1. 78
    My Talk at Microsoft philosophy stallman.org
  1.  

  2. 58

    That page describes some hostile things that Microsoft famously did. We should not forget them, but we should not maintain a burning grudge over actions that ended years ago. We should judge Microsoft in the future by what it does then.

    an extremely reasonable view I wish more old timers would take.

    1. 24

      We should remember that Microsoft, and all companies, operate based off of ever-changing self interests. One ‘good’ company today could be a ‘bad’ company tomorrow, and vice versa (and vice versa again and again ad nauseam).

      1. -3

        “old timers”?

        I know plenty of “old timers” that love Microsoft, and plenty of Millennials that hate Microsoft.

        Color me really disappointed that this community would upvote something so offensive, derogatory, and ageist.

        1. 2

          I interpreted the phrase as meaning, people who have been in the community for a long time, regardless of their physical age. I obviously don’t know where you’re from so I apologize if I’m making bad assumptions, but I’m guessing this might be a cultural thing (for reference, I live in the US).

      2. 10

        The list of suggestions is simultaneously a list of all the ways Microsoft can begin or continue screwing over customers. This list can be used either way.

        1. 6

          I resisted Steve Jobs’s snow job in 1989 or 1990

          Does anyone know what he is referring to here? Or what a “snow job” is?

          1. 16

            “Snow job” is an older term that simply means saying a whole bunch of stuff to try and persuade people to believe a lie. The image is of a constant barrage of arguements that eventually overwhelms the truth and buries it from view. Think big snowfall that will take a lot of work to dig the truth back out.

            1. 3

              Similar to a “gish gallop”: https://en.wikipedia.org/wiki/Gish_gallop

              1. 3

                Not too similar, one is an argumentative style to beat down the opposition, the other is a persuasive technique for an arbitrary audience.

                Also the gish gallop has political ties and speaks to the speaker belonging to an in crowd. Snow job is neutral.

            2. 3

              UD defines it either as

              An effort to deceive, overwhelm, or persuade with insincere talk, especially flattery.

              I think it’s that term, rather than the one offered below it (NSFW).

              1. 1

                Ok, wierd term. But do you know what happened between him and Jobs that could be described that way? I always thought that Apple was more or less parallel to Free Software (with the exception of adopting some terminal tools).

                1. 17

                  Might have to do with Jobs asking Stallman to distribute GCC as two programs, so that NeXT doesn’t have to release the source code to the Objective-C frontend for GCC that they wrote[1].

                  1. 3

                    Just a guess but perhaps he’s referring the the controversy around the original APSL or Eric Raymond’s participation in that announcement? Perhaps he had also been approached by Jobs?

                    I can’t find a video clip of the event and my memory is hazy (this is ~19 years ago at this point) but I remember Raymond being onstage at an early OS X event to announce that the (at the time) new APSL licence and state that it met the OSD definition. Raymond makes a reference to it in this comment, which elaborates on this line from the article it comments on:

                    I met Steve Jobs once in 1999 when I was the president of the Open Source Initiative, and got caught up in one of his manipulations in a way that caused a brief controversy but (thankfully) did the organization no lasting harm.

                    1. 1

                      I have no idea.

                  2. 11

                    Help keep computers unlocked (no “secure boot” that restricts what systems we can run). Truly secure boot means YOU specify what system is allowed to run in your computer.

                    The problem I have with this is the lack of recognition that Secure Boot is implemented for very real reasons that don’t just disappear because there are also downsides to it. I wish people like rms would work harder to find a solution that addresses all concerns – which is probably not very hard technically, and mostly an UI issue – rather than just crossing their arms and saying “no”.

                    1. 13

                      I think he’s spoken about this before. Disabling secure boot means letting you run your own software with no integrity checking. Letting users configure signing keys that the device will trust means letting you run your own software with integrity checking. In theory you could configure a machine to only load a bootloader that has been signed with your personal key, but for that manufacturers need to let the firmware be able to configure the keys, and to ensure that any booted operating system cannot alter that firmware. This doesn’t seem technically challenging, it’s more a question of business interests.

                      1. 1

                        so the idea there would be to raise the cost of stealing passwords and other information, by an attacker with physical access to your computer?

                        1. 5

                          The idea of an integrity checked boot sequence is to make it harder for malware to do things that would effectively rootkit your system. In theory a full integrity check means the firmware verifies the bootloader, the bootloader verifies the kernel, the kernel verifies drivers, potentially the whole way to verifying that usermode programs are the ones that the owner of the system intended to run. This makes it harder for sophisticated viruses to attach to such a system (unless the private signing keys were present on it.)

                          When protecting data on a computer against an attacker with physical access, secure encryption of data at rest is more important, but that’s (somewhat) unrelated to integrity checking.

                          1. 2

                            This makes it harder for sophisticated viruses to attach to such a system (unless the private signing keys were present on it.)

                            This is far from obvious to me. Isn’t it possible that the complexity introduced in this verification process opens doors for new bugs?

                            1. 3

                              I don’t buy that complexity argument. HTTPS is more complicated than HTTP. TLS implementations have a long and well-known history of bugs and vulnerabilities. But does that make plain unauthenticated HTTP better? No.

                              1. 0

                                HTTP’s insecurities are not the result of bugs, they are a consequence of the protocol. That gives reason for a new protocol with different security properties.

