> respects freedoms and privacy of its users
It downloads the binary over http on http://ring.cx, makes it susceptible to tampering. Is serving binaries over HTTP a GNU thing because the expectation is that you would check the signature?
* Lack of full forward secrecy means logged network logs can be decrypted in the future if an endpoint key is ever compromised.
* e2e encryption is optional, due to legacy SIP support. This is extremely dangerous as it will no doubt lead to false sense of security, with users assuming they're safe just because Ring is the program they're talking through.
Due to these two I cannot actually recommend it to anyone.
Note that Tox got these two right, and is a pretty active project which gets commits semi-daily, regardless of the nonsense about it being dead that some party seems to be spreading.
Either way, I don't use SIP so that feature isn't a dealbreaker for me.
That needs user intervention, which implies his understanding of why it is necessary.
Here's a better idea, remove backwards compatibility. Perhaps they could release a separate SIP client under a different name. Just keep it away from Ring itself. Let Ring be actually secure.
Source repositories located at https://gerrit-ring.savoirfairelinux.com/#/admin/projects/ (Uses gerrit!)
https://www.silentcircle.com/products-and-solutions/technolo...
A more comparable thing to Signal is Matrix [1] and it's client Riot [2]. Theoretically, it has perfect forward secrecy. It's not as distributed as Ring is, but there is no centralized server as in Signal either.
Riot is also in F-Droid. So while not a GNU member, I find it sufficiently open and free.
A totally distributed approach with forward secrecy is Tox [3]. It needs a good code audit, though. And as in Ring, P2P causes data consumption issues in mobile.
[2] https://riot.im/
I can recommend pjsip though, very reliable so long as you read its docs before writing a script to leverage it.
And most mobile clients use pjsip, at least non-commercial ones (aside from popular sipdroid). I don't know what Bria uses but if I lose signal it slams my battery. Unfortunately it also works best for my commercial line.
Csipsimple is an android implementation of the pjsip library. Taki is another for BB10. They are both fairly reliable. I don't know any on iOS (sry).
Edit: You could also get the IPs of all the people trying to contact the target.
Remember GNU requires transferring rights to the FSF, which many aren't comfortable with.
I personally favor tox, because ec25519 and full forward secrecy. Also, not fond of SIP.
I heard tox needs a code review. Has its security been verified in any way?
P.S. I couldn't find any browseable source either, so I cloned their repo.
Some are happy to be associated with the opinion that all software should be free.
>in particular Richard Stallman's political opinions (e.g., eugenics)
Richard Stallman's opinions, outside of the realm of free software, are irrelevant in the context of the GNU project. Throwing out eugenics like that feels manipulative to me.
>restricts your technical decision-making options
The next few paragraphs will explain why what you see as restrictions aren't seen the same way from the perspective of GNU developers.
>limited plugin architecture
You are of course referring to exposing the AST of GCC to other (possibly proprietary) programs, which was a GCC-specific issue. It doesn't broadly apply to everything. I help maintain GNU Guix, a project designed from the ground up to be as extensible as possible, and there has been no such issue. Nor does GNU Emacs have an issue with extensibility.
>limited support for non-free OSes
I think this is distorting the truth a bit. The point is that the focus of the GNU project is to develop a fully free operating system, and maintainers should focus their efforts accordingly. That doesn't mean that GNU software shouldn't work well on other, proprietary operating systems, and maintainers shouldn't reject patches from contributors that add or improve such support unless it adds a significant burden. Bottom line is: GNU software should work the best on the GNU system, which seems sensible to me. The GNU maintainer guidelines go into more detail about this topic.
>mandatory support for things like GNUTLS
Software in the GNU project should work well with or use other software in the GNU system. Again, those that participate in the GNU project think this is positive, because GNU should form a cohesive whole, just like MacOS or Windows should.
>while not giving you very much in return
GNU and the FSF give Guix a place to host many Git repos, space for a website, several mailing lists, a bug tracker, they colocate our hardware in their datacenter, give us virtual machines on their own servers, handle donations, and promote our releases. I think it's a pretty great deal given the project is philosophically aligned with the free software movement.
>With the existence of GitHub and a wide variety of competitors
I wouldn't call GitHub a competitor. GitHub is just a code hosting site, GNU is a unified project with a political mission.
>What am I missing?
Hopefully I've helped answer this question.
But his entire point is that free software is a moral imperative, and that it is morally better to have no software at all than non-free software. How can you separate morality into parts?
And, if you do, where do you divide it? Are politics that affect what copyright laws may exist relevant? Are meta-politics like voting rights or styles of government or campaign finance relevant, if they affect how copyright laws get decided?
> the focus of the GNU project is to develop a fully free operating system, and maintainers should focus their efforts accordingly
Right. It seems to me that becoming a GNU project means that you are required to focus your efforts in certain ways. You are completely free to focus your efforts in those ways without being part of the GNU project, though. It simply restricts your options.
If you trust the GNU project to be better at you at finding the morally right thing to do, then it makes sense to ask GNU to restrict what you can do. As a churchgoer I totally understand why you might want to outsource your morality to a larger organization consisting of more people than you who think harder about things - but it matters a lot that you find the right organization, and that you can trust the people who run the organization to be making good moral choices in general. There are a number of churches where I do not, and I don't associate myself with them, no matter how much I agree with most of their views. Similarly, I find it hard to trust the future moral decision-making of someone who supports eugenics. If I support their current moral stances on free software (and, as it happens, I agree with the vast majority of what Stallman says about free software), I can always just adopt those stances as my own.
> I wouldn't call GitHub a competitor.
Sorry, that was unclear - I meant GitHub and GitHub's competitors (in case you philosophically disagree with GitHub). It gets you a lot of stuff self-service that years ago was much more easily had through affiliation with GNU, or Apache, or Red Hat, or someone else.
I concede that donations and marketing are things you get from GNU that you wouldn't get from GitHub etc. (Although I think many projects find that being on GitHub gives them visibility in a way that seems likely to make up for the lack of explicit marketing, depending on the project.)
I can't think of anything.
> and in particular Richard Stallman's political opinions (e.g., eugenics)
Utter nonsense. Being part of GNU doesn't imply agreeing with every word Stallman utters on any topic.
> restricts your technical decision-making options
Very real (see gcc and frontend/backend separation) and a very good reason to stay away.
Did you just miss davexunit post?
Of course it doesn't. But associating yourself with GNU is, very straightforwardly, associating yourself with Stallman. What is the advantage of doing so?
If there is such an advantage, then yeah, I think it's totally fair to dissociate yourself from his political views. But it seems to me like joining GNU is solely a political statement and a sign of agreement with Stallman's views on morality (since he frames free software / computing freedom as a moral issue). I don't know why anyone would want to make that statement unless they actually want to be associated with his political and moral views. That's all I'm asking. Is there another reason to associate yourself with GNU?
Some believe that's not necessary a bad thing.
"A new noninvasive test for Down's syndrome will eliminate the small risk of the current test.
"This might lead more women to get tested, and abort fetuses that have Down's syndrome. Let's hope so! It is very wrong to intentionally subject a person to life with a serious disability, given the option to abort and try again."
