Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
MononcQc
May 29, 2007

"I believe I did, Bob."



Hot off the presses is icebreaker.dev, a website that finds the current ICE practices in the US to be troubling cases of human rights abuses (rightfully so), and tries to call out all code authors and maintainers in the open-source world to participate in protests and donating to orgs fighting concentration camps on US soil, but also encourages tech people to adopt a new license which forces ethical behaviour (listed below), or to just flat out pull your code from public repositories:

quote:

Copyright 2019 Coraline Ada Ehmke

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
  • The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

  • The software may not be used by individuals, corporations, governments, or other groups for systems or activities that actively and knowingly endanger, harm, or otherwise threaten the physical, mental, economic, or general well-being of other individuals or groups in violation of the United Nations Universal Declaration of Human Rights.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

This license is derived from the MIT License, as amended to limit the impact of the unethical use of open source software.

This amazingly effective means of ensuring proper ethical treatment of human well-being was announced over twitter:

https://twitter.com/coralineada/status/1222203448369827845

Which quickly prompted more fun responses:

https://twitter.com/soniagupta504/status/1222374341041586176

Of particular interest, the poster got a very expected twitter dogpile from the public which I will neither encourage nor mention further.

What I instead want is the educated hottakes of my fellow yosposters on this issue. Where do you position yourself on the line between "all technology can be used for good or bad, and I can't know what will come out of it", and Tom Lehrer's famous "Once the rockets are up, who cares where they come down? That's not my department," about Wernher von Braun?

We know all code is a threat for existing and by extension of running on computers (which are pieces of poo poo; YOSPOS' first axiom), but just how much responsibility are you willing to take for the inhuman horrors unethical actors can unleash with the help of your code, which was mainly expected to be terrible and nothing more?

Adbot
ADBOT LOVES YOU

MononcQc
May 29, 2007

"I believe I did, Bob."



microsoft is the largest open source company in the world shaggar

MononcQc
May 29, 2007

"I believe I did, Bob."



I'm personally torn on this because I maintain build tools for a programming language. The concern of the build tool is "make writing software easier and less risky in a given stack."
It is ultimately pretty neutral, but if it allowed a company like Palantir to help a government be more effective at stepping on necks with jackboots, what could I do?

You can extend that argument further: what about language designers or kernel developers for Linux? Like is it really fair to go and compare "works on linux" or "works on a js linter" with "writes real-time facial recognition software", and if not, where do we feel the gradient becomes too much?

I'm kind of personally tending towards how easy it is to imagine a dystopian scenario facilitated by the software being produced, compared to how much it helps prevent this scenario from materializing. The easier it is to imagine it used for abusive cases more powerfully than positive cases, the worst I'd feel about it. But that's very ad-hoc and separated of any actual ethical analysis, and in no way prevents abusive usage.

MononcQc
May 29, 2007

"I believe I did, Bob."



more hot takes:

licenses are not the right tool for that job; they're copyright assignment.

what people have in mind there are EULAs, and we should stop rolling EULA-like terms into copyright things like licenses.

MononcQc
May 29, 2007

"I believe I did, Bob."



rotor posted:

"I made this high powered space laser and I'll just leave it here on this streetcorner, charged up and ready to go."


"look, it's not my fault some jackass used my high powered space laser to murder a busload of tourists, I put a warning label on it."


this is anyone trying to claim they're not responsible for palantir - or worse - using their code.

This argument however does not distance you from the work you do for pay in your day job, if the company that owns it sells it to a bad actor that runs with it to do unethical things. In fact you could argue that as someone paid for that work, you benefit from the suffering it causes to a greater extent than OSS developers.

MononcQc
May 29, 2007

"I believe I did, Bob."



rotor posted:

i don't understand this. How is "retain control of who uses your work" a difficult concept? If someone you like comes to you and says "hey man can i get those build tools?" you say yes. If someone you hate says the same thing, you say no.

