myself against the oppression of someone else 246 00:15:22,660 --> 00:15:27,361 controling your own computation, law, if you hack around it smartly, 247 00:15:27,361 --> 00:15:31,723 can be a very useful ally, a very useful device to liberate users. 248 00:15:33,400 --> 00:15:38,480 Time passes − there was supposed to be an image here, which for some reason disappeared. 249 00:15:38,960 --> 00:15:45,040 And, we might argue that, these days, we have achieved a lot since that moment. 250 00:15:45,520 --> 00:15:48,922 If I look around the industry or, in general, if I look around computing 251 00:15:49,240 --> 00:15:54,000 as people are doing that, free software is a little bit everywhere. 252 00:15:54,680 --> 00:15:58,400 In the industry, there are some stats that claim that essentially 253 00:15:58,640 --> 00:16:02,320 every single software product you find on the market has, inside of it, 254 00:16:02,480 --> 00:16:04,600 a little bit of free software code. 255 00:16:05,536 --> 00:16:08,280 If you look at all the different application stacks we have 256 00:16:08,642 --> 00:16:11,280 from webservers to education to clients to smartphones, 257 00:16:11,602 --> 00:16:15,800 you find a lot of free software, free software infrastructures that are everywhere. 258 00:16:16,400 --> 00:16:19,400 So these are just some stats ??? in the recent years 259 00:16:19,880 --> 00:16:24,600 and for instance if we look at one of the key target market for Debian ??? 260 00:16:24,960 --> 00:16:30,441 we'll find out one website over ten on the Internet in general is running Debian. 261 00:16:30,720 --> 00:16:33,800 If we include also some of our most popular derivatives such as Ubuntu, 262 00:16:34,121 --> 00:16:35,960 we'll find that more than 20% of the websites 263 00:16:36,240 --> 00:16:38,560 are running something which comes from our own work. 264 00:16:39,001 --> 00:16:45,721 And some of the recent hype on free software is coming from the Snowden revelation 265 00:16:45,721 --> 00:16:50,000 and most people are starting to be concerned about what the software they're using is doing 266 00:16:50,400 --> 00:16:55,680 and is turning to free software and is turning to stuff like Tails which is heavily Debian-based 267 00:16:55,680 --> 00:17:00,685 to actually see in which way we can help them foster their own security. 268 00:17:01,281 --> 00:17:03,000 In some sense, we have achieved a lot. 269 00:17:03,680 --> 00:17:08,041 In everything we do in computing, there is a little bit of what we have done 270 00:17:08,041 --> 00:17:10,800 in free software and also a little bit of what we have done in Debian. 271 00:17:11,160 --> 00:17:12,960 This is pretty impressive for me. 272 00:17:13,040 --> 00:17:18,560 We're in a place where I wouldn't have dreamed being when I started in 1997. 273 00:17:18,874 --> 00:17:19,881 That's very impressive. 274 00:17:20,321 --> 00:17:24,160 On the other hand, there are some reasons of concerns 275 00:17:24,480 --> 00:17:27,951 and this is the main thought I wanted to share with you. 276 00:17:30,020 --> 00:17:33,880 There are some technical reasons which we discuss often in free software circles 277 00:17:34,240 --> 00:17:40,040 like the fact that "Ok but most of these platforms are not 100% free software". 278 00:17:40,841 --> 00:17:42,560 If you look at smartphones for instance, 279 00:17:42,760 --> 00:17:48,440 you will find a lot of non free code every here and there and the point can be made that 280 00:17:48,440 --> 00:17:52,041 either you have full control over your own computation, 281 00:17:52,200 --> 00:17:53,440 or you are not in control at all, 282 00:17:53,600 --> 00:17:57,206 because if your software stack is a single layer which is controlled by someone else, 283 00:17:57,206 --> 00:18:01,200 and is mediating all your communication, maybe you're not so sure 284 00:18:01,524 --> 00:18:04,600 that you are the real owner and the real controller for your own device. 285 00:18:04,760 --> 00:18:07,157 That's a absolutely fair point. 286 00:18:07,160 --> 00:18:11,241 We can make some more technical points about for instance non free JavaScript. 287 00:18:11,321 --> 00:18:14,520 More and more of our computations are happening in our browsers 288 00:18:14,855 --> 00:18:17,680 and are happening through code which is delivered to our browser 289 00:18:17,680 --> 00:18:21,081 by remote servers and this code is not free at all. 290 00:18:21,160 --> 00:18:26,840 I absolutely agree with that but the point I want to focus on today is actually 291 00:18:27,040 --> 00:18:29,561 what we call the cloud. 292 00:18:30,080 --> 00:18:33,012 All my images are gone. 293 00:18:34,160 --> 00:18:36,040 You had a very nice image there, sorry. 294 00:18:41,390 --> 00:18:45,525 The remaining point and my main reason of concern is what is being called the cloud. 295 00:18:45,961 --> 00:18:48,640 Let allow me to be a bit generic here for a moment. 296 00:18:49,040 --> 00:18:51,360 I know there are very different ??? in what we call the cloud 297 00:18:51,720 --> 00:18:53,800 and will be specific in all of them in a bit. 298 00:18:54,320 --> 00:18:56,680 But for now I want to focus on the common trend that 299 00:18:56,720 --> 00:18:58,880 the cloud is bringing to computing these days. 300 00:18:59,481 --> 00:19:03,897 Computing today, for most people, is not much different from the kind of computing 301 00:19:03,960 --> 00:19:05,962 I was doing fifteen years ago. 302 00:19:07,240 --> 00:19:09,960 That's the kind of computing that we do on very different hardware, 303 00:19:10,120 --> 00:19:13,920 we have way more smartphones, way more tablets than in the past and that's true. 304 00:19:14,320 --> 00:19:19,160 But the kind of activities we do − producing content, consuming content − is very similar. 305 00:19:19,720 --> 00:19:23,721 The big difference is the kind of technological stack we're using 306 00:19:24,040 --> 00:19:25,880 and where the computations are happening. 307 00:19:26,280 --> 00:19:30,440 For most people today, the kind of office suites we use is no longer 308 00:19:30,640 --> 00:19:33,687 a software which is installed on your machine but it is Google Docs. 309 00:19:34,000 --> 00:19:39,200 I'm an academic myself, I'm very often forced to use some Google Docs applications 310 00:19:39,281 --> 00:19:42,160 to work with others, otherwise I'm free not to work with them, 311 00:19:42,640 --> 00:19:45,881 because it's a technological choice made by someone else. 312 00:19:46,320 --> 00:19:49,240 For many people, e-mail, as you know, just mean GMail. 313 00:19:49,480 --> 00:19:52,960 All our e-mails, even if your not using GMail ourselves, 314 00:19:53,288 --> 00:19:55,480 are passing through some GMail servers. 315 00:19:55,681 --> 00:20:00,080 Asynchronous communications still exist, but it is very often mediated 316 00:20:00,200 --> 00:20:01,640 to software like Skype or GTalk. 317 00:20:02,000 --> 00:20:02,940 And so on and so forth. 318 00:20:02,940 --> 00:20:04,240 You have seen this list very often. 319 00:20:04,920 --> 00:20:08,640 Consuming content, there as well, we are still doing gaming, 320 00:20:08,640 --> 00:20:11,400 we are still doing browsing but it's often mediated by platforms 321 00:20:11,520 --> 00:20:14,320 which are far away from us and just stream content to us or, 322 00:20:14,480 --> 00:20:19,320 in the specific case of web browsing, they are more and more often hosted 323 00:20:19,320 --> 00:20:23,120 by very few hosters in the world − which we often ??? to a walled garden − 324 00:20:23,240 --> 00:20:25,644 that can do whatever they want with our content. 325 00:20:27,040 --> 00:20:30,720 The point here is not demonizing those services. 326 00:20:30,960 --> 00:20:35,307 People are using those services because they are convenient and 327 00:20:35,560 --> 00:20:39,525 there is a lot of network effect going on that makes it easy for other people 328 00:20:39,601 --> 00:20:41,360 to start using those services. 329 00:20:41,720 --> 00:20:44,200 It's really not the point of demonizing those services. 330 00:20:44,200 --> 00:20:49,444 The point here is observing that interesting computations that we are doing 331 00:20:49,720 --> 00:20:53,200 as our job, as our life, 332 00:20:53,320 --> 00:20:57,241 are no longer happening on our machines, but are happening on other machines 333 00:20:57,390 --> 00:21:02,400 which are far away from us and which are not under our direct control. 334 00:21:02,641 --> 00:21:09,200 In this context, for me, I confess, what actually is the road to software freedom 335 00:21:09,200 --> 00:21:12,040 and to control, to enable people to control their own computation 336 00:21:12,120 --> 00:21:13,080 is no longer clear. 337 00:21:13,400 --> 00:21:17,080 It's no longer enough to say "Well, we just need to rewrite 338 00:21:17,200 --> 00:21:20,383 Google or Facebook or Twitter in free software". 339 00:21:20,440 --> 00:21:23,961 That's not enough, because even if you do that, you have the problem 340 00:21:23,961 --> 00:21:27,401 that when you are using a server you don't know if the code it is running 341 00:21:27,521 --> 00:21:31,658 is the one they claim it is running, so that's a very difficult problem to solve. 342 00:21:31,880 --> 00:21:35,320 And even if it were the case, where do you deploy yourself 343 00:21:35,600 --> 00:21:38,521 a Google-like architecture, or a Facebook-like architecture? 344 00:21:38,800 --> 00:21:40,000 You simply can't. 345 00:21:40,400 --> 00:21:42,371 It is no longer enough to just say 346 00:21:42,521 --> 00:21:45,200 "We just need to make some software development, 347 00:21:45,320 --> 00:21:47,802 we just need to make it better than the alternative." 348 00:21:48,201 --> 00:21:51,600 There is a real tricky combination between software development 349 00:21:51,819 --> 00:21:55,881 and software deployment which not easy to see how to fix it. 350 00:21:56,380 --> 00:21:59,520 At least for me, it's very ??? 351 00:21:59,620 --> 00:22:01,043 So, what about distros? 352 00:22:02,139 --> 00:22:06,280 We are distro people, doing one of the most popular distro in existence. 353 00:22:06,320 --> 00:22:09,248 Are we winning or are we losing in this situation? 354 00:22:09,400 --> 00:22:13,165 How are we doing in terms of our efforts? 355 00:22:14,074 --> 00:22:16,320 In a sense, we are very much winning. 356 00:22:17,521 --> 00:22:20,800 A lot of our work is being used to deploy those infrastructures. 357 00:22:21,320 --> 00:22:24,080 A lot of the infrastructure of the big companies are deploying 358 00:22:24,200 --> 00:22:27,560 on top of free software, if not direct on top of our very own systems, 359 00:22:27,640 --> 00:22:31,560 maybe modified here and there where they need to make things better 360 00:22:31,560 --> 00:22:34,680 as it is their own right given it's all free software. 361 00:22:35,400 --> 00:22:36,680 In that sense, we're winning. 362 00:22:37,137 --> 00:22:38,480 We're increasing market share, 363 00:22:38,642 --> 00:22:40,920 ??? are being used a lot to make infrastructure. 364 00:22:41,400 --> 00:22:46,240 But we are also losing in the sense that we are really not empowering users 365 00:22:46,240 --> 00:22:48,560 to be in control of their own computations. 366 00:22:49,000 --> 00:22:53,401 If our final users are the sysadmin that are running those infrastructures, 367 00:22:53,720 --> 00:22:55,202 for them we are doing great. 368 00:22:55,360 --> 00:22:56,920 We are making them be sure 369 00:22:56,920 --> 00:22:59,041 they are in control of their own infrastructure. 370 00:22:59,320 --> 00:23:01,640 But for the final users of those services, 371 00:23:01,960 --> 00:23:04,562 we are really not empowering them at the moment. 372 00:23:05,080 --> 00:23:07,241 So what I call the free software dark ages, 373 00:23:07,280 --> 00:23:13,241 which is an expression I actually borrowed from [name] ??? quite inspiring, 374 00:23:13,520 --> 00:23:17,760 is a situation in which we win on the end user market 375 00:23:17,760 --> 00:23:21,681 so every single device out there in the hand of people − desktop, 376 00:23:21,681 --> 00:23:26,000 laptop, even smartphones where right now we are not doing very well − 377 00:23:26,160 --> 00:23:28,360 all of this is running free software. 378 00:23:28,440 --> 00:23:29,720 All of that is running Debian. 379 00:23:30,080 --> 00:23:34,600 So, total world domination as we were talking about a long time ago. 380 00:23:34,760 --> 00:23:39,080 But all interesting computations, all the final user application 381 00:23:39,201 --> 00:23:42,920 which is being used to bring on with your digital life, 382 00:23:43,160 --> 00:23:46,801 are no longer happening on your devices, happening far away from you 383 00:23:47,040 --> 00:23:50,363 on computer you do not control, sometime with free software, 384 00:23:50,363 --> 00:23:51,655 sometime with non free software. 385 00:23:52,001 --> 00:23:54,126 But in any case, outside of your own control. 386 00:23:54,440 --> 00:23:59,520 In a sense, this is very worrysome for me because we have this ??? we are very popular. 387 00:23:59,640 --> 00:24:06,600 We are winning the war − we were using a lot of this war-like terminology when I started. 388 00:24:06,600 --> 00:24:11,680 But the war we are winning seems to become increasingly pointless 389 00:24:12,080 --> 00:24:15,522 because it's not being useful to actually empower users to be in control 390 00:24:15,800 --> 00:24:17,240 of their own computation. 391 00:24:18,401 --> 00:24:23,601 To make things worse, there seems to be some cultural problems that might be 392 00:24:23,601 --> 00:24:28,441 just a perception of mind, maybe being too pessimistic, but it seems to me that, 393 00:24:28,441 --> 00:24:31,520 as developper communities, as hacker communities, 394 00:24:31,640 --> 00:24:34,440 we are becoming way more lenient, way more ??? 395 00:24:34,960 --> 00:24:38,281 about the lack of control on the tools and on infrastructure we use 396 00:24:38,600 --> 00:24:39,760 to make free software. 397 00:24:40,280 --> 00:24:43,880 More and more often we see free software developed on non-free infrastructure, 398 00:24:43,880 --> 00:24:47,280 meaning infrastructures which are built using non free software 399 00:24:47,360 --> 00:24:50,600 and which are anyhow centralized in the hand of a few hosters. 400 00:24:53,670 --> 00:24:55,640 The new generation of developpers which is coming up 401 00:24:55,720 --> 00:24:57,080 seems to be totally fine with that. 402 00:24:57,320 --> 00:25:00,520 I'm not gonna argue this point in much detail, there is a great essay by Mako 403 00:25:00,880 --> 00:25:03,880 that I encourage all of you to read, "Free software needs free tools", 404 00:25:04,200 --> 00:25:05,840 which actually make couple of points. 405 00:25:05,881 --> 00:25:09,360 One is that by using non free software to make free software, 406 00:25:09,360 --> 00:25:11,081 we are sending out a very bad message. 407 00:25:11,160 --> 00:25:13,814 We are telling to the world that free software is good for you, 408 00:25:13,814 --> 00:25:16,480 that's why we are developing it, but it's not good for us 409 00:25:16,561 --> 00:25:18,480 because we are using non free tools to make it. 410 00:25:18,801 --> 00:25:21,841 That's the kind of ??? in our advertising message, 411 00:25:21,920 --> 00:25:26,120 but it's also making the software we are creating indirectly less free, 412 00:25:26,401 --> 00:25:29,880 because if the favorite way to contribute to that free software 413 00:25:29,961 --> 00:25:32,200 is using some non free infrastructure, some non free tools, 414 00:25:32,320 --> 00:25:35,840 indirectly we're making people that only want to use free software 415 00:25:36,040 --> 00:25:38,600 less apt to contribute to that software. 416 00:25:38,920 --> 00:25:41,241 So I really recommend reading that essay. 417 00:25:41,560 --> 00:25:44,800 But also technically, we are going back to a sort of a cage problem, 418 00:25:44,920 --> 00:25:49,640 which is also a problem which is called "the problem of the bug that noone can fix" 419 00:25:49,680 --> 00:25:53,640 by the FSF I think, and essentially we're creating software stacks 420 00:25:53,680 --> 00:25:57,400 in which some part of it is entirely free software, that we can debug 421 00:25:57,481 --> 00:26:02,320 and some other parts are non free software or software run by someone else, 422 00:26:02,600 --> 00:26:05,160 so we have lost the ability to debug the full stack. 423 00:26:05,960 --> 00:26:11,000 When I was starting to learn programming, this idea that I could debug everything 424 00:26:11,280 --> 00:26:14,801 from the end user I was writing myself for an assignment 425 00:26:14,920 --> 00:26:17,709 down to the kernel level was just exciting for me. 426 00:26:18,040 --> 00:26:20,520 We seem to be losing sight of this, a little bit. 427 00:26:21,800 --> 00:26:25,360 As a second cultural problem, we seem to be losing sight of 428 00:26:25,720 --> 00:26:29,160 how much help we could get from the legal system 429 00:26:29,492 --> 00:26:32,720 and from new legal solution that we might be in need of finding. 430 00:26:33,041 --> 00:26:38,361 An example of that is the post open source software "POSS" debate 431 00:26:38,640 --> 00:26:40,720 which some of you might have run into. 432 00:26:41,000 --> 00:26:43,920 That's a debate which actually observes that the new generation of 433 00:26:44,160 --> 00:26:48,008 free software developpers actually don't care about licenses. 434 00:26:48,523 --> 00:26:51,363 They just want to kick out their code, just put it on GitHub, 435 00:26:51,643 --> 00:26:54,963 not declaring their license at all and they're just fine with that. 436 00:26:55,363 --> 00:27:00,883 They want to be ??? to have the hassle of deciding first of all a license, 437 00:27:01,208 --> 00:27:04,403 second of all also some governance model for their projects. 438 00:27:04,483 --> 00:27:09,163 They just want to be hacking and doing, and not caring about those annoying details. 439 00:27:10,163 --> 00:27:15,523 This could be intervetedly interpreted in positive ways like says that 440 00:27:15,763 --> 00:27:22,523 we want the right to work on the code and to do whatever we want with that by default. 441 00:27:22,763 --> 00:27:25,483 We do not want to be expliciting which kind of rights we give and 442 00:27:25,643 --> 00:27:27,603 that's a very positive interpretation of this phenomenon. 443 00:27:28,043 --> 00:27:32,083 But in the end, for now, it is creating a huge bunch of code that 444 00:27:32,123 --> 00:27:35,243 we could not use as free software yet. 445 00:27:35,443 --> 00:27:38,643 For instance we cannot include in Debian something that does not have a license at all. 446 00:27:39,523 --> 00:27:43,043 A second example is the debate about the non freeness of AGPL. 447 00:27:43,723 --> 00:27:49,923 If you look up the history of free software, there is argument that GPL itself is not free. 448 00:27:50,003 --> 00:27:52,723 It's an argument that was being used twenty years ago 449 00:27:52,763 --> 00:27:56,963 when the battle between copyleft and liberalizing was very high, was very harsh. 450 00:27:57,403 --> 00:27:59,402 And it's just recurring again. 451 00:27:59,843 --> 00:28:04,123 So maybe for some syntactically interpretation of our own guidance, 452 00:28:04,163 --> 00:28:08,123 we could make the point that something like the AGPL is non free, maybe. 