In a more componetized system, a given program would be self-contained, and programs would not have such complex interdependencies.
It's really easy to demonstrate that this is a bad assumption, by carrying it to the point of absurdity: OK, let's have self-contained programs include their own kernels. And their own filesystems. We can make little self-executing islands of them and run them with a virtualization environment. Uh-oh, what do we do about hardware? Oh, we'll have the virtualization environment provide standardized virtual hardware. And we'll depend on that being exactly what we expect it to be.
Unfortunately, if you insist that every program stand alone, it doesn't work terribly well. Shared libraries go out the window and you use a lot more memory and even a lot more disk. Things start up slowly. Libraries that have compatibility tweaks for a specific platform aren't the ones used, you use your own ones and those break. And so on.
But you can get a lot of the advantages that you claim for rock-solid, manufacturer determined stable libraries by simply sticking with Debian's big repository, where everything is built together. It's only when you try to bring in something from a second repository that you have to depend on standards.
I suppose you could determine a "standard" set of libraries and not have dependencies for those, because you can assume they are already there. But Debian already does that.
DFSG #4 explicitly says that an Open Source license can require you to change the name if you modify the product.
That said, a well-designed trademark policy (like Debian's) provides a mark that they explicitly recommend that you to use if you modify the product, which does not throw their own branding out the window. The Mozilla.com people simply haven't thought that through sufficiently.
Plus, there is this thing about Trademark law. If you don't actively police it, you can lose the right to the mark.
I hear this repeated a lot. It's not true. If you allow your mark to become generic you can lose your right to it. Firefox is not at risk of this happening. Google is. You can be selective about enforcement as long as you don't allow the mark to become generic.
Debian has handled this problem, for years, by having an official-use and an un-official-use logo for their own distribution. This allows people to package the program with modifications and still use consistent branding.
It sounds like a bug. But you haven't checked if it's in a plugin or not. Surprisingly, you can still use the Firefox name and load a plugin that makes a total wreck of Firefox. That's hardly a consistent policy.
If Ubuntu put a glaring bug in the code the Firefox folks have reason to complain. Just complain, not ban use of their name entirely. They should have an official and non-official use logo policy, as Debian has. That allows people to use consistent branding on modified versions.
Dear AC,
You quoted Debian's "official use" logo policy, but I think you missed the point. Debian publishes an "unofficial use" logo which allows consistent branding to be used by modified versions. And if you don't call your product "Official Debian", you can modify it.
A lot of thought was put into that. It would be fine if there was an "Official Firefox" and "Firefox", similarly to the way Debian handles their trademark.
Of course nobody likes the name. You're not supposed to. It's Firefox turned on its head. It's supposed to be annoying to the Firefox developers, to spur them to do something about this.
I'm afraid that your point "it's not possible to fully test a package repository" is simplistic.
It's not even theoretically possible to fully test an individual program in the time you would have to do so - the complexity limit is that low. This has spurred the development of functional programming, as the only programming paradigm that has a hope of mathematical verification in a reasonable amount of time, but that has not reached the point of practicality for most development.
A package repository is a collection of programs, generally without much interaction between them except for dependencies. The fact that they are in a single repository does not increase their complication.
Indeed, multiple repositories make the problem worse because the dependencies can get out of phase. The few things that you can test with a single repository, that all of the programs install correctly without missing dependencies and collission between packages, go out the window once there are multiple repositories. Just look at all of the problems people have installing packages in Red Hat or Fedora from an unofficial repository. Those things go out of phase with every release.
The problem is that Firefox isn't even Open Source until you change the name, because they use trademark law to prohibit the distribution of modified versions. Obviously, they're going overboard, and should establish a trust relationship with the Debian packagers. This hasn't anything to do with repositories.
Unfortunately, the Firefox.com folks didn't leave Debian a choice.
The current terms under which they distribute Firefox make it not
Open Source at all as long as you call it "Firefox". The Mozilla.com folks
are using trademark law to enforce that no versions of Firefox can be
modified and still called "Firefox".
Debian can't carry the browser
in their distribution under the "Firefox" name if they are to have any ability to tune it
for their distribution or to fix bugs before the Firefox team makes
their own release.
The software will be essentially identical to
Firefox. I think we may see other distributions doing the same thing,
as it's just not tenable for ANY distribution to contain software that
it can't service.
And then hopefully we'll see the Firefox team go
back to the policy they negotiated with the Debian organization only
a year ago, before
their new.com folks took charge, which was that they would agree to
trust some people to modify the code and not make a fuss about it.
