1. 2

    Anyone has tried that out? I recently looked into switching from Pocket/Pinboard to wallabag, but I’m running into ‘can’t parse this webpage’ type errors a lot.

    1. 16

      A blanket ban seems like a bad idea since there are certainly some people who post good stuff that is relevant, for example @ltratt’s latest submission.

      Drawing the line is really hard. Some accounts are just using the site to promote every little thing they write, regardless of how trivial it is, or they are submitting what are clearly unthought out code ideas with no real implementation behind them, possibly looking for feedback. I really don’t care for these submissions and I think they de-value the site.

      I really want to discourage the latter and I really want to see more of the former. I’m content with the system of raising concerns on IRC or to the mods and having a judgement call made that way rather than banning it. Maybe we can stress something on the submission page.

      1. 4

        I agree with your point more than others’. The issue IMO is not self-posting, it’s low-effort posting.

        Stuff like “OpenSSL 1.1.1x released” is worthless, I’m on the mailing list for that. Same goes if your own blog post if it was written in 30 minutes.

        On the other hand, I found @gthm’s latest post about backups to be great, and it sparked a very interesting discussion in comments. The post was submitted by @gthm him/herself.

        1. 3

          Stuff like “OpenSSL 1.1.1x released” is worthless, I’m on the mailing list for that. Same goes if your own blog post if it was written in 30 minutes.

          Yes, exactly. Low-effort blog posts are actually the thing I’m talking about and want to curtail, and my experience is that they’re pretty highly correlated to self-posts.

          1. 6

            A blanket ban on posting your own articles would be throwing out the baby with the bathwater, IMO. Besides, I don’t have the impression that people who post low-effort blog posts are especially concerned with following community rules/etiquette, so they’d probably get posted anyway.

            I think a discussion on how we can curtail low-effort self-promotion would be useful, but I’m not sure if anything further can be done about this outside of some drastic limitations which would limit the normal usage of the site too. I think this is one of those “it sucks, but it’s the best we’ve got” kind of things.

            1. 4

              and my experience is that they’re pretty highly correlated to self-posts.

              Do you have any sort of numbers, or is that merely a feeling? If it’s a feeling: mine is that it only correlates to self posts of a few notorious offenders (who get flagged or banned after a while anyway), most others are quite selective of what they share, and most likely it’s content that is not low-effort, even if it doesn’t interest me personally. A blog post every few weeks is certainly fine by me, and I’d consider it harmful to give those people the feeling they shouldn’t share what they do or think about. Don’t let a few bad apples spoil it for the rest of us. After all, there are other safe-guards in place (up-votes, flagging posts, etc…).

        1. 1

          Anyone know when the phone will be more “traditionally” available? I would love to get one, but it seems every time I check it’s out of stock or pre-order. Almost seems like vaporware.

          1. 2

            Check the store on September 17th (or 16th possibly, if you are in the US), that’s when the next batch goes up for pre-order. In my experience, as long as you are in ‘few hours’ window of the release of a batch (maybe up to a day, if you are lucky?) you should be able to order one. If you keep an eye on their subreddit I’m pretty sure there’ll be a post soon after the batch goes online.

            “traditionally” available might still be a while, in my estimate.

          1. 8

            Great article! I have one comment on this:

            When I am ready to move a task from In Progress to In Review, I close the subtree with tab and then highlight the collapsed subtree, cut it and paste it under the In Review header.

            I suspect you know this already, and the “cut and paste” comment is for the benefit of readers that are not familiar with Org mode, but if not it’s your lucky day! If you set (setq org-refile-use-outline-path 'file) you can hit C-c C-w (org-refile) to move a subtree to a different heading in any of your org-agenda-files, which is a bit more streamlined than cut-and-paste. You don’t even have to have the cursor on the heading!

            1. 3

              Today I learned! I’ll be sure to try this at work today. Thanks!

              1. 1

                Sweet, thanks for that. Is there a way to re-file a subtree into a non-root element in an org-file?

                1. 1

                  Indeed! https://orgmode.org/org.html#Refile-and-Copy has the details. You can do M-x customize-group RET org-refile RET for all the configurable settings.

                  1. 1

                    Only disappointment so far is that I could not get the refile to a new file working yet. Would help refactoring my noteoliths into zettelservices

                    1. 2

                      I think for that to work you need to customise org-refile-targets and provide a function to prompt for/generate a filename. From the variable’s documentation:

                      This is a list of cons cells. Each cell contains:

                      • a specification of the files to be considered, either a list of files, or a symbol whose function or variable value will be used to retrieve a file name or a list of file names. […]
                    2. 1

                      Cool, thanks, much appreciated!

                1. 1

                  I think I’ll get back to working on my generic package manager for files (single-file binaries, config files, other categories of files where its currently cumbersome to manage and update versions and metadata associated with them). Finished a working prototype, but want to re-write some of the parts to remove a few pockets of complexity. We’ll see how that goes, usually I have a harder time motivating myself to do work when it’s about re-writing things I already implemented, instead of solving a new problem…

                  1. 3

                    I’ve taken a stance of not running any AGPL software, period, and especially not any software that might be usable via the network (triggering the clauses that make the AGPL unique vs the GPL). My reasoning is simple: I’m lazy. I may patch a piece of software to fit my needs, but by doing so, I may patch in secrets or details about my infrastructure that I don’t want public. I’m not keeping the patch proprietary to turn it a business model or anything that goes against the spirit of the GPL; I just don’t find some patches particularly valuable or appropriate for public consumption. The GPL doesn’t cross this line, because it is easy to not redistribute my modifications in binary form (why would I with these patches?), but it can be potentially disastrous to flirt with these modifications in AGPL software.

                    If I wasn’t so lazy, I may patch the software “correctly”, introducing configuration options which don’t hardcode pieces of my own infrastructure, but I find this unreasonably burdensome for a so-called free software license, and it slows down proof-of-concept patches that I might otherwise want to deploy to canary instances to check for faults that integration and unit tests may not cover.

                    1. 2

                      I don’t have an opinion on your overall argument. Just: ‘unreasonably burdensome for a so-called free software license’. This does not make sense to me, nobody ever said free software licenses are there to reduce burdens. That most of the permissive licenses actually do that is more a side-effect than anything else, and misses the point, IMHO.

                    1. 31

                      The reason they spread these misconceptions is straightforward: they want to discourage people from using the AGPL, because they cannot productize such software effectively.

                      This doesn’t stand up to even a modicum of scrutiny. First of all, it assumes you know the intent of Google here. I don’t think Google’s intentions are that great to be honest, but as a rule of thumb, if you form an argument on knowing the intentions of other humans, it’s probably a bad argument unless you can provide credible evidence of their intent. Secondly, I see no such credible evidence in this article, and the lack of attention paid to how Google handles other licenses in this article is borderline disingenuous. All I see is a casual observation that Google’s policy benefits them systemically, which I would absolutely agree with! But that shouldn’t be a surprise to anyone.

                      Why? Because it omits critical context. The AGPL is not the only license that Google bans. They also ban the WTFPL, which is about as permissive as it gets. They ban it because they have conservative legal opinions that conclude it has too much risk to rely on. I think those legal opinions are pretty silly personally, although I am somewhat biased because I’ve released code under the WTFPL only to have one Googler after another email me asking me to change the license because it’s banned at Google.

                      My point is that there are other reasonable business explanations for banning licenses. Like that a team of lawyers paid to give their best expert advice on how a judge would rule for a particular license might actually, you know, be really risk averse. Licenses aren’t some black and white matter where things that are true and things that are not are cleanly separated in all cases. There’s oodles of grey area largely because a lot of it actually hasn’t been tested in court. Who would have thought the courts would rule the way they did in Google v. Oracle?

                      What’s the cost of being wrong and having Google required to publish all of their source code? Can anyone here, even a Googler, even begin to estimate that cost? If you haven’t thought about that, then you probably haven’t thought deeply enough to criticize the intentions on this particular piece of “propaganda.” Because that’s probably what Google’s lawyers are weighing this against. (And probably an assortment of other such things, like the implications of allowing AGPL but giving each such use enough scrutiny as to be sure that it doesn’t wind up costing them dearly.)

                      But by all means, continue punishing companies for making their policies like this public. Because that’s a great idea. (No, it’s not. Despite how annoying I find Google’s policies, I really appreciate having them documented like they are.)

                      Disclaimer: I don’t like copyleft, but primarily for philosophical reasons.

                      1. 11

                        I don’t think Google’s intentions are that great to be honest, but as a rule of thumb, if you form an argument on knowing the intentions of other humans, it’s probably a bad argument unless you can provide credible evidence of their intent.

                        As someone who previously worked on the open source team at Google and sat in the office and am friends with these humans, I can say very strongly that those lawyers do not have some sort of hidden agenda. It is also certainly false to assume they are not competent at their job. My read is that they are, as you might expect, very good at their job (noting I am also not a lawyer).

                        A common mistake I see many commenters (and news stories etc etc) and I think you head to unintentionally, is to talk about Google as if it is a single anthropomorphic entity with its own thoughts and feelings. This piece does the same. There is not “a Google” that is making amoral decisions for its global benefit . There is an office of humans that try their best and have good intentions.

                        The team makes decisions in this order:

                        1. Protect the open source ecosystem.
                        2. Protect the company.

                        “Protect the ecosystem” is hard to believe if you buy into the “amoral entity” argument but is provably true: the easiest way to protect the company is to ban open source contribution (aside from forced copyleft terms) at all, but Google does this a lot under the Apache 2 (permissive) license. The banned licenses, as you note, are those that either do not have enough specificity (like WTFPL) or ones with what the legal team believe are onerous terms. They are good laywers, and so you have to assume they have a pretty strong case for their interpretation. Even if you think they are wrong (as all law is essentially malleable), hashing things out in court to decide what the terms of the license truly mean is a really bad use of time and money.

                        1. 13

                          There is not “a Google” that is making amoral decisions for its global benefit . There is an office of humans that try their best and have good intentions.

                          Yes, there is. The two are not mutually exclusive. A corporation like Google is structured in such a way that the sum of all its humans, all trying their best, serves the interests of the company. It’s not anthropomorphic, but it does have an agenda, and it’s not necessarily that of any of its constituent humans. Whether morality features prominently on that agenda is a legitimate matter for debate.

                          I think you’re trying to open a semantic crack in which responsibility can be lost: misdeeds are attributed to Google, but since Google isn’t one person it can’t be guilty of anything. But if companies really aren’t more than the sum of their parts, at least one person at Google must be responsible for each of its transgressions, which I think casts doubt on the claim that they have good intentions.

