Supporter Interview with Elijah (and Oliver!) Voigt
by Daniel Takamori on January 15, 2024
SFC:Tell us a bit about yourself! Where are you from, what are some of your hobbies? Social media?
Eli: I moved from Chicago to Portland as a tween. I have since adopted many Pacific Northwest hobbies like hiking, camping, and enjoying microbrews.
SFC: Why do you care about software freedom? How long have you been involved?
Eli: In college (almost 10 years ago? Oh no.) I helped run the Oregon State University Linux Users Group (OSU LUG) where we ran InstallFests and gave talks on different Open Source tools. Prior to that I used open source software like Linux and Blender to produce 3D art.Software Freedom is important to me because world class software tools should be accessible to everybody. Growing up middle class I had the privilege of a computer and free time, but I couldn't afford expensive 3D software like Adobe. Thankfully I got into Blender because it was free but also because it was good! I definitely think of Software Freedom as a spectrum. For example: using Blender on Windows is a win compared with using Adobe products.
SFC: How do you use free software in your life?
Eli: I use Linux and free software whenever I can. I also run a physical server in my basement which hosts instances of open source services like Gitea for friends and family. Being a nights-and-weekends Sysadmin isn't for everybody but I love it!
SFC: On the spectrum on developer to end user, where do you lie? And how do you think we could do better bridging that divide?
Eli: I am definitely more of a Developer, and I struggle with bringing co-workers, friends, and family into the fold of Free Software. When a tool is Free, Convenient, and Good people are more than happy to use it. Beyond that though I have no idea!
SFC: What's got you most excited from the past year of our work?
Eli: I was a huge fan of FOSSY! I could only make the first day because we had a BABY during the conference. The one day I went I got to speak to Andrew Kelley (of Ziglang) and I learned about running AI models on my laptop which was enlightening and fun! I also volunteered and got to see so many community folks for the first time since COVID.
SFC: What issues happened this past year that you were happy we spoke about?
Eli: I think the work you're doing with Right to Repair is really meaningful. It's the kind of thing every consumer agrees with and wants but we still need to fight for!
SFC: Do you think we are doing a good job reaching a wider audience and do you see us at places you expect?
Eli: I am sure running a conference like FOSSY, especially in a post-COVID-lockdown world, is challenging but really helped me feel connected to the SF Conservancy and the community around your work. I can't wait to see it grow over the coming years.
SFC: Have you been involved with any of our member projects in the past?
Eli: I am a huge fan of Busybox! When I put on my system administrator hat (at work and for fun) I use it every day.
SFC: What other organizations are you supporting this year? charities, local, non-tech, etc
Eli: A few of my recurring donations I want to plug:
- My local public broadcasting channel:
- My go-to for Climate Change stories:
SFC: Did you have the first FOSSY Baby?
Eli: Yes! His name is Oliver and he just turned 6 months old (as of January 15)!
Is Tesla open source? Roadster certainly isn't...
by Denver Gingerich on December 21, 2023
There appears to be some debate over whether a certain billionaire said on November 22 that , or maybe that . In any case, as the people who work every day on whether or not what companies say is FOSS really is FOSS, we reviewed the materials Tesla provided on the . We found no source code — and last time we reviewed the Open Source Definition, providing source code was mandatory to meet it. But this situation is worse than that. Tesla did include several copies of the Linux kernel in , with no offer for source whatsoever. That's a GPL violation. We immediately emailed Tesla to ask them where the source code was but (now 3 weeks later) we have still heard nothing back.
Tesla's violation is not surprising, given their past behavior. We've written before about Tesla's prior inabilities to provide complete source code. But now Tesla has completely backslid from incomplete source code all the way to "no source or offer". Instead of learning from its past mistakes, Tesla has increased its erratic behavior to make even more mistakes of the same type.Now you may wonder why we care about a company that is decidedly not open source, and about code that is relatively old at this point. Well, we believe that people should have the right and ability to repair their software, no matter how old, and that this applies to everything that contains software, including TVs, wireless routers, and (in this case) cars.
The need for being able to repair here is not hypothetical. The dangers of Tesla drivers' inability to fix the software in their cars is palpable. After discussing safety concerns in the software on its cars with the NHTSA, Tesla recently did a voluntary recall on . This recall is *due to faulty software*, which was only discovered to be faulty after . Neither NHTSA nor the public has the right to review Tesla's actual software for safety. If Tesla at least complied with the GPL, regulatory bodies and the public could review those portions for safety. (Of course, we think Tesla should be required to make the source for even those parts of the software not governed by GPL available to the public for security audits and review.)Tesla has taken a strong and disturbing position: they'd rather keep their source code secret than increase safety for software in cars. Furthermore, rather than letting car owners fix their cars, they were forced to wait for Tesla to both agree that there was a problem, and then work on Tesla's own schedule to release a fix for the problem. If owners had the source code, the owners (and the press, who uncovered the systematic problems in this case) could more quickly identify that there was a problem to begin with, and then implement a fix right away, instead of waiting for Tesla to decide they wanted to do something about it. By refusing to comply with the GPL agreements, Tesla is not only violating licenses - it is making its cars more dangerous, and removing the ability of owners to fix problems when they arise. This cannot continue, and we again call on Tesla today to give all its customers the complete source code for all copylefted software Tesla has distributed to them. This is common sense, and is merely what the agreements require. Of course, we're just as concerned as anyone that owners might make software modifications to their car that decrease safety. We support certification requirements for any software that is installed to drive on the road. Just as it is completely legal for a consumer to build their own car from parts, and be subject to safety inspection before driving it on public roads, so too should that apply to software. Tesla, sadly, continues to maintain the fiction that they know better than everyone what's safe for software in cars to do — even after it's been shown that Tesla's software is killing people. As a for-profit automaker, in this regard Tesla is actually held to a lower burden than a hobbyist who built their own car. We hope you will stand with us in calling on all companies to follow the terms of the copyleft agreements they are bound by. Violating the GPL and using proprietary software is not, as Tesla claims, the only way to keep drivers safe, instead it's downright dangerous.
A Note from Our Executive Director: 2023 and my personal quest for software freedom
by Karen Sandler on December 19, 2023Just when I think that I've really grokked the implications of the technology I have woven into my life, I find that life throws completely new challenges my way that make me realize the extent of the work that we have ahead of us for software freedom.
Early this year, in February, as I readied myself for the excitement of receiving an honorary doctorate at KU Leuven, I felt my heart beating strangely. An already scheduled visit to the cardiologist revealed that my inherited heart condition had caused an irregular rhythm. I struggled to walk up even shallow inclines.I have a heart condition I was born with, called Hypertrophic Cardiomyopathy (HCM). It's a condition that generally causes me no discernible symptoms, but I am at much higher risk of what they call "sudden death" than people without this condition (sudden death is what they call it when your heart ceases its function, for HCM patients, it's often because your heart is beating so fast that it's just fluttering instead of efficiently pumping). This is why I've had, for many years, an implanted pacemaker/defibrillator. Irregular heart rhythms are common for HCM patients over time but need to be either reverted or treated with medication to live a normal life. The longer one is in an irregular rhythm, the more likely that irregular rhythm will stay and be non-revertable. Facing these new symptoms in early in the year, I needed to determine what I needed to do and whether my travel was still safe. To figure out how best to proceed, my electrophysiologist wanted to know about the history of my irregular rhythms. Luckily, I have my implanted pacemaker/defibrillator — designed to record that important information. Ostensibly, this is one of the purposes of having an implanted medical device: to collect such data to inform my treatment.
Years before, I'd decided to have this device implanted with the greatest of trepidation. Many of the key and important features of this device are implemented in software, not hardware. This is my second device (the previous one eventually had battery failure), So, twice, I've had to decide to make an unfair moral choice: do I maximize my chance of surviving with my heart condition, or do I allow installation of proprietary software in my body?After I decided to have the device installed, I made serious efforts to actually verify the safety and efficacy of the software in the device myself. I filed Freedom of Information Act (FOIA) requests to review the FDA's approval process of this device. What I discovered horrified me: no one — not the FDA, not the patients, not the doctors, not the public — has ever reviewed the source code of the device, or even done direct testing of the software itself. Only the manufacturer does this, and the FDA reviews their reports.
This is a problem that will take a lifetime of many activists working for patient's rights to solve. In the meantime, I had to make the difficult moral choice whether to allow the device in my body, and ultimately I did - it was simply too dangerous to go without (doctors estimated a 25% chance of suddenly dying before I reached the age of 40). I tried to reduced the harm by choosing a device manufacturer that allowed the radio telemetry to be disabled for security reasons. This was a huge benefit, but ultimately it meant I picked a device made by a company that has a large presence in Europe, but a very small one in the United States. Little did I know that this choice would lead me to another difficult decision, which would again only be difficult because the software in the device is proprietary.In February 2023, while I scrambled to have data in my device extracted before my trip, I discovered that due to the proprietary nature of the device, no one but a company representative could help me. The only one who worked In my city (a major city!) had gone on vacation to visit family overseas. The company had no other representatives available to help me. After much calling to different numbers of the company, I was able to get a list of hospitals and offices across the city that might have had a machine (oddly, they call them “programmers”) that could interface with (or “interrogate”) my device. Upon calling those locations, only a few actually had the programmers and none of those were able to give me an appointment before I left for Europe. The helplessness that I felt was a powerful echo of how I felt years ago when I realized that my defibrillator was shocking me unnecessarily when I was pregnant. The only way to stop it was to take (otherwise unnecessary) medication to slow my heart rate down. Proprietary software, installed in my body, led me to no choice but to accept medical treatment that I didn't even need.
This year, at SFC, we focused on our partnerships with right to repair organizations to ensure that the software right to repair (which could have helped me to get the information off of my proprietary device) is an important part of the previously hardware-focused conversations. We raised the alarm about John Deere's GPL violations after years of work on the matter. We stayed in regular contact with other organizations to support them and we worked on concrete action items, like the amicus brief we recently co-signed.
We stood up for the consumer and user rights that are baked into the GPLs and continued to push forward our lawsuit against Vizio — to make sure that everyone must be taken seriously when they ask for source code they are entitled to by the GPLs.
We know that users face real difficulty and often feel like they have few choices. We don't blame anyone who uses proprietary software; instead, we empathize with you because we live in the real world too and face difficult choices. We have campaigns such as Exit Zoom and Give Up GitHub to help you find alternatives to the proprietary software that you're using every day that you'd rather liberate yourselves from.
I do hope that (after you donate to SFC, of course!) each of you will do something to help improve the state of software freedom for yourself or someone you know, even if the solutions aren't 100% perfect, because they make a real difference in people's lives and demonstrate that we can do things differently. Help someone flash their phone with a free build, even though it has some proprietary components to remain functional (keeping it out of the landfill). Introduce someone to a free software app. Put Debian (or another free distro) on some old equipment to give it new life, even though it may remain a secondary device. Start collaborating with someone using a pad instead of centralized cloud services. I for one am looking forward to to be able to control it with a free app that removes the need for centralized connectivity in order to operate at all. Maybe you'll do the same with a garage door opener? Sky's the limit when we work on it together. Let's keep it going bit by bit until all of our software is free.Happy holidays.
Sourceware thanks Conservancy for their support and urges the community to support Conservancy
by Sourceware PLC on November 27, 2023Sourceware is maintained by volunteers, but hardware, bandwidth and servers are provided by sponsors. It is our goal to offer a worry-free, friendly home for Free Software projects. Because Free Software needs Free Infrastructure.
We have only been a Conservancy member project for 6 months, but we started the search for a fiscal sponsor about two years ago. Although we probably didn't really know or understand why we needed one at first or the services they provide.Sourceware has been a Free Software hosting platform since 1998. As a developer platform for developers getting consensus on has always been easy. But the discussion on governance took some time. In particular how much influence corporations should get was at times contentious. Sourceware may be volunteer managed, but wouldn't be possible without the hardware, network resources and services provided by some corporate sponsors. The Sourceware community values their independence and the strong community which it manages.
After nine months of discussion we finally settled on joining the Software Freedom Conservancy with a of eight members (Frank Ch. Eigler, Christopher Faylor, Ian Kelling, Ian Lance Taylor, Tom Tromey, Jon Turney, Mark J. Wielaard and Elena Zannoni). Our with the Conservancy states that there cannot be a majority of people affiliated with the same organization (max two members can be employed by the same entity at once). The agreement also states that for projects Sourceware hosts everything will be distributed solely as Free Software and that we will publish all services as Free Software. There is also a conflict of interest policy for the PLC. Joining the Software Freedom Conservancy as a member project made Sourceware more structured. We have monthly Open Office hours now to learn from the community about any infrastructure issues and then the Sourceware Project Leadership Committee meets to discuss these, set priorities and decide how to spend any funds and/or negotiate with hardware and service partners together with the Software Freedom Conservancy staff. Projects hosted by Sourceware are part of the core toolchain for GNU/Linux distros, embedded systems, the cloud and, through Cygwin, Windows. Years ago Ken Thompson laid out the roadmap for attacking an operating system via the compiler and other code generation tools. These days these are known as supply chain attacks. The Free Software community should reasonably insist that they be defended against these kinds of attacks with mechanisms for prevention, detection and restoration. We have been encouraging hosted project to write up a security policy which we support with technical infrastructure. Sourceware now offers different ways to attest a patch or email is valid. Using the Sourceware public-inbox instance you can use b4 for patch attestation using dkim, gpg-signed emails or patatt. Projects concerned with source code integrity now have various options to use signed git commits, signed git pushes, or use gitsigur for protecting git repo integrity. And new services, like our snapshots server //snapshots.sourceware.org/ are run in containers, on separate VMs or servers (thanks to our hardware partners). Sourceware also leverages Conservancy's advisory role in how community projects are impacted by and can comply with recent regulations like the USA Cyber Security Directives and the EU Cyber Resilience Act. Conservancy staff has been attending conferences to discuss with the Sourceware community, first virtual, then in person. Without having a formal fundraising program we already collected more than $6000 in just 6 months for Sourceware. We got even more support from hardware partners, who provided us with extra servers for our buildbot and to setup new services. We wrote up a looking backwards to the last 25 years and looking forwards to the next 25 years. All this resulted in more volunteers showing up helping out.
Having been part of Conservancy for just 6 months has given the community and volunteers running the Sourceware infrastructure confidence in the future. We hope the community will support the Software Freedom Conservancy 2023 Fundraiser and become a Conservancy Sustainer so Conservancy can support more Software Freedom communities like Sourceware.