cypherpunks

cypherpunks, 1 month ago

Ok, I just stickied this post here, but I am not going to manage making a new one each week :)

I am an admin at lemmy.ml and was actually only added as a mod to this community so that my deletions would federate (because there was a bug where non-mod admin deletions weren’t federating a while ago). The other mods here are mostly inactive and most of the mod activity is by me and other admins.

Skimming your history here, you seem alright; would you like to be a mod of /c/linux@lemmy.ml ?

cypherpunks, 1 month ago (edited 1 month ago)

As of today, NixOS (like most distros) has reverted to a version slightly prior to the release with the Debian-or-Redhat-specific sshd backdoor which was inserted into xz just two months ago. However, the saboteur had hundreds of commits prior to the insertion of that backdoor, and it is very likely that some of those contain subtle intentional vulnerabilities (aka “bugdoors”) which have not yet been discovered.

As (retired) Debian developer Joey Hess explains here, the safest course is probably to switch to something based on the last version (5.3.1) released prior to Jia Tan getting push access.

Unfortunately, as explained in this debian issue, that is not entirely trivial because dependents of many recent pre-backdoor potentially-sabotaged versions require symbol(s) which are not present in older versions and also because those older versions contain at least two known vulnerabilities which were fixed during the multi-year period where the saboteur was contributing.

After reading https://www.nongnu.org/lzip/xz_inadequate.html (first published eight years ago…) I’m convinced that migrating the many projects which use XZ today (including DPKG, RPM, and Linux itself) to an entirely different compression format is probably the best long-term plan. (Though we’ll always still need tools to read XZ archives for historical purposes…)

cypherpunks, 1 month ago

for those unfamiliar: Reflections on trusting trust by Ken Thompson

cypherpunks, 1 month ago (edited 1 month ago)

Thanks. They are no longer a mod of this community. (I wrote this comment to them and they did not reply.)

cypherpunks, 1 month ago

Opensource just means that the source code is available, FOSS however implies that you’re free to modify and redistribute the program

Incorrect. “Open Source” also means that you are free to modify and redistribute the software.

If the source code is merely available but not free to modify and/or redistribute, then it is called source-available software.

cypherpunks, 1 month ago

Not necessarily true - that right to modify/redistribute depends on the exact license being applied.

If you don’t have the right to modify and redistribute it (and to do so commercially) then it does not meet the definitions of free software or open source.

For example, the Open Watcom Public License claims to be an “open source” license, but it actually doesn’t allow making modifications.

The Sybase Open Watcom Public License does allow making modifications, and distributing modified versions. The reason why the FSF has not approved it is that it requires you to publish source code even if you only wanted to run your modified version yourself and didn’t actually want to distribute anything to anyone. (The Watcom license is one of the few licenses which is approved by OSI but not FSF. You can see the other licenses which are approved by one but not the other by sorting this table.)

The FSF’s own AGPL license is somewhat similar, but it only imposes the requirement if you run the software for someone else over a network. (Neither of these requirements are likely to be enforceable by copyright law, as I explained in my comment about the AGPL in the thread which this thread is about…)

This is also why we specifically have the terms “free software” or “FOSS” which imply they you are indeed allowed to modify and redistribute.

I would recommend reading this: gnu.org/…/open-source-misses-the-point.en.html

I would recommend that you re-read that, because it actually explains that the two terms refer to essentially the same category of software licenses (while it advocates for using the term free software to emphasize the philosophical aspects of those licenses).

cypherpunks, 1 month ago (edited 1 month ago)

Hi @haui_lemmy,

fyi icymi due to this thread someone posted this other thread asking .

I don’t have time to read all ~200 comments in these two threads, but I do think that being a moderator of /c/opensource@lemmy.ml requires knowing what FOSS is to be able to remove posts promoting things which are not.

Hopefully the replies here (again, I have not read even half of this thread…) have made you better informed?

In case you haven’t yet, I would highly recommend that you read these two documents (you can start with their wikipedia articles and follow links from there to the actual documents):

• en.wikipedia.org/…/The_Free_Software_Definition
• en.wikipedia.org/wiki/The_Open_Source_Definition

In short, the answer to your question (“Is there a License that requires the user to donate if they make revenue?”) is yes, there are many such licenses, but they are definitively not FOSS licenses (despite what some people who haven’t read the above definitions might try to tell you).

I won’t enumerate any of the non-FOSS licenses which attempt such a thing, because I recommend against the use of such licenses or software licensed under them.

BTW, I saw you wrote in another comment:

By now I get that FOSS mostly implies free work for corporations. I‘ll just go with agpl to ensure they get nothing from my work.

While corporations benefiting from FOSS while failing to financially support it at all is extremely commonplace, I vehemently disagree that that is what FOSS “mostly implies”. In fact, the opposite is more common: the vast majority of free software users are not paying anything to the companies who have paid for an enormous amount of the development of it. A few hundred companies pay tens of thousands of individual developers to develop and maintain the Linux kernel, for instance.

Regarding the second sentence of yours that I quoted above, in case you haven’t understood this yet: the AGPL does not prevent commercial use of your work. If you write a web app and license it AGPL, you are giving me permission to run it, modify it, redistribute my modified version, and to charge money for it without giving you anything.

What the AGPL does, and why many companies avoid it, is impose the requirement that I (the recipient of your software) offer the source code to your software (and any modifications I made to it) under that same license not only to anyone I distribute it to but also to anyone using the software over a network on my server.

If the software were licensed GPL instead of AGPL, I would only be required to offer GPL-licensed source code to people when I distribute the software to them. Eg, I could improve a GPL web app and it is legal to not share my improvements (to the server-side code) with anyone at all because the software is not being distributed - it is just running on my server.

By imposing requirements about how you run the software (eg, if you put an AGPL notice in the UI, I am not allowed to remove it) the AGPL is more than just a copyright license: violations of the GPL and most FOSS licenses are strictly copyright violations and can be enforced as such, but violating the part of the AGPL where it differs from the GPL would not constitute copyright infringement because no copying is taking place. Unlike almost every other FOSS license, the AGPL is both a copyright license and a end-user license agreement.

For this reason, many people have misgivings about the AGPL. However, if you want to scare companies away from using your software at all (and/or require them to purchase a different license from you to use it under non-AGPL terms, which is only possible if you require all contributors to assign copyright or otherwise give you permission to dual-license their work) while still using a license which the FOSS community generally accepts as FOSS… AGPL is probably your best bet.

HTH.

p.s. I’m not a lawyer, this isn’t legal advice, etc etc :)

cypherpunks, 1 month ago

there is enough garbage there now that they could just make the tourist permit require everyone to bring down more than they take up with them

cypherpunks, 1 month ago (edited 1 month ago)

maybe it’s important to note he isn’t on trial for treason? The charges are for hacking and espionage.

He isn’t on trial for treason in courts of law, but he is in the court of public opinion - various commentators and some officials (including Senator Joe Lieberman and then-CIA Director Mike Pompeo) have used the word to describe his publishing.

cypherpunks, 1 month ago

what was the prompt you used?

cypherpunks, 1 month ago (edited 1 month ago)

Really? This meme which I just made, with the detailed image transcript for accessibility?

Please, check my lemmy history. Do you really think I’m a Russian troll? 🤣

cypherpunks, 1 month ago (edited 1 month ago)

Doesn’t OPEC control oil prices? 🤔

It hasn’t for a long time.

do you have a source? Everything I am find online is still showing OPEC going strong

They don’t set the price; they influence it by ostensibly controlling the supply from member countries. But, as Wikipedia says:

Since the 1980s, OPEC has had a limited impact on world oil-supply and oil-price stability, as there is frequent cheating by members on their commitments to one another, and as member commitments reflect what they would do even in the absence of OPEC. [4]

cypherpunks, 1 month ago

what is the end result?

cypherpunks, 1 month ago

do you read this meme as being either for or against the US telling Ukraine to stop bombing Russian energy infrastructure? 🤔

cypherpunks, 1 month ago

lol, ok, but i’m actually still baffled as to how you interpreted this meme – both before and now

cypherpunks, 1 month ago

that was predictable

cypherpunks, 1 month ago (edited 1 month ago)

that nostr link doesn’t load for me but this is the url that the post in the screenshot is ultimately linking to: patrick-breyer.de/…/eu-cash-cap-and-ban-on-anonym…

cypherpunks, 1 month ago (edited 1 month ago)

two weeks later: GitLab confirms it’s removed Suyu, a fork of Nintendo Switch emulator Yuzu

sad to see their new git hosting is behind cloudflare 😢