Threads for mat

  1. 1

    reading!

    1. 7

      hear, hear

      1. 4

        What’s the difference between refinement types and dependent types? The types as written in this post seem to meet the definition of dependent types (a type that depends on something that is not a type) because various integer values are present in the type statement. Is the difference that refinement types can only be a subset of a larger type?

        1. 8

          IANATT (type theorist), but I believe refinement types are understood to be written in a limited language that can be fed into a SAT solver, whereas dependent types require that types can be used as values and vice versa ‘anywhere’ in the language.

          1. 4

            SMT solvers as well

          2. 2

            With dependent types you could write down a function that takes a boolean and varies the type of its second parameter according to the value of the boolean, at runtime. I don’t think that liquid-rust and liquid-haskell support this.

            [Edit: You could simulate this in liquid-haskell with something like b:Bool -> {e:Either String Int | if b then (isLeft e) else (isRight e) -> ... but this is somewhat different from what you get in Agda and Coq. Refinement types here refine the Either String Int to being just one of its variants according to the value of the boolean, but in a dependently typed language you’d just have the two different types.]

          1. 2

            I’ve been writing a lot of Python type annotations at work, and this article definitely rings true for some of the trade offs and considerations that have been floating around in my head.

            EXTREMELY tangential/nitpicky to the point I almost didn’t mention it, but the Unicode symbol on your section headings won’t load on either my Macbook or my iPhone, no matter what fonts I have configured.

            1. 3

              Continue working on a mastodon frontend which is looking exactly like current twitter :)

              1. 2

                Have you seen Soapbox?

                1. 2

                  The Mastodon frontend made by some of the most heinous and hateful people of the Fediverse?

                  1. 3

                    While I don’t use it anymore, it’s still excellent software. Also, it’s a Pleroma frontend.

                    1. 1

                      Just meant to highlight it as a Twitter look-alike, if anything I’m happy for deejayy to take some ideas from it and reimplement them without the involvement of the Soapbox creator.

                      1. 2

                        Thank you! It looks like a quality product, although the 500+ issue is a bit frightening :)

                        Btw, my progress can be followed here: https://mastodon.social/@deejayy/109355794379702462

                1. 2
                  • matrix-rust-sdk frontend-demo
                  • effektio.org web5 social organzier and its whitepaper
                  1. 3

                    webא let’s go

                    1. 2

                      Let web be unbounded

                    2. 2

                      web…5?

                      1. 4

                        A vision, a joke or the next iteration of the internet?

                    1. 4

                      Game itself is here: https://codeguessr.vercel.app/

                      I figured the implementation would be a more interesting place to start for Lobsters.

                      1. 9

                        Is the idea just to have these links available on your profile, or is there some kind of special integration that Twitter and Github have already?

                        I haven’t connected any external accounts, myself, but my intuition is the About Me section is probably a good spot for Fedi links, rather than requiring new custom fields for every service that starts popping up.

                        1. 6

                          I think that having multiple links in the homepage section would do the trick, as they already include rel="me" attribute that most of the fediverse services use for confirmation.

                        1. 3

                          Working on a budget. Comparing Firefly III and Actual (both running in the homelab) to try and decide which will be more likely to stick in the long term.

                          Thinking about adding an instance of something that speaks ActivityPub to my fly.io apps, primarily looking at Pleroma or Akkoma. However, I’d really like to find one that was built to work with sqlite, so I can avoid running a second app for the database.

                          1. 3

                            You can run postgres and Pleroma both in the same app on fly. I do this

                            1. 2

                              That makes sense; how do you accomplish this in your setup? For my CI/CD server, I used [processes] in fly.toml to run the web server and the Docker build agent inside a single app, I guess I could do the same thing by making a container image with postgres and Pleroma?

                              1. 3

                                Here’s my fly app if you like https://git.singpolyma.net/soapbox-fly/tree

                            2. 3

                              FF3 doesn’t handle multiple currencies (exchange rate) and assets. This is the reason I stuck with ledger3 although I would like to give GNUCash a try.

