Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Cybernetic Vermin
Apr 18, 2005



Progressive JPEG posted:

the author of a software law blog that i've been following announced a couple template licenses

quote:


Normally Open
says “Everything not prohibited is permitted.” You get to fill in what’s prohibited.

Normally Closed
says “Everything not permitted is prohibited.” You get to fill in what’s permitted.
obv more interested in the Normally Closed one

partially a good post, partially time to bump this thread. software licensing may be a pretty small thing all things considered, but it is a clearly yospos place to start from. and the times of finding some ease in the vagaries of the term "open source" are long over.

Adbot
ADBOT LOVES YOU

Cybernetic Vermin
Apr 18, 2005



it is a hugely interesting direction to think about, but kind of agree that maybe the lingering threat of the software being pulled for any reason is a bit much. it is nice if software can be reasonably useful to a lot of people too.

possibly one would get pretty far by defining a trust charter which covers specific cases (e.g. military, police, surveillence) without the original developer having revocation rights on top. to that way strike a balance where usage rights can still be guided intelligently (as opposed to codifying a license which fails to cover the next atrocity), while letting more moral enterprises rest pretty easy that they wont get the rug pulled on them for something entirely unexpected.

otoh that only really considers specifically the ethics bit, but i am not sure all parts can be well solved together.

Cybernetic Vermin
Apr 18, 2005



PCjr sidecar posted:

when the cost to evil people of me not helping evil people is low or nonexistent

i think one of the biggest hurdles is precisely overcoming this: the incorrect idea that software is somehow largely worthless despite being huge business.

Cybernetic Vermin
Apr 18, 2005



which is not fully comparable, but analogous in that that too is pretty hosed up.

Cybernetic Vermin
Apr 18, 2005



unionizing the code factory is one part, and while difficult to achieve in practice the structure is not very different from any union. i think the supplanting of open source is more akin to having the code artificers join the guild (e.g. submit their code to the right trust).

coding is a really broad category and the solutions will almost necessarily be different for different parts.

Cybernetic Vermin
Apr 18, 2005



he apparently lost all his precious metals in an apartment fire. will make anyone reflect on their important choices, like how they license their js.

the hn thread is pretty wild though

Cybernetic Vermin
Apr 18, 2005



Jabor posted:

hackers are surprised that if your license says "hey feel free to take this and use it commercially", people take what they wrote and use it commercially?

i'll freely admit to a certain idealistic naivity myself on the point yeah. not enough to ever put significant work into any open source, but enough to attach an importance to hugely 'successful' projects which i thought entirely separable from economic (and political) concerns.

Cybernetic Vermin
Apr 18, 2005



it is only partially about licenses, but the log4j debacle pretty clear-cut part of a very bad system. https://christine.website/blog/open-source-broken-2021-12-11

Cybernetic Vermin
Apr 18, 2005



meanwhile the take over on osnews:

quote:

Money corrupts anything it touches. I’m insanely grateful for the almost endless number of people contributing to open source projects not because they expect to become rich, but because they enjoy doing it, to show off their skill, for the community of people they love interacting with, for the recognition it sometimes brings, or for the mere secret knowledge that their small project nobody’s ever heard of is a crucial cog in the massive machinery that keeps the technology world spinning.

Open source isn’t broken. It’s working exactly as intended, and it’s by far the most powerful force in the technology world, and it will outlive any of the corporations so many people bend over backwards to please today.

massive security issues people are forced to fix without pay: things working exactly as intended actually

Cybernetic Vermin
Apr 18, 2005



the gpl3 is made entirely obsolete by the agpl3.

Cybernetic Vermin
Apr 18, 2005



which rather misses the theme of the thread, which is not "don't write software" (that's the rest of yospos), but that more effort should be expended trying to control where and how such software gets used. the agpl3 is a start, but as was demonstrated by the gpl3 evolving into being perfectly acceptable for cloud services companies you can't just assume that you have a sufficiently poisonous pill already.

Cybernetic Vermin
Apr 18, 2005



SYSV Fanfic posted:

also a lot of the anti copyleft ppl are taking a play from the anti-union playbook - "The gpl was for a different time and we've moved past that". https://martin.kleppmann.com/2021/04/14/goodbye-gpl.html

one of those articles that have a lot of basic things right (e.g. how the big cloud platforms have rendered a lot of past license activism moot), but fails to then inspect his own motivations and moral position, instead just obliquely referring to "software freedoms" and going "whelp, might as well keep coding away and releasing under mit licenses v:shobon:v".

SYSV Fanfic posted:

As far as who would maintain a java logging library or openssl - people like to feel important and useful. I think it was rotor who was wondering why anyone would maintain deprecated features on behalf of major corporations - the corporations aren't the ones that approach people. Employees who are flesh and blood humans do. Most people have not yet cultivated the attitude that anyone who works for a corporation has voluntarily installed a brain implant to where they can be remote controlled by psychopaths.

it is indeed not that those people are getting mind-controlled by corporations into doing these things, they are doing it out of their own free will, only it is a bad thing they are doing and they should stop.

Cybernetic Vermin fucked around with this message at 16:40 on Dec 25, 2021

Cybernetic Vermin
Apr 18, 2005



in addition i also consider this a separate but related thing:

5. the gospel of *inherent* goodness of open source contribution leads to a lot of real costs and bad software.

carefully managed and controlled (with some kind of goal orientation) many projects turn out great, but in most cases the idea that more patches/features/contributors/extensions/whatever => better rules the day. this idea has comingled into that most modern open-source-based development methodology which includes just pulling in vast amounts of completely random code (see: npm syndrome), and there being no resistance to ballooning implicit requirements when someone tosses more code at things.

log4j2 is a good example here, as the main log4j2 guy started it because log4j1 wasn't very good at logging multiple non-string attributes (?!), and didn't offer very strong delivery guarantees, e.g. appenders throwing exceptions (??!). why was this important? because he works in banking and was idiot enough to want to do actual bank audit logging in log4j. the entire project shifts that way, accrues vast complexity, and eventually breaks the world in a way much costlier (in the real people-lose-their-weekend-off sense) than any effort saved up to that point by log4j's existence.

this problem is kind of downstream from rotors list, a combination of lack of control and corporate capture, but otoh a very current incident.

Cybernetic Vermin fucked around with this message at 12:55 on Dec 26, 2021

Cybernetic Vermin
Apr 18, 2005



whether change is possible or not it is anyway useful to kick these arguments around a bit to get an understanding of where one stands.

such as just having some perspective when osi whined about the sspl (very corporate agpl++ used by mongo and elastic), which is pretty healthy really:

Optimus_Rhyme posted:

OSI mad

quote:

We’ve seen that several companies have abandoned their original dedication to the open source community by switching their core products from an open source license, one approved by the Open Source Initiative, to a “fauxpen” source license. The hallmark of a fauxpen source license is that those who made the switch claim that their product continues to remain “open” under the new license, but the new license actually has taken away user rights.

The license du jour is the Server Side Public License. This license was submitted to the Open Source Initiative for approval but later withdrawn by the license steward when it became clear that the license would not be approved.

Open source licenses are the foundation for the open source software ecosystem, a system that fosters and facilitates the collaborative development of software. Fauxpen source licenses allow a user to view the source code but do not allow other highly important rights protected by the Open Source Definition, such as the right to make use of the program for any field of endeavor. By design, and as explained by the most recent adopter, Elastic, in a post it unironically titled “Doubling Down on Open,” Elastic says that it now can “restrict cloud service providers from offering our software as a service” in violation of OSD6. Elastic didn’t double down, it threw its cards in.

And the software commons are now poorer for it. The Elastic projects were offered under the Apache license. Outside contributors donated time and energy with the understanding that their work was going towards the greater good, the public software commons. Now, instead, their contributions are embedded in a proprietary product. If they want to enjoy the fruits of their own and their co-contributors’ labor, they have to agree to a proprietary license or fork.

This is not to say that Elastic, or any company, shouldn’t adopt whatever license is appropriate for its own business needs. That may be a proprietary license, whether closed source or with source available. The Open Source Initiative strongly believes that the open source development model is the better way to develop software and results in a superior product. But we also recognize that it is not the right choice for everyone in all cases. A company may find that its business needs and direction have changed over time, such that the original license choice is interfering with their business model. A switch may be the right choice.

But Elastic’s relicensing is not evidence of any failure of the open source licensing model or a gap in open source licenses. It is simply that Elastic’s current business model is inconsistent with what open source licenses are designed to do. Its current business desires are what proprietary licenses (which includes source available) are designed for.

What a company may not do is claim or imply that software under a license that has not been approved by the Open Source Initiative, much less a license that does not meet the Open Source Definition, is open source software. It’s deception, plain and simple, to claim that the software has all the benefits and promises of open source when it does not.

Signed,
The OSI Board of Directors

brb conna trademark "fauxpen source"


e:

https://twitter.com/h0mbre_/status/1353406764423798784

Cybernetic Vermin
Apr 18, 2005



hardly counts as malicious, just intentionally broken. which should also be a reality check on how many unknown people could push actually malicious code into your codebase.

Cybernetic Vermin
Apr 18, 2005



FMguru posted:

if you have a problem with people making money off of your work and giving you none of it...maybe dont release under a license that lets people freely reuse it and not pay you anything?

right, and to facilitate this truth we should speak out against the pervasive idea of how doing open source is inherently rewarding and good.

Cybernetic Vermin
Apr 18, 2005



Gazpacho posted:

maybe set up and advertise a business entity that companies can pay for work done, regardless how it is licensed? something that this guy likely knew how to do as a startup founder

oh wait, that's something you'd do if you actually want to rise out of your predicament, not drag others into it

since we keep circling this i will try with less sarcasm: a lot of people keep getting told that they will reap real rewards from doing open source work. build a portfolio, make something useful and it is an inherent good, you will get recognized, the successful open source people do make money, etc. etc. and it is mostly bullshit. if everyone is a perfectly rational actor recognizing a supposed objective reality, sure, they're idiots for giving poo poo away to start with expecting anything. should just set up a entity charging for the work, sure. but a lot of people are getting lied to by a lot of people (and weirdly those groups overlap heavily).

which does not mean all open source is bad, or that this insane guy is good, but we at least shouldn't fool young people into devaluing their (and others) work.

e: also, this may not be everyones favorite angle on this, but imagine trying to actually organize labor in this industry with scabs already at work even before a strike starts.

Cybernetic Vermin fucked around with this message at 21:05 on Jan 10, 2022

Cybernetic Vermin
Apr 18, 2005



Bonfire Lit posted:

if (isUnicodeSupported()) { useUnicode(); } else { useDifferentUnicode(); }

otoh the unicode checking dependency is pretty rough (this is the entirety)

code:
export default function isUnicodeSupported() {
	if (process.platform !== 'win32') {
		return process.env.TERM !== 'linux'; // Linux console (kernel)
	}

	return Boolean(process.env.CI) ||
		Boolean(process.env.WT_SESSION) || // Windows Terminal
		process.env.ConEmuTask === '{cmd::Cmder}' || // ConEmu and cmder
		process.env.TERM_PROGRAM === 'vscode' ||
		process.env.TERM === 'xterm-256color' ||
		process.env.TERM === 'alacritty';
}

Adbot
ADBOT LOVES YOU

Cybernetic Vermin
Apr 18, 2005



Zamujasa posted:

the forums converted it to html entities, it appears as regular text in the code proper. that said i do wonder if the "non-unicode" ones actually work on not-unicode consoles considering that the check and cross marks aren't plain low ascii and presumably the file's encoding is utf8 since it's for console output

it is pretty confused phrasing, in that windows nt cmd.exe (it and the linux console being the only environments actually singled out) has had unicode support since 1993 afaik. what it does *not* have is unicode *emoji* support.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply