As you may have heard, there was some tragic news a few weeks back, when the founder of Debian Linux, Ian Murdock, passed away under somewhat suspicious circumstances. Without more details, we didn’t have much to report on concerning his passing, but Gabriella Coleman put together this wonderful look at how Murdock shaped the Debian community, and why it became such a strong and lasting group and product.

Ian Murdock in his Own Words: “The package system was not designed to manage software. It was designed to facilitate collaboration” Ian Murdock (1973-2015).

Peering in from the outside, the Debian operating system — founded in 1993 by Ian Murdock, then a twenty-two-year-old college student — might appear to have been created with hardcore, technologically-capable power users in mind. After all, it is one of the most respected distributions of Linux: as of this writing, the current Debian stable distribution, Jessie, has 56,865 individual open source projects packaged (in native Debian parlance software is referred to as packages), and Debian itself has functioned as the basis for over 350 derivative distributions. Debian developers are so dedicated to the pursuit of technical excellence that the project is simultaneously revered and criticized for its infrequent release cycle — the project only releases a new version roughly every two years or so, when its Release Team deems it fit for public use. As its developers are fond of saying, “it will be released when it’s ready.”

But if you take a closer look, what is even more striking about Debian is that its vibrant community of developers are as committed to an array of ethical and legal principles as they are to technical excellence. These principles are enshrined in a bevy of documents — a manifesto, a constitution, a social contract, and a set of legal principles — which guide what can (and cannot) be done in the project. Its Social Contract, for instance, stipulates a set of crystal clear promises to the broader free software public, including a commitment to their users and transparency.

In 2001, I began anthropological fieldwork on free software in pursuit of my Ph.D. Debian’s institutional model of software development and rich ethical density attracted me to it immediately. The ethical life of Debian is not only inscribed in its discursive charters, but manifests also in the lively spirit of deliberation and debate found in its mailing lists. Ian Murdock, who passed away tragically last week, had already left the endeavor when my research began, but his influence was clear. He had carefully nursed the project from inception to maturity during its first three years. As my research wrapped up in 2004, I was fortunate enough to meet Ian at that year’s Debconf. Held annually, that year’s conference was hosted in Porto Alegre, Brazil, and it was the first year he had ever attended. Given his fortuitous presence, I took the opportunity to organize a roundtable. Alongside a couple of long-time Debian developers, Ian reflected on the project’s early history and significance. ?

By this time, many developers had already spoken to me in great (and fond) detail about Ian’s early contributions to Debian: they were essential, many insisted, in creating the fertile soil that allowed the project to grow its deepest roots and sprout into the stalwart community that it is today. In the fast-paced world of the Internet, where a corporate giant like AOL can spectacularly rise and fall in a decade, Debian is strikingly unique for its staying power: it has thrived for a remarkable twenty-three years (and though I am not fond of predictions, I expect it will be around throughout the next twenty as well).

It was well-known that Ian established the project’s moral compass, and also provided an early vision and guidance that underwrote many of the processes responsible for Debian’s longevity. But witnessing Ian, and other early contributors, such as Bdale Garbee, articulate and reflect on that early period was a lot more potent and powerful than hearing it second hand. In honor of his life and legacy, I am publishing the interview here (it has been slightly edited for readability). Below, I want to make two points about Ian’s contributions and do so by highlighting a selection of his most insightful remarks drawn from the roundtable discussion and his blog — comments that demonstrate how he helped sculpt Debian into the dynamic project it is today.

1. Ian Murdock instilled a culture of reciprocity in Debian

Technologists and hackers contribute to free and open source software (F/OSS) development for a variety of reasons, many of which have little to do with altruism. But when Ian first cut his teeth on free software he was moved by the fact that other developers gave their code away freely.

What really grabbed me off the bat was the community. That was what really grabbed me and you have to understand at the time, it was a completely foreign notion that I had somehow stumbled upon this group of people that were interested in the same things that I was interested in, [and] who had basically for no particular reason built this thing, this operating system, and it had actually worked, and I could do my work on it, and I had not paid a dime for it; they did not ask anything of me when I download it or used it. And whenever you are in a situation like that, when people have given so much to you, one of the first instincts is like: “What can I do for you, what can I give back?”

Compelled to return the gift, he created Debian and fostered within its community a generalized culture of sharing and responsibility — a culture even more remarkable when one considers the fierce commitments to individualism held by many of the technologists involved. When the news of Ian’s passing circulated online, Branden Robinson, a long time Debian developer who had worked closely with Ian, paid tribute to his friend by praising Debian on these very terms:

Debian is about individual empowerment in a cooperative social environment — about taking responsibility while sharing responsibility. If that sounds like a tension or a dialectic, you’re on the right track. One can learn a great deal from working out such demanding principles; I have, and continue to do so.

So how did Ian establish a project whose participants, already so busy with technical labor, were willing to expend even more time to work through such “demanding principles”? Obviously, his leadership style played a vital role. But equally important was his decision to articulate a vision for Debian and publish it as a manifesto. Released shortly after the founding of Debian in early January 1994, Murdock stated in no uncertain terms that Debian would be a “non-commercial” distribution, developed by the community of developers for the community of developers. What is especially notable about this document is its prescient ending:

The time has come to concentrate on the future of Linux rather than on the destructive goal of enriching oneself at the expense of the entire Linux community and its future. The development and distribution of Debian may not be the answer to the problems that I have outlined in the Manifesto, but I hope that it will at least attract enough attention to these problems to allow them to be solved.

Let’s pause for a moment to contemplate the forward thinking nature of his statement. This was 1994: a good six years before Silicon Valley entrepreneurs began to swoop in and avidly embrace free software, rebranding it as open source in the doing. While the F/OSS development community largely benefited from this attention both with increased monetary resources and media visibility, projects ranging from Ubuntu to Tails undoubtedly benefited in equal step from Ian Murdock’s perceptive decision to charter Debian as an autonomous community of developers and a commons.

There was a visionary substance behind his manifesto. There is perhaps no greater testament to this substance than the Debian developer community’s continued commitment to his early vision year after year. In 1997 they hammered out a set of legal principles for admissible licenses — what came to be known as the Debian Free Software Guidelines — and made a series of promises to the broader F/OSS community in their Social Contract. The following year they articulated the project’s goals and governance structure in their Constitution. During the Debconf roundtable, Bdale Garbee emphasized how important it is to Debian that the project’s commitments be voiced explicitly — a tradition that began with Ian’s Manifesto.

So the creation of the social contract and the DFSG [Debian Free Software Guidelines]: that was one of the points where the group had grown enough that it was important to articulate what the group’s fundamental values were, because in order to build a community you have to have some way of articulating and connecting some shared values…”

2. Quality work requires a concrete and often institutional framework for collaboration.

One of the most frustrating misconceptions I routinely encounter regarding F/OSS development is that it occurs in some ad-hoc, laissez faire fashion. The wrong-headed perception goes something like this: a bunch of developers have a good idea about a piece of software they want to write, so the coders get together on Internet Relay Chat and mailing lists and start madly coding away, hosting their code on some super awesome versioning software like Git, and then bam!, like magic, they release a piece of functioning software a few months later. Sure, a loosey goosey style of development sometimes works. With smaller projects it is probably even the norm; most run — and run well — on loose consensus and the energy of excitement alone. Nevertheless, any online project that scales and grows — or at least any project that wants to create quality material as it scales and grows — usually has to formally organize itself, or else face the threat of extinction (or, at the very least, face the threat that the developers will have to live with themselves after releasing shitty software).

Like a wise master craftsman who knows norms and policies matter to the crafting of excellence as much as individual skill and capacity, Ian Murdock decided early on to implement frameworks for quality collaboration. One of his most famous contributions to F/OSS development techniques is Debian’s packaging system. Prior to this system, it used to be a long and complicated process to install any software. You would need to find the source code, figure out how to compile it, resolve all the dependencies it had by hand, and then install it. Every piece of source code did it differently, and once it was installed, you couldn’t easily remove it. It could take hours to get something installed. The package management system changed that completely, everything was bundled together enabling you to simply type one command, or click a button, to have it installed or removed. As described on Ian’s blog in the post titled, “What’s the single biggest advancement Linux has brought to the industry?”

It’s an interesting question, and one that in my opinion has a very simple answer: Package management — or, more specifically, the ability to install and upgrade software over the network in a seamlessly integrated fashion — along with the distributed development model package management enabled.

And yet, crucially, in the words of Ian himself: “The package system was not designed to manage software. It was designed to facilitate collaboration.” Eventually, this managerial approach was expanded to encompass more than just the packaging system, enshrined into the policy system still alive in Debian today:

It was not until late 94 when we had a working package system. We started to realize that just having packages was not enough. We had to have policies. Here is the mechanism, what is the policy? ?If you want something, if you want a service to start at boot time, what do you do? And at that point we had a bunch of really horrible things, like, you know, we had post installation scripts and so people were editing/etcrc and you could imagine what happens after awhile….

Over the years, developers followed in his footsteps: they continued to implement techniques and protocols — at times through technical means and in other instances by devising distinctly social mechanisms — to ensure the persistence of quality even as Debian ballooned in size (Debian is today one of the largest free software projects, with nearly 1000 official developers and thousands of other contributors). It would be no exaggeration to describe some of the technical engineers within the Debian project as shrewd social and political architects. Ample justification for such an appraisal can be found in Debian’s impressive “New Maintainer Process” — an entrance exam designed to test new developers’ knowledge of technical, legal, and ethical matters prior to their enrollment in the project. In the panel, Bdale emphasizes the manifesto’s importance in attracting a cadre of geeks and in connection to the subsequent documents and procedures.

[The Manifesto] acted like a geek magnet. It was the attractor that caused people to come here and say: “yes I want to participate in it.” ? So the manifesto acted as an initial attractor, and when the group got big enough it was important to make sure that they understood what the expectations were, and the Social Contract, and the keysigning process, and the NM [New Maintainer] process: We sort of require that you have said that you have read this, and you agree and abide by it. And there are of course people who have been around longer than those documents, and most of them would not have stayed if they did not agree with it.

I would argue that with these social and ethical protocols Debian transcends a mere technical project that produces an excellent product, and instead also qualifies as a sort of miniature society, and given its social contract and constitution, it also has a very 19th century, Enlightenment feel to it.

Ian Murdock left the project after a rather short period of just three years. But this was by no means an abandonment. The fact that he could step away represents just how important he was to the early project: He built an institution, an organization, that could function without its founder. He said as much himself during the roundtable:

Yea and I was in school and basically at that point we had a thriving community. We had infrastructure, we had lots of users. And my final test as to whether or not Debian succeeded was: could the founder step away from the project and could the project keep going because that is the only point at which you know that the project has basically taken a life of its own.

This league of technologists and programmers who proudly call themselves Debian developers are mourning the loss of one of their own. Ian’s life was cut way, way too short. But he will be fondly remembered for building a project that teems with life. Which, to use his own words, “took a life of its own” thanks to what he did as a bright-eyed, clear-sighted twenty-two-year-old. He will be dearly missed.

This week’s favorites post will be a bit different than normal, as a communication mix up meant that Gabriella thought the favorites post was supposed to mainly cover stories Techdirt hadn’t covered over the week, rather than ones it had. It’s not how we usually have it, but now that it’s been done, it’s kind of a neat idea in itself. So, check out these stories that we (mostly) did not cover this week… but which are still interesting.

I am a professor at McGill University who writes and researches computer hackers and digital activism, with a particular focus on the development of Free and Open Source Software and the protest movement Anonymous. For research, I am often chained to the computer for long stretches of time.

When Wikileaks published collateral murder in April 2010, it felt more like I was strapped in for a crazy ride on a rickety, wooden roller coaster (last security inspection was sometime around when the Pentagon Papers were released). Wikileaks, as I used to joke, is the gift that keeps on giving. In the beginning it seemed as if every day there was a new story, a new dramatic twist. Even now the reverberations that Wikileaks set into motion are being felt. Leaking as activism, which has yielded many, many political dividends has kept the giving coming. It was almost as if Assange had been saying ominously from the beginning, “Winter is coming” as the summer of leaks turned into the season of Snowden. This week, the British rags twisted this sense of the gift into something altogether different when the head of the MI-5 declared Snowden and Assange “self-seeking twerps” who aided and fortified the enemy by giving them state secrets.

But news on technical specs and political ramifications of blanket NSA spying and other wrongdoings has been on the lighter side this week, with a few exceptions. I really enjoyed Kashmir Hill’s riveting, and (as she describes, “highly hypothetical”) analysis on the potential role the NSA might have played in capturing the founder of the Silk Road, DPR. Another short but worthwhile piece covers why Washington Post journalist Barton Gellman defied the government’s request to redact the names of the companies involved in Prism. His reasoning was simple: “if the harm that companies would experience would be reputational because the public doesn’t like what is going on, that’s the accountability journalists are supposed to be promoting,” but let the public decide.

There was no short supply of news on the legal prosecution of hackers, the politics of journalistic interactions and Hollywood representations of hackers, and finally art inspired by their actions.

The most interesting of the bunch are two short blog posts that were circulating this week on Twitter accounts I follow. One is by the journalist Uli Ries, which dispenses handy and forthright advice for hackers on how to best handle interviews with journalists since their motives and technical training may not align with theirs. It covers everything from the rather tough daily constraints journalists face to tips on how to prevent being misrepresented. Another is a great companion piece by the grugq who makes the case that media training is good opsec and also provides essential advice. Anyone (hacker or not) who gets interviewed by journalists and wants to a bit more control over the train of the conversation, really ought to spend five minutes reading them. There was also an interesting twitter conversation among a crew of hackers who deliberated whether a reputation system could work for publicizing and thus eventually minimizing shoddy journalistic work. What do you think, is this doable, desirable or would it backfire?

One person who felt wholly misrepresented by the press and activists was Chelsea Manning. In her first statement since her sentencing, she voiced her deep discontent with how she has been misconstrued as an anti-war pacifist instead of a transparency advocate. Since this circulated far and wide, I am pretty sure she set the record straight, at least for now.

Unfortunately Aaron Swartz—the Internet activist who tragically ended his life when facing a lengthy trial for simply downloading academic articles—could not speak up to defend himself, as Chelsea did, from what I felt was a rather unfair characterization by Hal Abelson, an MIT professor who chaired a committee to investigate MIT’s role in the debacle. Abelson pretty much absolves MIT, then describes Swartz as “dangerously naive about the reality of exercising [his technical] power, to the extent that he destroyed himself.” The true naivety here was Abelson’s. His failure to attribute any blame to the unfair, aggressive and excessive federal prosecution, instead characterizing it merely as “vigorous,” was as appalling as using a descriptive word that one should reserve for a workout.

Speaking of Computer Fraud and Abuse prosecution, 13 individuals were indicted for their alleged participation in some phase of Operation Payback, a slew of distributed denial of service campaigns coordinated by Anonymous between September and December 2010.

When alleged participants get indicted or arrested, they are also unmasked, and we get a rare glimpse behind the makeup of Anonymous (assuming they were involved, which is still, of course, an open question). As I have long insisted, Anonymous is more diverse than one might first imagine, which is the topic of this brief article. It showcases a 22 year old college student, a 28 year old security consultant, a former employee at Amazon, and even an Anon who can claim senior citizen benefits. There is nothing too earth shattering about this piece nor is it very detailed but it is important to shatter stereotypes about hackers and Anonymous (including the fact that many are not hackers) when we can. The general public tends to think a hacker as acne, autism and anger: pasty white, nerdy middle class teenagers.

Just taking the example of Lulzsec—the break-away hacker group who spent fifty nights and days together working together in secret chat rooms to coordinate their hacking spree, it was a pretty diverse crew. Among their ranks was a Puerto Rican from the hood; a young Iraqi immigrant who moved to London when he was 10 6; 2 Irish chemistry students; a Scotsman from the remote Isle of Yell, whose sword is biting wit; and someone who served time in the military. When Lulzsec morphed into a more militant less lulzy political group, Antisec, a radical anti-capitalist leftist from Chicago who has already done jail time for prior acts of civil disobedience, joined. Although the only female was a guy pretending to be one—Kayla—it was still more diverse than often assumed.

Incidentally, those 2 Irish students were also in court this week to pay the 5,000 Euro fine they were each fined back in July when they plead guilty to one count of hacking, which is also the first hacking case to be tried in Ireland. I was in the court room in July and was stunned at how sane it all went down, at least when compared to the US where punishments for hacking, even if not financially motivated, are almost always frighteningly harsh. The Irish judge was stern but rather kind and reasonable. She noted the only harm was embarrassment, gave them no prison time, and now that they have paid their fine, their criminal incident will be wiped from their records. Most of the British Lulzsec guys got stiffer sentences (most were also being sentenced for a much much wider swath of activity than the Irish defendants) but not one got a fine. Compare that to US where once do your time, you also need to live out another decade or more as an indentured servant as you pay off your astronomical 100,000-600,000 dollar fine [12].

In the United States money will also be made off the hacker’s back as DreamWorks released their movie about Wikileaks, “The Fifth Estate” this week. Unsurprisingly, Assange is giving the movie a resounding thumbs down, and was critical of the film’s poster for labeling Assange a traitor. Notably, Wikileaks failed to mention the other poster which goes by its side, where the label is “hero”. Also of note was Assange’s letter to “Assange”, or at least the actor who plays him, where he praises him in an effort to butter him up before he tells him he is being used as a tool. Assange also cringes at the terrible Australian accent.

I will reserve judgment about the film and accent until I see the it for myself but reviews are all over the map. Benedict Cumberbatch, who plays Assange, claims his portrayal is “empathetic” while other reviews paint a different story: “It portrays [Assange] as a visionary who is pathologically insensitive, a genius with a cruel wit whose single-minded ambition leads him to betray his partners and his sources. Just as Zuckerberg was cast as a pioneer of social media who is devoid of social skills, Assange comes across as a populist crusader with an allergy to actual people. As he admits with a smirk in the film, “I’ve heard people say I dangle on the autistic spectrum.” It is not that Assange’s personality should not be up for artistic grabs, I just suspect he and his so-called dangling autism will come to stand in for the hacker personality writ large.

If Hollywood released a blockbuster film on Wikileaks this week, it is counterbalanced by Banksy’s New York based release of the public exhibit “Crazy Horse and Collateral Murder,” featuring his signature bold artwork alongside audio from one of Wikileaks’ first big releases: the chilling video of American soldiers gunning down unarmed civilians in Iraq—the gift Manning gave to the world. Whatever you might think of Banksy, it is refreshing for an artist to bracket the individuals (Manning and Assange) in favor of featuring the actions the hackers gifted to the world.

Speaking of really weird hacker representations and art juxtapositions.. next month is the premier of a ballet featuring the story of Lulzsec. I can’t wait to see how a bunch of dudes, sitting at a computer, chatting on Internet Relay Chat, will be represented not only in dance but in leotards.

How are all these stories and artistic artifacts tied together? I am not sure they are. But while the hacker has long been part of the public life of politics, ideas, and art thanks to films like War Games, it seems like the game of painting a portrait of the hacker has changed in recent times. The hacker figure is crafted in increasingly complex ways by hackers themselves, by the press, by Hollywood, and independent artists of all stripes and kinds (and of course by anthropologists and many other academics). Given their growing presence in the political sphere, there no shortage of these competing representations. It is too early to declare one as dominating public perceptions. What we have now is an ever shifting montage of the hacker.

Meanwhile, in a dramatic series of photos, you can see how a seal escaped from a shark, and you need to see it to believe it. Somehow, in an inexplicable way, that connects all of these stories together.