1. 16

    Can we talk about this from a different standpoint? What exactly has Stallman’s FSF done to advance the cause of software freedom, other than the same things that failed, only louder?

    1. 12

      Well, GNU is an FSF project, and I certainly think GNU has advanced software freedom immensely. It’s amazing that what’s arguably the best compiler toolchain on earth is free software, and GCC is part of GNU. GNU is also the reason why I have a free software libc and coreutils and a nice debugger. And GNOME is part of GNU, and GNOME is one of the most main-stream free software graphical environments.

      They’re also the publisher of the GNU licenses, which I also think has advanced software freedom.

      1. 5

        I guess my point is that there has been no FSF response to the world that we actually live in; Linux has won, in that there are no commercial Unices. But, we live in a world of AWS/GCP &c.,and that’s a world that FSF has yet to acknowledge.

        1. 1

          AWS&GCP

          Umm, isn’t that what https://openinfra.dev/ is addressing?

          1. 1

            Do we need a GPL4 that does for SaaS what GPL3 did for Tivoization?

            1. 6

              That’s kind of what the AGPL is about.

              1. 4

                Yes, I think we need GPL4 for SaaS.

                1. 4

                  I think the problem is that you can’t attack a structural problem with narrow technocratic hacks. The incentives of the money mean that anything licensed under a GPL4 would be cloned immediately under a more permissive license, and we’d be right back where we are now, only with another copyleft license that nobody uses.

                  1. 3

                    Sure, if you’re releasing a project that needs zero work, it will be cloned immediately. If you’re releasing a project that you actually put work in, other people will need to also put work in to clone it, and in the meantime, open source will have an advantage. And also, attacking a structural problems with narrow technocratic hacks is the entire point of the GPL?

              2. 5

                And GNOME is part of GNU, and GNOME is one of the most main-stream free software graphical environments.

                What does this mean in practice? As in, what does GNU do for GNOME?

                I tried finding GNU references on the GNOME website a while ago, and came back empty-handed. As far as I know, their entire infrastructure (from their own GitLab instance to their own foundation) is separate from GNU. As near as I could tell, GNOME is “GNU in name only”. In the past GNU probably did more for GNOME, but those days seem long gone. The same applies to GTK, where most development is now done by GNOME people and AFAIK is also “GNU in name only”.

                I feel this is kind of a general pattern with GNU, where all but a few projects have kind of stagnated. gcc, libc, coreutils, make, etc. are still important of course, but outside of that? What new and innovative projects has GNU spawned in the last 10 or even 20 years?

                I feel GNU is still trying to re-create Unix anno 1985. This isn’t necessarily bad in itself – I’m a Unix grey-beardy type myself – but the impact and appeal of this is very limited. Or let me put it like this: why isn’t systemd a GNU project? Why did we have to wait for RedHat to come along and make it? Or why isn’t GNU investing serious money in GIMP so it’s more competitive with Photoshop? It’s probably one of the better known GNU projects, but basically it’s just three or four guys working on it in their spare time when they feel like it. The results are pretty impressive, but it’s not hard to imagine how much better it could be with a year of sponsored work by two devs.

                I think the future of GNU will essentially be “the gcc and libc project”; important projects for sure and nothing to sneer at. But “a Free Software operating system” or at the forefront of bringing Free Software to people? Yeah, not really.

                They’re also the publisher of the GNU licenses, which I also think has advanced software freedom.

                They’re also kind of horrible licenses; not because of the ideas they represent, but because they’re just badly written IMHO.

                1. 2

                  These are valid criticisms of the current GNU. They started GNOME, but it has largely spun off into its own separate project, so GNU isn’t influencing it anymore. Outside of its amazing compiler toolchain and good libc and C++ stdlib, and its decent coreutils, there’s not a whole lot of new development coming out of GNU. But I will still claim that all of this is stuff which GNU, and therefore the FSF, has done to advance the cause of software freedom.

                  And the GPL might be a bad set of licenses, but they’re certainly the most influential copyleft licenses and have played a big part in pushing for software freedom.

                  The statement that “outside of the compiler toolchain and coreutils, GNU is largely irrelevant these days” is probably fairly true. What I reject is the idea that GNU (and therefore the FSF) hasn’t played a big part in advancing software freedom.

                  I think it’s a very apt observation that GNU’s scope is limited to things which you would expect from an 80’s style UNIX. The idea behind the name “GNU/Linux” is of course that GNU is the operating system and Linux is the kernel, but the GNU operating system is actually pretty bad; all the modern parts are from Red Hat, Canonical, the GNOME and KDE projects, and, to some degree, the freedesktop project. These criticisms are entirely valid.

              3. 7

                Thing is, people love to talk really loudly about the things that have failed — drowning out the positives.

                1. 2

                  I mean, as mort says above, there were clear victories, and software is in some ways freer today than it was when my career started (in 1993). That change is due to the FSF (and by extension, RMS), and it is good. However! The GPL has driven a lot of the development of the current adware software economy, which is to my way of thinking deeply ungood. I think the FSF needs to think about how the GPL has changed the world, for better and more importantly for worse. The genie is out of the bottle, and we’re not ever going to go back to the way things were.

                  Doubling down on RMS isn’t a very encouraging sign that there’s a lot of thinking going on over there, sad to say.

                  1. 3

                    The GPL has driven a lot of the development of the current adware software economy, which is to my way of thinking deeply ungood. I think the FSF needs to think about how the GPL has changed the world, for better and more importantly for worse. The genie is out of the bottle, and we’re not ever going to go back to the way things were.

                    I don’t see how the GPL existing has contributed to the rise of the current adware software economy, or otherwise changed the world for the worse in any way. Maybe there’s an argument that it has done this, but this is not at all obvious.

              1. 2

                The conclusion says “The last one managed to stay until 2015, but only in the very specific case of comparing opening parenthesis to a closed parenthesis in one specific non-system shell.” but then the epilogue says “You can still see this on macOS bash today”. I get that macOS’s /bin/sh is probably pdksh or ash or something, but there’s enough scripts that hard-code bash that I’d worry about tickling this issue on macOS. Even though newer versions of bash are fixed, macOS is never going to update, so this issue will probably be around until macOS stops shipping bash entirely, or people stop trying to use it as a Unix workstation.

                1. 12

                  You can do something like this in Firefox with the font-size-adjust CSS property. Basically, if you say:

                  font-size: 14px;
                  font-size-adjust: 0.5;
                  

                  …then that ensures lower-case letters will be 0.5×14 = 7px high. That’s not the same as setting the size of upper-case letters, but it’s arguably more useful because we use lower-case letters more often. This is particularly useful for text that intersperses monospaced and proportional fonts (like technical documentation does), because monospaced fonts typically look smaller at the same point size.

                  1. 3

                    Correct. We need to care about the x-height, not the cap height.

                  1. 7

                    A fun fact: Richard P. Gabriel (the Worse is Better guy) wrote a book called Patterns of Software (available from the author’s website in PDF), and the foreword was written by Christopher Alexander, where he tries to understand how his ideas about building architecture could possibly be relevant to software-engineering.

                    1. 3

                      If I draw some kind of blob, it bobs to the surface in a pleasing, convincing manner.

                      If I draw a W, it closes off the top and lists to one side; if I draw an M it closes off the bottom and rotates to match the W.

                      If I draw an S, it links the beginning and end together to create what looks like two blobs connected together, but the whole thing often spins and leaps out of the water, or otherwise behaves like the centre of mass is several inches outside the visible bounds of the S-berg.

                      1. 3

                        Slightly off-topic: is there an RSS feed for the blog? I’d be interested in following it.

                        1. 2

                          I usually direct people to the reddit RSS feed for /r/oilshell, link here: http://www.oilshell.org/

                          Although it could be time to make a proper one for the blog. Does anyone have an example of a good RSS feed? I haven’t used RSS myself in many years.

                          How do you validate it? with an XML validator or something else? Pointers to example code would be useful too.

                          When I google I find a lot of spammy stuff and links about how to consume RSS feeds, not create them.

                          1. 5

                            I’d recommend using the Atom syndication format over RSS. It’s been around for decades, every RSS reader supports it, but it’s not burdened with as much historical baggage and guesswork as RSS.

                            For validation, the W3C has a validator, based on their HTML validator.

                            1. 1

                              Definitely. RSS1 is a weird abuse of RDF, RSS2 somehow got the same name but is an underspecified worse abuse of XML. Atom at least has a design and uses the host format proprly.

                              1. 1

                                I’d say that the difference between RSS and Atom is like that between HTML and XHTML. One is loose, the other strict, and sometimes the strict one doesn’t allow something that you actually desire. So RSS may be a good choice sometimes.

                                1. 2

                                  Since Atom is a proper XML format, it allows anything, being highly extensible.

                                  The various RSS variants can allow for anything too, but especially with RSS2 the underspecification means getting anything more than title+link to work reliably is a nightmare.

                                  1. 1

                                    The differences are quite minor, and most feed readers can deal with slight misconfigurations.

                                    The comparison with XHTML is apt, the Syndication Wars were raging when XHTML was seen as the future of the web.

                                2. 3

                                  Ah, but the reddit feed has posts that aren’t from the blog, too.

                                  Although it could be time to make a proper one for the blog. Does anyone have an example of a good RSS feed? I haven’t used RSS myself in many years.

                                  Reading the RSS 2.0 spec is a good start.

                                  How do you validate it? with an XML validator or something else? Pointers to example code would be useful too.

                                  If the feed is bad — i.e. broken XML, the browser will complain. At least, that’s how I do it, heh.

                                  1. 3

                                    I would very much appreciate a proper Atom/RSS feed as well. Your blog’s the only one I have to use nitter to get notifications of posts through, it makes reading it in my feed reader a bit jarring; worth it, though. :)

                                    If it’s worth anything, here’s the script I use to generate my site’s Atom feeds. https://git.mutiny.red/somasis/www.somas.is/plain/atom.sh

                                    1. 2

                                      Actually the example helps a lot, that’s what i was asking for :)

                                      https://github.com/oilshell/oil/issues/902 (feel free to bug me here if it doesn’t happen in a few months)

                                      BTW I’m impressed by your use of this idiom:

                                      ${subtitle:+<subtitle>$subtitle</subtitle>}
                                      

                                      It took me awhile to figure out what the + operator was actually useful for, and this kind of templating is the only real use I see for it!

                                      1. 1

                                        haha, I’m flattered :p I can’t remember at what point I started using + so often in variable substitution, but it’s quite useful. It’s pretty easy to misuse it and make the mechanism of a script even more obscure sometimes because of how versatile it can be for templating-related purposes, though.

                                1. 87

                                  I work at Signal, and here are my two cents:

                                  Signal is incrementally better than the incumbents on the technology side. We do a better job encrypting message contents than most and I think we do a much better job staying ignorant about message metadata (e.g. who you’re talking to) than our competitors. I’m proud of the work my colleagues have done and I do think we have some significant differentiators, but Signal’s architecture is similar to WhatsApp’s.

                                  The bigger shift, I think, is not technical. People know that corporations don’t always have users’ best interests in mind; Facebook is emblematic of this problem. In my view, shifting from a for-profit app to a nonprofit one is as significant as switching from a centralized platform to a federated one, if not more significant.

                                  That’s not to say Signal gets a pass; we are far from perfect. But I think we’re a baby step towards the ideal.

                                  I spend a lot of time on Mastodon and the cries for a better federated/decentralized system are loud there. I, too, would love to see messaging get there in the mainstream. Maybe it’s Matrix, maybe it’s Berty, maybe it’s Briar, who knows. But I see Signal as an important step to get there.

                                  This isn’t an official response from Signal, just my opinion!!

                                  1. 12

                                    Thanks for the input here! I think these are reasonable ways to view things even if I periodically express frustration at the ways Signal falls short of (or operates on a philosophy that contradicts) my personal ideal. I derive a tremendous amount of value from it even if I’m uncomfortable with, say, the stances laid out in the ecosystem is moving, and I’m grateful for the utility provided in a very hard space to work in.

                                    The bigger shift, I think, is not technical. People know that corporations don’t always have users’ best interests in mind; Facebook is emblematic of this problem. In my view, shifting from a for-profit app to a nonprofit one is as significant as switching from a centralized platform to a federated one, if not more significant.

                                    As someone who works for a nonprofit on a public good that’s extremely centralized in architecture (I’m an employee of the Wikimedia Foundation), I tend to share this view. The way software labor gets paid for is crucial, and if there might be better models than a foundation, then there are certainly also far worse ones.

                                    That said, though I’d far rather work for a donation-supported nonprofit than most of the realistic alternatives, our centralization sure is a vulnerability that keeps me awake at night. All institutions are vulnerable to capture, corruption, or collapse, and I wish we had better models for mitigating that risk. I’m pretty sure federation / distribution of architecture is an important piece of the puzzle, but it’s often difficult to discuss that in a way that’s also clear-eyed about the benefits and affordances of centralization.

                                    1. 4

                                      That’s not to say Signal gets a pass; we are far from perfect.

                                      Out of curiosity, in what ways would you hope the project would improve?

                                      1. 4

                                        Maybe it’s Matrix

                                        Matrix’s future is encouraging, because they tackle not only centralisation but also moderation.

                                        The answer is to remove the centralisation. Users should be able to make up their own minds and make their own censorship decisions - something that we’re actively working on and supporting via Matrix’s decentralised reputation work. – https://element.io/blog/2021-escalated-quickly/

                                        1. 3

                                          I don’t think we automatically get a pass because we’re a nonprofit. I’d trust a nonprofit’s incentives over a corporation’s, but we could still do plenty of bad things. I’m not aware of us doing anything like this, but I want to avoid saying “nonprofits = always pure and good”.

                                          The most obvious improvements I see are with the desktop app, which is what I work on day-to-day. It’s no secret that the app is buggy, consumes a lot of resources, and isn’t at feature parity with the mobile apps. I joined in an effort to improve those things, but there’s still a ways to go. Turns out it’s hard to build a good native app for three different operating systems (especially when no two Linux installations are the same)!

                                          1. 1

                                            Tangent on this, a lot (or at least some) would like to know if OWS has a stance on making bots and clients for unsupported operating systems. That bear has to be poked eventually and we can only hope for a positive response! :)

                                            1. 1

                                              For what it’s worth, there’s no love lost between me and the Electron end-user experience in the general case, but Signal at least manages to be the one Electron app I run routinely. On my fairly new and expensive desktop system I don’t usually have performance complaints and I can’t remember it crashing much. That may sound like damning with faint praise, but then again if you’ve used the typical Electron-based chat app maybe not…

                                          2. 4

                                            I know you can’t answer this (and might not be fair for me to ask) but what’s your opinion of the Radio Free Asia (CIA spin off) funding that seeded Signal? I’m not trying to create FUD, just not seeing much talk about it. How do you convince a skeptic like me?

                                            Also, why isn’t Signal investing in p2p? Maybe you can answer the second question…

                                            1. 16

                                              You are swallowing FUD from the same people that has been trying to discredit the Tor project for the past 6-7 years on the same reasons.

                                              Inherently it doesn’t matter if CIA throws money on secure crypto. Because it’s secure. The double ratchet algorithm has had eyes on it for years and considering the fairly good track record of people finding suspicious crypto I’m not even batting an eye on the conspiracy some people are trying to push.

                                              1. 6

                                                If a US government run conspiracy exists around Tor I would be far more worried it relates to the laughably low count of active nodes and the potential that a not so insignificant count of them are being run by malicious parties.

                                                1. 11

                                                  You don’t need a conspiracy to point at the multiple successful attacks against the Tor network and active sybil attacks people have used on it though.

                                                  1. 3

                                                    Who brought up conspiracy theories? Is it a conspiracy to think that the intelligence community would be more likely to fund a project that they can crack?

                                                    1. 5

                                                      When a large group of people with disparate goals and interests are treated as though they were all cooperating on a single unified goal, yeah, that’s conspiracy. At the very least, the intelligence community is divided into two very different groups: “attackers” and “defenders”.

                                                      It’s quite plausible that the “attackers” group would want to fund vulnerable crypto systems in the hope that more useful traffic would be unprotected. However, it’s also quite plausible that the “defenders” group would want to fund very strong crypto systems, so that their agents’ communications would be secure, and hidden among a flood of equally-secure civilian communications.

                                                      Just saying “Ah, this was funded by a spin-off of the CIA!” is not in itself evidence of vulnerability or security. If you could prove whether that funding came out of the “attackers” or “defenders” budget, that would be interesting and useful.

                                                      For me, the fact that the CIA money was part of the seed funding (not when Signal was already popular) suggests that the money came from the “defenders” budget — they hoped it would get big enough that their own agents’ traffic would go unnoticed. I’d expect a donation from the “attackers” camp to come later on, once they had found a weakness, to help Signal establish a lead over competing apps without known weaknesses. That’s not proof, of course, but without hard evidence nothing’s certain.

                                                      1. 1

                                                        When a large group of people with disparate goals and interests are treated as though they were all cooperating on a single unified goal, yeah, that’s conspiracy.

                                                        is anyone saying that?

                                                        Just saying “Ah, this was funded by a spin-off of the CIA!” is not in itself evidence of vulnerability or security.

                                                        …or that?

                                                        1. 1

                                                          There are people saying that. Which is why this is being discussed in the first place.

                                                          1. 1

                                                            who/where?

                                                2. 6

                                                  What FUD are they swallowing exactly? They only stated that a CIA spin off initially funded Signal, which is true. It’s reasonable to ask why the U.S. intelligence apparatus would want to fund projects like Signal and Tor.

                                                  1. 2

                                                    Sure but in some cases, the CIA’s and the public’s interests can be aligned. Strong crypto, safe communication, identity hiding proxies are needed for both.

                                                    1. 3

                                                      sure, for some definitions of “the public.” during periods for which we have records of CIA activities, the peasants of southeast asia probably would’ve preferred the CIA to be less able to secure identities and communications.

                                                    2. 1

                                                      The FUD is that this somehow compromises the integrity of signal.

                                                      1. 1

                                                        Depends what you mean by integrity and what you think of Radio Free Asia.

                                                      2. 1

                                                        Well, when someone asks on lobste.rs, where they know that the chances of getting a factual answer to this question are zero, you might reasonably think that the question isn’t a straightforward request for factual answer. What else might it be? FUD and innuendo are among the possiblities.

                                                        Personally my first guess for that funding would be someone at the CIA used some money in a way that helped their own performance reviews and maybe get them promotions, without regard to what effect it would have on other people at the CIA or NSA.

                                                        “Tasks accomplished this year:

                                                        • Blah that helps Chinese/Burmese/Indonesian blah blah against state wiretapping”

                                                        This is a guess, not a factual answer. I’m just assuming that the CIA is no better coordinated than the places where I’ve worked. That people at the CIA will put their own department’s tasks and goals above those of other people in other buildings, just like… I could digress into frustrated rambling here.

                                                        1. 1

                                                          so you’re insinuating through innuendo that the only reason they would ask for an open ended opinion on this topic, is to spread FUD

                                                      3. 4

                                                        A union election is about to start in the Amazon facility in Bessemer, Alabama. Amazon wanted the election to run on their internal voting system instead of mail in ballots. The union reps declined because they were suspicious about running a union vote on the companies own platform for what seems to be like a good reason. Of course Amazon made the same arguments, that their software is secure an anonymous.

                                                        The question is it legitimate FUD? Because it seems to me, if people are getting on Signal because they are worried about US government monitoring, then it would seem like a legitimate concern that the CIA funded the same software they are trying to use.

                                                        Just because it’s FUD doesn’t mean it’s illegitimate. Just like just because it’s a conspiracy theory doesn’t mean there isn’t a conspiracy. I personally think this is a legitimate concern and there is no reason to believe Signal at face value given it’s history.

                                                        Let’s also point out that technically, it’s very easy to shut signal down. Look at the recent outage. Look at the fact they are renting AWS hardware. Even if you don’t believe the FUD, nothing technically about signal seems robust.

                                                        1. 5

                                                          A union election is about to start in the Amazon facility in Bessemer, Alabama. Amazon wanted the election to run on their internal voting system instead of mail in ballots. The union reps declined because they were suspicious about running a union vote on the companies own platform for what seems to be like a good reason. Of course Amazon made the same arguments, that their software is secure an anonymous.

                                                          How does this apply to signal? Union workers that has consistently been under threat and pressure in the US are completely sane to consider something else. For this argument to make sense then you are just suggesting signal is in direct opposition to the goal of their users. This feels like constructing some strawman.

                                                          The question is it legitimate FUD? Because it seems to me, if people are getting on Signal because they are worried about US government monitoring, then it would seem like a legitimate concern that the CIA funded the same software they are trying to use.

                                                          I disagree that some undocumented donation from a government agency is funding anything. The article Yasha has written is pay walled. Whatever donation they made years ago doesn’t matter as they have created a non-profit and gotten a significant donation from the whatsapp founder.

                                                          Just because it’s FUD doesn’t mean it’s illegitimate. Just like just because it’s a conspiracy theory doesn’t mean there isn’t a conspiracy. I personally think this is a legitimate concern and there is no reason to believe Signal at face value given it’s history.

                                                          The argument needs to be stronger then “some government agency gave a donation”.

                                                          1. 3

                                                            The union comparison is correct because there is a long history of vulnerable groups being targeted by the US government. Isn’t it sane for the same groups to be suspicious of tech funded by their oppressors?

                                                            1. 1

                                                              Are you saying that any organization taking donations from the US government is ultimately working for the US government to do their bidding?

                                                              Isn’t it sane for the same groups to be suspicious of tech funded by their oppressors?

                                                              This is inane. How much money was given how many years ago?

                                                              1. 2

                                                                Obviously if the USPS funded it, or national park service, or the NSF, I wouldn’t be really be that concerned…

                                                          2. 3

                                                            The term FUD is only honestly used to describe disingenuous propagandising. Amazon’s voting software is not widely used FLOSS, unlike Tor and Signal. You are actively spreading FUD by making this misleading comparison.

                                                            1. 3

                                                              What if it doesn’t matter if the messages are encrypted. What if the metadata, who talks to who when is what they’re trying to capture? Because getting the rest of the conversation is easy… Simply arrest them and get access to the phone.

                                                            2. 3

                                                              I don’t think that a donation from the CIA is sufficient enough reason to worry. However it would have surely been smart for a project like Signal not to accept it, given the clear conflict of interests at play.

                                                              1. 2

                                                                Or alternatively that money would’ve enabled a lot of good and may not have come with significant strings - after all, I’m sure the CIA would use Signal too if it met their needs.

                                                                Ultimately we just don’t know. That’s what breeds the conspiracy theory. I’m not convinced we’re entitled to an answer, but it is something that could be easily disspelled if the project wanted to.

                                                                1. 3

                                                                  You underestimate conspiracy theorists’ ability to do mental gymnastics if you think this can be easily dispelled. Look at how insistent mempko is being about factually incorrect assertions about metadata.

                                                                  Bottom line, historical funding is not evidence of ANYTHING. It’s clear (to me) why the CIA might want something like Signal to exist and be rock solid, but that will never satisfy some who choose to see opportunity for conspiracy.

                                                                  1. 1

                                                                    As far as I know, only contact discovery is in the SGX enclave. Signal themselves made it clear they are working on not knowing who sends messages to who but as far as I know, they aren’t there yet. Am I factually wrong here? I would love to see the evidence. I’m a big boy and can admit when I’m wrong.

                                                                    Signal set themselves up on a huge up hill battle by insisting on a centralized architecture. They could have gone p2p and would have no idea when people are talking and who they are sending messages to. They decided against that because it’s easier to upgrade the client with shiny new features. In other words they chose ease of development over security.

                                                                    And you know what? It worked! They are really popular now and have a really nice client.

                                                              2. 2

                                                                I think people are more worried that facebook selling their data than US gov wiretapping. The latter happens anyway.

                                                              3. 1

                                                                The double ratchet algorithm has had eyes on it for years

                                                                The double ratchet algorithm is also fairly simple, and quite obviously correct. Any student in applied cryptography can examine it and convince themselves there’s nothing fishy there.

                                                                1. 2

                                                                  I’ll repeat what I said above. What if it doesn’t matter if the messages are encrypted. What if the metadata is what they are trying to capture. Signal knows who is connected and who talks with who, when. Getting the rest of the conversation is easy, just get physical access to the phone.

                                                                  1. 5

                                                                    Signal knows who is connected and who talks with who, when.

                                                                    They don’t.

                                                                    https://signal.org/blog/sealed-sender/

                                                                    https://signal.org/bigbrother/eastern-virginia-grand-jury/

                                                                    1. 3

                                                                      additional resistance to traffic correlation via timing attacks and IP addresses are areas of ongoing development.

                                                                      “area of ongoing development” means “we have no solution for this yet”

                                                                      1. 2

                                                                        And? They removed a whole class of metadata, pushing an attack from a trivial lookup to the statistical realm. Is your complaint that they haven’t done enough? That the CIA protected you from everyone but them?

                                                                        I’d love a chat app that advertised itself as “literally only the CIA can read your messages.”

                                                                        1. 1

                                                                          I was responding to /u/Foxboron’s claim that Signal doesn’t know who talks with whom. My understanding is that the IP address logging and traffic correlation can be done by Signal, so they could figure out who talks with whom.

                                                                        2. 2

                                                                          There are solutions for this problem. Examples - Pond by imperialviolet and Vuvuzela. Both hide the fact that you are sending the message. The cost - your device sends data all the time. Most of the time it’s white noise, sometimes it’s encrypted message. Observer can’t distinguish. Obviously, this does not work on mobile because of power requirements.

                                                                          Alternatively, you can introduce random delays. This means you are no longer in chat territory - you are operating mailing service.

                                                                          Anything short of two solutions above makes correlation attacks directed at contact network discovery very doable. And decentralization does not help - it will leak the same or greater amount of metadata, depending on implementation.

                                                                          1. 1

                                                                            In this case I think the attacks are a lot easier than with e.g. Tor because all messages go through Signal’s servers and they know the identity of the recipient.

                                                                            1. 1

                                                                              https://signal.org/blog/sealed-sender/

                                                                              They know the identity of the recipient, but not the identity of the sender.

                                                                              There is an argument to be made, that by partitioning users into federated servers (or relay nodes, without permanent residence) you partition your anonymity set.

                                                                              1. 1

                                                                                Correct me if I’m wrong but it seems really easy to deduce or guess with high confidence who the sender is, based on the information that Signal servers have access to. For example if you receive a message and reply to it immediately, Signal could get a pretty accurate mapping from your IP address to your identity for that message, no?

                                                                                If I’m right it’s quite interesting that this blog post is being spread around as evidence that Signal doesn’t know who talks to whom.

                                                                                There is an argument to be made, that by partitioning users into federated servers (or relay nodes, without permanent residence) you partition your anonymity set.

                                                                                I don’t see an argument for that. In this case it seems like your “anonymity set” is the group of people who could plausibly use the same IP address as you at the time you are sending a message, which is quite small if not a group of one.

                                                                                1. 1

                                                                                  Correct me if I’m wrong but it seems really easy to deduce or guess with high confidence who the sender is, based on the information that Signal servers have access to.

                                                                                  Yes. Definitely. But that is also true for an attacker who just controls the routers around signal’s servers, which is cleaner way to attack the network (hard to get caught!).

                                                                                  In this case it seems like your “anonymity set” is the group of people who could plausibly use the same IP

                                                                                  That would be trying to hide the fact that you are using the communicator.

                                                                                  No. I’m speaking about hiding whom is talking to whom. Imagine your server handling high amount of traffic. And we have a hostile router that can see packets and their destinations, but not packet contents. When router does time correlation attack to identify whom is talking to whom, the worst thing server can do is immediately forward messages from sender to the receiver. This makes connecting the dots trivial. Now, if multiple pairs of people talk at the same time, server can introduce a small random delay (lets say below 1s) between receiving and forwarding to confuse the router. More people talking - more possible permutations there is. AFAIK this method of confusing the observer is not a very good one. I recall seeing papers about de-anonymization of Tor users via capturing and analyzing traffic data for a long period of time. But that is a problem of every low latency communication method. To work around that you would need to lots of wasted bandwidth (as in vuvuzela) or long delays (as in mixnet).

                                                                                  1. 1

                                                                                    I think we are talking about two different things. It’s easier for Signal because for each message they know the IP address of the sender (at the time of sending) and the identity of the recipient. If they can figure out who maps to the IP address for a given message, they know the identity of the sender and the recipient for that message – not just that the sender is using their service.

                                                                                    1. 1

                                                                                      My real point - you wont get much in terms of privacy just by distributing servers :-)

                                                                                      1. 1

                                                                                        probably true, but you do get interface stability and independence

                                                                          2. 1

                                                                            That still means Signal does not know though. You would only get the information with a global adversary which is fairly hard to protect against.

                                                                            IP (still) does not correlate to a person though.

                                                                            1. 1

                                                                              It’s not even a global adversary. You just need an adversary sitting in AWS. And who is bigger a global adversary than the USA?

                                                                              1. 1

                                                                                are you saying U.S. intelligence funded a project with vulnerabilities that could only be reasonably exploited by a hegemonic adversary? :)

                                                                                1. 1

                                                                                  To add to my snarky reply, I don’t think you are right that Signal doesn’t know. If you reply to a message within a few seconds of receiving one, your IP address probably hasn’t changed, so Signal would know your identity as a sender. That’s just one example, and it’s not hard to think of ways that Signal could figure out the sender and receiver in most cases (or at least have a confident guess).

                                                                      2. 5

                                                                        You’ve expressed confidence in Signal’s message encryption. It’s open, well analyzed, and widely used.

                                                                        You’ve expressed concern about Signal retaining metadata. Your only specific threat of “who talks to who when” has been specifically and repeatedly addressed: https://signal.org/blog/sealed-sender/

                                                                        Well over a year after that announcement, I looked at their code to see how it worked. It didn’t. It wasn’t on. And I don’t care enough to look again because…

                                                                        Signal is still strictly more secure than every other major messaging app.

                                                                        Finally: both the autobahn and the US interstate highway system were national defense projects. Should I be skeptical of them?

                                                                        1. 1

                                                                          Moxie doesn’t like p2p and decentralization. He made an entire talk about that during 36c3 and the recording of that talk was promptly deleted after a wave of backlash and criticism since apparently Moxie didn’t actually agree to have the talk recorded.

                                                                          edit: I was wrong and posted rumors.

                                                                          1. 5

                                                                            that talk was promptly deleted after a wave of backlash and criticism.

                                                                            That’s not true. The talk was deleted because Moxie asked for the talk to not be recorded and to not be made public: https://twitter.com/moxie/status/1211427007596154881

                                                                            I just prefer to present something as part of a conversation that’s happening in a place, rather than a webinar that I’m broadcasting forever to the world. I have less faith in the internet as a place where a conversation can happen, and the timelessness of it decontextualizes.

                                                                        2. 2

                                                                          Get to work unionizing so you can force Signal to allow third party clients and federation!

                                                                        1. 4

                                                                          The configuration goes in ~/.Xresources and you need to run xrdb ~/.Xresources after every change…

                                                                          Actually, you can set things up more conveniently than that. I have the following in ~/.Xdefaults:

                                                                          ! /* <-- A hack to stop xrdb from reading this file
                                                                          
                                                                          # Behaviour changes
                                                                          XTerm*saveLines:	10000
                                                                          XTerm*scrollTtyOutput:	false
                                                                          XTerm*scrollKey:	true
                                                                          XTerm*scrollBar:	false
                                                                          XTerm*metaSendsEscape:	true
                                                                          
                                                                          # ...other config goes here
                                                                          
                                                                          ! */
                                                                          

                                                                          Now I can just edit that file, and the next xterm I start will use the new configuration, no special “config update” command needed.

                                                                          1. 4

                                                                            Hm, I’m not sure I understand why this works?

                                                                            1. 2

                                                                              ! is a line comment in xrdb-syntax. So xterm, parsing the file as you would expect, ignores everything from the leading ! to the end of the line, including the /* and */.

                                                                              But xrdb pipes its input through cpp, which parses /* comments but not ! ones. So the entire region is removed before xrdb sees it.

                                                                              (CC @Screwtape)

                                                                              1. 1

                                                                                I don’t know myself, but it does.

                                                                            1. 1

                                                                              I don’t have a cohesive whole-OS design, but some ideas I’d like to see explored:

                                                                              • a unified memory/caching graph, from L1 cache through RAM, disk, and all the way to offline deep-freeze storage
                                                                              • a filesystem API that removes the restriction that some names represent bytestreams and some names represent a set of child nodes - give every node a set of children, where one child might be “last modified time” and another might be “resource fork”
                                                                              1. 1

                                                                                In UNIX, there is (or used to be) a philosophy which, among other things, stipulates that a piece of software should do “one thing well”.

                                                                                Still very much the case in UNIX-like operating systems I use (OpenBSD)

                                                                                1. 1

                                                                                  Does OpenBSD still have both cat -v and vis?

                                                                                  1. 1

                                                                                    Yes

                                                                                1. 6

                                                                                  Funny I was literally just writing down this kind of list for a presentation I had to make for one of my courses.

                                                                                  This is what I wrote:

                                                                                  • CPU :: Everything is a memory address
                                                                                  • Unix :: Everything is a stream
                                                                                  • Lisp :: Everything is a symbol (as in ‘symbolic computation’)
                                                                                  • Erlang :: Everything is an actor
                                                                                  • Prolog :: Everything is a relation
                                                                                  • Haskell :: Everything is a function
                                                                                  • Mathematics :: Everything is a set
                                                                                  1. 10

                                                                                    Lisp :: Everything is a symbol (as in ‘symbolic computation’)

                                                                                    In lisp, everything is a cons cell, an atom (‘symbol’), or nil.

                                                                                    CPU :: Everything is a memory address

                                                                                    On a CPU, there are usually two or three types of operands (depending on if RISC or CISC): registers, immediates, and (only on CISC) memory operands.

                                                                                    Memory operands are composed of a combination of registers and immediates. The point being that you take a value which is nominally an integer and treat it as a memory address in a specific context. So I don’t think it’s very useful to say that everything is a memory address.

                                                                                    Unix :: Everything is a stream

                                                                                    Streams are a very important part of unix, but they’re not the totality. In the unix programming language, functions are called ‘processes’ and data comes from ‘files’ (though “stream,” as you call it, is perhaps the clearer word). Data and data structures are (arguably) more important than the transformations we define on them, but the process model is an indisputably an integral part of unix.

                                                                                    Haskell :: Everything is a function

                                                                                    In untyped lambda calculus, everything is a function. Haskell has types, as well as laziness and boatloads of other junk.

                                                                                    Mathematics :: Everything is a set

                                                                                    I think this one is the truest, if perhaps also the most literal.

                                                                                    1. 3

                                                                                      Nice, thanks for diving in. I knew some were inaccurate as I wrote them but got the general idea across, I should have added tcl’s ‘everything is a string’, I think that holds up pretty well.

                                                                                      1. 1
                                                                                        Mathematics :: Everything is a set
                                                                                        

                                                                                        (or a category or a type)

                                                                                        (although at least type theory really rejects the idea that everything is X, by explicitly saying that ⊤ is different from ⊥, and ne’er the twain shall meet)

                                                                                        (I don’t know about category theory)

                                                                                      2. 5
                                                                                        • APL :: Everything is an array
                                                                                        1. 3

                                                                                          Smalltalk :: Everything is an object

                                                                                          Pascal :: Everything is a procedure

                                                                                          Plan 9 :: Everything is a file system

                                                                                          1. 1

                                                                                            Mathematics :: Everything is a set

                                                                                            And all sets are categories.

                                                                                            1. 1

                                                                                              Matter and pattern is what the universe is made of, these words are etymologically related to the words ‘mother’ and ‘father’ for a reason.

                                                                                              Math represents one with elements (in sets) and the other with morphisms (in categories). One implies the other as we know, so the universe is built on circular reasoning :)

                                                                                              1. 4

                                                                                                Your etymology is highly suspect, as is all reasoning derived from it.

                                                                                                1. 0

                                                                                                  You don’t like to have fun? I think this is a nice perspective and it has given me something so I figured I’d share it..

                                                                                                  I agree that it’s all ‘highly suspect’ - I wouldn’t base any important decisions on such “reasoning” ;)

                                                                                                  But at least for ‘pattern’ we have ‘patron’ as a root which comes from ‘father’, with such old words it’s hard to make any strong claims.

                                                                                                  1. 1

                                                                                                    Nothing you say is accurate.

                                                                                                    1. 1

                                                                                                      Nothing you say is substantial.

                                                                                          1. 2

                                                                                            I’m considering implementing the Atari ST extensions (16 colors foreground/background, inverse video, auto-wrap, saving/restoring/hiding cursor, extra clear text commands)

                                                                                            …is that just the VT100 feature set?

                                                                                            1. 1

                                                                                              vt100 is definitely monochrome.

                                                                                            1. 5

                                                                                              Tavis Ormandy of Google’s Project Zero security research team uses WordPerfect for DOS as his regular every-day word-processor.

                                                                                              1. 5

                                                                                                For custom written rules, I personally find that nothing beats the simplicity of redo. The build system is language agnostic in that you can execute a build step in any language and redo only tracks what needs to be rebuilt. For the example at hand, you could write the conversion rule as (in a file named default.pdf.do):

                                                                                                svg2pdf $2.svg $3
                                                                                                

                                                                                                Then by calling redo-ifchange *.svg the entire process would be taken care of.


                                                                                                I would recommend using rsvg-convert -f pdf $2.svg > $3 in the example above. It is a much faster way to convert svgs to pdfs. If I remember correctly, it’s part of librsvg, an svg library written in rust.

                                                                                                1. 4

                                                                                                  What implementation are you using? If I were going to use Redo, I would want to keep it in-tree because it’s not nearly as widely deployed as Make/Ninja.

                                                                                                  1. 4

                                                                                                    One of the nice things about redo is that there’s a single-file pure-shell implementation that only knows how to call the all build-scripts in the right order, which is great for shipping to end-users so they can compile it and move on with their lives.

                                                                                                    Meanwhile, developers who are invested enough to build your software multiple times can install redo, which does all the incremental-build and parallelisation magic to make repeated builds efficient.

                                                                                                    1. 1

                                                                                                      Do you have a link?

                                                                                                      1. 3

                                                                                                        Not your parent commenter, but maybe they meant https://github.com/apenwarr/redo/blob/main/minimal/do

                                                                                                        1. 2

                                                                                                          Aha! Thanks. Currently I am using a build script by our very own @akkartik, which has worked for me so far:

                                                                                                          #!/bin/sh -e
                                                                                                          
                                                                                                          test "$CC" || export CC=cc
                                                                                                          export CFLAGS="$CFLAGS -O0 -g -Wall -Wextra -pedantic -fno-strict-aliasing"
                                                                                                          
                                                                                                          # return 1 if $1 is older than _any_ of the remaining args
                                                                                                          older_than() {
                                                                                                            local target=$1
                                                                                                            shift
                                                                                                            if [ ! -e $target ]
                                                                                                            then
                                                                                                              echo "updating $target" >&2
                                                                                                              return 0  # success
                                                                                                            fi
                                                                                                            local f
                                                                                                            for f in $*
                                                                                                            do
                                                                                                              if [ $f -nt $target ]
                                                                                                              then
                                                                                                                echo "updating $target" >&2
                                                                                                                return 0  # success
                                                                                                              fi
                                                                                                            done
                                                                                                            return 1  # failure
                                                                                                          }
                                                                                                          
                                                                                                          update_if_necessary() {
                                                                                                            older_than ./bin/$1 $1.c greatest.h build && {
                                                                                                              $CC $CFLAGS $1.c -o ./bin/$1
                                                                                                            }
                                                                                                            return 0  # success
                                                                                                          }
                                                                                                          
                                                                                                          update_if_necessary mmap-demo
                                                                                                          update_if_necessary compiling-integers
                                                                                                          # ...
                                                                                                          
                                                                                                          exit 0
                                                                                                          
                                                                                                1. 25

                                                                                                  I would love to see some examples where a company changed the license of their codebase to comply with a dependency. I have never seen this happen in my entire career, even though they are obligated to. I have seen countless examples of people rewriting code to rid of a dependency with an incompatible license, I have even done it myself.

                                                                                                  I understand and respect the pure ideology of strong copyleft licenses (that in a perfect world, everything would be open source), but I don’t believe that it actually yields more open source in the world. In practice, people simply avoid it and it yields more duplicated work that ends up either proprietary (more common worst case) or more permissive (best case).

                                                                                                  It is difficult to prove, but I feel that the “leading by example” ideology of permissive licenses is responsible for far more code being made open source in practice (though I acknowledge this is not everyone’s goal).

                                                                                                  1. 16

                                                                                                    I think OpenWRT exists because linksys had to do this.

                                                                                                    I was just looking into this question myself today and have this history of openwrt on my reading list if that helps.

                                                                                                    1. 5

                                                                                                      Linksys did that, and then stopped maintaining the code, and switched to another OS for most of its hardware. Was that VMX, perhaps? I don’t remember. Some commercial OS. They stated that the reason was that linux needed too much RAM, which I find difficult to believe. Slimming down a linux kernel is IMO likely to be simpler than porting a code base to a new OS, so I tend to believe that Linksys’ stated reason was a polite lie. They did release a single model that ran linux, and I bought that model.

                                                                                                      1. 4

                                                                                                        I believe it was VxWorks

                                                                                                        1. 1

                                                                                                          All the vendors do a fantastically bad job.

                                                                                                          https://www.youtube.com/watch?v=PLXmPgN6wVs

                                                                                                          1. 1

                                                                                                            When you say that everyone in a specific field does a fantastically bad job, you should also consider the possibility that your assessment might be off, and why that might be the case.

                                                                                                        2. 2

                                                                                                          Queued that up as well! I also had a WRT54G(L) for a very long time, excellent device.

                                                                                                        3. 12

                                                                                                          I have seen countless examples of people rewriting code to rid of a dependency with an incompatible license

                                                                                                          This is a very good case, IMO, and is my primary motivator for using (A)GPL on most of my newer work. I would much rather force the big bads to rewrite my code than simply profit off my work, and we have some evidence that they will do that to avoid (A)GPL sometimes.

                                                                                                          I would love to see some examples where a company changed the license of their codebase to comply with a dependency.

                                                                                                          I think to be fair on this one you have to also include all the code that started or stayed freedomware because of the requirement. This would include the example from the OP of the same downstream hosting the other project in compliance.

                                                                                                          1. 13

                                                                                                            I would much rather force the big bads to rewrite my code than simply profit off my work, …

                                                                                                            I don’t know who you imagine is “the big bads”, but in reality it’s a lot of people like me who release all their projects under permissive licenses like MIT.

                                                                                                            1. 11

                                                                                                              You can use an (A)GPL’d dependency on an MIT’d project, just the resulting “combined work” is effectively (A)GPL’d. Some projects even have build flags to choose to build in “GPL mode” or not depending on which dependencies you use. It’s all about goals.

                                                                                                              If you want your software to be used to build nonfree products so badly that you reimplement something under the GPL to use as a dependency for your otherwise MIT’d project… I mean, more power to you, right? It’s your choice.

                                                                                                              We have examples of Apple, Google, VMWare, Linksys, and others doing rewrites to avoid using GPL’d code, and I would say that is the point, for me.

                                                                                                              1. 15

                                                                                                                I wrote before:

                                                                                                                It is difficult to prove, but I feel that the “leading by example” ideology of permissive licenses is responsible for far more code being made open source in practice (though I acknowledge this is not everyone’s goal).

                                                                                                                My goal is to provide as much value to the society as possible through each unit of my effort. I want people to use my code, I want people to profit from my code even if I get nothing for it, I want people to build things they otherwise wouldn’t have built because my code enables it. I am going to make the effort to make my code as accessible and permissive as possible, this often means avoiding (A)GPL dependencies and often duplicating effort in the process.

                                                                                                                I recognize that your goal is not the same, and that’s fine. I just hope that you also recognize the reality that Apple/Google/VMWare/Linksys etc don’t care at all, they’ll simply not even look at AGPL code and move on. If they find AGPL code in their stack by accident, they will purge it. If they’re caught in a situation where they are in legal trouble, they will do the absolute minimum to comply with that version and purge it moving forward.

                                                                                                                Overall, my bet is that choosing strong copyleft licenses has more of a net-negative effect on people who share my goal than any measurable effect on “the big bads”.

                                                                                                                1. 9

                                                                                                                  Apple/Google/VMWare/Linksys etc don’t care at all, they’ll simply not even look at AGPL code and move on

                                                                                                                  again, I consider that a win for me

                                                                                                                  1. 6

                                                                                                                    It sounds as if your primary aim is to prevent some some people from using your code, without blocking access for too many other people. As opposed to the BSD/MIT/Apache licenes, whose primary aim is to make software available for all to use, without any attempt at dividing the world into us and them.

                                                                                                                    1. 5

                                                                                                                      Close. The goal is to prevent some uses which in this world tends to leave out some users.

                                                                                                                      1. 1

                                                                                                                        The goal is to prevent some uses

                                                                                                                        It is obligatory at this point to remind everyone that the AGPL should not be considered a Free Software license, as it does not grant Freedom 0. In fact, its entire purpose is to withhold Freedom 0 from recipients of the software in order to try to gain leverage over them.

                                                                                                                        1. 8

                                                                                                                          The AGPL only triggers if you modify the software (since otherwise no copyright is in play and no license would be relevant). So if you just run unmodified software (freedom 0) the AGPL does not apply or restrict you.

                                                                                                                          1. 5

                                                                                                                            It is obligatory to point out that the people who defined Freedom Zero, and in doing so defined Free Software, also explicitly state that the AGPL is absolutely a Free Software license.

                                                                                                                            Your point is mooted.

                                                                                                                            1. 3

                                                                                                                              The FSF’s stance on freedom is that you shouldn’t be allowed to have too much of it, lest you use it to do things the FSF disapproves of.

                                                                                                                              The AGPL was simply a reaction to the discovery that there were more things of which the FSF disapproved and which had not been foreclosed by prior licenses, so a new license was concocted to ensure that dangerous freedom wouldn’t get around too much.

                                                                                                                              1. 3

                                                                                                                                The logical gymnastics of both using the FSF’s definition of Free Software while rejecting their definition of Free Software is awesome to behold, and honestly would put Simone Biles to shame.

                                                                                                                                1. 2

                                                                                                                                  I would flip that around and suggest that the rhetorical gymnastics the FSF uses to try to trick people into thinking their positions are coherent are something to see.

                                                                                                                                  Essentially, they want to bludgeon everyone else with an absolutist position, while never being held to that same absolutism in their own actions. Or, more succinctly, they want to be able to compromise “freedom” when they think doing so will achieve a higher/larger goal. But woe to anyone else who tries doing that – then they’ll tell you that compromising freedom is never acceptable, no matter how good or great the thing you’d achieve by doing it!

                                                                                                                                  Their adoption of the AGPL, which does not conform to their own original definition of Free Software and on those grounds never should have been accepted as a Free Software license, is just one especially obvious proof of that.

                                                                                                                    2. 6

                                                                                                                      My goal is to provide as much value to the society as possible through each unit of my effort.

                                                                                                                      I want freedom for users to educate themselves and contribute as opposed to becoming mindless consumers.

                                                                                                                      That’s why I believe AGPL is a good license for applications.

                                                                                                                      I also believe that for libraries and frameworks MIT, APL or MPL work better to achieve that goal.

                                                                                                                      Having more educated people - in my opinion - is better than having more usable code in the long-term.

                                                                                                                      1. 3

                                                                                                                        Overall, my bet is that choosing strong copyleft licenses has more of a net-negative effect on people who share my goal than any measurable effect on “the big bads”.

                                                                                                                        As someone who also prefers to release under permissive licenses: this, a million times. Big companies will always have a way to work around copylefted software, so it literally is not cutting them off from being able to do things the FSF disapproves of. Like, it’s not causing them to angrily shake their fists and yell “I would have gotten away with it, if not for you meddling Free Software kids!” It’s just causing them to use alternatives that aren’t under the FSF’s licensing regime.

                                                                                                                        Meanwhile, as the FSF gets ever more paranoid about ever more arcane “loopholes” in its licenses, the worries of small-time open-source developers go up as we juggle increasingly large transitive dependency trees that might have anything lurking in them. Not to mention whatever “loophole closure” the FSF might roll out next with brand-new extensions of what is or isn’t a derivative work.

                                                                                                                2. 9

                                                                                                                  I think the NcFtp client famously changed its licence to the GPL so it could use Readline… then in 1999 or so it switched licences again. The copyright.h file included in ncftp 1.9.5 says:

                                                                                                                  static char copyright[] = "@(#) Copyright (c) 1992, 1993, 1994, 1995 by NCEMRSoft and Copyright (c) 1985, 1989 Regents of the University of California.\n All rights reserved.\n";
                                                                                                                  

                                                                                                                  …but the comment at the top of that file says “All rights reserved” and:

                                                                                                                  Redistribution and use in source and binary forms are permitted provided that: (1) source distributions retain this entire copyright notice and comment, and (2) distributions may not be sold for profit on physical media such as disks, tapes, and CD-ROMS, without expressed written permission.

                                                                                                                  …which is granting some rights so clearly they’re not all reserved.

                                                                                                                  Meanwhile, Wikipedia cites a Common Lisp implementation named “CLISP” as having switched to the GPL but I’m not sure what licence it switched from.

                                                                                                                  As perhaps a more famous example, the Objective C system that Mac OS X used at least during the PPC era was GPL’d because back in the day NeXT wanted to use GCC as their compiler, and the FSF said they couldn’t use GCC and keep the Objective C bits proprietary. Of course, as soon as Mac OS X got serious momentum behind it, Apple poured resources into LLVM and Clang…

                                                                                                                  1. 4

                                                                                                                    That is a fascinating journey, thank you for sharing!!

                                                                                                                    Wonder if there’s anything more recent? Mid-90s certainly predates my career. I feel I am more in tune with modern open source culture, also I remember reading somewhere that more permissive licenses like MIT really took off in the era of Github.

                                                                                                                  2. 8

                                                                                                                    At a previous employer we wanted to use an AGPL-licensed library as part of our SaaS offering. We wrote the extensions that directly linked to it into its own microservice and licensed that as AGPL and put it on GitHub. Rest of the SaaS product stayed proprietary since calling the AGPL parts over HTTP does not trigger the AGPL. Well, the legalities on that are very unclear, since “intimate enough” on the GPL FAQ. Not sure if we did the right thing legally, and morally I’m even less sure.

                                                                                                                    Last I heard the library in question was relicensed as BSD, so the issue is moot and nobody is using the old one anymore.

                                                                                                                    1. 8

                                                                                                                      I promise you that Apple did not want to LGPL webkit, but they did really want to use KHTML in it. Google may or may not have open-sourced Blink if webkit hadn’t been copyleft, but they almost certainly wouldn’t have used a copyleft license.

                                                                                                                      1. 7

                                                                                                                        The place I work at builds tools that help other companies stay compliant with open source licenses. A lot of our bigger and most risk-averse customers (e.g. hardware manufacturers) actually take the stance that once GPL is brought into their first-party code, that code is “tainted” (i.e. you can’t make it compliant again just by removing the GPL dependency, because the commits where the GPL dependency were integrated are forever tainted by GPL and are forever in the commit history of any subsequent commits). Their default action is actually to publish “tainted” parts of their code base as open source to stay compliant - they feel that they’d rather publish some maybe-not-super-important parts of their IP rather than risk the trouble of a lawsuit.

                                                                                                                        1. 4

                                                                                                                          Place I used to work had a codebase under GPLv2 (containing lots and lots of GPLv2 source by other people), decided it would be convenient if their stuff was AGPL instead, got told “no that’s impermissible” (I can’t remember if they actually tried it out they got told no before actually trying it) and went with GPLv2 instead of making a huge mess out of it. Dunno if that’s close enough to count.

                                                                                                                          Replacing all the GPLv2 code in there would’ve cost about the company’s yearly turnover times two, prolly, so doing anything other than just complying with the license as written was a non starter.

                                                                                                                          1. 2

                                                                                                                            I know of several cases where the licensing was changed from foo to “either foo or gpl, your choice”, but I don’t think that’s what you really had in mind, right? You had in mind a change that grants users substantial additional rights?

                                                                                                                            So I agree with your intuition that the permissive licenses have achieved more, even if not quite the same.

                                                                                                                            1. 3

                                                                                                                              Right, what I had in mind is more going from “we have a proprietary/commercial license/closed source codebase” to “we open sourced it under AGPL/GPL to comply with the requirements of a dependency we just added or had all along and didn’t realize.”

                                                                                                                              1. 3

                                                                                                                                Yes, and I think that if that were a significant effect, then I would have noticed it by now.

                                                                                                                                FWIW I worked at Trolltech until 2001; the team members’ reactions to the mail we got from GNU fans from 1994 until I left weren’t in the least favourable. At the time I thought I was special, we were special, but maybe we weren’t. Maybe most people who are, uhm, educated by GNU fans react negatively to the experience.

                                                                                                                                1. 1

                                                                                                                                  Curious to hear more, what kind of mail did you get? Do you mean regarding most of the stack being GPL licensed?

                                                                                                                                  1. 1

                                                                                                                                    What stack being GPL? Libc and libX11 wasn’t, etc.

                                                                                                                                    GNU fans sent us a lot of mail that might be described, somewhat uncharitably, as walls of text written by people who had much spare time and little salesmanship talent. For someone who has code to write and customers to help, dealing with yet another clueless wall of text is unappealing or worse.

                                                                                                                            2. 1

                                                                                                                              I would love to see some examples where a company changed the license of their codebase to comply with a dependency.

                                                                                                                              I think this is a weird standard. Alternatively: examples where existing reciprocally licensed codebases were built upon instead of started from scratch?

                                                                                                                              • GCC and its myriad of backends including …
                                                                                                                                • Objective-C
                                                                                                                              • Linux
                                                                                                                              • Webkit / Blink
                                                                                                                              • MySQL
                                                                                                                              • Heaps of emulators
                                                                                                                              • Git
                                                                                                                              • ffmpeg
                                                                                                                              • Blender
                                                                                                                              • VLC

                                                                                                                              I feel like this is a target rich environment. What domains do you care about?

                                                                                                                              (* why is it always a company?)

                                                                                                                              1. 1

                                                                                                                                Consider it a focus group.

                                                                                                                                The viral clause affects two groups: People who want to the viral clause to bind others, and people who are bound by the clause and wouldn’t have chosen the GPL otherwise. If you want to know about the viral clause of the GPL, then it makes sense to look at the reactions of a focus group inside each group. GP’s question is a nice way to find some in the latter group.

                                                                                                                                1. 1

                                                                                                                                  The viral clause

                                                                                                                                  The use of “viral” makes me worry this isn’t a good faith response…

                                                                                                                                  The viral clause affects two groups: People who want to the viral clause to bind others, and people who are bound by the clause and wouldn’t have chosen the GPL otherwise.

                                                                                                                                  GPL code has no agency. That latter group chose to use GPL code. I see no complaints of “we pirated Oracle and now we have to pay a licensing fee” or “we pirated Oracle to get traction, and now we’re forced to rewrite.”

                                                                                                                                  And I think there are more than two groups. e.g. people who specifically choose to work on the GPL projects.

                                                                                                                                  1. 1

                                                                                                                                    “Viral” was common parlance when I learned about the GPL, in the early nineties. I agree that it has acquired more negative connotations since then.

                                                                                                                                    More unaffected groups don’t matter. Unless you want to argue that the pool of people who’ll work on, say, GPL’d code but not APL’d code or closed-source code is so large that it will affect companies’ strategy for theiir implementation work?

                                                                                                                                    1. 1

                                                                                                                                      I think most license selection is driven more by the authors and less by their lawyers, yes.

                                                                                                                                      P.S. https://en.wikipedia.org/wiki/Viral_license#History

                                                                                                                            1. 2

                                                                                                                              This is just an assumption, but isn’t it that the out param is used for slices because they are not Sized?

                                                                                                                              The compiler can treat -> i32 and out: &mut i32 as the same thing if it already has a reference in which to store the result, as shown in the assembly, and can treat -> i32 as a special case where it can also create a new owned variable. With [u8] the memory needs to already be allocated as it is not Sized.

                                                                                                                              1. 5

                                                                                                                                That’s a correlation, but not a cause. If it were as cheap to construct a 4KB buffer as it is to construct a 4 byte integer, you’d probably see a whole lot fewer out params in use. But buffers are expensive to allocate, which results in:

                                                                                                                                • users having opinions about how big their buffers need to be
                                                                                                                                • type systems being able to abstract over different buffer sizes
                                                                                                                                • recycled buffers passed in as out params
                                                                                                                              1. 5

                                                                                                                                I’ve been a vim user for about 10 years now, and I tried to switch over to Kakoune recently.

                                                                                                                                Kakoune is absolutely delightful to use. It just feels so much better than vim. The commands are much more logical, and seem to be easier to recall.

                                                                                                                                You can just install Kakoune, and launch it. You don’t need a few hundred lines of vimscript to be productive!

                                                                                                                                Also the command completion and file completion functionality is amazing.

                                                                                                                                I had to switch back to vim though, because I wasn’t feeling productive enough without some sort of :! support. I run my specs in vim with a mapping that runs rspec in the terminal, and that isn’t possible with Kakoune.

                                                                                                                                I would still recommend any vim or other editor users try Kakoune out. You might be pleasantly surprised.

                                                                                                                                1. 6

                                                                                                                                  For Kakoune and Vim, I typically run the editor in one terminal, and have a second terminal open to run tests in. Kakoune has a :terminal command that will launch a terminal running a specified program.

                                                                                                                                  However, if your test program spits out error messages like gcc (of the form file:line:column: message), you can set the makeprg option to run your test program, and then :make will run your program, pipe the output into a new buffer, and let you hit Enter on any error message to jump straight to the location described. It’s pretty sweet!

                                                                                                                                  If your test program doesn’t spit out error messages like gcc, well one of my first Kakoune plugins was a hack-and-slash conversion of the standard :make command to handle rustc’s output. It may not be the cleanest code in the world, but it’s pretty comfortable to use and (like the article says) writing a Kakoune plugin is pretty easy to do.

                                                                                                                                  1. 2

                                                                                                                                    For Kakoune and Vim, I typically run the editor in one terminal, and have a second terminal open to run tests in. Kakoune has a :terminal command that will launch a terminal running a specified program.

                                                                                                                                    Yes I’ve actually seen :make before and used it before in Kak. I’ve also used :make in vim, and I’ll never forget how painful errorformat is!

                                                                                                                                    With Kakoune I didn’t really like the fact that it’s not modal. As in it runs async and you carry on changing code while it’s happening. I like to run my tests and wait for (and see) the output. It seems a bit nit-picky now that I’m typing it out though.

                                                                                                                                    I may have to try Kakoune again, with an open mind.

                                                                                                                                    1. 5

                                                                                                                                      When developing, I normally run Kakoune in IDE mode so the output of :make and :grep etc. appears in the right-hand terminal while I’m working on code in the left-hand terminal.

                                                                                                                                      If you only had one Kakoune window, and you set both the toolsclient and jumpclient options to point at it, running :make and :grep would switch to the results of those commands so you could watch them run, and then you could switch back to he buffer you were editing.

                                                                                                                                      I really like test-runs happening in a separate window, though. It’s always the case that I spot an error just after launching the test suite (like remembering you need to buy bread just after getting home from the shops), so it’s convenient to be able to fix it while the test suite is searching for other errors. :)

                                                                                                                                      1. 2

                                                                                                                                        This is interesting. Do you have to use tmux for this?

                                                                                                                                        1. 2

                                                                                                                                          tmux is certainly a robust way to do it, but Kakoune also supports Kitty, iTerm2 and basic X11 “run a terminal emulator and trust it will appear on screen somewhere”. I’ve worked quite happily in i3 or GNOME, and manually moving my terminals to where they need to be.

                                                                                                                                        2. 1

                                                                                                                                          Now that you mention it I too always spot a mistake while the tests are running! Ok this is it, I’m going back to kakoune.

                                                                                                                                    2. 3

                                                                                                                                      You can just install Kakoune, and launch it. You don’t need a few hundred lines of vimscript to be productive!

                                                                                                                                      wat? Are people really using hundreds of lines of vimscript? I think I have 8, and they’re all optional

                                                                                                                                      1. 5
                                                                                                                                        $ wc -l .vimrc .gvimrc 
                                                                                                                                          374 .vimrc
                                                                                                                                           36 .gvimrc
                                                                                                                                          410 total
                                                                                                                                        

                                                                                                                                        And that’s not counting third-party Vim plugins.

                                                                                                                                        To be fair, a lot of that is about tweaking the autoindent and commenting conventions for the dozens of different file-types and formatting conventions I’ve had to edit over the years. The number of lines that would have made a difference on a given day is much fewer.

                                                                                                                                        (I still have some if v:version >= 600 blocks in there, just in case I ever fall through a timewarp to 2003 and I have to edit text with Vim 5.x again)

                                                                                                                                        1. 3

                                                                                                                                          I have 600 lines in my init.vim, almost all of which I wrote myself. Exobrains represent!

                                                                                                                                          1. 1

                                                                                                                                            what… do they do?

                                                                                                                                            1. 4

                                                                                                                                              Well I can’t show you all my tricks! 😛 Here’s a snippet I find really helpful:

                                                                                                                                              " We need to do it as a normal mode injection
                                                                                                                                              " Because %! uses the active buffer, not the local one
                                                                                                                                              function! SetStatus(statusline)
                                                                                                                                                exe "setlocal statusline=" . a:statusline
                                                                                                                                              endfunction
                                                                                                                                              
                                                                                                                                              " visual_words_or_all
                                                                                                                                              " Have to make global because statuslines are weird
                                                                                                                                              function! g:Exo_vwal()
                                                                                                                                                let s:worddict = wordcount()
                                                                                                                                                if has_key(s:worddict, "visual_words")
                                                                                                                                                  return s:worddict["visual_words"]
                                                                                                                                                else
                                                                                                                                                  return s:worddict["words"]
                                                                                                                                                endif
                                                                                                                                              endfunction
                                                                                                                                              
                                                                                                                                              augroup md
                                                                                                                                                autocmd!
                                                                                                                                                function! s:BufRead()
                                                                                                                                                  let s:sl='%<%n)\ %t\ %m' .
                                                                                                                                                        \ '%=%1*%{g:Exo_vwal()}%*'
                                                                                                                                                  call SetStatus(s:sl)
                                                                                                                                                  if expand('%') =~? '\.talk'
                                                                                                                                                    setlocal statusline+=/%{g:Exo_vwal()/130}
                                                                                                                                                  endif
                                                                                                                                                endfunction
                                                                                                                                                au BufNewFile,BufRead *.md call s:BufRead()
                                                                                                                                              augroup END
                                                                                                                                              

                                                                                                                                              When I’m in markdown files, it shows the wordcount in the status bar. If I have a visual selection, it shows the wordcount of the selection instead. And if it’s a talk I’m writing, then it also shows how long it’d take to speak out the selection (assuming 130 words a minute). I find it really helpful for revising and rehearsing conf talks.

                                                                                                                                              Another snippet:

                                                                                                                                              function! s:MdFootnote(note)
                                                                                                                                                let s:footnote = "[^".a:note."]"
                                                                                                                                                let @m = s:footnote
                                                                                                                                                norm "mpmm
                                                                                                                                                $put = s:footnote.':'
                                                                                                                                                norm `m
                                                                                                                                              endfunction
                                                                                                                                              

                                                                                                                                              Lets me add markdown footnotes and drop them onto the bottom of the file without having to break my flow.

                                                                                                                                              1. 3

                                                                                                                                                Program my text editor to my personal preferences and idiosyncracies?

                                                                                                                                                • I have my own colorscheme, because I disagree with Vim about acceptable levels of color use.
                                                                                                                                                • I highlight whitespace at the ends of lines.
                                                                                                                                                • I disable Q.
                                                                                                                                                • I map Enter in normal mode to insert a newline and go into edit mode.
                                                                                                                                                • I use a plugin to teach Vim about camel-case words, and I have my own tweaks to this plugin.
                                                                                                                                                • I make [[ navigate to the start of current/previous function, without requiring { to be at the start of the line. That’s 41 lines right there.
                                                                                                                                                • I highlight timestamps everywhere.
                                                                                                                                                • I used to use a plugin that shows me modified lines compared to version control in the left margin. Over time I stripped what I don’t need out of it and added new features. Outlay: 107 lines. This feature in particular I can’t imagine living without. All programming editors should unobtrusively indicate what I changed recently.

                                                                                                                                                Sure, you could call all this “optional”. I often start with 6 lines on a new machine. But it’s also nice to have all the comforts of a yurt.

                                                                                                                                                1. 1

                                                                                                                                                  I think I was reacting to the “to be productive” claim, and that kak somehow avoids this. Unless kak happens to have the colour scheme one wants out of the box, etc, I feel like it’s not going to be any different on this front…

                                                                                                                                                  1. 4

                                                                                                                                                    Totally agreed with that! But your original response sounded like minimalist status signalling.

                                                                                                                                                    1. 2

                                                                                                                                                      Ah, apologies. While I do use vim mostly on the defaults, I’m not against people having configuration. I was more confused by the “vim needs 100s of lines of script to make it usable” attitude.

                                                                                                                                                      1. 1

                                                                                                                                                        Maybe I should have said “hundreds of lines to make it usable for me”

                                                                                                                                                  2. 1

                                                                                                                                                    I disable Q.

                                                                                                                                                    One mapping I have:

                                                                                                                                                    noremap Q @@
                                                                                                                                                    

                                                                                                                                                    So Q repeats the last macro I used.

                                                                                                                                                    1. 1

                                                                                                                                                      Nice. I use ` for that :)

                                                                                                                                              2. 1

                                                                                                                                                See sensible.vim, a relatively popular 101-line file that collects “a universal set of defaults that (hopefully) everyone can agree on”. Some random examples of changes it makes to Vim’s defaults:

                                                                                                                                                • set laststatus=2 – always show the status line, even when only one window is open
                                                                                                                                                • set scrolloff=1 – when the cursor is near the edge of the screen, scroll to show one line beyond the cursor.
                                                                                                                                                  • It used to default to 0, but Vim 8’s defaults.vim defaults this to 5 for users who have no .vimrc, making this change less necessary.
                                                                                                                                                • set formatoptions+=j – delete the comment character (e.g. #) when joining commented lines with J
                                                                                                                                                • set history=1000 – increase the number of remembered : commands from 200 to 1000

                                                                                                                                                For an example of multiple hundreds of lines of vimscript, see my well-commented personal vimrc, which has a 993-line configuration section followed by a 148-line todo list. I definitely wouldn’t say I need all those lines to be productive, though.

                                                                                                                                                1. 0

                                                                                                                                                  Hah, well I’m sure that’s great for you, but isn’t really representative of vim users.

                                                                                                                                                  1. 1

                                                                                                                                                    Um… I’m not going to claim to have proof otherwise, but it’s representative of all vim users I know, and most I read online talk about using vim so that it “works everywhere, always present over ssh on every system, etc” which obviously breaks down if you add hundreds of lines of mods to the base…

                                                                                                                                                    1. 1

                                                                                                                                                      My 6 lines are

                                                                                                                                                      set nojoinspaces
                                                                                                                                                      set ai
                                                                                                                                                      set expandtab
                                                                                                                                                      set tabstop=4
                                                                                                                                                      set sw=4
                                                                                                                                                      set showmode matchpairs=(:),{:},[:],<:>
                                                                                                                                                      

                                                                                                                                                      This is due to a lack of ambition. I’ve never bothered to learn the entire vim command set. I bet that laziness and lack of interest in learning the entirety of a very complex system is actually pretty common, rather than being “not representative of vim users”. Only way to know for sure, though, is an empirical study.

                                                                                                                                                      Update: I did an empirical study. This DDG search: site:github.com inurl:vimrc dot files. Top 10 hits, line lengths of .vimrc files in various “dotfiles” repos on github: 108, 611, 8 403, 182, 54, 54, 1743, 422, 202.

                                                                                                                                                      Interesting, and not what I predicted.

                                                                                                                                                  2. 2

                                                                                                                                                    Does :%sh { rspec... } not do this?

                                                                                                                                                    1. 2

                                                                                                                                                      I think you mean :nop %sh{ rspec ... } to prevent Kakoune from trying to run the output of rspec as a command, and it probably still wouldn’t do the same thing since it eats the rspec output instead of letting you read it.

                                                                                                                                                      1. 1

                                                                                                                                                        I’m not sure what %sh does actually tbh.

                                                                                                                                                      2. 1

                                                                                                                                                        I gave it a try 4 years ago: https://lobste.rs/s/v17gol/switching_sublime_text_from_vim_2017/comments/7dbqc1#c_7dbqc1

                                                                                                                                                        I’d love to learn if the story for any of these pain points has updates! Definitely lots I want to like about Kakoune.

                                                                                                                                                      1. 8

                                                                                                                                                        Although I have known about Kakoune for a while, I only recently found out that it’s licensed under Unlicense, which I find unsettling for legal reasons.

                                                                                                                                                        Otherwise, I haven’t really used it much. How does it compare to vis? I have grown very fond of it for terminal editing, to the degree that I usually uninstall vim on all my machines to replace it with vis.

                                                                                                                                                        1. 5

                                                                                                                                                          I stopped off at vis (and sam) along the way from Vim to Kakoune. vis was fairly nice, but ultimately I found it really, really wanted you to move around and make selections with structural-regular-expressions language, and I never quite got the hang of it (quick, what’s the difference between +- and -+?)

                                                                                                                                                          In contrast, Kakoune supports basically the same operations as SREs, but encourages you to move around and make selections with immediate, visual feedback — and it’s still easily scriptable, thanks to the “interactive keys are the scripting language” model the article describes.

                                                                                                                                                          It’s a bit of a shame that Kakoune’s licensing civil disobedience excludes people who just want a nice text editor, but even if you can’t use Kakoune’s code I hope you (or other people) will steal its ideas and go on to make new, cool things.

                                                                                                                                                          1. 6

                                                                                                                                                            It’s a bit of a shame that Kakoune’s licensing civil disobedience excludes people who just want a nice text editor,

                                                                                                                                                            Huh? I just looked at the UNLICENSE file; unless I’m missing something, it just drops Kakoune into the public domain. SQLite has the same thing going on.

                                                                                                                                                            1. 3

                                                                                                                                                              The issue is allegedly that it’s not possible to do that under every legal system. Germany seems to be an example where that could cause issues. CC0 handles this better by adding a “fallback” clause in case that it’s not possible.

                                                                                                                                                              1. 4

                                                                                                                                                                Legal systems are not laws of nature. If no one would ever take you to court or fine you for violating a law, that law does not apply to you. Unlicense, WTFPL, etc are great examples of this - extremely strong signals from author that they will not take any actions against you no matter what you do with the content under that license.

                                                                                                                                                                1. 1

                                                                                                                                                                  Unlicensed, WTFPL, and even CC0 are banned by Google due to opinions by their legal team. While I don’t trust Google for a lot of things, I think it’s safe to trust their legal team thought about this and had their reasoning.

                                                                                                                                                                  1. 4

                                                                                                                                                                    But Google’s risk appetite should be pretty different than yours. The legal system hits everybody different.

                                                                                                                                                                    1. 1

                                                                                                                                                                      What do you mean by this? Google’s legal team is going to be playing liability games in a paranoid way that is obviously irrelevant for anyone not engaged in corporate LARP.

                                                                                                                                                                      Like, actually, no appeals to authority, no vague paranoia, what would actually go wrong if you used WTFPL or CC0 in Germany for a personal project?

                                                                                                                                                                      1. 1

                                                                                                                                                                        CC0 is fine in Germany, UNLICENSE is the problem.

                                                                                                                                                                        But otherwise, you’re right. In most cases, nobody cares what license is being used (other than ideological reasons). A small hobby project might just as well have a self-contradictory license, and it wouldn’t be a practical problem. But depending on the scope of what is being done, there are always legal vultures, just like with patent trolls or people who blackmail torrent users, that might find a way to make some money from legal imperfections.

                                                                                                                                                                        I’m not a legal expert, so I try not to bet on these kinds of things. If CC0 and UNLICENSE are functionally equivalent, signal the same message (“do what you want”) but one is less risky that the other, I’ll take the safer option.

                                                                                                                                                              2. 2

                                                                                                                                                                What does SRE stand for, in this case?

                                                                                                                                                                1. 5

                                                                                                                                                                  “Structural regular expressions”, I’d wager?

                                                                                                                                                                  1. 5

                                                                                                                                                                    structural-regular-expressions

                                                                                                                                                              1. 5

                                                                                                                                                                In the “Parens” section:

                                                                                                                                                                var p = / digit+' ('seconds' | 'minutes' | 'hours' ) /

                                                                                                                                                                There’s an odd number of single-quotes there, so I’m not sure which spans are supposed to be quoted and which aren’t.

                                                                                                                                                                Are the syntaxes labelled “not implemented” not implemented yet, or are they deliberately avoided for some reason?

                                                                                                                                                                Since if word { must treat word as a command for bash-compatibility reasons, and since square-brackets seem to indicate “expression context” in at least a few places, perhaps if [x < 0] { should be the syntax for expression conditionals rather than if (x < 0) {?

                                                                                                                                                                In the “Language Influences” document, the section about Go’s argument parsing says:

                                                                                                                                                                mybuiltin --show=0 # turn a flag that's default true

                                                                                                                                                                Turn it how? Like the Turn Undead spell in D&D?

                                                                                                                                                                1. 3

                                                                                                                                                                  Great feedback, thanks!

                                                                                                                                                                  I fixed the typos with the first ' and the Go thing. I changed the wording to “not implemented yet”.

                                                                                                                                                                  I realized there is really no consistency between parens and parens+sigil, and brackets and brackets+sigil, mostly due to legacy constraints. So I re-organized the doc along those lines.

                                                                                                                                                                  It’s technically easier to take over subshell shopt -s parse_paren, for if (x > 0) ..., and I think it just looks more familiar. if [x > 0] would be needlessly different.

                                                                                                                                                                  Let me know if you see anything else!

                                                                                                                                                                1. 3

                                                                                                                                                                  Tracing (rotoscoping?) the original artwork is a nice touch. It’s probably the closest one can get to the original game within the confines of an Apple II, but I’d be interested to see a demake in a more platform-appropriate style. The old adventure game The Hobbit managed to fit a lot of hi-res graphics onto a single disk by storing them as vectors and rasterising them (slowly) at run-time, which I think would suit Myst well.

                                                                                                                                                                  I once started a Myst demake as a text adventure; I didn’t get very far, but I still love the idea of Myst demakes.

                                                                                                                                                                  1. 1

                                                                                                                                                                    Given my username, I hope you understand how jealous I am that you managed to snag zork.net. :)

                                                                                                                                                                    1. 1

                                                                                                                                                                      Actually, it belongs to a friend, but yeah, it’s pretty great. :)