1. 6

    Interesting article, but saying we can’t truly fix free software until we destroy capitalism feels at once both a bit extreme and unhelpful.

    It’s a nice idea (Who doesn’t want to live in a world where everything is free? Oh wait. A lot of people :) but I’d rather focus on ideas that help us iteratively improve the current situation.

    1. 17

      I think the author’s point is that the free software movement is already a radical philosophy, but one which is doomed to failure by its individualist focus. As a movement, it doesn’t offer a solution for how to make free software the natural choice (where the structure of our systems inherently directs people to select it as the best option), preferring instead to focus on convincing individuals that it is the right choice (which may be true, but doesn’t scale, and will constantly fight against whatever the natural choice is, which is why open source has eaten free software’s lunch).

      So the choice is between an ineffective radical philosophy and a potentially effective one.

      1. 4

        how to make free software the natural choice…the best option

        There are many things that changed since the late 1990s when free software was the dominant ideology. One is that Google, and ultimately all of big tech, co-opted open source to mean “you are free to have all of the source code to the client that talks to our centralized proprietary service.” Having done so, free software isn’t the natural choice, because the benefits of freedom in being able to change the system to do what you want is not present. Its capabilities are limited to what the proprietary service provides, and it only works if the client implements what the proprietary service requires.

        1. 3

          I’m not sure in what sense it’s the case that “open source has eaten free software’s lunch”. At the moment, free software and open-source software are basically synonymous. An open-source library developed by paid programmers working for some Microsoft- or Facebook-sized corporation is free in exactly the same way that GNU Emacs or Firefox is.

          There are people who would like to change this situation - create and popularize software licenses that are “open-source” in the sense of having the source code be publicly available, but non-free in the sense of imposing four-freedoms-violating conditions on the use of that software. But the two main motivations for doing this are to prevent large cloud providers (such as Amazon specifically) from releasing products based on open-source software that might compete with smaller companies that develop such software, and to prevent organizations and people with political views specific activist programmers find distasteful from being able to freely use useful software. The former consideration is an attempt to limit the power of well-capitalized corporate institutions, and the latter is associated with “culturally leftist” politics but doesn’t directly help or hinder such institutions.

          1. 1

            At the moment, free software and open-source software are basically synonymous.

            I disagree, because “free software” is actually less free (as in freedom) than open source.

            For example, let’s say that “Bob” wants to release a videogame toolkit. He starts with the Quake III Arena source code (released under the GPL). He spends months building a complete game creation toolkit around it the likes of which could be compared to any modern AAA game engine.

            But, there are still sections of code that are recognizably Quake. If he tries to sell this thing that he spend so long on, he could get a cease-and-desist (and likely will).

            Imagine a similar situation where “Alice” does the same thing with the Sauerbraten engine (zlib license). She gets to sell her work (and it is hers if she’s spent months working on it). She can then decide later that she would like to release the source on her own time.

            Who had more freedom?

            This is a contrived example, because no reasonable person would start with GPL software who wants to sell something. The point is that “Bob” can’t use the Quake source for his own gains even though ID has decided that they are done using it.

            1. 3

              I don’t know how long you’ve been in the open source/free software realm, but these arguments were done to death 20 years ago.

              The difference is perspective: freedom for the developer vs. freedom for the user. When GNU started, AT&T was exercising its “freedom” to maintain exclusive control of UNIX, and RMS wanted the “freedom” to control what happened on his computer.

              From time to time this is intentionally confused by people with an agenda, as in “free software isn’t free because it doesn’t let us freely screw users.”

              1. 4

                I don’t know how long you’ve been in the open source/free software realm, but these arguments were done to death 20 years ago.

                Well, I’m only 20.

                The difference is perspective: freedom for the developer vs. freedom for the user.

                As the developer you always have the freedom to not release the source. As the user, you can choose to ignore the license (at your peril). Your freedom ends where another person’s freedom begins. It’s selfish and arrogant to think that you “deserve” to control other peoples use of your product.

                I like to draw a parallel with firearms. You have a right to not own one, but you cannot prevent me from owning one. Substitute any politically correct item for firearm if you wish.

                From time to time this is intentionally confused by people with an agenda, as in “free software isn’t free because it doesn’t let us freely screw users.”

                This is attributing the (perceived) malice of large corrupt corporations to people like me who prefer to keep personal liberties intact. It’s shameful.

                1. 5

                  This is attributing the (perceived) malice of large corrupt corporations to people like me who prefer to keep personal liberties intact. It’s shameful.

                  I didn’t mean to attribute it to you. As I said at the beginning of the post, I’m not sure about your background (thanks for clarifying it.) I do mean to say that the argument you provided is also provided by people with an agenda, and I’d encourage you to think critically about it.

                  Your freedom ends where another person’s freedom begins. It’s selfish and arrogant to think that you “deserve” to control other peoples use of your product.

                  Very true, but consider what that means in the context of software. Software released without source is trying to exercise control over the use of the product by preventing the user from altering it or improving it. These days it often goes further with code signing, DRM, online activation, etc, which is increasing the degree of control.

                  The point of copyleft is that if we accept as a society that authors control the use of their product, then authors are free to prevent what they would see as misuse of that product, including distributing it without source code. There is an alternate universe where authors have much less control in general, but we happen to live in this one.

                  The genius of RMS, IMHO, was more about economics than software. He observed that in a market where fixed costs are high and marginal costs are low, which software takes to the extreme, the result will be a small number of vendors and a large number of users. In that context, users do not have a remedy through competition: they cannot choose a vendor that gives them the level of freedom they want. Market forces would push any user-respecting vendor out of existence. Taking your example, find a games publisher that releases source code [edit: to their new release game]. In the ultimate, he observed that the degree of vendor control would only increase over time, without limit, which has since proven to be true. In the last 15 years we’ve moved from a world where anyone can write a device driver or application to a world where these need to be approved by platform vendors, for example, and entire classes of software are unavailable to users as a result.

