Mise à jour de la base de données, veuillez patienter...

Dédicaces à la foire du livre de Bruxelles ce samedi 1ᵉʳ avril

Ce samedi 1ᵉʳ avril, je dédicacerai mon roman et mon recueil de nouvelles à la foire du livre de Bruxelles.

Bon, dit comme ça, c’est pas très rigolo comme poisson d’avril, mais là où c’est plus marrant c’est que je serai sur le stand du Livre Suisse (stand 334). Ben oui, un Belge qui fait semblant d’être suisse pour pouvoir dédicacer à Bruxelles, c’est le genre de brol typique de mon pays. Bon, après, je vais sans doute être démasqué quand je sortirai ma tablette de « vrai » chocolat (belge !)

Y a des blagues, comme disait Coluche, où c’est plus rigolo quand c’est un Suisse…

Bref, rendez-vous de 13h30 à 15h et de 17h à 18h30 au stand 334 (Livre Suisse) dans la Gare Maritime. C’est toujours un plaisir pour moi de rencontrer des lecteurices qui me suivent parfois depuis des années. Ça va être tout bon !

• Ploum dans le programme de la Foire du Livre de Bruxelles

De l’importance de comprendre ce qu’est une licence

On entend souvent que les programmes informatiques ou les œuvres en ligne sont publiées sous une licence. Qu’est-ce que cela signifie ? Et en quoi est-ce important ?

Pour simplifier, dans nos sociétés, tout échange se fait suivant un contrat. Ce contrat peut être implicite, mais il existe. Si j’achète une pomme au marché, le contrat implicite est qu’après avoir payé, je reçois ma pomme et je peux en faire ce que je veux.

Pour les biens matériels dits « rivaux », le contrat de vente implique souvent un transfert de la propriété du bien. Mais il y’a parfois d’autres clauses au contrat. Comme les garanties.

Là où les choses se corsent, c’est lorsque le bien échangé est dit « non-rival ». C’est-à-dire que le bien peut être copié ou acheté plusieurs fois sans impact pour les acheteurs. Dans le cas qui nous concerne, on parle typiquement d’un logiciel ou d’une œuvre numérique (film, livre, musique …). Il est évident que l’achat numérique ne nous donne aucune propriété sur l’œuvre.

Il faut signaler que, pendant longtemps, la non-rivalité des biens comme les musiques, les livres ou les films a été camouflée par le fait que le support, lui, était un bien rival. Si j’achète un livre papier, j’en suis propriétaire. Mais je n’ai pas pour autant les droits sur le contenu ! Les supports numériques et Internet ont dissipé cette confusion entre l’œuvre et le support.

Pour réguler tout cela, l’achat d’une œuvre numérique ou d’un programme informatique est, comme tout achat, soumis à un contrat, contrat qui stipule les droits et les obligations exactes que l’acheteur va recevoir. La licence n’est jamais qu’un contrat type, une sorte de modèle de contrat standard. Ce contrat, et une bonne partie de notre société, se base sur la présupposition que, tout comme un bien rival, un bien non-rival se doit d’avoir un propriétaire. C’est bien entendu arbitraire et je vous invite à questionner ce principe un peu trop souvent admis comme une loi naturelle.

Il est important de signaler que chaque transaction vient avec son propre contrat. Il est possible de donner des droits à un acheteur et pas à un autre. C’est d’ailleurs ce principe qui permet la pratique de « double licence » (ou dual-licensing).

Droits et obligations définis par la licence

Dans notre société, toute œuvre est, par défaut, sous la licence du copyright. C’est-à-dire que l’acheteur ne peut rien faire d’autre que consulter l’œuvre et l’utiliser à des fins personnelles. Tout autre utilisation, partage, modification est bannie par défaut.

À l’opposé, il existe le domaine public. Les œuvres dans le domaine public ne sont associées à aucun droit particulier : chacun peut les utiliser, modifier et redistribuer à sa guise.

L’une des escroqueries intellectuelles majeures des absolutistes du copyright est d’avoir réussi à nous faire croire qu’il n’y avait pas d’alternatives entre ces deux extrêmes. Tout comme on est soit propriétaire de la pomme, soit on n’en est pas propriétaire, la fiction veut qu’on soit soit propriétaire d’une œuvre (détenteur du copyright), soit rien du tout, juste bon à regarder. C’est bien entendu faux.

Si la licence est un mur d’obligations auxquelles doit se soumettre l’acheteur, il est possible de n’en prendre que certaines briques. Par exemple, on peut donner tous les droits à l’utilisateur sauf celui de s’approprier la paternité d’une œuvre. Les licences BSD, MIT ou Creative Commons By, par exemple, requièrent de citer l’auteur original. Mais on peut toujours modifier et redistribuer.

La licence CC By-ND, elle, oblige à citer l’auteur, mais ne permet pas de modifications. On peut redistribuer une telle œuvre.

Un point important c’est que lorsqu’on redistribue une œuvre existante, on peut modifier la licence, mais seulement si on rajoute des contraintes, des briques. J’ai donc le droit de prendre une œuvre sous licence CC By, de la modifier puis de la redistribuer sous CC By-ND. Par contre, je ne peux évidemment pas retirer des briques et faire l’inverse. Dans toute redistribution, la nouvelle licence doit être soit équivalente, soit plus restrictive.

Le problème de cette approche, c’est que tout va finir par se restreindre vu qu’on ne peut que restreindre les droits des utilisateurs ! C’est d’ailleurs ce qui se passe dans des grandes entreprises comme Google, Facebook ou Apple qui utilisent des milliers de programmes open source gratuits et les transforment en programmes propriétaires. Un véritable pillage du patrimoine open source !

Le copyleft ou interdiction de rajouter des briques

C’est là que l’idée de Richard Stallman tient du génie : en inventant la licence GPL, Richard Stallman a en effet inventé la brique « interdiction de rajouter d’autres briques ». Vous pouvez modifier et redistribuer un logiciel sous licence GPL. Mais la modification doit être également sous GPL.

C’est également l’idée de la clause Share-Alike des Creative Commons. Une œuvre publiée sous licence CC By-SA (comme le sont mes livres aux éditions PVH) peut être modifiée, redistribuée et même revendue. À condition d’être toujours sous une licence CC By-SA ou équivalente.

Par ironie, on désigne par « copyleft » les licences qui empêchent de rajouter des briques et donc de privatiser des ressources. Elles ont souvent été présentées comme « contaminantes » voire comme des « cancers » par Microsoft, Apple, Google ou Facebook. Ces entreprises se présentent désormais comme des grands défenseurs de l’open source. Mais elles luttent de toutes leurs forces contre le copyleft et contre l’adoption de ces licences dans le monde de l’open source. L’idée est de prétendre aux développeurs open source que si leur logiciel peut être privatisé, alors elles, grands princes, pourront l’utiliser et, éventuellement, très éventuellement, engager le développeur ou lui payer quelques cacahouètes.

La réalité est bien sûr aussi évidente qu’elle en a l’air : tant qu’elles peuvent ajouter des briques privatrices aux licences, ces monopoles peuvent continuer l’exploitation du bien commun que représentent les logiciels open source. Elles peuvent bénéficier d’une impressionnante quantité de travail gratuit ou très bon marché.

Le fait que ces monopoles morbides puissent continuer cette exploitation et soient même acclamés par les développeurs exploités illustre l’importance fondamentale de comprendre ce qu’est réellement une licence et des implications du choix d’une licence plutôt qu’une autre.

Losing Signal

Warning to my friends : Until further notice, consider I’m not receiving your Signal messages.

Update on March 13th: I’ve managed to get back on signal by installing a beta version. The bug was acknoweledged by the developers and fixed promptly. Which is nice! My reflections on using centralized services still apply. I should consider this as a free warning who should prompt me to get back on XMPP or to investigate Matrix. But I’m really happy to know that, for the time being, Signal is still caring about non-Google users.

Signal, the messaging system, published a blog post on how we were all different and they were trying to adapt to those differences. Signal was for everyone, told the title. Ironically, that very same day, I’ve lost access to my signal account. We are all different, they said. Except myself.

• Signal is for everyone (except me)

What is this difference? I’m not sure but it seems that not having a standard Android phone with Google Play services play a huge part.

How I lost access

I’m using an Hisense A5 Android phone. This is one of the very rare phones on the market with an eink screen. While this is not recommended for most users, I like my eink phone: I only need to charge it weekly, it’s not distracting, I don’t want to use it most of the time. I feel that coloured screens are very aggressive and stressful.

The Hisense A5 comes with proprietary crapware in Chinese and without Google Play Services. That’s fine for me. I don’t want Google services anyway and I’m happy with installing what I need from Aurora store and F-Droid. For the last three years, it worked for me (with some quirks, of course). Signal worked fine except for notifications that were sometimes delayed. I considered that as a feature: my phone is in do not disturb all the time, I don’t want to be interrupted.

On March 7th, I made a backup of my Signal messages and removed the application temporarily as I wanted to quickly try some open source alternatives (signal-foss and molly). Those didn’t work, so I reinstalled Signal and asked to restore the backup.

Signal asked for my phone number, warned me that I had no Google Play Services then re-asked for my number then re-warned me. Then asked me to prove that I was a human by solving a captcha.

I hate captcha. I consider the premises of captcha completely broken, stupid and an insult to all the people with disabilities. But those were the worst I had ever seen. I was asked to look on microscopic blurry pictures, obviously generated by AI, and to select only "fast cars" or "cows in their natural habitat" or "t-shirt for dogs" or "people playing soccer".

Now, I’ve a question for you. Is a car looking like an old Saab fast enough? While a cow on the beach is probably not in its natural habitat, what about a cow between two trees? What if the t-shirts are not "for" dogs but with dogs on them. And what if the drawing on the t-shirt is a mix between a dog and a cat? What if there’s a player holding a golf club but hitting a soccer ball? Even with a colour screen, I’m not sure I could answer those. So imagine on an eink one…

Signal is for everyone but you need to answer those idiocy first. It should be noted that I have a very good eyesight. I cannot imagine those with even minor disabilities.

Of course I did try to solve the captcha. But, after each try, I was sent back to the "enter your phone number" step, followed by "no Google services warning" then… "too many attempts for this number, please wait for four hours before retrying".

I have no idea if my answers were bad or if there’s a bug where the captcha assumes Google Play Services. I’ve tried with the APK official version and the Google Play Store version (through Aurora), they all fail similarly. In three days, I’ve managed twice to pass the captcha and receive an SMS with a confirmation code. But, both times, the code was rejected, which is incomprehensible. Also, I learned that I could only read the code from the notification because opening the SMS app reinitialised Signal to the "enter your number" step, before the captcha.

Centralisation is about rejection of differences

What is interesting with corporatish marketing blog posts is how they usually say the exact opposite of what they mean. Signal blog post about differences is exactly that. They acknowledge the fact that there’s no way a single centralised authority could account for all the differences in the world. Then proceed to say they will do.

There’s only one way for a centralised service to become universal: impose your vision as a new universal standard. Create a new norm and threat every divergence as a dangerous dissidence. That’s what Facebook and Google did, on purpose. Pretending to embrace differences is only a way to reject the differences you don’t explicitly agree.

Interestingly, Signal is only realising now that they have no choice but do the same. At first, Signal was only a niche. A centralised niche is not a real problem because, by definition, your users share a common background. You adapt to them. But as soon as you outgrew your initial niche, you are forced to become the villain you fought earlier.

Moxie Marlinspike, Signal’s founder, is a brilliant cryptographer. Because he was a cryptographer, he did what he found interesting. He completely rejected any idea of federation/decentralisation because it was not interesting for him. Because he thought he could solve the problems of world with cryptography only ("when you have a hammer…").

He now must face that his decision has led to a situation where the world-freeing tool he built is publishing facebookish blog post about "differences" while locking out users who do not comply with his norm.

Like Larry Page and Serguei Brin before him, Moxie Marlinspike built the oppression tool he was initially trying to fight (we have to credit Bill Gates, Steve Jobs and Mark Zuckerberg for being creepy psycho craving for power and money since the beginning. At least, they didn’t betray anything and kept following their own ideals).

That’s the reason why email is still the only universal Internet communication tool. Why, despites its hurdles, federation is a thing. Because there is no way to understand let alone accept all variations. There’s a world of difference between Gmail interface and Neomutt. Yet, one allows you to communicate with someone using the other. Centralisation is, by its very definition, finding the minority and telling them "you don’t count". "Follow the norms we impose or disappear!"

It is really about Google’s services after all…

One problem I have with my Hisense A5 is that my banking application doesn’t work on it, expecting Google Play Services.

To solve that issue, I keep in a drawer an old Android phone without sim card, with a cracked screen, a faulty charging port and a bad battery. When the bills-to-pay stack grows too much, I plug that phone in the charger, fiddle with it until the phone start, launch the banking app, pay the bills, put that phone back in the drawer.

After fiddling for two days with Signal on my eink phone, I decided to try on that old phone. I installed Signal, asked to connect to my account. There was no captcha, no hassle. I immediately received the SMS with the code (on the Hisense eink phone) and could connect to my Signal account (losing all my history as I didn’t transfer the backup).

At least, that will allow me to answer my contact that they should not contact me on Signal anymore. UPDATE: signal account was unexpectedly disconnected, telling me signal was used on another phone.

Signal automatically trusted a phone without sim card because it was somewhat connected to Google. But cannot trust a phone where it has been installed for the last three years and which is connected to the related phone number. Signal vision of the world can thus be summarised as: "We fight for your privacy as long as you agree to be spied on by Google."

Centralisation is about losing hope

One thing I’ve learned about centralised Internet services is that you can abandon all hopes of being helped.

There’s no way Signal support could help me or answer me. The problem is deep into their belief, into the model of the world they maintain. They want to promote differences as long as those differences are split between Apple and Google. They probably have no power to make an exception for an account. They could only tell me that "my phone is not supported". To solve my problem, they should probably reconsider how the whole application is built.

Technically, this specific problem is new. Three years ago, I had no problem installing Signal on my phone and no captcha to solve. But once you sign up for a centralised service, you are tied for all the future problems. That’s the deal. I was similarly locked out from my Whatsapp account because I didn’t accept a new contract then forgot to open the app for several months (I was disconnected at the time ).

• Le suicide de mon compte Whatsapp

That’s what I like so much about federated protocols (email, fediverse). I can choose a provider where I know I will have someone in front of me in case I have a problem. Either because I’m a customer paying the expensive tiers for quick support (Protonmail) or because I trust the philosophy and donate appropriately (my Mastodon server is hosted by La Quadrature du Net, I trust that team). I also know that I can easily migrate to another provider as soon as I want (considering mailbox.org instead of protonmail).

As a chat tool, Signal is better than many other. But it’s centralised. And, sooner or later, a centralised service faces you with a choice: either you comply with a rule you don’t agree, either you lose everything.

With every centralised service, the question is not if it will ever happen. The question is "when".

Either you conform to the norm, either you are too different to have your existence acknowledges.

That’s also why I’ve always fought for the right to differences, why I’ve always been utterly frightened by "normalisation". Because I know nobody is immune. Think about it: I’m a white male, cis-gendered, married with children, with a good education, a good situation and no trauma, no disability. I’m mostly playing life with the "easy" setting.

I’m sure lots of reaction to this post will be about how I made mistakes by "trying signal-foss" or by "using a completely weird and non-standard phone".

That’s exactly the point I’m trying to prove.

I’ve suddenly been excluded from all the conversations with my friends because I very slightly but unacceptably deviated from the norm.

Because, three years ago, I thought having a black and white screen on my own phone was more comfortable for my eyes.

About Bluesky and Decentralisation

Jack Dorsey, Twitter co-founder, is trying to launch Bluesky, a "decentralised Twitter" and people are wondering how it compares to Mastodon.

I remember when Jack started to speak about "project bluesky" on Twitter, years ago. ActivityPub was a lot more niche and he ignored any message related to it. It definitely looked like a NIH syndrome as he could, at least, have started to discuss ActivityPub pros and cons. I was myself heavily invested in decentralised protocols (from blockchain to ActivityPub). It was my job to keep an eye on everything decentralised and really tried to understand what BlueSky was about.

My feeling was, in the end, clear: Jack Dorsey wanted a "decentralised protocol" on which he had full power (aka "VC-style decentralisation" or "permissioned-blockchains").

You have to keep in mind that those successful in the Silicon Valley know only one kind of thinking: raise money, get users, sell off. They can’t grasp decentralisation other than as a nice marketing term to add to their product (and, as Ripple demonstrated during the Cryptobubble, they are completely right when it comes to making tons of money with shitty tech which pretends to be decentralised while not being it at all).

