Discussion:
[linux-elitists] [liberationtech] Silent Phone source code available on GitHub
Eugen Leitl
2013-10-04 16:11:26 UTC
Permalink
----- Forwarded message from Karl Fogel <***@red-bean.com> -----

Date: Fri, 04 Oct 2013 11:02:11 -0500
From: Karl Fogel <***@red-bean.com>
To: ***@lists.stanford.edu, Petter Ericson <***@acc.umu.se>
Subject: Re: [liberationtech] Silent Phone source code available on GitHub
Message-ID: <***@kwarm.red-bean.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)
So, Silent Circle (well, Silent Phone) is finally open source!
Thank you, Petter -- it sounds like this release was a lot of hard work.
But it doesn't appear to be actually open source. At least, I couldn't
find a license file containing an open source license. Actually, I
didn't see any license file at all, so I went looking for a source file,
and the first one I found was:

https://github.com/SilentCircle/silent-phone-android/blob/master/src/com/silentcircle/silentphone/TiviPhoneService.java
Copyright © 2012-2013, Silent Circle, LLC. All rights reserved.
Redistribution and use in source and binary forms, with or without
* Any redistribution, use, or modification is done solely for personal
benefit and not for any commercial purpose or for monetary gain
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name Silent Circle nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
[...]
That first term is incompatible with open source (prohibition on
commercial use means it's not open source). For clarification:
http://opensource.org/faq#commercial

Of course, I'd love to see the code switched to an open source license,
and am happy to help you choose one, if you'd like help. A good place
to start is http://opensource.org/licenses.

Having the code visible to the world is still a gain from a security
perspective, and I don't mean to diminish that. However, "visible" is
not the same as "open source".

Best,
­Karl
At least, the previous version, with the next one coming "in a couple of weeks".
This, to me, is absolutely wonderful news, as it is finally possible to get a
proper security audit of the whole shebang.
Github issue: https://github.com/SilentCircle/silent-phone-base/issues/5
The released repo: https://github.com/SilentCircle/silent-phone-android
/P
Subject: Re: [silent-phone-base] Impact of ZRTP library critical security vulnerabilities (#5)
@pettter, "Soon" is today, well, actually last night.
We've just released the sources to Silent Phone for Android
V1.6.5. And, yes, we released them one week after we released 1.6.6 to
the Play Store, so they're a little bit stale, *BUT*... what delayed
us was making sure that they were buildable from the GitHub repo
outside our build environment. That means, assuming we got it right,
that you can check out our repo here on GitHub, build your own APK,
install it on your phone and run it instead of our Play Store version.
And to make lemonade out of the lemons of being one release behind, we
plan on releasing 1.6.6 in a couple of weeks, so, if you try to build
1.6.5 and find that we blew it somehow, you can post an issue here and
we've already got a release planned to fix it in.
I'm really sorry that "soon" took this long. It was absolutely NOT my
plan, but this summer has been really really hectic (for obvious
reasons) and we're a small company with limited resources. The
slowness has really frustrated me, as has the fact that when I yell,
"What idiot set those priorities?" each time something delayed posting
here, the answer was always "me". I can try to blame all the Snowden,
NSA, Prism brouhaha and the time and resource pressures it has put us
under, but in the end, I'm the one who grits his teeth and says, "Yes,
that's more important than the GitHub release. Make it so."
I'd be happy to have you sympathize with me for the decisions I've
faced this summer, but I absolutely would not disagree with you if you
blamed me for the delay. I own it.
Silent Phone for iOS sources, Silent Text for Android, and then Silent
Phone for Android 1.6.6 source releases are all in the pipeline, and
if you'll forgive me for using a word that I myself have sullied, they
should all be here "soon".
----------
--
Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at ***@stanford.edu.

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
Tony Godshall
2013-10-04 17:13:45 UTC
Permalink
Indeed the Not For Monetary Gain clause violates the Open Source Definition.
Post by Eugen Leitl
Date: Fri, 04 Oct 2013 11:02:11 -0500
Subject: Re: [liberationtech] Silent Phone source code available on GitHub
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)
So, Silent Circle (well, Silent Phone) is finally open source!
Thank you, Petter -- it sounds like this release was a lot of hard work.
But it doesn't appear to be actually open source. At least, I couldn't
find a license file containing an open source license. Actually, I
didn't see any license file at all, so I went looking for a source file,
https://github.com/SilentCircle/silent-phone-android/blob/master/src/com/silentcircle/silentphone/TiviPhoneService.java
Copyright © 2012-2013, Silent Circle, LLC. All rights reserved.
Redistribution and use in source and binary forms, with or without
* Any redistribution, use, or modification is done solely for personal
benefit and not for any commercial purpose or for monetary gain
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name Silent Circle nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
[...]
That first term is incompatible with open source (prohibition on
http://opensource.org/faq#commercial
Of course, I'd love to see the code switched to an open source license,
and am happy to help you choose one, if you'd like help. A good place
to start is http://opensource.org/licenses.
Having the code visible to the world is still a gain from a security
perspective, and I don't mean to diminish that. However, "visible" is
not the same as "open source".
Best,
­Karl
At least, the previous version, with the next one coming "in a couple of weeks".
This, to me, is absolutely wonderful news, as it is finally possible to get a
proper security audit of the whole shebang.
Github issue: https://github.com/SilentCircle/silent-phone-base/issues/5
The released repo: https://github.com/SilentCircle/silent-phone-android
/P
Subject: Re: [silent-phone-base] Impact of ZRTP library critical security vulnerabilities (#5)
@pettter, "Soon" is today, well, actually last night.
We've just released the sources to Silent Phone for Android
V1.6.5. And, yes, we released them one week after we released 1.6.6 to
the Play Store, so they're a little bit stale, *BUT*... what delayed
us was making sure that they were buildable from the GitHub repo
outside our build environment. That means, assuming we got it right,
that you can check out our repo here on GitHub, build your own APK,
install it on your phone and run it instead of our Play Store version.
And to make lemonade out of the lemons of being one release behind, we
plan on releasing 1.6.6 in a couple of weeks, so, if you try to build
1.6.5 and find that we blew it somehow, you can post an issue here and
we've already got a release planned to fix it in.
I'm really sorry that "soon" took this long. It was absolutely NOT my
plan, but this summer has been really really hectic (for obvious
reasons) and we're a small company with limited resources. The
slowness has really frustrated me, as has the fact that when I yell,
"What idiot set those priorities?" each time something delayed posting
here, the answer was always "me". I can try to blame all the Snowden,
NSA, Prism brouhaha and the time and resource pressures it has put us
under, but in the end, I'm the one who grits his teeth and says, "Yes,
that's more important than the GitHub release. Make it so."
I'd be happy to have you sympathize with me for the decisions I've
faced this summer, but I absolutely would not disagree with you if you
blamed me for the delay. I own it.
Silent Phone for iOS sources, Silent Text for Android, and then Silent
Phone for Android 1.6.6 source releases are all in the pipeline, and
if you'll forgive me for using a word that I myself have sullied, they
should all be here "soon".
----------
--
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
_______________________________________________
Do not Cc: anyone else on mail sent to this list. The list server is set for maximum one recipient.
linux-elitists mailing list
http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists
--
--
Best Regards.
This is unedited.
Don Marti
2013-10-04 17:48:36 UTC
Permalink
Post by Tony Godshall
Indeed the Not For Monetary Gain clause violates the Open Source Definition.
Open Source Definition? Is that even still a thing?

I thought that people who want to share software these
days are just picking an existing license that people
already use to share software, and not blowing out
their carpal tunnels on mailing lists arguing over
whether some new license is compatible with DFSG
or whatever.
--
Don Marti +1-510-332-1587 (mobile)
http://zgp.org/~dmarti/ Alameda, California, USA
***@zgp.org
Tony Godshall
2013-10-04 19:12:46 UTC
Permalink
https://en.wikipedia.org/wiki/The_Open_Source_Definition

Yes, it's essentially the DSFG, generalized to apply beyond Debian in
the form of the Open Source Initiative, i.e. ESR and Bruce Perens

Why would it not "still be a thing"?

I mean these are the guys who popularized the term with regards to
software as opposed to just commodity purchasing. In particular,
"open source" with regards to software, is commerce-friendly, while
it's not clear that "free software" is, and the FSF is often seen as
commerce-hostile. But even the GPL has an explicit no further
restrictions not even commercial restrictions clause, right?
Post by Don Marti
Post by Tony Godshall
Indeed the Not For Monetary Gain clause violates the Open Source Definition.
Open Source Definition? Is that even still a thing?
I thought that people who want to share software these
days are just picking an existing license that people
already use to share software, and not blowing out
their carpal tunnels on mailing lists arguing over
whether some new license is compatible with DFSG
or whatever.
--
Don Marti +1-510-332-1587 (mobile)
http://zgp.org/~dmarti/ Alameda, California, USA
_______________________________________________
Do not Cc: anyone else on mail sent to this list. The list server is set for maximum one recipient.
linux-elitists mailing list
http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists
--
--
Best Regards.
This is unedited.
Teh Entar-Nick
2013-10-05 22:32:22 UTC
Permalink
Post by Tony Godshall
https://en.wikipedia.org/wiki/The_Open_Source_Definition
Yes, it's essentially the DSFG, generalized to apply beyond Debian in
the form of the Open Source Initiative, i.e. ESR and Bruce Perens
Why would it not "still be a thing"?
Re-read Don's snark. He's not surprised that the OSD exists. He's
surprised that anyone thinks they can come up with a new license that
both meets it and is sufficiently novel to make the effort worthwhile.
Post by Tony Godshall
In particular, "open source" with regards to software, is
commerce-friendly, while it's not clear that "free software" is, and
the FSF is often seen as commerce-hostile. But even the GPL has an
explicit no further restrictions not even commercial restrictions
clause, right?
The "hostility to commerce" claim is absurd on its face, given that it
nearly always boils down to "But under these licences my competitors can
engage in commerce using the software!"

Welcome to free markets, bro. Sorry we don't protect your aristocratic
holdings for you. Perhaps you could raise a standing army for that?
--
Content-type: lies/all-lies
Content-disposition: blatant
Don Marti
2013-10-06 18:36:13 UTC
Permalink
Post by Teh Entar-Nick
The "hostility to commerce" claim is absurd on its face, given that it
nearly always boils down to "But under these licences my competitors can
engage in commerce using the software!"
Welcome to free markets, bro. Sorry we don't protect your aristocratic
holdings for you. Perhaps you could raise a standing army for that?
I'm sympathetic to the Jaron Lanier argument
that people who have made things, but are now
retired or recovering from an injury, should have
some capital to live on (although why he wants to
apply it to some people but not others I don't get:
http://zgp.org/~dmarti/freedom/lanier-on-flushrights/
). But I don't understand the Horacio Gutierrez
argument that there needs to be some kind of
government retirement program for senescent
corporations. When it's over, it's over -- wrap
it up, update your LinkedIn profile, auction off
the Aeron chairs, and get creative destructifying!
Keeping an individual company going past its time
with exclusive government-granted monopolies is
anti-business. It's as if they had kept tweaking
the New York City theater permit system to keep
"Cats" running.
--
Don Marti +1-510-332-1587 (mobile)
http://zgp.org/~dmarti/ Alameda, California, USA
***@zgp.org
Jim Thompson
2013-10-06 19:48:42 UTC
Permalink
tweaking the New York City theater permit system to keep "Cats" running.
Send in the clowns...
Rick Moen
2013-10-07 23:54:47 UTC
Permalink
Post by Teh Entar-Nick
The "hostility to commerce" claim is absurd on its face, given that it
nearly always boils down to "But under these licences my competitors can
engage in commerce using the software!"
Welcome to free markets, bro. Sorry we don't protect your aristocratic
holdings for you. Perhaps you could raise a standing army for that?
These losers^W people with special licensing issues show up regularly on
the OSI license-discuss mailing list, and we just got through dealing
with yet another one, in fact. I particularly liked the most recent
one's list of reasons why the OSD is self-contradictory and needed
immediate amendment in order to bless his imminent conversion to
shareware.

They're valuable, though: If you can be polite to them, then your Cloak
of Diplomacy is probably in good shape for dealing with more significant
people, too.
--
Cheers, HULK LIKE OXFORD COMMA VERY MUCH. HULK WANT TO DATE,
Rick Moen BUT OXFORD COMMA ONLY GO OUT IN GROUPS OF THREE OR MORE.
***@linuxmafia.com -- @EditorHulk
McQ! (4x80)
Tony Godshall
2013-10-08 20:54:59 UTC
Permalink
Post by Teh Entar-Nick
Post by Tony Godshall
https://en.wikipedia.org/wiki/The_Open_Source_Definition
Yes, it's essentially the DSFG, generalized to apply beyond Debian in
the form of the Open Source Initiative, i.e. ESR and Bruce Perens
Why would it not "still be a thing"?
Re-read Don's snark. He's not surprised that the OSD exists. He's
surprised that anyone thinks they can come up with a new license that
both meets it and is sufficiently novel to make the effort worthwhile.
color me corrected
Post by Teh Entar-Nick
Post by Tony Godshall
In particular, "open source" with regards to software, is
commerce-friendly, while it's not clear that "free software" is, and
the FSF is often seen as commerce-hostile. But even the GPL has an
explicit no further restrictions not even commercial restrictions
clause, right?
The "hostility to commerce" claim is absurd on its face, given that it
nearly always boils down to "But under these licences my competitors can
engage in commerce using the software!"
Re-read my comment. I'm saying the GPL is seen as anti-commerce, not
that it *is*, though there's no doubt in my mind its *author* can be
rather hostile to commerce.
Post by Teh Entar-Nick
Welcome to free markets, bro. Sorry we don't protect your aristocratic
holdings for you. Perhaps you could raise a standing army for that?
[jim thompson]
Post by Teh Entar-Nick
Send in the clowns...
Send in the clowns indeed.

t
Teh Entar-Nick
2013-10-08 22:35:50 UTC
Permalink
Post by Tony Godshall
Post by Teh Entar-Nick
The "hostility to commerce" claim is absurd on its face, given that it
nearly always boils down to "But under these licences my competitors can
engage in commerce using the software!"
Re-read my comment. I'm saying the GPL is seen as anti-commerce, not
that it *is*, though there's no doubt in my mind its *author* can be
rather hostile to commerce.
That's an odd claim to make, given that RMS funded the FSF/GNU project
in the early days through sales of EMACS tapes. I'd say he's got more
sales under his belt than you probably do, tough guy.

Also I never talked about your relationship to the claim.
--
"No, I ain't got a fax machine! I also ain't got an
Apple IIc, polio, or a falcon!"
-- Ray, Achewood 2006-11-22
Tony Godshall
2013-10-08 22:47:25 UTC
Permalink
Post by Teh Entar-Nick
Post by Tony Godshall
Post by Teh Entar-Nick
The "hostility to commerce" claim is absurd on its face, given that it
nearly always boils down to "But under these licences my competitors can
engage in commerce using the software!"
Re-read my comment. I'm saying the GPL is seen as anti-commerce, not
that it *is*, though there's no doubt in my mind its *author* can be
rather hostile to commerce.
That's an odd claim to make, given that RMS funded the FSF/GNU project
in the early days through sales of EMACS tapes. I'd say he's got more
sales under his belt than you probably do, tough guy.
Also I never talked about your relationship to the claim.
Fine, he's not hostile to commerce, he just uses terminology that
scares corporations.

T
Teh Entar-Nick
2013-10-08 22:58:20 UTC
Permalink
Post by Tony Godshall
Fine, he's not hostile to commerce, he just uses terminology that
scares corporations.
Well stop my beating heart. Can you imagine the NERVE of that guy?
--
Schrödinger's cat was an observer.
WAKE UP, SHEEPLE! Stop the silence!
Matt Palmer
2013-10-09 09:57:34 UTC
Permalink
Post by Tony Godshall
Fine, he's not hostile to commerce, he just uses terminology that
scares corporations.
Well, given that a significant number of corporations have been convicted of
acts which are hostile to commerce, I'd say that wraps it up nicely.

- Matt
--
I can only guess that the designer of the things had a major Toilet Duck
habit and had managed to score a couple of industrial-sized bottles of the
stuff the night before.
-- Tanuki
Teh Entar-Nick
2013-10-09 12:35:22 UTC
Permalink
Post by Matt Palmer
Post by Tony Godshall
Fine, he's not hostile to commerce, he just uses terminology that
scares corporations.
Well, given that a significant number of corporations have been
convicted of acts which are hostile to commerce, I'd say that wraps it
up nicely.
Indeed. The large corporations talk about the free market the way
aristocratic families talk about war: it's how their power was once
amassed, long ago, and thank fate we don't have to go through that again
just to live in the manner we are accustomed!
--
Though the great song return no more
There's keen delight in what we have:
The rattle of pebbles on the shore
Under the receding wave. -- W. B. Yeats
Rick Moen
2013-10-09 15:36:15 UTC
Permalink
Post by Tony Godshall
Fine, he's not hostile to commerce, he just uses terminology that
scares corporations.
It scares _stupid_ people at some corporations, but mostly scares
intelligent people at other corporations whose business model relies on
proprietary control and who fear competition.

To the former, I am sympathetic, as it is not nice to make fun of the
handicapped.

I would say to the latter, 'Yes, you're right, it doubtless sucks to be
on the pointy end of disruptive economic forces. Try going to the
legislature and pleading for special favours. That often works.'
Ruben Safir
2014-07-07 12:18:54 UTC
Permalink
Post by Rick Moen
Post by Tony Godshall
Fine, he's not hostile to commerce, he just uses terminology that
scares corporations.
It scares _stupid_ people at some corporations, but mostly scares
intelligent people at other corporations whose business model relies on
proprietary control and who fear competition.
To the former, I am sympathetic, as it is not nice to make fun of the
handicapped.
I would say to the latter, 'Yes, you're right, it doubtless sucks to be
on the pointy end of disruptive economic forces. Try going to the
legislature and pleading for special favours. That often works.'
It does in the health insurance business.
Post by Rick Moen
_______________________________________________
Do not Cc: anyone else on mail sent to this list. The list server is set for maximum one recipient.
linux-elitists mailing list
http://zgp.org/cgi-bin/mailman/listinfo/linux-elitists
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
Loading...