Take advantage of special 2020 tax deduction; last chance is today!
byon December 31, 2020
You know us here at Conservancy — we’re charity regulation geeks! We want to share with you an important piece of information that you and your friends in the USA definitely want to know today!We recently read up about it on IRS’ website: earlier this year, the CARES act here in the USA created a one-time rule allowing charitable deductions up to $300 in 2020. It applies to everyone — even those who often aren’t usually eligible for these deductions!
Charitable giving is an essential way in the USA that important work of all types gets done. Whether you donate to Conservancy or some other 501(c)(3) charity, we encourage you to not miss this opportunity.
Keep in mind, though, that not all organizations that are called “non-profit” are equal in this regard. In the USA, only donations to charitable non-profits with a 501(c)(3) designation from the IRS qualify for the tax deduction. So always verify that the organization is a 501(c)(3) charity before you donate to them.
As always, we aren't tax accountants and can't give you tax advice, but we wanted to share this important tidbit with all of you as 2020 ends, and we wish you the very best for 2021!
Conservancy support is critical to Outreachy
byon December 29, 2020
The pandemic and other events in 2020 has disrupted all our lives. Many people have to choose between facing financial hardship, or putting themselves at risk to physically go to work.
That's why I'm so proud to work on Outreachy. Outreachy provides remote internships, allowing people to work safely from home. Outreachy interns work on free software projects, and our goal is to increase diversity in software freedom.
Outreachy's remote internships are crucial to helping attract and retain women free software, especially during a pandemic. NPR reported that women are leaving the workplace at four times the rate of men during the pandemic. This is partially because society pushes women to be the primary caregiver for children. Many women have been forced to choose between working and supporting their children.
Outreachy is proud to support parents during the pandemic. Our remote internship program means that parents don't have to choose between supporting their kids and pursuing a job working on free software. We're so proud of Outreachy interns who are mothers, like Guadalupe Arroyo, who was able to be an Outreachy intern and care for her toddler. Guadalupe was an Outreachy May 2020 intern with Humanitarian OpenStreetMap Team. We're also proud of Lalitha, a 54 year-old mom who learned how to code after immigrating to America from India. Lalitha was an Outreachy May 2020 intern with Wikimedia.
Outreachy is also proud to support people in developing countries. This year, we accepted our largest internship cohort from African countries! In the December 2020 cohort, 19 out of 54 Outreachy interns are from African countries like Cameroon, Kenya, Nigeria, and Uganda.
As word about Outreachy continues to spread around the world, our program becomes increasingly complex. It is a daunting task to handle tax forms and payments for over one hundred people per year!
It would be impossible to run Outreachy and do all of this good work without the support of Software Freedom Conservancy. Conservancy does much more than just provide a non-profit status for Outreachy. It's our fiscal parent, and our non-profit home. Conservancy goes above and beyond to help Outreachy. Conservancy staff promote Outreachy, help us find grants, navigate legal challenges, and vet mentoring communities.
Running an international free software mentoring program would be impossible without Conservancy's expertise, advice, and support. Outreachy is so grateful for Conservancy staff for their support.
Outreachy is also essential to Software Freedom Conservancy. Conservancy believes that anyone should be able to use, modify, distribute, and contribute to free software. Conservancy believes that everyone should have software freedom, especially people from marginalized communities. Conservancy is proud to support Outreachy.
I'm so thankful that Conservancy has worked with the Outreachy team to hire me to work full-time on Outreachy. It's the first time Conservancy has hired an employee on staff to work full-time on a member project. Even as a dedicated Outreachy employee, I'm now an integrated part of Conservancy staff. I can see how proud Conservancy is to do our part to create diverse and inclusive free software communities.
As Conservancy's newest staff member, I encourage you to donate to Software Freedom Conservancy's fundraiser. We are so close to hitting our goal for 2020. It's exciting to see so many people support Conservancy, and I hope you can too! Please consider becoming a Conservancy supporter today.
A brief introduction to the Godot Engine with Juan Linietsky, Lead Developer
byon December 28, 2020
Godot is a free-and-open-source game engine that seeks to provide an accessible, common set of tools for 2D and 3D game development. Unlike its proprietary counterparts, Godot uses the MIT license, allowing creators to exercise full agency and ownership over the products of their work, letting them focus on developing unique games on a complete, free foundation. Godot provides integrated tools for developers to work on game graphics, physics, audio, and more, and can be used to deploy games to a wide range of platforms, including the desktop, mobile platforms, the web, and several game consoles.
Godot has been a Conservancy member project since 2015. Vladimir Bejdo, a Conservancy intern, conducted a remote interview with Juan Linietsky, the engine's Lead Developer, for a quick update on the work Godot is doing now five years after it joined the Conservancy and to gain some insights on the project's future.
JL: Juan Linietsky; VB: Vladimir Bejdo
VB: Juan, tell me a bit about how you got into free software to begin with – was there a particular moment or experience you could relate back to which makes free software important to you and informed this project’s libre status?
JL: I used Linux for programming since around 1997, so I was always very comfortable with free software tools. I also wrote some music composing hardware many years ago and licensed it as free software. Initially, as Godot was not meant be a commercialized product, it was put online as open source with the hopes that others would contribute.>
VB: Tell me a bit about the history of the Godot Engine – what drove its creation? Why make it free software?
JL: Godot was my (and Ariel Manzur's) in-house game engine for a long time. We used it to create technology for a diverse amount of clients in the past. This was done at a time where game engines were not accessible and one needed to create the technology on your own. Because it was never meant to be a product, we open sourced it.
VB: Godot aims to provide an open, accessible, permissively licensed game engine – it would be easy to say that for many end-users and emerging developers, games are often a point of first contact with software – what kind of work does the project do to make what can often be people’s first introduction to development work accessible, and how does free software philosophy work into those aims?
JL: Godot development priorities are always very user oriented. Taking feedback from users is more important than just adding features for the sake of it. When we see users have issues with something, we try to work around it to ensure a better experience.
VB: Developing something like a game engine is somewhat of a herculean task – how has peer/community production contributed to the project’s success so far? How does the project converge with other free software projects in existence?
JL: Coexistence with other free software projects is a bit difficult. Godot does mostly not make heavy use of other open source software as a base, and instead we write our own versions of things. This is because generally we have very precise needs to solve; it's easier to roll out our own solution than doing politics with other projects to see how to work together. So, unless a library we use is exactly what we need, we tend to roll out our own. Things may take longer, but Godot becomes a lot more consistent as a result.
VB: What do you see for the future of your project as a whole?
JL: To be honest I have no idea, we are constantly running behind because it's growing so fast. I am really hoping for a time where we can work more on stabilizing the codebase and fully focusing on user experience.
VB: Would you be willing to share any use-cases of games created in Godot?
JL: Feel free to take a look at our showreel. We have lots of very beautiful looking games.
VB: Speaking more generally – what do you see for the future of free and open source software as a whole?
JL: I have mixed experiences as an open source software user myself. I am of the thinking that user experience is important when you write software, and that you should listen to your users in order to improve what you are doing. In my opinion, the biggest flaw open source software has is when the authors believe they know better than their users or other potential contributors. This hampers their ability to grow as a community. I really hope this eventually changes in the future in open source software.
VB: The Godot Engine has been a Conservancy member project for a few years now – what has changed since the Engine joined the Conservancy? How has Godot – as a project, and its community – grown over the past few years?
JL: The success of Godot as a project would have been impossible without Conservancy. The work they do to support projects in a way where they can receive donations and the way they are transparent and ensure that all funding is used for the benefit of the project is key to gaining trust with users, contributors, patrons and sponsors. It would be impossible for the project to finance itself without their help.
VB: Any closing remarks? Say someone reading this review were interested in getting involved with Godot – besides supporting the Conservancy, how might they do that?
JL: Besides thanking Conservancy again for all their help and support, I would love to invite anyone interested in taking part of the development to read our documentation page about ways to contribute.
Software Freedom Conservancy is in the middle of its annual fundraiser. Please help us continue our work by becoming a Supporter. Donate now and have your donation matched by a group of generous individuals who care deeply about software freedom.
Insights on the reproducibility and future of free software with Chris Lamb
byon December 21, 2020
The Reproducible Builds project seeks to integrate a set of development practices into software which emphasize build reproducibility, or the ability to ensure that a given build process will lead to verifiably integrous binaries which correspond to their source code. Reproducibility is especially important in software that is used for sensitive applications or even by users living in repressive regimes under mortal danger – repressive governments, for example, may choose to introduce vulnerabilities into software used by dissidents to connect to the Internet by targeting pre-compiled binaries and build processes rather than source code. The project is working towards making many widely used pieces of free software reproducible, from its aims towards making (at the very least the packages of) several widely used distributions of GNU/Linux reproducible to achieving reproducibility for individual pieces of critical software like Tor and Tails.
The Reproducible Builds project has been a Conservancy member project since 2018. Chris Lamb, one of the project's core team members, took part in a remote interview with Vladimir Bejdo, a Conservancy intern, to talk about the Reproducible Builds project, his own participation in software freedom, the importance of reproducibility in software development practices, and to have a discussion about the issues facing free software as a whole today – while also thinking about what issues the free software community needs to focus on going into the future.
CL: Chris Lamb; VB: Vladimir Bejdo
VB: To start off with, it might be useful to first ask you this – how would you relate the importance of reproducibility to a user who is non-technical?
CL: I sometimes use the analogy of the food ‘supply chain’ to quickly relate our work to non-technical audiences. The multiple stages of how our food reaches our plates today (such as seeding, harvesting, picking, transportation, packaging, etc.) can loosely translate to how software actually ends up on our computers, particularly in the way that if any of the steps in the multi-stage food supply chain has an issue then it quickly becomes a serious problem.
For example, even if we could guarantee that only the most wholesome apples were picked in our orchards, if they became tainted on the way to the supermarket it will be a real problem for us at the end of the day. We may not even be able to even tell by simply inspecting our Pink Ladies or Honeycrisps, and washing them thoroughly under the tap may not be enough either.
In an ideal world, we would be able to personally inspect the provenance of our food at all of the stages of manufacturing and transportation. But at some point, we must place our trust in the process and in brands, as well as various regulatory bodies to ensure that potential problems in our food are minimized, possibly even paying a time/effort premium by growing our own or buying direct from local markets in order to minimize the number of steps, etc.
However, when we use free software we can do better: ‘Reproducible builds’ are a set of software development practices, ideas and tools that create an independently-verifiable path all the way from the original source code to what actually runs on our machines. Reproducible builds can reveal the injection of back-doors introduced by the hacking of developers’ own computers, build servers and package repositories, and also expose where volunteers or companies have been coerced into making changes via blackmail, court order, and so on.
With reproducible builds, there is no longer any need to trust any particular source of authority. In the same way that, say, a Mr Smith might check that his calculator is giving him the right answer to “2+2=4” by asking enough of his friends to check theirs too, users and developers of a reproducible build can verify the software they are using by creating a collective consensus instead.
VB: Tell me a bit about how you got into free software to begin with – was there a particular moment or experience you could relate back to which makes free software important to you and informed this project’s libre status?
CL: I was playing with various Linux distributions throughout my teens, but it was only much later when I got my first permanent internet connection that I seriously got free software, intrigued by its collaborative development style, charmed by its international community and finally won over by the feelings of mastery and autonomy it gave me over my own computers. Like many others, this was only enabled by the privilege of excessive free time at a state-subsidized university. However, I first learned about ‘reproducible builds’ many years later via some friends who had attended FOSDEM in 2015.
In many ways, reproducible builds cannot be anything other than a free/libre project. As you cannot even view the source code of almost all proprietary software, the end-user benefits of having a transparent software ‘supply chain’ outside of a free software context are consequently limited. The Reproducible Builds project also brings together a broad mix of communities, philosophies and competing motivations, making it a true entrepôt of software development – it is difficult to imagine such a diverse cross-section of interests collaborating and sharing knowledge in a proprietary software context.
VB: Were there any specific grievances or moments which drove the Reproducible Build’s project’s creation?
CL: Yes and no. The idea of reproducible builds has been continually rediscovered across many eras of computing, so there have actually been a number of important moments depending on your individual perspective and biases. For example, it was implemented for various GNU tools in the early 1990s and was a property in countless systems that existed before this. None of these earlier instances resulted in mainstream developer consciousness, and all the arguments tended to forefront technical, rather than security, concerns.
However, the recent surge in interest in reproducible builds can probably be attributed to the Bitcoin project around 2011, as users of the cryptocurrency needed a way to trust that they were not downloading corrupted software. This coincided with the “Snowden” disclosures of global surveillance in 2013 and the Tor browser began serious work in this area as a direct or indirect result. These successes and a growing wider concern around software integrity prompted Debian Developer Lunar Bobbio to cultivate a sub-project within the Debian project that quickly gained popular and — crucially — technical momentum.
VB: The Reproducible Builds project works specifically on making free software work securely for sensitive targets like dissidents living in repressive states, but its work obviously also helps secure projects that are used by other at-risk populations as well. How do you feel that free software philosophies align with the social good your project tries to help foster?
CL: The Reproducible Builds project aligns with a great many of the philosophies of the free software movement. Take, for example, freedom 2 from the FSF’s “Free Software Definition”, which demands the right “to redistribute copies so you can help your neighbor”. This is admittedly not a literal application of the text, but it is difficult to reconcile the underlying intent of “helping your neighbor” if you are unwittingly distributing software that contains back-doors, and the practices and ideas of reproducible builds are intended to dramatically minimize the risk of this occurring.
In a wider sense, the concept of Reproducible Builds aligns with the general desire for autonomy and transparency present that is present throughout the free software community. This is particularly apparent in the way that it does not require people to place their trust in centralized authorities and are instead empowered to come to decisions either by themselves or collectively in a bottom-up and consensus driven manner.