                            1. 6

                              it should be! I think LuLu provides a similar experience on macOS, I find it quite helpful

                              1. 3

                                true! i haven’t used that, but it’s awesome to see foss alternatives to little snitch.

                                1. 3

                                  I’m blocking all outbound traffic on my Windows laptop, I wrote a small PS script which parses the event log for denied connections, list them and in the same place I can add a FW rule for it. Not that intuitive, but gets the job done. Never thought it may be use for anyone :)

                                  1. 1

                                    cool! is it interactive?

                                      1. 1

                                        this is cool!

                                        1. 2

                                          Thanks! I was planning to create an easier-to-use windows application alternative, but I haven’t touched desktop development a long time, so there’d be a lot of basic things to learn first.

                                          There are ready made firewall softwares with this functionality already (most of them is not free, and since I could hack it together, I won’t spend money on them).

                                1. 4

                                  No mention of Alfred? I’ve been using Alfred for years. Seems to match most of the use cases for Raycast.

                                  Interestingly, Raycast’s FAQ mentions Alfred, saying Raycast is so much more powerful because it can do, among other things, clipboard management and text expansion. But I use Alfred for both of those things out of the box!

                                  1. 4

                                    Work: Hopefully finalize that scale testing framework that I’ve been working on for a while.

                                    Personal:

                                    • Start outlining all the documentation needed for ahkpm. I now have a decent website up, but it needs to be fleshed out a lot more.
                                    • Add an update command to ahkpm to fetch the latest version of a dependency allowed by what was specified in ahkpm.json.
                                    • Trying to avoid getting sucked into writing an extensible linter for AutoHotkey (a la ESLint), because I’d probably need to write a whole parser beforehand to support it. (Other parsers exist, but don’t meet the needs of a project like this.)

                                    I’ve used more classic comp-sci data structures and algorithms in the past couple of weeks working on a package manager than I have in my entire 16 year career prior. Which is nice as a change of pace, but I definitely don’t want to be doing it all the time. :)

                                    1. 3

                                      Looking forward to your next comment announcing ahk-language-server!

                                      1. 1

                                        And 0.4.0 with ahkpm update has been published. ✅

                                      1. 3

                                        $work: migrating numerous packages and services to use a modern, reasonably standard dependency manager rather than the homegrown stack of tools that’s been in place for $work’s history. rewarding work, because dependency management has been one of my bigger pain points at work since joining.

                                        home:

                                        • more additions and tweaks to the homelab
                                          • moving my docker compose configs to be under source control so i can set up some cicd integration
                                          • move aforementioned configs from yaml to jsonnet
                                          • investigate more containers to add to the stack (password manager+totp, rss aggregator)
                                          • ask myself why i did those things since i want to move this to a nixos machine eventually anyway
                                        • point my domain’s nameservers to luadns away from digitalocean’s dns (yay source controlled dns records!)
                                        1. 4

                                          Homelab tweaking: still haven’t made the move to NixOS yet, but have added a few more containers to the local stack. Additionally, I set my Pihole up as a Tailscale exit node so I can access them externally if need be. Current goal is just to move stuff out of Portainer-managed stacks into a plain ol repo of (templated?) docker-compose files

                                          General: playing with some ideas for a Typed-Lua-ish, Typed-Python-ish toy programming language that I want to implement.

                                          1. 1

                                            I use this extension for 99.9% of my development at $WORK. It works well.

                                            I’ve been looking for an open source solution for use at home, since I use VSCodium and it’s apparently a literal crime to use this extension with a non-MS distribution.

                                            1. 1

                                              i like this, mentally filing it away for the next time i need a text based serialization format. seems like a fun language to bake into the stdlib of a personal programming language project

                                              1. 1

                                                fun! i love the idea, and have a similarly themed project in the works myself.

                                                as a presentation note, it’s very hard to read this on my mobile browser.

                                                1. 2

                                                  yeah, sorry about that. the easiest way i could think of to mimick rfc-style formatting was a big ol’ <pre> tag with verbatim content.

                                                  1. 2

                                                    nailed it on that front :)

                                                1. 2

                                                  For example, instead of pkgs.git you can also use (pkgs.git.override { guiSupport = true; })

                                                  Is there a way to find all meaningful overrides without looking at the actual code in nixpkgs? I really liked how homebrew had a list of options with help one could use.

                                                  1. 6

                                                    afaik, no. You’ll have to look at the code. Happy to be corrected though.

                                                    1. 2

                                                      Yes. A bit manual, but you can wrap it in a script if you want. For example for git package:

                                                      nix-instantiate --eval --xml -E 'with import <nixpkgs> {}; lib.functionArgs pkgs.git.override'
                                                      

                                                      There are no descriptions though. And it will list all standard dependencies because they’re overrideable too.

                                                      1. 1

                                                        If you want a fancy version, this splits overrides into packages and other options:

                                                        #!/bin/sh
                                                        
                                                        if [ -z "$1" ]; then
                                                          echo 'missing package'
                                                          exit 1
                                                        fi
                                                        
                                                        nix-instantiate --eval --json --strict -E 'with import <nixpkgs> {}; let pkgNames = (lib.attrNames pkgs) ++ (lib.attrNames pkgs.darwin.apple_sdk.frameworks); args = lib.functionArgs pkgs.'$1'.override; argNames = lib.attrNames args; includeDefault = x: {name=x; value=lib.getAttr x args;}; in {nonPkgOverrides = lib.listToAttrs (map includeDefault (lib.filter (x: !(lib.elem x pkgNames)) argNames)); pkgOverrides = lib.listToAttrs (map includeDefault (lib.filter (x: lib.elem x pkgNames) argNames));}' | jq
                                                        
                                                      2. 1

                                                        as far as i can tell, the design and development culture in the nix world does not give a flying fuck about any tooling which makes your life easier. the answer is always to just look at the code.

                                                        1. 1

                                                          Yeah, and even the code seems maliciously cryptic. No types, very few comments, abbreviated variable names, and no import statements (packages are functions and to figure out what type of argument it takes, you have to find the call sites and work backwards). Moreover, it’s all thrown in one giant repo with no discernible rhyme or reason as to its organization (at least I could never intuit where a particular package definition ought to live). I don’t like ragging on open source projects, but this stuff is my biggest obstacle to adopting Nix (though there are many others) and it seems entirely avoidable.

                                                          1. 1

                                                            Yeah, and even the code seems maliciously cryptic

                                                            Sure, some of the code can be cryptic, but I really wouldn’t go so far as to say “maliciously.” Do you have any examples, per chance?

                                                            no import statements (packages are functions and to figure out what type of argument it takes, you have to find the call sites and work backwards)

                                                            I don’t see what you mean by “find the call site.” Within Nixpkgs, for most packages, all you have to do is find the file it’s defined in, and the dependencies/arguments it takes will be at the top. Assuming one has this knowledge, I don’t see what you’d have to work backwards from. Do you mind explaining so I can understand what you mean/try to explain some more? Maybe I’m just confused?

                                                            Moreover, it’s all thrown in one giant repo with no discernible rhyme or reason as to its organization (at least I could never intuit where a particular package definition ought to live)

                                                            Yeah, this is… known. There’s a recent effort by the Nixpkgs Architecture team to get rid of the organization (or at least, the littered categories, in favor of something simpler (e.g. sorting by alphanumeric order)). Hopefully it’ll make its way into a proposed RFC soon.

                                                            I don’t like ragging on open source projects, but this stuff is my biggest obstacle to adopting Nix (though there are many others) and it seems entirely avoidable.

                                                            What seems entirely avoidable, other than the organizational issues? Like, would you prefer that callPackage (the mechanism that injects dependencies as function arguments) not exist?

                                                            1. 1

                                                              Sure, some of the code can be cryptic, but I really wouldn’t go so far as to say “maliciously.” Do you have any examples, per chance?

                                                              Mostly I meant “they seem to go out of their way to be cryptic, e.g., by foregoing types, documentation, longer variable names, etc”. It’s probably not actually malice, but that the project is so old and it hasn’t been a priority certainly feels hostile toward users.

                                                              don’t see what you mean by “find the call site.” Within Nixpkgs, for most packages, all you have to do is find the file it’s defined in, and the dependencies/arguments it takes will be at the top.

                                                              The top just has a list of parameter names, but that tells you close to nothing about what type of data is expected for those parameters. Ideally there are types, but failing that some human-targeted description of the arguments (perhaps with examples or links to other files!) is sort of the bare minimum that I would expect from a project especially one in which users regularly have to dig into nixpkgs (yes I know it’s FOSS but that doesn’t absolve it of criticism).

                                                              Yeah, this is… known. There’s a recent effort by the Nixpkgs Architecture team to get rid of the organization (or at least, the littered categories, in favor of something simpler (e.g. sorting by alphanumeric order)). Hopefully it’ll make its way into a proposed RFC soon.

                                                              Glad to hear it. Hopefully it addresses this point well, sincerely!

                                                              What seems entirely avoidable, other than the organizational issues? Like, would you prefer that callPackage (the mechanism that injects dependencies as function arguments) not exist?

                                                              I was referring to things like dynamic typing, cumbersome naming conventions, organizational issues, and the general tendency to minimize documentation.

                                                              1. 2

                                                                but that the project is so old and it hasn’t been a priority certainly feels hostile toward users.

                                                                I really can’t speak for why it’s taken so long, but we have a documentation team now, and their efforts – both long-term and short-term – will hopefully help make Nix more friendly to newcomers and veterans alike.

                                                                but failing that some human-targeted description of the arguments (perhaps with examples or links to other files!)

                                                                Ideally, an LSP server for Nix could do links between callPackage arguments and their definitions like that. It’s been proposed for one LSP server implementation. Would be nice to see something come of it eventually, if possible!


                                                                I know this is a lot of hoping, but I really think that in due time, we’ll be in a good place. I hope.

                                                        2. 1

                                                          for nixpkgs packages themselves, the code is probably your best bet. you can use the nixpkgs search page to avoid spelunking the codebase for what you’re after, though.

                                                          outside of nixpkgs, a lot of people do their configuration via NixOS modules, nix-darwin, and home-manager. luckily, all of those provide better API documentation with explanations for most of their options, as well as type annotations.

                                                        1. 22

                                                          There’s a false dilemma in the heart of the argument. Specifically:

                                                          Thus, those who wish to use open-source soft­ware have a choice. They must either:

                                                          1. com­ply with the oblig­a­tions imposed by the license, or

                                                          2. use the code sub­ject to a license excep­tion—e.g., fair use under copy­right law.

                                                          But there is a third option, which is for GitHub to obtain access to the code under a license which allows GitHub to use it in Copilot. And GitHub’s Terms of Service include a license grant in Section D.4:

                                                          You grant us and our legal successors the right to store, archive, parse, and display Your Content, and make incidental copies, as necessary to provide the Service, including improving the Service over time. This license includes the right to do things like copy it to our database and make backups; show it to you and other users; parse it into a search index or otherwise analyze it on our servers; share it with other users; and perform it, in case Your Content is something like music or video.

                                                          That “as necessary to provide the Service” thing is worryingly flexible – a similar wording in the US Constitution is infamously called the “Elastic Clause” because of how many things it can be stretched to cover. And the explicit “analyze it on our servers” feels like it easily covers use to train an ML model.

                                                          And I would not be surprised at all if GitHub were simply to point to their terms of service, and accompanying license grant, and say that gives them all the permission they need to train and run Copilot. The only tricky bit would be someone putting open-source code onto GitHub when they lack the legal right to make such a license grant to GitHub, but then GitHub will point to Section P of their terms, and things will go badly for the person who put the code on GitHub, rather than going badly for GitHub.

                                                          1. 10

                                                            But the license does not extend to other parties. IANAL, but I guess one outcome may be that Copilot itself is legal, since users give GitHub this license, but that users of Copilot are in violation, since the license does not extend to them. I wonder if GitHub facilitates copyright infringement in that case.

                                                            1. 6

                                                              If you put code on GitHub, and have the appropriate rights to make the license grant involved in GitHub’s terms of service, then GitHub has the right from that license to distribute to others. Whatever open-source license you put on the code is not necessarily involved in the process at all.

                                                              Also, your thought here is based on the assumption that your original choice of open-source license can even persist through the training of an ML model that eventually spits out something similar-looking, which I don’t think is clearly established (and may not even be clearly established if the model occasionally spits out verbatim copies of some pieces of code). There’s dangerous legal ground here since Copilot veers close to a lot of things the industry has assumed should be legal, like reverse engineering, clean-room reimplementations, and so on.

                                                              1. 3

                                                                I’d think it was the other way around? The GitHub terms of service do not invoke any rights to redistribute, so the only rights to redistribute that GitHub has are the ones from the license the user choose.

                                                                The question is then, is copilot redistributing? Some of the examples I’ve seen show very, very similar code, so, I’d say at least in some cases, yes, it is.

                                                                1. 3

                                                                  Then if you care about your license, you should remove your projects from GitHub right now and influence projects you contribute to now before someone gets to decide the interpretation for you.

                                                                  1. 2

                                                                    The GitHub TOS license grant includes the right to “share … with other users”. That gives them redistribution to users of GitHub’s products and services. Which, if you go with the theory that Copilot’s output is a derivative work of the training data, puts GitHub in the clear.

                                                                    I’m not convinced, though, that a court would or necessarily should automatically see Copilot’s output as a derivative work of the training data, which was what the second half of the above comment was about.

                                                                    1. 1

                                                                      Do you know or have a link to the specific wording? I ask because I vaguely remember a kerfuffle about this a while ago, and the consensus seemed to be that GitHub only asked for rights to display or share the code in the context of the service, which was what kinda of calmed people down. Although, damn, now that I think about it, Copilot could easily fit “the context of the service” so, yeah.

                                                                      1. 3

                                                                        My top-level comment already quoted the full thing. And in a reply pointed to what the scope of “the Service” is defined as. You can also go read GitHub’s TOS for yourself.

                                                              2. 5

                                                                Not a lawyer, but that section is pursuant to “the Service”, that being the “GitHub” product. GitHub Copilot is not the aforementioned service but a product developed by GitHub, Inc.

                                                                1. 15

                                                                  From the definitions at the top:

                                                                  The “Service” refers to the applications, software, products, and services provided by GitHub, including any Beta Previews.

                                                                2. 5

                                                                  The problem is that GitHub allows me to upload code that I can legally distribute but don’t have the right to give them rights outside those of the license. So, e.g., code from the Linux kernel is definitely on GitHub in several forms - but did the copyright holders agree to those terms? The GPL is fine with uploading + distributing the code via GitHub but does not convey the rights that Microsoft is claiming.

                                                                  1. 6

                                                                    I mentioned that, and pointed out the section in GitHub’s terms that covers it. But I’ll point to it again for emphasis here.

                                                                    You agree to indemnify us, defend us, and hold us harmless from and against any and all claims, liabilities, and expenses, including attorneys’ fees, arising out of your use of the Website and the Service, including but not limited to your violation of this Agreement

                                                                    So basically, if you put code on GitHub and it turns out you did not possess the legal right to grant the license to GitHub that GitHub’s terms require, those terms also say that you are the one who gets to to be responsible.

                                                                    1. 4

                                                                      I wonder if that even holds up in court, considering that you need only an e-mail address to sign up. This is not a proper contract, and they don’t even know who their users/customers are, so they have no recourse.

                                                                      Put in another way, someone can sue GitHub for infringement and they’d probably have to pay up. According to the above, GitHub has the right to sue the user who caused the infringement for damages, but if there’s no way to reach that user, they’re SoL.

                                                                      1. 2

                                                                        It probably would hold up for some cases, such as if you uploaded a pile of stolen proprietary code and the owner sued GitHub. For Copilot, if it’s deemed to be illegal use, I don’t think it would be politically feasible to try to enforce this clause because it would need to be applied to the majority of GitHub’s customers and would kill the product entirely. That would be a multi-billion-dollar cost, not counting the long-term cost of leaving that market. If it ever got close to a situation where that needed to be considered as an option, I’d expect to see Kevin Scott leaving the company quite rapidly.

                                                                        Disclaimer: I work at MS but have no connection to the GitHub or Copilot teams.

                                                                        1. 2

                                                                          I wonder if that even holds up in court, considering that you need only an e-mail address to sign up. This is not a proper contract, and they don’t even know who their users/customers are, so they have no recourse.

                                                                          You wonder if what holds up in court? An indemnify-and-hold-harmless clause? Because that’s not some sort of brand-new invention GitHub just recently came up with that’s never been tested. It’s boilerplate. And they have the email address and the IP address used for the account, so they have other entities to send subpoenas to to track down a real-world identity if they feel motivated to do so.

                                                                          Can you still put together contrived scenarios where someone goes “good luck, I’m behind seven proxies” and actually has enough skill to constantly stay one step ahead of attempts to reveal their identity? Sure. But keep in mind that we’re talking about unauthorized code uploads here, which probably are going to be handled via DMCA notice – since GitHub follows the DMCA process, they have safe harbor for user uploads – rather than a multi-vigintillion-dollar lawsuit that somehow wipes Microsoft off the planet.

                                                                          I’m also not sure why you think it’s “not a proper contract”. Can you cite specific reasons for that?

                                                                          1. 1

                                                                            email address and the IP address used for the account, so they have other entities to send subpoenas to to track down a real-world identity if they feel motivated to do so.

                                                                            True, but that requires cooperation from the e-mail provider and/or ISP and might lead to nothing.

                                                                            DMCA notice

                                                                            Removal of the offending original repository isn’t going to undo the usage of that same copyrighted code in other people’s software, especially when introduced by Copilot, which I’d say makes Github/MS liable for the further spreading of that code.

                                                                            I’m also not sure why you think it’s “not a proper contract”. Can you cite specific reasons for that?

                                                                            It’s a very one-sided “agreement”, and everybody (including judges) knows that the vast majority of people just click through these without actually reading them.

                                                                            1. 1

                                                                              True, but that requires cooperation from the e-mail provider and/or ISP and might lead to nothing.

                                                                              A properly-issued subpoena compels cooperation. I don’t see much reason why an email provider or ISP would fight one.

                                                                              Removal of the offending original repository isn’t going to undo the usage of that same copyrighted code in other people’s software, especially when introduced by Copilot, which I’d say makes Github/MS liable for the further spreading of that code.

                                                                              I wouldn’t be surprised if GitHub intends to re-train Copilot on an ongoing basis, and thus has some way to take certain code out of the training corpus. And while statutory damages for copyright infringement are a bit steep for individuals, even in the worst possible outcome of the worst possible case I can imagine, it doesn’t get anywhere near threatening the ongoing existence of GitHub and/or Microsoft. And again that presumes a plaintiff who absolutely refuses to accept any other outcome, which is dangerous – refusing a reasonable settlement offer from the defendant can end up being financially ruinous for the plaintiff (see this recent infamous example in a copyright case).

                                                                              It’s a very one-sided “agreement”, and everybody (including judges) knows that the vast majority of people just click through these without actually reading them.

                                                                              To the extent that a free-tier GitHub account is “one-sided”, it’s in favor of the account holder, not GitHub, because the account holder gets free access to a bunch of resources and services from GitHub, without paying money for them. If you want to argue that courts have ruled all website terms of service are completely unenforceable, please provide specific citations to the relevant cases, preferably under US law (which governs GitHub’s terms).

                                                                              1. 1

                                                                                A properly-issued subpoena compels cooperation. I don’t see much reason why an email provider or ISP would fight one.

                                                                                More like ignore it, if they’re in certain countries there’s nothing you can do about it. And some e-mail providers like Protonmail or ISPs like Freedom in the Netherlands have a reputation to uphold of protecting their customers.

                                                                                I wouldn’t be surprised if GitHub intends to re-train Copilot on an ongoing basis, and thus has some way to take certain code out of the training corpus.

                                                                                Of course they would, but I meant code that was emitted by Copilot and ended up in other code bases before the case.

                                                                                “one-sided”

                                                                                It is one-sided, in that it’s not a contract resulting from a negotiation between account holder and GitHub. GitHub can change their ToS on a whim and the only thing you can do is decide to shut down your account if you disagree (assuming you even read it).

                                                                                free access to a bunch of resources and services from GitHub, without paying money for them

                                                                                Let’s not pretend GitHub is a charity, that’s disingenuous.

                                                                                all website terms of service are completely unenforceable

                                                                                Well, that’s not the case. But that’s also making a much stronger statement than I did; I was considering what a judge would think when a user would get sued for damages over something like this (unless the user was acting deliberately with malicious intent, perhaps).

                                                                                preferably under US law (which governs GitHub’s terms).

                                                                                That’s the kind of US-centric attitude that I not only dislike but is plain incorrect. GitHub is available world-wide and is subject to local laws in the countries where it operates. It has been proven again and again that US companies have to abide by the GDPR, for example, even though it’s not a US law. You cannot simply reject the fact that local law applies through the ToS, even though companies do try.

                                                                                1. 2

                                                                                  And some e-mail providers like Protonmail or ISPs like Freedom in the Netherlands have a reputation to uphold of protecting their customers.

                                                                                  I don’t think they’re going to “protect” the way you’re thinking they will, but it’s also turning into a diversion from the main point.

                                                                                  Well, that’s not the case. But that’s also making a much stronger statement than I did; I was considering what a judge would think when a user would get sued for damages over something like this (unless the user was acting deliberately with malicious intent, perhaps).

                                                                                  And yet those circumstances don’t impact the enforceability of the terms of service. If they’re enforceable they’re enforceable. If they’re not, they’re not. There is no “enforceable, but only against people we think deserve to have enforcement”. Selective enforcement is something the law is supposed to go to great lengths to avoid!

                                                                                  That’s the kind of US-centric attitude that I not only dislike but is plain incorrect.

                                                                                  It is a trivially verifiable fact that section R.1 of the GitHub terms of service says:

                                                                                  Except to the extent applicable law provides otherwise, this Agreement between you and GitHub and any access to or use of the Website or the Service are governed by the federal laws of the United States of America and the laws of the State of California, without regard to conflict of law provisions. You and GitHub agree to submit to the exclusive jurisdiction and venue of the courts located in the City and County of San Francisco, California.

                                                                                  So when I ask you to provide citations from US case law because US law is what governs GitHub’s terms of service, it is not “plain incorrect”. In fact it is the most correct thing I could ask you to do in the circumstance. Your personal dislike of it – and also the fact that you seem not to understand what it means for a particular jurisdiction’s laws to “govern” an agreement – is neither here nor there, and the rest of your paragraph about this was an extended non sequitur.

                                                                                  It is very likely that GitHub’s terms of service are, in fact, enforceable. I’m not sure how to convince you of that, but if you’re simply never going to accept that, then we don’t really have anything else to say to each other.

                                                                      2. 2

                                                                        I imagine it might come down to the people who uploaded the code to Github failing to reconcile the distribution terms of the GPL with the terms of service for using Github.