1.  

    In the article, he says sportswear is excluded.

    1.  

      I think the hardest part is that I react to that and see “free, not open”. Looking at the current state of open source, I think a FSF person has every right to say “I told you so!”

      But clearly you think there’s more going on here. I see below that you think that was a personality driven fight, but is that the only way it misses what you think is going on?

      1.  

        What does BSD allow that MIT doesn’t? Or do I misunderstand which licenses you’re comparing?

        1.  

          This is a good nuance. We do want to think of both additive and subtractive color models as having a monoidal operation, but we aren’t guaranteed to have a workable unit just because we have all of the rest of a monoidal relationship. White and black only work as monoidal units when we are mixing abstract colors on a computer screen, and that ultimately isn’t because white and black are absolute endpoints in color modelling, but because we have a maximum and minimum brightness value on our display hardware.

          1.  

            You’ll hear people who work in the field joke about a “compliance-industrial complex”. I think that started back in the early 2000s, after big companies started permitting use of open source in masse. Salespeople for nascent compliance solutions firms would fly around giving C-level officers heartaches about having to GPL all their software. My personal experience of those products, both for ongoing use and for one-off due diligence, is that they’re way too expensive, painful to integrate, just don’t work that well, and only make cost-benefit if you ingest a lot of FUD. Folks who disagree with me strongly on other issues, like new copyleft licenses, agree with me here.

            That said, I don’t mean to portray what’s going on in the open source branding war as any kind of conspiracy. There are lots of private conversations, private mailing lists, and marketing team meetings that don’t happen in the open. But the major symptoms of the changing of the corporate guard are all right out there to be seen online. That’s why I walked through the list of OSI sponsors, and linked to the posts from AWS and Elastic. It’s an open firefight, not any kind of cloak-and-dagger war.

            1.  

              RMS was definitely the figurehead of the “free” movement. But I think that unique symbolic status was more a reflection of hackers, and scene media, wanting one “face” per camp. I’ve known plenty of folks who took his views to heart, acted, and spoke on them. Some even came to chide him for his “tactical compromises”.

              Some of these folks are still around, and still very active. Everybody’s social experience is different. Mine has been that the movement burns a lot hotter in Europe, in India, and generally outside the USA.

              People needed to get paid, and that was the compromise we chose.

              Thanks for that. I don’t think I’ve seen that view before.

              I’ve usually seen it framed as giving up the goal of freedom for the side effects of corporate efficiency, shared resources, leaner startups, and so on. But I suppose it can also be seen as preserving freedom or openness within the trade, but not outside it, without it necessarily following the compromise is just a self-serving conspiracy against the laity. Some is better than none.

              Personally, that strikes me as balancing out heavily on the side of the money. But that’s hardly provable, or falsifiable. Just an impression.

              1.  

                Here in Sweden, the traditional issuers of ID cards have been banks. It’s changed now since the rules around passports have tightened, so the government offers a “national ID card” in addition to a passport (which is now accepted as ID - it used not to be up to the standards of ID cards).

                You do need a bank “partnership” (usually a checking account) but these are easy to get, and free up until you’re starting to earn some money. Our kid got an account, debit card and a Bank ID at 16.

                1.  

                  Yeah, that’s what I had in mind. I didn’t want to personalize the issues. The exception was Tim O’Reilly, who I mentioned by name. But he named his company after himself, so I didn’t really have an option without making a potentially obscure reference, like “Animal Books, Inc.”.

                  It’s important not to understate how important peculiar personalities were to all of this. But I think their importance gets overplayed more often than underplayed. And I thought overplaying it here would weaken what I have to say.

                  One of the points I hope I made was that what we’re seeing now isn’t just a rehash of the old “free versus open” schism, which was very personality driven. The fissure around copyleft versus permissive is opening up again, but the context and content is very different.

                  1.  

                    client-side certificates are cool when the developer is in control of the client, but most people are targeting the web, where the client is instead in control of the developer. The reason Electron is popular is that the majority of developers do not know how to create a UI with anything other than the web; rather than escaping this prison, they package it into an app with a bow, carrying their prison with them. Also certificate management is annoying.

                    1.  

                      Same in Luxembourg with https://www.luxtrust.lu/ it works really well and you have the start card version (mostly for corporate) and the 2FA version.

                      1.  

                        Here in the US, at least, there are laws against tampering with postal mail. I don’t see a moral difference between someone tampering with snail mail and a service provider tampering with unencrypted web traffic. Perhaps the same laws should apply?

                        And secrecy cuts both ways. The same encryption that protects my information can also prevent me from snooping on or monkeying with devices or programs on my network that I either distrust or trust minimally.

                        We’re seeing this same argument around things like DNS over HTTPS. I have legitimate reasons for intercepting and modifying DNS traffic on my network. In my case it’s an allergy to advertising, so I’ve seeded dnsmasq with some blocklists. Behind dnsmasq, I run my own recursor (unbound), in preference to using somebody else’s recursive resolvers. My point is, I would be very upset by my browser circumventing my policies around DNS in the name of privacy or whatever.

                        Sorry for going off on so many tangents; I’ll go back to lurking. This is a discussion worth having, but it’s not quite salient to the topic at hand.

                        1.  

                          Sorry if that didn’t come across clearly enough. I write these things first and foremost for myself. Occasionally other people find them worthwhile.

                          If I were going to try to mush the thesis into a comment box, it would be that the current go-to argument against new, strong copyleft licenses like SSPL, that open source licenses can’t discriminate against closed software development, flaunts the history of free and open source software. The whole crux of that movement was learning to tell the difference between “open” and “closed” and coming down strongly on the side of open.

                          The reason the argument plays these days is that a bunch of closed software companies have taken over leadership of open source institutions. Twenty years ago, they’d’ve all counted as “evil” online, and the idea that open source “wins” if there’s open source in proprietary software would’ve been angrily and soundly dismissed.

                          I have a mechanism for summarizing my own blog posts, which I never remember to use. I’ll add it now. Thanks.

                          1.  

                            It’s not clear whether github can be trusted to act in our interest in the long run. Although issues and PRs are backed up through the API, having to move somewhere else could give significant interruption in development. And hopping from provider to provider would be awful—ideally the whole thing would not rely on a central server at all. For this I’ve been watching the radicle project, a P2P distributed code collaboration platform. It’s not quite there yet, but seems promising.

                            I’m really glad to see that people are considering the potential unreliability of centralized hosting services like Github, and finding ways not to be dependent on them.

                            1.  

                              I’m curious, were you also thinking of particular types of situations where you feel “what” comments are particularly useful?

                              Here’s one of my favorite examples:

                              b=( "${a[@]}" ) # copy array
                              

                              That’s the shortest correct way to copy an array in bash. If you use bash a lot you’ll probably memorize it, but if you’re touching bash once every couple months then the comment will save you a lot of pain.

                              1.  

                                STM32 has a big ecosystem already, it’s like, the most popular brand of Cortex-M microcontrollers.

                                Sure, the Raspberry chip will have a decent ecosystem soon-ish too, but it will take time before there’s good bootloaders, support in RTOSes, full support in OpenOCD and probe-rs, etc. etc. But like, if you look past the branding, the only advantage it has is the PIO thing, which sure is cool, but probably not required for your next project :)

                                1.  

                                  More plumbing probably. Maybe moving a water filter if I get enough prep done first.

                                  1.  

                                    Maybe I’m missing something, but I still don’t see any details in that posts, or the links from it, what disqualifies the SSPL (how does it differ from AGPL?)

                                    1.  

                                      Thank you for the link to your answer on stackexchange. That was a very enlightening read!

                                      1.  

                                        I’m biased, I just led the effort to get an enterprise license of ELK into our org. We’re on GCP.

                                        This looks a lot like: amazon bad, open source good (read: elastic) good.

                                        How do you see this? Interested to hear outside ideas

                                        1.  

                                          The identity card of Estonia and the one from Spain are the same model! When a security bug was discovered in Estonia they needed to invalidate a whole bunch of cards here, because they were the same :) However, the physical smartcard and the pure client-side certificate (which the post was talking about) are two related but different systems (which I think complicates more its understanding for the normal citizen). The smartcard flow is not really standard, needs a Java program in the middle.