It's tied to the overall idea of "no ethical consumption under capitalism". Essentially, if a commodity can be used for evil, it's an argument against producing commodities. If you write a more effective data structure that lets you sort things faster, how are you to know or expect that technical improvements will be used to facilitate genocide, as opposed to just sorting songs in a playlist faster? should you abstain from publishing potential improvements because of the potential for ill use altogether?

I'm feeling that no, this isn't good enough to just abstain from writing poo poo or teaching stuff (what if you teach things to someone and they end up doing evil with it?). There's some abstract point after which my distance from the risky issue is high enough I no longer feel bad about it, and it's definitely not constant across various pieces of tech.

MononcQc
May 29, 2007

"I believe I did, Bob."



rotor posted:

No, it sure doesn't. Don't work for monsters.

You don't need to work for monsters for the people at your org owning the results of your work to turn around and sell the solution to monsters.

Say you work on e-mail software.
The e-mail software is used by a neutral company to organize internal communications
That internal company uses the more effective communications to sell b2b solutions at a faster pace than ever before
the faster pace of communications is used by eugenicists to better coordinate work that eliminates minorities.

What is your responsibility as someone who produced e-mail software but indirectly participated in improving eugenics?
It is unrelated to OSS, although OSS makes it easier to skip middlemen.

MononcQc
May 29, 2007

"I believe I did, Bob."



rotor posted:

You should use your capacity as a human to make these decisions on a case-by-case basis instead of trying to find a single solution for every possible eventuality.

agreed. Which is why seeing "coffeescript" called out for facilitating concentration camps is kind of loving weird.

MononcQc
May 29, 2007

"I believe I did, Bob."



rotor posted:

again, this is a question that no one will be able to produce a global answer for and you need to ask yourself these questions and come up with your own answers for any given situation.

but twitter is implying I'm to blame here and I can't sit idly without external validation

MononcQc
May 29, 2007

"I believe I did, Bob."



One thing I won't do is take it on my shoulder to inherit the moral responsibilities of other people.

I.e. if I'm developing something that is arguably neutral and a priori has no political implications aside from granting some level of effectiveness or correctness ("a tool that lists directories", "a code linter", "a thing that backs up your own files"), I am not doing a thing that is inherently wrong. I.e. "making communications faster and more reliable" can of course be used by people wanting to do nasty poo poo, but also has tons of positive applications. Evil uses of it are out of my control, because there's no inherent negative potential for it.

If I invent crampons so people stop slipping on ice or steel-toed boots, I won't keep the invention or the concept private because it also allows bad actors to kick people more effectively for it; there are obvious benefits that neutral or non-evil actors will have out of it, and I would expect the rest of society to cover or regulate around the bad actors usage of it.

OTOH, some pieces of tech have visibly easy negative effects, because they require large budget that only big corporations or state actors would have: spying, face recognition, etc. They are seen positively by bootlickers who believe that heightened state control and law inforcement is inherently good because law is equal to morality, and if something is legal, it can't be immoral. As someone who doesn't ascribe to that view, I see an inherent risk to creating ideas or software clearly oriented towards making that use case easier.

Then you get the in-betweeners: stronger cryptography or gene-sequencing. They can be good to help individuals secure or protect their own communications, or for scientists to develop new medicine. They can also be used by criminals to hide from law enforcement and eugenicists to do terrible poo poo. At that point, the technology can go out, but I would expect to only open it around the right fora and actors that can ensure a good amount of public discourse to protect the public around these things. They're not inherently evil, but you have to exert restraint over what you open up because their usage isn't inherently symmetric or good.

In short: I'm not feeling ethical responsibilities with regards to state actors using my build tool, because anyone can use them, and my initial intent is often giving newcomers a better user experience around the ecosystem. However, with a security issue, the guidelines about responsible disclosure are interesting: I want the issue to be fixed before it is disclosed to give time to good actors to adjust before exploiters to take over something. I want things to be known (for general safety) but want to give the time for the issue to be fixed so the general public has a time to adapt and fix things before new bad actors know of it -- unless it's proven to be exploited in the wild where you gotta haul rear end.

But it's not true that I would equate security research to helping nazis because nazis can use the new security holes and that my responsibility as a code write or authors are absolute. I think they need to be put within the proper context, and that the creative leap from "using a tree data structure" to "using a tree data structure to track minorities better" has to incur the majority of the blame, because the dots are far more difficult to connect there compared to "using an app that tracks ethnic markers" where it's almost an invitation for hate groups.

MononcQc fucked around with this message at 21:19 on Jan 29, 2020

MononcQc
May 29, 2007

"I believe I did, Bob."



MononcQc posted:

If I invent crampons so people stop slipping on ice or steel-toed boots, I won't keep the invention or the concept private because it also allows bad actors to kick people more effectively for it; there are obvious benefits that neutral or non-evil actors will have out of it, and I would expect the rest of society to cover or regulate around the bad actors usage of it.

while I'm at it, this bit above is why I think the campaign is interesting. It's not that I blame the js-linter people for their support of ICE, it's that they're trying to find ways to empower people who see their creations used for bad deals where governments and legal frameworks have clearly failed the people to do something about it. In the end, putting a tricky license or pulling the library fixes nothing over a moderately evil actor that is state-supported (if you jail babies for the govt, you can just not respect licenses and also vendor your dependencies) and be untouchable; the bigger impact is in a kind of disrupting protest move that raises awareness and hopefully makes employees at the evil companies realize they're being lovely.

if it makes people question their ethics, it's probably good, even if I don't think it's reasonable to assign blame to neutral tools for the evils of a corporation or government, who should bear the full responsibility of the poo poo they're doing.

MononcQc
May 29, 2007

"I believe I did, Bob."



it's forever been true that the individual feels powerless, but as long as they all individually choose to do the work that makes the machine work, they're somehow complicit. I guess we're mostly trying to assign how much complicity there should be here, from "none, I am the oppressed" to "I am the one giving the orders at the top".

I guess the precedent for that poo poo are the Nuremberg principles with some interesting stuff around command responsibility, but the less you trust actual authority to resolve things, the more you are forced to propagate responsibility to counter-act towards the street and the lowest levels.

In my mind most tech folks who just write a rando JS lib can't be held accountable, but can make a lot of noise through disruption. First those that work directly in companies like Palantir, then those that work into adjacent ones like Google or Microsoft/Github, later those who just write rando util libraries that are clearly not contextualized for this, followed by more general devs unrelated to the whole ordeal and general population.

I guess there's just always enough people who align their morals with autority/law as a framework to keep the machine working from the top-down unless larger movements counteract them.

MononcQc
May 29, 2007

"I believe I did, Bob."



the only reason removing your package tends to work in doing damage is that npm is surprisingly fickle as a package manager (see old post of mine somewhere about how they can allow the same dep multiple time with clashing versions within a package), and they at different times in the past had no good protective mechanism around dropping packages, parking names, reusing names for new packages. Coupled with the lack of stdlib, it was easy for a user to have a little util function used by thousands and thousands of projects, drop the package, and then gently caress up everyone's build because a bunch of people appear to run npm as part of every build on every prod node.

Plus they had a history of generally having semver recalculated on each single new build, which would let maintainers drop point versions of existing packages and start loving with random builds across the world.

This is hilarious and gathered attention from the press, but any shop that has their poo poo together would pin deps better, vendor or mirror them, and just not be stuck with it. So the whole effort of "please take your package down in protest" is intended to harm firms that depend on it while hoping Palantir still hasn't got their poo poo together after all that time and the few attempts that happened already.

MononcQc
May 29, 2007

"I believe I did, Bob."



This thread assumes you write some OSS code that is used by bad actors, and therefore asks you to act to undo or at least slow down the evil that you helped unleashed onto the world (your code, also baby jails) in order to undo the facilitating you inadvertently did.

What about the opposite though, where your code is used by a good, benevolent actor (say doctors without borders, curing ebola): is being inactive enough to get the moral benefits of helping make the world a better place through your idiot code?

If we can ask whether passivity in face of bad situations (your code jailing babies) is enough to make you a bad person, would a similar utilitarian argument be possible with good code uses: is not actively maintaining OSS code that would help solve a bad situation (ebola) actually disengagement in front a greater evil, and technically bad?

MononcQc
May 29, 2007

"I believe I did, Bob."



therefore, just merge my loving PR you nerd

MononcQc
May 29, 2007

"I believe I did, Bob."



The lawyery ones are interesting. I'm still torn on the idea of EULA-like clauses into copyright licenses. Bryan Cantrill has a good blog post on that front (written in the context of companies trying to get AWS to not just wrap OSS poo poo and charge for it): http://dtrace.org/blogs/bmc/2018/12/16/a-eula-in-foss-clothing/

quote:

...
You will notice that this looks nothing like any traditional source-based license — but it is exactly the kind of boilerplate that you find on EULAs, terms-of-service agreements, and other contracts that are being rammed down your throat.
...
my copy of the software isn’t mine at all. On the one hand, this is (literally) proprietary software boilerplate — but I was given the source code and the right to modify it; how do I not own my copy? Again, proprietary software is built on the notion that — unlike the book you bought at the bookstore — you don’t own anything: rather, you license the copy that is in fact owned by the software company. And again, as it stands, this is dubious, and courts have ruled against “licensed, not sold” software. But how can a license explicitly allow me to modify the software and at the same time tell me that I don’t own the copy that I just modified?! And to be clear: I’m not asking who owns the copyright (that part is clear, as it is for open source) — I’m asking who owns the copy of the work that I have modified? How can one argue that I don’t own the copy of the software that I downloaded, modified and built myself?!

MononcQc
May 29, 2007

"I believe I did, Bob."



At some point maintainers decided to change the license for the Erlang language from the EPL ("Erlang Public License", a rewrite of the MPL to please Swedish lawyers) to Apache2. What they did is found all the contributors since the 90s, tried to contact them all, had them sign an agreement (which pretty much everyone did).

What about the few people they couldn't contact or reach out? They felt they did enough to be fair to everyone, and if someone is truly unhappy they can sue Ericsson.

MononcQc
May 29, 2007

"I believe I did, Bob."



There's also value in diversity of components (i.e. not all the components have the same implementations, therefore not all the underlying bugs and issues are shared across all users), and there's no way to learn like reinventing for sure. I've been through that pattern in many projects and it's interesting to find that a rewrite from first principles lets you take new approaches that are cleaner in some general case, but then necessarily shittier for an edge case you hadn't considered. And the edge cases vary between various people's implementations, so the skeletons are all very varied and into different closets.

It's a kind of fun phenomenon.

MononcQc
May 29, 2007

"I believe I did, Bob."



I've been linked to a paper called Culpable Control and the Psychology of Blame, which tries to give an explanatory (more than prescriptive) take on how blame is generally attributed. Haven't gone through it at this point but it looks hella interesting and tries to borrow from both moral philosophy and legal frameworks in trying to unifying the vision.

MononcQc
May 29, 2007

"I believe I did, Bob."



Mozilla needs to survive and keep working on FF if only to enable some part of the god drat forsaken web endeavour not to be a through and through for-profit—led ad project for giant billionaire sacks of poo poo

MononcQc
May 29, 2007

"I believe I did, Bob."



before the web designers were fine doing print media and just having nothing move or flash for no reasons, and being able to do poo poo like use any orientation for thing and place them however the gently caress they want

MononcQc
May 29, 2007

"I believe I did, Bob."



it is deeply troubling that in so far as protecting rights and fostering communities rather than straight up exploitative behaviour, Richard Stallman has done a better job through GPL than most of the people who followed.

I also read the text Bob Howard linked. It makes good points about the bad incentives and maintenance of the status quo, and on the focus on users rather than authors. Bringing up the bits with OSI going "yeah you can't do poo poo about evil people", reducing the autonomy of maintainers, and so on. It doesn't seem to clash with Rotor's manifesto though, which tries to provide a means to that change.

I.e. the use of a trust to manage license grants rather than just "go hog wild you beautiful OSS user" seems to be a complete attempt at changing the dynamics from one where the user is empowered to everything into one that brings back a better balance of author-to-user. It is true that the people who are not part of the agreement can still suffer from it -- people who get racially profiled by ML poo poo for example. The status quo entrusts the users of the library with the moral responsibility of not harming others. Rotor's manifesto expands this responsibility to the author and the users (both have to agree for the code to remain usable).

Rotor's manifesto appears to be a net benefit from the moral perspective.

The interesting bit I was playing with is flipping towards an utilitarian viewpoint: if such a trust was everywhere for all OSS, would we have had easy turnkey solutions such as nginx for web front-ends or redis for backends? Would this framework be possible to leverage as a way to keep others down if you disagree with them (i.e. deny code use to human rights activists and specifically create a trust for evil?)

I guess the toy argument is moot for a few reasons:
  • it assumes the status quo is desirable and that preventing it from happening would be bad
  • it assumes that trusts are transparent and only a legal entity that do not play the role of arbitration
  • it pre-supposes that it is one or the other working rather than both at the same time; adding such trusts wouldn't make other licenses disappear and you can't divorce a solution from its ecosystem that easily.

MononcQc
May 29, 2007

"I believe I did, Bob."



My experience with Open Source software as the maintainer of a build tool for a language is that everyone just hopes you make their entire loving development teams more productive but won't take 5 minutes to actually fill the issue template directly and if you're lucky you're gonna get 2-3 contributors who hang around for 2-3 years each.

Large corporations like WhatsApp will actually poo poo publicly on the work you do as not being scalable to their org and mega private repos for which they give you no details unless you as an individual go and reach out directly to some employees you met before and set up relationships with them to fix the issues before they do a big public presentation where they dunk on you for not knowing how to scale poo poo and just dropping with "but we're now fixing it for you all" PR stuff at a conference.

I'd like to thank the person at WhatsApp who actually agreed to sit down with me and test poo poo and help improve the code base, and let us release major improvements before another person at WhatsApp made their big public announcement and instead had to change their slides for "it used to be inadequate but now it's fine, but by the way we're still looking to replace that tool"

MononcQc
May 29, 2007

"I believe I did, Bob."



My other experience with open source is Ericsson nearly killing their tech 20 years ago, employees managing to convince them to open source it, and then the company readopting the tech and maintaining it for me to make a career out of it.

In short, OSS is a land of contrast.

I would sure like to have the ability to put my code license in a trust where it's obvious that if you're looking to run your business to conveniently build more blockchains to track immigrants, you're stuck at least implementing all your loving tools from scratch, or use another language (and another community) to do your poo poo.

The libertarians and pro-business dipshits who keep yelling at hobbyists who dared to pick a GPL'd license because they can't turn the free labour into a self-serve business can keep using the licenses that exist today.

MononcQc
May 29, 2007

"I believe I did, Bob."



you wouldn't benefit from it anyway because google owns the project and nobody will use your alternative unless some other big corporation takes over it and sells it without giving you a dime for it. Then you would get a side-benefit like improved reputation and maybe being invited at confs that begrudgingly pay their speakers, but you would still have to go through the same loving interview process as everyone else if you ever wanted to get paid for it by the people actually using your code for money.

The only free passes you get that are worth money is when you get hired as an advertising stunt for devrel, further hiring measures, or as a way to have a company position itself as friendly to a community.

MononcQc
May 29, 2007

"I believe I did, Bob."



exposure is something people die of, not something you want to work for

MononcQc
May 29, 2007

"I believe I did, Bob."



I rather like how this is both ambiguous and unambiguous:

quote:

This software must be used for Good, not Evil, as determined by the primary contributors to the software.

It is obvious the primary contributors are in charge. The thing obviously unclear is what do the primary contributors believe is good and what is evil.
I figure this is not the problem of the primary contributors though, and there is no requirement for anyone to give a gently caress what such ethics are meant to be but the users.

I'm interested in knowing how someone who wants as many users as possible would handle this. Would you just link to some philosopher's writing and say "look, I'm a kantian person who believes in a moral imperative" and another one go "I'm more of a situational ethicist and therefore love has to be the root of anything you do with this" and some guy goes "I read marcus aurelius and I'm super into stoicism so you can only use this as long as I don't think you're being too emotional right now"

don't get me wrong I'd never expect any of this to take place, but I'd sorta love having more software devs going "let me think about what constitute ethics for myself before I publish anything" even if it's limited to "I listened to half a podcast, slept during philosophy in college, but I watched The Good Place and here's my take" (it's a good tv show okay)

MononcQc
May 29, 2007

"I believe I did, Bob."



qirex posted:

the "someone who wants as many users as possible" model is the current default. any restrictive license will reduce the pool of potential people and orgs who would use it, but that's the point if you don't want palantir to fulfill ice contracts using tech you created

Well on one end there's the current nonrestrictive licenses. On the other end is closed source where nobody sees your code.

By virtue of picking a license somewhere in between both, in this case the "gently caress around and find out license", you're ready to play with a dial where you try to balance "people who use this" with "does good/does no harm".

If you're more on the side of "I don't really care how many people use this", then you can afford to be as ambiguous as possible because you keep control on impact by revoking or granting licenses. If you're wanting to be a bit more self-serve ("people adopt the license and I get more users with less policing") then you would arguably want to clarify the ethics by which you will revoke or grant licenses, no?

MononcQc
May 29, 2007

"I believe I did, Bob."



you can keep using this software license as long as you can convince two or more chuds to wear a mask in public while this pandemic unfolds

MononcQc
May 29, 2007

"I believe I did, Bob."



Meanwhile in the business world: https://slate.com/news-and-politics/2020/12/neal-katyal-supreme-court-nestle-cargill-child-slavery.html

quote:

On Tuesday, the Supreme Court confronted a seemingly simple question: If an American corporation aids and abets child slavery in a foreign country, can its victims sue the company in an American court?

[...]

Two years ago, by a 5–4 vote, the conservatives granted foreign corporations immunity from [Alien Tort Statute] lawsuits. On Tuesday, Katyal asked the court to expand this immunity to American corporations—meaning, in effect, that no corporations, foreign or domestic, can be sued under the statute. [...] In his brief, Katyal argued that allowing corporate liability would “place U.S. firms at a competitive disadvantage compared to companies in countries” with a law similar to the ATS. [...] Katyal also claimed that the “international community” does not support holding corporations responsible for violations of international law. For support, he pointed out that the Nuremberg prosecutors declined to prosecute “the firm that supplied Zyklon B gas, which the Nazis used to kill millions.”

so uh, there might be something desirable about not leaving morals and ethics to corporations after all maybe

MononcQc
May 29, 2007

"I believe I did, Bob."




I read that one yesterday and I liked it.

There was a follow-up discussion online (probably HN?) that quickly mentioned models that use open source and are successful, but it's a bit hard to argue at least in the server space where one of the big players is just gonna take your poo poo and run you out of business with it.

MononcQc
May 29, 2007

"I believe I did, Bob."



Buck Turgidson posted:

I don't quite understand how a licence like fafol is valid or enforceable. At least in my country, for a contract to be valid, the rights and obligations dealt with under the contract need to be "certain". Leaving the meaning of key terms to the discretion of one party without actually listing specific permitted or forbidden uses is a sure-fire way to render your agreement void and unenforceable. If your licence agreement is void then you may as well pump out your software with no licence at all (also not a great idea given current copyright laws, although at least you may have control I guess).

I understand the appeal of these licences but personally I wouldn't use them. If you are truly concerned about the potential for your software to be used for evil, an attempt to constrain use of your software via a licence is probably not going to work, especially if state actors, criminals or powerful businesses want to use it. If your concern is great enough, don't release the code, release it only to those you trust, or remove the functionality you are concerned about.

On a bit of a side note, I personally think it'd be fun to release under a GPL-like licence, but restrict the permissions granted under the licence to natural persons only (specifically excluding corporations, government bodies, and their agents/employees). I wonder what the FSF would say about that and whether it conforms to their four freedoms.

They mostly rely on the "poison pill" aspect where corporate lawyers' aversion to running into legal grey areas for fun is not as developed as their liking of being on retainer while not being in court, so most of the advice is going to be "don't even bother touching these, we won't go there." No one really wants to be first at testing that litigation. Specifically when the license is seen as invalid, it doesn't mean you default to open source, it means you default to having been illegally using a piece of software for your product, so the license is more or less in a legal limbo for all stated usages. The risk is generally higher for a corporation than an individual user.

In general GPLv3 is sufficient to get that effect, but some corporations have been hungry enough about some pieces of software to either get their lawyers to look at it and then comply because the cost of developing software would be higher than asking the lawyers to just look at the loving thing (i.e. ffmpeg is the classic one where you can look into any smart TV's manual or android "about" section and go get the licenses), or to find a workaround they feel safe enough about (stick the OSS component behind a server, consider it separate as a codebase). Those with more powerful lawyers or a greater fear from the legal perspective just ban it outright and prefer to eat the cost of redeveloping poo poo from scratch (Apple is probably the best example there).

The "stick it behind the network" is what the folks at MongoDB and Redis have tried to block with newer licenses.

MononcQc
May 29, 2007

"I believe I did, Bob."




This is a good article and I like many quotes from it.

quote:

Most people in the industry don’t realise that the web dev economy is primarily extractive. As with the earlier assumption that Google must be trying to keep Adwords clean and sustainable, there’s the assumption here that somebody in tech must be making sure the work behind OSS is paid for. Or, almost as naively, they assume that it can all subsist as donationware.

People in web dev constantly assume that something somewhere must be paying for the OSS dependencies they use. This is why developers come in with the entitlement of a paying customer. The OSS maintainer is supposed to serve them with the enthusiasm of somebody being paid. Their worldview just doesn’t accommodate the idea that this is unpaid labour because then they’d have to start questioning the very sustainability of their own careers.

quote:

Many of the misconceptions about OSS stem from the fact that the core of the ecosystem is funded.

Facebook is pouring money into the React sub-ecosystem, and Google keeps burning cash on the Chrome bonfire. Microsoft keeps funding developer infrastructure like Visual Studio Code, Typescript, npm, and GitHub. Those are just the most prominent examples. They all fund ton of other projects, either directly or indirectly, through a wage surplus.

A surprising amount of OSS is made by former big tech developers. They can afford to subsist on meagre revenue—for a time—because their pay and stock options have left them free of debt and with well-stocked savings accounts.

This is much more common than you’d think. Scratch away at the surface of pretty much any active OSS project that has no discernible revenue, and you either get a burnout waiting to happen, or you’ll find a formerly well-paid dev coasting on savings. Many of the rest have solid VC funding. Though, VC funding always runs out at some point. The business fundamentals just aren’t there for open source when you have Google, Amazon, and the rest gatekeeping all of the value in the market. This is why the ecosystem is already beginning to pull apart at the seams.

I had personally written on how we tend to make a ton of poo poo unsustainable by just externalizing the training and knowledge to unpaid parts of the ecosystem and I really enjoyed this one article's take on the economics of it at a broader level.

quote:

It isn’t just software: web dev education, training, and recruitment exist primarily to extract value from Facebook’s React or Google’s OSS projects. Very few of them invest in figuring out what sort of training will serve their students the best. The easiest thing to sell to both recruiters and students is the big framework on the block, so that’s what they sell and very little else.

The extraction mentality is baked into the business. Which is sort of fine when you’re dealing with projects funded by mega-corporations but disastrous when applied to the unfunded or poorly funded rest.

The money hose, combined with free or subsidised services, is a control mechanism that lets big tech companies control the OSS ecosystem. Projects they want to promote will get the money spigot. Other projects, like MongoDB or Redis, get turned into commodities and resold as cheap services.

MononcQc
May 29, 2007

"I believe I did, Bob."



the biggest value of GPL code is that it endlessly pisses off wanna be startups that just want to use free poo poo without having to talk to lawyers

MononcQc
May 29, 2007

"I believe I did, Bob."



you can get the open source box truck for free, often with all parts machined by other people working in boxtruck factories, but nobody actually sells a boxtruck you can own, and the only other option is forever renting the box trucks from companies that go bankrupt all the time while none of said boxtrucks are ever compatible.

tech is its own environment with its own reality.

MononcQc
May 29, 2007

"I believe I did, Bob."



SYSV Fanfic posted:

I wonder how much longer and how bad of a thing has to happen before the public at large starts demanding that software be held to the standards of normal reality. People don't question the status quo. Essentially when will "but with a computer" stop making something special and unique. The fact that there is a difference between a cleaning service destroying your family picture album and a microsoft updating trashing your mydocuments becomes more absurd and unfair every year.

Tech is too profitable to be regulated. I'm cynical and barely kidding here:

https://twitter.com/mononcqc/status/1457453100869033996

(tweet because I'm too lazy to re-host the doodle).

The potential for a profitable area is too big to be ignored (all the big tech players are now more profitable, larger companies than any traditional ones), and they are now sort of too big to fail and be reined in. The fines are too small to be consequent, and even Facebook defrauding everyone on video ads won't stop marketing departments from going there because their budgets are too tied to it, and the promise of profitability is better than most other things.

Anyway, rather than regulating things such that tech can do fewer things, the pattern I generally expect is that the legal liability for things going bad will just be shifted onto individuals or regulatory bodies--we respect the standards, just force better standards (while lobbying against them)--rather than on corporations.

A company wouldn't be blamed for destroying (or leaking) photos, there'd be a legal disclaimer about it and the legal system in place to protect them. So long as the expected benefit to the organization is greather than the risk (the liability), there's no reason they wouldn't market the poo poo out of it. The exploitative aspect is legally baked in, which is partly why it ruled so much when gig workers started "abusing" the arbitration clauses that prevented collective action by just spamming so much arbitration they became a financial burden on the organizations (which then wiggled out of the obligation anyway, while working on things like Prop 22 at the same time).

Also I would add: this is the reality already. Tesla beta tests life-endangering poo poo on public roads, everything is data-mined to poo poo, ads are everywhere based on it, Apple trackers are used by stalkers, and the unsafe software is rolled out to the public already. The safer non-connected world of the past is gone already, and the current generation is growing up with this as a status quo. This is normal reality and until there will be a lot more bodies, nothing's gonna be done about it because you can assign a value to life and the prospective profits are just too high.

MononcQc fucked around with this message at 19:19 on Dec 26, 2021

MononcQc
May 29, 2007

"I believe I did, Bob."



yeah I get that. Mostly it's just the idea that things won't improve with the system as-is. The required shifts will need to come from bigger changes elsewhere, and I'm just putting more of my energies elsewhere than in OSS given they tend to fuel that self-propelling machine these days. They don't need more of my help and almost anything new I do in my free time is obscure or licensed in ways that would just piss any corporation off.

MononcQc
May 29, 2007

"I believe I did, Bob."



https://twitter.com/fxcoudert/status/1476204806381395969

they may have nukes, but we didn’t get paid, so...

admiring the strict policy there.

MononcQc
May 29, 2007

"I believe I did, Bob."



Any open source dependencies you get in a project of yours is just a loaned, temporary piece of code you don't have to write, for the time being. If it goes, it goes.

"But I don't like this perspective, it makes me feel my product is far more brittle than I thought"

Yes, exactly.

Adbot
ADBOT LOVES YOU

MononcQc
May 29, 2007

"I believe I did, Bob."



I got my initial name and exposure from writing a book for free online, but the truth there is that any random person reading a book gets to interact with it in far more depth than code and you can put a lot more of your personality in it, and then still get a book deal and make the equivalent of close to (or below) minimum wage far more easily than with code, but with as many job/speaking opportunities lined up with it.

Like thinking of it in these terms I was a god drat genius [actually: lucky] to focus on this at first, and it's worth it forever more than code.

Plus almost nobody asks you to maintain and patch a book past publication.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply