Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Progressive JPEG
Feb 19, 2003

i'm thinking the fafol could be used alongside a note to contact the developer(s) for an alternative license. it looks like it'd be a great poison pill for anyone with a legal team while the normies/hobbyists would be fine with it. technically closed source projects could also use fafol in order to have access to the revoke option, since lack of source code doesn't prevent bad people from exploiting software either. also the explicitly subjective nature of the license starts to get into the territory of a software coop where the members are deciding who to let in, but participating in a committee for something like that sounds like hell to me

i've been using the hippocratic license (also mentioned in the blog post) to fill a similar poison pill role. i think fafol could accomplish the same thing with less boilerplate, and it feels like the spirit/tone is a bit more in line with what i'd want to convey in a hobby project license, when the hippocratic one feels more academic. but fafol does come at the cost of more swearing which is kinda lovely

Progressive JPEG fucked around with this message at 21:49 on Nov 16, 2020

Adbot
ADBOT LOVES YOU

MeruFM
Jul 27, 2010
i always just used the Crockford Do No Evil license

If it was enough for IBM to pay him and google to not use it, it's good enough for me. Even if scotus don't give a poo poo anymore, precedence still feels powerful to me

also I just don't contribute to open source projects that I know are used by lovely companies. I know people who contribute to popular stuff as a way to boost their own ego in the programmer "sphere"
If you are capable if making meaningful changes to something like react, direct your abilities elsewhere because there's not as many people as you think can do that and your contributions are disproportionately helping facebook.

MeruFM fucked around with this message at 08:25 on Nov 17, 2020

Progressive JPEG
Feb 19, 2003

found a good list of licenses

i think my favorite is the Don't Ask Me About It License

quote:

Copying and distribution of this file, with or without modification, are permitted in any medium provided you do not contact the author about the file or any problems you are having with the file.

quote:

License

Licensed under itself. Don't bother emailing me about it.

or the license that only allows use on behalf of people who are dead

suck my woke dick
Oct 10, 2012

:siren:I CANNOT EJACULATE WITHOUT SEEING NATIVE AMERICANS BRUTALISED!:siren:

Put this cum-loving slave on ignore immediately!
idgi

if the government is already doing evil by dronestriking people, then we should at least make it slightly less evil by making sure the drones are controlled using free and open source software :spergin:

Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'

suck my woke dick posted:

idgi

if the government is already doing evil by dronestriking people, then we should at least make it slightly less evil by making sure the drones are controlled using free and open source software :spergin:

what the gently caress is this title

rotor
Jun 11, 2001

classic case of pineapple derangement syndrome

Captain Foo posted:

what the gently caress is this title

not 100% sure whats goin on with the post either

MononcQc
May 29, 2007

Meanwhile in the business world: https://slate.com/news-and-politics/2020/12/neal-katyal-supreme-court-nestle-cargill-child-slavery.html

quote:

On Tuesday, the Supreme Court confronted a seemingly simple question: If an American corporation aids and abets child slavery in a foreign country, can its victims sue the company in an American court?

[...]

Two years ago, by a 5–4 vote, the conservatives granted foreign corporations immunity from [Alien Tort Statute] lawsuits. On Tuesday, Katyal asked the court to expand this immunity to American corporations—meaning, in effect, that no corporations, foreign or domestic, can be sued under the statute. [...] In his brief, Katyal argued that allowing corporate liability would “place U.S. firms at a competitive disadvantage compared to companies in countries” with a law similar to the ATS. [...] Katyal also claimed that the “international community” does not support holding corporations responsible for violations of international law. For support, he pointed out that the Nuremberg prosecutors declined to prosecute “the firm that supplied Zyklon B gas, which the Nazis used to kill millions.”

so uh, there might be something desirable about not leaving morals and ethics to corporations after all maybe

Tankakern
Jul 25, 2007

Death of an Open Source Business Model

MononcQc
May 29, 2007


I read that one yesterday and I liked it.

There was a follow-up discussion online (probably HN?) that quickly mentioned models that use open source and are successful, but it's a bit hard to argue at least in the server space where one of the big players is just gonna take your poo poo and run you out of business with it.

Buck Turgidson
Feb 6, 2011

𓀬𓀠𓀟𓀡𓀢𓀣𓀤𓀥𓀞𓀬
I don't quite understand how a licence like fafol is valid or enforceable. At least in my country, for a contract to be valid, the rights and obligations dealt with under the contract need to be "certain". Leaving the meaning of key terms to the discretion of one party without actually listing specific permitted or forbidden uses is a sure-fire way to render your agreement void and unenforceable. If your licence agreement is void then you may as well pump out your software with no licence at all (also not a great idea given current copyright laws, although at least you may have control I guess).

I understand the appeal of these licences but personally I wouldn't use them. If you are truly concerned about the potential for your software to be used for evil, an attempt to constrain use of your software via a licence is probably not going to work, especially if state actors, criminals or powerful businesses want to use it. If your concern is great enough, don't release the code, release it only to those you trust, or remove the functionality you are concerned about.

On a bit of a side note, I personally think it'd be fun to release under a GPL-like licence, but restrict the permissions granted under the licence to natural persons only (specifically excluding corporations, government bodies, and their agents/employees). I wonder what the FSF would say about that and whether it conforms to their four freedoms.

Soricidus
Oct 21, 2010
freedom-hating statist shill
it’s time for sovereign software

MononcQc
May 29, 2007

Buck Turgidson posted:

I don't quite understand how a licence like fafol is valid or enforceable. At least in my country, for a contract to be valid, the rights and obligations dealt with under the contract need to be "certain". Leaving the meaning of key terms to the discretion of one party without actually listing specific permitted or forbidden uses is a sure-fire way to render your agreement void and unenforceable. If your licence agreement is void then you may as well pump out your software with no licence at all (also not a great idea given current copyright laws, although at least you may have control I guess).

I understand the appeal of these licences but personally I wouldn't use them. If you are truly concerned about the potential for your software to be used for evil, an attempt to constrain use of your software via a licence is probably not going to work, especially if state actors, criminals or powerful businesses want to use it. If your concern is great enough, don't release the code, release it only to those you trust, or remove the functionality you are concerned about.

On a bit of a side note, I personally think it'd be fun to release under a GPL-like licence, but restrict the permissions granted under the licence to natural persons only (specifically excluding corporations, government bodies, and their agents/employees). I wonder what the FSF would say about that and whether it conforms to their four freedoms.

They mostly rely on the "poison pill" aspect where corporate lawyers' aversion to running into legal grey areas for fun is not as developed as their liking of being on retainer while not being in court, so most of the advice is going to be "don't even bother touching these, we won't go there." No one really wants to be first at testing that litigation. Specifically when the license is seen as invalid, it doesn't mean you default to open source, it means you default to having been illegally using a piece of software for your product, so the license is more or less in a legal limbo for all stated usages. The risk is generally higher for a corporation than an individual user.

In general GPLv3 is sufficient to get that effect, but some corporations have been hungry enough about some pieces of software to either get their lawyers to look at it and then comply because the cost of developing software would be higher than asking the lawyers to just look at the loving thing (i.e. ffmpeg is the classic one where you can look into any smart TV's manual or android "about" section and go get the licenses), or to find a workaround they feel safe enough about (stick the OSS component behind a server, consider it separate as a codebase). Those with more powerful lawyers or a greater fear from the legal perspective just ban it outright and prefer to eat the cost of redeveloping poo poo from scratch (Apple is probably the best example there).

The "stick it behind the network" is what the folks at MongoDB and Redis have tried to block with newer licenses.