VB: How has the free software community taken up reproducibility and worked to integrate it into their own development practices? Can you share with us a short overview of how the project has grown over time, or some notable implementations of the practices behind reproducible builds?
CL: There have been countless integrations of the practices of reproducible builds across the free software community, from high-level tools such as photo editors, server components such as databases, all the way down to low-level system components such as the Linux kernel (spearheaded by Ben Hutchings). Thanks to the F-Droid project, we have gained some of the benefits reproducible builds on mobile devices as well, and in 2020 we are seeing a number of independently developed Covid-19 tracing application that support being built reproducibility too.
Another prominent success story is Tails. Tails is a security-focused Linux distribution aimed at preserving privacy and anonymity. For example, it uses Tor by default and leaves no digital footprint on the internet or on the machine itself, so is ideally suited for high-risk users who face targeted or aggressive surveillance. As a result, all its systems (and engineers) that contribute to Tails’ development and release are high-priority targets for compromise as a successful attack would provide access to a large number of vulnerable and high-value users.
After considerable effort, Tails now offers fully reproducible and verifiable images, helping to protect the users of Tails but also the developers that volunteer their time to the project.
VB: What do you feel are the greatest areas of need for free software projects to focus on today overall?
CL: One area we are lacking in free software is for more robust and critical analysis of the free software movement itself.
Without greater self-reflection, we are likely to be ineffective in our approaches to real-life problem solving, and may not be able to fully realize our shared vision of a better world. For example, we might fall short and only solving problems for people we can directly relate to: everywhere on Earth, there are countless moral and ethical decisions being made around technology today, but our solutions can easily exclude others, such as those that lack technical expertise as well as those with different priorities, cultures and economic backgrounds.
As part of this critical analysis, free software projects should also not be afraid to ask what the limits or the negative externalities of developing free software might be. Even the ‘ethical consumerism’ of open source software will be inherently constrained by its very nature, yet we rarely discuss what these constraints could be. Any potential issues within our collective movement can find themselves sidelined too. For example, the potential exploitation of an unpaid, volunteer labor force of open source maintainers is not widely addressed. We also see this in the conversations around the perceived unethical co-option of free software too, where the general discourse seldom rises above unserious trading over definitions. My point is not to provide my own position here or that the free software movement should even hold any position either, but given these issue’s potential impact it seems strange and possibly even dangerous to not be widely discussing these topics, if only to assure ourselves that we are on the right path.
Likewise, if we could refine our culture of robust critique we would also be able to improve our responses to the acute and systemic problems in our society as well. For example, we might be able to comprehensively and confidently address the many harmful effects of social networks, the consolidation of power in centralized content platforms, a pervasive surveillance culture, the relegation of human agency by artificial intelligence, the role of information technology in our healthcare, the erosion of our democracy and individual freedoms, not to mention reversing or even ameliorating the effects of catastrophic climate change. The assertion that free software can help all possible situations is inspiring to me, but this optimistic hypothesis remains mostly unsubstantiated. Indeed, to all of the urgent concerns listed above, the free software movement is not yet collectively articulating a coherent and clear answer, and we can often still come across as having the same conversations regarding the name of our movement and other embarrassingly unimportant matters. Saying that, the discourse in this area has definitely been maturing in the past year or so, particularly with regard to diversity, and I am also looking forward to reading a number of pending publications in this wider area.
Given that we don’t find some topics particularly comfortable, it is only natural that we don’t tend to discuss them widely. But it is of cardinal importance that we overcome this habit: without robust and forthright self-critique, free software may actually start to contribute to society’s problems instead of diminishing them. Indeed, the twentieth-century has repeatedly demonstrated that techno-utopian and accelerationist visions of the future can just as easily lead to dystopian outcomes over positive ones however well-meaning they were when they started.
To be clear, there is absolutely nothing inherently wrong with having more application sandboxes, discussions on the finer points of funding models or even more printer drivers, but prioritizing these discussions over others may be preventing the free software movement from being taken seriously in a wider context, as well as dramatically reducing our effectiveness in solving the very real problems in our real world.
VB: Closing thoughts – how could someone begin to get involved with the project? Any resources you would like to direct readers to, if they are interested in learning more about the project and about the driving ideas behind it?
CL: If you are interested in contributing to the Reproducible Builds project, the first thing to do is connect with our community, either via our IRC channel (#reproducible-builds on irc.oftc.net) or on our mailing list.
You can also please visit the Contribute page, discover more technical details on the rest of our website, particularly via our many presentations and monthly news reports. You can also follow us on Twitter via @ReproBuilds.
Software Freedom Conservancy is in the middle of its annual fundraiser. Please help us continue our work by becoming a Supporter. Donate now and have your donation matched by a group of generous individuals who care deeply about software freedom.