In this edition, we conducted an email-based interview with François Marier, a free software developer from New Zealand. He is the lead developer of Libravatar. In addition to his passion for decentralization, he contributes to the Debian project and volunteers on the FSF licensing team.

Libravatar is a free network service providing profile photos for a number of Web sites, including bugs.debian.org and git.kernel.org. Its flexible architecture allows end users to host their own images and allows Web sites to use Gravatar as a fallback when necessary. It is licensed under the GNU Affero General Public License version 3, or end user can opt for any later version (GNU AGPLv3+).

What inspired you to create Libravatar?

As I explained in a talk I gave at linux.conf.au in 2011, my main sources of inspiration were the Franklin Street Statement, as well as a talk that Evan Prodromou gave at LibrePlanet in 2009.

I figured that we have a lot of work to do to replace all of the nonfree Web services we rely on, and so I decided that I would participate and get started with replacing the simplest Web service I could think of: the Gravatar.com avatar hosting service.

How are people using it?

The main audience for Libravatar are the developers of free Web applications. By using Libravatar over Gravatar, they are giving their users the option of either self-hosting their own avatars or using a free software service.

There are a few projects that use Libravatar, and in terms of traffic, our biggest users are the Debian, Fedora, Mozilla and the kernel Linux projects.

What features do you think really set Libravatar apart from similar software?

While Libravatar and Gravatar are quite similar in terms of features, Libravatar distinguishes itself in the areas of federation and self-hosting, as well as support for independent authentication systems. We also made it easy to delete and export your account because we believe that users should be in control of their own data.

Why did you choose the GNU AGPLv3+ as Libravatar's license?

Since my original goal was to produce a free software replacement for Gravatar, using a copyleft license was a no-brainer since it guarantees that the software will always stay free.

While developers are free to rely on the Libravatar service in their nonfree Web applications, I wanted any self-hoster using the main codebase to be part of our community. The GNU AGPL seemed like a good way to encourage a sharing culture.

How can people help contribute to Libravatar?

Our most pressing need is growing our mirror network. If you have a small amount of disk space (< 400 MB) and bandwidth (around 1GB / month) on your server, please get in touch at mirrors@libravatar.org! We are slowly becoming more and more popular and are already pretty close to capacity. Scaling a free service to keep up with increasing popularity is one of the big unsolved problems in the free software world, it seems.

Another easy place where people can help is with translations. We currently support fourteen different languages but we are always hoping to reach more people in their native language.

What's the next big thing for Libravatar?

It's hard to point to a single big thing because the service is fairly mature now, having been around since 2010.

Some of the things we are thinking about at the moment are: support for Do Not Track, SVG avatars (to help with high-DPI displays), and a graphical refresh with support for mobile. Get in touch if you are good with pixels and interested in getting involved.

You might be wondering, why in the world would an air conditioner be important during a blizzard? It's all about the servers. Most of our servers are not on site in our office, but those that are vital to the day-to-day work of the FSF are.

For me, snow is a welcome given of living in the Boston area, one that I missed in more than three years living in Guatemala and Mexico. Despite meeting some awesome free software comrades during that time, winter was always calling me back north. Home to me has always been Boston (I skip my youth because, well, New Jersey is worth skipping). I moved here in the fall of 1996 and experienced my first major snowstorm the following April Fools' Day, the biggest joke of the year. The temperature was in the 60s (Fahrenheit, the mid-teens in Celsius) for weeks prior, when suddenly we were slammed with 25 inches (63.5 cm) of snow in a twelve hour period—the biggest storm since the infamous Blizzard of 1978. I have always welcomed the snow in my life. After all, I was born in the blizzard that happened just a few weeks before the record-breaker in 1978, which nearly led to my mother being taken to the hospital by snowmobile. I like the snow and the challenges it brings to life, but I never thought it would affect my work as a sysadmin.

The weather throughout February brought high temperatures below freezing and weekly snow storms, amounting to piles of snow taller than me (sixty-six inches, or 1.676 meters). We received more than ninety-five inches (2.43 meters) of snow, cumulatively, and none of it melted in February. The last week of the month brought a new challenge, one I had never considered. Another snowstorm with high winds led to giant drifts of snow.

And then came the temperature warnings in our server closet. It incrementally went from 70F (21C) to 90F (32C). The weather was bad enough to severely delay—or shut down entirely—the public transit system, so travel to the office wasn't feasible for any of us in the Boston office. Over IRC, me and Lisa, our senior sysadmin, began identifying which servers we could turn off during the weekend to help lower the temperature in the closet. At this point, we had no idea why the air conditioning, crucial to temperature regulation in the server closet, was not working. It was not until Tuesday that we were able to make it back to the office.

Arriving by bike on Tuesday morning, I was ready to investigate the air conditioning issue. Thinking through the possibilities, I decided to turn the unit back on and see if it would stay on. That lasted about ten minutes before it automatically shut down. This left me with few options: either call the repair folks and hope they could come to the office that day or we could further investigate the issue myself by going to the roof, where ventilation part of the unit resides. Off I went.

This was not my first visit to the roof for an air conditioner issue, so I knew where to find the unit. I put on a sweatshirt and a keffiyeh and headed to the roof. The roof door locks from the inside, so I grabbed a piece of metal to wedge in the door to keep me from being locked out. I pushed the door to the roof and...it did not budge even an inch. Snow was piled up blocking the door. I leaned in, hard, and the door ever so slowly opened, leaving me just enough room to squeeze through.

But as I got out on the roof, the next challenge presented itself: four feet of snow, covering a veritable farm of air conditioning units—and ours was on the far side of the roof, forty snow-covered yards away.

To get there, I had to climb over other air conditioning units, duck below beams, and push through the snow. I finally arrived at our AC unit, and after some digging, I discovered that the snow had blown into the unit's cooling fan, preventing from spinning. I spent most of the morning digging and cleaning out the fan. I trekked back to the office, and the system started up again. Just one of the many quirks of a sysadmin's role here at the FSF.

In addition to civil society organizations like the FSF, the letter* was signed by some of the most important cryptologists in the world, including the inventors of many of the key technologies behind modern encryption.

The letter is a response to recent requests from the US Federal Bureau of Investigation (FBI) and other agencies for laws requiring that backdoors and attack vectors be built into any encrypted system made by US companies. These backdoors would be specially created to allow law enforcement to snoop on the personal information of the company's customers. Even if you trust the government not to misuse your personal information, this is very risky; any backdoor created for the government will significantly weaken software against other attacks as well.

While free software advocates may not all agree on the details of how narrow government surveillance must be to keep civil liberties intact, we must draw a line at surveillance that prevents effective whistleblowing on corporate and government misbehavior. Mandatory backdoors would definitely do that. Whistleblowers exist outside the NSA—people must be able to expose (as hypothetical examples) inappropriate influence by Apple on US congresspeople, or secret patent intimidation by Microsoft against free software distributors. Without strong encryption, such sources will know that their identity can be easily discovered, providing a serious deterrent against doing the right thing.

Another unacceptable result of government-mandated backdoors is that they would effectively make it impossible for US companies to use free software encryption in systems that handle customers' information. The laws requiring specific unmodifiable anti-features would prevent both companies and users from exercising freedom 1 of the Free Software Definition, the freedom to study how a program works and change it so it does your computing as you wish.

We are strongly opposed to government-mandated backdoors and are supportive of this letter's intent, but we signed it with some trepidation. This is because the only real victory in control over our software lies not in petitioning the government, but in moving away from proprietary software. Free software can be much more difficult for centralized entities—either government or corporate—to control, because any backdoors or other vulnerabilities added to a given version can be reversed in another version and spread to everyone using the program (I wrote more about this resilience in a 2013 article, How can free software protect us from surveillance?). Conversely, proprietary software is never guaranteed to serve our interests—even if we are assured by the developers of the software that they have not built in a backdoor, we can't verify this because we can't see the source code.

Let's keep pressuring our government to resist any requirement to deliberately install backdoors in our software, but not put all our eggs in that basket: to really have freedom and security, we need to use our own solutions that we control, from the source code up. A variety of such free software, encrypted communication tools already exist. Systems like GnuPG (learn how to use it here), OpenSSL, and the rest in the Free Software Directory's encryption category are easily available and new ones are being created every day to meet changing needs. There are even new, free software-based, decentralized, surveillance-resistant systems that we hope will someday replace the massive restrictive corporate systems that government agencies so desperately want complete access to. If we're successful, we'll eventually reach a point where we won't need to petition leaders to protect our privacy in this area, because we'll be able to protect it ourselves.

*The letter uses the term "free and open source," but the term "open source" misses the point of free software. Read more about the two terms on gnu.org.

Join the FSF and friends Friday, May 22, from 2pm to 5pm EDT (18:00 to 21:00 UTC) to help improve the Free Software Directory by adding new entries and updating existing ones. We will be on IRC in the #fsf channel on freenode.

Tens of thousands of people visit directory.fsf.org each month to discover free software. Each entry in the Directory contains a wealth of useful information, from basic category and descriptions, to providing detailed info about version control, IRC channels, documentation, and licensing info that has been carefully checked by FSF staff and trained volunteers.

While the Free Software Directory has been and continues to be a great resource to the world over the past decade, it has the potential of being a resource of even greater value. But it needs your help!

If you are eager to help and you can't wait or are simply unable to make it onto IRC on Friday, our participation guide will provide you with all the information you need to get started on helping the Directory today!

Join the FSF and friends Friday, May 15, from 2pm to 5pm EDT (18:00 to 21:00 UTC) to help improve the Free Software Directory by adding new entries and updating existing ones. We will be on IRC in the #fsf channel on freenode.

Tens of thousands of people visit directory.fsf.org each month to discover free software. Each entry in the Directory contains a wealth of useful information, from basic category and descriptions, to providing detailed info about version control, IRC channels, documentation, and licensing info that has been carefully checked by FSF staff and trained volunteers.

While the Free Software Directory has been and continues to be a great resource to the world over the past decade, it has the potential of being a resource of even greater value. But it needs your help!

If you are eager to help and you can't wait or are simply unable to make it onto IRC on Friday, our participation guide will provide you with all the information you need to get started on helping the Directory today!