                           

                          The team makes decisions in this order:

                          1. Protect the open source ecosystem.
                          2. Protect the company.

                          Maybe that’s true of the open source team. It’d be hard to believe that of Google in general—partly because it’s a coompany and you’d expect it to protect itself first, but more concretely because there’s history. Google has been hegemonizing Android for years. They’re also trying to do the same to the Web, via Chrome. The open source ecosystem gets to use whatever Google puts out, or suffer. I don’t see how that’s healthy.

                           

                          “Protect the ecosystem” is hard to believe if you buy into the “amoral entity” argument but is provably true: the easiest way to protect the company is to ban open source contribution (aside from forced copyleft terms) at all, but Google does this a lot

                          (I note that you don’t have a problem anthropomorphizing Google when it’s doing things you think are good.)

                          I’ve yet to see the proof. Publishing open source software doesn’t necessarily speak to any commitment to the wellbeing of the open-source ecosystem, nor does it typically carry any great risk. Let’s take a couple of minutes to think of as many reasons as we can why a company might publish open-source software out of self-interest:

                          • The existence of good tooling for markets you dominate (web, mobile) directly benefits you
                          • Developers like publishing things, so letting them publish things is a cheap way to keep them happy if it doesn’t hurt you too badly
                          • It’s great PR
                          • If you have a way to use your open-source thing in a way that nobody else does, the free work other people do on it gives you an advantage

                          You might say: so what? Obviously they have businessy motivation to care about open source, but what does it matter if the result is they care about open source? But, as we’ve seen, the moment it benefits them to work flat-out on destroying an open ecosystem, they do that instead.

                          1. 3

                            But, as we’ve seen, the moment it benefits them to work flat-out on destroying an open ecosystem, they do that instead.

                            This could be said of nearly any corporation as well.

                            Move from OS sales to cloud services, buy an open-source friendly company, release a good editor that works on the competition, and even inter-op with rhe competition.

                            The example may have the best intentions in mind, insofar a corporation can, but could also be a long-con for traction and eventually blast out something that makes the users jump ship to the corporation’s platform.

                            Best part of it all is, it could be hedging in case that “something” comes along. There is some win either way and an even bigger win if you can throw the ideals under the bus.

                            1. 2

                              For sure. It’d be naïve to think Microsoft had become nice. They’ve become smarter, and they’ve become a smaller player comparatively, and in their situation it’s pragmatic to be a good citizen. Google was the same with Android before they won their monopoly.

                            2. 2

                              (I note that you don’t have a problem anthropomorphizing Google when it’s doing things you think are good.)

                              It’s easy to do, mistakes were made, I’m human. Don’t assume malice or misdirection.

                              1. 5

                                I don’t assume either. I think it’s a natural way to communicate about organisations. But your opening gambit was about how talking about Google in those terms betrayed some error of thought, so I’d hoped that pointing this out might give you pause to reconsider that position. I didn’t mean to cast doubt on your sincerity. Apologies.

                                1. 2

                                  All good 👍

                            3. 10

                              Right, I mostly agree with what you’re saying! I do think a lot of people make the mistake of referring to any large company as a single entity, and it makes generalizing way too easy. With the WTFPL thing, I experienced that first hand: a bunch of individuals at Google reached out to me because none of them knew what the other was doing. And that’s a totally reasonable thing because no large company is one single mind.

                              Now, I don’t want to come off like I think Google is some great thing. The WTFPL thing really left a sour taste in my mouth because it also helped me realize just how powerful Google’s policies are from a systemic point of view. They have all these great open source projects and those in turn use other open source projects and so forth. My libraries got caught up in that, as you might imagine in this day and age where projects regularly have hundreds or thousands of dependencies, and Google had very powerful leverage when it came to me relicensing my project. Because it worked itself back up the chain. “{insert google project here} needs to stop using {foo} because {foo} depends on {burntsushi’s code that uses WTFPL}.” Now foo wants to stop using my code too.

                              I’m not saying any of this is particularly wrong, to be honest. I am an individualist at heart so I generally regard this sort of thing as okay from an ethical or legal perspective. But still, emotionally, it was jarring.

                              Do I think the lawyers in Google’s open source policy office think about that sort of effect it has on individuals? I don’t really. I don’t think many do. It’s probably a third order effect of any particular decision, and so is very hard to reason about. But from my perspective, the line of policy making on Google connects very directly to its impact on me, as an individual.

                              In the grand scheme of things, I think this is not really that big of a deal. I’m not all hot and bothered by it. But I do think it’s a nice counter-balance to put out there at least.

                              1. 4

                                To play devil’s advocate:

                                It appears that seasoned lawyers have deemed the license you use “not specific enough”.

                                Isn’t the whole point of a license to fully lay out your intentions in legal terms? If it doesn’t succeed at that, wouldn’t it be better to find another license that does a better job at successfully mapping your intentions to law?

                                1. 6

                                  To be clear, I don’t use the WTFPL any more, even though I think it makes my intent perfectly clear. So in a sense, yes, you’re right and I changed my behavior because of it. I stopped using it in large part because of Google’s influence, although the WTFPL didn’t have a great reputation before Google’s policy became more widely known either. But most people didn’t care until Google’s policy influenced them to care. Because in order for my particular problem to exist, some amount of people made the decision to use my project in the first place.

                                  I brought up the WTFPL thing for two reasons:

                                  • To demonstrate an example of a license being banned that isn’t copyleft, to show that Google has other reasons for banning licenses than what is stated in the OP.
                                  • To demonstrate the impact of Google’s policies on me as an individual.

                                  I didn’t bring it up with the intent to discuss the particulars of the license though. I’m not a lawyer. I just play one on TV.

                                  1. 2

                                    But I think even Google’s influence is just one example of the commercial world interacting with the “libre” world; in this light, Google is just entering earlier and/or investing more heavily than its peers. And it could be argued that’s a good thing, as it puts libre creators more in touch with the real needs of industry. It’s the creator’s choice whether to acknowledge and adapt to that influence, or to bend to it entirely. As I see it, Google can’t make you do anything.

                                    I do hope that Google carves out exceptions for things like Affero though, since I share Drew’s confusion at Google’s claim of incompatibility. I’m in the same boat, after all; I’m also a user of a niche license (License Zero), the legal wording of which I nevertheless have great confidence in.

                                    I believe that at some point, companies like Google will have to bend to the will of creators to have control over how their work is licensed. I happen to use License Zero because it seems to provide more control on a case-by-case basis, which I think is key to effecting that shift.

                                    1. 4

                                      As I see it, Google can’t make you do anything.

                                      Maybe I didn’t express it clearly enough, but as I was writing my comments, I was painfully aware of the possibility that I would imply that Google was making me do something, and tried hard to use words that didn’t imply that. I used words like “influence” instead.

                                      And it could be argued that’s a good thing, as it puts libre creators more in touch with the real needs of industry. It’s the creator’s choice whether to acknowledge and adapt to that influence, or to bend to it entirely.

                                      Sure… That’s kind of what I was getting at when I wrote this:

                                      I’m not saying any of this is particularly wrong, to be honest. I am an individualist at heart so I generally regard this sort of thing as okay from an ethical or legal perspective. But still, emotionally, it was jarring.

                                      Anyway, I basically fall into the camp of “dislike all IP.” I’d rather see it abolished completely, for both practical and ideological reasons. Then things like copyleft can’t exist. But, abolishing IP would change a lot, and it’s hard to say how Google (or any company) would behave in such a world.

                                      1. 2

                                        Anyway, I basically fall into the camp of “dislike all IP.” I’d rather see it abolished completely, for both practical and ideological reasons.

                                        Maybe we should turn Google into a worker coop 😉 Then its employees could change IP policy like you say, the same way they successfully protested the deals w/ China & the US military.

                                      2. 4

                                        I do hope that Google carves out exceptions for things like Affero though, since I share Drew’s confusion at Google’s claim of incompatibility.

                                        Large parts of Google work in a monorepo in which anything goes if it furthers the mission. The Google licensing site brings up that example of a hypothetical AGPL PostGIS used by Google Maps. In normal environments that wouldn’t be an issue: your code interfaces to PostGIS through interprocess APIs (which still isn’t linking even with the AGPL) and users interact with your code, but not with PostGIS. In the monorepo concept code can quickly be drawn into the same process if it helps any. Or refactored to be used elsewhere. That “elsewhere” then ends up under AGPL rules which could be a problem from a corporate standpoint.

                                        It’s a trade-off between that flexibility in dealing with code and having the ability to use AGPL code, and the organizational decision was apparently to favor the flexibility. It can be possible to have both, but that essentially requires having people (probably lawyers) poring over many, many changes to determine if any cross pollination between license regimes took place. Some companies work that way, but Google certainly does not.

                                        I believe the issue with WTFPL is different: because it’s so vague my guess is that the open source legal folks at Google would rather see that license disappear completely to protect open source development at large from the potential fallout of it breaking down eventually, while they probably don’t mind that the AGPL exists. At least that’s the vibe I get from reading the Google licensing site.

                                        (Disclosure: I work at Google but neither on open source licensing nor with the monorepo. I also don’t speak for the company.)

                                2. 3

                                  There is not “a Google” that is making amoral decisions for its global benefit . There is an office of humans that try their best and have good intentions.

                                  Mike Hoye wrote a short article called “The Shape of the Machine” a couple of months ago that examines the incentives of multiple teams in a large company. Each team is doing something that seems good for the world, but when you look at the company as a whole its actions end up being destructive. The company he’s talking about also happens to be Google, although the lesson could apply to any large organization.

                                  I definitely agree with you that Google has lots of capable, conscientious people who are doing what they think is right. (And to be honest, I haven’t thought about the licensing issue enough to be able to identify whether the same thing is at play here.) I just think it’s good to keep in mind that this by itself is not sufficient for the same to be said for the organization as a whole.

                                3. 9

                                  This is exactly what I came here to say. Basing an argument on your own interpretation of a license is a great way to get into legal trouble. Not only is there the risk that a judge in a court of law may disagree with your interpretation but there is also the risk that you will invite litigation from others that have a different interpretation and disregarding the risk of losing that litigation that litigation has a cost.

                                  So by using AGPL you incur not only the risk of having the wrong interpretation once it is tested in court but also the risk of an increase in costly litigation over time. This risk is further magnified by your size and how much larger it makes the target on your back.

                                  1. 12

                                    Basing an argument on your own interpretation of a license is a great way to get into legal trouble

                                    The article starts with “I’m not a lawyer; this is for informational purposes only”, and then proceeds to make strong un-nuanced claims about the license and even proceeds to claim that Google’s lawyers are incompetent buffoons and/or lying about their interpretation. Saying you’re not an expert and then pretending you are in the very next sentence is pretty hilarious. It’s abundantly clear this article is to support the author’s politics, rather than examine legal details.

                                    1. 6

                                      I’m not a lawyer; this is for informational purposes only

                                      I believe that Americans write that type of disclaimer because it is illegal over there to practice law without a license, and articles about software licenses can easily wander into dangerous territory. So based on that, I think it’s unfair to hold that up as a point against the article.

                                      Disclaimer: I’m not a lawyer; this is for informational purposes only.

                                      1. 1

                                        I started to call that tactic ‘joe-roganizing’. He does the same: “I don’t know anything about this.”, Then, in the next sentence: ‘[very strong opinion] - everyone who disagrees is surely stupid….’

                                    2. 9

                                      I worked at a startup where we had a massive compliance burden (yay FDA!) and so had even fewer resources than usual. One of my jobs as engineering lead there was to go and audit the tools and source that we were using and set guidelines around what licenses were acceptable because we could not afford the lawyer time if there were any issues.

                                      If the AGPL had been tested in court, I think companies would be a bit more chill about it, but I reckon that nobody wants to bankroll a legal exploration that could turn out very much not in their favor.

                                      One of the annoying things too about licensing, especially with networked systems and cloud stuff, is that the old reliable licenses everybody basically understands (mostly) like BSD and MIT and GPL and LGPL were made in a (better) world where users ran the software on machines they owned instead of interacting with services elsewhere. We still haven’t really identified an ontology for how to treat licensing for composed services on a network, versus how to handle services that provide aggregate statistics for internal use but not for end users, versus dumbly storing user data, versus transforming user data for user consumption.

                                      1. 4

                                        What’s the cost of being wrong and having Google required to publish all of their source code?

                                        That’s not how the AGPL works.

                                        The AGPL does not force you to distribute anything.

                                        If they’re “wrong”, they are in breach of contract. That’s it. They can then remedy that breach either by ceasing use of that software or by distributing their changes, or even by coming to some alternative agreement with the copyright holders of the AGPL’d software in question.

                                        1. 2

                                          This seems like a nit-pick. The point of my question was to provoke thought in the reader about the costs of violating the license. What are those costs? Can you say with certainty that they will be small? I’m pretty sure you’d need to be a lawyer to fully understand the extent here, which was my way of saying, “give deference where it’s due.”

                                          I personally think your comment is trying to minimize what the potential costs could be, but this isn’t theoretical. Oracle v. Google is a real world copyright case that has been going on for years and has almost certainly been extremely costly. I don’t see any reason why an AGPL violation couldn’t end up in the same situation.

                                          1. 4

                                            It’s an actual misconception that many people have, and I don’t think it’s good to perpetuate it.

                                            1. 2

                                              I guess that’s fair, but it seems like splitting hairs to me. Even you said “distributing their changes” as a possible remedy, and there’s a fine line between that and “publish all of their source code.” It really depends on how the law and license is interpreted, and nobody knows how it will be. So lawyers guess and they guess conservatively.

                                              1. 0

                                                The easiest way not to perpetuate it is to not use the AGPL.

                                          2. 3

                                            Thanks for saying this. I don’t work at Google, but I know many people who work at it and other large companies and have talked with them about license policy, and the article just reeks of ignorance as to how corporate lawyers work; even for relatively small companies.

                                            There’s no ideology here, there’s just lawyers doing what they were hired to do: use an abundance of caution to give the company as ironclad a position as possible.


                                            Hell, forget WTFPL, I’ve been waved off considering triple licensing of (approved) licenses by Googlers as “the lawyers would never go for this”. The lawyers are going to go for well understood, battle tested licenses where the failure cases aren’t catastrophic.


                                            Besides that it seems like the article misunderstands what constitutes a “derivative work”, if the article’s definition of “derivative work” (i.e., the code must be modified, not simply “used as a dependency”) was the one used by the *GPL licenses, then there would be no need for LGPL to exist.

                                            1. 1

                                              but as a rule of thumb, if you form an argument on knowing the intentions of other humans, it’s probably a bad argument

                                              This is not true.

                                              Firstly, the rule for another person and the rule for CORPORATIONS are completely different. Corporations do not operate like people do. When corporations are small, they sort of do, but as they grow larger then they become more corporations like.

                                              Secondly, it is impossible to know the intentions of other humans. So by this argument, no argument is ever good.

                                              We might give people the benefit of the doubt, because people are mostly good. They are ruled by an ethical system, built into their brain, to socialise and cooperate. Corporations do not have this internal system. Their motivational system is entirely profit based, and therefore you cannot treat them like people.

                                              If you have been alive long enough and paid attention to what corporations do, and especially google, the idea that they consider AGPL hostile, and wish to limit its influence and expansion, is highly plausible. How will they limit its influence? They could ban it completely, and then publish a document detailing why they think it’s bad. That’s highly plausible.

                                              Is risk-averse lawyering a factor? Most likely yes. But risk-averse lawyer adds to the hostility argument. Having received the advice from lawyers to not use AGPL, leadership would easily conclude that a limit to AGPL spread would give them the best chance of getting free software and have their way.

                                              Additionally, your steelman argument does not explain why google publishes that they do not like AGPL. They could keep it entirely internal. Why do you think they would do that? Free legal advice to competing startups?

                                              1. 3

                                                Firstly, the rule for another person and the rule for CORPORATIONS are completely different. Corporations do not operate like people do. When corporations are small, they sort of do, but as they grow larger then they become more corporations like.

                                                That makes sense in a certain light, sure. But I don’t see what it has to do with my point.

                                                Secondly, it is impossible to know the intentions of other humans. So by this argument, no argument is ever good.

                                                I don’t really agree. It might be true in the strictest philosophical sense, but that needn’t be our standard here. Intent is clearly something that we as a society have judged to be knowable to an extent, at least beyond some reasonable doubt. Just look at the criteria for being convicted of murder. It requires demonstrating something about the intent of someone else.

                                                Why do you think they would do that?

                                                When was the last time you saw any company publish legal advice generated by internal review?

                                                If you have been alive long enough and paid attention to what corporations do, and especially google, the idea that they consider AGPL hostile, and wish to limit its influence and expansion, is highly plausible. How will they limit its influence? They could ban it completely, and then publish a document detailing why they think it’s bad. That’s highly plausible.

                                                I think you’ve really missed my point. If the OP were an article discussing the plausibility of one of any number of reasons why Google published an anti-AGPL policy, then I would almost certainly retract my comment. But that’s not what it was. It’s a one sided turd without any consideration of alternative perspectives or explanations at all.

                                            1. 5

                                              I like python, I even like javascript but java is just “easy”. Strong, static typing saves me so much time and mental effort it’s phenomenal. I tried becoming more of frontend focused “full stack” developer for a few years but I found I worked far harder, expended more mental effort with dynamic languages than I ever did with java. Of course javascript isn’t python but I experienced that same thing with a python application as well. I tend to work more on extending and maintaining existing applications than green field development. Even then if one takes the time to learn Spring, it’s really really good to.

                                              I’m at the point in my life where “easy” counts for a lot. And as the fine article says, java is pretty nice nowadays. The tooling is exceptional. I’m glad for it.

                                              1. 1

                                                I heard Python can do static types with an extension or something. Found this that shows how. Also claims PyCharm IDE catches the type errors for you. Some info might be out of date since it’s from 2017.

                                                Maybe try some of that tooling with Python to see if it gets better.

                                                1. 3

                                                  Yes, type checking with mypy is quite good nowadays, and provides quite a bit of peace of mind. It’s not perfect, and it’s nowhere near the level of what static types in Java give you, but it’s a good middle-ground, and it improves the Python dev experience noticeably. You loose some of the readability of Python (if you are not used to type hints), but I think it’s worth it, esp. for libraries.

                                              1. 3

                                                I’m a happy user of Ansible, and despite having hundreds of VMs to take care of in the past, I’ve never felt any pain about it. To keep the desired state, Ansible scripts where running hourly with Jenkins, and it worked well.

                                                I cannot compare with Chef or Puppet that I’ve never used, anybody have more experience on the limitations mentioned?

                                                1. 3

                                                  Yeah, the recommendations and justifications in that article seem a bit random and biased. Ignoring Ansible and it’s ease of use and relatively quick learning curve (compared to Puppet esp), and requiring a pull model when the premise is to find ‘good enough’ tools doesn’t make a whole lot of sense to me (as do non of those generic recommendation/advice articles like this one in the first place).

                                                  The bit about Kubernetes and using config management instead is silly.

                                                1. 1

                                                  I’ve been working on and off on a client/server version of this, with a persistent daemon process taking care of the database. I feel that would be a better design, as the work performed by the client after each key press would be really minimal. That daemon could also eventually be used for automating other parts of the CLI experience.

                                                  1. 1

                                                    Yeah, I’ve thought about this as well. Just couldn’t be bothered to figure out all the possible security implications, and never wanted it bad enough. But it could be the sort of generic project that opens up a lot of possibilities we don’t even see yet… Also, who doesn’t love over-engineering stuff ? :-)

                                                    1. 1

                                                      Right now I was thinking client/server on the same machine, using a UNIX socket for communication, so the security implications aren’t big. But maybe you’re right, and we could imagine a cloud-based version!

                                                      I’ll try to ping you if I ever put something on GitHub :)

                                                      1. 2

                                                        Yeah, please do. I shudder to think what the reaction of some folks on HN or here or reddit would be if you announce ‘I made a client-server version of cd’! :-)

                                                        1. 1

                                                          Lol, I’m old enough not to care anymore :)

                                                    2. 1

                                                      I did consider this, but I didn’t want an entire process running on my computer for the sole purpose of serving me cd suggestions. Moreover, given how fast zoxide already is, I doubt that a client-server model would be a massive improvement.

                                                      1. 2

                                                        You’re right, I’m sure it’s fast enough. The main point would be to add more features in addition to jumping: a central daemon that talks to all your shells simultaneously could certainly help for many other things.

                                                    1. 4

                                                      It mentions it’s inspired by z and z.lua. There’s also jump or autojump, or twenty more if you search a bit. “It’s in Rust” is the big helper here, I suppose. Jumping to directories is never something I’ve found noticably slow even with z, but there’s always an audience trying to eek out the best performance.

                                                      1. 10

                                                        zoxide’s README says it’s mainly trying to speed up displaying the prompt, as opposed to speeding up the actual jumping. All z-like tools delay the prompt a bit because they run code to track the current directory before each prompt.

                                                        1. 2

                                                          Ahh, that makes more sense! I used to run some pre-prompt display stuff to get git statuses added into my prompt and that definitely slowed things down. Now I just run a ‘git status’ when I actually want that info and things are snappier. Every little bit adds up on those things.

                                                          1. 4

                                                            If you’d still like to do that (and use zsh), check out powerlevel10k. You can have your cake and eat it too…

                                                      1. 6

                                                        Is this solving a problem that doesn’t exist?

                                                        zsh’s autocomplete scrolls through only those previously used commands that match what has been typed so far. So I typically enter cd ./s and then the up arrow takes me through my most recently visited project folders, ./src/project_1, ./src/project_2

                                                        Even better, it works on any command, not just cd.

                                                        1. 5

                                                          History prefix search is a useful feature, but it can’t fully replace tools like z and zoxide. Say your two most recent projects are ~/projects/src/rails/ and ~/projects/src/lobsters/. If you want to jump to lobsters from within ~/projects/, you can type z lob or potentially even z l, both of which are faster to type than cd ./s<up><up>.

                                                          What’s more, you can always use the same z lob and z rails to jump to those folders from anywhere, whereas the cd command would have to be adjusted if you were within ~ or within rails/. The cd command also requires a different amount of <up> presses depending on which folder you visited most recently, while the z commands can be done from muscle memory.

                                                          1. 2

                                                            This usually does not work if your current directory is not the same as the one when you typed the command, except you use absolute paths. Or maybe I misunderstand what you exactly do.

                                                            Anyway, try it out, I wouldn’t want to miss this kind of instant directory change. Usually, it only takes 4 key presses ‘z [space] [two letters of target dir name]’ and you’re in the target dir - no need to reach for arrow keys or ctrl.

                                                            So, yes, it does solve a problem that does exists. Maybe it’s not a problem for you. Or maybe you don’t know yet you have that problem, but will once you tried out this (or z, or autojump, or any of the other solutions – I reckon the fact that there are so many alternative implementations should be a pretty good indicator that a non-trivial amount of people think this is a problem…).

                                                          1. 8

                                                            The build time and research arguments are valid and definitely good to keep in mind. However, you can make smaller alpine images by following similar patterns. The Dockerfiles in this article don’t use –no-cache with apk and they leave around the development files after the build is done.

                                                            The following image should build something similar, though, as mentioned, it takes a while to build. I’ll update this post with the final image size when it’s done.

                                                            FROM python:3.8-alpine
                                                            
                                                            ENV PYTHONUNBUFFERED=1 \
                                                              PYTHONDONTWRITEBYTECODE=1 \
                                                              PYTHONHASHSEED=random \
                                                              PIP_NO_CACHE_DIR=off \
                                                              PIP_DISABLE_PIP_VERSION_CHECK=on
                                                            
                                                            RUN apk add --no-cache freetype libpng openblas
                                                            
                                                            RUN apk add --no-cache --virtual .build-deps gcc build-base freetype-dev libpng-dev openblas-dev \
                                                                && pip install matplotlib pandas \
                                                                && apk del --no-cache .build-deps
                                                            

                                                            EDIT: strangely, the build wasn’t also made slowed by untaring matplotlib-3.1.2.tar.gz which is a 40MB file with lots of small files. That’s not to say the build was fast, but it’s worth noting.

                                                            In any sense, the final build size as reported by docker image ls was 469MB.

                                                            1. 3

                                                              This does result in a smaller image, but it means every time you change your Python or APK dependencies you need to reinstall both, without relying on Docker layer caching.

                                                              The image size honestly isn’t a big deal, but the build time is brutal.

                                                              1. 3

                                                                So, I finally got back the final sizes and it actually surprised me. 469MB for the alpine version I posted. Much better than your 851MB, but also larger than python:3.8-slim. Maybe it’s leaving around the source files somewhere? Have you made sure that your python:3.8-slim version can actually run code using matplotlib or pandas? I’d assume that they’re missing the actual libraries needed to run the code (essentially the non-dev versions of what you had to install with alpine).

                                                                At this point, I’m not really willing to take more time to investigate this - you’ve sold me. I’m planning on moving all my images to the slim variant if I can.

                                                                1. 3

                                                                  I’ve wasted a lot of time on this as well, and I can only recommend you do that. So much less time spent in Dockerfiles, and more in dot-py-ones…

                                                                  I ended up with a Debian-based base image with the build dependencies installed and often used dependencies in a pre-created virtual-env, an Ansible-based toolchain to be able to quickly install any additional system and virtualenv python-package dependencies (which will most likely be overkill for most), and a script that is called as last step in every child-Dockerfile and which cleans up most of the junk that is only used at build time. You could probably also do a lot of that with a multi-stage Docker build.

                                                                  Anyway, that makes for fairly quick build times, and quite small images. The base image might not be that small, but since it doesn’t chage that often, and all your other images depend on it and can re-use the cached layer, I only have to pay that cost once (per deployed project), and when it updates…

                                                            1. 25

                                                              This issue is not specific to Alpine, Wheels just suck with any less-common ABI/platform combination. Try it with Debian on ARM and you will run into the same issue.

                                                              1. 12

                                                                Yea, it’s not a fair comparison because the OP is using a package with some base extensions and therefore has to pull in gcc and compile those CPython extensions. A better comparison would be to compare something that had the actual python package available in Alpine.

                                                                Or, use a program you wrote whose dependencies are all pure-python without needing to link to outside C resources.

                                                                1. 15

                                                                  It might not be fair, but it is relevant. At least in my view. This article mirrors my experience, and I came to the same conclusion. It’s quite rare that I don’t have any library that uses C in my projects, but for which no wheels are available for a ‘standard’ platform. I never had use for any of the Python packages that were included in Alpine (nor the ones that come with Debian, for that matter. I usually try to pin my dependency versions to the exact ones I use in de velopment).

                                                                  I’ve experienced a lot of pain trying to use Alpine with Python, and I don’t think it’s worth it for anything other than small, simple projects. Even for building Python-based containers for functions in OpenFaas (where you’d really like to have small images), I ended up having a (relatively heavy) base image with most of my common requirements included, and used that with all my function containers. Which, in the end is an acceptable solution, since you only have to pull the base image every now and then, when it updates. The base images weights around 350mb, but every image derived from it was only a few kBs or (MBs, in some cases).

                                                                  Anyway, if you can fault the article for anything it might be for not making it clearer when it’s conclusions are relevant. But I think most people will understand that, and won’t expect a ‘fair’ comparison for clean-room circumstances. As I said, it might not be fair, but it’s good practical advice nonetheless, in a lot of cases.

                                                                  1. 2

                                                                    Exactly my feeling. The original post and liwakura’s comment are both fascinating when I don’t have this problem, but I’d wager if someone is searching for “Alpine Docker Python Slow” it’s not going to be for the other edge cases.

                                                                2. 12

                                                                  The difference is that no one recommends ARM as a way to make smaller, faster builds. It’s understood you’ll have more work because it’s more obscure. But people do recommend Alpine on amd64 for faster, smaller builds, and that wastes lots and lots of time for people who don’t know any better.

                                                                1. 30

                                                                  Feminintendo on Reddit called out the people calling him out. Had three, good options at the end.

                                                                  Edit to add: @ddevault said same thing even shorter on Hacker News.

                                                                  1. 11

                                                                    I think their responses go overboard ‘the other way’. People are expecting too much of open source authors, but I don’t believe the correct response is: ‘they have no responsibilities at all’. I believe that if you choose to release something to the public, you carry some responsibility for it. And I believe the discussion should be about which few responsibilities others may reasonably expect you to take on.

                                                                    Some analogies to illustrate my though process here:

                                                                    • If I offer to borrow my hedge trimmer to my neighbours, it would be disapproved of if it was, known to me, broken or dangerously malfunctioning
                                                                    • If I claim a piece of a communal garden and don’t take care of it, it would be disapproved of and I would consider it right for the piece to be offered to someone else
                                                                    • If I offer to do some volunteer work and I subsequently don’t do it or do a lousy job for whatever reason, people are right to be disappointed and call me out on it
                                                                    • If I would have been the first to claim recipes.com and I would largely, deliberately, publish recipes that are incomplete or disgusting, people would be right to be disappointed and one could wonder what gives me the right to cause so many negative emotions.
                                                                    • If I would be a famous chef and I would publish a book with such defects, people could also wonder whether they shouldn’t be able to hold me responsible for resulting harm (and yes, frustration and disappointment are harms, usually offset by being a minority response or by being unintentional).

                                                                    If you release code, you stake a claim to at least the name of the project and filling a certain niche. You choose to have your intellectual property invade the minds of everyone that is reached. That can have many benefits for the world and particular communities within it. At the same way your code being published and ‘out there’ can cause harm. That it’s free doesn’t change that. That you didn’t intend harm doesn’t change that. That people could theoretically choose to ignore it doesn’t change that, because in practice people don’t and you know that beforehand. That’s why I believe that publishing code carries some minimal responsibilities with it, like giving your neighbour a list of things they can borough from you does.

                                                                    I don’t know exactly how those responsibilities translate to open source software. That’s the hard part here. I would tentatively say something like:

                                                                    • At the very least things should, to your knowledge, do what they are described to do.
                                                                    • If something is in known ways defective, you should make that known.
                                                                    • If you own a project and associated publishing permissions (e.g. for libraries to your the library repo of your language of choice) and are tired of it or the community in general seems like it would like to fork, be cooperative. Offer to cede the name and the publishing permissions and to not compete with the fork. Names and niches are not yours to own because you were the first to move into them.

                                                                    Responsibilities you explicitly don’t have:

                                                                    • Keeping the code functional, including secure
                                                                    • Responding to issues
                                                                    • Merging push requests
                                                                    • Sharing any knowledge of how the code works, including documentation
                                                                    • Anything else you don’t want to do, except when listed under the responsibilities you do have

                                                                    Is that unreasonable?

                                                                    1. 5

                                                                      At the 36C3 congress there was a talk about declaring what people can expect from software (German) (at least that’s what I learned from the talk). The speaker proposed that software should have labels that describe what kind of promises the authors of the software are making. The speaker proposed a few dimensions for this, for example:

                                                                      • ownership (license, FOSS? closed source? cloud vendor-lock-in?)
                                                                      • confidence (do you make any guarantees about your software? how experienced are you in the field?)
                                                                      • correctness (unit tests? formal proof?)
                                                                      • and some more.

                                                                      (the speaker said that this is just a rough idea and probably not the best approach, yet; but I like the idea, thus I want to refer to it here)

                                                                      Such an approach could help with the issue that people expect something from you which you cannot or do not want to deliver. For example, there could be one dimension commitment (how much time are you spending on this project) with options like:

                                                                      • this project has a full corporate team (5+ members)
                                                                      • this is a one man project, but related to my business so I earn money from it (higher chance for support that on hobby project)
                                                                      • this project is developed by a team of hobbyists - so if I do not want to continue, others can
                                                                      • this is a hobby project which I do myself in my free-time. Do not expect any work from me when I’m busy. Expect it to be discontinued at any time.

                                                                      Even if we do not have a standardized system for this, yet, I guess it could still make sense for a FOSS project to state such things in the README.md at the top. That way people know what to expect. The speaker of the talk proposes a shortcut scheme for this (e.g. O++ for permissive licenses), but that’s only possible once categories are known and there is some adoption.

                                                                      1. 9

                                                                        Yes, I think it’s unreasonable.

                                                                        When I release code, I do it as a gift. I expect nothing from you and you should expect the same from me.

                                                                        If I write documentation, respond to issues, etc. is because I get something from it, even if it’s only the satisfaction of doing something useful for others, but I have no obligation to keep doing it.

                                                                        Take it or leave it

                                                                        1. 4

                                                                          That seems like an oversimplification to me.

                                                                          Open source authors reap non-monetary social and reputational rewards for their efforts that can be desirable in their own right and sometimes translate to significant real world benefits (projects can be the reason you’re hired at a high-paying job, the reason you’re invited to speak at a conference that gets you more consulting clients, and so on)

                                                                          Given that, it strikes me as little disingenuous if your POV as an open source author, especially of a popular project, is “Anyone who expects anything from me is an entitled asshole, and I’m a holy selfless person.” Not totally disingenuous, mind you (it’s partly reasonable), but also not the whole story.

                                                                          The details really matter too.

                                                                          For example, if you want the relationship between you and your users to be “I expect nothing from you and you should expect the same from me,” I think you should make that clear in your README, one way or another. Set the expectations clearly.

                                                                          But I think it’s dishonest to, e.g., silently claim that as your philosophy when it suits you, and at the same time build an active community around your project, maintain it regularly, accept PRs, and so on. (btw, I’m discussing the general case now, not casting accusations at the Rust maintainer that spurred this thread – I’m not familiar with those details but it seems like he was genuinely treated unfairly.)

                                                                          1. 3

                                                                            My argument is based on the observation that what you are giving the world is not just a gift. There are costs even to ‘leaving it’.

                                                                            1. 3

                                                                              Those costs should be evaluated by the people taking it, as they are the ones that it affects.

                                                                              1. 2

                                                                                Having to evaluate things Is exactly one of the costs imposed on the world by publishing things. It’s not optional.

                                                                                1. 3

                                                                                  But still your own decision. You can always write your own thing, if that seems to be cheaper than evaluating existing solutions. I don’t think that would be wise in most cases, but it is an option. Do you think people should only release their projects as open source if they are prepared to help with the costs that software project might have for others who evaluate/eventually use those projects? I know, personally, that if I’d think that was true, I’d never release anything at all…

                                                                                  1. 2

                                                                                    I am looking for minimal responsibilities and the ones you mention seem unlikely to be an agreed upon minimum. Not deliberately making it hard to evaluate things would be a smaller responsibility. At least not being deliberately deceptive in ways to would obviously cause harm was kind of the minimum thing I was going for, but it seems agreement on that cannot be reached.

                                                                              2. 1

                                                                                But those costs are not the responsibility of the OSS author.

                                                                                1. 3

                                                                                  Why not? They are the one imposing the costs on the world: they claim a name and set things up so their publication takes space in the heads of people.

                                                                                  1. 5

                                                                                    Call it freedom of speech. It’s like saying you wrote a book. Nobody has to read it and you can’t blame the author if you don’t like it.

                                                                                    Please also don’t blame the author if you use a book you didn’t like as a stand for you monitor and it somehow tips over.

                                                                                    1. 0

                                                                                      If you don’t like ads, don’t look at them. That giant billboard, that lightshow, that banner at the top of the page you are visiting, don’t look at them. Easy, right? No effort at all to ignore them. No reason to install ad blockers or pi-holes whatsoever.

                                                                                      1. 3

                                                                                        You’re missing the point. Everyone can cram as many ads on their page as they like. I take the liberty to not use those sites. Or if I do, use an adblocker. Or in this case, I might not use the library. Or read the source and patch it. I’m not demanding the author change anything, but I might open a friendly issue or PR.

                                                                                        1. -1

                                                                                          I think you’re missing the point :). Those ads enforced a cost on you. You had to take the trouble to use an adblocker. Similarly, publishing something with the intent it be found and presented to you by search engines imposes a cost on you and everyone else: more results to evaluate. If you impose a cost on the world, perhaps you have to take on some minimum of responsibility, such as a least having a short description truthful about the further contents of what was published. That is what we’re arguing about here: do you have a certain minimum of responsibility to the world and what is that minimum?

                                                                                          1. 2

                                                                                            To me, that’s just the cost of participating in a community, be it our small one here, or the ‘big’ one outside. You can’t expect to not have to pay anything (be it money, time, attention, whatever), if you choose to participate. You participating in this thread has a cost for me too, but I don’t blame you :-)

                                                                                            1. 2

                                                                                              That is absolutely true and I think that in comparable situations some of those costs of participating in a community are costs you voluntarily pay to reduce the costs multiple other members would otherwise have to pay, so the aggregate cost for everyone stays lower.

                                                                                              1. 2

                                                                                                Fair enough, yes. Personally, I like the little inefficiencies, surprises and unexpected-nesses when participating in contexts like those. That’s usually where the (to me) worthwhile and interesting stuff happens. And I can always choose to opt-out (forever, or for a while) if something gets on my nerves.

                                                                                    2. 3

                                                                                      Um, no. Pushing a repo to GitHub and setting up a website does not force people to use the project. It doesn’t force people to pay a cost or even if it does the cost is so small–in a sea of other projects like this–that it’s trivial. And because it’s trivial, removing the project is also a trivial cost to people who are not using it. It’s not a cost that people normally even think about. Like, my existence imposes a cognitive load on your mind. Does that mean I pay you something? What, like $0.01?

                                                                                      1. 2

                                                                                        You didn’t choose to exist, so you can’t be held responsible for that.

                                                                                        even if it does the cost is so small–in a sea of other projects like this–that it’s trivial

                                                                                        It’s death by a thousand cuts.

                                                                                        It’s not a cost that people normally even think about.

                                                                                        That doesn’t make it less real. Across all people and projects it adds up. It will get worse in the coming decennia and it will need to be solved.

                                                                                        But that’s all going much further than what I argued. In the end, my question was only: what are the minimal responsibilities. Can we agree on ‘being honest about what software is supposed to do’ and ‘not hiding (valid) bug reports’?

                                                                                        1. 3

                                                                                          It’s death by a thousand cuts.

                                                                                          Only if you’re actually personally evaluating a thousand OSS projects–are you personally evaluating a thousand OSS projects?

                                                                                          That doesn’t make it less real. Across all people and projects it adds up.

                                                                                          So do the cognitive ‘cost’ of books, music, and other art forms being published, but somehow you don’t hear about calls to ‘solve’ this problem.

                                                                                          my question was only: what are the minimal responsibilities.

                                                                                          I’ve already answered this question: please check the license file of the software you’re using to understand what the maintainer owes you.

                                                                              3. 3

                                                                                Then again both BSD and MIT licenses expressly say that the software is provided “as is”. This is not incidental, it specifically is there to tell people that the author does not owe the licensees a damn thing.

                                                                                Which is also why, if bugs arise in some of my open source libraries, I will tell people that I might fix them one day because I built them for fun on my spare time, also giving them the option to contract me – for money – to actually fix them short notice. Even if the libraries are not popular by any margin, a company is actually using one of them in production, and did offer to pay for me to fix them “next week”. Eventually we decided this wasn’t necessary but we keep the option open for the future. I am also open to selling nonfree versions of the libraries with support contracts.

                                                                                So many companies use open source software in their products it makes very little sense to not see a market there. A hobby is a hobby, fun is free, but entitlement isn’t. I already get paid to write software, if someone really wants me to spend a Saturday fixing bugs for them, they might as well pay for it. Otherwise they’ll have to wait an indeterminate amount of time.

                                                                                Here are the respective bits from BSD and MIT.

                                                                                THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

                                                                                THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

                                                                                1. 3

                                                                                  I think it makes sense to do distinguish between the responsibilities you (want to) legally have (towards everyone) and the responsibilities you can morally be expected to have (towards your neighbour).

                                                                                  You can legally disclaim any responsibility without also (intending to) morally disclaim all responsibility.

                                                                                  1. 5

                                                                                    Some answers I’d like to hear from people who insist software authors have no moral responsibility. If I deliberately release a program that promises to, for example, display a fractal animation, but instead deletes user’s home dir, am I morally responsible? Am I less morally responsible if it deletes user’s home dir due to an unintentional bug?

                                                                                    1. 3

                                                                                      A tourist asked me for directions at the train station. I did my very best to explain to him what platform to use, but later, I saw him in the middle of a crowd as he moved towards a different one (it was the same number, but a different orientation, as I apparently failed to explain before). Unfortunately, I didn’t have the time to follow him and send him to the opposite side as I was already late for my own train.

                                                                                      I feel really bad about this, because it was a very polite gentleman and if he missed the train, who knows how long he had to wait for the next one. I actually think he didn’t, as he still had some time left and hopefully double-checked which train he’s getting on, but it still troubles me. Am I morally responsible? :-/

                                                                                      I certainly would be responsible if I did this intentionally, but that was not the case and I tried to repeat myself a couple of times. I felt reasonably confident we understand each other and didn’t feel the need to ask someone else for help.

                                                                                      The similar goes with bugs. When the author’s intentions are clear and he takes reasonable measures to prevent vulnerabilities or damage, it’s not fair to accuse him. Sure, a normal person will feel bad for such incident and apologize, but that’s it. What else? Should he pay you money or something for using his software?

                                                                                      1. 2

                                                                                        Some answers I’d like to hear from people who insist software authors have no moral responsibility.

                                                                                        am I morally responsible?

                                                                                        The people who say software authors have no moral responsibility–what do you think they will answer to your question?

                                                                                        1. 1

                                                                                          I’m not sure why you ask as the question was rhetorical, but I’d expect them to say no.

                                                                                      2. 1

                                                                                        Maybe, and you are certainly free to do that in your own projects, but in the absence of that the disclaimer that is actually in effect is the one included in the license.

                                                                                        1. 1

                                                                                          It is. Does that mean we are fine with people lying in their README or hiding legitimate bug reports?

                                                                                          1. 1

                                                                                            people lying

                                                                                            This type of slanderous characterization is why I flagged the original entry as off-topic. Most of the comments here, to their credit, is sincere reflection on the pressures of writing and contributing to open source. But some, like this, as just rehashing the persecution of the software maintainer.

                                                                                            1. 1

                                                                                              This entire subthread is not about the specific situation reported here and is wondering in general what minimum responsibilities we may expect open source authors to take on. There seem to be people that believe we may not expect them to take on any responsibility at all, even excluding the minimum moral responsibilities we normally asociate with any other human interaction as reasonable expectations. That is what I am explicitly asking after.

                                                                                              1. 2

                                                                                                OK, so someone explicitely stating untruths in READMEs and hiding issues is just a hypothetical example?

                                                                                                1. 2

                                                                                                  Shit, I understand my mistake. Those are both things are alleged to have happened in this particular case and repeating them can be seen as accepting them as facts.

                                                                                                  To be explicit, for both things: no, that is not what I had in mind. I’m not talking about this case.

                                                                                                  • I don’t know the facts concerning the alleged untruths. I have something in mind like “This code is safe to run to see a puppy” when you know it will delete the home directory. Something that obviously causes harm. Anything more gray is, well, more gray and requires separate discussion. My goal is establishing a bare minimum responsibility.
                                                                                                  • The thing with the issues happened in frustration and is defensible. I’m thinking of someone hiding/deleting an issue that literally says “Don’t run this project, it will remove your home directory” when it indeed does that.
                                                                                                  1. 2

                                                                                                    Thanks for clearing that up!

                                                                                            2. 1

                                                                                              Their project, they do whatever they want with it. You don’t like it–don’t use it.

                                                                                      3. 1

                                                                                        I’ll say first I thank you for a detailed, thoughtful write-up on the other side of this.

                                                                                        “ I believe that if you choose to release something to the public, you carry some responsibility for it.”

                                                                                        I’m actually with you on that belief. I’m utilitarian. I look out for the public a bit. So, it just fits my beliefs. Thing is, other people have all kinds of beliefs. I tend to go with lowest-common denominator if I’m aiming for a universal expectation. For OSS/FOSS, they’ve done volunteer work, shared it with others, and typically with a license denying responsibility. So, I shouldn’t hold them responsible for any problems I experience from my use of their work they published. Plus, if people need it fixed, they have options ranging from pull requests (denied) to forking their own version.

                                                                                        I’ll run through the analogies to see how they might fit:

                                                                                        Hedge trimmer. Used as intended, the hedge trimmer would work. It only breaks if the neighbor is doing malicious or weird things with it. Someone requests the hedge trimmer be modified by the supplier or its buyers to block all such malicious and weird uses. That really on them?

                                                                                        Communal garden. This is more like someone planting the garden (or a lot of it), it being used by many people, planter takes care of it almost exclusively themselves, it gets some improvements by others here and there, and original planter leaves due to disagreements on managing the garden. They still planted, maintained, and left a garden. If anything, the other people look suspect here.

                                                                                        Volunteer work done lousy. This is the closest thing to where I agree with you. I’d say that’s a matter of personal integrity to do what one promised. I hate it when I slip too much to do that. In this case, I don’t know if author promised anything so much as just shared their work which outperformed most others. They did what they intended and were volunteers. What others expected wasn’t actually their promise as volunteers.

                                                                                        Recipes.com and Chef. Responding to chef since they’re similar. I’d first look to see what was promised. This author would be a chef that was making their prefered kind of recipe, used some ingredients a lot of people liked, some people didn’t, and shared it with others. The chef’s preferences for their style of cooking caused them to not accept recipe changes from others to be published in the chef’s recipe. Others were allowed to pubish their own version. They didn’t. Most enjoyed the recipe. Some didn’t even read the ingredients to spot potentially nasty ones or things they were allergic to. Some found out about suspicious ingredients but ate it anyway. Again, it’s not the chef that’s suspect to me since they’re just doing their thing with the questionable ingredients dominating the menu at other providers.

                                                                                        “You choose to have your intellectual property invade the minds of everyone that is reached.” “because in practice people don’t and you know that beforehand”

                                                                                        That’s a big difference in our thinking. I’m from free speech, thick skin, control-how-people-influence-you part of the country. Realistically, what you describe will happen to some degree or even most of the time due to human nature. Realistically, we also need to know this, be wary of it (esp our biases/triggers), skeptical about what others offer, and only allow good ideas into our minds or as our working dependencies. We also need to introspect occasionally to prune bad ones out. If the audience didn’t do that, they need to address their bad habits before the screw up again.

                                                                                        I’m no exception. I’m actually spending most of this week flushing out last year’s stresses, assessing bad habits, new goals, and how I’ll handle them. Those that affected me negatively were almost universally those I allowed to be a mental dependency. There’s the root problem. Sometimes I have little choice or one with high coercion. Most I could’ve handled differently, though. I strongly encourage that in others who are considering being emotionally tied to or walking into an artificial, nearly-pointless catastrophe such as the Actix situation. I’m responding just because I find these things interesting with some good usually coming out of it. Raph’s write-up on the front page is an example.

                                                                                        On your three part list, the third isn’t reasonable since its the owners’ work and property. The license allows a fork. That’s enough. The first, honesty, should be a must on basic principle. The second is really where all this happened. Is it really defective if it does what the owner wanted it to do? In security, we evaluate the software against a correctness or security goal or policy. There’s endless possibilities. We usually only care about a subset of it. Author found it correct enough for now with no urgency for a fix, planning on their own. If it meets author’s requirements, is it really defective or even defective enough to warrant calling it a failure? Remember that most useful, deployed software sucks in some way when you try to answer that.

                                                                                        Your thoughts are all reasonable. I could see maintainers subscribing to that philosophy. I just can’t justify pushing it on them at large. Many wouldn’t accept it either due to ideological differences.

                                                                                        1. 1

                                                                                          As is usual in discussions I’m going to focus on where we (seem to) differ, but we’re largely in agreement.

                                                                                          An explanation I should have added to my original post: my analogies were not intended as analogies of this specific situation, but as analogies of open source in general. My intention is to flesh out some general expectations people may have of each other, to get to some minimum responsibilities.

                                                                                          You e.g. adjusted the hedge trimmer example to match this specific situation, which was not what I had in mind. So to be clear: I was not implying the author of the project under discussion violated reasonable expectations by delivering something similar to a dangerously broken hedge trimmer. I agree that unforeseen and dangerous use of a hedge trimmer is in no way the responsibility of the lender. Similar things hold for the other analogies as you formulated them: I agree with your takes.

                                                                                          Realistically, what you describe will happen to some degree or even most of the time due to human nature.

                                                                                          Absolutely true and wouldn’t it be very nice if the amount of work we had to do to guard against that would be lower, because of shared general principles that result in more people taking on some minimum responsibility to not cause the problems we’re guarding ourselves against? I believe often the problem isn’t so much that people don’t believe they have responsibilities as that they have never explicitly thought about them or forget about them and would take action when reminded of a responsibility they have previously agreed they have. Perhaps we need something like an ‘Open source author manifesto’ that people can include with their repo.

                                                                                          The second is really where all this happened.

                                                                                          Not within the scope of the minimum responsibility I had in mind there. In the context of Github, I would say it’s enough that ‘issues’ exist that document brokenness. The minimum responsibility here is not closing/hiding/deleting issues that could cause users grief. My opinion on this specific situation is that the author did nothing wrong with respect to the responsibilities we may minimally expect them to take on.

                                                                                          The license allows a fork. That’s enough.

                                                                                          That seems to be the majority opinion, but in practice it seems to be very ineffective to me. It doesn’t happen as much as it should.

                                                                                          I think one of the main obstacles is that just forking a project isn’t enough: you also need to communicate to everyone, including newcomers, that the previous project has been superseded, with the blessing of the community. Forking causes confusion and makes it hard for people to pick the option generally considered ‘the best’. Wouldn’t it be helpful to the community if authors would give up their claims to project names and publication permissions so the fork can continue under that name? Wouldn’t that make forks likelier to succeed?

                                                                                          So what I’m assuming here is that one of the major problems open source has is not so much availability of people who want to maintain a fork, but the availability of such people who also believe that spending that effort is useful, because the fork will succeed.

                                                                                          But in the end the entire third bullet can be a separate discussion. If people would in general agree open source authors have at least the minimum responsibilities of being honest about what the code is supposed to do and about defects that may cause users harm, then already we have at least established there are some responsibilities and that the discussion should be about those; not about ‘none’ vs ‘all’.

                                                                                        2. 1

                                                                                          You offer to create no value for me, only to “respect” my claim and deed to property, and you think I owe you money/time for that.

                                                                                          I think you’re going to be disappointed.

                                                                                          1. -1

                                                                                            We generally don’t accept people just giving the world ‘gifts’. We hold that they have a minimum of responsibility with respect to their gifts. If we find that giving African villages wells has counterproductive results, because it disrupts the social fabric, then we are responsible to undo the damage. We frown upon someone giving a recovering alcoholic a free bottle of booze. We frown upon someone promising to help you and reneging on that promise. You can think of countless examples yourself where the fact that something is a gift does not absolve the giver from all responsibility concerning that gift.

                                                                                            So yes, I believe there is a minimum responsibility, and thus a minimum of time, you owe the world if you choose to ‘give’ it something. And I think you believe exactly the same.

                                                                                            1. 2

                                                                                              My reason for producing software is not a gift. It is entirely selfish!

                                                                                              When I have published software, gratis or otherwise, it is not because I’m trying to get you hooked on booze, or even because I don’t think you can produce it yourself.

                                                                                              I do things because they benefit me, or because I expect them to benefit me, and I think that’s true of everyone, including you.

                                                                                              That’s why you try and convince people into thinking they owe you more: Because that more can benefit you.

                                                                                              Maybe you even think that’s necessary/economy: To convince people to take a worse deal than you, but that’s sad. I don’t want to be friends with people like that. I think we can find a deal where we’re both happy with the outcome, and happy enough we would do it again, and I hope that you might learn to actually prefer that as well.

                                                                                              1. 0

                                                                                                If you think lending a broken hedge trimmer to your neighbour for the laughs is fine, because you have the selfish benefits of having a laugh at them – or the only reason you don’t do it is because you might need something from your neighbour in the future and some form of utilitarianism informs you not to do such a thing, then I’m not interested in being friends either.

                                                                                                I prefer people to not be entirely selfish, to consider what costs they impose on the world to get the benefits they are after and to take some minimal responsibility to reduce those costs.

                                                                                                1. 2

                                                                                                  Yes. The only reason I don’t buy a hedge trimmer, break it, then lend it to my neighbour, is obviously because I might need something from my neighbour in the future, and not because I might have bought the hedge trimmer in the first place for my own purposes. After all, I only would ever buy a hedge trimmer in the first place, if I wanted to lend it to someone for some social currency I can redeem in the future.

                                                                                                  Obviously.

                                                                                                  @friendlysock - you really vouch for Confusion?

                                                                                                  1. 0

                                                                                                    I started this thread suggesting open source authors at the very least have the responsibility of basic decency. You responded negatively and are now promoting selfishness, attempting to extract more and finding mutually beneficial deals so that you may do it again. And somehow I’m the offensive one, even though your principles lead to the offensive scenario and you are the one denying any basic moral responsibility when that might have a cost to you without any benefit?

                                                                                                    1. 2

                                                                                                      Yes. On all points: You started this thread. You called working for free “basic decency”. I did respond negatively (makes sense, I was indeed offended by that). I did say I will not work for free. Yes you’re the offensive one. Yes not working for free is selfish. Yes I do not work for free.

                                                                                                      Sounds like you’re a communist (or whatever it is where they can make you work) and I’m a socialist and we just have ourselves a little ideological difference of opinion, but since I don’t have to do anything I don’t want to, and you haven’t convinced me of anything (all that comparing my writing code to enabling alcoholics definitely didn’t help) that’s probably just going to be the way things will be.

                                                                                                      1. 0

                                                                                                        Let me.emphasize, based on comments in another subthread, that I emphatically do not mean the things that are alleged to have happened in the specific case reported here. I’m thinking of things like saying “you can safely run this code” when you know it actually deletes a home directory or removing an issue that warns others of such an obviously harm-causing thing.

                                                                                                        You called working for free “basic decency”

                                                                                                        You call ‘being honest about what something does’ (not writing anything is honest) and ‘not hiding bug reports’ work?

                                                                                                        (all that comparing my writing code to enabling alcoholics definitely didn’t help)

                                                                                                        Not writing code: the equivalent would be publishing it and then lying about what it does, negatively impacting people for no reason.

                                                                                        3. 7

                                                                                          I’d just like to point out that nowhere here has anybody linked to a new fork of the code everybody is handwringing about being gone. Instead, we are now just linking to other fora, doubtless perpetuating a tempest in a teacup.

                                                                                          This is why I flagged the submission.

                                                                                          1. 3

                                                                                            I would love for the technical community to forget trying to figure out precisely where blame and responsibility lie and why, and instead move on to working out a plan for immediate and seamless recovery from a catastrophic bus factor reduction. Next time, I want to see more “this happened, yes it sucked, but more importantly here’s how we’re going to pick up the pieces and carry on smoothly” and less 90+-comment threads (to which I reluctantly contribute) focusing on a single person who very likely wants to be left alone right now.

                                                                                            1. 1

                                                                                              Exactly. Just more flying peanuts from the peanut gallery.

                                                                                            2. 3

                                                                                              I think the linked two takes go too far in the direction of letting anything go for developers of Open Source who don’t adhere to minimal social norms while appearing too restrictive on what other people can say.

                                                                                              For developers, even if one agrees that developers of a piece of Open Source software don’t have an obligation to keep developing the piece of software or to provide support, it’s still reasonable to hold it as a social norm that if the original developer quits they shouldn’t take disruptive active action (such as making the repo go away on GitHub or pushing breakage via cargo, npm, or similar; not suggesting that the latter is relevant in this case).

                                                                                              Handing off maintainership is a tricky case if there isn’t already a trusted co-developer. One one hand, properly handing off maintainership is socially expected, but the hand-off is also a potentially disruptive active action. Clearly, as npm incidents has taught us, one should not hand over control of a software distribution channel to some random person who volunteers. If quitting happens under emotionally heavy circumstances, handling the hand-off responsibly to a properly trustworthy party may be too burdensome. In that case, it’s best not to take any action (except maybe marking the repo archived on GitHub).

                                                                                              As for other people, especially in the case of an infrastructural library, it should be an acceptable response to publicly advise against the use of a particular library with a polite fact-based explanation why. (See @burntsushi’s post on Reddit.) When other people are relying on code that someone wrote, it’s no longer just about the person who wrote the code. It’s bad for the Rust ecosystem for a crate whose approach to soundness doesn’t meet the soundness issue handling expectations for Rust to end up in a keystone position in the ecosystem. In practice, you don’t get true freedom of choice about what crates are in your dependency tree. There needs to be a way for the Rust community to communicate norms such that crates that don’t meet the soundness issue handling expectations of Rust don’t end up in keystone positions in the ecosystem.

                                                                                              In this case, some people failed badly at the “politely” part. Also, not everything has to happen that fast, and the Rust community is a bit too quick and harsh to react to things that are look like people who haven’t bought into Rust could use them as counter-examples against Rust’s evangelism promises. I’ve been perceived to do a thing undermining Rust’s promises (not on soundness), and the response hasn’t been particularly nice and at times it has been more on the quick than researched side. Things don’t need to be resolved on Reddit the moment you discover them.

                                                                                            1. 2

                                                                                              Interesting project, I like that it doesn’t use symlinks, but as mentioned in other comments I feel like this necessitates a way to diff configs. With some templating functionality I would have definitely gave this a try about a month ago when I was re-engineering my setup.

                                                                                              After recently trying multiple different dotfile managers I came to the conclusion I should just use configuration management tools and ended up using ansible. With simple setups, dotfile managers can be nice, but once things start getting complicated I feel like using configuration management tools are better suited for the job, especially if you are already comfortable with using them.

                                                                                              Originally I was using vcsh with myrepos, and was fairly happy with them but because they rely on using separate git repos or branches for different systems it can mean a lot of duplication.

                                                                                              I then tried chezmoi, but I didn’t like being required to have everything in a single repository, at the same time I liked being able to template and encrypt files and variables.

                                                                                              With ansible I can:

                                                                                              • Keep everything I want to in separate git repos if I desire
                                                                                              • Encrypt files and variables
                                                                                              • Template
                                                                                              1. 3

                                                                                                I came to the same conclusion, it’s just so much more powerful, and chances that a problem comes up you haven’t thought of before you can’t solve with Ansible are slim. I ended up writing a wrapper around Ansible and a curly bootstrap script, so now I can install one or all of my dotfile profiles including the applications that belong to them with one command.

                                                                                              1. 61

                                                                                                In a world where there is a serious shortage of volunteers to do all of this, it seems to me that a small army of “packagers” all doing duplicate work is perhaps not necessarily the best way to distribute the available manpower.

                                                                                                Obviously there are also upsides to package mangers, but it’s not all roses and sunshine. I use the system’s package manger for some things, and don’t use it for others. It works better that way.

                                                                                                Some developers may complain that distros ship their software too slowly, but you shouldn’t sweat it [..] You should use a distro that ships updates to you at the pace you wish, and let your users do the same.

                                                                                                Make a vaguely popular Vim plugin and I will guarantee you that will get bug reports that it doesn’t work because people are using a Vim version that’s more than 2 years old, because that’s the version their Ubuntu ships with. I appreciate there are conflicting interest here and that there is no simple solution here, but handwaving away real problems isn’t helping.

                                                                                                examine the software being packaged for anti-features like telemetry or advertisements, patching it out as necessary

                                                                                                I would be rather annoyed if someone packaged my software “Example” as “Example” but with alleged “anti-features” removed, especially if those features allow me to actually pay my rent and food. You could also just choose to not package/use/install software if you don’t like it, instead of shipping it to users in a modified state (user who don’t really have a choice in the matter, by the way; who says all users share your values?)

                                                                                                Patching software in general has its own risk; see the Debian OpenSSL incident for an extreme example, but generally “Example 1.0” is tested by those who know the most about it as released, not “as released with a bunch of modifications from a random Debian packager”.

                                                                                                The “This article presumes that proprietary/nonfree software is irrelevant, and so should you” line is unbelievable pompous; who the hell are you to tell me what I should do? I think I will start replacing this sort of free software absolutism with similar lines about veganism: “This article presumes that a non-vegan diet is irrelevant, and so should you”. Sounds pretty silly, ‘ey? (not taking the piss at vegans; I am vegan; can also use religion or something else). It’s just arrogantly trying to impose your own preferences and set of morals on other as some sort of absolute truth, nothing more.

                                                                                                Footnote: In general I am getting rather exasperated by Drew’s “this is the one true way to do it, or else you’re a bloody stupid[1]”-attitude that I’ve seen on several occasions. I already knew it was going to be an article like this based purely on the title and author.

                                                                                                [1]: “bloody stupid” taken from HN comment, which seems to have inspired at least parts of this article.

                                                                                                1. 15

                                                                                                  You should use a distro that ships updates to you at the pace you wish, and let your users do the same.

                                                                                                  That line is one of those that sound great and makes democracy seem perfect but actually glosses over the fundamental problem that people will solve their pains in order from greatest to least. I can vote for the politician that promises improvements to (for example) net neutrality, but if that same candidate wants to cut a government service I rely on, I’m going to vote for someone else regardless of their stance on net neutrality. Likewise, if my choice is between a distro that is fundamentally broken but provides quick updates to software packages versus a distro that’s well supported, stable, and functions for my job, I’m going to pick support and stability over broken with fast updates. I’m not going to switch my daily driver from (for example) Ubuntu to Kali because of their software update policy because Kali is fundamentally broken as a daily driver OS. Update policy has nothing to do with it.

                                                                                                  The #1 biggest problem in the Linux world is “if you don’t like it there’s a million choices to switch to” and the #2 biggest problem is “if you don’t like it, build your own”. That’s fine if your only target is the developer community, but end users won’t put up with that.

                                                                                                  1. 2

                                                                                                    Likewise, if my choice is between a distro that is fundamentally broken but provides quick updates to software packages versus a distro that’s well supported, stable, and functions for my job, I’m going to pick support and stability over broken with fast updates.

                                                                                                    I mean… having quick updates and being stable are basically opposing forces. So if you want stable normally you don’t want updates anyway, which is why you pick a stable OS…

                                                                                                    1. 1

                                                                                                      There are strategies though, as usually it’s not that black and white. For example, I like my base system to be stable, but the user-space tools (that mostly run without elevated permissions) to be reasonably up to date. I can deal with my editor or somesuch crashing every now and then (although, in reality that doesn’t really happen much anyway), but I want my ssh daemon to be well vetted, and new features are not important there (security updates are, but those are usually pushed out by the Distribution maintainers fairly quickly). So I’m running the nix package manager on top of Debian stable. There are other options, but I guess my point is that it does not have to be an ‘either/or’-situation…

                                                                                                  2. 5

                                                                                                    I would be rather annoyed if someone packaged my software “Example” as “Example” but with alleged “anti-features” removed, especially if those features allow me to actually pay my rent and food.

                                                                                                    Note that free software licenses must allow derived works per the FSF four freedoms, and the OSI’s open source definition. The OSI does allow use of licenses that require the modified software to carry a different name or version, although most open source licenses do not have this requirement. Given that the article is in the context of packaging open source software, isn’t this just saying that you’d rather not be writing open source software, thus meaning the article is talking about problem domain that you’re choosing to not be a part of?

                                                                                                    1. 4

                                                                                                      Sounds to me like they are saying “I should choose an open-source license which requires rebranding of modifications for my work”.

                                                                                                      1. 6

                                                                                                        I wasn’t really considering the legal aspects, more the moral ones. Let’s say I spend 6 months developing a Banana app, and then release it with ads to support myself and the first thing people do is patch out the ad support. This strikes me as … not great. I appreciate people can do this, but just because you can doesn’t mean you should.

                                                                                                        I think open source is the right way to make most software, but it does require some form of cooperation from the community as a whole to work well, especially with regards to the whole financial question. I’m not saying that ads are great, but an absolute “it’s an anti-feature we need to patch out” stance strikes me as rather unempathetic with the needs of the developers at best.

                                                                                                        1. 11

                                                                                                          I support this viewpoint. In my experience, some people just can’t grasp that one can or should draw a distinction between morals and laws. I don’t want to use laws to enforce certain things, but that doesn’t mean that following the law ensures I won’t think you’re a jerk. For example, almost all my software is released under a public-domain-like license. This technically permits folks to legally plagiarize my software. I support their legal right to do that. But I will think you’re an asshole and potentially use non-legal means to fix the situation.

                                                                                                          I see this as the same principle you’re eapousing with your ad example. Your example is just more inflammatory, as can be seen by some of the responses. But that doesn’t change the validity of your point.

                                                                                                          (I also agree with your perspective on the OP. He has always been this way, as far as I can remember. Whether intentional or not, it is extremely effective at driving traffic to his blog because virtually every post inspires controversy. And not the good kind, IMO.)

                                                                                                          1. 0

                                                                                                            If by “plagarize” you mean “not attribute to me” then I would point out that the right to be identified with a work is actually somewhat rarely conferred by law anyway. Copyright is (in many jurisdictions) concerned with copying (and copying-like things, such as performance) not with attribution.

                                                                                                            1. 0

                                                                                                              Licenses like MIT require attribution by including the license: https://tldrlegal.com/license/mit-license

                                                                                                              1. 0

                                                                                                                Yes, but that is a special requirement the MIT license adds in order to be allowed to exercise rights under the license.

                                                                                                                There is no such requirement under default copyright law, it’s just something that can be added (as can basically anything else that is tied to the use).

                                                                                                                1. 3

                                                                                                                  I realize it’s a special requirement. But that’s immaterial to my point:

                                                                                                                  Me: Please don't plagiarize my software.
                                                                                                                  Person: But you used a license, like the public domain (or UNLICENSE) that said I could.
                                                                                                                  Person: If you don't want people plagiarizing your software, then use MIT.
                                                                                                                  Me: I don't believe in enforcing every moral value I hold with the weight of the legal system.
                                                                                                                  

                                                                                                                  Which is analogous to what’s happening in this conversation. Licenses define what is legal. Not necessarily what is moral. Some licenses combine these notions intentionally, but that is not a universal property of all software licenses.

                                                                                                                  Basically, you’re pointing out an interesting factoid, but it doesn’t negate my point.

                                                                                                          2. 19

                                                                                                            What’s the point oft free software if there are “moral obligations to not change it”? I use free software exactly because anti-features like ads can be patched out. I am not willing to be annoyed/manipulated by ads just so that the author of an application can get like 5 cents from it or so.

                                                                                                            1. 4

                                                                                                              Defaults matter in practice – to the tune of potentially lots. (Just ask all the folks who used to turn a profit selling freeware CDs for which the ISOs were already available, including basically all linux vendors – or the whole economy of subscription services, most of which survive simply because people are slow to cancel in a way that, at scale, makes money. Or consider the hexchat model – windows users can build xchat from source for free, or find a binary from somebody else who has, or they can pay for the official binary.)

                                                                                                              In other words, the problem is not that someone has stripped whatever features, but that a centralized node in the distribution network has stripped those features such that most users, by default, never knew they existed.

                                                                                                              1. 4

                                                                                                                I agree. I think some open source developers just aren’t aware of, or don’t accept, the market that they’re participating in. If a developer’s work is so valuable, people will pay for changes. But it’s often not, because there’ll be other people who will publish competing software for no payment.

                                                                                                                The reality of the free software situation is that you have to be lucky enough to make it big with a project e.g. curl (small scale), or build a company around an open source product e.g. Redhat (large scale), and in both cases get paid by companies for maintenance and consulting. New models like GitHub sponsorships, crowdfunding, subscriptions, are still finding their footing.

                                                                                                                1. 2

                                                                                                                  What’s the point oft free software if there are “moral obligations to not change it”?

                                                                                                                  That’s not really what I said; your paraphrasing is an exaggeration which is indeed silly. All that I was trying to point out is that things are a bit more nuanced than “these anti-features should be patched out by distros”. I think my comment was phrased sufficiently nuanced to make that clear.

                                                                                                                2. 10

                                                                                                                  and then release it with ads to support myself and the first thing people do is patch out the ad support.

                                                                                                                  It’s because you shouldn’t have chosen ads to support yourself in the first place. Your product will be worse because of it and users or packagers are right to remove them. Charge for it instead.

                                                                                                                  1. 3

                                                                                                                    It’s because you shouldn’t have chosen ads to support yourself in the first place. Your product will be worse because of it and users or packagers are right to remove them. Charge for it instead.

                                                                                                                    I appreciate that’s your opinion, and I even share it to some degree, but also appreciate there are others who make different choices. I think we should respect that, too.

                                                                                                                    1. -5

                                                                                                                      I will never pay for an app.

                                                                                                                      1. 9

                                                                                                                        How do you think the creators of the apps should survive in the current scarcity-based society?

                                                                                                                        1. 0

                                                                                                                          Put in unintrusive ads, put in a donate button (I actually use those), put in a “pro mode” for extra functionality.

                                                                                                                          1. 9

                                                                                                                            put in a “pro mode” for extra functionality

                                                                                                                            Does this mean that you would pay for pro functionality? Or do you leave that to others as well?

                                                                                                                            In any case: you’re free to never pay for an application of course, but I for one am happy to support developers by actually paying for software I use and benefit from. Especially when they still release that work under an OS license.

                                                                                                                            And I’m happy that my users have been paying me for the last 10 years so I can work on open-source full time. I like to think it’s a win-win situation.

                                                                                                                            1. 2

                                                                                                                              Does this mean that you would pay for pro functionality?

                                                                                                                              Depends on the app and what pro features offer over regular features. If it’s a good app I’ll happily pay to remove even unintrusive ads.

                                                                                                                              1. 3

                                                                                                                                So you would pay for (good) software after all. Happy to hear it!

                                                                                                                                1. 3

                                                                                                                                  Yeah, I just would never pay to install an app onto my phone

                                                                                                                    2. 4

                                                                                                                      It seems to me though that free software in particular was an attempt to give legal weight to a moral position, namely that users should be free to decide exactly what software they use. This is contrasted to the proprietary software world, which is built on the idea that producers deserve to be compensated for their work, and the means of doing so typically implies a vendor creating an unchangeable bundle where the user can decide whether to accept the entire bundle or none of it.

                                                                                                                      IMO, these are both valid moral positions. Morality is subjective. But I’m struggling to reconcile the idea that users shouldn’t patch out things they don’t like, but that they should have the ability to do so. There is a world that believes users shouldn’t be able to patch out things they don’t like, but it’s a world that Drew is explicitly ignoring, presumably because that world isn’t catering to his needs or wants.

                                                                                                                  2. 3

                                                                                                                    especially if those features allow me to actually pay my rent and food.

                                                                                                                    So, basically you’re implying that you would make your fine software a malware (let’s face it - ads, tracking and other unintended behavior in application is what makes it malware) just to exploit your target user and its machine to sustain your primary income, and then get angry at them for not complying to that terms and patching the code that runs on their own personal machines?

                                                                                                                    Crazy.

                                                                                                                    1. 10

                                                                                                                      Vim has an advert in its front page, and most people don’t consider it malware.

                                                                                                                      Because of course it’s not that simple. AdSense and its clones are malware, but advertising is not inherently so.

                                                                                                                    2. 1

                                                                                                                      In a world where there is a serious shortage of volunteers to do all of this, it seems to me that a small army of “packagers” all doing duplicate work is perhaps not necessarily the best way to distribute the available manpower.

                                                                                                                      I think this is actually the main problem. It shouldn’t take an army of packagers (in addition to arcane automation scripts no one understands, but everyone started to rely upon).

                                                                                                                      I’m really hoping that distributions can improve their approach to package management; distri is a breath of fresh air in that regard.

                                                                                                                      I’m hopeful that other issues than speed will also be tackled (like non-root/user-local package installs) by people who care about it, and that package managers can take the next step.

                                                                                                                      1. -1

                                                                                                                        Who took your candy away? Your reply seems awfully negative, let people have their opinions…

                                                                                                                      1. 8

                                                                                                                        In general, I’m happy that YAML exists, it’s perfectly fine for 80% of (my) use-cases. But when projects become too big, and a lot of YAML is required, then managing things with it becomes an issue increasingly.

                                                                                                                        I reckon this will become more pressing in the medium-term future, with Kubernetes and similar technologies becoming the norm, and along them quite complex infrastructure setups. So I really hope one of those projects trying to solve the configuration issue will be successful. CUE looks like the most likely contender at the moment, IMHO.

                                                                                                                        1. 1

                                                                                                                          This looks really neat, at least the demo video. Not much documentation yet, but there is clearly potential. I’m currently working on a wrapper-framework that lets you convert any non-trivial provisioning/orchestration task into a single, minimal dictionary-type configuration. I wonder whether this could be used to create orchestration workflows with it…

                                                                                                                          1. 3

                                                                                                                            There is Parity now, which I think has an interesting approach: https://licensezero.com/licenses/parity

                                                                                                                            It’s a very strong copy-left license. Not ‘traditional’ free or open source software, because it puts some restrictions on use (not, like (A)GPL on distribution). I’d consider software licensed with it ‘open source’, but I would not say so publicly because that would be a surefire way to derail a discussion before it even starts…

                                                                                                                            The important points are, IMHO, whether it is important that a new license adheres strictly to the four freedoms, or whether there should be some wiggle room to account for changed circumstances. This would need to be discussed by people who think there actually is a problem (I do). Hopefully in an open-minded, non-dogmatic way, with those who oppose this on principle coming up with alternative solutions that take into account those changed circumstances.

                                                                                                                            As for licenses that are similar to ‘Creative Commons Non-Commercial’ (which the author mentions in their article, there is now the Polyform project ( https://polyformproject.org/ ). Those licenses would obviously never be considered ‘free software’ under any circumstance, but I think they offer a few interesting options for developers of business-focused software.