                                In contrast, the insecurities in an OS are the result of bugs. If the OS were implemented correctly, the secure boot chain would be of no use (as far as I understand it). So there is a question of whether time should be spent fixing bugs in the OS, or adding complexity to mitigate the consequences of said bugs, while potentially introducing new ones.

                                If HTTP were just as secure as HTTPS when correctly implemented, the usefulness of HTTPS would be similarly called into question.

                                1. 5

                                  If the OS were implemented correctly, the secure boot chain would be of no use

                                  Wrong. If a user opens an email, runs virus.exe, and allows administrator access, that virus can simply install itself as a boot loader on that machine. The computer did exactly what the user asked, but objectively the wrong thing. A correct consumer OS needs a secure boot chain.

                                  If there were ZERO bugs, a secure boot chain could simply be read-only system files, à la Apple’s System Integrity Protection. But that’s absolute nonsense, every OS has bugs. Which is why Apple also uses code signing and SecureBoot.

                                  there is a question of whether time should be spent fixing bugs in the OS, or adding complexity to mitigate the consequences of said bugs

                                  No, there isn’t a question. Literally everyone agrees on implementing layered security. Wide-sweeping safety nets that protect from whole classes of bugs are obviously more efficient than fixing every single OS bug in existence.

                                  And everyone agrees code signing in particular is a massive security win. But code signing doesn’t work without a secure boot chain, as I’ve just explained above.

                                  1. 0

                                    Wrong. If a user opens an email, runs virus.exe, and allows administrator access, that virus can simply install itself as a boot loader on that machine. The computer did exactly what the user asked, but objectively the wrong thing. A correct consumer OS needs a secure boot chain.

                                    If there were ZERO bugs, a secure boot chain could simply be read-only system files, à la Apple’s System Integrity Protection.

                                    But SIP is not a secure boot chain, it’s a security feature implemented in the kernel. So a secure boot chain actually would be of no use if the OS were implemented correctly, contrary to the beginning of your comment. I think my point stands that HTTPS is not a good analogy for this reason.

                                    But that’s absolute nonsense, every OS has bugs. Which is why Apple also uses code signing and SecureBoot.

                                    there is a question of whether time should be spent fixing bugs in the OS, or adding complexity to mitigate the consequences of said bugs

                                    No, there isn’t a question. Literally everyone agrees on implementing layered security. Wide-sweeping safety nets that protect from whole classes of bugs are obviously more efficient than fixing every single OS bug in existence.

                                    The UNIX permission model is one such layer. Apple’s SIP is another. Obviously at least some security layers/safety nets are worthwhile, but that doesn’t mean all are.

                                    And everyone agrees code signing in particular is a massive security win. But code signing doesn’t work without a secure boot chain, as I’ve just explained above.

                                    If you did explain it then I didn’t understand it. Wouldn’t code signing fix the issue with a user running virus.exe as root? Or for that matter, redesigning the UI to prevent user error. I don’t see why a secure boot chain would be necessary. What am I missing?

                                    1. 2

                                      Wouldn’t code signing fix the issue with a user running virus.exe as root?

                                      No. An authorized developer could still sign and publish malicious code. App stores try to regulate the apps they allow developers to publish, but they aren’t perfect. Apple does a pretty good job. Google does a terrible job, the play store is full of malware.

                                      So a signed app from an authorized developer wants to install a root kit as a driver. If the kernel only loads drivers signed by the kernel vendor, it should be safe right? Except without SecureBoot or similar, the malicious app can overwrite the boot loader and circumvent all code signature verification at every level.

                                      It can then download malicious unsigned code and do whatever it wants.

                                      Without a secure boot chain, the code signing system is massively weakened.

                                      redesigning the UI to prevent user error

                                      Fix all OS bugs, and now fix all user error. You really don’t ask for much do ya? 😜

                                      1. 0

                                        I think you’re falling into a false dichotomy between the current state of software and one particular approach to addressing certain security problems. Secure boot is based on a code signing scheme, and there’s no reason conventional code signing couldn’t be subject to the same vetting process as the secure boot chain. Likewise there’s no reason running a program in a mode which lets it overwrite the boot loader needs to be as easy as clicking a button.

                                        So a signed app from an authorized developer wants to install a root kit as a driver. If the kernel only loads drivers signed by the kernel vendor, it should be safe right? Except without SecureBoot or similar, the malicious app can overwrite the boot loader and circumvent all code signature verification at every level.

                                        This scenario already has a much more obvious solution: don’t run foreign apps in order to install drivers. Have a standardized format for drivers, and use a program already on your system to do the installation. That’s how all Linux package managers work.

                                        But even if there is a reason for an ill-informed user to run a program in a privileged mode, the bootloader could be protected by conventional kernel-based security, the same way system files are protected from unprivileged processes.

                                        Fix all OS bugs, and now fix all user error. You really don’t ask for much do ya? 😜

                                        Secure boot chains are also susceptible to bugs and user error: what’s to prevent a user from changing the keys in their firmware to allow the running of a malicious boot loader?

                                        1. 2

                                          there’s no reason conventional code signing couldn’t be subject to the same vetting process as the secure boot chain

                                          Without a secure boot chain, the post-boot code signature verification process can be subverted. Vet all you want, guard your private keys in Fort Knox, that won’t save you when malicious code disables your signature verification pre-boot.

                                          To be honest, I don’t understand what you’re getting at here. Conventional code signing is subject to the same vetting process. Drivers are signed by the OS vendor. Apps are signed by app publishers, who are in turn signed by the app store CA. But without SecureBoot or similar, the kernel goes unsigned and unverified. All those carefully vetted certificates mean nothing when the code doing the verification is itself unverified!

                                          don’t run foreign apps in order to install drivers

                                          In my scenario, the malicious app wants to install a driver as a root kit. Your proposed solution requires using a specialized program to install drivers, completely reasonable. But it also requires every user to have perfect knowledge of when apps have been hijacked, to avoid running and authorizing apps that have had malicious code side-loaded and signed.

                                          That’s how all Linux package managers work.

                                          On standard desktop Linux, root access allows you to install arbitrary kmods from outside the package manager. If kmod signature verification is enabled, you’re safe from that attack. Unless you don’t have SecureBoot, and the attacker simply installs a kernel build with kmod verification disabled. Or even simpler, public keys.

                                          On Linux, root access is a lot harder to come by than Windows. But not that hard. One malicious / hijacked AUR package and loads of Arch users could have unauthorized kmods on their system. “DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk.” – aur.archlinux.org

                                          the bootloader could be protected by conventional kernel-based security

                                          This is one thing SIP does. It helps secure the boot chain. That’s valuable. But again, layered security is important. There may be vulnerabilities that allow circumventing SIP. It’s a mitigation, not an absolutely bulletproof solution devoid of any current or future flaws.

                                          Secure boot chains are also susceptible to bugs and user error

                                          Which is why OS vendors continue to develop and employ more mitigations. Layered security.

                                          what’s to prevent a user from changing the keys in their firmware to allow the running of a malicious boot loader?

                                          Nothing. What’s to stop a user from disabling SIP? Nothing. What’s to stop a user from installing their own kernel with all mitigations like ASLR and W^X disabled? Nothing. What’s preventing a user from mailing their laptop, password, and $5000 to a Nigerian prince? Nothing. Maybe customs I guess.

                                          You can’t stop a user from deliberately sabotaging themselves. But you can mitigate unintentional issues. Verifying signatures on system code, from the bottom up, absolutely helps.

                                          Responding to your earlier comment:

                                          I think my point stands that HTTPS is not a good analogy for this reason.

                                          HTTPS, or rather TLS, is the perfect analogy. I’m not talking about the encryption aspect of TLS at all, I’m talking about authorization. The signatures on TLS certificates. TLS authorization falls apart without root certificates any clown can make. SecureBoot is the code signing analog to TLS root certificates.

                                          There’s also a clear TLS analog to abandoning SecureBoot and fixing OS bugs instead. Why not abandon the root certificates, use TLS encryption without authentication, and spend more time securing the network? “The bootloader could be protected by conventional kernel-based security” and your HTTPS traffic could be protected by conventional link layer security. Routers and switches rejecting unverified network topology changes, internet backbones rejecting anomalous network subtrees, and so on and so forth.

                                          Internet providers obviously try to secure their networks. But no one seriously believes TLS certificates have minimal value. We traverse many networks of varying security daily. And in the same vein, we run millions and millions of lines of code written by many people of varying levels of competence and security-consciousness.

                                          We live in a world with javascript, where it’s completely normal to fetch and instantly evaluate code from a dozen web servers. We live in a world with app stores, where it’s completely normal to download dozens of miscellaneous apps from god knows who, and give them whatever permissions they ask for. Browser sandboxes are imperfect. App sandboxes are imperfect. Operating systems are imperfect. So I for one am thrilled that my iPhone has SecureBoot.

                                          You said it was “far from obvious to [you]” that “[SecureBoot] makes it harder for sophisticated viruses to attach to such a system.” I think I’ve thoroughly explained why SecureBoot works as a mitigation. It’s not perfect. It’s disproportionally annoying for Linux users who need to turn it off, but have hardware with frustrating preboot configuration. It encourages centralization, since there aren’t many firmware CA providers, although shim mitigates this now. It could have been executed differently, but the core concept still has value.

                                          1. 0

                                            Thanks, I think that gives a good picture of the reasons you have for liking secure boot compared to the status quo. But I think it requires more subtlety to say whether it’s a good solution compared to alternative proposals.

                                            Rather than unpack every tangent, perhaps we can refocus on what I see as the defining feature of secure boot: performing the root of verification in firmware which is isolated from the rest of the OS by the properties of the hardware. This means secure boot requires specialized hardware components, which makes it possible to prevent the user from replacing a malicious OS with a more benign OS.

                                            The alternative I’ve been hinting at is to implement restrictions on writing to the boot loader or kernel in the kernel itself, so that specialized hardware components are unnecessary. You’re right that operating systems are big and complex, but the parts of the kernel that implement this security can be relatively simple.

                                            You’re implying that implementing this security in firmware using specialized hardware is less prone to vulnerabilities than the same security properties being implemented in the kernel. I certainly don’t know enough to deny this, but I’m not sure you’ve considered the full scope of this question.

                                            I can see why one might defer to “experts” and assume that if the industry is doing this it must be a good idea. But there are ulterior motives at play. Perhaps Apple chose secure boot not for its security properties, but because it frees them from competition with free operating systems. Have you considered that perhaps iOS would be less user-hostile if it had to compete with alternatives on the same hardware? Perhaps Apple’s decision to use secure boot is actually a net negative for you.

                                            1. 1

                                              You say “secure boot compared to the status quo,” but SecureBoot is the status quo. PCs and Macs come with SecureBoot. Ubuntu and Red Hat both ship signed kernels, i.e. they install and run just fine with SecureBoot enabled.

                                              As for alternatives, I’m not sure iOS actually uses SecureBoot. They have some kind of boot loader / kernel signing, but I don’t know details. I don’t think Android does either, though Android does have something called Verified Boot.

                                              I think kernel restrictions are important and valuable. But I don’t consider that an alternative. We should have both.

                                              And I absolutely believe it’s easier to check some signatures at boot time than write a kernel guaranteed to never allow any action that could compromise its integrity, even in the face of 0days. I certainly do know enough to make this claim, and I’ve considered the scope of the question. Scope is exactly the problem: kernels are big sprawling things with loads of bizarre legacy interfaces for backwards compatibility.

                                              I have written about kernel tomfoolery on lobste.rs before, and when this mixes with device-specific behaviors, the surface area for attack becomes truly enormous. I truly believe it’s impossible to 100% secure a kernel in the way you describe without a full blown paradigm shift in structuring kernel code.

                                              Perhaps Apple chose secure boot not for its security properties, but because it frees them from competition with free operating systems.

                                              No. Apple doesn’t need SecureBoot for that, having closed hardware interface is more than enough. Stallman addresses this in the original post: “Publish the hardware interface of products such as Hololens so we can run them without any nonfree software. Even if our software is years behind, that will be better than not being able to use these devices at all.” I have no interest in a device that’s years behind, even if it’s running 100% free code.

                                              I’m not sure about iOS, but MacOS supports disabling SecureBoot, and Apple publishes official instructions to do so. There’s no problem running free operating systems on Apple computers. Linus Torvalds famously ran Fedora on a MacBook Air a few years ago.

                                              1. 1

                                                No. Apple doesn’t need SecureBoot for that, having closed hardware interface is more than enough.

                                                Good point, considering that iPhones were more restricted than Android or computers since before SecureBoot existed. Do you know what exactly makes the hardware interfaced so closed down? Is it just that the flash memory doesn’t conform to a standard interface such as SATA, making it harder to flash your own boot loader?

                                                1. 1

                                                  It’s everything really. Apple goes full custom: they make their own ARM CPUs and GPUs, but publish no spec sheets. Apple added new SIMD custom instructions to the iPhone 11, and as far as I know they are undocumented and non-standard.

                                                  Same goes for the coprocessors and peripherals. I doubt there’s any hardware interface documentation for the T2 secure enclave, FaceID, or TouchID. The new multi-camera switching on the iPhone X and iPhone 11 probably relies on custom undocumented hardware, but I wouldn’t know for sure. That’s what I’ve got off the top of my head, but I’m sure there’s plenty more.

                                                  Android phones have many parts manufactured by different companies, which means they have spec sheets and interface documents. Apple just builds for Apple, they don’t sell any of their custom hardware. Anecdotally, Apple core OS engineers sort out confusion with hardware interfaces by walking next door to ask the folks who designed it.

                                                  Then there’s the general problem that the ARM platform doesn’t have a standardized way of laying out and discovering hardware like x86 has BIOS / UEFI. So you kinda just have to know what things are ahead of time. As of now, Linux on ARM supports different devices on a board-by-board basis, by having a registry of what boards have what. That’s why ARM devices not explicitly supported by Linux are often crippled, whereas you can build an x86 machine from whatever parts you feel like and it will work.

                                                  1. 2

                                                    Mobile cpu performance wise, apple are 2-3 years ahead of every other arm manufacturer. I can’t help but imagine the difference is in part because the designers have open lines of communication to one another.

                                                    1. 1

                                                      Cool, thanks for the info. This has been illuminating.

                        2. 4

                          The problem I have with this is the lack of recognition that Secure Boot is implemented for very real reasons that don’t just disappear because there are also downsides to it.

                          Who owns the computer?

                          Google argues they do, and that’s why they need Secure Boot. You’ve only purchased a license of temporary permission to use the computer and when you need to trust all your data with Google, you’re forfeiting all fourth- and fifth-amendment rights, since Google (not being the Government) is free to pass your data to them (or anyone else) whenever they like. Google unabashedly maintains you must forfeit these rights in order to protect Google’s copyright.

                          There are real reasons for allowing the Owner to protect against subversion from the User, but it is an entirely different thing to bury this technical discussion inside the constitutional one.

                          1. 1

                            for very real reasons

                            Eh, aren’t boot sector viruses virtually extinct? I was never convinced that Secure Boot was actually guarding against a clear threat.

                            1. 7

                              Rootkits are a very real threat. Remember that a proper secure boot implementation checks that the entire chain of trust of booting isn’t compromised - this includes bootloader, kernel, and drivers.

                              1. 1

                                Hmmmmmmm…. o.Ô I guess?

                                Btw, you’re off Masto now?

                                1. 1

                                  Instance died for Reasons. I’m elsewhere on it.

                          2. 5

                            Those suggestions are kind of vague, but based on my understanding, I doubt most of them ever be considered. The only two I could see happening are:

                            • Release the source code of Windows under the GNU GPL. (Assuming we’re talking about the kernel only).
                            • Publicly take back Microsoft’s attacks on copyleft made in the 2000s. Ballmer called the GPL a “cancer”. Allchin called it “un-American”. (Microsoft seems a lot more pro GPL now)
                            1. -1

                              I’m incredibly disappointing to see Stallman’s website linked here with no additional critical context exactly a week after we got an update on his atrocious behavior in MIT.