To my knowledge, acknowledgement of ActivityPub existence by BlueSky came very late after the huge Mastodon burst caused by Elon Musk buying Twitter from Jack Dorsey. It’s more a "oh shit, we are not the first" kind of reaction.

But even without that history, it’s important to note that you don’t simply design a decentralised protocol behind closed doors then expect everybody to adopt it. You need to be transparent, to discuss in the open. People need to know who is in charge and why. They also need to know every single decision. Decentralisation cannot be done without being perfectly free and open source. That’s the very point of it.

If we don’t want to consider the hypothesis that "bluesky decentralisation" is simply cynical marketing fluff, I think we can safely assume that Jack Dorsey has hit his mental glass ceiling. He doesn’t get decentralisation. He doesn’t have the mental model to get it. He will probably never get it (he became a billionaire by "not getting it" so there’s no reason for him to change). The whole project is simply a billionaire throwing money at a few developers telling him what he expects to hear in order to get pay. A very-rich-man’s hobby.

There’s no need to analyse the protocol or make guess about the future. It’s a closed source beta application with invite-only membership. It is not decentralised. It cannot be decentralised.

• Discussion on Hacker-News

We need to talk about your Github addiction

Listen my fellow geeks in code, we need to have a serious conversation about Github.

At first, Github was only a convenient way to host a git repository and to collaborate with others. But, as always with monopolies, once you are trapped by convenience and the network effect, the shitification process starts to try to get as much money and data from you.

First of all, let’s remember that Github is a fully proprietary service. Using it to host the development of a free software makes no sense if you value freedom. It is not like we don’t have many alternatives available (sourcehut, codeberg, gitlab, etc). It should be noted that those alternatives usually offer a better workflow and a better git integration than Github. They usually make more sense but, I agree, it might be hard to change ten years of suboptimal habits imposed by the github workflow.

One thing that always annoyed me with Github is the "fun factor". Emojis appearing automatically in messages I’m trying to post, intrusive notifications about badges and followers I earned. Annoying, to say the least. (Am I the only one using ":" in a sentence without willing to make an emoji?)

But I discovered that Github is now pushing it even more in that direction: a feed full of random projects and people I don’t care about, notifications to get me to "discover" new projects and "follow" new persons. They don’t even try to pretend to be a professional platform anymore. It’s a pure attention-grabbing personal data extorting social networks. To add insult to injury, we now know that everything published on Github is mostly there to serve as training data for Microsoft AI engines.

Developers are now raw meat encouraged to get stars, followers and commit counters, doing the most stupid things in the most appealing way to get… visibility! Yeah! Engagement! Followers! Audience!

Good code is written when people are focused, thinking hard about a problem while having the time to grasp the big picture. Modern Github seems to be purposely built as a tool to avoid people thinking about what they do and discourage them from writing anything but a new JavaScript framework.

There’s no way I can morally keep an account on Github. I’ve migrated all of my own projects to Sourcehut (where I’ve a paid account) or to my university self-hosted gitlab.

But there are so many projects I care about still on Github. So many important free software. So many small projects where I might send an occasional bug report or even a patch. For the anecdote, on at least two different occasions, I didn’t send a patch I crafted for small projects because I didn’t know how to send it by mail and was not in the mood to deal with the Github workflow at that particular time.

By keeping your project on Github, you are encouraging new developers to sign up there, to create their own project there. Most importantly, you support the idea that all geeks/developers are somehow on Github, that it is a badge of pride to be there.

If you care about only one of software freedom, privacy, focus, sane market without monopoly or if you simply believe we don’t need even more bullshit in our lives, you should move your projects out of Github and advocate a similar migration to projects you care about. Thanks to git decentralisation, you could even provide an alternative/backup while keeping github for a while.

If you don’t have any idea where to go, that should be a red light in your brain about monopoly abuses. If you are a professional developer and using anything other than Github seems hard, it should be a triple red light warning.

And I’m not saying that because grumpy-old-beard-me wants to escape those instagramesque emojis. Well, not only that but, indeed, I don’t wanna know the next innovative engagement-fostering feature. Thanks.

The best time to leave Github was before it was acquired by Microsoft. The second-best time is now. Sooner or later, you will be forced out of Github like we, oldies, were forced out of Sourceforge. Better leaving while you are free to do it on your own terms…