This blogpost summarises my major comments on the initial draft of version 3 of the GPL.
The excellent GPLv3 comment webtool covers a lot of the small wording changes and clarifications that I think are necessary. I look forward to seeing what account has been taken of these in the second draft.
I want to focus here on four changes I think would greatly improve the licence. In decreasing order of importance:
Section 7 ("License Compatibility") is the part of the GPLv3 which allows copyright owners to add certain additional conditions. Most of them are designed to make it unambiguously permitted to ship GPLed code with Apache-licensed or BSD-licensed code. However, section 7d) says:
d) They may require that the work contain functioning facilities that allow users to immediately obtain copies of its Complete Corresponding Source Code.
Many uses of this clause, as written, would constitute a restriction on modification, and so make the licensed work no longer free software.
This clause was added for upward compatibility with the Affero General Public Licence, a modified GPL with a poorly-drafted clause which restricts modification and requires immediate HTTP download of source. I don't think it's possible to write this clause so that all possible 7d) additional restrictions are free, but I think it's possible to word it in order to make it much more likely that they are. My current suggestion is as follows:
d) They may require that if You propagate a covered work in a way that causes it to have users other than You, You must allow those users to obtain copies of the Complete Corresponding Source Code.
This way, it's an extension of your distribution obligations and not a restriction on the functioning of the program. So, I could say "fill in my web form and I'll mail you a copy of the source code", and that would be OK. Or I could stick a notice on my web kiosk saying "call this number to request a source code CD." My suggested clause specifies results, not methods.
It's probably backwardly-compatible with the Affero GPL; if not, you could add "They may, but are advised not to, specify the mechanism by which the CCSC must be obtained.", and organisations like Debian could simply say "if people do that, it's not free software".
If you distribute GPLv3'd binaries on a CD, you also have to hand over a copy of the source (on the same or another CD; section 6a) or provide a 3-year valid written offer (section 6b).
However, if you offer it for download (section 6d), you merely have to make the source available; you don't have to force the user to download it.
I think we should apply the second principle to the first case. It should be enough to offer the source code when distributing CDs; we should not force users to take it.
Say I've put together a GPLv3-licensed Operating System. The OS fits on one CD but the source, being larger than binaries, requires another three. I am giving away or selling CDs at a computer fair. Should I have to give four CDs to everyone? Or should a "Here's the binaries; do you want the source as well?" not be good enough? It would certainly save me money, time and hassle.
Point 3 is the removal of the clause "no permission is given to distribute covered works that illegally invade users' privacy" from section 3, which a lot of people have suggested is incompatible with software freedom and the FSF's own stated position; I suspect this will happen.
Point 4 is that the modifications to section 5c) have made it very unclear, and it needs cleaning up to make it obvious that it's as irrelevant in general practice as it always has been :-) This has been taken on by one of the committees, so I think this will also happen.
The second draft is due in June.
[Oracle Chief Security Officer Mary Ann Davidson] claimed that the British are particularly good at hacking as they have "the perfect temperament to be hackers--technically skilled, slightly disrespectful of authority, and just a touch of criminal behavior."
"Just a touch"? How sweet.
For the confused, that sort of hacking is not my sort. See "Why 'Hacking For Christ'?" for details.
Back in June last year, I started working for the Mozilla Foundation two days a week. At that time my Inbox, each item in which was the equivalent of a ToDo, was 400 messages in size. I've been chipping away at it ever since then, interrupted by extended periods abroad and operations, and aided recently by Dave Allen's excellent and highly recommended book "Getting Things Done". Ten months later, I was surprised and pleased at 4pm today to unexpectedly find that my "__todo" folder was empty!
So if there's something you've been waiting a while for me to do, it's obviously slipped through the cracks :-) Ask me again...
Once I get out of hospital (I'm back in again on Tuesday for the second of the two operations) I'm looking forward to getting started on some projects which have been on the back burner for a long while.
[Note there are some excluded categories: for example, I have not fixed every bug assigned to me in Bugzilla.]
If you live in the UK and ever travel abroad, then Renew For Freedom - get a new passport now, before the process requires having your face and iris scanned and your fingerprints taken, being given an identity card and being put on the National Big Brother Database, also known as the Identity Register.
I wonder: does the Google/Dell deal include preloading Firefox, given that it's in the Google Pack? It doesn't seem so from the news reports, but...
A while back I dissected Google Print - a hack which I was chuffed to have chosen to be reprinted in "Greasemonkey Hacks". Now, Amazon have come out with their own Ajax book reader. It uses all the same tricks the Google one does (disabling the right-click menu, putting a transparent GIF over the content, using CSS backgrounds to thwart printing and Save Image As..., and so on) but has a few new ones of its own.
Firstly, it's serving up the JPEGs as at least one unusual MIME type. When the page image is downloaded as part of the reader, LiveHTTPHeaders tells me it's text/plain, but when I access an image URL directly, I get an offer to download it to disk. Perhaps that's Firefox noticing that it's binary data, or perhaps it's sending a different type when there's no Referer. Anyway, you can't view the images directly in a web browser, whatever you do. Cunning.
Secondly, the page image URLs are of the form:
http://lookinside2-images.amazon.com:80/Qffs+v35lequprNEMPutod5Bzs1h6sFoa355lEmcXkudq4PesXEiM3eNX2Q93ZDMpWoj0SSHSe4=
So they have no extension, and you can't associate a non-existent extension with your browser or image viewer.
There's also a download of a mysterious thing called "ffcopy.swf". I can't work out what that's for; installing FlashBlock doesn't have any effect on copy and paste behaviour...
We as an organisation made what I see as an unfortunate mistake in our Summer of Code project proposal process. We had the scratchpad for possible SoC projects be the same thing as the official list of projects - i.e. here, on the mozilla.org wiki, which is a public wiki on which anyone can have an account. The only clue as to whether an idea was "more official" was if a mentor's name had been placed in the Mentor column; and even then, you had no way to tell whether that person had put their name there themselves.
This resulted in some unfortunate effects - primarily, students putting time and effort into applications which were bound to be unsuitable for a number of reasons.
I'm not going to be too specific about which projects I mean, as my point is not to criticise the people who put ideas on the wiki. It's our fault that we didn't make a clear separation between idea brainstorming and approved projects. But some of the problems with some projects in our list were:
In summary, I think that next year we need a brainstorming page, and a separate "approved projects" page containing only those projects which have been assessed for size, scope and desireability and in which mentors have expressed an interest. In fact, it would be great if the Approved Projects system was part of the Google application webtool; that way, the mentors could easily sort the application list and assess the five people who want to do the same thing side by side. (Of course, you can apply to the SoC to do anything - and the tool would need to reflect that possibility too.)
I'd be interested in the experience other projects had in putting their lists together, and the methodology they used.
'You haven't a real appreciation of Newspeak, Winston,' he said almost sadly. 'Even when you write it you're still thinking in Oldspeak. I've read some of those pieces that you write in The Times occasionally. They're good enough, but they're translations. In your heart you'd prefer to stick to Oldspeak, with all its vagueness and its useless shades of meaning. You don't grasp the beauty of the destruction of words. Do you know that Newspeak is the only language in the world whose vocabulary gets smaller every year?'Winston did know that, of course. He smiled, sympathetically he hoped, not trusting himself to speak. Syme bit off another fragment of the dark-coloured bread, chewed it briefly, and went on:
'Don't you see that the whole aim of Newspeak is to narrow the range of thought?'
A grasp of 900 pictographs will allow access to 90 per cent of content, as Chinese media continues a process of linguistic simplification, according to an education ministry survey which examined "900m characters used in more than 8.9m files chosen from newspapers, magazines, the internet and television", according to Xinhua news agency.Although Reuters notes that many traditional, aka "complex", characters are still used in Hong Kong, Taiwan and in Chinese expat communities abroad, linguistic homogenisation, and with it simplification, are gradually consigning these to history as mainland Chinese influence grows.
Here are some ways to make sure your Summer of Code application fails. All are inspired by actual applications to the Mozilla project this year.
Don't:
Having said all that, there were many good applications which we were unable to fund. Please don't think that if you weren't chosen, your application was therefore rubbish.
