High priority projects
These are my concrete HPP suggestions for consideration by the :fsf and HPP committee after the call for input. After LibrePlanet 2015, When I have some time, these suggestions will be broken into chunks and stored as separate pages under :specification
Notes
Personal shortlist
- Top priority (all): Coalition
- Top priority (software): Free Debian
- Runner-up (software): Browser-integrated password manager
- Top priority (non-software): Freedom badge
- Runner-up (non-software): "Worse than X" comparison matrix
Software summary
A TLDR list of all software suggestions (scroll waaay down for details):
- decentralized internet infrastructure (candidates: GNUnet, okTurtles, others)
- password double whammy:
- browser-integrated password manager (replace LastPass, candidates: encryptr, passwordstore, others: all lack full integration)
- reduce online passwords (combined OpenID Connect and BrowserID library, encourage adoption of same)
- essential browser safety (combine HTTPS Everywhere, LibreJS, NoScript, Request Policy, and others?)
- safe and convenient email client (candidates: Mailpile)
- safe searching (candidates: YaCy)
- security watchlist (identify, fund, and audit regularly)
Non-software
For a short time at least, FSF could prioritise some non-software projects. Mainly to tackle the coordination and people problems in the free software community.
Coalition
There are a number of non-software projects outside the FSF targeting well-known subproblems in the free software community (for example, Ada Initiative and OpenHatch). FSF could form a coalition with these groups, perhaps uniting under the existing :libreplanet banner, and:
- rely on each other for focus on particular subproblems (avoid duplicating effort, rely on specialised experience)
- mutually publish, commit to and endorse common community standards
- provide active support so that software HPPs specifically can apply those standards
- More detail...
Freedom badge
Assessing freedom can be tricky for a potential user. Badges are a popular way to display project details (example 1, example 2). Thus, :fsf could host a badge service for software projects who want to confirm their freedom:
- collaborative / peer-review assessment (building on existing volunteer efforts at :fsd)
- minimum standard is fully free code
- requirements may be updated annually (to remain robust)
- More detail...
Free Debian
This is a well-established and well-maintained software project - the issue to resolve is one of coordination and cooperation. Help Debian do whatever is required to finally get fully endorsed (this includes defining exactly what steps would be required). The result would be a practical, already-popular, well-maintained free OS. For notes on tackling the (afaik) final hurdle, see :debian:non-free
(Which is not to say I wouldn't like to hear more from :gnu:guix or other free OSes -- I just think resolving this issue would be a huge boon and thus should be a high priority.)
Endorse "free upstreams" and "free platforms"
Drawing on general principles from the "Free Debian" initiative above, could FSF define, endorse and encourage "free upstreams" and "free platforms" as follows:
- A free upstream would be a fully-free and fully-functional software package, acknowledged as such even if the parent organisation used it as a foundation for a less-free derivative. For example, imagine Ice Cat was the upstream of Firefox, not an after-the-fact remove-the-blobs effort.
- A free downstream would describe Ice Cat as it is today.
- A free platform would be a free software package or repository (aka store) that provides built-in links only to servers offering exclusively free software extensions. For example, F-Droid, or an ideal version of AMO that included only free add-ons.
- Rationale and examples...
Community engagement
FSF is sometimes perceived as overly strict, even though it is very friendly. Perhaps all advocacy organisations suffer from this? Is it a bug? Can we fix it?
Rebranding
Call it "liberty software" instead, and add the tagline "born in the USA". I'm thinking promotional photos of RMS sitting on a Harley sporting a "Run free" tattoo, with an eagle flying overhead and a CC BY-SA electric guitar solo. Ok, jokes aside...
Simpler landing site (plus examples closer to home)
Have a top-level domain campaign site devoted to a friendly, easily digestable, highly visual introduction to software freedom. Include concrete examples of software unfreedom. Keep them short, simple and close to home...
- Start with one or two common, identifiable examples of unfreedom (home electronics and business)
- Examples: What is Creative Commons? (note video), Ubuntu for business (information design, quality & polish), Intro to Snowdrift.coop (visual, accessible)
- The content of Free software is even more important now is accessible, relevant and could be adapted to a visual style
- The User liberation video is a great introduction to FSF itself, but (imho) too abstract for a home user wondering "why shouldn't I be using Skype?"
- Link from there to the FSF proper and appropriate pages / subsites, and from there people can read more in-depth essays, browse campaigns, etc
What's stopping you?
Create a campaign subsite / page asking users what is stopping them from switching to free software.
- Include fields for demographics (profession, business type, current level of study, nationality)
- Optional: run target query campaigns (e.g. April is small business month, May is local government, June is national government, July is first-year tertiary students)
- Release results for public analysis? This suggestion is to reduce burden on FSF for analysis.
- Presumably common wisdom will emerge (e.g. math professors might report that GNU Octave is missing core teaching features and/or that MATLAB doesn't run on GNU/Linux, so this stops tertiary maths departments from switching application and/or OS)
Who free software is not...
Create a campaign subsite / page calling for pro-social behaviour by free software advocates and developers. Call out negative, anti-social examples and provide positive counter-examples:
- quibbles over the best distro (how to identify and respect differences in non-core values)
- jerks who won't help you flesh out a bug report (how to help newbies, well-maintained how-to links you can send them to, and how to direct them there politely)
- anti-commercial and anti-advertising advocates (see differences in non-core values above, also how to use free software in your cause, but not confuse the issue)
- small projects with defensive "fork it and fix it yourself" responses (how to appropriately communicate that users should expect minimal or no support, that contributions are welcome/needed, and what alternatives exist if this project doesn't meet a potential user's needs)
- aggressive loudmouths in general (how to advocate effectively rather than alienating others)
- ...some of these attitudes are strongly associated with users and contributors to free software, but free software is not them
HPP presentation
These are suggestions about presenting information about HPPs.
Focus page
As well as listing all the HPPs, each HPP should have its own page or mini-website. This could include:
- statement of goal (e.g. "Free replacement for Matlab", "Loyal email service", "Code of conduct for all GNU projects")
- problem type (replacing proprietary software, privacy invading software, DRM software, no such software, community issue, leadership issue, other)
- for replacements, statement of problem beyond the problem type (e.g. explain Matlab use case, what it offers its users, what positive reputation it has)
- for no such software, statement of the real-world use case(s)
- for people problems, statement of the problem with data to back it up
- solution criteria
- what would a candidate solution look like (core functionality provided, antifeatures to be fixed, non-core functionality that could be provided)
- name champion / leader / maintainer of the solution criteria (individuals or teams)
- links to fsf-hosted resources for high-level discussion (mailing list and/or LibrePlanet wiki page)
- minimum criteria should always include gold :fsf:hpp:badge and/or :fsd listing, friendly onboarding, and meeting other :fsf:hpp:coalition guidelines (or actively working towards these)
- highlight preferred existing solution, if any (e.g. GNU Octave and its features, a particular code of conduct, a particular manifesto)
- name champions / leaders / maintainers of the solution itself (individuals or teams)
- DONATE and CONTRIBUTING buttons
- list work that needs to be done (e.g. missing features, target dates)
- links for those that can roll up their sleeves and get to work (code repo, blog, wiki, mailing list, etc)
- software must be listed on :fsd
- list any non-preferred existing solutions (if any, even if there is a preferred solution)
- there may be no preferred solution because no existing solution meets the minimum criteria (yet)
- the selection of a preferred solution would be at the :fsf (or coalition's) discretion
- PRISM-Break-ish page for multiple candidates? e.g. Disk Encryption (page on PRISM Break)
Annual report
Every preferred solution should commit to an annual report (at least) containing:
- goals set and progress achieved
- funding received (and how it was spent)
- project health (self-assessment)
- project metrics (:openhub -like) but include human interpretation
- see http://flosscommunitymetrics.org ? what do they mean by "community"?
- opportunity for user community to respond via blog posts and such
- where there is no preferred solution (or even if there is), the criterion champion can report on news in the field
"Worse than X" comparison matrix
A body of criticism stems from free replacements that lack or poorly implement features found in proprietary software. Create a site the honestly crowdsources and highlights these deficiencies. Basically a comparitive feature matrix. Perhaps start with HPP software and the software they replace. Also allows us to note when a "feature" is an antifeature (support for a proprietary format or protocol, unloyal tracking, DRM, etc), highlight antifeatures, and provide clear goals for replacement projects.
"Call to implement X" bullhorn
Where a practical, fully featured replacement exists, provide a mechanism for free software users to collectively request that a specific provider make the switch or at least offer the free replacement as an option. For example, using <video> tags and free video formats instead of Flash. Maybe a change-dot-org-ish site for fee-paying members to petition a particular developer/website to include support. Or just practical advice that would include using change.org to make the request. The point is to make mass, targeted appeals e.g. "YouTube please stop using Flash" rather than "all video sharing sites should be AGPL and use ogg in video tags". (Issue to address: how to make the appeal from the userbase meaningful? e.g. safe from sockpuppets - only registered FSF / coalition members can vote? rely on existing platforms like change.org / thunderclap (but are these free)?)
HPP submissions
Provide a mechanism for making software and non-software suggestions for HPPs. But also publish already-known suggestions and commonly-rejected ones (including reasons why rejected, e.g. can't "Make free replacement supporting Skype protocol", see "Skype protocol replacement" instead).
Software priorities
Decentralized internet infrastructure
Internet infrastructure remains centralized and unsafe. While applications like Tor work around some of these problems, a deeper, infrastructure-level solution is required.
Candidates
- :gnunet offers a compelling alternative to DNS (.gnu)
- additionally, offers a safer filesharing alterative to BitTorrent
- okTurtles + DNSChain offers an alternative to :https
- See also:
- okTurtles comments on other alternatives: http://okturtles.com/#oktvs
- Anonymizing networks (PRISM Break)
Browser-integrated password manager
Password management is increasingly essential for users on the web, and proprietary options such as :lastpass are frequently recommended because they offer both security and convenience, even though they could be treacherous. There is currently no coherent and compelling free replacement in this category.
Features for such a replacement would be:
- (obvious but critical) end-to-end encryption in all scenarios
- tight integration with Firefox, Chromium and libre forks (must match :lastpass for convenience)
- auto & optional fill for username/password/additional fields
- autocapture new/changed username/password/additional fields
- password generation
- system agnostic password storage
- offline access
- remote backup/restore
- manually portable
- (nice to have) integration with mobile browsers / applications (the :mobile:replicant scenario)
- (nice to have) desktop integration (must match :gnome:keyring and/or KWallet for integration/convenience)
- (nice to have) import from common sources (browser, :lastpass, :keepassx)
Following the do one thing well philopsophy, features such as browser integration and remote backup may well be handle separately from a core library. But adoption by end-users won't follow until a full solution, integrated with common use-cases is offered.
Candidates
- :encryptr provides fully free, zero-knowledge remote hosting (lacks integration features, possibly by design)
- :gnome:keyring is well established and already offers desktop and application (PGP) integration
- has existing feature-specific side projects (but young?)
- :keepassx is a well-regarded password store but does not have a plugin architecture
- supports KeePass 1.x format and (soon) KeePass 2.x also
- KeePass also runs on GNU/Linux but is a Mono-based (subset of :microsoft:dotnet recently released under free license but not sure yet what this means)
- :passwordstore follows a strict "do one thing well" philosophy, and has existing feature-specific side projects, but all are young
- See also: Password managers (PRISM Break)
Reduce online passwords
The need for online password management is not going away, but a coordinated effort to reduce it would help. The best offerings for semi-centralised authentication currently are: BrowserID (requires email address, limited knowledge of user beyond that), OpenID Connect (requires URL, more knowledge of user available, depending on host), key-based authentication (no common browser-based implementation that I know of, obvious identity concerns).
A well-maintained server-side library for handling and offering all options would ease adoption, followed by wrappers for integrating into major languages / web frameworks. Alternatively, well-documented steps for implementating providers and consumers of both.
Finally, tight and secure integration of an agnostic login prompt for browsers and/or password managers, eliminating the need for browser-based logins. (Obvious due diligence on desktop security required.)
Essential browser safety
The following browser add-ons provide missing browser safety: HTTPS Everywhere, LibreJS, NoScript and Request Policy. (These are for Firefox. Equivalents for other browsers exist to varying degrees.) Their functionality and implementation is similar: they block URL-based requests at different layers of the browser fetch/render cycle, using local rules, optional heuristic rules (e.g. same domain) and community-managed lists of the same.
We could separate rules-and-list maintenance from the layer-specific blocking. In this way, there is a central location (or at least a schema shared by multiple locations) for updating safety rules that can be used by all these add-ons, and others besides. (For example, Privacy Badger may retrieve rules in addition to built-in intelligence, Ad Block Edge may maintain an ad-specific list, or LibreJS may host a freedom-specific list. But every add-on could use a common list for popular sites/criteria.)
See also:
- Solving the Panopticlick problem would be nice (shared browser signature for all libre browsers?)
- Web browser add-ons (PRISM Break)
Safe and convenient email client
No email client is currently both safe and convenient. Can we change that?
Candidates:
- Mailpile (mailpile.is) promises a self-hosted browser-based client supporting end-to-end encryption (work in progress)
- See also: Email accounts, Email alternatives (PRISM Break)
Safe searching
In pursuit of safe searching end-users are encouraged to use search engines like DuckDuckGo who take an admirable stance, but are still open to treachery.
Candidates:
- :yacy offers fully decentralized searching (but needs enhancement to be a compelling replacement)
- See also: Web search (PRISM Break)
Security watch
In 2014 there were some high-profile security flaws found in free software libraries (e.g. Heartbleed, Shellshock). Can we identify which free software provides front-line defense in common scenarios, and ensure these project receives adequate incentives to remain non-kitchen-sinkish, well-maintained and regularly audited?
See also
:fsf:hpp:rough for some other ideas, rough and not really high-priority
References
Feedback request
https://www.fsf.org/news/fsf-commences-review-of-high-priority-free-software-projects-list-your-input-is-needed
http://gondwanaland.com/mlog/2014/12/08/fsf-high-priority/
Critiques
http://www.phoronix.com/scan.php?page=news_item&px=MTAwMTY
http://gondwanaland.com/mlog/2012/09/15/question-software-freedom-day/
Other suggestions
From http://gondwanaland.com/mlog/2014/12/31/happy-utc-new-year/
- http://a3nm.net/blog/gnu_hpp.html
- http://dustycloud.org/blog/high-priority-free-software-candidate-list/
- http://ossguy.com/?p=1446
- http://ingegnue.wordpress.com/2014/12/13/high-priority-projects-for-the-new-year-2015/
Backlinks: ublock fsf debian:non-free fsf:hpp:new-definitions fsf:hpp:rough fsf:hpp:badge fsf:hpp:coalition fsf:hpp:home-examples
CC0 / Public domain dedication To the extent possible under law, d3vid rix has waived all copyright and related or neighboring rights to "High priority projects in Grasmere notebook, including code snippets" (why? how?)