The author of the quoted piece is being absurd to say this is "Why closed-source wins". It's not about fragmenting the user base, it doesn't have much effect on the brand and won't be very visible to naive users. It's just turning an obnoxious trademark policy that is flagrantly in conflict with the purportedly Open Source nature of the product on its head.
Look up "Faraday Shield". It works, but I can think of some approaches to get through it, although I doubt that any current RFID device uses them. Testing is always a good idea. And aluminum foil is not the most attenuating material, just the cheapest and by far the most easily available one.
I guess this is something that not everybody understands yet. Of course you'd take the passport out of the case when there's a legitimate occassion to read it, like going through immigration security at some country (which I do a few times a month). The problem is that people can read it while it's in your pocket, with the right equipment, wherever you go, all the time, hundreds of times per day. And having it in a mu-metal case when you do not expect it to be read would be a good security practice. Is that more clear?
There is a time-honored tradition of making RF signals go as far as possible. It's the first thing any kid tries with a walkie-talkie: how far can it go? It's possible to make RFID devices read from farther than designed by using higher power to energize the RFID and a higher-gain antenna to read its response. Certainly it will be practical to read these things as people walk through a door frame, with the proper equipment.
I have a passport case and will be sure to line it with mu-metal (not just aluminum foil) when I get a new passport in a few years. I'm sure that similar things will be up for sale. Indeed, if there's a manufacturer out there who wants to work on this, and knows sewing better than technology, write to bruce at perens dot com.
Oh. So, we have lots of switching power supplies and tantalum capacitors (because we have to supply lots of current at low-voltage) on the MB. Thus moving work from a cheap part of the computer to an expensive part. Not sure I want more power-supply electronics on the MB than is already there.
Well, single-voltage 12V PSUs don't make much sense inside of the box. The lion's share of that power would still be down-converted. For efficiency, CPUs are heading below 3.3v, and RAM too.
Low-voltage power supplies in racks might make sense. Not in desktops, because low-voltage power takes requires more copper to distribute it, because there's more current. Copper is very expensive of late.
The black holes would only eat up Kurt Vonnegut. However, the efect would be the same as if they ate up the whole world, since it's all a figment of his imagination.
Thanks! Valerie (my wife) and Stanley (my 6-year-old son) are here in Norway with me. I am teaching about Open Source at HiA (Agder University College) in Grimstad, but the main reason for the trip is so that Stanley can live in another country for three weeks and see that the way we do things in the U.S. is not the only way. I am very, very lucky to be able to do this. It's all because I gave away my software and talked about it! Everything that I've given away has come back 10 times over.
It's lucky that I was in the right time zone and not in a meeting where I would not be able to do this or away from good net access. I don't catch stories like this every time. But you are all welcome to email me (bruce at perens dot com) if there's anything you think I should look at. Usually I'm able to write back. Once in a while I miss a message, it's OK to send a repeat to get my attention.
(But do you kinda sorta think that your new competitive venture against slashdot is why your own dirty laundry got posted here by an AC? I'm just askin'...)
I don't know. Technocrat.net is still very small potatoes next to Slashdot. Makes about $10 a day on google ads, which I pay to Zogger, the only paid editor. I doubt the Slashdot operators would mind a bit. But I do find that stuff I submit is less likely to run than links to stuff I submitted to other sites which are then submitted to Slashdot by third parties. You would think that Slashdot would like to get the news from the horses's mouth rather than some other part of the horse:-) One of the editors explained to me once that they do defensive postings, which means that they get so many people submitting the same article that they post it just to get them to shut up, but they really did not want to run that story at all. Maybe that's what happened this time. Interesting the effect that the internet has on editorial policy.
It's really easy to demonstrate that this is a bad assumption, by carrying it to the point of absurdity: OK, let's have self-contained programs include their own kernels. And their own filesystems. We can make little self-executing islands of them and run them with a virtualization environment. Uh-oh, what do we do about hardware? Oh, we'll have the virtualization environment provide standardized virtual hardware. And we'll depend on that being exactly what we expect it to be.
Unfortunately, if you insist that every program stand alone, it doesn't work terribly well. Shared libraries go out the window and you use a lot more memory and even a lot more disk. Things start up slowly. Libraries that have compatibility tweaks for a specific platform aren't the ones used, you use your own ones and those break. And so on.
But you can get a lot of the advantages that you claim for rock-solid, manufacturer determined stable libraries by simply sticking with Debian's big repository, where everything is built together. It's only when you try to bring in something from a second repository that you have to depend on standards.
I suppose you could determine a "standard" set of libraries and not have dependencies for those, because you can assume they are already there. But Debian already does that.
Bruce
What do you get if you throw that switch?
That said, a well-designed trademark policy (like Debian's) provides a mark that they explicitly recommend that you to use if you modify the product, which does not throw their own branding out the window. The Mozilla.com people simply haven't thought that through sufficiently.
Bruce
I hear this repeated a lot. It's not true. If you allow your mark to become generic you can lose your right to it. Firefox is not at risk of this happening. Google is. You can be selective about enforcement as long as you don't allow the mark to become generic.
Debian has handled this problem, for years, by having an official-use and an un-official-use logo for their own distribution. This allows people to package the program with modifications and still use consistent branding.
Bruce
If Ubuntu put a glaring bug in the code the Firefox folks have reason to complain. Just complain, not ban use of their name entirely. They should have an official and non-official use logo policy, as Debian has. That allows people to use consistent branding on modified versions.
Bruce
A lot of thought was put into that. It would be fine if there was an "Official Firefox" and "Firefox", similarly to the way Debian handles their trademark.
Bruce
Of course nobody likes the name. You're not supposed to. It's Firefox turned on its head. It's supposed to be annoying to the Firefox developers, to spur them to do something about this.
Bruce
It's not even theoretically possible to fully test an individual program in the time you would have to do so - the complexity limit is that low. This has spurred the development of functional programming, as the only programming paradigm that has a hope of mathematical verification in a reasonable amount of time, but that has not reached the point of practicality for most development.
A package repository is a collection of programs, generally without much interaction between them except for dependencies. The fact that they are in a single repository does not increase their complication.
Indeed, multiple repositories make the problem worse because the dependencies can get out of phase. The few things that you can test with a single repository, that all of the programs install correctly without missing dependencies and collission between packages, go out the window once there are multiple repositories. Just look at all of the problems people have installing packages in Red Hat or Fedora from an unofficial repository. Those things go out of phase with every release.
The problem is that Firefox isn't even Open Source until you change the name, because they use trademark law to prohibit the distribution of modified versions. Obviously, they're going overboard, and should establish a trust relationship with the Debian packagers. This hasn't anything to do with repositories.
Bruce
Debian can't carry the browser in their distribution under the "Firefox" name if they are to have any ability to tune it for their distribution or to fix bugs before the Firefox team makes their own release.
The software will be essentially identical to Firefox. I think we may see other distributions doing the same thing, as it's just not tenable for ANY distribution to contain software that it can't service.
And then hopefully we'll see the Firefox team go back to the policy they negotiated with the Debian organization only a year ago, before their new .com folks took charge, which was that they would agree to
trust some people to modify the code and not make a fuss about it.
The author of the quoted piece is being absurd to say this is "Why closed-source wins". It's not about fragmenting the user base, it doesn't have much effect on the brand and won't be very visible to naive users. It's just turning an obnoxious trademark policy that is flagrantly in conflict with the purportedly Open Source nature of the product on its head.
Bruce
I think I am going to trust the cover that I provide.
Bruce
Bruce
Thanks
Bruce
Bruce
Bruce
Bruce
Oh. So, we have lots of switching power supplies and tantalum capacitors (because we have to supply lots of current at low-voltage) on the MB. Thus moving work from a cheap part of the computer to an expensive part. Not sure I want more power-supply electronics on the MB than is already there.
Well, single-voltage 12V PSUs don't make much sense inside of the box. The lion's share of that power would still be down-converted. For efficiency, CPUs are heading below 3.3v, and RAM too.
Bruce
The black holes would only eat up Kurt Vonnegut. However, the efect would be the same as if they ate up the whole world, since it's all a figment of his imagination.
Thanks
Bruce
Bruce
Bruce
Thanks
Bruce
Bruce
I don't know. Technocrat.net is still very small potatoes next to Slashdot. Makes about $10 a day on google ads, which I pay to Zogger, the only paid editor. I doubt the Slashdot operators would mind a bit. But I do find that stuff I submit is less likely to run than links to stuff I submitted to other sites which are then submitted to Slashdot by third parties. You would think that Slashdot would like to get the news from the horses's mouth rather than some other part of the horse :-) One of the editors explained to me once that they do defensive postings, which means that they get so many people submitting the same article that they post it just to get them to shut up, but they really did not want to run that story at all. Maybe that's what happened this time. Interesting the effect that the internet has on editorial policy.
Bruce