I'll write a more constructive Summer-of-Code-related post soon.
You can now collect a bounty for implementing various features in Zap, the Mozilla codebase's SIP stack.
This may be a good way to go for someone who has missed out on the Summer Of Code. And unfortunately, with around 100 serious applications and (it seems) only 12 places, there are going to be a fair number of people in that category. The deadline for us to finish the choosing process is 8am PST today; I presume the selected projects and people will be announced fairly shortly after that.
XTech was fun; most of the talks were informative, I met many interesting new people, and it was great to see my colleagues from the Mozilla Corporation and my Amsterdam friends again. But I can't shake the nagging feeling I got when I looked around in the "Browser Technology" track room, where the Mozilla crew spent most of their time, and found that it contained on average 50 people, the vast majority of whom were being paid to be there.
I can see why that might be. XTech is not cheap. A full registration for the conference only (no tutorials) is €935, and if you want to stay at the conference hotel, it's another €834, even if you skip the €24 breakfasts. A cheaper, albeit less convenient hotel nearby might still be €300. €1235 is a lot for anyone who is on their own dime. I'm not the only person who has noticed this.
I actually felt quite guilty staying at the Kras. Despite having the usual "protect the environment" notices in the bathrooms, they changed the towels every day, left the lights on all afternoon after cleaning the place, and replaced bars of soap after five seconds use. In the conference area, water glasses were replaced regularly, and I must have used three plates at every lunch because it became too much effort trying to defend them from being cleared away by over-eager waiters. And I couldn't bring myself to spend €24 on breakfast, even when it's not my money. If I go back to Amsterdam, I'm definitely staying somewhere else.
Of course, this is a free market. The XTech organisers charge what people are willing to pay (although I noticed there were fewer people and exhibitors than last year, when it was in the Rai). But it can't be denied that the price is exclusive. The European Mozilla community is large and thriving, but the only representatives it had there were people who have a corporate sponsor - Axel, Gandalf and me.
XTech is the main European Mozilla conference of the year, the one to which the Corporation sends everyone from San Francisco. Given the lack of European community members, it's almost as if we are trying to make sure that the two halves never meet! In contrast, many of the European community come to FOSDEM, but we had (I think) only two America-based Corporation people there this year.
So why have we, the Mozilla organisation, chosen XTech? This is a genuine question - it could be that important people we need to meet and talk to (perhaps from the W3C) don't come to anything else. It could be that it's a convenient time of year. It could be that the content of the other talks is unusually good. But I confess I can't see the reason.
If there isn't a good one, I assert that XTech is the wrong conference for us. Actually, I think that FOSDEM is also the wrong one, but for different reasons - there is so much other cool stuff going on there that I sometimes feel trapped in the Mozilla room. We need to find something that is browser-focussed, but cheaper and more accessible to our community.
Technorati tag: xtech
Recently, Ruby on Rails has had a lot of press. This month's Dr. Dobbs has a cover story: "Ruby On Rails: Java's Successor?". Having attended a full day Rails tutorial at the start of XTech, I must say I am pretty impressed. If you are building database-backed web apps from scratch - and, let's face it, a heck of a lot of people are - it's great. I've not seen anything else that gives you so much for so little work.
But it seems to me that the ideas that Rails is based on - convention over configuration, special purpose frameworks for quickly performing common tasks, MVC, domain-specific languages, test driven development - are "the future". In the future, all of these ideas will be received wisdom - people working on web applications from scratch will be looked upon with the same mix of pity and fear as someone writing a desktop app in assembler would be looked upon today.
At the moment, Rails may well be the best embodiment of those principles. But it doesn't have to have exclusivity. So that's why I say that the future is "something like Rails". It could be Rails - but If another thing comes along which follows those principles and improves upon them, that will be the future.
Technorati tag: xtech
Yngve Pettersen of Opera has posted about the changes they are making to SSL in Opera 9, including disabling SSL 2, introducing TLS 1.1 with some useful extensions, and warning on weak ciphers.
My latest article for the Times Online is called "Software Is Special". It explains why software is unique, and therefore why it deserves special treatment in the patent system.
