1. 4

    Wow, they’re really taking penetration testing way too seriously. Neat though. Too much of reading this article was just gawking at why this product would have the features it does…

    1. 2

      Trying to figure out if I’m working on a Kubernetes or Serverless ebook series next. Some pros and cons for each. A lot of nay-sayers on serverless still, but then again, containers in general have their haters too, and that’s my bread and butter.

      1. 1

        Speaking from a workplace that uses both of these technologies, I think a Serverless resource with best practices around deployment, monitoring, and organization would be hugely helpful. I like the idea but the tooling around it all seems so bad that I’m hesitant to use it for even the most straightforward tasks.

        1. 2

          Thanks for the response. I do think a serverless resource would be helpful, and it’s fairly early-mover territory in our mind. A lot of what I would be doing is market level, but gets down eventually into deployment practices and such. Admittedly, we have to fund these ventures too, and right now our ties to Kubernetes-based sponsors is probably a lot stronger. Either way, both would be in the pipeline.

      1. 14

        The whole article reads like pro-corporate propaganda, from the title to framing the discussion in partisan terms like ‘anti-collaborative’. There is copyleft, which ensures collaboration; and there is MIT/BSD which does not. And you are complaining that you can’t share code with other people? Seems the problem would be solved by picking copy-left in the first place.

        I would venture to guess that they come up with arguments like copy-left being ‘anti-collaborative’ to make their decision more palatable for others. They don’t like copyleft because they want to exploit and leverage free labor without strings attached. It is sad that MIT/BSD Licenses are more popular these days judging from Github.

        Do people think we would have Webkit today if it weren’t for the (L)GPL? Apple didn’t shared the code in a timely manner even when they were required to by the license!

        1. 10

          Personally I prefer BSD licenses because I want my open source software to benefit everyone, not just hobbyists. Many workplaces can’t easily comply with the GPL and I’d prefer that they get the benefit rather than not. I guess in the end I’m in it to write cool code that helps people rather than trying to push an ideal.

          1. 7

            Personally I’m not generous enough to be happy for my volunteer work to help someone else get rich without contributing back.

            It’s cool that others are though! The thing that throws me the most is how bent out of shape people get over other peoples choice of license for their personal projects.

            1. 2

              Personally I’m not generous enough to be happy for my volunteer work to help someone else get rich without contributing back.

              That statement assumes the only people benefiting from proprietary software are the suppliers. That couldn’t be more wrong. There’s plenty of users that find a need for that software. People using permissive licenses may be aiming to benefit them instead of the executives of supplying company.

          2. 2

            I think it’s more than fair to say it’s pro-corporate, but I don’t know if it’s a propaganda so much as… well, opinionated. Certainly there is a reality to what is best for companies profiting from open source is not always best for the communities and individuals.

            1. 10

              I would say other comments from the author as pro-corporate w/o being propaganda. But this one is full of loaded language. Liberation from what exactly? OSS co-opted the Free Software movement and stripped it of its core values to make it palatable to corporations. Now they want to pretend that Free Software is oppressive/exploitative?

              P.D. The article kinda triggers me, but I don’t think I have crossed the lines of civility.

              1. 5

                “Liberation” is in the eyes of the beholder. I wouldn’t write an OSS project in GPL unless I had to just because it would tie me down in a way that seems unnecessary. Advocating for looser licenses isn’t just for those who are pro-corporate.

                Of course, all of this language is very extreme, but that’s the environment we are in. Mostly, it’s an environment created by Stallman and the FSF wherein proprietary software is regularly referred to as slavery.

            2. 1

              did not know that Webkit was LGPL. and that Apple did not respect the license.

              1. 9

                WebKit was LGPL because they forked it from KHTML. They since done all they can to migrate to BSD. Apparently I was mis-remembering about Apple not releasing the code in a timely manner. They did respect the license. They weren’t keen on sharing though.

                Do you have any idea how hard it is to be merging between two totally different trees when one of them doesn’t have any history? That’s the situation KDE is in. We created the khtml-cvs list for Apple, they got CVS accounts for KDE CVS. What did we get? We get periodical code bombs in the form of them releasing WebCore. Many of us wanted to even sign NDA’s with Apple to at least get access to the history of their internal vcs and be able to be merging the changes incrementally, the way they can right now. Nothing came out of it. They do the very, very minimum required by LGPL.

                http://web.archive.org/web/20060303184210/http://www.kdedevelopers.org/node/1001

                1. 5

                  I don’t think code bombs should be regarded as compliance with the license. Proper VCS history is an integral part of the “preferred form for making modifications” of almost every codebase I’ve ever worked on. One of the FSF’s standard examples is that if you have a perl script that generates C code you have to publish the perl script, not the generated C code - to my mind publishing just a snapshot checkout of your VCS codebase is the same kind of thing.

                  1. 5

                    It’s unfortunately not uncommon, even amongst so-called “open source companies”. If I’m not mistaken, the kernel source distributed by Red Hat for RHEL is just a dump rather than a set of the individual patches. Working out what has been changed from upstream requires a fair amount of time-consuming spelunking.

                    And of course there are those vendors who release nearly obfuscated drivers (eg, Broadcom). Look at broadcom/brcm80211/brcmsmac/phy/phy_n.c from the Linux kernel. Yes, it’s compliant with the kernel license. The spirit? Not so much…

              2. 1

                To me it reads like the project was essentially dead for business and licensing reasons he described. Multiple parties worked to acquire & relicense it in a way that got adoption in other projects. I’ve since seen articles and comments where people are going to use it that weren’t originally. It appears his model of things was accurate as far as RethinkDB goes.

                Do you have counter-evidence that using the AGPL commonly results in the adoption or commits that the other licenses were getting?

              1. 6

                I am not really a fan of submissions about Terry–feels too much like looking at a person with a problem and gawking.

                By all means, submit content about TempleOS or his technology, but this sort of thing is not really kind. Also, tag it properly–person.

                1. 3

                  Ah, didn’t realize there was a person tag. I’ve added it. I see what you mean about “gawking"—I’m not sure there’s a way to get around that. I think TempleOS is incredibly interesting, but I don’t think it can be ever separated from him, it’s in a way a study in person. Thinking more on it, that does really make it hard to approach it in a way that doesn’t feel like a zoo.

                  1. 3

                    Yeah, I think the author of this article was wrong to write it, for that reason. Not all interesting things are meant for others to consume, you know?

                  2. 3

                    It does feel like gawking into a person’s life, but on the other hand knowing some context on him as a person does provide context to the OS and how he talks to go.

                  1. 1

                    Well, good timing. I was just having a discussion with colleagues about AGPL and how little we (I) really understand the minutiae of some software licenses. The discussion over at HackerNews devolved pretty quickly into the licensing discussion, although it’s recently been overtaken by comments from the leadership team.

                    1. 4

                      Are these certifications ever useful? When I was at AWS I thought about signing up and getting all their certifcates since it would be free working there, but I never found a strong case for it.

                      1. 2

                        I honestly have no idea. I imagine there’s some practical usage, but how much of it is just looking good on a resume?

                      1. 19

                        It did. I ran a team for a fintech-adjacent company. The macho dick-swinging culture and constant grinding feeling of enabling the psychopaths running the country into the ground got to me. I quit.

                        Took four months to clear my head and find a job that felt like doing something positive. Now I work on long-term digital preservation for archival institutions.

                        1. 5

                          This hits at something difficult — your job itself, or role anyway, could be something you believe in and feel positively about, but if the company culture and leaders are overall a negative on society… it feels like you’re enabling them, even if indirectly by just moving the business forward. Maybe I’m exaggerating, but especially in small companies, one bad person at the top makes even a charitable business feel like a worsening of things for everyone.

                          1. 1

                            Did you already conclude that FinTech is full of psychopaths too? It’s not only the highest echelons of government - they’re everywhere.

                            1. 1

                              I was referring to Wall Street.

                              1. 0

                                It’s actually both.

                                • Wall Street: ~100%
                                • FinTech company founders/CEOs: 95%+
                                • BigCorp executives: ~100%
                                • Politicians: ~100%
                                • Surgeons: ~100%
                                • Bureaucrats: 80%+
                                • Accountants: 80%+
                                • Lawyers: ~100%
                                • Professors: 90%+
                                • Random strangers on the street: 20%+? 30%? 40%?

                                And so on. That kind of stuff is what I meant with: “they’re everywhere”.

                                1. 2

                                  What professions would you say have the lowest amount of psychopaths?

                          1. 6

                            This line of self-questioning applies to pretty much every discipline it seems. I think a lot of people will find uncomfortable answers. I’ve worked in tech media for a hot minute, and I started out at a company that used a lot of deceptive and purposefully abusive methods which some would call the cornerstone of digital marketing, but to me felt awful. I’d say that there’s probably a lot of marketers and advertisers that are aware that they’re not always doing things they believe are okay to do as well.

                            1. 4

                              Hm, a “Javascript Certification”, even though it’s aimed for server-side technology (Node) would still be quite useful for front-end devs looking to signify competency. With such a huge number of javascript programmers, I expect that this will be broadly adopted.

                              1. 2

                                I think you’re spot on here. I think it’ll be a great way for devs that need some kind of acknowledgement, and the NodeJS Foundation ain’t exactly lacking the credentials.

                              1. 1

                                Not really in the technical realm at all, so perhaps the odd duck out here. I’m working on a pitch for a series of ebooks on serverless topics (queue: “what does serverless even mean” or “FaaS is more accurate”).