1. 18

    bbatsov, thanks for all your hard work on rubocop. I’ve had a few of these heated OSS issues in my time too. Just remember to keep perspective, policing in the USA is a very hot topic right now; there are millions of protesters on the street for a reason. If I was in your shoes: I’d tell everyone to step away from the issue for a month, let me consider the issue and make a decision then. Time often brings clarity.

    1. 27

      Just remember to keep perspective, policing in the USA is a very hot topic right now; there are millions of protesters on the street for a reason

      They are protesting because of police brutality, not because of the term “cop”. This is a bit like saying we should ban the term CO2 because of climate change.

      1. 5

        One of the biggest rallying cries of the current movement is “defund the police”. It is not just police brutality but the concept of policing itself which demonstrators are calling into question. I think that context is missing from this discussion.

      2. 53

        With all due respect, mister Perham.

        You might want to consider the other side of the argument, that a lot of people are not from US and more developers in Europe (and elsewhere) are pissed and tired of American politics.

        I would rather see bbatsov spend time with his friends, family and kids than to spend a another minute on this issue. If he wishes to spend this time on OSS, my guess would be that he can find a way more interesting problems to tackle.

        1. 3

          Stepping away from a month might be a good start, because who knows what riles up folks in July? Probably not the police and in that case nobody will care about the name anymore, at least not the degree that they’re willing to maintain a fork over it. If there’s still interest in having a fork next month, then so be it?

          Asking him to spend any time on preparing the rename he isn’t interested in is, however, intruding in his life.

          1. 2

            This is a well articulated comment. I think your advice is reasonable.

          1. 3

            I go to Dragon Name Generator and spin the wheel until I find something I like. For IoT device names I add a suffix indicating the device type. For example, “Peitynos the TanTan Plug” or norynth-the-raspberry-pi.

            1. 3

              Did I miss something in this article? Sounds like the investigation of the BBS world turned up nothing of interest?

              1. 3

                That’s the joke. It’s a spoof of other breathless “exposés” of purported seedy underbellies of technology, commonly found in publications like VICE. Below the irony is a brief tour through the modern BBS scene and a reminder that, yes, there’s a modern BBS scene.

                1. 1

                  I guess I feel into that joke then :)

              1. 8

                That super strange mozilla used a googledoc instead of a blogpost for doing such a punmication

                1. 5

                  Maybe they want google to read it.

                  1. 5

                    Mozilla uses Google Apps internally; my guess is that this started as an internal document and they said “well we can just reuse it to share publicly”

                    1. 3

                      Other than the title of the paper, how do we know this is actually from Mozilla?

                          1. 2

                            Thanks. I’m not really in the habit of trusting random google docs, and wasn’t able to find anything like this.

                        1. 2

                          Similar, internal position/planning/architecture documents tend to be written and distributed this way. This one happens to have been made public.

                        1. 15

                          I’m not particularly thrilled with either the tone or content of this essay.

                          First, there’s some revisionism:

                          The first reason that WebAssembly is different is that it’s succeeded, and those technologies did not.

                          The essay goes on to redefine “success” in some super-niche way and qualify it, but this is rhetorically dishonest. I might as well write in an essay that “The first reason I disagree with them is that @steveklabnik is a fascist” and then go on to explain that by that I mean a fascist who supports government control of resources and careful policing of speech…sure, under that tortured definition I am both consistent and not wrong, but you wouldn’t be faulted for observing that I’m not right either.

                          They were never standardized, and that matters a lot.

                          JVM was never standardized.

                          Flash was not built on ES3/ES4 standards.

                          Unfortunately, just because something is standardized and went through the wringer doesn’t mean it isn’t hot steaming garbage.

                          If you built an applet in one of these technologies, you didn’t really build a web application […] You lost all of the benefits of other web technologies; you lost HTML, you lost CSS, you lost the accessibility built into the web.

                          Most of those features didn’t exist when Java applets first came out in 1995. Most of the useful stuff that Flash was good at didn’t exist in browsers for most of the 00’s. The essay is trying to sell you on a state of history that didn’t exist in any meaningful way.

                          “Don’t break the web” is a very, very important rule for browser vendors.

                          “…unless it gets you marketshare” is the rest of the sentence that the author leaves out. Browser vendors (and hell, let’s be real here: we mean Google, Apple, Microsoft, and that’s basically it these days) break things all the time and don’t care. https://caniuse.com/ is a monument to this fact.

                          Then there’s seeming misunderstanding about how browser development works:

                          These companies have significant motive to make profit, not to make the web better.

                          “Making profit” is how IE managed to deliver the first working version of CSS. Similarly, how they delivered a little thing called XMLHttpRequest, a small api with passing utility later adopted by every other browser manufacturer.

                          Google Chrome delivered lots of neat features ahead of standardization specifically so they could feed the ad machine. And Mozilla happily rode those coattails for a good long time.

                          I think the notion of “let’s make the web better” ultimately–intentionally or not–boils down to “let’s serve ads better”, once you look at things in context.

                          …and how companies work…

                          WebAssembly is a joint venture between Mozilla, Google, Apple, Microsoft, and others. It’s not trying to push anyone’s particular platform, but instead represents the shared interests of a wide number of stakeholders, both corporate and individual.

                          So, two ad-driven companies, a company known specifically for locking-down platforms (and goofing around in standards and industry groups if one’s familiar with OpenGL or the development of the Cell processor), and a company who is switching to moving as much of their stuff into the cloud–where it can be taxed and leased to users without fear of reprisal. I see why they might want to support WASM.

                          …and how maintenance works…

                          It’s hard enough to maintain one runtime, let alone two. And then how do you integrate them?

                          Runtimes don’t all need to be integrated, and we handily managed to keep the runtimes for JVM and Flash maintained for more than a decade, by letting interested parties support them.

                          …and how language proliferation and the Tower of Babel work…

                          Do we really want to christen one language as the next language of the web? We already have JavaScript. Are we someday going to introduce a third language? A fourth? An agnostic approach is significantly better for longevity’s sake.

                          Picking one language is better for longevity’s sake. Standardization–the shibboleth touched on here and there in this essay–would suggest that we take one language and adopt and update it as needed.

                          Wasm, as I rallied about many a time, is likely to make frontend dev skills even less portable than they already are. It’s an opportunity to let language writers and well-meaning developers rediscover every mistake in their language and find some way of introducing it into the browser and then saddling devs with their shortcomings!

                          …and how security works.

                          Wasm is missing some features of regular assembly language that can cause security vulnerabilities, like stack smashing. Wasm is memory-safe, which is huge!

                          And yet it directly enables malware and side-channel attacks, while it’s proponents kinda ignore the issue and forge ahead.

                          ~

                          We’re all going to be stuck with the outcome of this, and folks promoting the technology for their own career advancement or aesthetics are doing so, seemingly to me, without enough care for the ramifications of what they’re pushing.

                          EDIT: Cleanups to soften this up a bit…my annoyance got in the way of my politeness.

                          EDIT: Removed many “actually”’s in various headers, since I read them in my head as “well ak-shu-alee”

                          1. 26

                            I’m going to give you one reply, but that’s it; we have such a divergence of opinion so often that I don’t feel like we’re really going to agree, but I would like to respond to some things.

                            The essay goes on to redefine “success” in some super-niche way and qualify it, but this is rhetorically dishonest.

                            I tried to be super clear here that this is from an implementor’s perspective. Success in this context means “becoming part of the web platform.” I don’t feel that’s dishonest, it’s about being clear about exactly what I’m trying to talk about.

                            JVM was never standardized.

                            That’s a specification, not a standard.

                            Flash was not built on ES3/ES4 standards.

                            “built on” does not mean “conforms with”; ActionScript and ECMAScript are similar, but different.

                            Unfortunately, just because something is standardized and went through the wringer doesn’t mean it isn’t hot steaming garbage.

                            This is true, but that’s why I qualified what this post is about. The user’s perspective is something else entirely.

                            Most of those features didn’t exist when Java applets first came out in 1995.

                            CSS was in development at the time, and shipped in 1996, it’s true. But regardless of the start, that kept being true. They could have added support, but they did not. It’s effectively the same.

                            https://caniuse.com/ is a monument to this fact.

                            CanIUse, to me, is more about when you can adopt new features. They ship in different browsers at different times, but eventually, a lot of stuff is the same. Crossplatform web development has never been easier.

                            Runtimes don’t all need to be integrated, and we handily managed to keep the runtimes for JVM and Flash maintained for more than a decade, by letting interested parties support them.

                            Yet they still were full of vulnerabilities. This was due to the disconnect I talk about in the article. It also doesn’t address the inherent complexity in coordinating two runtimes compared to one.

                            enables malware

                            This was already possible with JS, wasm doesn’t fundamentally change things here

                            and side-channel attacks,

                            This article is clickbait nonsense. It says that this could happen, but ignores that everyone involved with WebAssembly is acutely aware of these issues, and is not moving forward until they’re addressed. Heck, before Meltdown/Spectre was announced, I was in a room with one of the main designers of WebAssembly, and someone brought up SharedArrayBuffer for some reason. He said “yeah so you shouldn’t rely on that and I can’t talk about why”. Then we all found out why.

                            You’re letting your disdain bias you against the facts.

                            while it’s proponents kinda ignore the issue and forge ahead.

                            TC39 is not the body that standardizes WebAssembly.

                            We’re all going to be stuck with the outcome of this, and folks promoting the technology for their own career advancement or aesthetics are doing so, seemingly to me, without enough care for the ramifications of what they’re pushing.

                            This kind of slander is why I rarely post to lobste.rs anymore. I’m out.

                            1. 2

                              This was already possible with JS, wasm doesn’t fundamentally change things here

                              It makes things easier, and the general increase in performance allows more interesting and obtrusive categories of malware than we saw with JS.

                              Heck, before Meltdown/Spectre was announced, I was in a room with one of the main designers of WebAssembly, and someone brought up SharedArrayBuffer for some reason.

                              There’s no sane way to have multiple threads and shared memory primitives of which I’m aware that don’t enable timing attacks at this time. The option seems to be to remove them entirely, and the Github link shows that at least a few people are hesitant to do that.

                              TC39 is not the body that standardizes WebAssembly.

                              Thank you for the correction–I don’t know if there is a lot of bleedover between the groups. If there is, my concern remains.

                              This kind of slander is why I rarely post to lobste.rs anymore. I’m out.

                              That’s my honest opinion, slander wasn’t my intent. This pattern is being repeated everywhere in our industry. If you don’t think it applies in your case, please correct me.

                              1. 16

                                That’s my honest opinion, slander wasn’t my intent.

                                Making an unsubstantiated accusation in a public forum is slander, even if you happen to believe the accusation to be true.

                                And to be clear, you accused promoters of wasm of self-interestedly putting career/aesthetics above the common good. You made no allowance for the idea that they might actually have decent reasons for believing and acting as they do. If they disagree with you on wasm, then they are simply a bad person.

                                Putting all of that behind a “it seems to me” doesn’t actually change what you are saying. If you meant something else, I strongly suggest rewording. If not, then please don’t post such attacks on Lobsters.

                                1. 3

                                  Please consider the original phrasing–there’s a reason I picked it:

                                  We’re all going to be stuck with the outcome of this, and folks promoting the technology for their own career advancement or aesthetics are doing so, seemingly to me, without enough care for the ramifications of what they’re pushing.

                                  I state one thing as fact: we’re stuck with the outcome of the wasm debate.

                                  I state the rest as opinion: the set of people promoting the technology, who are doing so for their own career advancement or aesthetics, seem to be doing so without enough care for the ramifications of widespread wasm adoption it seems to me.

                                  There is a much more direct way of slandering people if that’d been my goal.

                                  1. 8

                                    Sidestepping the question of whether it’s slander: it’s non-constructive and counterproductive to speculate about the intentions and motivations of the people you are discussing with. It’s poisoning the well.

                                2. 9

                                  That’s my honest opinion

                                  It’s an accusation, not a matter of opinion.

                              2. 7

                                Browser vendors (and hell, let’s be real here: we mean Google, Apple, Microsoft, and that’s basically it these days)

                                I’m sure you know you’re writing to a Mozilla employee. Does saying “you’re not even a real browser vendor” really help your argument?

                                (I’ve worked at Mozilla. Loved it, but competing against some of the largest and most well-funded corporations in the world is hard, and it can be frustrating to see what they get away with. Jabs like this pile up and demoralize you.)

                                1. 2

                                  In my haste I plain forgot to list Mozilla. One of many glaring oversights I’ve made today.

                                  That said, my point is that there are really only 4 vendors that matter, since the vast, vast majority of browsers are powered using one of 3 or 4 engines.

                                  1. 2

                                    That makes more sense. Thanks for clarifying.

                              1. 16

                                Thanks for reporting this. There is a bug tracking this https://bugzilla.mozilla.org/show_bug.cgi?id=1472948

                                Update: The offending extension has now been removed! Thanks to Mozilla for the speedy response.

                                1. 2

                                  Hopefully they’re also hardening their review policies.

                                  1. 2

                                    I found some posts from around the time the “analytics” code was originally introduced, mentioning that it only applied to the Chrome version and not the Firefox one. I’d be surprised if this did actually make it through addons.mozilla.org’s review process.

                                1. 17

                                  You’d save yourself a lot of trouble upfront not borrowing the filezilla name - it’s trademarked. Already there’s an argument for whether “-ng” postfix constitutes a new mark, why bother even having it. Just completely rename it

                                  Hilariously their trademark policy seems to prohibit their use of their own name

                                  1. 3

                                    Oh, great point. We will need to think of a new name.

                                    How about godzilla-ftp.

                                    1. 14

                                      How about filemander? It’s still in the same vein as “zilla,” but far more modest. The fact that you’re refusing cruft, provides a sense of modesty.

                                      Also, “mander” and “minder” — minder maybe isn’t exactly right for an FTP client, but it’s not completely wrong…

                                      1. 4

                                        filemander

                                        Great name! A quick ddg search does not show any existing projects using it.

                                        1. 1

                                          And it sounds a bit like “fire mander”, which ties in well with the mythological connections between salamanders and fire.

                                          1. 1

                                            Yeah, the intention was to have a cute salamander logo–way more modest a lizard than a “SOMETHINGzilla!”

                                        2. 8
                                          1. 5

                                            Just remember to make sure it’s easy for random people to remember and spell. They’ll be Googling it at some point.

                                        1. 5

                                          I can’t follow this at all the way it’s presented.

                                          1. 4

                                            No worries, you are not the only one who is having trouble following it.

                                            This is not an editorialized piece of writing trying to guide you towards a particular point of view. It just shows unredacted facts. The intent is to allow anyone to be a bystander in the discussion that actually occurred and make up their own minds about related questions if they have an interest in doing so. And it is only happening in public because interpretations of what happened contradicting the facts were circulated in public (most recently at BSDcan).

                                            There are no easy answers to the questions raised by the full- vs coordinated-disclosure debate in general. If you are involved in the disclosure process of a security problem and fix, whatever you do, one way or another someone else might potentially be put at risk as a consequence of your actions. And not every risk assessment will lead to the same conclusions.

                                            1. 1

                                              Near as I can figure, there was a bunch of back-channel communications about the issue in the OpenBSD community until the guy who found the issue contacted CERT because he figured out the issue went way beyond OBSD. The OpenBSD folks apparently don’t trust CERT and decided to push a fix to protect OBSD users possibly at the expense of, well, everyone else because…I don’t know…screw them, I guess.

                                              You put us in a conundrum. We knew there was a problem and how to fix it. And when you got CERT involved, we had to assume that information about the problem was now leaking beyond your control into government agencies and private companies, and that some of those “in the know” would have had 2 months of extended embargo time to use an exploit against OpenBSD users. I don’t see any reason to trust every single person in those parts of the security community and in these institutions to act responsibly.

                                            1. 10

                                              Yet more reasons to not copyleft software.

                                              1. 15

                                                What gets more contributions in code or dollars by companies using it right now? BSD/Apache or GPL software? And on top of that, which gets used the most by companies intending to turn the use into money to pay for laws and court decisions to limit software compatibility or freedom?

                                                Those are a start at answering which to do if wanting mutually-beneficial uptake. I think the second question isn’t addressed nearly enough by GPL opponents. Saying that as a long-time advocate of BSD-style licenses that really reconsidered after watching the patent and API copyright action over time.

                                                1. 5

                                                  I’ve been through the experience of releasing software that was under a license (non-copyleft) banned by Google. The effect was clear: fewer people used it. I used said license as an ideological statement that reflected my views on copyright, but I simultaneously wanted as many people as possible to use the code I wrote. My goals were at odds with each other. I ended up switching the license.

                                                  Using a license on Google’s banned list has network effects that people might not account for. This banned license list doesn’t just apply to Google’s internal proprietary code, but also to their open source projects. If your library can’t be used in those, then people will find an alternative, or, failing that, create one themselves. The network effects of this should be obvious: “what library should I use for Foo?” “well, Google’s Huge Important Open Source Project Used By Very Serious People uses Quux for Foo, so that’s probably a safe bet.” There are other manifestations for this. For example, even if most people didn’t care about my non-standard license, the fact that Google does means that they are going to find and use an alternative for it. Google has a very large presence in open source, which means there is going to be a point at which you download some project and it might have both the library Google’s using for Foo and perhaps my own library for Foo, and now you get people being (quite reasonably) annoyed that they have two different dependencies in their chain for solving the same problem. Guess which one is going to win when an enterprising individual endeavors to consolidate their dependency graph?

                                                  Invariably, the ideological goal I set out with is tied to the goal of people using the code. If people don’t use it in the first place, then the whole point of using a different license to raise awareness about my cause will be for nothing.

                                                  Despite the fact that some people are “insulted” by non-standard licenses, I do still find occasion to express my views through my licensing choice, but I’ve found better ways to balance my goals.

                                                  I could use the above to be “mad” at Google, I guess, for being an Evil Corp that bullies the Small Guy via a complex struggle in power. And yeah, it was definitely a frustrating process to go through, and I was really stubborn about it for a long time. But that didn’t get me anywhere. I’m not a very good ideologue, and I can definitely understand why lawyers are reasonably unreasonable about these things, so there you have it.

                                                  (FWIW, I left my initial comment in this thread mostly out of annoyance that @pizzaiolo decided to thumb their nose at the submission guidelines.)

                                                  1. 1

                                                    I appreciate the detailed response. It seems your concern is that Google’s network effects will boost both contributions to and adoption of a lot of code. If Google won’t use it, you loose that. So, you want to maximize adoption by building things that Google specifically might use. Maybe also any other company with similar acquisition policies. That does make sense if Google’s (or their) pull is literally that great or you’re willing to put all your eggs in one basket (theirs). On other hand, it might not for a project that can get contributors without Google’s support. There seems to be plenty of those. The default for FOSS in general on use/contribute ratio or sustainability is pretty bad, though.

                                                    I keep coming back to solving this problem by actually selling FOSS to companies in form of licensing, consulting, and/or support. What the proprietary companies do but without the restrictions or lock-in. The main, revenue stream will indirectly finance dependencies that are packaged in their own libraries under FOSS licenses. People might contribute to them. If they don’t, they can still be maintained from revenue. The bigger benefit is that enough FOSS companies pulling in lots of money can afford to fight big companies threatening the FOSS model by using media and lobbying campaigns. Google is actually one of the few, tech companies that’s been doing that on Washington fighting incumbents in areas that threaten them like net neutrality or copyright.

                                                    1. 2

                                                      So, you want to maximize adoption by building things that Google specifically might use.

                                                      Well… no. I didn’t say that. I don’t wake up in the morning and think, “Oh I can’t wait to get home from work and spend time on my side project with the hope that Google will use it!” What I’m saying is that if you use a license that is banned by large companies (Google being one of them) that have influence in open source, then you’re handicapping the likelihood that others will use your code right out of the gate. Not everyone cares about that because not everyone has the same goals.

                                                      On other hand, it might not for a project that can get contributors without Google’s support. There seems to be plenty of those.

                                                      Again, that’s not what I said. It isn’t necessarily just about contributors, but also about use. Please remember that I’m describing my own experience with this. I observed the network effects first hand. What you do with that information is totally up to you, and outside the scope of what I want to discuss. :-)

                                                      1. 2

                                                        Well, if you’re just talking about big companies, then your position still makes sense where people aiming to get more use or contributions from them have to use compatible licenses. What large companies allow varies both for the general case and sometimes by what a specific piece of software will do. For instance, they use a lot of proprietary software with restrictive licenses even though they don’t like the licenses.

                                                        Maybe I should try to assess what happens with network effects of FOSS components that are being sold to same big companies. As in, they got them not because they’re FOSS but because they’re useful with great price and flexible licensing. If it’s a copyleft, it would have to be isolated as one application or service doing a specific thing so they didn’t worry about effect on other software. From there, it gets a lot of use with potential network effects kicking in because of large uptake. It might get contributions from companies using it just because they depend on it. There’s quite a few ecosystems out there of people doing open enhancements on proprietary stuff just because it’s what they use at work. Especially Microsoft and IBM.

                                                        There’s some overlap between what you were doing and this other model. Main difference is yours will get more pull where this one will need to be pushed. I don’t know if a push is inherently a bad thing if it delivers long-term benefits the solutions getting pulls don’t. It could be bad for specific authors, though, if they’re aiming for pulls like you were.

                                                  2. 12

                                                    So you’re fine with the requirement that I can’t license a program under ISC or anything non-GPLv3 for what it’s worth, when I intend on linking a GPLv3 library to it?

                                                    The goals of copyleft are laudable, but we regularly get upstream patches, also from Google employees, even though we use MIT/ISC only. And this carries on to many other projects.

                                                    If you really care about freedom by definition, you won’t use copyleft licenses, as copyleft limits your freedoms. On the other hand, copyleft is an effective tool to “force” people not to close down changes to code, obviously.

                                                    In reality though, I have found those companies not contributing back to suck at coding anyway. Those who do have a healthy idea of open source. Maybe that’s why most GNU-software sucks so much.

                                                    The discussion about copyleft or not is very similar to those about affirmative action or female quotas. By definition, e.g. female quotas discriminate against males as even males with higher qualifications get sorted out against females with lower qualifications. Anyone believing in equal rights rather than equal status will oppose that. Those who defend female quotas bring up terms like the “patriarchy” justifying it.

                                                    The motivation for the GPL is that companies are “by definition evil”. Sure, their drive is to make money and have power over you. Free software is a loophole in this regard. However, especially in the last few years, most companies have realized that it makes sense to just build upon open source and contribute back, especially for security relevant stuff, effectively negating the GPL-narrative. Apart from that, GPL-violations are rarely uncovered, so I’m pretty sure GPL-software is still used for nuclear warheads and there’s nothing you can do about it.

                                                    It was different in the 90’s and 00’s, but I only care about today and new code.

                                                    Stop taking yourself so important, as in the end, it’s about people in general benefitting from free software. And there are numerous examples where companies would’ve never considered open source solutions if they hadn’t been licensed permissively. For the advocates of the GPL, especially v3, it’s more about an agenda to turn all open code into GPL-code, and I’m sick of their propaganda and FUD.

                                                    1. 8

                                                      However, especially in the last few years, most companies have realized that it makes sense to just build upon open source and contribute back,

                                                      It was different in the 90’s and 00’s, but I only care about today and new code.

                                                      I suggest looking at firmware based on Linux on Android devices, and many embedded devices. The GPL is the only reason any of them ever even comes close to publishing source, and most still won’t.

                                                      You’re seeing a very small subset of companies if you look at those contributing to BSD/MIT/Apache2 licensed software.

                                                      And even Google has stopped contributing to most open source projects it once started, Android for example is almost entirely proprietary now, not even the call app is fully open source anymore.

                                                      1. 11

                                                        If you really care about freedom by definition, you won’t use copyleft licenses, as copyleft limits your freedoms.

                                                        “Using GPL / is encroaching on our rights / to encroach on yours”

                                                        1. 5

                                                          They wrote 8 paragraphs and this is all you get from them?

                                                          Yes, the GPL is encroaching on your rights to licence your software properly. If you’d like to add a non-commercial clause to your licence, for example, tough luck. It wouldn’t be GPL-compatible. If you’d like to take the advice above and add a clause that specifies your software can’t be used in relation to weapons research or advertising, tough luck! It’s not GPL-compatible. You’ll have to reimplement everything. That would otherwise be covered by open source libraries.

                                                          From what I’ve seen, the GPL is mostly used by companies to keep their software in some weird middle between proprietary and open source. In other words to restrict the rights to compete. If someone wants to take the software and improve it to compete directly with the company that started it, they have another company with relatively endless resources and rights to all of the improvements they’ve done breathing down their neck. So if they do anything meaningful, companies can take back the improvements and take back their head and leave the contributors/competitors in the gutter. The GPL is good for protecting code, not for sharing it, is what I’m getting at.

                                                          1. 11

                                                            Frankly I don’t blame them, the author pretty soon makes an ad hominem (GNU-software sucks), then diverts into a highly controversial topic(Affirmitive action), then a straw man (The motivation for the GPL is that companies are “by definition evil”.) if that were the case wouldn’t the GPL permit non-commercial restrictions.

                                                            If you’re a free software advocate not reading past the first three paragraphs is probably the most generous thing you could do in this discussion because everything after that just weakens the argument they made.

                                                            One could argue with FRIGN’s logic that if a business is afraid to use GPL/AGPL, that it’s the same as companies that are not contributing back. They are afraid that if they MUST share code in the future that it will harm them in some way. They probably suck at coding anyway.

                                                            1. 3

                                                              Frankly I don’t blame them, the author pretty soon…

                                                              It’s why I ignored the comment in favor of xi’s which just made specific points about software licensing that we can discuss. Much more productive approach. :)

                                                              “One could argue with FRIGN’s logic that if a business is afraid to use GPL/AGPL, that it’s the same as companies that are not contributing back. “

                                                              Most software doesn’t directly contribute a competitive advantage to the business using or developing it. Most software is closed by default. Most use of open source software, permissive or not, involves no financial, code, or documentation contributions back from companies by default. I think these things tell us some foundational things about both the nature of how businesses will approach software and what we might get them to do. How to specifically react to these is, of course, very open for discussion and experiment. I’d like to see more experiments with business models built on free software, though. To me, it seems no harder than building the product in the first place esp if GPL components are properly isolated from hard-to-copy stuff that companies are paying for. Finally, if there’s low-cost copycats, one can always differentiate on great, face-to-face service and reputation.

                                                            2. 3

                                                              Yes, the GPL is encroaching on your rights to licence your software properly.

                                                              The GPL is a license for other people’s software that says you can benefit from their work for free so long as you follow specific conditions, especially sharing your work back with them. It’s not your rights given it wasn’t your work to begin with assuming we’re thinking of software as something to be owned like in copyright law. When your work becomes the issue, you’re surveying others’ work that you might want to benefit from that come with various licenses. You get to choose which one you want based on your beliefs of how your own contributions should be licensed. GPL proponents might build on GPL. GPL opponents might build on another. Maybe something is there to use. Maybe you have to build it yourself due to no code compatible with your beliefs. Nobody has forced you to use GPL software: you simply are choosing whether to build on someone else’ work following their usage requirement or doing something different.

                                                              Your weapons example fits in my model nicely where it’s simply not compatible with GPL. Therefore, you’d look for code licensed differently. You might another person doing work for you for free had a license compatible with your expectations. Whereas, the GPL code would continue benefiting others without that extra requirement.

                                                              “In other words to restrict the rights to compete.”

                                                              This is a myth, too, given there’s a billion dollar business built on FOSS plus many smaller players that charge for it. Most don’t charge for it. So, they’re just not competing. Whereas, non-competitive practices in proprietary software were the norm. Most customers of the biggest software companies say the switching cost being prohibitive is a big reason they stay on the platform. The switching cost came from lock-in via proprietary languages, data formats, protocols, etc. People building on those that are open switch suppliers all the time even on major systems like databases.

                                                              As I said in a previous comment, the biggest threat to competition are companies that are bribing politicians to keep copyright and patent laws in a state that makes it illegal to compete. This is why IBM took out the company building on Hercules that let mainframe customers run their apps at a fraction of the cost on Intel hardware. It’s how Apple tries to keep software from even looking like theirs with Samsung forced to make their interface look like crap in Germany. It’s how Microsoft has collected over a billion in royalties off Android despite not contributing anything to it and trying to kill it in the market with Windows Mobile. It’s how it took a multi-billion dollar corporation’s deep pockets to stop Oracle from eliminating, taking most profit on, or seizing that same product. Two of these companies benefited a lot from BSD code that helped them get their revenues up enough to do more of these attacks. Another used GPL code mainly to reduce their own operating costs on infrastructure while shifting the lock-in to their 3rd-party apps built on top of it. That… at least helped on half the problem. The net effect of anything benefiting them is negative given they directly try to change laws in multiple countries to deny you basic rights like the ability to iterate on and improve a software implementation of an idea.

                                                              On other side, certain projects licensed under various free licenses had positive effects. This isn’t limited to GPL with success of Apache web server being first counterpoint coming to mind. Comparing them, though, I note that there were numerous times companies built on top of permissively-licensed code giving nothing back. There’s many cases, if not the default, of companies using GPL improving the product just because the license requires it and doing so didn’t hurt the business. The companies that did non-copyleft, shared source would occasionally close things back up after a lot of user contributions made their product better. QNX was an infuriating example. The GPL blocks that for at least components that got licensed under it. One company ceasing improvements doesn’t change anything if it’s really useful to another company who picks up the ball others dropped.

                                                              So, I see more positives out of GPL-like licenses than BSD’s if we’re talking contributions over the long term, esp by greedy companies. They also contribute less to the big companies’ evils when they adopt them as we see with IBM and Google. The companies even accidentally do good since the license forces their improvements back into the code that can be used by others doing good. Also, as I told burntsushi, it’s also important to remember that you can still license GPL software for a profit. There’s a number of companies, big and small, doing this. If it’s your own software, you can even do whatever you want with it under other licenses. The GPL version just gets to remain free with all contributions that get distributed shared back with people.

                                                              1. 1

                                                                Emphasis is mine..

                                                                especially sharing your work back with them. It’s not your rights given it wasn’t your work to begin with

                                                                If you want to use GPL (as in picking a license or using a GPL licensed piece of code) thats your prerogative, but claiming that there is no restriction on what downstream developers do with the code they have written is being disingenuous or obtuse.

                                                                1. 3

                                                                  I didn’t say that. The commenter I replied to said GPL restricts “your rights to license your software properly.” It actually is an optional license that enforces your will on your work and its derivatives. That’s an entirely different thing. It means you can do whatever you want with your work. If you want what the GPL is designed to do, then you can license it with GPL to attempt to accomplish that. That’s for a single developer on their own work.

                                                                  When building on existing code, it’s other’s work that they licensed how they saw fit with conditions/restrictions for those building on it. If you want to use their work in your own and are fine with the conditions, then you will build on it with the restriction of going with the conditions. At this point, it’s a collaborative work, not just your work, with conditions you already agreed to before building on it. That’s similar in concept to people entering a contract for how to accomplish a shared goal. If you oppose it, don’t enter into a contract with those people using their code and practices. That simple. Nobody has forced you to do anything with your work since it hasn’t even been created at that point. If it was, it wasn’t your work so much as theirs with licensed expectations + yours. By redefining it to just your work and rights as a single developer, which I can’t emphasize enough, it makes it look like someone is restricting your own individual activities out of nowhere with nothing in return. That would be a bad thing.

                                                                  Good news is that’s not what’s happening: it’s either an optional tool for you to use to enforce your will on your own work if you agree with it; or conditions that come with a group work you or others started on derivatives that leverage that work. Again, conditions they can either agree to or reject in favor of different things to build on. In either case, the person using the GPL wants to use the GPL. If they didn’t, they’d use a different license for their work or build on something licensed differently. Entering into the restrictions is voluntary action by developers.

                                                          2. 4

                                                            The goals of copyleft are laudable, but we regularly get upstream patches, also from Google employees, even though we use MIT/ISC only. 

                                                            Are you talking about suckless software? I really don’t mean to be rude, but isn’t this a very selective subset? Since you’re very adamant about unix and unix style writing, the culture of sharing and interoperating was “naturally” adopted, or so it seem to me. It jut makes sense, but does this still hold for bigger projects like Emacs or Linux? I’m doubtful…

                                                            If you really care about freedom by definition, you won’t use copyleft licenses, as copyleft limits your freedoms.

                                                            This really doesn’t mean much, since both sides just use the (holy) word “Freedom” to talk about two different things. Take for example the conception of freedom that arises from unfreedom, rules and laws. Your (negative) conception is just one idea among others.

                                                            Maybe that’s why most GNU-software sucks so much.

                                                            You can say what you want, but I appreciate being able to write rm directory -rf ;^)

                                                          3. 1

                                                            If you want to complain about ‘bad actor’ companies, those using AGPL should be directly in your sights.

                                                            1. 6

                                                              How so?

                                                              1. 6

                                                                I wish there were a downvote for not enough information. I’ve been seeing a lot of posts that may or may not be correct but don’t actually have any reasoning or evidence behind their claims.

                                                                1. 2

                                                                  As mentioned elsewhere (https://lobste.rs/s/mbufwv/some_software_cannot_be_used_at_google#c_olmjmh) - shitbag companies use (A)GPL as a moat against competition for their open-core/proprietary software.

                                                                2. 1

                                                                  I agree with other commenters that I can’t learn anything from your comment without your reasoning. I will say I opposed GenodeOS switching to AGPL because it would hurt adoption. Separation kernels, aka sacrificing most features for highest security, is already something that’s nearly unmarketable but highly useful for public good. Unless selling to military or safety-critical embedded, the best move is to use whatever license will get most uptake while selling value-adds on top that are marketable. On top of support, consulting, etc.

                                                                  So, I opposed it in that case since it was already something fighting huge, uphill battle. Now, something with value like these companies use for networked applications or infrastructure might be AGPL licensed to get force them to contribute more if they want to use it. There will be many that don’t adopt it. A compelling product might still get a lot of adoption or even sales if sold to companies that don’t do cloud stuff they’d have to relicense. There were even a few people on HN that told me they make all the software they build for businesses FOSS by default with the businesses never caring because that software is necessary plumbing rather than a competitive advantage. So, it’s paid for plus can benefit others by default. There’s a possibility of AGPL-based projects doing that.

                                                                  Personally, I default against AGPL if optimizing for uptake but for it if optimizing for ideological blocking of freeloading or financially supporting companies that try to limit our software freedoms. I don’t mean in a Richard Stallman speculative way: I mean they actively bribe politicians to reduce our rights in how we use our devices or software. And they make that money off of a mix of proprietary and permissively-licensed code. I’m fairly pragmatic where I know things are complicated enough I’ll have to make some tough decisions balancing many goals. However, some people out there might want to take steps to block their work from supporting companies that would (a) sue them for their work if given the chance or (b) give large financial backing to proprietary solutions but freeload of most FOSS.

                                                                  Note: Google is a mixed bag here where they do a lot for FOSS versus most companies. Going with their flow makes sense for people maximizing adoption at expense of other variables.

                                                                  1. 3

                                                                    The majority of companies I see using AGPL aren’t doing it for any Stallman-esque goals - they’re “open core” companies that use AGPL to effectively neuter any attempts to combat the intrinsic bullshit of “open core” projects.

                                                                    This other comment sums up my views better than I have, clearly: https://lobste.rs/s/mbufwv/some_software_cannot_be_used_at_google#c_olmjmh

                                                                    1. 3

                                                                      That would tell me that there’s companies using it for bad reasons, not that it’s inherently bad. You could similarly claim that projects like Linux are inherently about specific companies dominating markets because they’re the main contributors. Yet, the licensing allowed the kernel to be used for so much more. Unlike other bases, those using it were also forced to send back some contributions since they couldn’t just keep them private like companies using BSD code often did. That meant we gradually got an OS that could do everything from desktops to embedded to SGI’s NUMA’s to mobile.

                                                                      There could be some beneficial effects to building businesses or major projects on AGPL that snowball like that. Also, there might not be where the license kills the potential. I don’t know until I see enough good attempts at using it for something with growth potential.

                                                                      1. 2

                                                                        You’ve missed a key point when comparing to Linux.

                                                                        RedHat Inc. (as an example) don’t “own” the Linux project, and then dual-license it under (A)GPL and a commercial License. They contribute to an external project.

                                                                        MongoDB better fits the point I was making. They have a commercial (“Enterprise”) version and an AGPL (“community”) version. If a company then wanted to fork the community version, and either add new features or do clean implementations of “enterprise” functionality not offered in the upstream AGPL project, there is basically zero chance of making this a reality, because any effort they expend, automatically benefits the upstream company.

                                                                        I don’t know until I see enough good attempts at using it

                                                                        You’d think 11 years would be enough time for something to use it as-intended?

                                                                        I think we’re probably just not going to agree here. My default opinion of anyone particularly pro-GPL is to wonder what their goals are. I’m interested in solving interesting technical problems. I’m not interested in dictating to people what they can do with code I choose to release.

                                                                        1. 1

                                                                          “ My default opinion of anyone particularly pro-GPL is to wonder what their goals are. I’m interested in solving interesting technical problems. “

                                                                          Know all that software running the world on mainframes, Windows, and so on that people can’t get off of because it’s proprietary and the company turned out to be leeches? And then doing stuff like suing competitors on copyright or patent grounds? My goal is avoiding that by default wherever something is a dependency. Certain licenses help maximize what we can do with software over time. Others don’t. So, I push for what benefits customers and developers over time the most. I don’t force anyone to do anything. To the contrary, the opposite types of software (and hardware) currently dominate in uptake in consumer, business, and government markets.

                                                                          “RedHat Inc. (as an example) don’t “own” the Linux project, and then dual-license it under (A)GPL and a commercial License. They contribute to an external project.”

                                                                          They contribute to an external project that they depend on which is licensed in a way to force contributions back to anything they improve. They’ve been doing this a long time, too. That was the point that they have in common with AGPL. The AGPL license just applies to extra software that’s had a lot of freeloaders who were already not contributing back because existing licenses let them dodge that in their business models. Had the best components been AGPL, a percentage of them might have chosen it with contributions coming back. Maybe. I’ve already said I’m not sure what long-term effects will be but I do want to see better attempts at it. Personally, I think the more permissive GPL is just outcompetiting it right now since it’s what copyleft people prefer. A social phenomenon.

                                                                          “If a company then wanted to fork the community version, and either add new features or do clean implementations of “enterprise” functionality not offered in the upstream AGPL project”

                                                                          What you’re implying, but not outright saying, is company A created something to be used for their profit if commercial or others benefit if AGPL. Company B wants to leverage Company A’s work in a way that exclusively profits Company B at Company A’s expense. Company A’s licensing prevents this by ensuring Company B’s commercial activities building on Company’s A’s work can benefit Company A, too. AGPL seems like a smart move if blocking competitors whose business model builds on other businesses’ work without sharing back.

                                                                          Now, Company B has some options available. They can make their value add a service that communicates with Company A’s software. There’s a huge market for this with it becoming a default, architectural style of a lot of businesses despite negatives like performance or complexity. Company B might also target different use cases for Company A’s software that Company A might not adopt because it doesn’t fit their current market. Works better if it requires internal changes that negatively impact Company A’s current use case. Company B might also make their own software components, proprietary or open, that they license to Company A’s customers that can benefit them but clearly state they’re not to be licensed as AGPL. Whether that’s legally sound or not, we’ve seen lots of companies tie proprietary software into GPL stuff that way, esp as binary blobs, without the GPL stuff putting them out of business. It helps that GPL enforcement isn’t really aggressive like proprietary enforcement.

                                                                          So, even for greedy Company B in your scenario, there’s still quite a few ways to make piles of cash as demonstrated by companies mixing proprietary and GPL code. They just can’t use the code Company A already wrote in a way that blocks company A from benefiting from the derivative work. They both will be able to sell whatever results. Just blocks greed. Doesn’t sound so bad to me. If anything, sounds like a bunch of companies competing that way would create piles of new features or differentiators at a much faster rate. Note that this is the default in Shenzhen even for hardware. Probably more product-level innovation at lower cost there than anywhere. It wouldn’t be as extreme here in U.S. since whatever doesn’t use or modify AGPL parts can stay proprietary or different type of OSS under strong copyright/patent laws.

                                                                          1. 1

                                                                            You’re trying really fucking hard to miss the points I’m making, and I honestly don’t have time to read all of your war and peace style comments.

                                                                            1. 1

                                                                              Well, I found time to read all of them.

                                                                              nickpsecurity, I think I know the kind of company stephenr is talking about, though I’m unaware of any of them using AGPL.

                                                                              I call these companies and their products “open source in name only”. And certainly not Free Software…

                                                                              Examples include lots of products released as both an “OS/Community Edition” and also an “Enterprise Edition”.

                                                                              One example is Trisano, by CS Initiative. The company appears to have disappeared and all the source code went with them. I had a copy of a repo at one point, but 1. it disappeared from my github because it was a fork of a private repo and I never had control of it (this was before I realized that I should maintain a local copy) and 2. it never had everything you needed to use the product in it anyway.

                                                                              I sent emails back and forth with the head of that company explaining that I worked in the Public Health sector and we’d be happy to use the project and contribute back in the form of patches, if he could just send us the darned code, and he never did. Not even for the supposed “community edition”.

                                                                              I think they just put the term “open source” into their marketing so their product would come up in my searches and maybe they could get my boss’s ear through me.

                                                                              Anyway, if somebody can find a concrete example of a company using the AGPL toward malfeasance, I’d love to hear about it. stephenr mentioned MongoDB, but I’m not sure if that’s where his negative experience came from… If he doesn’t want to name names, I get it: $work and all…

                                                                3. 1

                                                                  Those are really interesting questions. I wonder how much non-GPL software has significant improvements that aren’t public. I have preferred BSD-style licenses for any code I publish, as I’d rather people just use it without any fuss. But if I had a substantial ongoing project I cared about I can now see myself picking a copyleft license. I had assumed the utility of submitting changes and fixes to the upstream project, as opposed to maintaining an internal fork, would be sufficient to encourage contribution. But I had never actually thought particularly hard about it until now.

                                                                  1. 5

                                                                    Apple and Microsoft both built their proprietary OS’s along with a portion of their wealth on top of BSD code (esp networking). BSD’s didn’t get much benefit from that. Google acquired a mobile OS built on top of Linux. Even after they got more evil, many of their improvements still go into the ASOP that other companies can build on. I’m not claiming this extrapolates to all uses of highly-permissive vs copyleft code. I am saying it’s an example of what GPL intended to do when companies act in their self-interests. The BSD’s with no protections allows the other two companies to redirect all the benefits in their direction instead of reinvest them into projects they used.

                                                                    1. 4

                                                                      BSD’s didn’t get much benefit from that.

                                                                      It could be argued that the BSD’s got clang/llvm, so maybe it isn’t all bad.

                                                                      1. 2

                                                                        I thought about that as I was writing this morning. Reason I left it off is I think it’s like Red Hat: an example proving what can happen but an outlier not representing what usually happens. The for’s and against’s were about what licenses normally do except the hypotheticals I did like AGPL.

                                                                        I agree it’s a great, success story for a FOSS project. Im very greatful to the CompSci folks, Apple, and volunteers for it given all the people building on it.

                                                              1. 3

                                                                Maybe there should be lobsters instance?

                                                                1. 4

                                                                  Lobstodon!

                                                                  1. 1

                                                                    You could just about get the current lobste.rs codebase talking OStatus (to federate comments here to the fediverse)…

                                                                1. 4

                                                                  One thing that really miffs me about Firefox (that I’m being reminded of right now) is that Ctrl-q closes the entire browser. Seems great, until you remember that Ctrl-w closes tabs and if you accidentally fat-finger (or just miss) the key, you lose your entire session.

                                                                  I’ve looked at some “disable ctrl-q behavior” and “remap keys” extensions but none of them seem to work with this newest version (even though they’re supported). Has anyone found a workaround?

                                                                  1. 13

                                                                    Just type Dvorak, and then Q and W are on opposite sides of the keyboard! Problem solved! /s

                                                                    1. 6

                                                                      Set browser.tabs.warnOnClose = true, browser.showQuitWarning = true and DO NOT SET “Show my windows and tabs from last time”. There is a WebExtension for this but it only works on Mac (o_0)

                                                                      Fat-fingering Ctrl-W? meh. I have Ctrl-Q set as my tmux shortcut key! Imagine how many times I press it into the wrong window :D

                                                                      1. 5

                                                                        DO NOT SET “Show my windows and tabs from last time”.

                                                                        unacceptable

                                                                        1. 2

                                                                          It’s not going to, like, actually lose your tabs.

                                                                          Ctrl-Q shows a popup with “Save and Quit”. Crash/kill -9/power plug pulling/… – the “do you want to restore session” screen.

                                                                      2. 3

                                                                        I know the flexibility of extensions to change key bindings according to user preferences is greatly diminished with webextensions; I’ve had to route around this problem at the OS layer instead of inside FF: https://technomancy.us/184

                                                                        1. 1

                                                                          If you’re running Gnome you can create a custom keyboard shortcut for Ctrl+Q with an empty action to disable it (in all applications).

                                                                          1. 1

                                                                            The “Disable Ctrl-Q and Cmd-Q” add-on works for me. I’m sitting here mashing Ctrl-Q and nothing is happening.

                                                                            edit: ah, https://bugzil.la/1325692 may be related if you’re on Linux. Sorry :/

                                                                          1. 2

                                                                            Didn’t try any betas, yet still I was poised to upgrade ASAP. Then I learned the tab groups addon won’t work, and will not be made to work.

                                                                            So I’ll have to un-poise myself for a while.

                                                                            Anyone else struggling with this? Any suggestions that don’t involve Vivaldi, or Chrome with tree-style tabs?

                                                                            1. 6

                                                                              Reimplementing Tab Groups should be quote doable once APIs for controlling tab display are in place. I know I’ll be making such a project a personal priority once it becomes possible.

                                                                              1. 5

                                                                                The easiest way is to just use Firefox.

                                                                                There is Firefox ESR which runs an LTS version of Firefox. Downside is that its running Firefox 52, which will breaks addons that use the Firefox container API.

                                                                                The second way is to use a fork of Firefox. I’m currently using WaterFox. Thus far I haven’t run into any serious issues, but I don’t really trust the codebase as much as I would from Mozilla.

                                                                                1. 5

                                                                                  There is hope in the Simplified Tab Groups extenstion. As author writes:

                                                                                  Notice to Firefox Quantum (57+) users: No, this extension is not dead but yes, it currently does not support Firefox 57. I know, I know. Please update anyway, as you’d miss out on a lot of cool stuff. The reason Simplified Tab Groups is not working with 57 is the lack of an API I need. However, heroic Firefox engineers are already working on that, and I will release a new version which will be compatible as soon as possible. Promised! If you have a GitHub account, feel free to subscribe to this issue to get notified whenever there is progress.

                                                                                  I use it now on one computer with pre-57 version. It shows promise. I like the UI better then the normal too-visual-for-me tab groups. It gets around the problem of manual placement management. There are couple of things that I miss, but hopefully it will get better. What I miss the most: changing the order of the groups and editing the name of a new group right-away.

                                                                                  I also think about giving the TreeStyle Tabs a shot.

                                                                                  I think that there are other extensions under development that intend to be more faithful to the original. However the original is not easy to implement I believe.

                                                                                1. 4

                                                                                  Devtools remain really slow though. And buggy…

                                                                                  It’s easy to accidentally DoS the browser just by running a little too much console.log() in a busy loop.

                                                                                  1. 5

                                                                                    I think they’d totally like to be informed about these kinds of cases. Knowing some of the devtools team, the definitely care about that a lot.

                                                                                    1. 2

                                                                                      From what I’ve heard the devtools team is working on addressing performance this cycle. I know console performance specifically is one focus point.

                                                                                    1. 1

                                                                                      People get accustomed to things, get emotional and don’t particularly like change very much. I’m sure Firefox 57 will also get a fair share of sour feedback and comments written in uppercase. That’s inevitable. But sometimes, in order to move forward and do good stuff, we have to make some tough decisions for the greater good that not everyone will agree with.

                                                                                      You guys have fun with your greater good. I’ll stick with 56 where my add-ons still work.

                                                                                      1. 3

                                                                                        There’s a hidden flag you can toggle to reenable legacy extension support in the non-stable channels, but continued compatibility going forward isn’t guaranteed.

                                                                                        1. 2

                                                                                          Do you know if this secret flag is also in the released 57?

                                                                                          Thanks for the tip either way ;)

                                                                                          1. 5

                                                                                            It won’t. And lots of internal APIs have already been removed and replaced with asynchronous code, to make Firefox 57 as snappy as it is. Breakage is imminent, I’m afraid.

                                                                                        2. 2

                                                                                          Thought so too when recognizing that my add-ons stopped working when I switched to Firefox 57 beta. Then, I contained my emotional side and searched for alternative add-ones that run on 57.

                                                                                          Guess what, I replaced all my add-ons and I really like the new ones. Wish I have replaced them earlier.

                                                                                        1. 3

                                                                                          Excellent, I came close to writing something like this myself to redirect reddit’s glacial new mobile site to good old i.reddit.com. I appreciate the Firefox support.

                                                                                          A word of warning, by default it’s set to pull a redirect list from someone’s personal GitHib Gist. IMO that should be opt-in, the potential security consequences are just silly.

                                                                                          1. 1

                                                                                            Might be worth opening an issue for that. :)

                                                                                          1. 6

                                                                                            I don’t interpret that as referring to hate speech but rather to a post which contributes nothing more than “I hate X”.

                                                                                            1. 3

                                                                                              In individual context, ya - but the thread in its entirety went into details on why there was hate for X. Then the explanation in all its contextual glory was removed. Looks like that was an unintended side effect though.

                                                                                            1. 2

                                                                                              Mastodon / the fediverse seem very interesting. Does anyone here have any recommendations as far was what instance to use?

                                                                                              1. 4

                                                                                                I enjoy https://tiny.tilde.website, an instance loosely associated with https://tilde.town.

                                                                                                You can use Mastoview to preview any Mastodon instance: http://www.unmung.com/mastoview?url=tiny.tilde.website&view=local

                                                                                                1. 3

                                                                                                  tilde.town

                                                                                                  This is awesome an ssh based social community? I’m there! :) Thanks for the pointer.

                                                                                                  1. 1

                                                                                                    Mastoview

                                                                                                    Also thanks for this. IMO everyone should poke around at the various instances an see which one fits them best. I ended up at mastodon.codingfield.com - but I probably should have picked i.write.codethat.sucks

                                                                                                  2. 3

                                                                                                    I’m on https://icosahedron.website/ which leans slightly towards math nerdiness.

                                                                                                    I’d recommend against joining the flagship instance because it’s just so crowded. Not that being busy leads to a bad user experience, but just that piling everyone on the same instance defeats the purpose of federation. https://instances.social has a list which shows you if an instance has a particular topic or purpose.

                                                                                                    1. 2

                                                                                                      The standard one is mastodon.social, I keep my main account on it. But there are a bunch of topical instances too, you can search for instances by interest.

                                                                                                      1. 1

                                                                                                        Just avoid mastodon.social, it’s one of the worst instances.

                                                                                                        1. 1

                                                                                                          Why?

                                                                                                          1. 3

                                                                                                            As there is no central registry of users, discovery usually happens by:

                                                                                                            1. Looking through the local timeline to find new users (that’s why it’s good to be on a themed instance)
                                                                                                            2. Looking through the federated timeline to find people others users on your server are following (which works best if those other users have similar interests)

                                                                                                            Because of this, smaller, themed instance are usually the best too start. They usually form a server culture where people know each other, have people welcoming you, helping you, etc.

                                                                                                            Mastodon.social is both MUCH too big and also completely unthemed. Both public and federated TL are a near useless mix of different languages and topics that’s going by to fast. With every new article, hundreds of new users come to mastosoc, post introduction posts, leave after a day and the cycle repeats.

                                                                                                            They also block or silence (default-block unless followed) a lot of the more active older servers, so you are cut off from large parts of the fediverse.

                                                                                                      1. 14

                                                                                                        You should. It’s terrible for Tor users, making them complete a couple of annoying CAPTCHAs every 5 minutes.

                                                                                                        1. 5

                                                                                                          Oof, yes, and quite often the reCAPTCHA submission just doesn’t work at all, making the site impossible to enter over Tor even by well-meaning humans.

                                                                                                          1. 3

                                                                                                            I’ve never managed to complete the reCAPTCHA through tor.

                                                                                                            1. 1

                                                                                                              You might need to disable your ad blocker.

                                                                                                              1. 2

                                                                                                                I’m not sure that is the problem. Disabling javascript is the most likely culprit. But you have to be insane to enable Javascript on tor.

                                                                                                                1. 2

                                                                                                                  But you have to be insane to enable Javascript on tor.

                                                                                                                  Because of WebRTC reporting the local IP? This demo doesn’t work with Firefox using Tor as a SOCKS v5 proxy: https://diafygi.github.io/webrtc-ips/

                                                                                                                  Neither does http://ip-api.com/

                                                                                                                  1. 2

                                                                                                                    This is coming quite late, but I’ve found myself unable to get reCAPTCHA to acknowledge my completion of the task even with JavaScript enabled over Tor.

                                                                                                            2. 4

                                                                                                              IIRC it’s possible to configure it to not do that. But the awful defaults are there and very few people change them.

                                                                                                              Also, “they are making the whole internet more centralized” is a concern.

                                                                                                              1. 2

                                                                                                                IIRC it’s possible to configure it to not do that. But the awful defaults are there and very few people change them.

                                                                                                                It is, for Cloudflare customers: https://support.cloudflare.com/hc/en-us/articles/203306930-Does-Cloudflare-block-Tor-

                                                                                                                But the fundamental problem is that they don’t differentiate between IPs used by many users (VPNs, Tor exit nodes, etc.) and they rely on profoundly broken algorithms to decide which IP needs to be hindered. They’ve been doing that for years, so maybe it’s time for a large scale boycott.

                                                                                                                1. 3

                                                                                                                  It’s much worse than that. I have the same static IP in a datacentre for years, and they block me from many sites, completely ignoring the fact that noone from my IP has ever scraped or attacked them, and I’ve solved a countless number of their captchas over the years, too.

                                                                                                                  Also, their captcha relies not just on JavaScript, but on User-Agent string, so, it never works for me. So 1999 to still be using UA strings to determine capabilities or access!

                                                                                                                  Some of CloudFlare competitors are even worse, though — Staples.com is 100% down for me, for example.

                                                                                                                  But what annoys me most about these companies is that not only do they block my legitimate access to the content of their clients, but they then lie to their clients that my attempt to access the site must have been a bot that they’ve successfully blocked — such an invaluable service!

                                                                                                              2. 2

                                                                                                                Not only for Tor but also for most VPN users. Besides that reCAPTCHA is not working reliably, you sometimes get prompted with bizarre captchas, e.g. draw a border around some object (try to do that with a poor touchpad).

                                                                                                              1. 3

                                                                                                                Couldn’t get the first link to resolve DNS. Second link looked very different from the screenshots. Does this require AT&T or Verizon? At any rate, this is completely predictable from these companies, who are effectively at the helm of the FCC these days.

                                                                                                                1. 1

                                                                                                                  Yeah, this also didn’t work for me. Is this link itself possibly a scam of some kind, or is the site just slashdotted, possibly because this is cross-posted elsewhere?

                                                                                                                  1. 3

                                                                                                                    My assumption was that both demos have since been taken down in response to the wave of bad PR.

                                                                                                                    1. 1

                                                                                                                      I’ve seen it blow up on twitter + YC News; both were overwhelmed a few hours ago when I looked.

                                                                                                                  1. 4

                                                                                                                    Suppose you’re walking down the street, and you see a big sign that says “Ice Cream Shop” with an arrow pointing towards it.

                                                                                                                    You feel like having some ice cream, so you actually benefit from the advertisement, because now you know where to get some. You go into the shop, give them money, and enjoy some ice cream. Life is good.

                                                                                                                    Now apply the same idea to whatever legitimate products and services are being advertised on Google. Maybe you’re in the market for some CRM software, and happen to see some advertised. The software company gets a customer, and you get CRM software. Again, there is much rejoicing.

                                                                                                                    The AdNauseam extension is fucking over legitimate businesses with its fake clicks, because those businesses have to pay Google for every single click. Getting new customers actually costs them real money, and the more it costs, the more difficult it is to keep the businesses running and potentially employing people, and so on.

                                                                                                                    It’s easy to virtue-signal about supposedly fighting mass-surveillance and evil ad networks and so on, but the biggest victims here are legitimate, small businesses.

                                                                                                                    And if Google decides to tell those same virtue-signallers that using AdNauseam will get them banned from GMail and YouTube and other “free” services that are part of the mass-surveillance they’re supposedly fighting, they’ll disable it right away.

                                                                                                                    1. 17

                                                                                                                      Suppose you’re walking down the street, and you see a big sign that says “Ice Cream Shop” with an arrow pointing towards it. You feel like having some ice cream

                                                                                                                      That might or might not have happened (I don’t like ice cream). That’s potentially a very relevant, highly localized ad.

                                                                                                                      Now apply the same idea to whatever legitimate products and services are being advertised on Google.

                                                                                                                      Imagine you had a unicorn…

                                                                                                                      That never happened. Sorry, literally all of the ads I see online are just completely irrelevant. There are almost-want-to-be-exceptions, but they are exceptions because they’re actually trying to be somewhat relevant and localized: I might buy an advertised product that turns up in a search when I’m actively looking to purchase something. That’s why I don’t mind the sponsored product placements on Amazon. Caveat: I never purchased such a product, because these ads were never relevant enough. “What other users bought” turns out to be much more relevant in practice.

                                                                                                                      There’s also a big difference between directions and spam. Again, I consider practically all advertising online to be spam. But there are times when I actually look for some shop. Where can I go buy wood for my next project? Show me a map with all the shops that sell wood. That same map could show me the nearest ice cream shop, if I wanted ice cream.

                                                                                                                      Unfortunately the map from the biggest ad company I know (hi Google) does a terrible job of it. Many of the local shops aren’t on map, or you have to zoom in so much that scanning all the relevant shops in town would take hundreds of screenfuls of map. It doesn’t have a good search; I can’t ask for wood and expect to get a listing of all the places where I can buy wood. And the map just shows me company names, which might not tell me anything about what they sell.

                                                                                                                      If Amazon and Google can’t show me relevant ads for things I explicitly search for, how do you suppose spamming random ads is ever going to be relevant?

                                                                                                                      So if I’m looking for a CRM, sure, tell me all about all the CRMs. Otherwise these ads can just be gone.

                                                                                                                      But nobody does that, so in the meanwhile I just wish for them all to be gone.

                                                                                                                      The AdNauseam extension is fucking over legitimate businesses with its fake clicks, because those businesses have to pay Google for every single click.

                                                                                                                      Well these “legitimate businesses” apparently made a fucking terrible deal. Especially so if the company they’re dealing with can’t even filter out these so-called fake clicks. If that puts them out of business, maybe they’re not fit to run a business. Or maybe their business just isn’t so very useful. I could gamble away my money too, do you defend my stupidity? But if it’s so hard, then maybe all these companies will indeed go out of business. Then who’s paying Google for clicks? Aha, maybe Google will go out of business too. Ha!

                                                                                                                      Maybe disrupting such a shitty business model will eventually lead to one that isn’t so prone to being fucked with?

                                                                                                                      I am very tired of all the bullshit that goes with advertising. No no, don’t block ads, you’re stealing! Yes please look at this free* (*contains malware) virus scanner! Oh but looking isn’t enough because we don’t get money for that. So click it! But don’t click it because clicking is click fraud! But click it still because we want monies! Oh no you fucker you clicked it, now some poor horse is going to go out of business because they couldn’t put a cap on their advertising budget!

                                                                                                                      Seriously, it can all go away. I really don’t care who goes out of business with it.

                                                                                                                      1. 1

                                                                                                                        Sorry, literally all of the ads I see online are just completely irrelevant.

                                                                                                                        Yes, there’s a lot of bullshit out there.

                                                                                                                        There are almost-want-to-be-exceptions, but they are exceptions because they’re actually trying to be somewhat relevant and localized: I might buy an advertised product that turns up in a search when I’m actively looking to purchase something.

                                                                                                                        Indeed. If you search for “CRM software”, you’ll see paid ads for CRM software, which is basically what you want to happen.

                                                                                                                        But those companies pay for every single click, and only maybe two out of a hundred clicks results in a new customer. At $2 per click, that’s $200 to acquire two new customers. Will their “lifetime value” be high enough to keep the business afloat?

                                                                                                                        -It’s much more unlikely if an AdNauseam “botnet” adds a few hundred paid-but-fake clicks into the equation!

                                                                                                                        Well these “legitimate businesses” apparently made a fucking terrible deal. Especially so if the company they’re dealing with can’t even filter out these so-called fake clicks. If that puts them out of business, maybe they’re not fit to run a business. Or maybe their business just isn’t so very useful.

                                                                                                                        Running a business is very difficult and takes a shit-ton of work. Fake clicks from a botnet of self-righteous “socialists” that have never even thought of running a business makes it much more difficult, and that’s not the businessmen’s fault.

                                                                                                                        When you look at advertising as a whole, you need to differentiate between scumbags and productive people. The former need to die in a fire, but the latter get shafted by the add-on.

                                                                                                                        1. 2

                                                                                                                          But those companies pay for every single click, and only maybe two out of a hundred clicks results in a new customer. At $2 per click, that’s $200 to acquire two new customers. Will their “lifetime value” be high enough to keep the business afloat?

                                                                                                                          Why should I fucking care? I’m not their manager. I’m not their investor. I don’t care whether they stay afloat. They can stop paying for clicks if the ROI isn’t good enough. They can find a different model (which do exist). If the entire business is reliant on $2 clicks and they can’t think of anything else, then I really do not care – yet another poorly managed business goes bankrupt. Good riddance. The world most likely didn’t need them.

                                                                                                                          Fake clicks from a botnet of self-righteous “socialists” that have never even thought of running a business makes it much more difficult, and that’s not the businessmen’s fault.

                                                                                                                          Loser businessmen who can’t think of a business whose success doesn’t depend on $2 clicks can stop running businesses. Or keep doing it and burn their money while complaining that the world around them doesn’t work the way they want it to work. Too fucking bad.

                                                                                                                          When you look at advertising as a whole, you need to differentiate between scumbags and productive people.

                                                                                                                          I can’t. Spam is spam. I don’t know who’s scumbag or who’s productive, and my life is too short to investigate them all. Besides, it’s not my job. There are ways to reach me. Spam isn’t a good way. So don’t spam. Still keep spamming? I might click, or my computer might click. Can’t afford it? Then just fucking stop. I might be looking for just the product that is being spammed, and click, and turn back because it wasn’t what I wanted. Makes them go bankrupt? Not my problem. They can stop.

                                                                                                                          The former need to die in a fire, but the latter get shafted by the add-on.

                                                                                                                          If the business is productive, then by definition they’re not getting shafted. If they get shafted by some clicks, they’re not productive. They’re just busy burning money. They can die in a fire too.

                                                                                                                          This complaint sound much like “our old business model is no longer effective! the world is wrong and needs to be changed back to accommodate us!”

                                                                                                                          1. 1

                                                                                                                            Why should I fucking care? I’m not their manager. I’m not their investor. I don’t care whether they stay afloat.

                                                                                                                            It’s not that businesses are using an “obsolete” way of advertising. It’s that the way of advertising is being sabotaged.

                                                                                                                            Sabotage is Bad, mmmm’kay?

                                                                                                                          2. 2

                                                                                                                            Fake clicks from a botnet of self-righteous “socialists”

                                                                                                                            I can’t find any connection mentioned between the AdNauseum extension and socialism. What are you quoting here?

                                                                                                                        2. 4

                                                                                                                          The small business can put their ads on an ad network without insane tracking.

                                                                                                                          1. 1

                                                                                                                            Really? And still reach enough potential customers at a low enough cost to stay in business?

                                                                                                                            Google is almost the only game in town.. as fucked up as that is.