Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts


Gazpacho posted:

what if the baby is hitler

ok settle down jeb

Adbot
ADBOT LOVES YOU

Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'


lancemantis posted:

I guess I'm just a person that's lost a lot of faith in institutions so maybe my thought patterns come off as weird

do you have faith in yourself to attempt to claw back what you've made from being used for evil, even if that attempt is ultimately unsuccessful?

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T





Soiled Meat

has anyone noticed the irony of posting this on twitter?

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts


CRIP EATIN BREAD posted:

has anyone noticed the irony

nope

PCjr sidecar
Jan 26, 2011

dude, you gotta end it on the rhyme



i think part of what i have trouble with is that individual oss devs would not necessarily align with what we’d consider ethical

consider the ‘angry at immigrants’ license: https://www.treefinder.de/

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts


PCjr sidecar posted:

i think part of what i have trouble with is that individual oss devs would not necessarily align with what we’d consider ethical

consider the ‘angry at immigrants’ license: https://www.treefinder.de/

I mean this is just humans. The idea that we'd all hew to some higher standard of ethical behavior is sort of lol. We can barely get our filesystem guys to not kill their wives.

akadajet
Sep 14, 2003



abolish ice. also, npm.

Jonny 290
May 5, 2005




[ASK] me about OS/2 Warp


PCjr sidecar posted:

i think part of what i have trouble with is that individual oss devs would not necessarily align with what we’d consider ethical

consider the ‘angry at immigrants’ license: https://www.treefinder.de/

hahah holy poo poo

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts


akadajet posted:

abolish ice. also, npm.

Jonny 290
May 5, 2005




[ASK] me about OS/2 Warp


i dont even know what npm is and i laugh every time somebody drags them

Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'


akadajet posted:

abolish ice. also, npm.

Shaggar
Apr 26, 2006


Nap Ghost

Jonny 290 posted:

i dont even know what npm is and i laugh every time somebody drags them

npm is github but it only hosts javascript people reference in production.

Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'


Jonny 290 posted:

i dont even know what npm is and i laugh every time somebody drags them

It's the nodejs package manager and it's even worse and stupider than you would imagine given that

akadajet
Sep 14, 2003



Captain Foo posted:

It's the nodejs package manager and it's even worse and stupider than you would imagine given that

the only thing I've seen that's worse than npm was bower but that's a really high bar to reach.

MononcQc
May 29, 2007

"I believe I did, Bob."



the only reason removing your package tends to work in doing damage is that npm is surprisingly fickle as a package manager (see old post of mine somewhere about how they can allow the same dep multiple time with clashing versions within a package), and they at different times in the past had no good protective mechanism around dropping packages, parking names, reusing names for new packages. Coupled with the lack of stdlib, it was easy for a user to have a little util function used by thousands and thousands of projects, drop the package, and then gently caress up everyone's build because a bunch of people appear to run npm as part of every build on every prod node.

Plus they had a history of generally having semver recalculated on each single new build, which would let maintainers drop point versions of existing packages and start loving with random builds across the world.

This is hilarious and gathered attention from the press, but any shop that has their poo poo together would pin deps better, vendor or mirror them, and just not be stuck with it. So the whole effort of "please take your package down in protest" is intended to harm firms that depend on it while hoping Palantir still hasn't got their poo poo together after all that time and the few attempts that happened already.

akadajet
Sep 14, 2003



Shaggar posted:

npm is github but it only hosts javascript people reference in production.

bower was literally just github

Arcteryx Anarchist
Sep 14, 2007




Fun Shoe

PCjr sidecar posted:

i think part of what i have trouble with is that individual oss devs would not necessarily align with what we’d consider ethical

consider the ‘angry at immigrants’ license: https://www.treefinder.de/

drat is that German as hell

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts


akadajet posted:

the only thing I've seen that's worse than npm was bower but that's a really high bar to reach.

goddamn bower was so fuckin dumb

Dijkstracula
Mar 18, 2003

You can't spell 'vector field' without me, Professor!



PCjr sidecar posted:

i think part of what i have trouble with is that individual oss devs would not necessarily align with what we’d consider ethical

consider the ‘angry at immigrants’ license: https://www.treefinder.de/
:eyepop:

quote:

I dislike the flood of immigrants they caused to come here - come here to replace unprofitable Europeans like me.
at least he's honest about his racist rear end being a drain on society

Arcteryx Anarchist
Sep 14, 2007




Fun Shoe

I remember how many devs I spent time around outside of work tended to always be front end types and they’d always be talking about bower and poo poo and I didn’t get wtf those things were supposed to do other than being examples of someone with too much time pasting over broken garbage

akadajet
Sep 14, 2003



lancemantis posted:

I remember how many devs I spent time around outside of work tended to always be front end types and they’d always be talking about bower and poo poo and I didn’t get wtf those things were supposed to do other than being examples of someone with too much time pasting over broken garbage

package managers for javascript. good idea in theory, badly executed and managed.

