1. 6

    Any idea why one should switch to Lua for their config?

    1. 11

      As far as I know, the reasons are any/all of:

      1. LuaJit runs much faster than vimscript (vimscript is entirely unoptimized, although not sure how much of a difference this will make in relatively small amounts of code like a config).
      2. Lua is a full programming language, which could have utility for more complex configurations.
      3. You prefer Lua syntax to vimscript.
      1. 8
        1. Lua is a mainstream programming language with lots of great tooling, libraries, etc. that continues to improve at a great pace.

        A big part for me was the frustration of learning vimscript while knowing that I will never use this knowledge and code anywhere else. Now when I mess with my nvim configs or writing a new plugin, I’m also practicing my lua which I can use in other projects. :)

        1. 1

          Yeah good point. I do know (some) vimscript but have converted (most) of my configs to lua specifically to learn lua.

      2. 5

        I would switch in a heartbeat to Lua for my configs in all software I use instead of the usual JSON, YAML, TOML.

        Why? Because it allows me to script and abstract things I might want. For the cases I don’t want to abstract anything, I can simply use Lua table notation instead of JSON and serve basically the same purpose.

        It also allows software to move from configuration files to initialization files. The change might seem subtle, but with initialization files, you don’t need to outsmart your user and provide all the features they might ever want or need as you do with dumb configuration files. Instead, you can provide a flexible API and let them build initialization files to serve their unique personal needs.

        1. 3

          In https://changelog.com/podcast/457 TJ (neovim maintainer) says don’t switch to lua just for the sake of it. Search for “to write your entire configuration”.

          I took a snippet of mine that I thought was confusing (to me) in vimscript and ported it over. It didn’t take too long and I had to learn the vim apis to invoke lua etc which was new to me.

          1. 2

            This strikes me as accurate. I was able to get most of my existing init.vim ported to lua, with a couple of small bits not working correctly (or at least me not knowing how to make them work correctly yet). As I mentioned in my above comment, I could leave those small pices in vim.cmd([[ ... ]]) blocks in init.lua and have them work the same as they did before, which is fine by me. This podcast was recorded in August 2021, and I’m looking forward to further improvements in the configuration APIs from the neovim contributors.

            My own motivation for switching was some mix of wanting to try out this new Lua-in-Neovim thing I’d been hearing about, partially wanting to move to some fancy new post-Neovim-0.5 plugins that all had configuration documentation in Lua, and partially wanting to break up my lengthy init.vim into several smaller files. I don’t actually know if it’s impossible to do that in Vimscript, but it was certainly straightforward in Lua.

          2. 2

            Lua is simple and logical, vimscript seems to be the opposite of that.

          1. 1

            Is it viable to do the Terraform bits using NixOps at all?

            1. 2

              Probably? I’m personally liking Terraform for this a lot more than NixOps (if only because terraform is the lingua franca of frantically gluing clouds together) but you could likely get away with NixOps for this.

              1. 1

                Thanks. :) I still haven’t forced myself to play with NixOps, but Terraform has made me cry many times before, so it’s more of an “enemy of my enemy” type of situation.

                1. 3
                  1. 1

                    Noted!

            1. 2

              Hi, creator here, thanks for submitting and please share any feedback or thoughts you might have!

              1. 21

                Without more context it’s difficult at a glance to know how to interpret “Harmful”.

                It looks like it’s saying “Mozilla’s implementation of the Serial API is harmful” but it sounds like what it’s actually saying is “Mozilla considers the Serial API to be harmful” which is very different!

                1. 1

                  Hmm, yeah, good point. The wording is taken from their own site which is linked to when one clicks on the status.

                  Suggestion on how it could be improved?

                  1. 8

                    Personally I have no idea what this website is about. Perhaps add a few lines on top that explain what it is?

                    1. 1

                      Further down I’ve written:

                      observations of APIs with controversy around them and where hard facts has often been hard to find

                      Maybe replacing/extending the current “Background” in the top with something similar? Maybe like this:

                      Gathering of Web API specifications that has caused controversy among browser vendors, giving them relevant context

                      1. 3

                        I think you need even more context than that. What is Web API? Why is it controversial? The nice thing about the FAQ format is that you can spend the first 1–3 items answering questions like these and anyone who already has this context can just skip over them.

                        A design note—the text in the FAQ expands to fill the full width of the screen (or at least the 1,280 pixels of my browser window), and there is also no margin between the text and the edge of the screen. Both of these things make the text harder to read. You might consider limiting the width of the text to 800 px or 40 em (very approximate numbers) and, on smaller screens, adding at least 10 px of whitespace on either side.

                        1. 1

                          Suggestion on wording and such is much appreciated, this is just something I threw together quickly in an afternoon to try and gather references in these topics :)

                    2. 3

                      Perhaps you’d consider changing the colour scheme? To me, green = GOOD and red = BAD, which makes it hard to understand what’s actually going on at first glance.

                      1. 1

                        In what way? Green = positive about the state of the spec, Red = negative about the state of the spec, isn’t that the correct way?

                        1. 4

                          I think the problem is that it’s not immediately obvious that this ‘judgement’ of good vs bad is about the spec. At first glance this just looks like chrome has everything green and is thus good, while firefox/safari have everything red and are thus bad.

                          1. 1

                            Yeah, good feedback, will try to find time to improve it asap

                      2. 2

                        “Harmful to Users” or “Deemed Harmful to Users” perhaps? The key point that needs communicating is that Mozilla has determined that implementing the spec would be harmful to its own users, e.g. someone might use the serial api to modify their insulin delivery device.

                        1. 1

                          Intentionally omitted.

                          1. 1

                            Well, Mozilla’s own description of their “Harmful” label is “Mozilla considers this specification to be harmful in its current state.”

                            That the focus is on the spec, not the implementation should get clarified

                            1. 5

                              “Harmful” doesn’t mean anything on its own, you have to tell a person what is being harmed.

                              1. 1

                                Totally, but that’s better explained by the ones considering it to be harmful than for me to try and summarize and maybe misinterpret

                                1. 1

                                  By using the single word “Harmful” I’d argue that you have summarized. It’s just that that summary is ambiguous and prone to misinterpretation, as others in this thread have pointed out.

                                  1. 1

                                    How would you summarize it better? I would love to do it better

                                    1. 1

                                      Maybe “Mozilla considers it harmful” or “No plans to implement”? I know these are more wordy than what you’ve got now, but I can’t think of a shorter bit of text that still conveys the right meaning.

                          2. 2

                            Added an issue for it to ensure it doesn’t get lost: https://github.com/voxpelli/webapicontroversy.com/issues/1

                            1. 1

                              Perhaps “Rejected” instead of “Harmful”?

                              Though Mozilla themselves refer to it as “harmful”.

                              1. 1

                                They often haven’t rejected the specs though, rather they have found that they in their current state would be harmful to the web.

                                Remember: All of these specs are drafts and still under discussion, even though Chrome has decided to ship them

                                1. 1

                                  Yea, I get that, I just don’t feel that “HARMFUL” is representative of what’s going on.

                                  For example, the Safari side of things talks about anti-fingerprinting challenges, which is fair.

                                  I don’t get the sense that the Chrome side is actively trying to enact more ways to fingerprint, but rather they’re trying to build a browser environment that competes with OS functionality, which I think is also fair (ideology aside). I’m not sure how Safari feels about this, given that they’re a purveyor of iOS and macOS and probably don’t love the idea of browsers competing.

                                  Meanwhile I’m not sure what Mozilla’s agenda is. They’re no longer providing Firefox OS, but also it’s not clear that Firefox is interested in pushing browser functionality forward, while also experimenting with ads/sponsored content by default.

                                  My personal bias, as someone who uses Linux and benefits greatly from cross-platform applications like browser apps, is that I like the idea of these additional WebAPIs and it doesn’t sound intractable to make them robust against fingerprinting. The cost of not advertising the functionality by default and even requiring the user to manually enable them seems more than worth it.

                                  My wish for something like the Web API Controversy page (which I appreciate exists as it’s a handy dashboard to keep track of!) is that it didn’t make the premise of the proposals seem nefarious and intractable. :)

                          3. 2

                            I think it would be nice to link to discussions directly in the details, e.g. https://github.com/mozilla/standards-positions/issues/336

                            1. 2

                              I prefer to link to the most official kind of reference and have it refer to the discussions they feel are relevant, feels like that has a better chance of being up to date and staying as objective as possible

                          1. 2

                            The vim integration off the bat looks great! Very compelling feature, thanks for sharing. :)

                            1. 2

                              Have you tried just using Syncthing, without the SMB share? There’s a native Android client. It works Okay, though I need to figure out a better way to arrange the sync destination/layout.

                              1. 1

                                I used to have only Syncthing on all of my devices but now have configured a SMB share so that it is a bit easier to browse the files. Also my family could use it to access a family photo archive.

                                1. 1

                                  Right, I use Syncthing to back up my phone’s photos to my NAS, which has its own sharing/display mechanisms. Feels like a fairly good substitute for Google Photos sync, at least.

                                  Do you feel that the SMB component is actually combining multiple solutions though? It sounds like the actual Dropbox-like selective sync is all done by Syncthing, but you’re augmenting the result with SMB for more usecases. It just so happens that Dropbox does all those things in addition to sync (sharing, album gallery, etc) but I feel more comfortable knowing that Syncthing will only safely sync files and not risk being exposed to weird sharing vulnerabilities.

                                  1. 1

                                    Syncthing works well for me for the same use case: backing up files from the device to NAS. The other way around is a bit more challenging. Let’s say I want to access my family photo archive (which is many gigs) from my phone. For this I was planning to use SMB share cause it lets me browse the remote folder and access the file I want. I guess it would be nice to have GUI for Syncthing to stop ignoring a file/folder and download it to the device.

                                    1. 1

                                      Yea you’re totally right about that. I also find syncthing is much simpler to reason about as one-way backups rather than by-directional data flow.

                              1. 4

                                This is interesting. I started using Stackedit to draft blog posts:

                                https://stackedit.io/

                                It’s pretty nice, and open source, and hosted. Not perfect, but it’s very fast because it’s mainly JS and rarely hits the server.

                                I can see the appeal of using Github issues, since it has more ways of organizing and searching. Although I like the side-by-side view of Stackedit.


                                Tangent: I need to write a blog post about how “Github Actions” and Gitlab runners and Sourcehut are basically a new style of “container-based shell scripts” (which I like), and written in YAML (which I don’t like).

                                They’re adding a useful concept to shell scripts – containers and full VMs – but writing them in a really bad syntax…

                                1. 2

                                  I really like the idea of stand-alone markdown editors, I have a pretty good setup with my nvim that has a live preview side by side. My biggest blocker with these is drag ‘n drop and copy/paste images don’t work. Just checked stackedit, seems it suffers from the same problem.

                                  That’s one thing that Github Issues gives me “for free” which I appreciate. Ultimately I’d love to end up with a standalone markdown editor that has built-in image handling–not just for drag/paste but also for quick in-line editing like cropping and annotation.


                                  Tangent: I need to write a blog post about how “Github Actions” and Gitlab runners and Sourcehut are basically a new style of “container-based shell scripts” (which I like)), and written in YAML (which I don’t like).

                                  Agree with both of those sentiments! I ran into several subtle YAML-syntax bugs while working on my Action, as is tradition.

                                  1. 1

                                    Ah interesting, didn’t realized Github drags and drops. Actually I didn’t even know the browser supported that!

                                    But an advantage of StackEdit over Vim is that I can copy and paste links. It turns a rich text link into markdown like:

                                    [anchor](https://example.com/url)
                                    

                                    Similar to what github does with images.

                                    Interestingly I just checked, and Github does NOT do that. They only paste the anchor.

                                    Some blog posts are full of links, more than text, so I find this very convenient about StackEdit. But if you have a blog post full of images, Github would be more convenient! (Although I don’t want to rely on it for image hosting)


                                    Yeah the YAML thing is really bugging me. I spent all this time “fixing” shell syntax, making it statically parseable, being annoyed by the 70’s style macro processing of shell-in-make, etc.

                                    And then the new trend seems to be 70’s style macro processing of shell-in-YAML. Making the same mistakes all over again.

                                    And to make it even worse a lot of times you have to push across the network to get your config validated???

                                    Even the creators of these systems are sorry:

                                    I want to go on record: the amount of yaml required to do anything in k8s is a tragedy. Something we need to solve.

                                    https://twitter.com/jbeda/status/833408476437110784?lang=en (2017 ! )

                                    Thinking of writing a talk called “I’m sorry about the YAML” where I talk about how we got here and where it is all going. What do y’all think?

                                    https://twitter.com/jbeda/status/1306358044247298049

                                    Previous comment on Oil as a better config language, integrated with shell: https://lobste.rs/s/6oxpe3/s_lot_yaml#c_mje209

                                    1. 2

                                      (Although I don’t want to rely on it for image hosting)

                                      Agree!

                                      Part of my frontmatterify preprocessing script I mention in the post is to download the Github-hosted images and commit them to the repository so that it’s replicated locally. Admittedly the repo is hosted on Github for now, but ultimately the images are served by Netlify and the source of truth is replicated on all of my development machines.


                                      I’m generally happy with TOML for config files, but I’m keeping a keen eye on https://cuelang.org/ for the future. Statically-checked configs are very appealing.

                                      1. 1

                                        That’s cool, I like what you’ve done with reusing entire services with shell scripts! I think of Unix and shell in particular as opportunistic reuse!

                                        For example you can reuse “grep” (Boyer Moore), diff, ImageMagick, an entire browser, an entire VM, etc. in a shell script.

                                        But you can also reuse the whole Github UI and file hosting service for your own purposes :) I like to keep things under my control but reuse where it saves effort.

                                        I sort of mentioned this in the last part of my blog, I started “reusing” Travis CI and builds.sr.ht with a portable shell script:

                                        http://www.oilshell.org/blog/2020/11/fixes-and-updates.html#buildssrht-and-toil

                                        (Also it seems like frontmatterify should run under Oil… if you have any ideas for improvements in shell, I’m interested as mentioned in the README )


                                        Cue seems interesting, and it looks very familiar because I have a ton of experience with GCL too, the predecessor they mention.

                                        Although the unification angle is interesting and I’ll have to check it out!

                                        https://cuelang.org/docs/about/

                                        Although it is a very different language, the roots of CUE lie in GCL, the dominant configuration language in use at Google as of this writing. It was originally designed to configure Borg, the predecessor of Kubernetes. In fact, the original idea was to use graph unification as used in CUE for GCL.

                                1. 1

                                  What’s the point of Netlify when GitHub Pages works for static content? Just curious, I have a normal .md files setup with Actions and it works wonders. I like the idea of using issues, I just don’t get the Netlify part.

                                  One thing that caught me when using a custom domain on GitHub Pages is that Hugo needs to deploy a CNAME file that contains the domain name along with the rest of the content. Otherwise, it works.

                                  1. 1

                                    You’re totally right, and I did use Github Pages for many years. I mainly switched to Netlify for the pull request previews, and to try some of their other cool features like form handling.

                                    1. 1

                                      Fair enough :) Thanks for the info, I use them as well for a different website.

                                  1. 1

                                    Great post! I’ve been thinking of doing something similar – this seems like a neat approach.

                                    As a meta question, does your site have an RSS (or similar) feed?

                                    1. 2

                                      Thanks! Yes, it’s buried in the HTML metadata: https://shazow.net/index.xml

                                      I should turn off the reformatting by Netlify so that it’s more readable.

                                    1. 1

                                      I did something similar, but with notion as the backend instead of github issues! I wrote about it here: https://borick.net/articles/my_notion_powered_blog/

                                      I think there is something to making it as easy as possible to write and publish. It seems like devs are very prone to setting up their own custom (ish) workflow, and if publishing is outside of that workflow it’ll happen less.

                                      1. 1

                                        Oh cool! I think I actually saw Chris (or maybe someone else using it?) present the reverse-engineered Notion Go library doing this exact thing at a Notion meetup.

                                        Has the markdown generated from Notion been fairly reliable for you?

                                        One thing that’s nice with Github’s markdown is that it basically became the de facto standard (commonmark), so Hugo is very happy to consume it and render it properly.

                                      1. 1

                                        I used NixOS for about a week, until I wanted to set up a python virtualenv to quickly hack on some project. Venvs fundamentally break the NixOS philosophy, and required some ungodly amount of hacks/arcane nix package stuff to get kinda working. I gave up. In hindsight I could have setmup a VM, but ffs that seems overkill.

                                        Guix has ‘profiles’, which sound like they might provide a non-hackish way to do that: https://guix.gnu.org/cookbook/en/html_node/Guix-Profiles-in-Practice.html

                                        1. 6

                                          NixOS doesn’t do anything to prevent you from using venvs. I often use a venv in a nix shell that has the necessary C dependencies for my Python. There is even a venvDir helper for mkShell derivations that automagically makes a venv for your nix shell.

                                          More on this here: https://nixos.org/manual/nixpkgs/stable/#python

                                          1. 1

                                            Ok. That looks like a vast improvement over what I recall when I last looked at it.

                                            1. 1

                                              It may not do anything to prevent you from using them, but I feel like every time I want to use a new language and its packages, (because I am still not the best at Nix) I have to read a bunch of documents and find a third party application that automates things, like mach-nix.

                                              I love NixOS, but it is really annoying when I want to do something that on other OSes is really easy, like installing some software from npm, and it takes me multiple hours of document reading and tool testing. And then some more complex packages still don’t run well, like rpy2 for me.

                                              Hopefully this would all be easier when the documentation gets better and I get better at Nix.

                                              1. 3

                                                I understand where you’re coming from, it’s a kind of red herring: There is a lot of effort to programmatically convert all package management into idiomatic nix store stuff. I think this is a laudable effort but it’s not a requirement for everyone to use! This part is not obvious.

                                                The first thing any developer does is search “how do I use X language in nix?” and of course we’ll find a lot of efforts to convert that language’s ecosystem into the nix ecosystem. I want to categorically say: It’s okay to ignore these. It’s okay to ignore pip2nix, it’s okay to ignore node2nix, etc.

                                                One of the best parts of nix is it’s still very usable in an incremental way. It’s okay to use as much or as little of it as is helpful, and we can always migrate to more nix-ification as the need arises. :)

                                                1. 1

                                                  This might be a silly question. If I am on NixOS is there a way to “cheat” and install a python package the “normal” pip way (without combing through a bunch of Nix documentation)? If I were on Debian+Nix I would be able to, but on NixOS I could not find a way to “cheat” and do things the traditional way.

                                                  Perhaps I should go back to a “normal” Linux distro and use Nix incrementally until I am more proficient and then come back to NixOS.

                                                  1. 2

                                                    Ah, I think I know what problem you’re having! Were you using a venv?

                                                    In Python, it’s generally discouraged to install things globally (sudo pip install foo). It’s still possible in most distros, but NixOS will prevent you because that part of the filesystem is marked as read-only.

                                                    The idiomatic way to use Python, regardless of distro: python -m venv to create a virtualenv (basically a “container” for this project’s dependencies), then activate it source ./venv/bin/activate – you can specify a different directory, too. Try python -m venv --help for more.

                                                    This is particularly important since pip is not able to handle multiple versions of the same dependency well, so it’s best to maintain one venv per project.

                                                    With that approach, it shouldn’t matter whether you’re using NixOS or Debian or whatever.

                                                    1. 1

                                                      Oh, I did not know that venvs would work well in NixOS. Tbh I forget what I tried before moving to MachNix, but it is great to know that a simple venv would have solved my issue. I really appreciate the reply!

                                                      1. 2

                                                        You’re very welcome. :) Hit me up if you run into more problems.

                                            2. 1

                                              I use venvs all the time for hacking on stuff outside of nix when i don’t care about being so pendantic.

                                              1. 1

                                                pedantic**

                                            1. 2

                                              I was already opposed to copyleft when I read this post, but I found it very convincing and I feel like my position has shifted a little further towards being opposed to intellectual property altogether. I’m not quite convinced that the benefit of dual licensing beyond MIT outweighs the cost of not having Github parse and display the licenses properly, but I have more appreciation for the intent behind the UNLICENSE than before.

                                              Thanks for writing this, burntsushi. Also thank you for having such calm and thoughtful responses to all of the comments in this thread, it was a very pleasant read.

                                              1. 1

                                                towards being opposed to intellectual property altogethe

                                                copyright abolitionists unite!

                                                I am happy to use copyleft as a strategy for now, but if we ever got close to a world where we could just weaken or end copyright I would jump on that bandwagon so fast.

                                                1. 5

                                                  I only started being opposed to copyleft after this FSF / Pirate Party debacle. It seems like a stark case where the means to the end wind up becoming the ends unto themselves: the FSF opposes shortened copyright terms because it shortens the applicable time limit of the GPL.

                                                  Never mind that, if someone’s use case is fine with a five year old version of Linux, their use case would probably be satisfied with a BSD flavor anyway (in other words, I think the biggest impediment to just cloning a GPL’ed application to form a proprietary or MIT-licensed equivalent is if it has a constant stream of valuable updates). Never mind that SaaS allows software to remain proprietary with no intellectual property protection at all. The FSF basically decided that it was okay to harm the cultural commons in order to prevent companies from making proprietary forks of outdated versions of GPL’ed software.

                                                  1. 1

                                                    There are many things where the FSF and I disagree. This is certainly one of them

                                                  2. 1

                                                    Is there anything that would convince you that copyleft is counter-productive to abolishing copyright?

                                                    1. 1

                                                      Given that that was my original reason for opposing copyleft and I’ve since switched my position, it seems unlikely ;)

                                                      Abolishing copyright would of course make my copyleft strategies stop working, but that’s fine in the service of the greater goal. No strategy lasts forever.

                                                1. 3

                                                  I’ve had my X1 Carbon 6th Gen for nearly 2.5 years now and I’m also extremely happy with it. By far the best device I’ve owned (upgraded from a Macbook Pro), I am also a big fan of the keyboard and the HDR screen option is excellent. Unlike the author, mine did arrive in a beautifully packaged box. That part is quite strange.

                                                  The advantage Apple still holds over its competitors is its willingness to break backward compatibility. They are willing to pay that cost in order to facilitate innovation.

                                                  Made me think of Apple refusing to switch iPhones to USB-C because they’re not willing to give up all of the Lightning licensing revenue. Or, as Apple puts it: It would create too much waste!

                                                  Apple certainly has advantages over competitors, but I don’t think that was it. Perhaps the advantage is having the biggest horde of loyal defenders.

                                                  1. 25

                                                    I would love to see some examples where a company changed the license of their codebase to comply with a dependency. I have never seen this happen in my entire career, even though they are obligated to. I have seen countless examples of people rewriting code to rid of a dependency with an incompatible license, I have even done it myself.

                                                    I understand and respect the pure ideology of strong copyleft licenses (that in a perfect world, everything would be open source), but I don’t believe that it actually yields more open source in the world. In practice, people simply avoid it and it yields more duplicated work that ends up either proprietary (more common worst case) or more permissive (best case).

                                                    It is difficult to prove, but I feel that the “leading by example” ideology of permissive licenses is responsible for far more code being made open source in practice (though I acknowledge this is not everyone’s goal).

                                                    1. 16

                                                      I think OpenWRT exists because linksys had to do this.

                                                      I was just looking into this question myself today and have this history of openwrt on my reading list if that helps.

                                                      1. 5

                                                        Linksys did that, and then stopped maintaining the code, and switched to another OS for most of its hardware. Was that VMX, perhaps? I don’t remember. Some commercial OS. They stated that the reason was that linux needed too much RAM, which I find difficult to believe. Slimming down a linux kernel is IMO likely to be simpler than porting a code base to a new OS, so I tend to believe that Linksys’ stated reason was a polite lie. They did release a single model that ran linux, and I bought that model.

                                                        1. 4

                                                          I believe it was VxWorks

                                                          1. 1

                                                            All the vendors do a fantastically bad job.

                                                            https://www.youtube.com/watch?v=PLXmPgN6wVs

                                                            1. 1

                                                              When you say that everyone in a specific field does a fantastically bad job, you should also consider the possibility that your assessment might be off, and why that might be the case.

                                                          2. 2

                                                            Queued that up as well! I also had a WRT54G(L) for a very long time, excellent device.

                                                          3. 11

                                                            I have seen countless examples of people rewriting code to rid of a dependency with an incompatible license

                                                            This is a very good case, IMO, and is my primary motivator for using (A)GPL on most of my newer work. I would much rather force the big bads to rewrite my code than simply profit off my work, and we have some evidence that they will do that to avoid (A)GPL sometimes.

                                                            I would love to see some examples where a company changed the license of their codebase to comply with a dependency.

                                                            I think to be fair on this one you have to also include all the code that started or stayed freedomware because of the requirement. This would include the example from the OP of the same downstream hosting the other project in compliance.

                                                            1. 13

                                                              I would much rather force the big bads to rewrite my code than simply profit off my work, …

                                                              I don’t know who you imagine is “the big bads”, but in reality it’s a lot of people like me who release all their projects under permissive licenses like MIT.

                                                              1. 11

                                                                You can use an (A)GPL’d dependency on an MIT’d project, just the resulting “combined work” is effectively (A)GPL’d. Some projects even have build flags to choose to build in “GPL mode” or not depending on which dependencies you use. It’s all about goals.

                                                                If you want your software to be used to build nonfree products so badly that you reimplement something under the GPL to use as a dependency for your otherwise MIT’d project… I mean, more power to you, right? It’s your choice.

                                                                We have examples of Apple, Google, VMWare, Linksys, and others doing rewrites to avoid using GPL’d code, and I would say that is the point, for me.

                                                                1. 15

                                                                  I wrote before:

                                                                  It is difficult to prove, but I feel that the “leading by example” ideology of permissive licenses is responsible for far more code being made open source in practice (though I acknowledge this is not everyone’s goal).

                                                                  My goal is to provide as much value to the society as possible through each unit of my effort. I want people to use my code, I want people to profit from my code even if I get nothing for it, I want people to build things they otherwise wouldn’t have built because my code enables it. I am going to make the effort to make my code as accessible and permissive as possible, this often means avoiding (A)GPL dependencies and often duplicating effort in the process.

                                                                  I recognize that your goal is not the same, and that’s fine. I just hope that you also recognize the reality that Apple/Google/VMWare/Linksys etc don’t care at all, they’ll simply not even look at AGPL code and move on. If they find AGPL code in their stack by accident, they will purge it. If they’re caught in a situation where they are in legal trouble, they will do the absolute minimum to comply with that version and purge it moving forward.

                                                                  Overall, my bet is that choosing strong copyleft licenses has more of a net-negative effect on people who share my goal than any measurable effect on “the big bads”.

                                                                  1. 9

                                                                    Apple/Google/VMWare/Linksys etc don’t care at all, they’ll simply not even look at AGPL code and move on

                                                                    again, I consider that a win for me

                                                                    1. 6

                                                                      It sounds as if your primary aim is to prevent some some people from using your code, without blocking access for too many other people. As opposed to the BSD/MIT/Apache licenes, whose primary aim is to make software available for all to use, without any attempt at dividing the world into us and them.

                                                                      1. 5

                                                                        Close. The goal is to prevent some uses which in this world tends to leave out some users.

                                                                        1. 1

                                                                          The goal is to prevent some uses

                                                                          It is obligatory at this point to remind everyone that the AGPL should not be considered a Free Software license, as it does not grant Freedom 0. In fact, its entire purpose is to withhold Freedom 0 from recipients of the software in order to try to gain leverage over them.

                                                                          1. 8

                                                                            The AGPL only triggers if you modify the software (since otherwise no copyright is in play and no license would be relevant). So if you just run unmodified software (freedom 0) the AGPL does not apply or restrict you.

                                                                            1. 5

                                                                              It is obligatory to point out that the people who defined Freedom Zero, and in doing so defined Free Software, also explicitly state that the AGPL is absolutely a Free Software license.

                                                                              Your point is mooted.

                                                                              1. 3

                                                                                The FSF’s stance on freedom is that you shouldn’t be allowed to have too much of it, lest you use it to do things the FSF disapproves of.

                                                                                The AGPL was simply a reaction to the discovery that there were more things of which the FSF disapproved and which had not been foreclosed by prior licenses, so a new license was concocted to ensure that dangerous freedom wouldn’t get around too much.

                                                                                1. 3

                                                                                  The logical gymnastics of both using the FSF’s definition of Free Software while rejecting their definition of Free Software is awesome to behold, and honestly would put Simone Biles to shame.

                                                                                  1. 2

                                                                                    I would flip that around and suggest that the rhetorical gymnastics the FSF uses to try to trick people into thinking their positions are coherent are something to see.

                                                                                    Essentially, they want to bludgeon everyone else with an absolutist position, while never being held to that same absolutism in their own actions. Or, more succinctly, they want to be able to compromise “freedom” when they think doing so will achieve a higher/larger goal. But woe to anyone else who tries doing that – then they’ll tell you that compromising freedom is never acceptable, no matter how good or great the thing you’d achieve by doing it!

                                                                                    Their adoption of the AGPL, which does not conform to their own original definition of Free Software and on those grounds never should have been accepted as a Free Software license, is just one especially obvious proof of that.

                                                                      2. 6

                                                                        My goal is to provide as much value to the society as possible through each unit of my effort.

                                                                        I want freedom for users to educate themselves and contribute as opposed to becoming mindless consumers.

                                                                        That’s why I believe AGPL is a good license for applications.

                                                                        I also believe that for libraries and frameworks MIT, APL or MPL work better to achieve that goal.

                                                                        Having more educated people - in my opinion - is better than having more usable code in the long-term.

                                                                        1. 3

                                                                          Overall, my bet is that choosing strong copyleft licenses has more of a net-negative effect on people who share my goal than any measurable effect on “the big bads”.

                                                                          As someone who also prefers to release under permissive licenses: this, a million times. Big companies will always have a way to work around copylefted software, so it literally is not cutting them off from being able to do things the FSF disapproves of. Like, it’s not causing them to angrily shake their fists and yell “I would have gotten away with it, if not for you meddling Free Software kids!” It’s just causing them to use alternatives that aren’t under the FSF’s licensing regime.

                                                                          Meanwhile, as the FSF gets ever more paranoid about ever more arcane “loopholes” in its licenses, the worries of small-time open-source developers go up as we juggle increasingly large transitive dependency trees that might have anything lurking in them. Not to mention whatever “loophole closure” the FSF might roll out next with brand-new extensions of what is or isn’t a derivative work.

                                                                  2. 9

                                                                    I think the NcFtp client famously changed its licence to the GPL so it could use Readline… then in 1999 or so it switched licences again. The copyright.h file included in ncftp 1.9.5 says:

                                                                    static char copyright[] = "@(#) Copyright (c) 1992, 1993, 1994, 1995 by NCEMRSoft and Copyright (c) 1985, 1989 Regents of the University of California.\n All rights reserved.\n";
                                                                    

                                                                    …but the comment at the top of that file says “All rights reserved” and:

                                                                    Redistribution and use in source and binary forms are permitted provided that: (1) source distributions retain this entire copyright notice and comment, and (2) distributions may not be sold for profit on physical media such as disks, tapes, and CD-ROMS, without expressed written permission.

                                                                    …which is granting some rights so clearly they’re not all reserved.

                                                                    Meanwhile, Wikipedia cites a Common Lisp implementation named “CLISP” as having switched to the GPL but I’m not sure what licence it switched from.

                                                                    As perhaps a more famous example, the Objective C system that Mac OS X used at least during the PPC era was GPL’d because back in the day NeXT wanted to use GCC as their compiler, and the FSF said they couldn’t use GCC and keep the Objective C bits proprietary. Of course, as soon as Mac OS X got serious momentum behind it, Apple poured resources into LLVM and Clang…

                                                                    1. 4

                                                                      That is a fascinating journey, thank you for sharing!!

                                                                      Wonder if there’s anything more recent? Mid-90s certainly predates my career. I feel I am more in tune with modern open source culture, also I remember reading somewhere that more permissive licenses like MIT really took off in the era of Github.

                                                                    2. 8

                                                                      At a previous employer we wanted to use an AGPL-licensed library as part of our SaaS offering. We wrote the extensions that directly linked to it into its own microservice and licensed that as AGPL and put it on GitHub. Rest of the SaaS product stayed proprietary since calling the AGPL parts over HTTP does not trigger the AGPL. Well, the legalities on that are very unclear, since “intimate enough” on the GPL FAQ. Not sure if we did the right thing legally, and morally I’m even less sure.

                                                                      Last I heard the library in question was relicensed as BSD, so the issue is moot and nobody is using the old one anymore.

                                                                      1. 8

                                                                        I promise you that Apple did not want to LGPL webkit, but they did really want to use KHTML in it. Google may or may not have open-sourced Blink if webkit hadn’t been copyleft, but they almost certainly wouldn’t have used a copyleft license.

                                                                        1. 7

                                                                          The place I work at builds tools that help other companies stay compliant with open source licenses. A lot of our bigger and most risk-averse customers (e.g. hardware manufacturers) actually take the stance that once GPL is brought into their first-party code, that code is “tainted” (i.e. you can’t make it compliant again just by removing the GPL dependency, because the commits where the GPL dependency were integrated are forever tainted by GPL and are forever in the commit history of any subsequent commits). Their default action is actually to publish “tainted” parts of their code base as open source to stay compliant - they feel that they’d rather publish some maybe-not-super-important parts of their IP rather than risk the trouble of a lawsuit.

                                                                          1. 4

                                                                            Place I used to work had a codebase under GPLv2 (containing lots and lots of GPLv2 source by other people), decided it would be convenient if their stuff was AGPL instead, got told “no that’s impermissible” (I can’t remember if they actually tried it out they got told no before actually trying it) and went with GPLv2 instead of making a huge mess out of it. Dunno if that’s close enough to count.

                                                                            Replacing all the GPLv2 code in there would’ve cost about the company’s yearly turnover times two, prolly, so doing anything other than just complying with the license as written was a non starter.

                                                                            1. 2

                                                                              I know of several cases where the licensing was changed from foo to “either foo or gpl, your choice”, but I don’t think that’s what you really had in mind, right? You had in mind a change that grants users substantial additional rights?

                                                                              So I agree with your intuition that the permissive licenses have achieved more, even if not quite the same.

                                                                              1. 3

                                                                                Right, what I had in mind is more going from “we have a proprietary/commercial license/closed source codebase” to “we open sourced it under AGPL/GPL to comply with the requirements of a dependency we just added or had all along and didn’t realize.”

                                                                                1. 3

                                                                                  Yes, and I think that if that were a significant effect, then I would have noticed it by now.

                                                                                  FWIW I worked at Trolltech until 2001; the team members’ reactions to the mail we got from GNU fans from 1994 until I left weren’t in the least favourable. At the time I thought I was special, we were special, but maybe we weren’t. Maybe most people who are, uhm, educated by GNU fans react negatively to the experience.

                                                                                  1. 1

                                                                                    Curious to hear more, what kind of mail did you get? Do you mean regarding most of the stack being GPL licensed?

                                                                                    1. 1

                                                                                      What stack being GPL? Libc and libX11 wasn’t, etc.

                                                                                      GNU fans sent us a lot of mail that might be described, somewhat uncharitably, as walls of text written by people who had much spare time and little salesmanship talent. For someone who has code to write and customers to help, dealing with yet another clueless wall of text is unappealing or worse.

                                                                              2. 1

                                                                                I would love to see some examples where a company changed the license of their codebase to comply with a dependency.

                                                                                I think this is a weird standard. Alternatively: examples where existing reciprocally licensed codebases were built upon instead of started from scratch?

                                                                                • GCC and its myriad of backends including …
                                                                                  • Objective-C
                                                                                • Linux
                                                                                • Webkit / Blink
                                                                                • MySQL
                                                                                • Heaps of emulators
                                                                                • Git
                                                                                • ffmpeg
                                                                                • Blender
                                                                                • VLC

                                                                                I feel like this is a target rich environment. What domains do you care about?

                                                                                (* why is it always a company?)

                                                                                1. 1

                                                                                  Consider it a focus group.

                                                                                  The viral clause affects two groups: People who want to the viral clause to bind others, and people who are bound by the clause and wouldn’t have chosen the GPL otherwise. If you want to know about the viral clause of the GPL, then it makes sense to look at the reactions of a focus group inside each group. GP’s question is a nice way to find some in the latter group.

                                                                                  1. 1

                                                                                    The viral clause

                                                                                    The use of “viral” makes me worry this isn’t a good faith response…

                                                                                    The viral clause affects two groups: People who want to the viral clause to bind others, and people who are bound by the clause and wouldn’t have chosen the GPL otherwise.

                                                                                    GPL code has no agency. That latter group chose to use GPL code. I see no complaints of “we pirated Oracle and now we have to pay a licensing fee” or “we pirated Oracle to get traction, and now we’re forced to rewrite.”

                                                                                    And I think there are more than two groups. e.g. people who specifically choose to work on the GPL projects.

                                                                                    1. 1

                                                                                      “Viral” was common parlance when I learned about the GPL, in the early nineties. I agree that it has acquired more negative connotations since then.

                                                                                      More unaffected groups don’t matter. Unless you want to argue that the pool of people who’ll work on, say, GPL’d code but not APL’d code or closed-source code is so large that it will affect companies’ strategy for theiir implementation work?

                                                                                      1. 1

                                                                                        I think most license selection is driven more by the authors and less by their lawyers, yes.

                                                                                        P.S. https://en.wikipedia.org/wiki/Viral_license#History

                                                                              1. 3

                                                                                Worth noting that all of the objective criticisms of Brave were bugs that were reported by users and addressed by the developers. I’m not seeing any past bugs being brought up regarding other browsers?

                                                                                All things considered, I feel Brave is doing a good job having honest conversations with their users and writing code that aligns with the values of the users.

                                                                                (I have no affiliation with any browser, I am currently using Firefox/Chrome/Brave respectively on each of my 3 devices to get an accurate feel for the differences. I am considering switching the other two to Brave or Chrome.)

                                                                                1. 8

                                                                                  re: Brave, I think there is probably a fundamental conflict between selling Attention Units and ensuring user privacy.

                                                                                  Plus there was the scandal a while back where Brave was hijacking URLs to pocket referrals [1].

                                                                                  There have just been too many Things That Make You Go Hmmmm with Brave for me to trust them. Fair or not, I dismiss the browser as a crypto scam parading as a privacy focused browser.

                                                                                  1: https://decrypt.co/31522/crypto-brave-browser-redirect

                                                                                    1. 1

                                                                                      Plus there was the scandal a while back where Brave was hijacking URLs to pocket referrals [1].

                                                                                      Yea, that was one of the objective criticisms I reference: https://brave.com/referral-codes-in-suggested-sites/

                                                                                      I don’t agree that BAT is fundamentally conflicting with user privacy. We can debate that, but at minimum I think we can agree it’s a more subjective criticism.

                                                                                  1. 2

                                                                                    Ok I need advice. I used to exclusively use a Macbook Pro (and still use it frequently), I generally agree with this article, I have a lot of experience (and LOVE) running FreeBSD servers, I write a lot of C code and have no problem porting software, I like the MIT/BSD license over GPL, and I run Ubuntu now on my Thinkpad/desktop (which I use more frequently than my Macbook), is it worth it to switch to OpenBSD?

                                                                                    OSes I’ve used so far (clientside):

                                                                                    • OS X, easy, gets out of your way, lots of nice proprietary stuff. Quality is slowly degrading over time though. And brew sucks. Maybe the arm laptops will change my mind.
                                                                                    • Ubuntu, I love APT/dpkg and know it like the back of my hand, installing proprietary stuff is pretty easy, sane defaults, easy to Google stuff, most software with linux compatibility usually has a Ubuntu .deb or a ppa, and generally gets out of my way. Only real con is the warts that come from Linux and the occasional weird decision by Canonical
                                                                                    • Slackware, it was nice but lack of a package manager is kind of annoying
                                                                                    • Arch Linux, it was fun when I was in high school but now I don’t really care what WM I use and I hate the rolling release model
                                                                                    • Jailbroken iOS, my favorite OS by far, apt/dpkg + BSD base + Mobilesubstrate = amazing

                                                                                    And just to be clear I don’t care about Free as in Freedom™ when it comes to my personal computers. I just want a well designed OS that will make me as effective as possible, and can run proprietary Linux binaries. And I want to do VFIO and play games in a Windows VM in QEMU

                                                                                    1. 4

                                                                                      is it worth it to switch to OpenBSD

                                                                                      I should probably say this with a nixpkgs contributor hat on, but:

                                                                                      Maybe you should add NixOS and Guix to your candidates. Most of the OSes that you have used, use traditional package managers. Nix and Guix provide a lot over that: declarative system configurations, per-project virtual environments, atomic upgrades/rollbacks, and the ability to have multiple versions/build configurations of a program/library on the system. Given your requirements, you would probably like Nix more, because it also packages proprietary software (so e.g. installing CUDA is not a problem) and provides stable releases besides the rolling unstable.

                                                                                      You can also install Nix or Guix on an existing Linux distribution to test the waters (macOS too, but it has issues more regularly).

                                                                                      It may not be for you, but it’s at least worth considering.

                                                                                      1. 3

                                                                                        +1 to NixOS. :)

                                                                                        I love the culture of people putting up their entire system configurations, defined end to end, up on public repos. Here is mine: https://github.com/shazow/nixfiles

                                                                                        When something doesn’t work, it’s very easy to find examples of other peoples’ setups as a reference. If we have the same hardware, you can use my configurations (or subsets) to replicate my experience precisely. If something breaks, it’s easy to get help on a problem by pointing to my configuration. Not to mention how easy it is to roll back!

                                                                                        I don’t think I can ever go back to a “traditional” operating system without these mechanics.

                                                                                        1. 1

                                                                                          Yah I’ve heard of Nix and it looks cool but I never really found APT/dpkg lacking or restrictive. I’ll probably try it out in a few years

                                                                                        2. 1

                                                                                          I would like to point out that choosing NixOS as a daily driver has the downside of requiring you to learn an entire new ecosystem to be able to figure out why something went wrong, or how to make it do what you want.

                                                                                          This means that you end up having to learn both nix the language, which is relatively easy, as well as nixpkgs the packaging library, which I’ve found to be ridiculously and immensely difficult. The documentation is still lacking (for example, but has improved over time), as is any easily accessible tooling for discovering what can be done that isn’t “read the entire source for this package and trace how it would get built”.
                                                                                          (There’s also the NixOS configuration library that I have not yet needed to understand the internal workings of.)

                                                                                          However, the community is pretty much always happy to help out, and asking people has always resulted in useful (and sometimes explanatory) answers.

                                                                                          So in the end NixOS is what I use. Perhaps it’s just that I’ve gotten used to digging through nixpkgs to fix my problems and don’t know how other packaging systems work, or maybe I’m hoping that one day I’ll actually rely on all of the benefits that I’ve supposedly been given, but I’m sticking with it for the time being.


                                                                                          Additionally, I would assume that Guix needs a similar commitment to use, but at first glance (from a while ago, when I last looked at it) it seemed there was more effort put into documentation. However, I’m not well versed in Guix to any extent, and so I don’t have anything knowledgeable to say about it.

                                                                                        3. 3

                                                                                          I just want a well designed OS that … run proprietary Linux binaries.

                                                                                          Then you are not a match for openbsd.

                                                                                        1. 22

                                                                                          To release a nonfree program is always ethically tainted, but legally there is no obstacle to your doing this. If you are the copyright holder for the code, you can release it under various different non-exclusive licenses at various times.

                                                                                          The “ethically tainted” doesn’t resonate with me, I think this licensing model should be encouraged. I will admit I am kind of biased on this because I work on a for-profit GPL-license project.

                                                                                          The ethical taint comes from the idea that the idea that, paraphrasing RMS, copyleft only works because of copyright and is only needed because of copyright. A world without copyright cannot support the GPL, but it would not be necessary to use the GPL because code would already be quite free. To release a non-free program is to attempt to create an artificial scarcity of that program’s source code, an ethically questionable action at best and a step towards monopoly and market distortion at the worst.

                                                                                          I’m sure that you know what folks say about trying to convince folks whose income is dependent upon a particular worldview.

                                                                                          In the open-source communist utopia, everything is open source and nothing is for sale, so dual-licensing doesn’t fit that particular utopia. But we live in the real world, where money makes things a bit more complicated, and in the long term, dual-licensing might be better than equal-rights open licenses. Well, developers have to eat.

                                                                                          Our society could afford to feed everybody. We choose as a society to have a world where people starve, where food is not affordable, and where households are stratified socioeconomically into classes. Similarly, we choose whether or not to share code. However, that doesn’t invalidate the ethical gradient; it’s not like both choices are equally reasonable and defensible.

                                                                                          Also, there’s a bit of a paradox here for folks who have careers built upon Free Software. The portfolio I’ve used throughout my career is built directly from my Free Software contributions. My ability to command a salary is derived directly from my reputation contributing to community projects.

                                                                                          When it comes to license like MIT and BSD, that impose no restrictions upon usage, where the “owner” doesn’t exist, it’s interesting to look at who release projects under those licenses:

                                                                                          • Students or hobbyists, people creating software for fun, notoriety, and experience.
                                                                                          • Very large companies (Facebook, Google, Amazon, Uber) or government & donation founded organizations (Universities, Public Research centers, software foundations such as GNU, Apache, and LSF)

                                                                                          Folks go from the former to the latter. The most famous example from software I use daily is probably Linux, but vim is another good example. Indeed, vim’s history includes an employee at a very large company using their spare time to work on hobby projects.

                                                                                          It is possible to view code ownership under a more collaborative, imperative model, where the point of code ownership is to maintain the code and keep it viable. From this perspective, many codebases, including Linux and CPython, operate under a sort of polder model which combines community contributions, academic research, business-driven optimizations, and user-desired feature work into a single holistic effort to maintain source code.

                                                                                          Why can Nvidia assign engineers to dozens of open source ML and game-engine projects?

                                                                                          This is an excellent example of particular situations which need to be examined. nVidia does several specific additional things:

                                                                                          • nVidia deliberately encourages hardware engineers to ship extra features
                                                                                          • nVidia publishes lots of extraneous GL extensions
                                                                                          • nVidia embraces and extends the GL specification

                                                                                          From this perspective, nVidia assigns dozens of engineers to tiger-team their GPU support in game engines as part of a larger strategy to ensure that nVidia’s offerings are always able to lock in customers by offering a featureful experience which other vendors cannot offer.

                                                                                          This is not the only possible strategy. When AMD acquired ATI, they started publishing AMD/ATI hardware information, which led to the Free Software community writing several drivers for their hardware. (I wrote one-and-a-half of those drivers.)

                                                                                          The only problem that remains here is the fact that you can’t chain GPL projects. That is to say, one can’t use GPL code in their own double-licensed GPL code, but there are workarounds for that (e.g. isolating the GPL dependency and open-sourcing the changes to that alone). Still, this seems like the kind of problem that could be fixed by an off-shoot of the GPL meant for just this use-case.

                                                                                          This isn’t a problem for us. This is certainly a problem for your employer. But this feature of GPL is not just a nuisance to employers; it’s essential to maintaining the Four Freedoms.

                                                                                          Currently, a company that wants to include GPL into their project has two options…

                                                                                          There’s three, actually. The third option is to take a hard look in the mirror (at the corporate level) and realize that they can just pay people to write code. This might sound cold, but Google is an example of a very large company which avoids the GPL by re-implementing whatever is required, up to and including libc.

                                                                                          But what if the “pay the maintainer a small sum” option was available. Wouldn’t the liability afraid giants look towards this much more favorably than either of the other 2 options?

                                                                                          You’re so close and yet so far! For liability reasons, corporations are increasingly forced to employ people like this, rather than keeping them at an arm’s-length or contracting distance. And that brings us to the previous point.

                                                                                          I’m going to close by noting how you talk about (little-c) communism, because I think that it is worth exploring.

                                                                                          In the open-source communist utopia, everything is open source and nothing is for sale, so dual-licensing doesn’t fit that particular utopia.

                                                                                          Curiously enough, this is also the case in a capitalist utopia! Suppose that markets are efficient and that capital investment is available to everybody (the cost of capital has zero/negligible premium). This creates a capitalist-libertarian paradise where anybody who participates in a market as a buyer can also immediately become a seller in that same market by offering to sell what they’ve already purchased. (If this sounds fanciful, consider how existing stock markets work.) Now, consider the market for any particular piece of information. The only reasonable equilibrium is zero, and so the price will slowly fall; each buyer of the information becomes a seller and increases supply while lowering demand.

                                                                                          This is not just a theoretical exercise; the introduction of the printing press completely changed Western Europe, and its only action was to lower the capital investment required to duplicate information. Bibles produced in the Middle Ages and earlier were extremely expensive; with printing technology, Bibles became so much more common that today, they are given away for free and people often turn them down as (monetarily) worthless!

                                                                                          What, exactly, is the problem with communist utopia? You seem to think that it will result in people starving, but people are already starving.

                                                                                          1. 2

                                                                                            The ethical taint comes from the idea that the idea that, paraphrasing RMS, copyleft only works because of copyright and is only needed because of copyright. A world without copyright cannot support the GPL, but it would not be necessary to use the GPL because code would already be quite free. To release a non-free program is to attempt to create an artificial scarcity of that program’s source code, an ethically questionable action at best and a step towards monopoly and market distortion at the worst.

                                                                                            Even so, it still seems preferable to closed-sourced code. But, my main argument is that dual-licensing GPL is probably better than using something like MIT or pure GPL if our goal is moving towards a more free environment. If a free environment can be or is reached, the need for a license goes away, or at most a license is simply a requirement for citing the authors (as in BSD style licenses)

                                                                                            This isn’t a problem for us. This is certainly a problem for your employer. But this feature of GPL is not just a nuisance to employers; it’s essential to maintaining the Four Freedoms.

                                                                                            I kind of agree here, from my perspective chaining is great. It’s just that it might lead to rather complicated contract chains when dual licensing. It might also stop dual-licensing if some component down the chain isn’t dual-licensed, but in practice, this isn’t a problem since so little software is released under GPL, and even less so under more restrictive versions like AGPL.

                                                                                            But there’s nothing to say one can’t distribute money from dual-licenses downstream to other dual-licensed GPL code being used by the project.

                                                                                            It is possible to view code ownership under a more collaborative, imperative model, where the point of code ownership is to maintain the code and keep it viable. From this perspective, many codebases, including Linux and CPython, operate under a sort of polder model which combines community contributions, academic research, business-driven optimizations, and user-desired feature work into a single holistic effort to maintain source code.

                                                                                            This can be true for a few projects, but it doesn’t seem to be the case for the vast majority of projects. Especially once you get into domain-specific stuff were only a few hundred or thousands of people are using the library, as opposed to it running on more than half of the Turing complete hardware on the planet.

                                                                                            There’s three, actually. The third option is to take a hard look in the mirror (at the corporate level) and realize that they can just pay people to write code. This might sound cold, but Google is an example of a very large company which avoids the GPL by re-implementing whatever is required, up to and including libc.

                                                                                            That’s actually true, I guess, but it seems like the worst of all possible scenarios and impractical for all but a few companies.

                                                                                            1. 1

                                                                                              The big problem with dual licensing GPL + proprietary is that anyone who accepts the GPL is then free to make changes that are GPL-only. If enough people do this, your proprietary version will lag in features and it can’t adopt the GPL’d changes unless the authors are willing to assign copyright or sign a CLA that allows relicensing. If your project actually gains traction and a thriving ecosystem, the GPL’d version will end up displacing your version because everyone will contribute to it and can pull in your changes but you can’t pull in theirs.

                                                                                              To add another anecdote to @shazow’s, I have also been paid to write permissively licensed alternatives to existing GPL projects by companies that didn’t want to comply with the GPL. For small libraries, it’s relatively cheap and if the permissively licensed version is useful it will get external contributors and is cheaper than maintaining a proprietary component. Large things are only feasible for a big company to do it but there’s also a greater incentive.

                                                                                              1. 1

                                                                                                There’s three, actually. The third option is to take a hard look in the mirror (at the corporate level) and realize that they can just pay people to write code. This might sound cold, but Google is an example of a very large company which avoids the GPL by re-implementing whatever is required, up to and including libc.

                                                                                                That’s actually true, I guess, but it seems like the worst of all possible scenarios and impractical for all but a few companies.

                                                                                                I acknowledge that this is an anecdote but I have personally witnessed tens (maybe even hundreds) of examples of people re-implementing code to avoid having complying with GPL/AGPL/etc license terms of a dependency. I can think of a few examples that I’ve discussed with peers just last month.

                                                                                                I can’t think of a single example in my entire career where an individual or company decided to change the license of their codebase just to comply with the license of a dependency.

                                                                                                This spans personal projects, startups, and big companies like Google. In fact I have done it myself on several occasions, and nearly all of my work is MIT licensed. Across the spectrum, I have never seen a company choose a copyleft license because they got tricked into it by a dependency rather than because they felt aligned with the ideals of that license.

                                                                                                I agree that this is the worst case scenario, and I submit that it also by far the most common scenario.

                                                                                            1. 40

                                                                                              I seem remember a time when people were very insistent that non-code or minor contributions were just as important and valid as major code contributions, and that using social coding sites like Github instead of email patch lists or whatever was an unalloyed good. Many folks were mocked or shunned for being “gatekeepers” or being unwelcoming to new developers who–frankly–were often just padding their profiles with forks and trivial PRs.

                                                                                              I am not too big a sock to admit some amusement, then, upon reading about this situation. :)

                                                                                              (More seriously, there is a balancing act to be had in setting community norms around participation when there are in fact bad or just inconvenient actors in sufficient numbers to cause harm. Hopefully this sort of thing encourages people to reflect more on the philosophical underpinnings and practical weakpoints of open source as is practiced today.)

                                                                                              1. 47

                                                                                                There is kind of an easily understandable difference between:

                                                                                                • a non-code minor contribution - eg correcting a link or some spelling in a readme, a non code non-minor contribution - eg writing good documentation, a minor code contribution - eg any actually minor bugfix
                                                                                                • bad faith spam non-contributions (nontributions?), like what was talked about in the article

                                                                                                The former is what people were clearly very insistent was important and valid; the latter is what people are complaining about now as obvious spam. Conflating the two serves as gatekeeping, which, given your pro-gatekeeping statement, seems like it might be deliberate? It might also be just that it was a throwaway comment that you haven’t thought through though, so I might be reading too much in to it. My apologies for the aggressive tone of my previous version of this post.

                                                                                                Edit: Edited for civility, clarity.

                                                                                                1. 10

                                                                                                  No offense taken, and I rather like the nontributions coinage. :)

                                                                                                  The thing is that a lot of that is in the eye of the beholder…some of these comments tweaking readability or fonts or adding emphasis or whatever are kinda at the same level as fixing typos. The mechanism is the same, the only differences being the (arbitrary) decision in validity and the motives behind the contribution (free t-shirts versus whatever else).

                                                                                                  The problem with saying “well some of these are nontributions and clearly are in bad faith” is that in the past things like Code of Conduct proposals, switches to code styling, changes to vocabulary, and whatever else have been objected to by project maintainers who have then been pilloried.

                                                                                                  Even the concern of “well, these people are bad faith because they’re just doing it to get a free t-shirt” can be made to draw parallels to the (apparently acceptable) motives of people on web working groups and standards committees and commercially-backed projects like React or docker.

                                                                                                  I bring these things up specifically because I think the objections to Hacktoberfest are a good chance to reflect on what’s become of our culture and practices, and to wonder if maybe the things that irk us here are not worse but somehow given a pass elsewhere.

                                                                                                  1. 23

                                                                                                    If you look at the examples in the repo, they are all nontributions. Find me the person defending this PR for example.

                                                                                                    I extremely dislike sort of “raise the level of abstraction”-style discourse when someone here has clear, empirical examples of a thing being annoying not because it’s “not code” but because it’s spam (lots of these are code changes!)

                                                                                                    I think we all like having good docs, and people who send in contributions to docs that improve them… I mean who objects to that?

                                                                                                    Maybe you have a problem with people claiming they work on a thing without touching the main codebase (which is… I mean that’s you), but that’s pretty offtopic here tbh. (EDIT: leaving this here but I mean this in the least accusatory way possible, not trying to be dismissive of that topic as a whole)

                                                                                                    1. 8

                                                                                                      If you assume the person making the PR waa doing so in good faith (albeit without sufficient skill) then this exercise in “abstraction” gives us a really good chance to say “okay, shit, how do we deal with eternal September in software projects, and how do we deal with new users that just kinda suck without turning them off”?

                                                                                                      If you assume the people opening PRs are doing so in bad faith, then the question becomes “what features of modern open source are ripe for abuse and how do we manage that without losing our souls (more)?”.

                                                                                                      1. 2

                                                                                                        You want to have this conversation, fine, but it’s absolutely not what is being discussed right now. It comes across as derailing the conversation about bad-faith contributions like the ones linked obviously are.

                                                                                                        1. 3

                                                                                                          What’s the “conversation” about the bad-faith contributions, other than acknowledging what is effectively open source drama and whinging about a publicity stunt that went wrong? Rubbernecking at bad PRs?

                                                                                                          I think a derail is order, because the current tracks lead nowhere interesting.

                                                                                                    2. 5

                                                                                                      Right. My reply to this kind of thing is that the faculty of judgment is needed (even if only a little bit) on an individual basis even when things are easy to see as a group, because we don’t yet have an easily understandable general philosophical treatment of ontology and what you might call ‘thing-ness’ - the Platonic Man argument basically showed the problems with naive attempts to draw categorisations thousands of years ago.

                                                                                                      As it turns out, the thing we want to know is ‘is this a contribution or a nontribution’ (similar to the ‘spam vs ham’ test) which does not in any way boil down to bright lines that don’t require the faculty of judgment. Sometimes a minor doc change can be really really helpful (eg in the installation instructions for newbies!). But as part of contributing, we can reasonably expect contributors to think ‘hey, is this a contribution?’ and if it isn’t, to not send a PR, in exactly the same way we can expect people to think ‘hey, is this spam?’ and not send spam if it is.

                                                                                                      Edit: Like, with spam, we might ask things like ‘is this addressed to me?’ ‘Is this grammatically well formed?’ ‘Are there gratuitous spelling mistakes?’ ‘Does this ask me to send money?’ but none of those things actually make something spam or ham - in fact, no contents of an email mechanically definable with a simple rule will definitionally make it spam or ham, so we can’t say ‘Answering the wrong way to these definitionally makes it spam, otherwise ham’. But the person sending it knows, and if the person receiving it has the mental bandwidth to think about it, they know too.

                                                                                                      Second edit: One of the things that makes the formal sciences so interesting to me is that when something is properly, fully in the domain of a formal science this does not apply. We know what a triangle in some axiomatic system we put together is, because we define what it is.

                                                                                                  2. 25

                                                                                                    I don’t think “minor contributions” are the problem here; I went through some of the PRs and many are indeed 100% pointless:

                                                                                                    • Change font-size: 25px to 24px in some CSS file, with only “Update styles.css” as a description. What’s the point of this?

                                                                                                    • Change 404 Not Found to 404 error found. Pointless change and awkward English.

                                                                                                    • Change font-style: normal to bold on the main body text, again with no description of why. There are actually two PRs which do this.

                                                                                                    • A PR with “Improve indentation and add some comments” sounds like a promising and useful “minor change”, but if you look at the actual diff it’s just adding some really weird and pointless comments and newlines. Another promising “improve docs” PR just adds ### Great Work, hmkay?

                                                                                                    • “Add files via upload” sounds promising as well, but it adds 2MB of images which don’t seem used and makes some CSS changes which seem pointless and are unexplained.

                                                                                                    • One PR just adds <h1> misbah </h1>. Wut?

                                                                                                    In short, none of these are “minor contributions”. Labelling them as “spam” and closing them without comment is perhaps rather harsh, but to be honest all of these PRs are just complete garbage so it’s not really an unfair classification.

                                                                                                    1. 19

                                                                                                      I also though some of the PRs in the screenshot looked reasonable, but I implore you to actually go through the PRs closed as spam.

                                                                                                      Here’s the first I clicked on from the openstreetmap-website repo: https://github.com/openstreetmap/openstreetmap-website/pull/2866/files - add “made with love” to the readme.

                                                                                                      Here’s the first PR I clicked on to whatwg/html: https://github.com/whatwg/html/pull/5991/files - add “thankyou” to the readme.

                                                                                                      Here’s another PR: https://github.com/whatwg/html/pull/5981/files - replace “404 Not Found” with “404 Error Not Found”.

                                                                                                      Another one: https://github.com/whatwg/html/pull/5990/files - decrease the font size of a particular element from 25px to 24px (no description which argues why 24px is better than 25px, just the smallest visual change you can make).

                                                                                                      This one is nice: https://github.com/whatwg/html/pull/5975/files - add ‘i += 1 // Increment i’ style comments to the CSS and add newlines.

                                                                                                      All the PRs marked as spam are like this. No effort put into the code change, no effort put into the description or presentation of the PR. Most just leave the PR template untouched, with no attempt to fill out the relevant fields or argue why the fields in the PR template don’t apply. These are actually spam PRs. They’re not just good faith “non-code or minor contributions”.

                                                                                                      1. 19

                                                                                                        non-code or minor contributions

                                                                                                        FWIW the PRs are spam because they aren’t improvements, not because they are changing things other than code.

                                                                                                        Browsing through some of the example spam PRs people linked, it doesn’t look too me like spammers are particularly shy about putting their non-tributions to code files rather than markdown does.

                                                                                                        1. 1

                                                                                                          s/markdown does/markdown docs/

                                                                                                          This is what I get for using a phone keyboard carelessly

                                                                                                        2. 14

                                                                                                          I seem remember a time when people were very insistent that non-code or minor contributions were just as important and valid as major code contributions, and that using social coding sites like Github instead of email patch lists or whatever was an unalloyed good.

                                                                                                          I think these two can be separated. Non-code and minor contributions are important - just look at Rust, which has gained a great deal of popularity in the language-hacker community due to the easy and approachable process of contributing to the compiler, the core libraries, and the documentation thereof (which is superb, in my opinion).

                                                                                                          There are real issues with the way many mailing lists are run: mandating formats that are difficult to achieve with the software most people use for e-mail, for instance. As much as we might wish that all e-mail clients had a good plain-text mode, most don’t. But, again, these are separate issues; and, indeed, your implication that not using social coding sites like sr.ht or GitHub or Gitea or whatever makes it less likely to get these spam contributions does reinforce the idea that it raises the barrier to entry for contribution. If that’s an explicit goal, perhaps with the intention to avoid these kind of spam contributions, that’s fine; but being snarky about being called a gatekeeper is incompatible with that goal.

                                                                                                          Any open system with many participants is going to have spam. Here, DigitialOcean is purposely exacerbating that through either malice or incompetence, but I have to say, I don’t think that means that lowering the barrier to contribution isn’t a positive thing in general. Anecdotally, I’ve received many, many more useful contributions to repos hosted on social coding sites with many users like the GNOME GitLab and GitHub itself than to, for instance, my hardware enablement libraries on my personal Gitea.

                                                                                                          1. 7

                                                                                                            I think these two can be separated. Non-code and minor contributions are important - just look at Rust, which has gained a great deal of popularity in the language-hacker community due to the easy and approachable process of contributing to the compiler, the core libraries, and the documentation thereof (which is superb, in my opinion).

                                                                                                            Thanks for highlighting that! This is indeed a conscious project strategy and IMHO also a useful driver of a) growing small contribution into larger or b) the problem that many projects are facing around cleaning the dust out of the corners. Relying on small contribution also means people leaving is not as hard. And that builds a special base to talk to: the Rust project is capable of doing things finding 10 translators for our survey in a week.

                                                                                                            The problem is indeed the incentive system that Hacktoberfest has built.

                                                                                                          2. 7

                                                                                                            There are already many examples in sibling comments, but here’s another collection that one of my repos was hit with this morning:

                                                                                                            Look at the recent commits of this user: https://github.com/Cha7410?tab=overview&from=2020-09-01&to=2020-09-30

                                                                                                            Every single one of them is a negative contribution (negtribution?), where the change is factually/grammatically/syntactically incorrect.

                                                                                                            All of the PRs have an empty body with no explanation and use the same boilerplate commit message. These are not contributions by any metric.

                                                                                                          1. 5

                                                                                                            Rust’s standard library is severely lacking by comparison

                                                                                                            I take some issue with the description that it’s lacking. As far as I understand, this was a deliberate design choice. I’m not familiar enough with it to be able to comment on the actual reasoning behind that decision (maybe someone else can clarify?), but in my own experience, the split between the standard library and other crates for additional functionality has only been positive.

                                                                                                            1. 23

                                                                                                              Yes it was an active choice to have a small standard library in rust. But calling it lacking is valid, it’s just the other side of the coin.

                                                                                                              Upside:

                                                                                                              • you don’t have to decide on the standards and scope of your STD*
                                                                                                              • you can easily change stuff in crates and evolve rapidly, you can’t just change an std lib (see rust error trait)
                                                                                                              • the community can figure out the best designs over time and adopt new things (async)
                                                                                                              • you have a wider selection to choose from and don’t have to “pay” for unused std stuff*
                                                                                                              • less deprecated-since-1.0 interfaces (looking at you java)
                                                                                                              • less work to do for the std library team, workload easier to scale
                                                                                                              • build systems like cargo are better because they have to deliver, otherwise you don’t want to include so many external crates

                                                                                                              Downsides:

                                                                                                              • there is no official standard, even if it’s defacto one (serde), making it harder for new people to figure thm out (which is why this post exists..)
                                                                                                              • because crates can do whatever they want your crates aren’t as stable as std included libraries
                                                                                                              • you can get many competing standards (tokio/async-std/.., actix/tower) which are hard to compare or decide on if you want something that is just stable and has the biggest support in the community
                                                                                                              • you have to decide on your own and hope that you’ve selected the long running horse for your project

                                                                                                              I think rust also had a longer way figuring out the best practices for libraries and things like async/await came later to the party. If you’d have included some of the current libraries 2 years ago in std, they’d have a hard time to keep up with the latest changes.

                                                                                                              *Well you still have to, but it’s easier to say no when you already have a slim std.
                                                                                                              *You could recompile std to not include this, and it’s something that is AFAIK being worked on. But as of now, you don’t get to choose this.

                                                                                                              1. 5

                                                                                                                I’d like to submit one more downside, based the cousin thread from @burntsushi:

                                                                                                                • more concern about the transitive dependencies, and related consequences

                                                                                                                I’m appreciative of how nice it is to be able to reach for the stdlib and know that you’re introducing precisely 0 new dependencies, not even have the mental overhead of auditing the dependency tree or worrying about future maintenance burden etc.

                                                                                                              2. 2

                                                                                                                It was an active choice; it’s more maintainable and paired with a good dependency management solution like Cargo you can just release the batteries as versioned libraries (and often people will build better ones). Versioning gives you a lot of freedom in changing the API, reducing the pressure on initial design.

                                                                                                                It’s still fine to call it lacking IMO. The stdlib is largely “complete” by its own standards but it does lack things others have, and it’s a common thing people from other ecosystems take time getting used to. shrug

                                                                                                              1. 4

                                                                                                                I wrote a similar tool for myself many years ago, I do recommend having something like this. Every time I want to play with source locally, it’s nice to remove the need to decide where it should live.

                                                                                                                My version is here, just a short shell script: https://github.com/shazow/dotfiles/blob/master/local/bin/hub-clone

                                                                                                                1. 1

                                                                                                                  Nice! It’s really nice to see that others have been thinking along similar lines!

                                                                                                                1. 3

                                                                                                                  Great write-up. Out of curiosity, what kind of stuff are you doing in Rust nowadays?

                                                                                                                  1. 6

                                                                                                                    Mostly web, WebAssembly on the server, command line tools and the like so I can boule up to one of my bigger project ideas I’ve wanted to make for a very long time: something that can effectively function as a type checker for Lojban sentences. I originally tried to do this in Go but it was not expressive enough.

                                                                                                                    1. 4

                                                                                                                      I really love your blog posts and their aesthetic, thank you for sharing!

                                                                                                                      Maybe this is not your style (I find your posts to be very constructive which I appreciate), but I’d love to read about your journey with the Lojban type checker and the frustrations you ran into with Go and how you imagine an ideal type system/language would make those things easier. :)

                                                                                                                      1. 2

                                                                                                                        That’s very cool. People are all into machine learning for natural languages, but I’ve never heard of anyone approaching the problem from the other end.

                                                                                                                        1. 4

                                                                                                                          Yeah, turns out doing something in a way that violates nearly every known standard for doing it is hard lol. I’ll go into more detail in the blogpost (if it ever gets done lol), but basically I want to be able to understand sentences well enough to ingest a bunch of them (say: wikipedia) and then be able to ask questions and get answers back.

                                                                                                                          I have a basic prototype with Toki Pona, which is currently able to answer basic questions about sentences you feed it:

                                                                                                                          $ go run .
                                                                                                                          |toki: mi li sona e toki pona
                                                                                                                          2020/09/20 21:20:55 registering fact: bridi(verb(sona), subject(mi), object(toki_pona)).
                                                                                                                          |toki: seme li sona e toki pona?
                                                                                                                          2020/09/20 21:20:57 Query: bridi(verb(sona), subject(A), object(toki_pona)).
                                                                                                                          2020/09/20 21:20:57 found bridi(verb(sona), subject(mi), object(toki_pona)).
                                                                                                                          

                                                                                                                          It doesn’t support most of the language, however it does do a half decent job at what it can do. Look into how context.go works to see where the sins of my design live. TL;DR it recompiles a subset of Toki Pona into Prolog facts/questions. One of the things I want to do is then compile the prolog back into Toki Pona sentences, but that was just too annoying to accomplish in Go at the time.

                                                                                                                          Doing this in a language like Rust would make the parsing steps a lot easier because I can make the structures a lot more generic. Not to mention figure out who “I” and “you” are in dialogue and tag those appropriately.