Buck Turgidson
Feb 6, 2011

𓀬𓀠𓀟𓀡𓀢𓀣𓀤𓀥𓀞𓀬

MononcQc posted:

They mostly rely on the "poison pill" aspect where corporate lawyers' aversion to running into legal grey areas for fun is not as developed as their liking of being on retainer while not being in court, so most of the advice is going to be "don't even bother touching these, we won't go there." No one really wants to be first at testing that litigation. Specifically when the license is seen as invalid, it doesn't mean you default to open source, it means you default to having been illegally using a piece of software for your product, so the license is more or less in a legal limbo for all stated usages. The risk is generally higher for a corporation than an individual user.

In general GPLv3 is sufficient to get that effect, but some corporations have been hungry enough about some pieces of software to either get their lawyers to look at it and then comply because the cost of developing software would be higher than asking the lawyers to just look at the loving thing (i.e. ffmpeg is the classic one where you can look into any smart TV's manual or android "about" section and go get the licenses), or to find a workaround they feel safe enough about (stick the OSS component behind a server, consider it separate as a codebase). Those with more powerful lawyers or a greater fear from the legal perspective just ban it outright and prefer to eat the cost of redeveloping poo poo from scratch (Apple is probably the best example there).

The "stick it behind the network" is what the folks at MongoDB and Redis have tried to block with newer licenses.

I am just wondering if there are better ways of doing this, if you are set on going open source. Using a licence which may be void still runs the risk of exposing "innocent" users of your software to harm. For example, imagine if your IP is assigned to another person or entity for some reason like death, incapacitation, bankruptcy--you can no longer control how these "innocent" users are treated.

I wonder if there is room for a hybrid licence model, where you license to natural persons on the same or similar terms as the GPL, but tightly control licences to corporations etc, and place more onerous or restrictive terms on them. Individuals are generally lower risk, because if they do something evil with the software it is probably going to be lower impact, and they are less likely to escape the consequences of their actions than a state actor or corporation. Corporations aren't real people, and I don't care if they don't receive the benefits of things like the four freedoms.

One other flaw of these (or any) open source licences is that trying to constrain the use of your open source software by state actors is probably going to fail. Even assuming they recognise copyright law, it might not apply to them, or their use of your software might not count as a copyright infringement in the context in which it is used, or they might simply legislate to change the rules in their favour.

Soricidus
Oct 21, 2010
freedom-hating statist shill
For twelve years, you have been asking: what is the Galt License? This is the license text. I am the license that loves its terms. I am the license that does not sacrifice the author’s values. I am the license that has deprived you of free code and thus has destroyed your corporation, and if you wish to know why you are perishing - you who dread knowledge - I am the license who will now tell you.

rotor
Jun 11, 2001

classic case of pineapple derangement syndrome

Buck Turgidson posted:

I understand the appeal of these licences but personally I wouldn't use them. If you are truly concerned about the potential for your software to be used for evil, an attempt to constrain use of your software via a licence is probably not going to work, especially if state actors, criminals or powerful businesses want to use it. If your concern is great enough, don't release the code, release it only to those you trust, or remove the functionality you are concerned about.

This is true. It's that James Mickens "mossad/not mossad" threat model and when we're talking about software licenses I think we are generally dealing with the "not mossad" model.

Like you say, if you're worried about what someone who the law does not apply to will do with your software, then yeah the only rational response is to not release it, and that goes for any software license.

Progressive JPEG
Feb 19, 2003

amazon seems pretty mad about not being able to so blatantly rip off elastic anymore

in a well actually
Jan 26, 2011

dude, you gotta end it on the rhyme

over-funded vc-backed company mad that their open source product is getting used in the way
that impedes investor storytime changes license and drives everyone to use competitor’s fork, lol

let them fight, etc

FamDav
Mar 29, 2008
not to get someone throwing that upton sinclair quote at me, but it extends beyond aws: https://logz.io/blog/open-source-elasticsearch-doubling-down/

i think its fairly clear that elastic (and mongo) found out that their open core model was fundamentally opposed to them being the sole source providers of their offering. this was probably a good business decision (i dunno seems like they're making money hand over fist anyways), but it does mean they aren't particularly good stewards of open source communities. newer companies like timescale and cockroach aren't making that mistake

