This is funny because I was the operations assistant (office secretary) at the time we received this letter, and I remember it because of the distinct postage.
I met a web developer working for the FSF at a Boston pub one night while in town for a Red Hat conference. After many drinks, he walked us down fifth street to the FSF office building. I wasn’t sure what to expect but when we got there, he typed in some numbers on the door entry system, and what came out was RMS singing the free software song lol. It was a wonderful treat for a young Linux nerd on a hazy adventure in the early morning
I love that your story could be read in two different ways: (1) a recording of RMS appeared on the door entry system screen, or (2) the man himself waltzed out of that door and started singing.
How wonderful! Since the game of the day seems to be the technicalities of the minutiae, could you explain the decision to send the GPLv3 vs GPLv2? Is this a request that happens often?
> There was a problem that I noticed right away, though: this text was from the GPL v3, not the GPL v2. In my original request I had never mentioned the GPL version I was asking about.
>The original license notice makes no mention of GPL version either. Should the fact that the license notice contained an address have been enough metadata or a clue, that I was actually requesting the GPL v2 license? Or should I have mentioned that I was seeking the GPLv2 license?
This is seemingly a problem with the GPL text itself, in that it doesn't mention which license version to request when you mail the FSF.
A Sid Caesar skit showed doughboys celebrating and one shouted "World War 1 is over!"... when they made GPLv2 maybe they didn't anticipate creating future versions (although yeah, if you're already on v2 you should foresee that).
Well to be fair, that's not the full license notice, that's only the last paragraph. There should a couple more above that one and the first paragraph says the version of GPL in use. That said I think the license notice is also just a suggested one, it's not required that you use that _exact_ text.
How does a sender who only has a GPLv2 license notice even know that there is a v3? Should they first send a letter asking which versions are available?
the usual license header has something along the lines of "either version [23], or at your discretion, any subsequent version", which clearly explains that there are specific versions with distinct rules. Many people opt not to include this clause because they (understandably) don't want to automatically agree to a contract that hasn't even been written yet. However if they fail to make the version clear that's on them.
Anyways I don't think this defense would ever fly in court. As soon as the plaintiff's lawyers produce evidence that you are aware of GPLv3 (such as pointing out that you have GPLv3 software on your PC or phone) the judge is going to see that you're trying to game the system on technicality and sanction you. Judges really don't like this sly loophole BS where it's extremely obvious that you're feigning ignorance for the sake of constructing an alternate reality where you hypothetically never knew there was a GPLv3.
If the sender requests GPLv2, he should receive GPL version 2.
If the sender requests GPL, I find it natural for him to receive version 3, because it's the latest version. At the time of receiving the license, he gains knowledge about the existence of version 3 (the header on the print says the GPL he received is version 3).
If the sender has a notice about GPLv2, it means that there's a high chance that there's also GPLv1. This should be a sufficient hint that requesting only "GPL" is not sufficient, because the sender should be aware of the risk of receiving GPLv1 if he won't mention the "v2".
At FSF, someone would call every month thinking they had been "hacked" and that FSF was responsible because they found "evidence left behind" (the GPL).
Recent elections show that capital interests are able to spend unlimited amounts of money buying political influence to prevent a pro-working-class candidate from ever touching any true levers of power.
I don't see how publicly shaming someone (and yes, this is how I interpret the intend of your question) for the act of thanking the author of a project is going to help anyone.
It is offered free of charge, so why should it be despicable to use it free of charge? Maybe they do actually donate to the project, contribute code, or support in other means.
For example this very post where they thank the author is probably a source of motivation and acknowledgement that might have a positive impact on the project. They could have refrained from doing this but instead they took the time to write a very enthusiastic comment.
Sure it's offered free of charge -- and immediately next to the big "Download" button is a big "Donate" button.
> Maybe they do actually donate to the project, contribute code, or support in other means.
Maybe instead of shaming, the question is a cue for them to mention one of those things.
---
In the US it's Thanskgiving week. It's nice to give thanks. It can also be nice to give other things -- like support to a project that has saved/made your company non-trivial money. Not required, but nice.
To be clear, I think it would be fair if they answer something like: "I am trying to get my company to contribute... but as my original story showed, my company is pretty shitty at making simple decisions." :)
I say this all as someone who has paid for SQLiteStudio: if you don't see the connection between paying for open-source software, and open-source software sustainability (aka "having nice things"), then your brain is totally cooked. Money is energy, and without it, there will continue to be yet another "why open-source desperately needs funding" front page post every week.
Not one other person in these comments mentions paying for this work. That is worth embarrassing those who are all talk, no action. They are doing worse than ordinary virtue signalling--they're phony virtue signaling.
Giving compliments are fine, but put them in the donation message box.
I always opt out of the scanner (even have a special shirt [1]), and without fail they always stand me by the intake (radio-leaky-end) of the baggage x-ray machine for 5+ minutes.
To be fair, I think most of the TSA agents are not, many are just doing their job and trying to bring some dignity to a tense situation. I travel a lot and have met some very kind TSA agents.
But as an organization, they clearly have a culture that allows or even encourages people to openly abuse and harass travelers, and punish people for exercising their rights. When I was being sexually harassed by a TSA agent, the other agents standing nearby allowed it to happen and said nothing.
I had a phase where I would always wear this "cease your investigators" shirt, never had any comments but yea stood by the machine for 5 minutes or so, never considered the machine would be radiating outward as well as inward, but yeah, mostly did it as a small protest, thought it worth demonstrating you don't have to comply.
And the senators’ letter quotes a talk given by TSA Administrator David Pekoske in 2023 in which he said “we will get to the point where we require biometrics across the board.”
As opposed to hoping the TSA agent doesn't properly proof you to your government credential you hand them? The data is already there, in state motor vehicle databases, and various federal databases. If you have Global Entry or PreCheck, your biometrics are already on file. The Dept of State has your photo associated with your passport, as does the DoD Common Access Card system.
TLS encryption means absolutely nothing. The very system of using certificate authorities is flawed by design. NSA has no trouble performing MITM. Go search 'NSA FLYING PIG'.
After the PRISM stuff, folks got a lot more savvy with encryption. TLS has been tightened up a lot since then across many fronts (perfect forward secrecy, removing crap roots, certificate transparency, etc).
There's just no way the NSA can be MITMing any reasonable proportion of traffic. Possibly extremely targeted stuff, and sure, there's technically the possibility that Google is handing over keys, but if it was happening at any massive scale, people would now know.
That's why the fight has moved over to metadata now, which is what the three letter agencies are vacuuming up these days.
Yeah but I imagine the ice is getting thin. Sure, use of key pinning on the web failed - but for instance banking apps commonly use it. Once monitoring Certificate transparency logs gets more traction, things like that could get noticed.
1. AFAIK no government, even authoritarian ones, coerced a CA to misissue a certificate. There have, however, been plenty of other ways governments are able to get certificates, like seizing the domains/servers.
2. Even if they did, chrome has enforced certificate transparency, so a gag order on the CA/CT provider would simply result in the certificate being rejected.
Sure, but then it isn't related to the CA system anymore and any action from them wouldn't be under the radar anymore.
Also this problem would apply to any key like gpg. Well, as long as it's not in a Hardware security module. Of course they could also seize that but at some point it becomes logistically impractical, at least for mass surveillance.
reply