This is a Rather cool SVG demo (requires Firefox 1.5). View source and see how simple it is; twenty lines of embedded SVG and then some maths implemented in JavaScript to bring it to life. Would it be more work in Flash? I don't know...
The search for locations for a second Doom movie is over.
Today, with many other Foundation/Corporation employees, I'm off to XTech 2006. There's a full Browser Technology track which is looking very exciting.
I hope to see some of you there :-)
...or, the danger of extending metaphors.
Winske [president of the Disability Policy Consortium] said he likes the concept of open-source technology and hopes that OpenDocument will one day be accessible. "I have no problem with it," he said. "The Mozilla Project and Firefox have proved that if people build a better mousetrap, people will use it. It's a matter of making that mousetrap accessible."
Should mousetraps be accessible? Depends if you are a mouse... ;-)
Why is trying to make a SIP call so ridiculously complicated?
Skype have it sorted. You download Skype, install it, register a nickname and you are ready to go. You can call anyone anywhere, assuming they are online, just by knowing their Skype ID.
With SIP, on the other hand, you need to register with one of a load of competing services, all of which have websites which are far keener on selling you WibbleOut and WibbleIn minutes than actually telling you how to configure and test your client. Despite a load of "SIP is open; Skype is closed" rhetoric, instructions are also sadly lacking on how you call people who have registered with one of their competitors.
And what about the state of softphones in Linux? I haven't tried kphone, as it's KDE and my desktop is Gnome, but linphone is a configuration disaster, and their website doesn't tell you how to configure it for the most popular services - surely the one really useful bit of information it could possibly provide! Gnomemeeting is better, but the SIP version of that isn't packaged for the latest Ubuntu. And, with all respect to Dan Glazman, the Wengo extension for Firefox gives you no clue whatsoever as to whether it's logged on, correctly configured or working in any way. If you add contact called "gfdgfdgsdf", it appears exactly the same in the contact list as one called "glazou". Not a particularly useful way of telling if you've actually entered the right things into the right boxes.
And when you do try and configure e.g. linphone, you need usernames, ports, addresses, passwords, proxies, and so on. What on earth is the difference between a "SIP Identity" and a "SIP Proxy" in the linphone "Proxy/Registrar configuration box"? For that matter, what's the difference between a proxy and a registrar? And why should I have to care?
Let's say you've got as far as having a configuration you think might work. Where are the public echo services which let you find out? FreeWorldDialup has one, but Wengo doesn't.
I want to fire up a client with a simple UI, enter a username (e.g. gerv@fwd.pulver.com) and a password, and be able to make calls to anyone else who has a SIP phone and whose username I know. All I need is a text box to type it into - no fake dial pads, DTMF or other POTS-holdover rubbish. I wouldn't even mind paying a small subscription for the privilege. Why is it not that easy?
Today (at 5pm PST) is the deadline for student submissions for the Google Summer of Code 2006. If you are wondering what to do, the mozilla.org list of suggested projects is one place to start, but please don't let that restrict your thinking.
We are, or at least I am, particularly interested in submissions from people who are already known in the Mozilla community. If you were planning on taking a summer job mowing lawns or stacking shelves, please think again. It doesn't have to be a big thing; something small, self-contained and well executed to a high standard is much better than something large which is only half-completed. It can be something you were planning to do eventually anyway, but would like the financial freedom to devote more time to.
Following on from "Daffodils", here's another lovingly crafted example of CVS checkin comment poetry - "Dulce Et Decorum Est". It's taken almost exactly a year to do. I chose that poem because it's a childhood favourite, and a timely reminder of the lies behind gung-ho encouragements to war.
For those who don't read Latin, "Dulce et decorum est pro patria mori" means "It is good and right to die for your country".
And I so nearly got it perfectly right, too... spot the deliberate mistake.
I know I've been away, so maybe I've missed the discussion on this one - but why does the FirefoxFlicks site, containing a load of videos promoting a piece of open source software, only offer them in a proprietary format I can't play on my open source operating system (Ubuntu Breezy)?
If anyone can point me at either a rationale, some open source software which will play the current format (some variant of QuickTime, I think), or an alternative repository of the flicks in a suitable format, I'd be very grateful.