                  If competition among vendors can’t deliver the products users want, then the issue needs to be around restricting what vendors can do to ensure users can do what they want. As you put it, one person’s freedom ends where another person’s begins - but if we accept that anything which restricts the freedom of vendors is bad, then we accept that users should have no freedom whatsoever.

                  1. 2

                    Prologue: This thread has ended up way longer than I thought. Thank you for your time.

                    I think we agree on a lot of principles, we just disagree on where the line between author and user freedom is.

                    Fair warning, my firearm analogies got a little out of hand. If you are unfamiliar, feel free to ask for clarification.


                    I didn’t mean to attribute it to you.

                    Yes, I re-read the comment and I think I was being a little paranoid :)

                    Software released without source is trying to exercise control over the use of the product by preventing the user from altering it or improving it.

                    The same thing happens when somebody releases a product without specifying exactly how it was put together. For example: there are a fair amount of proprietary firearm designs, but the most popular rifle (AFAIK) is the AR-15. A modular design that pretty much anybody is allowed to manufacture and sell (well, if the government lets them).

                    These days it often goes further with code signing, DRM, online activation, etc, which is increasing the degree of control.

                    I see code signing as a net good. I appreciate the assurance that when something runs with administrative privileges that the program is (sort of) verified. DRM can be done well, but most companies do it wrong. Steam is pretty good, but if they were a smaller company I wouldn’t trust them as much (mostly because I would have no guarantee that they would stick around).

                    The point of copyleft is that if we accept as a society that authors control the use of their product, then authors are free to prevent what they would see as misuse of that product, including distributing it without source code. There is an alternate universe where authors have much less control in general, but we happen to live in this one.

                    Code authors cannot control the use of their product, in the same way that a firearms manufacturer cannot prevent people from murdering people. All you can say is “we do not warranty this software if it is used for anything other than…”.

                    The genius of RMS, IMHO, was more about economics than software. He observed that in a market where fixed costs are high and marginal costs are low, which software takes to the extreme, the result will be a small number of vendors and a large number of users. In that context, users do not have a remedy through competition: they cannot choose a vendor that gives them the level of freedom they want. Market forces would push any user-respecting vendor out of existence.

                    I agree with this statement, but I believe the solution is more information. If more people knew how corrupt big tech was then they would use them less.

                    Taking your example, find a games publisher that releases source code.

                    I think the new Unreal Tournament is “public” source. UE4 and Crytek are also “public” source (with EULAs and royalties of course).

                    In the ultimate, he observed that the degree of vendor control would only increase over time, without limit, which has since proven to be true.

                    I assume by he you mean Richard Stallman.

                    In the last 15 years we’ve moved from a world where anyone can write a device driver or application to a world where these need to be approved by platform vendors, for example, and entire classes of software are unavailable to users as a result.

                    Sure anybody can write a device driver. The approval process is IMHO necessary because otherwise somebody could socially engineer people into installing a malicious driver or application (technically still possible, but more difficult). It’s like a carry permit. It (ostensibly) proves that you are competent and stable, and that you won’t use your thing (firearm, device driver) to intentionally harm an innocent person.

                    If competition among vendors can’t deliver the products users want, then the issue needs to be around restricting what vendors can do to ensure users can do what they want. As you put it, one person’s freedom ends where another person’s begins - but if we accept that anything which restricts the freedom of vendors is bad, then we accept that users should have no freedom whatsoever.

                    How does not restricting vendors lead to users having no freedom? I don’t mean to be snarky, I just don’t understand.

                    1. 5

                      I think the high level observation I’d make is that each of us exist in a society that establishes certain “normal” practices. Those practices change over time. When RMS was starting in software, “normal” meant that commercial vendors provide sources, and moving away from that was a redline for him. When I was starting in software, “normal” meant closed source but no signing/activation/forced updates, and moving away from that was a redline for me. Over the next couple decades, “normal” will continue to change and the things which seem normal for you now will become more restrictive due to competitive forces. When you see it happen, RMS stops looking crazy.

                      I see code signing as a net good. I appreciate the assurance that when something runs with administrative privileges that the program is (sort of) verified.

                      “Verified” in this context means it does what the vendor intended, not that it does what you want. If it was done to verify that it does what you want, then you’d be in control of the certificates that you’re willing to trust, and would be able to use software that is trusted by anyone you trust. As it stands, you’re not allowed to run code that you wrote yourself, because the vendor doesn’t trust you.

                      Code authors cannot control the use of their product…

                      (I’m avoiding firearms comparisons since it’s a business I don’t know anything about.) Code authors have an unusually high amount of control due to things like the DMCA which give legal protection to any measure they can create. Control is just an arms race - if it can be enforced somehow, it’s legal and legitimate. The makers of devices have a lot of resources to ensure they retain control of things like the applications that run, and they are highly motivated to exercise that control since they get a 30% cut. The maker of a hammer cannot control how it is used, but the maker of a technical device can and does control the software that runs on it (although you are free to use it to drive nails into a wall, which is often its most valuable use.)

                      I believe the solution is more information. If more people knew how corrupt big tech was then they would use them less.

                      Users are given the choice to use tech or not use tech. They do not have a competitive remedy. Your cell phone company knows where you are at all times and sells that information to marketers. Your remedy is to not carry a cell phone. It is true that if everyone rejects the entire category of tech then the problem goes away, but that seems like a big societal failure that gives us a choice between dystopia or dark ages.

                      I think the new Unreal Tournament is “public” source.

                      It’s an interesting model to be sure, but note that UT4 is cancelled. You’re free to get the source code so long as anything you do with it has copyright assigned such that your contributions can be released as part of UT4. This is a volunteers-develop-a-commercial-product model. I think the reason this thread started - taking issue with the idea that “free software” is more free than “open source” - is because “open source” is often a volunteers-develop-a-commercial-product model. This one happens to be far more explicit than most.

                      Sure anybody can write a device driver. The approval process is IMHO necessary because otherwise somebody could socially engineer people into installing a malicious driver

                      To be clear, you can write a device driver, but you cannot run the thing you just wrote.

                      The argument about needing approval amounts to an argument that users cannot be trusted to make their own decisions. Logically, it applies to anything. Can you socially engineer people into installing a malicious usermode program? Can you socially engineer people to visit a website with a bitcoin miner? Can you socially engineer people to visit a phishing website? If the solution is an explicit approval step, then we’d live in a very different world - perhaps our conversation might need explicit approval, because we might be engaging in social engineering right now.

                      How does not restricting vendors lead to users having no freedom? I don’t mean to be snarky, I just don’t understand.

                      This is exactly the argument you made about one person’s freedom ending where another’s begins. It’s easy enough to illustrate by example, but that relies on examining the examples with an open mind, and remembering that in the not-that-distant past things which appear as normal today were not remotely normal.

                      Personally I’m in the strange position of developing device drivers professionally. There’s a lot of value in them - I’m paid pretty well really - but I haven’t written any open source drivers. Why not? Because nobody could run them. I have written open source applications, because people can run those. But when you’re on both sides of the same fence and realize that you have a skill which is valuable but can’t contribute it to the community, the lack of user freedom becomes very visible.

                      1. 1

                        To be clear, you can write a device driver, but you cannot run the thing you just wrote.

                        I thought that (on windows at least) you could develop the driver and run in unsigned on your own machine? I’ll take your word for it if I’m wrong because I looked at your blog and it looks like you’re a lot more knowledgeable on the subject than I am.

                        This is exactly the argument you made about one person’s freedom ending where another’s begins. It’s easy enough to illustrate by example, but that relies on examining the examples with an open mind, and remembering that in the not-that-distant past things which appear as normal today were not remotely normal.

                        I would appreciate an example. My point is that practically speaking a vendor cannot limit the freedoms of a user. They can get the user to agree not to do something, but what cost would be incurred in trying to enforce that agreement?

                        Personally I’m in the strange position of developing device drivers professionally. There’s a lot of value in them - I’m paid pretty well really - but I haven’t written any open source drivers. Why not? Because nobody could run them. I have written open source applications, because people can run those. But when you’re on both sides of the same fence and realize that you have a skill which is valuable but can’t contribute it to the community, the lack of user freedom becomes very visible.

                        You have a very interesting vantage point, thank you for your contribution to the conversation.

                        1. 3

                          I thought that (on windows at least) you could develop the driver and run in unsigned on your own machine?

                          The bootloader has no way to know whether the unsigned code it’s loading came from your compiler or came from a malicious source on the Internet. The “obvious” way to fix this is to allow for self signed code and allow the user to manage which certificates they trust, but attestation signing is doing the exact opposite of that.

                          The way I develop drivers is by running systems under a kernel debugger, which disables driver signing requirements. A kernel debugger runs on a second machine. So you could run arbitrary drivers if you configure a machine to run multiple VMs so one can act as a debugger for the other, but realistically there’s no point writing drivers for that set of users, and nobody is going to run in that configuration to run code that’s not written.

                          It’s hard to describe the things that don’t exist as a result of restrictions. I can’t point you to a giant repo of things you can’t run; nobody bothered to create the repo because nobody can use what’s in it. But note that every app store restriction exists to prevent some developer from doing something that users want. (If developers didn’t want to build it or users didn’t want to run it, there’d be no point preventing it, because it wouldn’t have a market.) I don’t know how you feel about this, but I don’t think my cell phone has more amazing software now than it did six years ago. Either human creativity just ended, or something is preventing that creativity from getting to our phones - and it’s not hard to find what’s between the developers and the users.

                          Edit: To be a bit more concrete, note that most commercial phones have locked bootloaders, and most PCs are capable of booting arbitrary operating systems. As a result, there’s a large PC Linux community, but a very small Android developer community. Since the community is smaller, there’s not as much benefit to a user using a community Android distribution. I don’t know exactly what we’re missing out on, but the PC Linux community has contributed a ton of value, and there’s no equivalent on the phone, because our phones have locked bootloaders.

                          1. 2

                            So you could run arbitrary drivers if you configure a machine to run multiple VMs so one can act as a debugger for the other

                            But note that every app store restriction exists to prevent some developer from doing something that users want.

                            Ok, I was sorely mistaken on the kernel driver point. You’re also correct that most app store restrictions are BS. Code signing would also be a lot better if you could permanently “trust” an application like on macOS (or a driver).

                            I don’t know how you feel about this, but I don’t think my cell phone has more amazing software now than it did six years ago.

                            The crazy thing is that I feel like we go backwards in a lot of ways. I’m with you on this one.

                            1. 2

                              If developers didn’t want to build it or users didn’t want to run it

                              One of the common complaints in the Windows world is bundled browser toolbars. While there are people who actually like the Ask Toolbar and Yahoo Search, does anybody want it bundled with the JRE?

                              In a strict neoliberal sense, I suppose that users do willingly run the Java installer and consent to everything it installs, but describing it as something that the end users “wants to run” doesn’t ring true. The JRE itself is usually just a means to run some other app, and the bundled toolbars are probably not part of the end-user goal.

                              After all, free software distributions like Debian and Fedora have rules about what they allow in their repositories. And plenty of people complain about those rules. But do you actually think they’re trying to be user-hostile?

                              I don’t know how you feel about this, but I don’t think my cell phone has more amazing software now than it did six years ago. Either human creativity just ended, or something is preventing that creativity from getting to our phones - and it’s not hard to find what’s between the developers and the users.

                              Or, as an alternative explanation, the easy and low-hanging fruit has already been exhausted. Web apps haven’t really gotten better now as quickly as they were improving ten years ago, yet it isn’t any more proprietary now than it was in the past (If you say “Google’s fault”, I’ll reply by reminding you of IE6).

                              1. 2

                                While there are people who actually like the Ask Toolbar and Yahoo Search, does anybody want it bundled with the JRE?

                                No, clearly not. But as you say, there are people who want them, outside of the JRE. Platforms which restrict classes of software will invariably exclude software that some people do want. At least personally, I did use the Google toolbar back when it added value to me by displaying Pagerank. Somewhat cynically, I can’t help but notice these things are designed to redirect traffic to obtain revenue, and platform owners would like to keep that revenue for themselves, so they have an interest in preventing things unrelated to user benefit.

                                software distributions like Debian and Fedora have rules about what they allow in their repositories…do you actually think they’re trying to be user-hostile?

                                No, I don’t. But as distributions, they don’t have a monopoly on software, and a feedback loop exists. If some piece of software is released that breaches a repository rule but a lot of people end up going around the repository to install it, it will spark a conversation about whether the repository’s policies are correct. That’s why people are able to complain about rules. In more closed ecosystems, that new piece of software just can’t exist, so users are excluded from the feedback loop.

                                If you say “Google’s fault”

                                I think the comments and criticisms I’m making here apply to pretty much all of the tech majors and are comments on restrictions that exist now among multiple vendors which did not exist 15 years ago. I don’t mean to single any one of them out.

                2. 2

                  Both engines are Free Software. Both engines are Open Source. The FSF and the OSI both define their licensing criteria, and the GPL and ZLIB licenses both comply with the Four Freedoms and with the Open Source Definition.

                  You’re contrasting copyleft with permissive licensing, which is a totally different distinction.

                  1. 1

                    Thank you for pointing this out. I thought Stallman’s definition of free software required copyleft.

                    I stand behind my arguments for permissive licensing though.

                    1. 1
                      1. 2

                        Thank you for linking it. I’ve just read it. I still disagree with a lot of Stallman’s assertions.

                        1. 4

                          I’m not asking that you agree with him. I certainly don’t.

                          I just don’t want you to misrepresent him, or anyone else.

                          1. 1

                            Understandable. We could do with less misrepresentation these days.

                  2. 2

                    I don’t quite follow the argument you’re making, nor what distinction you’re drawing between “free software” and “open source”. It sounds like you’re saying that even though a piece of software like Quake III Arena is “free software” (that is, released under the GPL free software license), someone forking that software, writing a derivative work, and trying to sell it would be subject to legal action from Id Software for violating their Quake-related intellectual property rights - whereas some other piece of software Sauerbraten (which I’m not familiar with), released under a different-but-still-FSF-approved license, wouldn’t have this problem?

                    1. 1

                      @notriddle hit the nail on the head. I am talking about copyleft vs permissive licensing, the zlib license doesn’t preclude inclusion in proprietary software. The GPL does.

                      1. 2

                        I am talking about copyleft vs permissive licensing, the zlib license doesn’t preclude inclusion in proprietary software. The GPL does.

                        Interestingly, that makes GPL software less free in its own right, copyleft people seem to disagree that this matters but its the root of why some of us dislike it. Sometimes I just want to get my job done and don’t want to involve the legal team. Its also why I don’t put anything I do up as GPL unless I have to. I want others to do the same.

                        GPL’s virality is both a pro and a con. I lean to it being more of a con in that it imposes a philosophy of world upon source code that I find too extreme. We can differ on this but axiomatically they are approaching free from different starting points.

                    2. 1

                      remember that free software has no restrictions on commercial use. so when you say “if he tries to sell this thing that he spend so long on, he could get a cease-and-desist,” you are either mistaken, or employing a rhetorical trick.

                      it would be more honest to say that bob can’t prevent people from reading and modifying the source code of his game. this may or may not make it more difficult to make money on, depending on the circumstances.

                      with a clear view of the situation, people can decide for themselves whether the freedom to violate other peoples’ freedom is a worthy criteria for what makes a license “free.”

                      1.  

                        it would be more honest to say that bob can’t prevent people from reading and modifying the source code of his game. this may or may not make it more difficult to make money on, depending on the circumstances.

                        The reason I chose a game engine rather than a game, is because the product is the source code. Sure, there are a handful of image assets for the GUI but those can easily be replicated. Am I wrong in my understanding that you cannot sell a GPL program without providing the source for free? (or at least allowing the purchasers to distribute it for free?)

                        with a clear view of the situation, people can decide for themselves whether the freedom to violate other peoples’ freedom is a worthy criteria for what makes a license “free.”

                        My point is that GPL violates more freedoms than permissive licenses.

                        1.  

                          Am I wrong in my understanding that you cannot sell a GPL program without providing the source for free? (or at least allowing the purchasers to distribute it for free?)

                          yes, the latter is correct.

                          My point is that GPL violates more freedoms than permissive licenses.

                          yes, it violates the freedom to violate other people’s freedoms.

                          1.  

                            yes, it violates the freedom to violate other people’s freedoms.

                            What “other people’s freedoms” does a permissive license allow people to violate?

                            1.  

                              the freedom to read/modify/share the code.

                              1.  

                                Using a closed-source program that is based on open-source software is a choice. Don’t make it if you don’t want to. Vote with your money.

                                Here’s something I think we can all agree on: selling a program based on open-source software without putting any significant work in is immoral.

                                My additional point, is that one can put enough effort into something that they earn the right to keep the source to themself.

                                1.  

                                  Using a closed-source program that is based on open-source software is a choice. Don’t make it if you don’t want to. Vote with your money.

                                  i don’t see your point. same goes for software that was proprietary to begin with. in each case the software violates freedoms. or does it not?

                                  1.  

                                    Yeah, looking back I wasn’t really saying anything there.

                                    What I should’ve said is: I don’t believe that seeing how everything works and being able to pick it apart/audit it is an inalienable right. (This may have something to do with the fact that I’m a Catholic and I believe things that have no scientific explanation, and to criticize them would be heresy.)

                                    1.  

                                      nor is it an inalienable right to keep proprietary control over one’s modifications to a code base.

                                      that’s why complaints that the GPL is “less free” come off as concern trolling. if you care about software freedom, you would at least acknowledge that the only freedom the GPL takes away is the freedom to take away other people’s freedom. preferring a license that allows modifications to be proprietary would suggest that you don’t actually care about software freedom, so complaining about the GPL being less free seems hollow.

                                      if you simply disagree with free software and would prefer to be able to keep control over a digital artifact with no reproduction cost, fine, but you aren’t arguing for freedom at that point.

                                      1.  

                                        if you simply disagree with free software and would prefer to be able to keep control over a digital artifact with no reproduction cost, fine, but you aren’t arguing for freedom at that point.

                                        I think it depends on your definition of freedom. In a communist sense, the GPL is more free. If property rights factor in at all, then permissive licenses are still superior (even if you don’t think it’s more free).

                                        The only issue I have with the GPL is that people who legally obtain your source code can distribute it for free, which would destroy any business that I built off of it. As an anti-communist, I won’t participate in the spread of the GPL virus.

                                        I wish more licenses required that modified source be distributed, but only if they don’t allow users to distribute it further.

                                        1.  

                                          Whether property rights should apply to intangibles like software is an open question.

                                          “Intellectual property” is actually an artificial monopoly enforced by the state.

                                          1.  

                                            The only issue I have with the GPL is that people who legally obtain your source code can distribute it for free, which would destroy any business that I built off of it.

                                            So what’s your take on Redhat? Their product is GPL’ed, and you can even argue that it benefits them, because anyone who chooses to also use and improve their software, necessarily has to give back their contribution, so that Redhat benefits from it again.

                        2. 1

                          This point has been made may times, and it boils down to “localized” or “downstream” freedom. Do you give Alice the power to restrict/control their users? Alice could have extended the engine with a mechanism that requires her to be paid every month, or that (for whatever reason) only works on Intel CPUs. By not releasing the source, and allowing the software to be modified+shared, “Carol” is dependent on Alice, or is not allowed to port the engine to her Raspberry Pi. That’s certainly less freedom for her (setting aside that this is “just” a game engine we are discussing). And there are a lot more “Carol”s than there are “Alice”es.

                          I’m quite pro-copyleft, and I see it in the same terms (albeit less extreme) as we would dismiss anyone who claims that the fact he can’t own a slave limits his freedom. It’s the freedom to restrict others (“permissive”) vs the freedom from foreign control.

                          1. 2

                            You can also draw an analogy (I think direct but perhaps not quite) to negative vs positive rights. Permissive licenses grant negative rights to do whatever you want with the software, while copyleft grants positive rights to have access to free software.

                            I’m rather sad that all rhetoric about rights tends toward negative rights, even though that’s not what most people care about once a baseline of negative rights is established.

                        3. 1

                          and to prevent organizations and people with political views specific activist programmers find distasteful from being able to freely use useful software

                          what do you mean by this exactly?

                          is there any reason releasing code under the GPL would not satisfy the wants of these smaller companies?

                          1. 1

                            what do you mean by this exactly?

                            The people who promote licenses like this want to be able to write software under a license that is widely-accepted as open-source but that also bans their political enemies from using the software.

                            is there any reason releasing code under the GPL would not satisfy the wants of these smaller companies?

                            The GPL allows software licensed under it to be used for any purpose, and creating a SaaS product that competes with the SaaS product the core developers of the software use to fund themselves is “any purpose”.

                      2. 4

                        challenging capitalism is perfectly compatible with iterative improvements. you can make iterative steps to put more resources and power in the hands of working people, and less in the hands of corporations. the importance of free software comes when you see that proprietary software is one lever of power that corporations can use against working people.

                        1. 5

                          It’s a nice idea (Who doesn’t want to live in a world where everything is free? Oh wait. A lot of people :) but I’d rather focus on ideas that help us iteratively improve the current situation.

                          Capitalism != markets. If you’d like I’d be happy to answer questions, but this is my usual recommendation for friends who have been taught that all market systems are “capitalism”. https://m.youtube.com/watch?v=ysZC0JOYYWw

                        1. 3

                          FWIW, browsers recognize URLs without the //. Try e.g. https:lobste.rs.

                          (Lobsters apparently doesn’t recognize it, though.)

                          1. 3
                            1. Wrap it in angle brackets. <http:lobste.rs> becomes http:lobste.rs

                            2. I’m pretty sure that’s specified in the WHATWG URL specification, which considers HTTP plus a few others to be “special” schemas, but not in the IETF URL specification, which has no such concept.

                          1. 2

                            I really like how this describes the complexity of implementing infinite scroll. I hope this will give teams thinking of implementing pause and reduce the amount of apps that feel like they need it.

                            I hate infinite scroll. Sure, it’s convenient, but at the cost of typical breakpoints and perpetuating screen-time suck. It’s not particularly hard or annoying to hit a next button and that gives your mind a quick break to evaluate if you really want to move on to the next set.

                            Infinite scroll is merely there to keep your attention glued to your device looking for that next infinitesimally small dopamine hit while hiding how far in the depths of trash you’ve waded into.

                            1. 2

                              I personally never found the pop psychology very convincing. Partly because it may not even be based on an accurate model of how dopamine works, but mostly because I’m not convinced that fixed-size pagination is the best way to provide what you’re looking for.

                              If Twitter had explicit pages, do you think it would be less of a time-suck? I actually think the answer’s no. What they would have done instead is made the pages as small as they could get away with, like one tweets to a page, so that the reader would be forced to get into a rhythm clicking “Next” even if they only wanted to spend a few minutes checking what’s new. And since they’d also show no page numbers, you’d get no on-site indicators of your time spent.

                              1. 1

                                It’s clearly not the only factor. I also don’t think saying infinite scroll isn’t part of the problem because they would use another tactic is correct. Either tactic would accomplish the same thing. It’s a whole lot of design and strategy around ensuring they’re sucking as much time from you as they can.

                            1. 1

                              I think you mean MiB here and not KiB?

                              page load time from 100K into a gigabyte (a thousand 1KiB avatars,

                              1. 2

                                You’re right. I did.

                              1. -3

                                the biggest thing since bitcoin

                                Meaning, “fails at its primary (only) purpose and only useful for running Ponzi schemes, while accelerating climate change?”

                                I haven’t read the article; the headline turned me off already.

                                1. 4

                                  You might want to actually give it a shot. Take it from someone who hates these headlines too.

                                  1. 0

                                    I’ve read some (what I think will be) more nuanced posts on GPT-3. I guess it’s interesting, but I’m not really invested enough to have formed an opinion on this one (yet).

                                    1. 8

                                      No seriously, read the article.

                                      1. 11

                                        This article is a great litmus test for people who ignore or flag things based on the headline.

                                  2. 3

                                    How does Bitcoin fail at being a peer-to-peer electronic cash system?

                                    1. 1

                                      It’s too slow to replace cash. People do the bulk of the transactions off-chain, which kinda defeats the purpose.

                                      1. 3

                                        Your main criticism is “it’s too slow”? All digital money is slow. It only looks fast because banks take on the risk of digital money transfers and give you the benefit of the doubt. For “digital cash”, I’d say 10 minutes is pretty good.

                                        1. 4

                                          banks take on the risk of digital money transfers and give you the benefit of the doubt

                                          That’s kind of a killer feature, though.

                                          1. 3

                                            If you desperately need that kind of thing, yes. Bitcoin provides benefits traditional money and banking doesn’t, hence it’s existence. There is nothing preventing banking solutions on top of Bitcoin.

                                            1. 2

                                              The primary benefits of Bitcoon are lack of regulation and high volatility due to same, and a secondary benefit of being distributed with no bias towards societal economic utility for the people getting lucky while mining.

                                          2. 1

                                            You just got done comparing it to cash, not debit or credit card transactions. Cash is instantaneous. Credit cards have fraud detection, which Bitcoin lacks.

                                            1. 2

                                              How is cash instantaneous acorss the ocean?

                                              1. 1

                                                I’m not sure why I need to say this but transporting money is not the same as exchanging it

                                            2. 1

                                              Most bank transfers days 2 days anyway

                                      1. 4

                                        Yeah, I feel my lack of statistics knowledge sometimes leads me to the wrong conclusion (especially about performance measurements). Any crustaceans have stats programming book recommendations? Preferably Python (R is fine too) and project-driven?

                                        1. 2

                                          The end of the article lists a bunch of them.

                                          1. 2

                                            Oh yeah, but I was curious if anyone had further suggestions (particularly more modern books since the programming ones looked a bit dated)

                                            1. 1

                                              I enjoyed Statistics Done Wrong by Alex Reinhart. It’s not really a programming book but a catalog of common statistical errors, and is written in a more accessible style than your average textbook.

                                        1. 5

                                          Hah, this reminds me of an XKCD comic: https://xkcd.com/810/

                                          Is this a problem if the content that the AI generates is a worthwhile read?

                                          It would be the biggest plot twist if the entire blog post was generated by GPT-3, including the last section.

                                          1. 3

                                            It’s a problem because the experiment didn’t happen. And unless someone fact checks all of its output, AI generated articles are going to lie a lot.

                                          1. 1

                                            What can we do and who is doing it?

                                            1. 2

                                              There’s obviously Tor, I2P, and FreeNet. They’re about as anonymous as you can get.

                                              The problem is that, while they can hide what you’re after, it’s harder to hide that you’re using an overly network at all. The best you can do is keep the relay that you use to join the network secret. In the limit, this means building a pure F2F network, which is kind of insular.

                                            1. 4

                                              It’s been more than a decade since the Syndications Wars but I’m still an Atom guerilla - here’s the Atom spec.

                                              1. 2

                                                I’ve mostly been a consumer, up until Google Reader shut down, and more recently with the release of NetNewsWire 5, so I haven’t really looked at the specs, nor have I formed an opinion on one or the other. (That being said, Atom does generally look like a net improvement over RSS).

                                                Ideally, I’d like to see more adoption for JSON feeds. Also interesting is the Indieweb take against external files: https://indieweb.org/feed

                                                1. 2

                                                  why pray tell

                                                  1. 3

                                                    It’s less ambiguous, and has a bunch of nice additional features over RSS (links, separation of publication and modification date, a better extensibility story than RSS, &c).

                                                    1. 2

                                                      sounds mostly good but the “extensibility story” has me worried

                                                      1. 2

                                                        In practice, it doesn’t seem to have mattered. OStatus was built on top of atom, while the iTunes podcast extensions were built on top of RSS. The relative success and failure was dominated by the usefulness and politics surrounding the extension itself, rather than the ability of the syndication format to support it.

                                                        1. 1

                                                          How so? Atom’s basic extensibility - <link> tags - is pretty straightforward and covers a lot of cases that would require ad hoc extensions. The <content> element was thoughtfully designed to allow it to be general (you could specify the MIME type of the contents of the element) while keeping the base case of text and HTML straightforward. These kind of things are thoughtfully designed and consistent.

                                                          1. 1

                                                            sometimes i worry about extensibility because whether or not an extension is “ad hoc,” it requires support from the client.

                                                      2. 2

                                                        Atom is a “real” spec - it takes care of embedded HTML etc.

                                                        Also RSS is promoted by Dave Winer, who is a bit of a d*ck.

                                                        1. 2

                                                          what do you mean “takes care of”? i see html embedded in rss all the time.

                                                          1. 2

                                                            As the linked Profile says:

                                                            The specification has lacked clarity regarding whether HTML is permitted in elements other than an item’s description, leading to wide variance in how aggregators treat character data in other elements. This makes it especially difficult for a publisher to determine how to encode the characters “&” and “<”, which must be encoded in XML

                                                            Atom has no such lack of clarity.

                                                    1. 5

                                                      I’ve been working on a website, somewhat inspired by lobsters, called oldnews.dev.

                                                      I’m working on implementing the identicon algorithm for it to use, and will probably continue working on it this weekend.

                                                      1. 1

                                                        I like the concept!

                                                        1. 1

                                                          I really like this idea! I just tweeted out a link to it 🙂

                                                        1. 1

                                                          What options are available for blocking Plausible? They seem to encourage website operators to use CNAME a subdomain to them, specifically to avoid blocklists.

                                                          Also, am I wrong in thinking Plausible is almost more immoral than Google Analytics? It seems like they’re trying to deliver spyware to people who have gone out of their way to block such things

                                                          1. 2

                                                            They seem to encourage website operators to use CNAME a subdomain to them, specifically to avoid blocklists.

                                                            That hasn’t worked against uBlock Origin or PiHole for months.

                                                            1. 2

                                                              How do they do that?

                                                              1. 1

                                                                uBlock Origin runs a CNAME query against everything before letting the request go through.

                                                                PiHole is a DNS server, so it already knows about every recursive request.

                                                                1. 1

                                                                  Interesting, thanks for the info.

                                                          1. 1

                                                            @pushcx commenting in the text area

                                                            1. 1

                                                              Wouldn’t it be fun if, because of the prevalence of the hamburger menu, keyboards started getting a new “hamburger” key? A key that opens the menu of the current context.

                                                              1. 2

                                                                Menu keys seeing a new purpose close enough?

                                                                1. 1

                                                                  My keyboard has a menu key. It even looks like the hamburger menu, with three identical bars in a box, and no mouse cursor.

                                                                  And, according to the keycode tester, JavaScript can get at it with keycode 93 / ContextMenu. If you wanted to, I think you could configure your web page to open its hamburger menu on this button. I’m not sure if you’d want to do that, though.

                                                                  1. 1

                                                                    Pretty good :-)

                                                                1. 2

                                                                  I shouldn’t be able to tab my way out of the menu without closing it. A hamburger menu is kind of a mixture of a menu and a modal, so let’s look at them:

                                                                  You should probably do one of these.

                                                                  1. 2

                                                                    What’s interesting is that Linus Torvalds thinks the kernel is going to incorporate Rust-based drivers, when he dislikes C++ so strongly.

                                                                    https://lwn.net/Articles/249460/

                                                                    I’m curious how much of this is “Linus doesn’t think Rust is bad”, how much of it is “Linus thinks Rust is worth the bad”, and how much of this is “Linus doesn’t get to dictate kernel development any more”.

                                                                    1. 2

                                                                      If I was going to name one downside to email, that completely kills it for me, is that it doesn’t have built-in access control.

                                                                      The old-school system that got it right was RSS; if you unsubscribe, the feed is gone. Web Push and mutual-follower private messaging systems are also good examples of how to do this, since they also only allows a sender if you grant access, and provides the ability to revoke that access if you want.

                                                                      Apple Login is effectively trying to layer a Web Push-style opt-in-opt-out system on top of email; it’s the right approach for emails coming from outside companies. Experts have known to do this for years, and Apple’s turning it into a usable product.

                                                                      1. 5

                                                                        To make the QR code actually scan, I added this CSS with the style editor:

                                                                        input:checked {
                                                                          opacity: 0;
                                                                        }
                                                                        #checkboxland {
                                                                          background: black;
                                                                        }
                                                                        
                                                                        1. 7

                                                                          I agree with Drew’s general sentiment here, but note that linkers can only remove code at the function level, and the number of functions a module uses is not a great indicator of the amount of underlying code.

                                                                          As an example, I maintain a small C runtime library. printf() is a common function for programs to use. But since linking is at the function level, there’s no way to remove code such as format specifiers that the program is not using. Since it doesn’t know what the output device is, code for all potential output devices needs to be included. Since my C runtime runs on Windows, that means character encoding support for UTF-16, UTF-8 and others, as well as VT processing code, including low level console calls.

                                                                          I’d expect the same general effect to be present in other libraries, including UI libraries. Even if the program knows it’s not going to perform certain operations on a window, the library is going to create an entire window with all of the data structures to support those operations. Things like C++ are particularly evil because once an object with virtual function pointers is loaded, the compiler is going to resolve those function pointers and all of their dependencies whether they are ever called or not.

                                                                          At $WORK this drives me crazy, because we have common static libraries that, when used, can add 300Kb-3Mb of code into a program, even if one or two functions are used.

                                                                          1. 9

                                                                            You have a good point. The library’s interface basically needs to be designed from the beginning for dead code elimination. One thing I like about newer languages like Rust and Zig, with their powerful compile-time metaprogramming features, is that you can often do this kind of design without sacrificing developer convenience. I suppose the same is true of modern C++ as well. The reason why printf is such a perfect counter-example is that C doesn’t have the language features to allow the developer convenience of printf without sacrificing dead code elimination.

                                                                            This reminds me of the last time I played with wxWidgets. A statically linked wxWidgets hello-world program on Windows was about 2.5 MB. I didn’t dig very deeply into this, but it seems that at least part of the problem is that wx’s window procedure automatically supports all kinds of features, such as printing and drag-and-drop, regardless of whether you use them. I suppose a toolkit designed for small statically linked executables would require the application developer to explicitly enable support for these things. And the window procedure, instead of having a giant switch statement, would do something like looking up the message ID in a map and dispatching to a callback. So when an application enabled support for, say, drag and drop, the necessary callbacks would be added to that map.

                                                                            1. 2

                                                                              Rust’s formatting machinery isn’t very easy to do DCE on either. https://jamesmunns.com/blog/fmt-unreasonably-expensive/

                                                                              The formatting machinery has to make the unfortunate call of either heavy monomorphization or heavy dynamic dispatch. If your executable is going to inevitably makes lots of calls to the formatter, the dynamic dispatch approach will result in less code duplication, but it makes it harder to do dead code elimination…

                                                                              1. 1

                                                                                Tangentially, it is very noticeable in the JS ecosystem that some libs have a lot of effort put into making tree shakers succeed at eliminating their code. By default, not so much.

                                                                              2. 3

                                                                                I agree with Drew’s general sentiment here, but note that linkers can only remove code at the function level, and the number of functions a module uses is not a great indicator of the amount of underlying code.

                                                                                I don’t think that’s the case if you compile with ‘-flto’. I’d assume the code generator is free to inline calls and remove things that can be stripped at the call site.

                                                                                1. 2

                                                                                  BTW, ‘-flto’ is one of the great reasons to use static linking. It can turn suboptimal APIs (those using enum values for setters/getters, like glGet()) into something decent by removing the jump tables.

                                                                                  1. 1

                                                                                    Totally agree that link time code generation is a huge improvement in terms of the amount of dead code elimination that can occur. But at the same time, note the real limitations: it can inline getters and setters, and strip code out from a function call with a constant argument of a primitive data type, but can it strip code from printf? What happens with virtual function pointers - is it going to rearrange in memory structures when it notices particular members are never accessed? The real challenge linking has is the moment it hits a condition it can’t resolve with certainty, then all of the dependencies of that code get brought in.

                                                                                    Put another way, instead of looking at what the linker can and can’t do, look at what actually happens. How large is a statically linked hello world program with Qt? Gtk? wxWidgets? Today, it’s probably fair to ask about a statically linked electron program, which won’t strip anything because the compiler can’t see which branches that dynamically loaded HTML or JS are going to use. What would get really interesting is to use a coverage build and measure the fraction of code that actually executes, and I’ll bet with conventional UI toolkits that number is below 10%.

                                                                                    It really looks to me that the size and complexity of code is increasing faster that the linker’s ability to discard the code, which is the real reason all systems today are using dynamic linking. Drew’s points about the costs are legitimate, but we ended up dynamically linking everything because in practice static linking results in a lot of dead code.

                                                                                    1. 2

                                                                                      Well, printf() is one of those bad APIs that postpone to runtime what could be determined at edit or compile time. But what’s the overhead of printf() in something like musl?

                                                                                      $ size a.out
                                                                                         text	   data	    bss	    dec	    hex	filename
                                                                                        14755	    332	   1628	  16715	   414b	a.out
                                                                                      

                                                                                      I think I can afford printf() and its dependencies being statically-linked.

                                                                                      1. 1

                                                                                        Can you afford it with UI libraries? Printf is an example of what can happen - it’s not the only case.

                                                                                        1. 3

                                                                                          Many GUI programs out there bundle a private copy of QT (or even chrome, via electron). Because they do it as a .so, theydo it without dead code elimination.

                                                                                          And as we tend towards snaps and flatpacks for packaging open source applications, the practice is spreading through the open source application world.

                                                                                          So, empirically, it seems like we decided we could afford it. Static linking just makes it cheaper.

                                                                                2. 1

                                                                                  It’s true that linking to some symbols can have an outsized effect on dead code elimination, stdio being the (in)famous case, but on the whole this is the exception rather than the rule.

                                                                                1. 10

                                                                                  I would be happy if there was a way to avoid two things without breaking many web pages:

                                                                                  • Web pages eating all my CPU and battery (usually for no benefit to me - it’d be one thing for a 3D game I was playing to do this, but it’s usually ads)
                                                                                  • Tracking

                                                                                  Removing Javascript would likely vastly improve, if not completely fix, both issues.

                                                                                  1. 4

                                                                                    It wouldn’t completely fix the tracking problem. Tracking is possible the minute you add the referrer header and third-party images (in the form of the old-fashioned tracking pixel).

                                                                                    Third-party images without the referrer header would have been a disaster of a different kind. And while eliminating third-party images would have been a pretty harmless, it would have motivated a different (and likely more complex) method for having separate image CDNs and page hosting.

                                                                                    1. 3

                                                                                      Seems like third-party anything can and will be abused for tracking, so we’ll need to only allow first-party resources in addition to removing Javascript. I could live with that, but I’m guessing it’d be a tough sell :]

                                                                                      1. 6

                                                                                        There’s still plenty of information in the actual 1st-party request; in a hypothetical scenario where 3rd-party resource loading is prevented for a significant number of the population, trackers will just switch to 1st-party requests for tracking, e.g. via a nginx module or whatnot.

                                                                                        IMO it’s a mistake to view it as primary a technical problem: it’s a social/legal one.

                                                                                        1. 4

                                                                                          The problem with first-party ads, and the reason so few websites can get away with using them, is one of trust. It’s hard to prove that the website actually showed the ad.

                                                                                        2. 2

                                                                                          First-party can just proxy the tracking pixels from third-party.

                                                                                          Tracking isn’t really a solveable problem. It is like going to somebody’s house, saying “tea” when he offered a drink, and expecting that he won’t remember it. If you emit information, then you cannot hope to stop others from recording those information i.e. tracking.