                              After 30 years of Stallman being treated as the expert in software freedom while making every space he entered a hostile and unsafe space for women, it’s long past time we stopped posting uncritical links to his political thoughts.

                              It’d be incredibly disingenuous to say that his decades of misogyny and coercion don’t invalidate his political viewpoints when it’s exactly this cavalier attitude that causes some vague idea of freedom (always defined as a lack of restrictions rather than a commitment to being proactively good to those around us) to underpin his entire political ideology.

                              1. 44

                                There is a reason that ad hominem arguments are referred to as fallacious. “Bad” people can have good ideas. “Good” people can have bad ideas. Intellectual progress is dependent on the assessment of ideas based on their merit.

                                1. 1
                                  • where have we progressed after reading an article that’s rehashing standard Stallman talking points?
                                    the guy has not learned anything new in the last 30 years, is not capable of listening to people, and is not capable of changing his behaviour even when multiple people suggest so; is this really the paragon of the intellectual progress we should somehow ennoble?
                                  • how does ignoring the abusive side of Stallman’s help promote intellectual progress?
                                  • how does ignoring the abusive side of Stallman’s help progressing the cause of free software?
                                  1. 7
                                    • where have we progressed after reading an article that’s rehashing standard Stallman talking points?

                                    I didn’t propose that we would learn anything, just that dismissing the content based on the author, rather than on the content itself, is a Bad Idea.

                                    • how does ignoring the abusive side of Stallman’s help promote intellectual progress?
                                    • how does ignoring the abusive side of Stallman’s help progressing the cause of free software?

                                    Lets look at this another way. I propose two, I think uncontroversial, facts:

                                    1. Stallman has been behaving similarly for his entire career
                                    2. Stallman spearheaded the free software movement and is personally responsible for a huge amount of its success

                                    The lens you are applying would appear to treat these as mutually exclusive. I think history shows that person can simultaneously make a significant intellectual contribution while falling short morally.

                                    1. 7
                                      1. There are assuredly people who don’t know anything about Stallman other than the recent controversy. This article would give them some insight into what it is he talks about and fights for in the field of technology/software.
                                      2. You are factually incorrect when you say “the guy has not learned anything new in the last 30 years, is not capable of listening to people,” See here
                                      3. Every person who has ever existed in any form has had an “abusive side” and it doesn’t nullify their good ideas or actions.
                                      1. 0

                                        Are you always this intellectually dishonest? This is probably the most disingenuous reply I received to any of my comments.

                                        There are assuredly people who don’t know anything about Stallman other than the recent controversy. This article would give them some insight into what it is he talks about and fights for in the field of technology/software.

                                        On this very site? If you believe so, I have a nice bridge in Dublin to sell cheaply.

                                        You are factually incorrect when you say “the guy has not learned anything new in the last 30 years, is not capable of listening to people,” See here

                                        Are you sure you want to use “after a decade of assuming that sexual relationships with children might be consensual Stallman issues clarification of his position” as an example of his ability to learn.

                                        What else did he learn? Which new programming language? What new scientific paradigm? How about social sciences? Did he change his behaviour at all? (Had he stopped asking partners of his actual hostesses if they’re available “to be shared”? Did he start to talk to women who host him and not to the men who accompany them?) Had he changed any of his other positions?

                                        Every person who has ever existed in any form has had an “abusive side” and it doesn’t nullify their good ideas or actions.

                                        Non sequitur. Most men (one hopes) manage to go through their life without being actively avoided by most women who don’t need to contact them professionally.

                                  2. 50

                                    I believe that your reply is off-topic, because the submission itself is about how Microsoft can do better for free software. All of the points in it are worth discussing, but at no point does there seem to me to be an obvious segue into further pillorying of Stallman.

                                    Further, I think your reply is just plain incorrect in at least one important way:

                                    It’d be incredibly disingenuous to say that his decades of misogyny and coercion don’t invalidate his political viewpoints when it’s exactly this cavalier attitude that causes some vague idea of freedom (always defined as a lack of restrictions rather than a commitment to being proactively good to those around us) to underpin his entire political ideology.

                                    “Vague idea of freedom”? The GPL is a long, rambling document specifically because it has a rather specific definition of freedom. Stallman has written at great length about what defines software freedom. He has given numerous numerous talks on the matter. Please check your facts.

                                    1. 62

                                      I think people were well aware of the story you linked.

                                      What more do you want exactly? A little black spot on every opinion he has so people know to disagree with it without thinking about the content?

                                      To me the list of suggestions for Microsoft was pretty interesting, regardless of the author.

                                      1. 1

                                        well, a little silence might be a perfectly reasonable idea, and perhaps attempts at rehabilitate Stallman and bring him back as the saint patron of everything that’s proper should wait, I don’t know, at least the customary year, after which the abusive person returns into limelight like the member of the old boys network they are?

                                        1. 14

                                          wait until at least the customary year

                                          Care to define your terms instead of arguing in bad faith? What customary year?

                                          1. -1

                                            sarcasm; if you look at the high profile men outed as abusers thanks to the metoo movement, none of them was out of limelight for longer than a year.

                                            1. 36

                                              You are going to have to define “abuser” better before you lump Stallman with them, I’m not aware he coerced anyone, raped anyone, or black mailed anyone like the people “me too” exposed. The worst I saw is he asked people on dates and got rejected many many times, to the point of making people uncomfortable, from the quote I saw, after he was rejected he never spoke to the person again.

                                              Maybe he did morally worse things, but I wasn’t there, and haven’t seen evidence for that.

                                              I don’t know the law well enough, but I wouldn’t be surprised if some of what has been published about him is defamation. We will see I suppose.

                                      2. 20

                                        I take issue with your last paragraph, because it smears Stallmann’s political ideology as ‘caused by his misogyny and coercive behavior’. That is unsupported, as evidenced by the fact that someone could write the same of the entirely different neo reactionary political ideology and it would seem to make the same kind of sense. It’s just the old ‘guilt by association’.

                                        What we’ve seen in the past week is that Stallmann was wrong and bad in the eyes of many, but that people subsequently feel the need to paint everything about him and everything he touched as wrong and bad. Several of his views and words have been very badly misrepresented, with those bad representations being parroted without being checked for accuracy. For instance, calling him a pedophile or apologist for child pornography is completely unsupported by the evidence.

                                        Stallmann is a flawed human being. He is not evil incarnate and there is no need to paint him as such. He has been treated unfairly, when a fair treatment would already have been harsh enough.

                                        Please note that I nevertheless agree that he his behavior towards women is unacceptable and that he has unfairly discriminated against them (which is different from misogyny in my dictionary), that his defense of Minsky was inappropriate and that his ousting is appropriate.

                                        1. 29

                                          I’m incredibly disappointing to see Stallman’s website linked here with no additional critical context

                                          This seems to be in-line within the Lobste.rs submission guidelines to me:

                                          When submitting a URL, the text field is optional and should only be used when additional context or explanation of the URL is needed. Commentary or opinion should be reserved for a comment, so that it can be voted on separately from the story.

                                          Adding commentary about the MIT scandal would seem to not be related to the content at this URL, so it would need to have been added in a separate comment. It wasn’t (at least not by the submitter) but I think we should assume good-faith that the submitter either was unaware of the issue (not everyone follows these things) or simply didn’t think or want to add a comment about it.

                                          1. -6

                                            the text field is optional and should only be used when additional context or explanation of the URL is needed

                                            sounds like a perfect place to provide additional context, doesn’t it?

                                            1. 6

                                              I believe the way that’s meant to be read is more like

                                              the text field is optional and should only be used when additional context […] of the [content at the] URL is needed

                                              than

                                              the text field is optional and should only be used when additional context, or explanation of the URL, is needed

                                              though I concede that I may be reading it wrong. Nonetheless, I don’t think it’s reasonable to expect everyone who submits a blog post by someone to research and provide context on any controversies the author might also be embroiled in. Not everyone follows this stuff, and not everyone cares (I don’t want to debate whether people should care).

                                          2. 24

                                            It’s worrying to see 10 people flinging upvotes at this. Not only do comments like this make the site worse for everyone, but it’s off-topic too.

                                            This one reason HN hid vote scores. People see 10 and want to push it to 11. Maybe it’s time.

                                            I hesitated to write this lest it be read as tone deaf. But this community has 10k members. Lobsters isn’t large enough to solve misogyny in tech. Women aren’t being pushed out of compsci just because one of Stallman’s articles about Microsoft reached the front page. He’s a public figure, he’s a human, and he was till recently the figurehead of open source. This article is about open source philosophy.

                                            1. 21

                                              he was till recently the figurehead of open source. This article is about open source philosophy.

                                              ahem

                                              1. 12

                                                Women aren’t being pushed out of compsci just because one of Stallman’s articles about Microsoft reached the front page.

                                                Yes, they very much are. Not because of this one instance, of course, but because of this sort of thing happening over and over again. It’s a symptom of the general culture in tech where the majority doesn’t stop to think about the implications of giving platform to people with documented crappy behavior towards women. Or they do and dismiss the concerns anyway. Sharing this article here now, of all times, is bad taste at best.

                                                1. 7

                                                  Who gave the platform to Stallman, though? Has he not earned it by being a software pioneer and FSF founder? I don’t know who the “they” is here that you are implying exists. Are you saying that an expert in technology should not be listened to when he speaks about technology? Instead we should find someone who is some sort of Christ-like figure without any perceived sins?

                                                  What is your solution here?

                                                2. 7

                                                  How would you prefer people express discomfort with the way the lobsters community is handling this topic? Those who’d like to downplay/ignore are free to flag posts discussing the subject off topic or merging the articles away. But if I notice the apparent imbalance, should I flag this article off topic instead? It’s clearly not technically off topic. Is there some other flag to express that I find it inappropriate for this article to be discussed uncritically at this point? I don’t think so. In that light, commenting on this submission seems to be a valid choice.

                                                  Edited to add: I’m one of the people upvoting that comment. I think it’s not off topic, but I take particular issue with your assertion that it makes the site worse for everyone. Instead I’d claim that your comment makes the site worse for more people than the parent.

                                                  1. 4

                                                    How would you prefer people express discomfort with the way the lobsters community is handling this topic?

                                                    The topic has nothing to do with the article posted. The post is about his speaking engagements at Microsoft and discuss any perceived “sway” folks may feel from Stallman speaking there. We already had a thread discussing the whole controversy around Stallman. Do you want that conversation to extend to every article that mentions Stallman? What purpose does that serve? This community is focused on technology, not moral judgments.

                                                    If you only want to read technical articles from people who have nothing controversial about them, you’re going to have nothing to read.

                                                  2. 12

                                                    Women aren’t being pushed out of compsci just because one of Stallman’s articles about Microsoft reached the front page.

                                                    Women, like me, are here, and every comment like this makes me doubt that we can be better than HN, a site I avoid specifically because of its toxic misogyny. It’s bizarre to see you suggest that misogyny isn’t worth addressing because of the size of this community.

                                                    1. 6

                                                      That comment probably wouldn’t have come up if discussion here had stuck to Microsoft and software freedom. I don’t really know what to tell you.

                                                      1. 4

                                                        If the discussion had stuck to the article content—if no one had pointed out the insensitivity of posting an RMS article at this moment—then that would have also been a signal that Lobsters users don’t care about women. The comment that @rebecca was replying to was not the problem.

                                                  3. 8

                                                    I can’t say I’m fully on board with reevaluating all of his output, but I have to agree with the disappointment in seeing this article ride the lobsters frontpage for days, shortly after the stories on his behaviour were hidden in the basement.

                                                    (And no, I’m not interested in some technical arguments in how the rules of this site mean that this article should be on the front page and upvoted, while the others were duplicate/off-topic/… hence shouldn’t, anymore than RMS’ thoughts on whether that was technically rape. The effect is that someone reading lobsters casually will feel that the lobsters community is strongly siding with RMS. I don’t feel comfortable being part of that.)

                                                    1. 3

                                                      How interested are we in communicating with people who would assume we side with RMS as a first order reaction to an article of his being upvoted at this time?

                                                      A second order interpretation of the article being here: “we worry about the intensity of the backlash against RMS, which regularly washes over the open source in general. This article is countersignalling that this community thinks his words and ideology remain worthwhile. We don’t need more diatribes against RMS: we need a small counterforce.”

                                                      Are the reasons for posting and upvoting this first order, second order, third order, ….? Should you not upvote this, because of your reasoning? Should you upvote this, because of the (hypothesized) OP’s reasoning? Should you not upvote this, because you think it’s obvious we would still care and want to prevent responses like yours? Should you upvote this to double down on the second order reasoning to make you think twice so you wouldn’t feel the need to post your worry? Should we follow the mainstream to not seem too different? Is this an good opportunity to signal difference? Or does that rock the boat counterproductively? Is it too soon to post this now or is it needed especially now?

                                                      How deep does the rabbithole of reasoning go for most of us and those we wish to attract?

                                                      I choose to believe the article was posted for reasonable reasons. I personally feel it’s unnecessary and ‘too soon’, but I think we should understand others feel otherwise.

                                                    2. 5

                                                      Given reports of recent events, and past events, I agree that the mere mention of RMS’s name at this time is distasteful.

                                                      However, that isn’t what you said, so…

                                                      I am at a loss as to a connection between software freedom and misogyny. There is no relation between those things that I can see.

                                                      Far from being “cavalier”, RMS’s writing and behavior regarding Free Software has seemed, if anything, too well thought out, consistent, and unyielding in character, to the point sometimes of being ineffective. He’s always been very clear that making free software is a proactive good that software developers can and should (well, I guess he’d say “must”) do for everyone.

                                                      If the political ideas behind free software (sorry, Free Software) are invalidated by RMS’s behavior, that would imply that everyone should relicense their GPL software. I don’t follow the argument there.

                                                      I am open to education on this so I’d appreciate it if you could elucidate your thoughts further.

                                                      1. 3

                                                        I think it’s reasonable to hold Stallman’s actions to the standard he’s holding to Microsoft’s, here.

                                                        Another thing I’ve said for years, about various companies, is that when a company does several different things, it is best to judge each thing on its own, provided they are separable. Actions that benefit freedom are good, and we should say so, while being careful not to let a small good distract us from a large evil.

                                                        1. -2

                                                          I totally agree with you, thank you for your outcall!

                                                          I’m incredible disappointed to see lobsters again giving Stallman a stage, there are probably much more other Free Software advocates and there is no point to keep supporting Stallman anymore - even if you agree with his views on proprietary companies.

                                                          60/20 (hid) ratio is rather high for lobsters, we are not alone here with our opinion - it is just that few have the amusement of having this discussion at all here.

                                                          Lobsters is slowly becoming overrun by technology conservatives.

                                                          1. 1

                                                            +7, -1 me-too, -1 off-topic, -6 troll

                                                            +7 please unite!

                                                        2. -3

                                                          So long Richard, and thanks for all the code.

                                                          1. 12

                                                            He’s not dead, you know…

                                                            1. [Comment removed by author]

                                                              1. -2

                                                                Close. That’s Monty Python. I was referencing Hitchhiker’s Guide to the Galaxy :)

                                                              2. -7

                                                                No, but Richard recent insane conjecture on Epstein and the resultant departure from the FSF Presidency has made his views dead to me. https://itsfoss.com/richard-stallman-controversy/

                                                                The man suffers from serious Engineers Disease: Thinks being an expert in one area makes him an expert in other areas as well.

                                                                1. 29

                                                                  Regardless of what you may feel about rms’ behaviour surrounding the Epstein case, it doesn’t affect the points he has about software. This amounts to little more than a personal attack, and I feel it’s unbecoming and off-topic.

                                                                  1. 16

                                                                    For the sake of completeness (and I hope neutrality), I will share this text that tries to defend Stallman. There are articulations and counter-accusations I don’t like, but I’m also not satisfied with the flow of events, and the final judgement. There’s no real chance that he’ll be reinstated, but I think that those who hold Free Software dear to their hearts should ensure that the FSF do so too.

                                                                    I wish not to debate or discuss this, again, because I think that would be off-topic, and I hope everyone can respect that.

                                                                    1. 6

                                                                      Wow… I encourage those interested to read the linked piece. Out of respect for your wishes I will not discuss it further in this forum however.

                                                                      1. 6

                                                                        Tee ell semicolon fucking dee are.

                                                                        It doesn’t matter what rms said. All that matters is what people heard. Richard is a communicator. If he can’t communicate effectively despite his intent, he shouldn’t be in the job of communicator at all.

                                                                        You can’t blame everyone who keeps “misunderstanding” him after all this time. This has been happening for years. If he can’t get his message across, that’s his fault, not everyone else’s! Communication requires both a listener and a speaker, and the speaker can’t be the only one who is blameless.

                                                                        1. 15

                                                                          It doesn’t matter what rms said. All that matters is what people heard.

                                                                          Ironically, that sums up everything that is wrong with the current approach to discourse.

                                                                          1. 6

                                                                            A very sad state of affairs if I may say.

                                                                          2. 9

                                                                            I thought he was effective in communicating. He said exactly what he meant, it was one other person reading into it who could not get local or national journalists to also see it as a story who blew things up on an internet blog. That people picked it up and ran with it, hollering about his beliefs (like they did here on Lobsters with no evidence) is the real problem.

                                                                            People see what they want to see.

                                                                            1. 19

                                                                              It doesn’t matter what rms said. All that matters is what people heard. Richard is a communicator. If he can’t communicate effectively (…)

                                                                              But this is not what’s happening here. RMS is a very good communicator, his texts are crystal clear even to a casual reader (who may or may not agree with them). The problem here is the large amount of dishonest people that are maliciously misquoting him in a systematic way.

                                                                              1. 7

                                                                                No, we’re not dishonest nor malicious. We’re just tired of him.

                                                                                Communication is more than just slapping up bunch of texts on gnu.org. It involves time, and place, and presentation, and mood. The nitpicking that Richard did on this last incident got all of those wrong.

                                                                                When you yell and get agitated, when you pick your feet in front of an audience, people just stop listening to what you have to say. It doesn’t matter what it is. They’ll just remember, “this guy picks his feet in public”. We are dumb, fragile, tribal creatures. If the leader of our tribe is picking his feet, we are less likely to be in his tribe, regardless of how eloquent he might otherwise be.

                                                                                1. 8

                                                                                  Stallman’s personal antics are irrelevant to his communication abilities and the importance of his message. You sound like one of the 500 honorable citizens of Athens who voted for the demise of Socrates because they were “tired of him” and he was a “horrible person” who “corrupted the youth”. One of these corrupted youths was Plato, and today nobody remembers about the reasons that the honorable athenians produced. They were probably right in their short-sighted way, but it doesn’t really matter.

                                                                                  In school I was taught that what one person does and says is more important than their physical aspect. I like to think that other people does that also, so I do not really care about the strange antics of anybody. If anything, they are a fun addition to an otherwise depressingly homogeneous environment.

                                                                                  1. 7

                                                                                    Stallman’s personal antics are irrelevant to his communication abilities and the importance of his message.

                                                                                    They are not. To believe this is to simply blind yourself to the reality of human social psychology.

                                                                                  2. 6

                                                                                    No, we’re not dishonest nor malicious. We’re just tired of him.

                                                                                    If you’re not malicious, why are you intentionally misquoting and misrepresenting him, consistently? Tired people don’t get involved.

                                                                            2. 14

                                                                              Does your own personal Engineer’s Disease manifest as armchair psychology?

                                                                              1. 1

                                                                                Yep :) But I keep my inane ramblings on forums like Lobsters and not in the public square. It’s safer for everyone that way.

                                                                              2. 1

                                                                                It seems he has not departed GNU, which I think will have interesting repercussions.

                                                                                1. 8

                                                                                  Everyone still needs to work. Fine with me if he stays. I’ve never understood the compulsion some people have to utterly destroy people so they are unable to have a career.

                                                                          3. -8

                                                                            Flagged as “off topic” because the post is political 😉

                                                                            1. 26

                                                                              I downvoted, but I wanted to leave an explanation: I feel like comments like this degrade the community by bringing disagreements into multiple threads and outside of the meta threads meant to contain it. This comment isn’t targeted at a specific user (maybe borec, if anyone), doesn’t explain why the post is political, and seems designed to score a cheap dig at the community. I’d prefer Lobsters to remain a place where we disagree politely and with reasoning behind our points, in contrast to low effort places like the orange or proggit.

                                                                              1. -2

                                                                                Twas only a joke

                                                                                1. 3

                                                                                  RMS said the same about the abort documentation.

                                                                                  These days, the safest course is not to try and be humorous, lest somebody sic a mob on you.

                                                                                  1. 0

                                                                                    These days if you say you’re English, you’ll get arrested and you’ll be thrown in jail.

                                                                                    (can we have less of the persecution complex and perhaps more of the introspection, these days?)

                                                                                    1. 0

                                                                                      These days people mark as “incorrect” or “troll”, or “off-topic” everything they don’t understand.

                                                                                  2. -2

                                                                                    I thought the winking face pretty much conveyed that, but in these times not everyone has context and not one wink face will save you! ;)

                                                                                    1. 11

                                                                                      It doesn’t really add anything to the discussion, which is why I downvoted it. It was low-effort and a form of trolling (whether they meant it or not).