[elago]

"the whole IoT thing" was ever Stallman's responsibility to stop in the first place?

he wants to champion free software, not every just cause under the sun.

IoT devices shipping with insecure configurations is a "failure" of an infosec champion/thought-leader to step up and save us.

On the free software front, RMS contribution are mind blowing to me. I'd be proud if I can ever contribute a fraction of what he did.

[astrodust]

The contributions of the GNU team are considerable. RMS in particular? Eh.

The IoT thing was a perfect opportunity to step in, step up, and show some leadership. Billions of devices owned by tens or hundreds of millions of people, all running open-source software!

Instead we get this miserable hell because of his laser focus on licensing instead of responsible software.

Infosec, to their credit, were raising alarm bells from the beginning but nobody had to listen to them because they don't control anything.

GNU, however, does. If they'd extended GPL to include provisions for ensuring that the GPL software on it can be updated in a timely and secure manner, life would be a lot better for people.

[mindB]

Isn't that exactly what v3 of the GPL does?

[astrodust]

That just prevents the vendor from locking down the software. It doesn't force them to update it in a timely manner.

[pxc]

And if the software weren't locked down, anyone (users, communities, other vendors) could step in to provide such updates. That's not some hypothetical, either— compare the rates of OS updates in projects like LineageOS to to the distributions of Android shipped with most phones. If vendors couldn't TiVo-ize, there would absolutely be communities and downstream vendors stepping in to provide devices with regular updates. Because the devices are locked down, that can't happen.

And what do you expect the FSF to do? Out-lobby consumer electronics manufacturers to pass laws requiring some kind of security update guarantee? Even if they succeeded, could we call the result empowerment? Getting out from under the thumb of the manufacturer and actually _owning_ the things you own is the point, not the theoretical promise of recourse if the party which practically retains all of their power over you can be proven in court to have misbehaved, only after the abuse has taken place.

This is absolutely the same fight, and if anything the approach you're arguing for is more conciliatory, not more ‘relevant’.

[astrodust]

Theoretically being able to update your device and actually being able to update your device are two different things.

There's going to be a billion variants on every little IoT device in the future and all the best intentions and enthusiasm on the part of the free software community will not be enough to provide patches to all of them.

This is something that's the responsibility of the vendor, and the GNU software license could make that a requirement for using the software.

It's not about laws, it's about licensing. If they don't like the license they're free to use someone else's software.

Having inexpensive operating system software you can dump on a cheap device without license fees is both a great thing, and also what got us into this IoT hot mess.

[jolmg]

Force them? It's a license. People use them to grant rights not give themselves obligations.