453 00:28:08,603 --> 00:28:12,883 But the point is that the way we distribute software to final users is really changing. 454 00:28:13,443 --> 00:28:18,123 Twenty years ago or fifteen years ago, the main way to enable some user to use 455 00:28:18,363 --> 00:28:21,283 a piece of software was actually to make a copy of that software and 456 00:28:21,283 --> 00:28:25,163 give it to him or to her via the network or some media. 457 00:28:25,563 --> 00:28:29,163 And all those ???, that kind of conveying software is clearly 458 00:28:29,163 --> 00:28:34,483 distribution and that kind of activity used to trigger some sort of license ???. 459 00:28:34,723 --> 00:28:38,443 These days, a software is no longer distributed that way, in large parts. 460 00:28:38,729 --> 00:28:44,683 It's being used over the net and something like the AGPL is the equivalent of triggering 461 00:28:44,803 --> 00:28:48,203 some licensing condition via the main way of distributing, 462 00:28:48,243 --> 00:28:50,123 of giving access to some software. 463 00:28:50,603 --> 00:28:53,453 I want to enter in details in this debate. 464 00:28:53,493 --> 00:28:56,283 Those are just examples, for me they are examples of the fact that 465 00:28:56,283 --> 00:29:01,163 we are kind of losing faith in how much the legal system and free software 466 00:29:01,203 --> 00:29:02,403 are intertwined. 467 00:29:02,922 --> 00:29:06,435 And this actually mixes very badly with the situation in which 468 00:29:06,435 --> 00:29:10,324 users are losing control because those computations are moving away from them. 469 00:29:10,683 --> 00:29:14,243 I think this situation, in general, is not going to fix themselves 470 00:29:14,608 --> 00:29:18,403 and we, as distribution people, have a role to play in fixing it. 471 00:29:19,723 --> 00:29:25,563 What could be a role for Debian in all this computing situation we have these days. 472 00:29:27,813 --> 00:29:31,883 The common trend in the so called cloud seems to be that computations 473 00:29:31,925 --> 00:29:33,844 are moving away from user devices. 474 00:29:34,643 --> 00:29:37,763 We cannot just say "Well just don't use anything cloudy", 475 00:29:38,043 --> 00:29:40,083 because it is convenient, people will want to use that. 476 00:29:40,243 --> 00:29:41,563 We need to do something different. 477 00:29:41,921 --> 00:29:46,291 As distribution people, we could do a lot, I think, and I have a couple of thoughts 478 00:29:46,564 --> 00:29:53,683 to share with you that are different depending on the so called service model 479 00:29:53,683 --> 00:29:54,643 of the cloud. 480 00:29:54,803 --> 00:29:57,521 One of the first service model of the cloud you might have heard about is 481 00:29:57,685 --> 00:30:00,643 "Infrastructure as a Service" (IaaS) where essentially you have servers that 482 00:30:00,849 --> 00:30:05,643 give virtual machines to people and essentially you get to administer 483 00:30:05,763 --> 00:30:08,403 your own machine which is a virtual machine on a virtual machine server 484 00:30:08,683 --> 00:30:10,206 controlled by someone else. 485 00:30:10,444 --> 00:30:14,243 This is potentially very good for people because it is lowering the barrier 486 00:30:14,284 --> 00:30:16,323 you need to have your own server. 487 00:30:16,643 --> 00:30:21,083 When I first set up my own server with friends, at the end of the 90's, 488 00:30:21,324 --> 00:30:24,883 we had to buy some machine, to find someone kind enough to host it, 489 00:30:25,003 --> 00:30:27,523 pay the hosting fees and so on and so forth. 490 00:30:27,723 --> 00:30:31,963 It was something that was by far not at all accessible to the random user. 491 00:30:32,323 --> 00:30:37,045 These days, a lot of people can simply go to some virtual machine provider, rent 492 00:30:37,283 --> 00:30:42,044 a virtual machine with one-click button and they have their own machine to administer. 493 00:30:42,364 --> 00:30:46,164 Maybe they don't have the skill to administer it, that's a different problem, 494 00:30:46,332 --> 00:30:50,403 but you are definitly lowering the barrier to access, to have you own server 495 00:30:50,682 --> 00:30:52,563 and do your own remote computation. 496 00:30:53,083 --> 00:30:56,363 As Debian, we are doing pretty well in this area, I think. 497 00:30:56,483 --> 00:31:00,206 We're offering technology like OpenStack and other competitors of OpenStack, 498 00:31:00,403 --> 00:31:04,603 which seems to be the market leader on that market which are entirely free software. 499 00:31:04,884 --> 00:31:09,963 But I think we should be investing more in offering a trivial deployment experience 500 00:31:10,211 --> 00:31:11,364 for Debian users. 501 00:31:11,403 --> 00:31:15,765 We should make trivial for people to have their own virtual machine servers. 502 00:31:15,765 --> 00:31:19,203 If they are not computer geeks, they should be able to flock together friends 503 00:31:19,443 --> 00:31:25,523 which have system administration ability and have their own local IaaS 504 00:31:25,723 --> 00:31:30,843 and have their own virtual machine without having to rely on big hosters provided 505 00:31:30,923 --> 00:31:33,043 virtual machines to everyone in the world. 506 00:31:33,444 --> 00:31:36,523 This is a great step to our autonomy. 507 00:31:36,603 --> 00:31:40,683 As Debian, what is the best deployment experience we can offer for people 508 00:31:40,724 --> 00:31:43,323 that want to setup their own virtual machine servers. 509 00:31:44,163 --> 00:31:48,124 Then, there is another service model which is called PaaS, "platform as a service". 510 00:31:48,163 --> 00:31:51,724 This is a kind of service model in which essentially you have hosters 511 00:31:51,724 --> 00:31:55,724 of application engines, you develop application targeting 512 00:31:55,724 --> 00:31:58,043 specific application engine. 513 99:59:59,999 --> 99:59:59,999 An exemple of this is Google App Engine. 514 99:59:59,999 --> 99:59:59,999 I think in some sense this service model of the cloud is mostly orthogonal to 515 99:59:59,999 --> 99:59:59,999 what we do as a distribution because either you're using a full fledge distribution 516 99:59:59,999 --> 99:59:59,999 and you do your own system administration, or you are developping an application 517 99:59:59,999 --> 99:59:59,999 for a specific application server and you rely on someone else 518 99:59:59,999 --> 99:59:59,999 to do that administration. 519 99:59:59,999 --> 99:59:59,999 So, yes, I think it's mostly orthogonal to what we do, but might also be 520 99:59:59,999 --> 99:59:59,999 a symptom that there is a reject from the application developper community, 521 99:59:59,999 --> 99:59:59,999 a reject from the way they can target distributions like Debian. 522 99:59:59,999 --> 99:59:59,999 So if it is very difficult to have your own application running properly on Debian 523 99:59:59,999 --> 99:59:59,999 because we have old software, because we change libraries, because we do not accept 524 99:59:59,999 --> 99:59:59,999 multiple copies of the same libraries and so on and so forth, 525 99:59:59,999 --> 99:59:59,999 if it is too difficult for application developpers to target Debian, 526 99:59:59,999 --> 99:59:59,999 they might be more and more tempted to target applications servers like PaaS. 527 99:59:59,999 --> 99:59:59,999 So there might be something we could do about this, here, like finding better synergies 528 99:59:59,999 --> 99:59:59,999 between containerization technology, we have some work done in Debian, 529 99:59:59,999 --> 99:59:59,999 and the way we usually develop some, we usually maintain a distribution. 530 99:59:59,999 --> 99:59:59,999 There might be something we could do about this here. 531 99:59:59,999 --> 99:59:59,999 Oh, and I didn't mention this, but I have no specific answer to give to you, 532 99:59:59,999 --> 99:59:59,999 just a train of thoughts I wanted to share with you and what we could do 533 99:59:59,999 --> 99:59:59,999 to improve the situation. 534 99:59:59,999 --> 99:59:59,999 The final service model we have in the cloud, which is I think worrysome 535 99:59:59,999 --> 99:59:59,999 from the point of view of user control, is SaaS, Software as a Service. 536 99:59:59,999 --> 99:59:59,999 There, essentially your own device, your own computer only is thin client 537 99:59:59,999 --> 99:59:59,999 and rely entirely on a remote server to do your own computation. 538 99:59:59,999 --> 99:59:59,999 We are back to the mainframe / thin client distinction of the early days of computing 539 99:59:59,999 --> 99:59:59,999 and here, there is a lot we could do, I think, but also a lot we could not do. 540 99:59:59,999 --> 99:59:59,999 Here, most of the work should come from upstreams. 541 99:59:59,999 --> 99:59:59,999 We need better free software and federated replacement for 542 99:59:59,999 --> 99:59:59,999 popular centralized proprietary applications in which users can participate 543 99:59:59,999 --> 99:59:59,999 in some kind of network by using their own node. 544 99:59:59,999 --> 99:59:59,999 This is work that should not come from distribution itself, it should really come 545 99:59:59,999 --> 99:59:59,999 from application developpers upstream. 546 99:59:59,999 --> 99:59:59,999 But still, there are useful things we could do here. 547 99:59:59,999 --> 99:59:59,999 We already have a lot of building blocks. 548 99:59:59,999 --> 99:59:59,999 We have stuff like Owncloud, Git-annex, mediagoblin, pump.io, Yacy. 549 99:59:59,999 --> 99:59:59,999 We have a lot of good building blocks, most of them are not yet up to par 550 99:59:59,999 --> 99:59:59,999 with the centralized proprietary equivalent, but I'm confident we could get there. 551 99:59:59,999 --> 99:59:59,999 What we lack is the equivalent ease of deployment of these services on user machines. 552 99:59:59,999 --> 99:59:59,999 In some sense, if we have democratized the installation of software twenty years ago 553 99:59:59,999 --> 99:59:59,999 with distributions, these days, to face the challenge of control of our own computation, 554 99:59:59,999 --> 99:59:59,999 we need to make it as easy as using a package manager to install 555 99:59:59,999 --> 99:59:59,999 your own nodes using those applications. 556 99:59:59,999 --> 99:59:59,999 Ideally, everyone in the world without nothing more than basic computer user skills 557 99:59:59,999 --> 99:59:59,999 should be able to have its own machine at home doing some anonymous browsing, 558 99:59:59,999 --> 99:59:59,999 doing some mail handling, doing web hosting, doing storage calendar, 559 99:59:59,999 --> 99:59:59,999 doing encrypted peer to peer backup, and so and so forth. 560 99:59:59,999 --> 99:59:59,999 I'm maintaining my own mail server and it is a user ???, I struggle myself 561 99:59:59,999 --> 99:59:59,999 to keep up with the need of knowledge and of surveillance that I need to make 562 99:59:59,999 --> 99:59:59,999 to my own mail server to be able to run it properly and I get blacklisted 563 99:59:59,999 --> 99:59:59,999 from time to time from providers and it's a pain. 564 99:59:59,999 --> 99:59:59,999 Something that no one without having at least some basic system administration ability 565 99:59:59,999 --> 99:59:59,999 could do properly. 566 99:59:59,999 --> 99:59:59,999 This is the thing we need, the nut we need to crack. 567 99:59:59,999 --> 99:59:59,999 We need to empower everyone out there to have its own computer with 568 99:59:59,999 --> 99:59:59,999 its own node of those services. 569 99:59:59,999 --> 99:59:59,999 Of course, you are all thinking of the FreedomBox now. 570 99:59:59,999 --> 99:59:59,999 That's a great example of a project who wants to tackle precisely that problem. 571 99:59:59,999 --> 99:59:59,999 It's a project that's been announced by Eben Moglen a few years ago at a Debconf 572 99:59:59,999 --> 99:59:59,999 if my memory serves me well. 573 99:59:59,999 --> 99:59:59,999 It's heavily based on Debian and it's doing exactly that. 574 99:59:59,999 --> 99:59:59,999 But my question from the Debian point of view is: 575 99:59:59,999 --> 99:59:59,999 maybe this project should not only be a spin-off of Debian, 576 99:59:59,999 --> 99:59:59,999 should not only be a derivative distribution of Debian, 577 99:59:59,999 --> 99:59:59,999 maybe we should think at making something like this a first class citizen in Debian. 578 99:59:59,999 --> 99:59:59,999 I don't know exactly what that means yet, it's something we could think about 579 99:59:59,999 --> 99:59:59,999 having the main administration interface for Debian something 580 99:59:59,999 --> 99:59:59,999 that targets these specific scenarios. 581 99:59:59,999 --> 99:59:59,999 We could generalize that, we do not need to target only specific plug devices 582 99:59:59,999 --> 99:59:59,999 because people at home might have desktop computers, might have media center. 583 99:59:59,999 --> 99:59:59,999 They might want something like the FreedomBox at home and 584 99:59:59,999 --> 99:59:59,999 collaborate with others immediately. 585 99:59:59,999 --> 99:59:59,999 My point here is that if our mission back in the days was to 586 99:59:59,999 --> 99:59:59,999 democratize free software by making it easier to install free software 587 99:59:59,999 --> 99:59:59,999 on your machine, today our mission is to democratize free software by making it 588 99:59:59,999 --> 99:59:59,999 trivial to install some node of some federation of free services on your machine. 589 99:59:59,999 --> 99:59:59,999 Another thing we could do, it is the last one for me today, 590 99:59:59,999 --> 99:59:59,999 is to step in the free service debate. 591 99:59:59,999 --> 99:59:59,999 When I started looking up these arguments a few years back, I was surprised by 592 99:59:59,999 --> 99:59:59,999 the fact that it's still not clear what it does mean to be a free service. 593 99:59:59,999 --> 99:59:59,999 When I started working on free software fifteen years ago, 594 99:59:59,999 --> 99:59:59,999 it was fairly clear what does free software mean. 595 99:59:59,999 --> 99:59:59,999 Sure, it was some terminology debate between free software and open source 596 99:59:59,999 --> 99:59:59,999 which still exists today, 597 99:59:59,999 --> 99:59:59,999 but the basic freedoms, the basic rights you should have to call something 598 99:59:59,999 --> 99:59:59,999 free and open source was fairly clear. 599 99:59:59,999 --> 99:59:59,999 That kind of intellectual debate had already happened at the time. 600 99:59:59,999 --> 99:59:59,999 Today, where the problem of computations moving away from indivual user 601 99:59:59,999 --> 99:59:59,999 is raging, there is no clear consensus on that matter. 602 99:59:59,999 --> 99:59:59,999 There is some great work, for instance there is the Franklin Street statement on 603 99:59:59,999 --> 99:59:59,999 free network service, I think that's a full ???, 604 99:59:59,999 --> 99:59:59,999 dating back to 2008, six years ago, in which you find a lot of very useful 605 99:59:59,999 --> 99:59:59,999 recommendations for users, for software developpers and for system administrators 606 99:59:59,999 --> 99:59:59,999 to make sure that you maximize your control over your own computation on the network, 607 99:59:59,999 --> 99:59:59,999 but they take no stance on what it does mean to be a free service. 608 99:59:59,999 --> 99:59:59,999 Is it enough to have something which is free, do you need more specific license. 609 99:59:59,999 --> 99:59:59,999 There are some recommendation on that point, but still, 610 99:59:59,999 --> 99:59:59,999 there are no clear answers to this question. 611 99:59:59,999 --> 99:59:59,999 There is another work by RMS in 2010 about Software as a Service or 612 99:59:59,999 --> 99:59:59,999 "service as a software substitute" as he calls it. 613 99:59:59,999 --> 99:59:59,999 Here, essentially what you have is a main recommandation about 614 99:59:59,999 --> 99:59:59,999 not using Software as a Service at all. 615 99:59:59,999 --> 99:59:59,999 Essentially there is a recommandation of doing your own computation 616 99:59:59,999 --> 99:59:59,999 on your own machines. 617 99:59:59,999 --> 99:59:59,999 I think that might be a generally good recommandation but it's not gonna scale, 618 99:59:59,999 --> 99:59:59,999 it's not gonna be enough in my opinion to convince people 619 99:59:59,999 --> 99:59:59,999 not to use very convenient services. 620 99:59:59,999 --> 99:59:59,999 Think we need more gradual and blurry lines saying, encouraging people 621 99:59:59,999 --> 99:59:59,999 to keep computation closer to them, to rely on federation of friends of people 622 99:59:59,999 --> 99:59:59,999 to do computation together. 623 99:59:59,999 --> 99:59:59,999 And we, as distribution people, could make easier for them to do so. 624 99:59:59,999 --> 99:59:59,999 And then there is another work which is "Network Services Aren't Free or Nonfree" 625 99:59:59,999 --> 99:59:59,999 which is a couple of years later, still by RMS, which essentially tries to walk the fine line 626 99:59:59,999 --> 99:59:59,999 between what's the difference between a pure service, so a service that 627 99:59:59,999 --> 99:59:59,999 just for instance convey messages, as opposed to a service which does 628 99:59:59,999 --> 99:59:59,999 computation that could have been done instead on your machine. 629 99:59:59,999 --> 99:59:59,999 That's a very fine line to work, it's very difficult to stay there and 630 99:59:59,999 --> 99:59:59,999 what we might need there is a strong opposition, actually, and we should try 631 99:59:59,999 --> 99:59:59,999 to replace everything which is centralized with federated equivalent and say that 632 99:59:59,999 --> 99:59:59,999 we as free software people and distribution people should work in that direction. 633 99:59:59,999 --> 99:59:59,999 So what we could do in Debian. 634 99:59:59,999 --> 99:59:59,999 Well, I think we should try to step in this debate. 635 99:59:59,999 --> 99:59:59,999 Surprisingly for me, we still have no clear answer to what it means to be a free service 636 99:59:59,999 --> 99:59:59,999 today and we have quite a bit of experience in Debian 637 99:59:59,999 --> 99:59:59,999 in leading debates in free sotfware. 638 99:59:59,999 --> 99:59:59,999 We have created the DFSG which is being used as an example for 639 99:59:59,999 --> 99:59:59,999 many other communities, we have participated in the GPLv3 discussion for instance. 640 99:59:59,999 --> 99:59:59,999 Our decisions of free license are looked up by other projects. 641 99:59:59,999 --> 99:59:59,999 So we might have the authority and the reputation to step in this debate 642 99:59:59,999 --> 99:59:59,999 and we also have a lot of technical knowledge in the area. 643 99:59:59,999 --> 99:59:59,999 Being a distribution commited to free software, we know a thing or two not only about 644 99:59:59,999 --> 99:59:59,999 software freedom, but also about how you deploy software, how difficult it is 645 99:59:59,999 --> 99:59:59,999 and how difficult it should be for people to deploy free software. 646 99:59:59,999 --> 99:59:59,999 So I think we are in just the sweet spot to actually enter this debate 647 99:59:59,999 --> 99:59:59,999 with the needed authority and make a contribution to actually help people 648 99:59:59,999 --> 99:59:59,999 realize what it means today to use a free service. 649 99:59:59,999 --> 99:59:59,999 The concluding question I have for you is 650 99:59:59,999 --> 99:59:59,999 "What's Debian take today on liberating users?". 651 99:59:59,999 --> 99:59:59,999 Would we be happy enough to have Debian on every machine in the world 652 99:59:59,999 --> 99:59:59,999 if people are using completely remote services? 653 99:59:59,999 --> 99:59:59,999 And if we were not, what should we do, what should we be working on to change 654 99:59:59,999 --> 99:59:59,999 that future which seems very much the future that we have at hand. 655 99:59:59,999 --> 99:59:59,999 Pictures are gone, so there was a cloud on the left, 656 99:59:59,999 --> 99:59:59,999 there was Debian here and a sun here. 657 99:59:59,999 --> 99:59:59,999 LaTeX, beamer or Tikz or something is playing tricks on me. 658 99:59:59,999 --> 99:59:59,999 So that's all I have for you, I hope I've given you some food for thoughts 659 99:59:59,999 --> 99:59:59,999 for this week and if you have any question or comments in these topics, 660 99:59:59,999 --> 99:59:59,999 I'm very much happy to hear about that. 661 99:59:59,999 --> 99:59:59,999 Thank's a lot. 662 99:59:59,999 --> 99:59:59,999 [applause] 663 99:59:59,999 --> 99:59:59,999 There seems to be a mic which is floating around down there. 664 99:59:59,999 --> 99:59:59,999 [Q] ??? quite a lot and quite brilliantly about what cloud computing buzzwords 665 99:59:59,999 --> 99:59:59,999 mean free software, but I think what important battle we are actually losing is ??? 666 99:59:59,999 --> 99:59:59,999 in the minds of people. 667 99:59:59,999 --> 99:59:59,999 [Q] Why is it young developpers or newcommers to free software 668 99:59:59,999 --> 99:59:59,999 don't care about software being free? 669 99:59:59,999 --> 99:59:59,999 [Q] Why don't they care about using non free tools, why don't they care about 670 99:59:59,999 --> 99:59:59,999 which license declare for their software if any license is at all? and so on. 671 99:59:59,999 --> 99:59:59,999 [Q] You mention that problem, but what do we do about it? Do you have any ideas? 672 99:59:59,999 --> 99:59:59,999 [Zack] Well, a friend of mine we asked a similar question I think once answered 673 99:59:59,999 --> 99:59:59,999 "What could they say more that 'Oh those young kids' ". 674 99:59:59,999 --> 99:59:59,999 So, I don't know, maybe it's our fault, maybe we have failed as a generation 675 99:59:59,999 --> 99:59:59,999 to convey the importance that being in control of our own computation had, 676 99:59:59,999 --> 99:59:59,999 or maybe it's just that the public that is open to coding and 677 99:59:59,999 --> 99:59:59,999 hacking is much larger than in the past so we are reaching out other communities. 678 99:59:59,999 --> 99:59:59,999 It's very good for them to be coding because I think every citizen in the world need 679 99:59:59,999 --> 99:59:59,999 to have basic knowledge of coding to understand what's happening in the world, 680 99:59:59,999 --> 99:59:59,999 but maybe they just have different mission than we had in the past. 681 99:59:59,999 --> 99:59:59,999 So, very good question, I don't have a very good answer, sorry. 682 99:59:59,999 --> 99:59:59,999 [Q] Hello. 683 99:59:59,999 --> 99:59:59,999 Thank you so much for the wonderful talk, I think it's great to talk about these 684 99:59:59,999 --> 99:59:59,999 political issues and I see there's a challenge between the sort of very individual focus 685 99:59:59,999 --> 99:59:59,999 of each person being able to use their own computer as the wish which has its own values, 686 99:59:59,999 --> 99:59:59,999 but there's a different sort of value that relates to power structures in general. 687 99:59:59,999 --> 99:59:59,999 So, we're talking about not just how free is each individual person but whether 688 99:59:59,999 --> 99:59:59,999 an entity like Twitter, Google or Facebook or some these other services 689 99:59:59,999 --> 99:59:59,999 is a very powerful entity that has power over the majority of us who use their services. 690 99:59:59,999 --> 99:59:59,999 And so, I wonder if and I'd like your thoughts on thinking about it 691 99:59:59,999 --> 99:59:59,999 less as a "Is this software free?" but about "Who is in power in the community?" 692 99:59:59,999 --> 99:59:59,999 and so in a democratic sense, you could have the community that builds the tools together 693 99:59:59,999 --> 99:59:59,999 as government structures or as mechanisms for handling power that make the power 694 99:59:59,999 --> 99:59:59,999 bottom-up and more democratic and maybe that's more important than 695 99:59:59,999 --> 99:59:59,999 the technical status of each individual user. 696 99:59:59,999 --> 99:59:59,999 [Zack] So, as a concerned citizen and also as a political activist, 697 99:59:59,999 --> 99:59:59,999 I very much share your concern. 698 99:59:59,999 --> 99:59:59,999 I think we need to focus on what is in reach on us as geeks in this circle 699 99:59:59,999 --> 99:59:59,999 and have this kind of discussion in a different circle. 700 99:59:59,999 --> 99:59:59,999 So, as someone with activity in politics and as a geek, I very much try 701 99:59:59,999 --> 99:59:59,999 to actually explain to politicians and to activists the role of 702 99:59:59,999 --> 99:59:59,999 what we are doing here in very technical ways and the impact that it as 703 99:59:59,999 --> 99:59:59,999 on politics in general. 704 99:59:59,999 --> 99:59:59,999 And I think the ??? the talk later on this evening might have 705 99:59:59,999 --> 99:59:59,999 a thing or two to say about that as well. 706 99:59:59,999 --> 99:59:59,999 So from our part we need to understand it in some sense even if 707 99:59:59,999 --> 99:59:59,999 we advance a lot the status quo of user control of technology 708 99:59:59,999 --> 99:59:59,999 that we had thirty years ago. 709 99:59:59,999 --> 99:59:59,999 We have also started to lag behind many other areas. 710 99:59:59,999 --> 99:59:59,999 Something that I wanted to mention before but I fail to do so is that 711 99:59:59,999 --> 99:59:59,999 when I was doing my computing in the nineties, a lot of computations 712 99:59:59,999 --> 99:59:59,999 were mediated by clearly defined protocols. 713 99:59:59,999 --> 99:59:59,999 So we had RFCs or equivalent documents by other organisations which were like 714 99:59:59,999 --> 99:59:59,999 clearly marked paths to how to collaborate technically on the internet 715 99:59:59,999 --> 99:59:59,999 and how to make software talk together. 716 99:59:59,999 --> 99:59:59,999 In a sense, that culture of interoperability of protocols has actually started lagging 717 99:59:59,999 --> 99:59:59,999 behind a lot with respect to popular technology. 718 99:59:59,999 --> 99:59:59,999 So stuff like social networks, most of them except the good ones that free software guys 719 99:59:59,999 --> 99:59:59,999 try to build like pump.io or like diaspora, well all those technologies started up 720 99:59:59,999 --> 99:59:59,999 without any kind of interoperability in mind. 721 99:59:59,999 --> 99:59:59,999 So technically I think we need to push again on the direction of interoperability 722 99:59:59,999 --> 99:59:59,999 of protocols, and that's a technical contribution that we could do that 723 99:59:59,999 --> 99:59:59,999 will have an impact. 724 99:59:59,999 --> 99:59:59,999 You know, code is law, as Lessig was saying, and that would have a technical impact 725 99:59:59,999 --> 99:59:59,999 on the power structures you mention. 726 99:59:59,999 --> 99:59:59,999 That's my thought on this matter. 727 99:59:59,999 --> 99:59:59,999 [Q] I have an answer. 728 99:59:59,999 --> 99:59:59,999 Hello. 729 99:59:59,999 --> 99:59:59,999 I have an answer, sort of an answer to the previous question. 730 99:59:59,999 --> 99:59:59,999 This is of course the heart of the difference between free software and open source. 731 99:59:59,999 --> 99:59:59,999 The difference between free software and open source isn't nothing at all 732 99:59:59,999 --> 99:59:59,999 and it's not about licenses. 733 99:59:59,999 --> 99:59:59,999 It's about goals and aims. 734 99:59:59,999 --> 99:59:59,999 Over the past decades, many of us have chosen not to pick a fight with 735 99:59:59,999 --> 99:59:59,999 open source people just for an easy life and, you know, it's always easy to have somebody 736 99:59:59,999 --> 99:59:59,999 who might share some of your goals and to be able to collaborate with them. 737 99:59:59,999 --> 99:59:59,999 But less and less is it becoming the case that 738 99:59:59,999 --> 99:59:59,999 the goals of people who are doing open source are the same as the goals 739 99:59:59,999 --> 99:59:59,999 of people doing free software. 740 99:59:59,999 --> 99:59:59,999 You can see that very clearly in the responses from people like 741 99:59:59,999 --> 99:59:59,999 Google to things like the AGPL. 742 99:59:59,999 --> 99:59:59,999 And there are a lot of examples. 743 99:59:59,999 --> 99:59:59,999 So, one of the things that we can do to try and bring some of 744 99:59:59,999 --> 99:59:59,999 the new crop of developpers along with us is to actually make it 745 99:59:59,999 --> 99:59:59,999 a bit more of a fuss about… 746 99:59:59,999 --> 99:59:59,999 You know, let's not come ??? all Stallman about that, 747 99:59:59,999 --> 99:59:59,999 Stallman is not the best PR guy, but I think Debian can do a lot better than he can 748 99:59:59,999 --> 99:59:59,999 and we've probably got a lot more credibility. 749 99:59:59,999 --> 99:59:59,999 And individually, we have as well. 750 99:59:59,999 --> 99:59:59,999 What we need to do is we need to explain our vision to those new developpers 751 99:59:59,999 --> 99:59:59,999 who mostly are just being, you know, they see a open source marketing machine 752 99:59:59,999 --> 99:59:59,999 and we are something different. 753 99:59:59,999 --> 99:59:59,999 [Zack] Thanks. 754 99:59:59,999 --> 99:59:59,999 So there's not need to be questions and answers, so if you have comments, feel free. 755 99:59:59,999 --> 99:59:59,999 [Talkmeister] I think we're running short of time and we need to take one more question. 756 99:59:59,999 --> 99:59:59,999 So maybe one last or, Stefano, one last? 757 99:59:59,999 --> 99:59:59,999 [Talkmeister] We can. 758 99:59:59,999 --> 99:59:59,999 Ok, one last question or comment? 759 99:59:59,999 --> 99:59:59,999 [Q] Just a quick comment if I may. 760 99:59:59,999 --> 99:59:59,999 You talked about federated services and facebook and dropbox and that sort of thing. 761 99:59:59,999 --> 99:59:59,999 I think maybe the issue here is less about federated services but is about identity. 762 99:59:59,999 --> 99:59:59,999 If I have my own dropbox alike and you have your own dropbox alike, 763 99:59:59,999 --> 99:59:59,999 the problem is not that the two couldn't talk to each other, 764 99:59:59,999 --> 99:59:59,999 we have no way of negotiation of identity authentication, access kind of problem. 765 99:59:59,999 --> 99:59:59,999 I think maybe part of the answer to your question is 766 99:59:59,999 --> 99:59:59,999 "Can we come up with some way of allowing federated identity management 767 99:59:59,999 --> 99:59:59,999 for people in general and just us say". 768 99:59:59,999 --> 99:59:59,999 [Zack] I think this is very much related to what I was answering before Aaron, 769 99:59:59,999 --> 99:59:59,999 in the sense "yes we could". 770 99:59:59,999 --> 99:59:59,999 We have shown in the past that we can come up with very smart protocols 771 99:59:59,999 --> 99:59:59,999 that allow people to technically interoperate over the net. 772 99:59:59,999 --> 99:59:59,999 But we are coming to late for that. 773 99:59:59,999 --> 99:59:59,999 Those big entities which now have the power to attract a lot of users to them 774 99:59:59,999 --> 99:59:59,999 developped before those standard that we could have used to make 775 99:59:59,999 --> 99:59:59,999 smaller entities interoperate could have been put in place. 776 99:59:59,999 --> 99:59:59,999 So yes, I agree with you, there is technical work to be done but in some sense 777 99:59:59,999 --> 99:59:59,999 we are late in doing that work and the question now is only 778 99:59:59,999 --> 99:59:59,999 "How could we do the technical work that allows us to have smaller entities 779 99:59:59,999 --> 99:59:59,999 that interoperate for authentication or everything else?" and also 780 99:59:59,999 --> 99:59:59,999 "How do we migrate from the status quo to the ideal world that would be possible 781 99:59:59,999 --> 99:59:59,999 if those standards existed in the first place?". 782 99:59:59,999 --> 99:59:59,999 So in a sense I think we are a bit late and we have twice the work to be done 783 99:59:59,999 --> 99:59:59,999 before reaching the optimal and more federated situation which I think 784 99:59:59,999 --> 99:59:59,999 would solve the problem. 785 99:59:59,999 --> 99:59:59,999 So, thanks a lot. 786 99:59:59,999 --> 99:59:59,999 [applause]