MononcQc
May 29, 2007

"I believe I did, Bob."



This thread assumes you write some OSS code that is used by bad actors, and therefore asks you to act to undo or at least slow down the evil that you helped unleashed onto the world (your code, also baby jails) in order to undo the facilitating you inadvertently did.

What about the opposite though, where your code is used by a good, benevolent actor (say doctors without borders, curing ebola): is being inactive enough to get the moral benefits of helping make the world a better place through your idiot code?

If we can ask whether passivity in face of bad situations (your code jailing babies) is enough to make you a bad person, would a similar utilitarian argument be possible with good code uses: is not actively maintaining OSS code that would help solve a bad situation (ebola) actually disengagement in front a greater evil, and technically bad?

MononcQc
May 29, 2007

"I believe I did, Bob."



therefore, just merge my loving PR you nerd

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T





Soiled Meat

this code is all hosted on github so these people should be boycotting microsoft instead of worrying about some nerd's left-pad Implementation

Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'


MononcQc posted:

therefore, just merge my loving PR you nerd

Progressive JPEG
Feb 19, 2003



MononcQc posted:

Hot off the presses is icebreaker.dev, a website that finds the current ICE practices in the US to be troubling cases of human rights abuses (rightfully so), and tries to call out all code authors and maintainers in the open-source world to participate in protests and donating to orgs fighting concentration camps on US soil, but also encourages tech people to adopt a new license which forces ethical behaviour (listed below), or to just flat out pull your code from public repositories:

quote:

Copyright 2019 Coraline Ada Ehmke

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

The software may not be used by individuals, corporations, governments, or other groups for systems or activities that actively and knowingly endanger, harm, or otherwise threaten the physical, mental, economic, or general well-being of other individuals or groups in violation of the United Nations Universal Declaration of Human Rights.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

This license is derived from the MIT License, as amended to limit the impact of the unethical use of open source software.

something that icebreaker.dev site linked to was a nonprofit Corporate Accountability Lab who had written a pair of licenses of their own (one for software, the other for general works), with the bonus of having actual lawyers involved in the process of constructing them

they have a series of blog posts from way back in 2018 that go over how the licenses were designed. one thing mentioned there is that they specifcally ruled out just referring to the human rights declaration:

quote:

Our initial drafts attempted to incorporate other principles, declarations, and conventions of law by reference (e.g., UN Guiding Principles on Business and Human Rights, Universal Declaration of Human Rights, etc.), to promulgate the standards that a business must follow to receive license to use the copyrighted work. A problem that we found with this approach is that such declarations and conventions are generally written to nation-states and are phrased at such abstract levels that would-be licensees could have some legitimate grievances with the ambiguity of terms that we otherwise want to be strong and defensible in the realm of contract law. Contractual conditions that are subjective and difficult to assess or otherwise measure are generally frowned upon in effective contract drafting, so we wanted to figure out something cleaner.
so there may be some risk to having a contract that just says 'you must adhere to this broad set of principles according to how i interpret them'. for example if anyone posts yet another loving loss edit i'm going to cut them off under article 5 of the declaration so loving fast

ps: how many .dev domains does coraline run? i think i've hit like five different ones so far when reading up on this stuff, each looking like different rebrands of the same (commendable) idea. tbh it doesn't give me much confidence that this latest edition is going to be getting regular maintenance

MononcQc
May 29, 2007

"I believe I did, Bob."



The lawyery ones are interesting. I'm still torn on the idea of EULA-like clauses into copyright licenses. Bryan Cantrill has a good blog post on that front (written in the context of companies trying to get AWS to not just wrap OSS poo poo and charge for it): http://dtrace.org/blogs/bmc/2018/12/16/a-eula-in-foss-clothing/

quote:

...
You will notice that this looks nothing like any traditional source-based license — but it is exactly the kind of boilerplate that you find on EULAs, terms-of-service agreements, and other contracts that are being rammed down your throat.
...
my copy of the software isn’t mine at all. On the one hand, this is (literally) proprietary software boilerplate — but I was given the source code and the right to modify it; how do I not own my copy? Again, proprietary software is built on the notion that — unlike the book you bought at the bookstore — you don’t own anything: rather, you license the copy that is in fact owned by the software company. And again, as it stands, this is dubious, and courts have ruled against “licensed, not sold” software. But how can a license explicitly allow me to modify the software and at the same time tell me that I don’t own the copy that I just modified?! And to be clear: I’m not asking who owns the copyright (that part is clear, as it is for open source) — I’m asking who owns the copy of the work that I have modified? How can one argue that I don’t own the copy of the software that I downloaded, modified and built myself?!

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts


Progressive JPEG posted:

something that icebreaker.dev site linked to was a nonprofit Corporate Accountability Lab who had written a pair of licenses of their own (one for software, the other for general works), with the bonus of having actual lawyers involved in the process of constructing them

I think this is pretty good.

edit: but agreed, it seems a lot more like a eula

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts


no one wants to talk about a eula because there's basically no machinery to handle eulas in common dev workflows.

JawnV6
Jul 4, 2004

So hot ...

bring 👏 back 👏 shrinkwrap 👏

Progressive JPEG
Feb 19, 2003



MononcQc posted:

The lawyery ones are interesting. I'm still torn on the idea of EULA-like clauses into copyright licenses. Bryan Cantrill has a good blog post on that front (written in the context of companies trying to get AWS to not just wrap OSS poo poo and charge for it): http://dtrace.org/blogs/bmc/2018/12/16/a-eula-in-foss-clothing/
imo that argument would be equally applicable to any copyleft license, which additionally also generally read like EULAs. turns out effective licenses tend to avoid being ambiguous

Schadenboner
Aug 15, 2011

by Shine


JawnV6 posted:

bring 👏 back 👏 shrinkwrap 👏

shrinkwrappa deez nuts

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts


honestly though i think that the idea of open source has passed its useful stage and has just become free work for exposure. So my real response is simply "stop writing open source software."

Progressive JPEG
Feb 19, 2003



at this point I think the “meritocracy” people and the “open source” (as defined by the OSI) people are effectively two sides of the same coin - convinced that a short set of rules cannot result in externalities

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T





Soiled Meat

sometimes i'll write something one-off that i need that isnt super big but could be useful, so i'll throw it on github and let someone else find it useful, too.

i'll be damned if i'm going to do anything more than that, like check where it's at or care who is using it. i have one repository that has a little bit of a following (and some idiot is donating to even though i didnt ask for it and had to sign up for an account to get the $1/month) and i havent looked at it in months except to laugh at the people submitting PRs that i will never, ever review or accpet, or laugh at the people who forked it to rewrite it in javascript.

Progressive JPEG
Feb 19, 2003



ended up going with the hippocratic license for the dns thing. in true istp spirit its very much a prototype and im the only contributor so i just rewrote the git history with the new license and thereby effectively removed distribution under the prior license (which was gpl3)

had mainly looked at these three options:

- hippocratic license (mentioned by OP): now on v1.2, their faq claims that it's gotten some(?) legal review at least so thats cool, but they still say its in draft stages so who knows. worst case ill just rewrite history again when there's a new version :q:

- corporate accountability lab license: also looks fine, but its got a weird thing where the licensor/developer is expected to "register" their use of the license with the lab. this seems kinda bullshit, particularly if you think about derivative works and whether that would result in a new licensor who would also need to register? what if the registration doesn't work anymore?? i had sent the lab an email asking about this and didnt hear anything back (but i only gave em like 18 hours)

- then there's this one where they've basically got a big ol bulleted list of things they dont like. for example "deforestation" is great when part of a scheduled harvest/replant program: captures carbon much more effectively and also creates building materials for housing, win/win

rotor
Jun 11, 2001

Official Carrier
of the Neil Bush Torch

 
 
 
 
teh butts


I think getting a good license up front is good but I think a clause that the author retains the right to deny use to anyone at any time is the only practical way to actually avoid having your code used for unethical purposes.

Progressive JPEG
Feb 19, 2003



just got an email back from corporate accountability lab and it sounds like they don't mind if the license language is edited to omit the registration requirement:

quote:

Thanks so much for your email and your interest in +CAL. Yes, feel free to make the modification that you proposed. Our intention with the language was really so that we could track the usage, so even if you change the language, we would love to hear how you are using it and any feedback you have.

so they actually seem pretty alright too if anyone's looking at them, and tbh it feels like they've put in a lot more real lawyer hours into what they're trying to accomplish than the other two options.

if anyone ends up using +CAL i'd recommend being a cool person and letting them know about it anyway since it looks like they do good stuff in general. after getting that response id seriously consider using them.

however the license itself seems to be more around keeping corps in line and specifically mentions "commercial entities" and "supply lines", as such it looks like its a bit more specifically focused on the nonprofit's mission

Progressive JPEG
Feb 19, 2003



rotor posted:

I think getting a good license up front is good but I think a clause that the author retains the right to deny use to anyone at any time is the only practical way to actually avoid having your code used for unethical purposes.

i think this is what sorta owns with the hippocratic license. in my non-legal-not-a-lawyer-nor-an-expert opinion its sufficiently vague to be poisonous to any corporate or government legal department while individual users wouldn't really be affected. it's like 'don't do evil' jslint territory

Progressive JPEG posted:

for example if anyone posts yet another loving loss edit i'm going to cut them off under article 5 of the declaration so loving fast

Adbot
ADBOT LOVES YOU

Arcteryx Anarchist
Sep 14, 2007




Fun Shoe

Progressive JPEG posted:

poisonous to any corporate or government legal department

i have bad news

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply