1. -6

    I suppose I should tip my hand at this point, and say that as much as I value the source part of open source, I also believe that people participating in open source communities deserve to be free not only to change the code and build the future, but to be free from the brand of arbitrary, mechanized harassment that thrives on unaccountable infrastructure, federated or not. We’d be deluding ourselves if we called systems that are just too dangerous for some people to participate in at all “open” just because you can clone the source and stand up your own copy. And I am absolutely certain that if this free software revolution of ours ends up in a place where asking somebody to participate in open development is indistinguishable from asking them to walk home at night alone, then we’re done. People cannot be equal participants in environments where they are subject to wildly unequal risk. People cannot be equal participants in environments where they are unequally threatened.

    Would James Damore be welcome to openly participate in the open-source development of Mozilla? What about Brandon Eich?

    If not, then all of these fancy words about protecting people from harassment and making Mozilla’s open-source spaces safe for everyone to participate in are lies, and the entire enterprise of switching to an authenticated chat system is an excuse to enforce that everyone who can meaningfully contribute to Mozilla’s open-source code either adheres to or knows to shut up about a specific set of political principles unrelated to the goals of the project.

    If so, then how will Mozilla react when feminist activists (the reference to “walk[ing] home at night” is clearly a signal that Mozilla imagines unrestricted speech in open-source contexts as akin to threatening the physical safety of women, the demographic which feminism cares about) argue loudly that platforming people who hold the political or social views that Damore or Eich do is itself a form of harassment that the system needs to protect them against?

    1. 4

      Brendan Eich, not Brandon.

      If you’re going to ask problematic and incendiary questions at least get the names right.

      1. 4

        You continue to willfully conflate harassment with protected speech; nothing you say is said in good faith or has any value.

        1. 1

          Many of the people who run Mozilla willfully conflate speech with anti-progressive political or social implications as harassment. This is why I am concerned about speech censorship politics with the explicit goal of reducing harassment. I don’t want contributors or potential contributors to open-source projects to worry that if they say things they believe to be accurate about systematic gender differences between men and women like Damore did (or any other topic with anti-progressive political implications), they will be barred from participation in the project on the ostensible grounds of harassing women.

          1. -1

            Many of the people who run Mozilla willfully conflate speech with anti-progressive political or social implications as harassment. This is why I am concerned about speech censorship politics with the explicit goal of reducing harassment. I don’t want contributors or potential contributors to open-source projects to worry that if they say things they believe to be accurate about systematic gender differences between men and women like Damore did (or any other topic with anti-progressive political implications), they will be barred from participation in the project on the ostensible grounds of harassing women.

            1. 1

              Thanks for taking the time to clarify your position.

              I think your fears are wildly overblown.

          2. 3

            Would James Damore be welcome to openly participate in the open-source development of Mozilla? What about Brandon Eich?

            I don’t speak for Mozilla, but in this hypothetical situation I’m assuming that if their contributions were valuable, why not?

            If not, […]

            This is a hypothetical based on another hypothetical.

            1. 3

              Because James Damore had established himself as one who is dedicated to creating unsafe spaces for others who also might want to contribute, like women.

              1. 1

                I see your point. I failed to take other contributor’s probable and understandable reactions into account.

          1. 5

            I’m all for ‘don’t attribute to malice what can be explained by incompetence’ but I don’t believe Google is that incompetent.

            You’d be surprised. The right answer is often the simplest. It is easier to build something for one browser than it is for more than one. Google builds against Chrome. They develop features using what Chrome supports. Is that the fastest way to build features? Yes. Is this the right thing to do? Debatable. Is this malicious? No.

            1. 10

              Intentions are irrelevant; impact is all that matters.

              1. 12

                If intentions are irrelevant, then there’s no need to use that word in the first sentence of the article.

                intentionally and systematically sabotaging Firefox

                1. 9

                  Better call their editor then. But more broadly, the problem is the aggregate effect of Google’s actions at scale, and it doesn’t matter what lies within the hearts of their engineers.

              2. 13

                Full disclaimer: I work at Google.

                I think this is a case of product managers across the company deprioritizing non-Chrome support once Chrome had a large market-share. They try to launch first and iterate. So they prioritize the larger platforms first, which would include Chrome. There’s no malicious Google-wide directive that we kill Firefox by not supporting it for our web products. That said, there’s no company-wide pillar to uphold the open web by supporting Firefox just as well as Chrome either. (We have similar pillars for privacy/diversity initiatives.) Note that Google’s iOS apps are well-maintained. That’s because there’s a lot of money and customers in that ecosystem.

                A company can both have a coherent vision and a thousand people making individual decisions.

                1. 8

                  I’m not sure what your comment is really meant to say, but if your product has a simple bug when viewed in a competing browser, that’s literally a one-liner, and which can be fixed before lunch, it clearly must be an intentional undertaking to instead ship it as-is, and then use your two-week release cycle to fix the issue that only takes a few man-hours to fix.

                  Of course, this is simplifying, but I don’t really see how the first-iteration argument could be applied here:

                  • How long does it take to develop a product?
                  • How much effort is involved to ensure compatibility?
                  • How much is gained by the competition looking bad in the first two weeks after launch?

                  These are the questions at stake here.