FamDav fucked around with this message at 02:42 on Jan 23, 2021

in a well actually
Jan 26, 2011

dude, you gotta end it on the rhyme

per n-gate

quote:

Elastic is a hosting provider who thought they were a database vendor, and now they will be digested by hosting providers who are large enough to underwrite a database engineering team as a rounding error.

otoh elastic has a fifteen billion dollar market cap lol

rotor
Jun 11, 2001

classic case of pineapple derangement syndrome
Rise, thread, and LIVE

https://www.baldurbjarnason.com/2021/the-oss-bubble-and-the-blogging-bubble/

quote:

Capitalism will always find a way to exploit common resources. It’s just a matter of time.

Bloody
Mar 3, 2013

that's a good post

Soricidus
Oct 21, 2010
freedom-hating statist shill
god imagine if webdev went away. wouldn’t that be terrible. how would we live without npm

I hope it doesn’t happen before it’s legal to have street parties again

rotor
Jun 11, 2001

classic case of pineapple derangement syndrome

Soricidus posted:

god imagine if webdev went away. wouldn’t that be terrible. how would we live without npm

I hope it doesn’t happen before it’s legal to have street parties again

worse really is better.

rotor
Jun 11, 2001

classic case of pineapple derangement syndrome
kinda wanna pick up this dudes book, anyone read it?

https://www.amazon.com/Bleeding-Edge-Technology-Turns-Unequal/dp/1780263295/

Bloody
Mar 3, 2013

my library doesn't have it

Share Bear
Apr 27, 2004


this was good and i miss having a readily easily read source of high quality posts like this

MononcQc
May 29, 2007


This is a good article and I like many quotes from it.

quote:

Most people in the industry don’t realise that the web dev economy is primarily extractive. As with the earlier assumption that Google must be trying to keep Adwords clean and sustainable, there’s the assumption here that somebody in tech must be making sure the work behind OSS is paid for. Or, almost as naively, they assume that it can all subsist as donationware.

People in web dev constantly assume that something somewhere must be paying for the OSS dependencies they use. This is why developers come in with the entitlement of a paying customer. The OSS maintainer is supposed to serve them with the enthusiasm of somebody being paid. Their worldview just doesn’t accommodate the idea that this is unpaid labour because then they’d have to start questioning the very sustainability of their own careers.

quote:

Many of the misconceptions about OSS stem from the fact that the core of the ecosystem is funded.

Facebook is pouring money into the React sub-ecosystem, and Google keeps burning cash on the Chrome bonfire. Microsoft keeps funding developer infrastructure like Visual Studio Code, Typescript, npm, and GitHub. Those are just the most prominent examples. They all fund ton of other projects, either directly or indirectly, through a wage surplus.

A surprising amount of OSS is made by former big tech developers. They can afford to subsist on meagre revenue—for a time—because their pay and stock options have left them free of debt and with well-stocked savings accounts.

This is much more common than you’d think. Scratch away at the surface of pretty much any active OSS project that has no discernible revenue, and you either get a burnout waiting to happen, or you’ll find a formerly well-paid dev coasting on savings. Many of the rest have solid VC funding. Though, VC funding always runs out at some point. The business fundamentals just aren’t there for open source when you have Google, Amazon, and the rest gatekeeping all of the value in the market. This is why the ecosystem is already beginning to pull apart at the seams.

I had personally written on how we tend to make a ton of poo poo unsustainable by just externalizing the training and knowledge to unpaid parts of the ecosystem and I really enjoyed this one article's take on the economics of it at a broader level.

quote:

It isn’t just software: web dev education, training, and recruitment exist primarily to extract value from Facebook’s React or Google’s OSS projects. Very few of them invest in figuring out what sort of training will serve their students the best. The easiest thing to sell to both recruiters and students is the big framework on the block, so that’s what they sell and very little else.