                  Speaking of which, as a Mozilla user, it’s hardly a coincidence that all the while that Google video-conferencing products don’t work in my browser, much of the competition, like CoderPad.io, works just fine. (Yet we still get surprised when it does work, because Google’s the one that’s setting the standard, even though video-conferencing has been available at Mozilla since like 5 years ago (2014?) if a quick search is to be believed.)

                  1. 10

                    What I’m saying is that in the absence of institutional pressure to uphold certain standards, those standards wont be met. Each product launch needs to meet privacy, security, i18n, and a11y standards. They’re enforced by external committees and manual testers. After launch, there are periodic reviews and every new feature launch needs to get the same approvals. There isn’t a similar checkmark for multibrowser compatibility and performance, so devs/PMs don’t care about it as much.

                    Plus, it’s always possible the devs or manual testers didn’t find that small issue in Firefox. Every product launches with bugs.

                    I’m trying to say it’s not institutional malevolence, just that it’s an institutional non-goal. Perhaps if there’s enough pressure (say from lawmakers), great multi-browser support would be one of those launch checkmarks. As it stands, the customers and the money don’t make it a priority.

                    1. 15

                      Traditionally this is precisely why antitrust laws exist. Google now has an effective monopoly on the browser market, and there are no checks and balances to prevent Google from eradicating all the competition. Whether Google does it with intentional malice or not is really beside the point.

                      1. 3

                        The problem with traditional anti-trust legislation in the US in relation to this issue is that it’s not at all clear who is harmed by this monopoly.

                        A traditional monopoly will naturally raise prices, as there is no competition to force it not to, and this will harm consumers of the product it produces. A lawyer would argue: how is getting a high-quality browser for free harming consumers?

                        You might argue that Google has a monopoly on online advertisements, but that’s not the case. Facebook is also a huge advertisement broker.

                        1. 3

                          A traditional monopoly will naturally raise prices, as there is no competition to force it not to,

                          When has that ever happened? And how much did the period of higher prices offset the preceding period of aggressively low prices?

                          1. 5

                            I was paraphrasing from faulty memory the perceived arguments for enacting antitrust legislation in the US in the late 19th century:

                            https://en.wikipedia.org/wiki/United_States_antitrust_law#History

                            I don’t find my statement controversial though. Why would an enterprise, unhindered by competition or regulation, not raise prices to the absolute maximum the market can bear? It would be its fiduciary duty to do so, to benefit its owners.

                            1. 2

                              Prescription drug costs in the US literally right now?

                              1. 1

                                The context was “anti-trust legislation”. The monopoly nature of pharmaceutical companies is a direct result of “pro-trust legistation”: patents.

                                1. 4

                                  No it’s not. Loads of medicines like insulin are totally unencumbered, yet their price is rising dramatically.

                                  Also what are you talking about? You asked when monopolies and trusts have ever raised prices, implying that has never happened. It has. I gave an example. And there are plenty of other examples throughout history, it just so happens that was the answer I thought of literally instantly.

                                  1. 1

                                    Loads of medicines like insulin are totally unencumbered, yet their price is rising dramatically.

                                    You’re saying that some company has a monopoly on a patent-free product?

                                    You asked when monopolies and trusts have ever raised prices, implying that has never happened.

                                    The context was “anti-trust legislation”. It makes no sense to suggest anti-trust legislation to solve a problem begat by pro-trust legislation; just eliminate the pro-trust legislation.

                                    1. 2

                                      You’re saying that some company has a monopoly on a patent-free product?

                                      No. A group of companies. Sometimes known as a trust, see also the term “antitrust law.” In the case of insulin, a group of three companies.

                                      Or perhaps the cost of insulin has risen dramatically due to its production cost rising dramatically? And every other developed country in the world has developed technology to offset those costs except the US?

                                      I’m open to other hypotheses.

                                      1. 1

                                        And every other developed country in the world has developed technology to offset those costs except the US?

                                        Can’t those countries can’t sell insulin to the US? If not, is it because of another law preventing them from doing so?

                                        1. 4

                                          Great question! No, they can’t sell in the US. It’s a hot topic in the Democratic presidential primary. Also, check out this article about policy to reduce prescription drug prices from 2017, which mentions allowing import from Canada and Mexico as possible solutions, to force US providers to set accurate prices or lose business.

                              2. 2

                                Regardless of historical examples, that’s literally Uber’s planned business model. The fares they charge for rideshare simply don’t cover costs. They’ve been operating at billion-dollar losses each year to support this.

                                So why set fares unsustainably low? To gain marketshare. To put cab companies out of business. Once they have market dominance, they can bring their fares up to sustainability, then profitability, then gouge-level profitability.

                                1. 1

                                  Regardless of historical examples, that’s literally Uber’s planned business model

                                  Rather an automatically-accepted just-so truism, much like the original one that I questioned.

                                  This reminds me of when people thought Google had no business reason to create a web browser. Now it’s “obvious”. But since you can’t see any other business model then clearly there’s only one option.

                                  1. 1

                                    Google wasn’t posting yearly losses in the billions and asking for additional funding. Regardless of Uber’s actual business plan, there are many rich people convinced that the plan is monopoly.

                                    1. 2

                                      Meanwhile, consumers have had 10 years of good service and VC-subsidized prices. And any raised prices once Uber achieves “monopoly” will be under threat if they are high enough to present a profitable (competitor) opportunity.

                                      This is basic economics. The imagined “problem” of a perpetual, abusive monopoly never seems to manifest. Except of course in cases where the monopoly is enforced by law.

                            2. 2

                              I agree that policy is the only lever that can change a big player. Even the threat of regulation may be enough.

                              I think it does matter if one characterizes this issue as intentional or not. If it’s intentional, it’s certainly malicious and may point to the people being bad actors. Whereas, if it’s the outcome of an anarchic process, it’s bad, too, but perhaps its just an oversight. The punishment and fixes will have to be different. Also it’s hard to convince someone to change their views if it looks like you’re arguing in bad faith so it’s important to characterize the problem correctly.

                              1. 2

                                It’s perfectly possible for the organization as a whole to be malicious while everybody within the organization just follows the process. The problem here is with Google as a company as opposed to intents of any single individual. As others pointed out conscious decisions had to be made to stop testing with Firefox, to introduce features outside W3C spec, and so on. I think that the individuals who choose to work for a particular organization share moral responsibility for the actions of that organization.

                                1. 3

                                  I’m in agreement with you here. My main point is that being precise with describing the issue is important.

                            3. 10

                              Notably, this to me seems to at the very least confirm a discrepancy between the words (the official “We’re on the same side. We want the same things”; unspoken, which makes it unclear, but I can only assume this to mean at least “conforming to Web Standards”) and the actions (not prioritizing tests with Another Standards Conforming Browser, i.e. Firefox). In harsher words, such behavior tends to be called hypocrisy.

                              That’s the first thing. The second thing is, presumably, someone at some level of management had to make an explicit decision to drop Firefox testing, at some point in time - assuming it was there before Chrome was released. Then, someone else at the company had to vet this decision. This makes it at least two people. As others said, hard to imagine such levels of pure, bliss, unscrutinized incompetence, at Google of all places. And even assuming charitably those were the real reasons, such incompetence would have been noticed later and corrected. But then, also from your comments, we clearly see it was not.

                              1. 2

                                It’s possible for the Chrome team to be for the open web and for teams across the company to launch products with bugs in non-Chrome browsers. Both are possible at the same time. I don’t think bugs at the margins invalidate whatever the Chrome team is doing.

                                I’m not saying that anyone decided to drop Firefox testing. That’s not true. There is no management directive to drop Firefox support. I’m presenting a distributed, anarchic model of decision-making. I’m saying that when you have dozens of teams working on dozens of web-products (ranging from small teams working on quick experiments to large teams supporting billion-user products), it’s possible for bugs to slip through that make it seem like the company doesn’t care. The fact that perfect multi-browser is not required to ship a product doesn’t mean that devs/PMs don’t care about it. Perfection on any axis is not required to ship a product.

                                The recent GMail web product launched even though it loaded slower than the previous version. That’s because users liked the new version better. The tradeoff was to launch and improve performance after.

                                1. 3

                                  There is no management directive to drop Firefox support.

                                  It’s enough if there’s no directive to keep it.

                                  If someone pumps a balloon, and then at some point stops pumping it, that’s not an action per se, but still conscious decision of inaction. Saying: “wow, I’m soo surprised the balloon deflated! I do still care about the balloons being inflated! I just now pump a different balloon!” in that situation doesn’t appear completely honest.

                                  1. 2

                                    Yes, I agree. I’m mostly concerned about the framing of the issue here, and we’ve come to agreement.

                          2. 13

                            This reads almost like a joke. No offence, but I really cannot believe that any development teams at a company whose core competence is web applications would not test their web applications on the leading N% web browsers.

                            N might vary from 95% for a small shop to 99% which was the case at my former employer: a 20-person small business writing web applications. We supported all major browsers on the three major desktops, Apple and Samsung phones and tablets default browsers, and a few other mobile browsers.

                            How could a company the size of Google test their web applications only on a single web browser?

                            1. 4

                              I really cannot believe that any development teams at a company whose core competence is web applications would not test their web applications on the leading N% web browsers

                              Believe it. If you’re testing a small application it’s not too hard. But when you’re testing huge applications for not only bugs, but performance issues, it’s a lot harder. And Google engineers have buff workstations and top of the line laptops where lots of performance issues simply don’t show up.

                              There are other more traditional business reasons this stuff happens that Google isn’t immune to. Once big projects get enough momentum they tend to roll out even if there are obvious problems—the sunk cost fallacy. I don’t know anything specific about the polymer redesign mentioned, but I wouldn’t be shocked if someone told me that’s what happened.

                              1. 1

                                Well, each web-site at Google probably has on the scale of 10-50 engineers on it. The apps are complex, the tech stack is custom, and there are competing priorities, like at any company. If bugs slip through the cracks, it’s for the same reason as any other company.

                                The primary and secondary features of all major Google apps work fine across all current browsers. Is that not true?

                                1. 2

                                  The primary and secondary features of all major Google apps work fine across all current browsers. Is that not true?

                                  I don’t know, other than Gmail and Search I do not use many Google products.

                                  And it does not matter how many engineers (or devs) are on an app, what matters is the the testing procedures in the build processes. Whether they need to sit a “Firefox-testing” intern next to the “Chrome-testing” intern, or if they need to run test-in-firefox.sh as well as test-in-chrome.sh is immaterial. What is material is that Firefox (and IE, and a few other browsers) exist and need to be tested for.

                                  “My team is too large” is not an excuse, especially as these things scale better for larger teams.

                              2. 4

                                Note that Google’s iOS apps are well-maintained. That’s because there’s a lot of money and customers in that ecosystem.

                                Like it took a year for apps to support iPhone X or most apps still don’t have iPad keyboard support?

                                1. 1

                                  I’m not an iOS expert and don’t work on iOS apps at the company, but I really don’t think it took a year for major apps to support iPhone X. It’s up to the individual PMs to prioritize features; I can’t speak to why iPad support isn’t wide-spread. You can imagine there are many competing goals for each product.

                            1. 2

                              Therefore Allen went over to the University of Washington and began using a Xerox computer by pretending to be a graduate student. Gates soon followed, and this went on until they were caught and removed from the campus. They continued to break into university and privately owned computer systems until about 1975.

                              How dare they!!!

                              1. 1

                                Calling out their hypocrisy and foundation based on appropriating public value for private profit is always on point. The whole world is still suffering from their actions in the nineties, and every responible person involved there is still around, and still rich.

                              1. 1

                                I didn’t realize the author was using python syntax for illustration purposes and was very, very confused. I bit more prose telling us what he planned to do would have been more helpful than the pkd references.

                                1. 3

                                  Maybe you should contact his editor. But also, the PKD references were fun and interesting, and their exclusion would not have made the content more clear.

                                  All in all, this was genuinely the best explication of Python’s argument-passing semantics I’ve ever seen, even if I didn’t like the “bindings are boxes” metaphor; it was still great!

                                1. 2

                                  Only one of “plain text files” that can be read 50 years later and “military-grade AES encryption” can be true at a time.

                                  (Incidentally, I read “military-grade” to mean “lowest bidder”.)

                                  1. 1

                                    That’s not true. The claim is about it being a simple open format. Well known character encoding + well known crypto algorithm is pretty future proof.

                                  1. 2

                                    When I have even more free time, it might be fun to try to apply the techniques from https://blog.benjojo.co.uk/post/eve-online-bgp-internet to https://github.com/rabidgremlin/Procedural-Generation-Examples/blob/master/part-ii/DrawUniverse/universe.csv, the description of the Elite universe.

                                    1. 14

                                      This whole meditation is excellent, and this is something I both didn’t know, and is extremely relevant for everyone in our industry, especially those of use who are highly skilled:

                                      There are those who say that denying the rights of surveillance capitalists and other trillion-dollar multinationals to their (pie minus tiny slice that trickles down to us) is modern-day Luddism.

                                      It’s a better analogy than they realise. Luddites, and contemporary protestors, were not anti-technology (https://www.smithsonianmag.com/history/what-the-luddites-really-fought-against-264412/) Many were technologists, skilled machine workers at the forefront of the industrial revolution. What they protested against was the use of machines to circumvent labour laws and to produce low-quality goods that were not reflective of their crafts. The gig economies, zero-hours contracts, and engagement drivers of their day.

                                      1. -2

                                        Nearly 300 people worked together, together writing over 9,000 commits and almost 100,000 lines of code, to bring you this release.

                                        Is that intended to be impressive? Is there any good reason for a window manager and set of related tools to be almost one hundred thousand lines, really worse since it sits on top of POSIX and Wayland?

                                        1. 11

                                          Wayland is just a protocol, and its implementation is quite small - and only handles client-server-communication-related problems.

                                          Those hundred thousand lines of code include what basically amounts to reimplementing the X server from scratch. We wrote almost all of the userspace graphics, rendering, input, and window management code. Even then, it’s an fifth the size of what it replaces: xorg-server+i3.

                                          1. 1

                                            Have you (or anyone else) done any tests regarding power usage? Does this increase or decrease a laptops battery life, for example?

                                            1. 2

                                              We haven’t done any objective measurements, but anecdotally battery life is improved for me on sway and many other users report the same. It would make sense, we have optimizations in place specifically designed to be power efficient. Also check out swayidle for doing things like dimming/suspending after inactivity.

                                          2. 7

                                            Half of it is their Wayland implementation, it seems.

                                            https://github.com/swaywm/wlroots

                                            So, yeah, I’m pretty impressed. It’s a full-featured and cross-platform application that’s meant to be treated as though it were infrastructure.

                                          1. 3

                                            I think that’s an old announcement; they’re up to 2.2 now, I think.

                                            http://graphblas.org/index.php

                                            1. 2
                                              1. 1

                                                “prediction difficulty: challenging” (vs “secure” for CPRNG’s)

                                                “and thus more secure than most generators”

                                                Looks like a great article. I’m highlighting this since they probably just should leave the last part off as it semi-implies it useful or acceptible for work done with security in mind. Folks are better off just using the fastest CSPRNG that doesn’t have any working attacks. That is, if they can’t afford to use whatever is the strongest one. I’ll add @twotwotwo has a great point about how fast the secure generators run these days. There’s also crypto accelerators on some processors for common algorithms.

                                                1. 3

                                                  The use case is things like Monte Carlo simulation, raycasting, etc., where you want unpredictable, uniformly distributed set of values.

                                                  1. 1

                                                    Oh, I get that. Especially Monte Carlo given it’s always the example I see in fast, pseuo-random generators. I should probably look into that deeper some time given its utility and popularity.

                                                    I’m just saying they should leave off the security part toward the end if they already said it wasn’t secure at the beginning. Following others in the know, I’ve always kept separate the RNG’s that are good for security-insensitive and security-focused randomness. Many who haven’t studied information security might misinterpret such remarks.

                                                  2. 1

                                                    “prediction difficulty: challenging” (vs “secure” for CPRNG’s)

                                                    CSPRNGS aren’t provably secure. There’s no difference between ‘challenging’ and ‘secure’ except that the ones marked ‘secure’ have been tested a lot more for security.

                                                    I’m highlighting this since they probably just should leave the last part off as it semi-implies it useful or acceptible for work done with security in mind.

                                                    It is more secure than most generators.

                                                  1. 2

                                                    Accepting null means tightly marrying the memory layout and types together. You can no longer examine types while ignoring how they’re layouted in the memory.

                                                    Huh? Nullable doesn’t say anything about memory. I have no idea what Python None looks like.

                                                    1. 1

                                                      Python’s None is a globally defined constant. Nullable and Maybe are sum types. You’re right that these ideas are distanced from how they’re layouted into memory.

                                                      However I’m not sure what to do here because I think the thought still applies somehow to this. Should we have an easy way to convert any type into type+{null} in the first place?

                                                      1. 1

                                                        I think he was referring to his conception of it as stated in this opening: “Not too long ago I used to think of null as an useful feature that can be directly derived from the pointer arithmetic on a computer.”

                                                      1. 6

                                                        “Fabricate” is a build system that uses strace to automatically discover dependencies in this way.

                                                        https://github.com/SimonAlfie/fabricate/blob/master/README.md

                                                        1. 1

                                                          Nice. Looks like they beat me to this idea by a wide margin. Just goes to show there is not much new under the sun.

                                                          1. 3

                                                            On the other hand, although I’ve known about this for many years and always been curious, I’ve never actually tried to use it, whereas I could wrap your concept around almost anything pretty trivially, so :)

                                                            1. 2

                                                              Thanks. This work mostly came out of being frustrated with js build scripts. I didn’t want to understand what broccoli.js was doing so I figured treating it as a black box and just grabbing the inputs and outputs would be good enough for caching purposes. I’ve since used the same trick at a few more workplaces and it does wonders for frontend build processes.

                                                        1. 5

                                                          The way these licenses are worded isn’t very appealing. They don’t even open with MIT-style warranty clauses, those are end the end and have less words. As a non-lawyer less words sounds bad. The Parity license seems very demanding, I wouldn’t want to use it. I do not at all believe this new wave of quasi-commercial licensing for most if not all (formerly) Free Software projects will end well for anyone. Why use a solution that doesn’t do exactly what you need it to, and maybe does a bit too much? Because it’s Free Software, the time saved building bespoke tools can be used to patch it and ignore/workaround what you don’t need. But if I have to pay someone, might as well pay my own guys, or if I want to keep it FOSS, use and/or fork an existing Free Software project.

                                                          1. 2

                                                            The way these licenses are worded isn’t very appealing.

                                                            I love the wording. If it’s about commercial use, the license says commercial use instead of guessing every business model they might try. If it’s about sharing changes, the license says all changes have to be shared instead of guessing every distribution model they might try. The parasitic behavior that happened with other licenses might have been blocked with these.

                                                            “if I want to keep it FOSS” “The Parity license seems very demanding,”

                                                            The existing licenses don’t keep it FOSS, though. There were bypasses around most of them that led to billions in wealth for companies that didn’t contribute back or barely did. The goal of the Parity license is maximizing free software by forcing all code to be shared. So, the terms force all code to be shared. Almost all negative impact is on commercial sector who could always buy a license exception that supports the project.

                                                            1. 1

                                                              The platform seems like a start but I kind of wish that some of the other licenses were available to choose. Getting these new licenses approved by the OSI is probably pretty top priority. Every IP lawyer I have ever worked with always advised avoiding new licenses whenever possible because in some cases it was easier to simply re-implement the functionality that we needed instead of getting a new license approved.

                                                              1. 2

                                                                As a developer, my goal in using the Parity license is to discourage corporate uptake. OSI approval is an anti-feature.

                                                                1. 4

                                                                  Why would you want to discourage use of your software? I sincerely don’t understand why it being used by a corporation is by itself a negative. Isn’t it dependent on the corporation?

                                                                  1. 0

                                                                    Why would you want your labor appropriated by greedy capitalists who will use it to further enslave you?

                                                                    1. 8

                                                                      If a software developer releases their software under a license that allows them to bar you from using it on the grounds that they think you are a greedy capitalist who will use it to further enslave them, that software is not free and should not be talked about in the same breath as genuinely free software.

                                                                      1. 1

                                                                        You have not read the license, or if you have, you’re hiding it. Either way, you’re contributing nothing to the discussion.

                                                                        The Parity license compels sharing, similar in spirit to the GPL. This is not a business-friendly license, because the operating principle of capitalist enterprise is to socialize cost while privatizing profit. They will look for software they can use parasitically.

                                                                        Its also meant to enable developers to charge for their software without closing the source. If you don’t want to share according to the terms of the free license, buy a commercial one that doesn’t mandate that.

                                                                      2. 4

                                                                        I’d take greedy capitalists metaphorically enslaving me over “selfless” communists literally enslaving me.

                                                                        1. 2

                                                                          Providing services people want is slavery?

                                                                          1. 2

                                                                            All you need is to wear Marx-colored glasses to see it is.

                                                                1. 8

                                                                  The naming of this suite is confusing. There is already a legal tool called CC Zero. And this is not a single license or a single minimalist license.

                                                                  The implementation of most of these licenses is non-free and the naming is Orwellian. Compelled publication (“Parity”) is non-free, and separating it from use is doubly so. “Prosperity” is shareware, which non-free and a failed model. “Private” allows a party to use the code publicly in a non-free way. “Charity” is a weird name for a license of the form that corporations love.

                                                                  This is good old-fashioned license proliferation wrapped in a presumption of dual-licensing, which is the current problem rather than a solution to it.

                                                                  I do like the command line tools though.

                                                                  1. 3

                                                                    What is the problem, proliferation, or dual-licensing? I’m having a hard time understanding how either are currently problematic.

                                                                    1. 1

                                                                      This is good old-fashioned license proliferation wrapped in a presumption of dual-licensing, which is the current problem rather than a solution to it.

                                                                      It actually would reduce license proliferation given maximum, simple copyleft might have prevented the need for piles of free licenses that currently exist. Likewise, people wanting to get paid for commercial use while letting people see and fix the source might find Prosper useful. Then, for proprietary software outside these two, he has a proprietary license setup with the usual terms. Actually, less shady than many vendors of proprietary software.

                                                                      So, we’re down to three licenses covering paid-under-agreed-terms with source, free-as-in-beer with source for non-commercial use, and maximally-free with source all changes being just as free. So much easier and smaller in number than this pile of licenses from OSI.

                                                                    1. 2

                                                                      Those licenses are not very clear. On the front page the parity license is listed as allowing for-profit use, yet the license itself reads as if you’re not allowed to charge for distribution:

                                                                      This license lets you use and share this software for free, as long as you contribute software you make with it.

                                                                      Also, what’s up with this?:

                                                                      1. Contribute software you develop, deploy, monitor, or run with this software.

                                                                      So if I use a parity licensed text editor or shell, presumably I’d have to “contribute” (what does that even mean?) programs I write myself or programs that I run.

                                                                      Why would that make sense? Would that ever be enforceable?

                                                                      These are all clearly non-free licenses (unless optional relicensing is allowed), so it’s somewhat misleading to list them as having the “door open” to “open source”.

                                                                      1. 2

                                                                        The point of the license is to ensure that source is available, and that software developers hold onto power against massive corporations who are able to monetize more tepidly licensed open source software with their scale.

                                                                        If you don’t want to abide by the terms of the Parity license, you’re free to not use it, or seek a commercial license for your use of it; the License Zero site makes it easy for developers to charge for those commercial licenses.

                                                                        1. 5

                                                                          If I used a licensed program to monitor in-house closed-source software, what and how would I contribute?

                                                                          IANAL but I feel like someone wanted to take a crack at writing something cool for licenses but either didn’t think it through or didn’t verify it properly.

                                                                          Of course we’re all free to not use dubious software, but people do it all the time regardless. The world would be better off with clearer definitions and people who care more.

                                                                          Edit: just re-read the Parity text. I’d publish the monitored software on Github as a contribution to the monitoring software. Dunno how I missed that that’s what it actually means. Maybe I was in denial ;)

                                                                          1. 2

                                                                            I believe that the author of these licenses is a lawyer, and they were created very specifically to do what they do.

                                                                            1. 6

                                                                              Having read them I find that very surprising.

                                                                              1. 3

                                                                                There are a lot of blog posts on the site that go into the rationale behind the licenses: https://blog.licensezero.com/2018/09/14/free-to-take-freedom.html

                                                                                1. 3

                                                                                  What I’m not following is why conflate licensezero (paid access to a commercial license in lieu of an open one) with very specific licenses for public distribution. There’s no reason licensezero couldn’t be applied to GPL code, for example. Obviously not every developer wants to license their software under the GPL (or Parity for that matter), but the concept of licensezero works regardless of the developer’s preference on the topic. Fixing it to specific minor licenses prevents licensezero from being a large scale offering.

                                                                                2. 2

                                                                                  So what’s monitoring? strace or something that checks a network service is up? I guess you could bolt more terms onto it but then the little foundation becomes essentially irrelevant.

                                                                                  Maybe the author is a lawyer but this feels sloppy.

                                                                                  Though I didn’t look deep into how that Stripe thing should work. Maybe I missed the thing that makes it all complete, though I doubt it.

                                                                                  1. 3

                                                                                    The law isn’t code. It’s not meant to describe every possible use. It’s a philosophical statement and tool to advance a particular set of values, and enforcement will be done within the same human-driven, non-code system. So if you’re using a Parity licensed tool in contravention of its terms, the author would have to convince a court of their case.

                                                                                    1. 3

                                                                                      It said with this software. The interpretation I had is that you’re using the software that has that license to do one of those things. You’re benefiting from it with changes or integrations. So, you have to release under same license those changes or integrations. The author is trying to stop you from doing clever bundling to dodge the license. That’s a real thing I warned people about.

                                                                                      Folks claiming licenses protect freedom keep ignoring such strategies. Whereas, License Zero author is trying to address all these dodges with the simplist license he can. Compare Parity to AGPL in terms and complexity.

                                                                                      1. 4

                                                                                        The author is trying to stop you from doing clever bundling to dodge the license.

                                                                                        I can appreciate that about the license, and that’s a wonderful goal! I’m just in doubt how to interpret the exact implications are from those measures. If we take something like this:

                                                                                        1. Contribute software you develop, deploy, monitor, or run with this software.

                                                                                        If a Unix shell had this rule, then I must publish my shell history since those commands would’ve been run with the shell (and arguably also developed, deployed and monitored with it). I can see how this technically wouldn’t be a restriction on the use of software, but it would be quite impractical.

                                                                                        Also, if a browser was under this license, you’d have to publish all JavaScript your browser runs, “in the preferred form for making changes,” which would mean that such a browser wouldn’t be allowed to run non-free JavaScript (interesting!). Arguably you’d also have to republish any free JS script you’ve run “through a freely accessible distribution system widely used for similar source code.”

                                                                                        Yes, I’m being super pedantic here, but my impression is that so is law occasionally,; just look at the problem with the old BSD License. Surely the intentions of the author (and people who’d use this license) is not to go that far in stopping share dodgers?

                                                                                        1. 2

                                                                                          Ok, finally got just enough sleep to get back to you.

                                                                                          “If a Unix shell had this rule, then I must publish my shell history since those commands would’ve been run with the shell (and arguably also developed, deployed and monitored with it). “

                                                                                          That’s a clever example. Yeah, the license might not be appropriate for something like the shell. I’m sure that could take some thought to figure out how to improve the license. I might pass it on to License Zero author. Meanwhile, do remember that problems with licenses on a specific component might lead developers to re-license under a mix of them. Some things they might license as Apache, GPL, AGPL, etc with rest under Parity. Companies might try to freeload off whatever wasn’t under Parity. They still get less freeloading value given the developers were able to limit what they could take.

                                                                                          “Also, if a browser was under this license, you’d have to publish all JavaScript your browser runs,”

                                                                                          Is that really a bad thing in a license that intends to maximize free software? (nudge nudge)

                                                                                          Another good objection, though. Scripting engines were always a way to repurpose existing apps to make them behave quite differently. The modding scene for games comes to mind. He probably should think carefully about embeddings. If looking at commercial or non-commercial use, Javascript is a really, intriguing problem in how it’s used on the web. I think this is a case where he’d tell them to buy a proprietary license for whatever it is or the company would distribute the browser under non-free-as-in-speech license. Given existing ecosystem, Javascript might just be too messy to handle with a simple license.

                                                                                          That said, prior work inspires a simple solution: Parity-licensed browser with license exemption for Javascript that runs in it. Since Javascript isn’t fully-copyleft, they hypothetically might start building entire apps in web browsers from text editors to IRC-like setups to social media. Fortunes would be built off it with maintenance burden on browser developers. The response might be two fold: anything getting common (de facto standard) gets a nice, native implementation in the browser under Parity license; the exception allows JS for non-commercial use with for-profit sources having to pay for a license. The latter might check the certificates against an internal list or something. Complexity is still mounting, making a license exception most sensible so far.

                                                                                          Now, it might not be as difficult to deal with something like Lua or even Javascript that’s not a browser. These are usually in apps that are proprietary or distributed for free. If proprietary, they get a proprietary license like an acceptance fee and/or cut of sales in the 3rd-party app or plugin store. This is already a common practice. If free, Parity would make the 3rd-party apps/plugins/scripts as free as the project they’re built on. If the host is free, then why should the guests get paid? I know some wouldn’t like it but it doesn’t seem unfair in those situations. Finally, an exception might be allowed for 3rd-party content under paid or free terms. It could even be conditional on whether they themselves are paid or non-paid.

                                                                                          1. 2

                                                                                            Also, if a browser was under this license, you’d have to publish all JavaScript your browser runs,

                                                                                            Is that really a bad thing in a license that intends to maximize free software? (nudge nudge)

                                                                                            Nah, that wouldn’t be a bad thing at all.

                                                                                            But does this license really do that? If a JavaScript engine is licensed in a way that disallows running non-free JS programs, is that not then a usage restriction? Such a restriction would make the JavaScript engine itself non-free, at least according to the FSF definition, which includes: The freedom to run the program as you wish, for any purpose (freedom 0).

                                                                                            1. 2

                                                                                              is that not then a usage restriction?

                                                                                              It might technically not be valid. I think usage restrictions that are specifically about enabling commercial freeloading maybe should be counted as a negative in their definition. They’re trying to compromise in a way that ended up undermining their goals on contribution side.

                                                                                              Maybe we need a new phrase that represents about everything that’s otherwise considered FOSS but allows usage restrictions if the purpose is forcing maximal sharing of code. It goes a step further than the technical definition of FOSS.

                                                                            1. 6

                                                                              I love this. I wrote something that makes a similar plea to use Free Software licenses, but coming at it from a different angle:

                                                                              https://blog.joeardent.net/2017/01/say-no-to-corporate-friendly-licenses/

                                                                              1. 5

                                                                                “Star Wars, a tale of a man who became absolutely corrupted by his power and was, thankfully, eventually destroyed. When the movies came out, they absolutely captured the imagination of nearly an entire generation, at which point, George Lucas held onto that imagination as a cultural hostage1 2, and demanded payment from anyone else who foolishly tried to play with the storyblocks Lucas had made. “

                                                                                You might find this article interesting. Like the author, I was blown away by finding out the clever movie didn’t just imitate others a bit: it was nearly cut and paste on some stuff, including the best parts, with hardly any changes. Now, if you change “brilliant original” to “brilliant remix,” it’s still one of the best ever done. I’ll give Lucas that. He’s just no saint fighting copyright bullshit with a clever remix to only become the villain doing the same stuff.

                                                                                It makes sense a Lucas company would be a “vampire” in software sector “taking rather than giving.”

                                                                                “But for me, though, a big part of my motivation to commit to using the GPL is so that people like Jennifer Siebley will tell their corporate overlords like ILM5 to not use my software. I’m a little vindictive like that.”

                                                                                They can bypass the GPL because it’s too weak, trying to out-think everything abusers might do but missing a lot of it. If this is your goal, consider licenses like Parity. I like how it forces any change (derivative), regardless of usage or distribution method, to be open sourced. That’s the root of the issue is they are transforming the software for a benefit with goal of not sharing transformed version (derivative). Plus some patent protection thrown in. That might have countered about every corporate abuse I’ve seen where it’s just the software itself that’s beneficial.

                                                                                Pushing the kind of FOSS that forces all changes to be FOSS’d regardless of usage pushes them into corners instead of FOSS developers aiming for reciprocity. And FOSS companies can still dual-license it with an exception for that to generate revenue. And with terms that force them to reinvest into FOSS ecosystem based on gains.

                                                                                EDIT: Changed “you” to “they.” Much more appropriate here. :)

                                                                                1. 5

                                                                                  They can technically bypass it, but they have an allergy to the very license, so for practical purposes, making it GPL achieves the desired excluded use.

                                                                                  That said, I appreciate the link to the Parity license! I will definitely start exploring that.

                                                                                  And yeah, the antecedents for the Star Wars material are pretty blatant, which made their preciousness about their IP more galling. I will note that they do have one other major open source (not FOSS) library, OpenEXR, which is used all the over the place for graphics-related systems (IlbmBase, a package within OpenEXR, has tons of useful math stuff like vectors, 3 and 4x4 matrices, quaternions, etc., and we used it extensively within Alembic). So giving back is not 100% alien to them, but it was not a priority.

                                                                                  1. 4

                                                                                    Thanks for the tip on OpenEXR. Didn’t know about it.

                                                                                    Far as Parity, check out his blog. It has a few write-ups on why he designed his licenses the way he did. For the copyleft, his main problem was all the loopholes that led to billion dollar companies not giving back or actively lobbyin against our freedoms. His licenses focus on the simplest elements to get rid of all loopholes. With something like Parity, we might have not had these oligopolies given anyone could reuse any change the big companies made.

                                                                              1. 2

                                                                                If you think I’m being overly dramatic, consider this counterfactual scenario. Take a problem proximal to tech companies’ bottom line, e.g. image recognition or speech, and imagine that no tech company was investing research money into the problem. (IBM alone has been working on speech for decades.) Then imagine that a pharmaceutical company suddenly enters ImageNet and blows the competition out of the water, leaving the academics scratching their heads at what just happened and the tech companies almost unaware it even happened. Does this seem like a realistic scenario? Of course not. It would be absurd. That’s because tech companies have broad research agendas spanning the basic to the applied, while pharmas maintain anemic research groups on their seemingly ever continuing mission to downsize internal research labs while building up sales armies numbering in the tens of thousands of employees.

                                                                                The next time someone is defending the necessity of pharma patents and absurdly high drug prices, you can be certain they are shilling for entities that are trying to kill you for a profit, and act accordingly.

                                                                                1. 31

                                                                                  Personally, I think it takes lots of courage to stand for a right cause, after all opposing a corporate decision for the company you work for is not an easy thing to do. Having said that, I still have some facts to highlight:

                                                                                  Our opposition to Dragonfly is not about China: we object to technologies that aid the powerful in oppressing the vulnerable, wherever they may be.

                                                                                  Not only that applies to Dragonfly, it also applies to Google, Amazon, Microsoft, Yandex, Facebook and other big technological corporations all over the world, and certainly it’s part of a problem we (as citizens and members of our species) should aspire to solve.

                                                                                  The correct thing would be to work towards empowering users with technology they can control and in turn one in which they also control their data (something that happens with libre software and related crypto software), the biggest challenge is to create consciousness in younger generations about the importance of individual liberties and privacy, that’s an area in which (I think) we are loosing but must keep working on.

                                                                                  1. 9

                                                                                    May sound depressing, but maybe the most effective way to create consciousness about those topics is saying this to new generations:

                                                                                    Your data is your money.

                                                                                    1. 4

                                                                                      Third time’s a charm!

                                                                                      It’s important to vigorously oppose efforts by those who benefit from unjust status quo, and not allow them to control the narrative to the point where its accepted that dealing with the harm caused by them is the responsibility of the victims of that injustice, rather than the responsibility of the powerful perpetrators.

                                                                                      1. 1

                                                                                        I hadn’t thought about it that way, and it seems reasonably enough for young people.

                                                                                        1. 1

                                                                                          The other topic is the bad usage of resources, extreme capitalism, etc. Data will join “officialy” the toolchain to enable this, also.

                                                                                    1. 1

                                                                                      I know it’s been a while, but I’ve updated this post to add a little clarity to the explanation of distributions (and gave a little shout-out to @nils and this thread!), and corrected the error about how long it takes to generate Gaussian vs. uniform random values.