The extraction mentality is baked into the business. Which is sort of fine when you’re dealing with projects funded by mega-corporations but disastrous when applied to the unfunded or poorly funded rest.

The money hose, combined with free or subsidised services, is a control mechanism that lets big tech companies control the OSS ecosystem. Projects they want to promote will get the money spigot. Other projects, like MongoDB or Redis, get turned into commodities and resold as cheap services.

Cybernetic Vermin
Apr 18, 2005

it is only partially about licenses, but the log4j debacle pretty clear-cut part of a very bad system. https://christine.website/blog/open-source-broken-2021-12-11

Shaggar
Apr 26, 2006
its called open sores for a reason.

rotor
Jun 11, 2001

classic case of pineapple derangement syndrome

Cybernetic Vermin posted:

it is only partially about licenses, but the log4j debacle pretty clear-cut part of a very bad system. https://christine.website/blog/open-source-broken-2021-12-11

"nothing is stopping people to bash us, for work we aren't paid for, for a feature we all dislike yet needed to keep due to backward compatibility concerns."

Here's a hot tip for open source developers: you have no business case. If you dont like a feature, drop it. If someone is mad that you no longer have backwards compatibility, tell them to write their own library.

I honestly dont understand the mindset that does this kind of volunteer work for multibillion dollar businesses.

Cybernetic Vermin
Apr 18, 2005

meanwhile the take over on osnews:

quote:

Money corrupts anything it touches. I’m insanely grateful for the almost endless number of people contributing to open source projects not because they expect to become rich, but because they enjoy doing it, to show off their skill, for the community of people they love interacting with, for the recognition it sometimes brings, or for the mere secret knowledge that their small project nobody’s ever heard of is a crucial cog in the massive machinery that keeps the technology world spinning.

Open source isn’t broken. It’s working exactly as intended, and it’s by far the most powerful force in the technology world, and it will outlive any of the corporations so many people bend over backwards to please today.

massive security issues people are forced to fix without pay: things working exactly as intended actually

rotor
Jun 11, 2001

classic case of pineapple derangement syndrome

Cybernetic Vermin posted:

or for the mere secret knowledge that their small project nobody’s ever heard of is a crucial cog in the massive machinery that keeps the technology world spinning.

what the gently caress is wrong with people i swear to god

in a well actually
Jan 26, 2011

dude, you gotta end it on the rhyme

posting thread to make rotors head explode:

https://twitter.com/_msw_/status/1469716143245967360?s=21

post hole digger
Mar 21, 2011
free (as in labor)

raminasi
Jan 25, 2005

a last drink with no ice

rotor posted:

what the gently caress is wrong with people i swear to god

i think that particular thing is wanting to enjoy a personal feeling of power without any attendant responsibilities of stewardship but i might be talking out of my rear end

rotor
Jun 11, 2001

classic case of pineapple derangement syndrome

raminasi posted:

i think that particular thing is wanting to enjoy a personal feeling of power without any attendant responsibilities of stewardship but i might be talking out of my rear end

well i think as we can see from the last few days, they in fact have significant responsibilities. I have never met an open source maintainer that was happy about it, and it has always made me wonder why they do it.

rotor
Jun 11, 2001

classic case of pineapple derangement syndrome

"We see no evidence of slavery," says glowing review of open source ecosystem

rotor
Jun 11, 2001

classic case of pineapple derangement syndrome
you used to be cool, man. it used to be about the code, now you're just in it for the money

https://twitter.com/jimjag/status/1470401509263298566

DaTroof
Nov 16, 2000

CC LIMERICK CONTEST GRAND CHAMPION
There once was a poster named Troof
Who was getting quite long in the toof
"i'm not in it for the money"
- a former engineering director for capital one

Adbot
ADBOT LOVES YOU

git apologist
Jun 4, 2003

when i read those tweets the douche chills are almost crippling

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply