Free software during wartime
have no sovereignty" over the networked world. In 2023, we have ample reason to know better than that, but we still expect the free-software community to be left alone by the affairs of governments much of the time. A couple of recent episodes related to the war in Ukraine are making it clear that there are limits to our independence.
The free-software community has, indeed, proved resilient to many events in the wider world. The dotcom bust mostly brought an end to the silliness and accelerated our work toward useful goals. The September 11 attacks (and the horrors that followed) had little direct effect on the community; the same is true of the 2008 economic crisis. The pandemic closed down much of the world, but seemingly sped up free-software development. Even the war in Ukraine and the upheavals around it have, apparently, barely touched our community. All of these events had (and are still having) horrific consequences for many of the people involved, but the development community as a whole was often able to carry on as if many of the world's troubles were taking place in another universe.
Recently, though, our community has been lightly touched in a couple of
ways. The ipmitool repository at GitHub was
locked, and its maintainer denied access, as a result of his status as an
employee of the sanctioned Russian firm Yadro. And, in the kernel
community, a developer with the Russian firm Baikal Electronics was told by a
networking maintainer that "We don't feel comfortable accepting patches
from or relating to hardware produced by your organization
". The
specific reasons for this discomfort were not spelled out, and no policy
for the kernel project as a whole has been expressed, but one possible
motivation, as described by
Konstantin Ryabitsev, is:
So, in reality, accepting code for any hardware into the Linux kernel means helping to test, maintain, and debug that code for years to come. The resources for that are pooled from many device manufacturers with the understanding that these efforts will be part of the tide that "lifts all boats," including their own. However, in the case of Baikal Elektroniks the situation becomes tricky. Yes, Linux is free software (free as in libre), but maintainers and CI infrastructure require funding. BE is placed under strict sanctions in many countries due to its direct affiliation with the Russian military, so companies funding CI and maintainer efforts have to consider if their money is directly benefiting a sanctioned company (and, indirectly, the Russian military).
It's worth noting that the developer involved is still active in other parts of the kernel community, but appears to have stopped sending from the Baikal Electronics domain. Meanwhile, there has been an ongoing low rumble across the net in response to the decision not to accept patches into one kernel subsystem from this company. The free-software community, some say, is without borders and should be above these sorts of disagreements.
It is true that our community often operates as if international borders did not exist. We cooperate across the globe and, often, have no idea of where our collaborators actually are. We exchange patches and projects with no worries of border checks or customs duties. The Internet and the free-software development model have truly opened up the globe to a type of obstacle-free cooperation that has not been seen before.
That said, it is naïve, at best, to think that the onset of a major war in Europe would be without consequences for our community. Millions of lives have been disrupted (or worse), economies have been upended, and the nature of world trade has changed. We are not so independent that we can expect to not be touched by such a thing. Indeed, it is arguably surprising that its effects have, so far, been so light.
For better or for worse, our "independent" development community is strongly tied to corporations. They employ many of us directly to work on our software commons. They own and run many of the resources, such as hosting sites and forges, that support our work. These companies often have no choice about whether to obey the mandates — such as the implementation of sanctions on some Russian companies — that are imposed by the governments of the world. If some free-software activity is seen (rightly or wrongly) by a company as putting it at risk of violating this kind of requirement, that company will almost certainly act to disassociate itself from that activity.
Individual developers, of course, have their opinions as well, and some of them will act on their opinions. That, too, may throw sand into the free-software machinery. But we should not blame developers who feel that specific acts run counter to either their conscience or the rules they are required to follow.
Things could be a lot worse. Our repositories are full of code from $COUNTRY_A, while $COUNTRY_B thinks that $COUNTRY_A is a threat to its ongoing prosperity or existence. We have already seen plenty of examples of countries making rules against the use of technological products coming from other countries (or specific companies within those countries). An expansion of such rules to apply to code contributions could put the status of much free software in jeopardy.
At this point, that type of mandate would likely be too crippling to consider. But the export of technology, including software, has often come under governmental scrutiny. Those of you who were not paying attention to the first release of PGP — just months before the first Linux kernel release — may want to read up on that history. It is not hard to imagine a world where, say, Linux is considered too powerful a tool to be allowed to be exported to $THAT_COUNTRY; the result could be a severe disruption of how our community works.
We are not at that point, and hopefully will not get there. For the most
part, the free-software community is thriving despite the current global
turmoil and, with luck, that will continue. But there can be no doubt that
Barlow's declaration of independence was more aspiration than reality. We
write software for the real world, and we are still intimately tied to it.
Those ties will certainly make themselves felt at times. We have some
control, sometimes, over how we respond to governmental mandates, but
ignoring them is increasingly not an option.
Posted Mar 23, 2023 15:24 UTC (Thu)
by corbet (editor, #1)
[Link] (11 responses)
The topic here is the free-software community's exposure to real-world events and governmental mandates. It is not about whether the war, or any government's response to it, is justified. I, too, have opinions on those matters, but I have kept them off of LWN. I ask you to do the same.
If the conversation goes off the rails, the article will be put under moderation, and that moderation may be heavy-handed. But I think we can avoid that if we all carefully consider whether our posts are appropriate.
Thank you.
Posted Mar 23, 2023 16:48 UTC (Thu)
by shemminger (subscriber, #5739)
[Link] (3 responses)
Posted Mar 23, 2023 20:41 UTC (Thu)
by smurf (subscriber, #17840)
[Link] (2 responses)
Posted Mar 24, 2023 2:27 UTC (Fri)
by jkingweb (subscriber, #113039)
[Link] (1 responses)
The address is, of course, lwn@lwn.net—as stated in big, bold letter when you write a comment. Hard to miss.
Posted Mar 28, 2023 17:14 UTC (Tue)
by calumapplepie (guest, #143655)
[Link]
Strictly speaking, the email isn't boldded, of course. But who am I to let let a chain of ironic typos die?
Posted Mar 24, 2023 7:09 UTC (Fri)
by alan (subscriber, #4018)
[Link] (6 responses)
Posted Mar 24, 2023 11:54 UTC (Fri)
by gray_-_wolf (subscriber, #131074)
[Link] (5 responses)
What would it refer to? As someone not from the US I imagined the tightened grip on data collection by Five Eyes and more invasion of privacy while travelling. Does it have different meaning to US people?
Posted Mar 24, 2023 13:13 UTC (Fri)
by LtWorf (subscriber, #124958)
[Link] (1 responses)
Posted Mar 24, 2023 13:43 UTC (Fri)
by corbet (editor, #1)
[Link]
Posted Mar 24, 2023 13:43 UTC (Fri)
by excors (subscriber, #95769)
[Link]
Those wars were easy to ignore on LWN because they're far outside its scope, but it's much harder to ignore Russia's invasion of Ukraine: I think the difference is that Russia appears to be in the top 10 countries in most Open Source related metrics, and Ukraine in the top 20, so this directly affects a significant percentage of contributors and projects, and those impacts can't be understood without looking at the wider context. (But the wider context is politics, and it's almost impossible to have a reasonable discussion about politics on the internet in a public forum, so it's a very hard topic to address.)
Posted Mar 24, 2023 14:02 UTC (Fri)
by zdzichu (subscriber, #17118)
[Link]
Posted Mar 26, 2023 13:11 UTC (Sun)
by ChrisShort (subscriber, #120695)
[Link]
Posted Mar 23, 2023 17:53 UTC (Thu)
by flussence (guest, #85566)
[Link] (28 responses)
When I look at that state of things from a distance it all seems very weird. The rest of the world seems disinterested in sovereignty over their parts of the internet, or having network effects on this scale (outside of social media). It almost makes me wonder whether the network effect is itself a liability.
Posted Mar 23, 2023 18:16 UTC (Thu)
by dskoll (subscriber, #1630)
[Link] (22 responses)
This is not a new problem. Microsoft and Google pretty much have most of the email market between them. Microsoft, Google and Apple control the operating systems running on the vast majority of PCs and mobile devices. This sort of concentration has been going on for a long time.
The way to fight it is to resist it. Run your own mail servers. Run your own self-hosted Gitlab, Gitea or Forgejo instances. Don't run Windows, MacOS or Android where practical; instead, run OSes not as centrally controlled.
Sure, it's less convenient. Until it isn't.
Posted Mar 23, 2023 18:49 UTC (Thu)
by apoelstra (subscriber, #75205)
[Link] (6 responses)
https://blog.sia.tech/the-worrying-depth-and-scope-of-cen...
Personally, I live in the United States as an immigrant, which means that I am beholden to its laws (and some of which, such as "crimes of moral turpitude", I cannot break without potentially endangering my immigration status; it is not obvious to me whether DMCA violations or "computer fraud" type crimes fall under this umbrella). So I am often limited, basically to political action and not much else, in how much I can directly challenge such systems. I do run my own mailserver and webserver since these are clearly 1st-amendment-protected activities, though I don't run any services where 3rd parties can post content I might be obligated to vet.
So I agree with the GP that it "seems strange" that in the rest of the world, there is less interest in asserting sovereignty in such areas, especially by nation-states who presumably aren't bound by the sort of human-level fears that we are.
Posted Mar 23, 2023 19:35 UTC (Thu)
by dskoll (subscriber, #1630)
[Link] (4 responses)
Yep, that's a problem. I seem to have lucked out with my email. I use DKIM and SPF, and have had the same IP for more than a decade, so its reputation is reasonable and my mail gets through.
But Google and MSFT have way too much power. If they decide they don't like you, they can essentially cut you off from being able to usefully use email unless you go with their platform or another large platform that has their (temporary?) blessing.
Posted Mar 23, 2023 23:07 UTC (Thu)
by rgmoore (✭ supporter ✭, #75)
[Link]
It's especially bad because so many places that used to host their own email have now outsourced it. Every decent-sized company and university used to run its own server, which meant the larger players like Google and Microsoft had to have policies that respected self-hosted email. As the number of those servers gets smaller and smaller, it's easier for the behemoths to be overbearing. They actually benefit from policies that make it harder to host your own server, since that will push more users to outsource to them. It's classic monopolitic behavior.
Posted Mar 24, 2023 0:48 UTC (Fri)
by gerdesj (subscriber, #5446)
[Link] (2 responses)
Well, let's start with the basics: (E)HELO matches DNS and A/AAAA <-> PTR. The last one is the tricky one for most people.
PTR records "belong" to ISPs. It's similar to the snag that buggers up nice things like ENUM. The various bits of the ENUM registry "belong" to the likes of Nominet, who - to put it bluntly - do not have your or my best interests at heart.
Large bits of internet freedom were walled off pretty early on, often to no real protest. Who on earth would want telephony to be as simple and free as email? It's going to take a while for Google MS and co to close off email in the same way as ENUM was screwed from day one. The standard meme on HN is that email is fucked already despite the occasional protestation from holdouts like me. Hereabouts is little better ... but better. The world of email can't be allowed to degenerate into hyper dodgies plus Mail(pig/spam/numpty/gun/etc) and a fringe of 'bots.
Remember you can relay email if you are careful. If your IP is considered a bit shady then relay and fix up SPF accordingly. If your domain is dodgy, then start again and take a long hard look at what you are trying to do. Back to the IP - pick your relay carefully! Don't forget IPv6 is a thing.
Posted Mar 24, 2023 1:26 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Please, don't exaggerate. There are plenty of independent e-mail providers like Fastmail.fm or Protonmail. Many companies run in-house email servers. It's more difficult to run an email server at home, but it's perfectly doable for even a mid-size company.
Posted Mar 27, 2023 12:34 UTC (Mon)
by dskoll (subscriber, #1630)
[Link]
My provider lets me set the PTR record for my IPv4 and IPv6 addresses, so that's a non-issue for me. Don't use providers that don't offer that service.
Posted Mar 24, 2023 4:06 UTC (Fri)
by ttuttle (subscriber, #51118)
[Link]
Posted Mar 23, 2023 19:01 UTC (Thu)
by cesarb (subscriber, #6266)
[Link]
They control more than just the operating system; through their hardware compatibility standards (which are required if you want to be able to ship their operating systems), they indirectly control the hardware too. The most notable example is the requirement that UEFI with Secure Boot be implemented (and all the baggage that comes with it), but even small things like the presence of a "Windows logo" key on nearly every non-Apple PC keyboard is due to these standards.
Posted Mar 23, 2023 20:29 UTC (Thu)
by Cyberax (✭ supporter ✭, #52523)
[Link] (6 responses)
As a good alternative, you can just buy your own domain and run a business version of Gmail on it. This way you can get all the benefits of Google account (like the ability to log into websites), and you are still in control of your email. If Google at any point becomes too incompetent, just change the MX records to somebody else.
Posted Mar 24, 2023 2:56 UTC (Fri)
by mathstuf (subscriber, #69389)
[Link] (1 responses)
This is terrible. I try to sign up to individual accounts where I can (and need an account) in order to avoid SPOF (especially one with as terrible customer support history as Google…and most other common OAuth providers for that matter).
I use Fastmail and recommend it (yes, Five Eyes and Australia, but given that Google is receiving the vast majority of my email anyways…I find it hard to justify going too far down that path).
Posted Mar 24, 2023 3:05 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link]
I recently migrated everything from Lastpass to BitWarden, and as a part of the migration, I also switched email to my own domain.
I believe I only had a couple of services that didn't allow me to change from Google's Oauth to email+password, out of several hundred. Typically you just need to request the password reset and then just keep logging in with the new password.
Let's see what the future brings with passkeys...
Posted Mar 24, 2023 11:57 UTC (Fri)
by rsidd (subscriber, #2582)
[Link] (3 responses)
Posted Mar 24, 2023 14:59 UTC (Fri)
by Wol (subscriber, #4433)
[Link]
And harking back to WordPerfect :-) that's actually a very good strategy. By making it easy for people to move data both in and out, the net flow tends to be very much in rather than out.
Cheers,
Posted Mar 24, 2023 17:30 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Google supports IMAP, so you can just download all the emails and then import them back. There's an API to retrieve contacts and calendars.
I have not looked at exporting the filter settings, but you'll probably need to redo them anyway.
Posted Mar 27, 2023 12:36 UTC (Mon)
by dskoll (subscriber, #1630)
[Link]
If you must use Google, which I don't recommend, then the correct way is to simply have it relay to your actual mail server that you control. Similarly for outbound mail, use your own mail server and configure Google's outbound server as a smarthost.
That way, if you need to leave Google for whatever reason, all your email is in your possession. I'd use any third-party email service in the manner I've just described---it gives some level of control over your own email.
Posted Mar 23, 2023 23:20 UTC (Thu)
by ballombe (subscriber, #9523)
[Link] (6 responses)
Posted Mar 24, 2023 9:30 UTC (Fri)
by gdt (subscriber, #6284)
[Link] (3 responses)
It would help if the IETF published a short RFC on this precise point of conformance checks for the current formats of email addresses. Even though that information is available from other RFCs. The RFC could include regexps in common languages for accepting an email address in a form.
Even experienced programmers stuff up addresses like jane+folder@example.com.au and fred@newtld (no dot in RHS) being valid. It's also probably time that the IETF determined if it is still useful that fred@example.com.au and Fred@example.com.au are different addresses, although that will probably end up in weasel works like "may be different mailboxes or may be identical mailboxes".
Posted Mar 29, 2023 16:57 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (2 responses)
I thought it was canonical (as a result of historical pressure) that email addresses MUST be case insensitive. Back in the dim and distant past, some sites were upper case, some sites were lower case, some transposed all case passing through, and some just didn't have (upper) lower case. I certainly started my programming career unable to use lower case ...
The other big problem we have is "is Jo.Bloggs = jobloggs". I gather Google certainly think so ... so long as it's only gmail addresses that suffer this, then that's okay, but it won't do the wider internet any favours ...
Cheers,
Posted Mar 29, 2023 17:43 UTC (Wed)
by james (subscriber, #1325)
[Link] (1 responses)
Posted Mar 29, 2023 21:33 UTC (Wed)
by anselm (subscriber, #2796)
[Link]
Way back at university in the early 1990s we ran AIX on a bunch of IBM RS/6000 machines. One annoyance that we had to deal with was that IBM's implementation of Sendmail very faithfully enacted the RFC that said local parts of e-mail addresses (except “postmaster”) must be treated as case-sensitive. This together with some professors insisting on capitalising the names in everyone's e-mail addresses led to some fairly sizeable /etc/aliases files. Our IBM rep said that things were working as designed and filing a “program change request” would probably be pointless.
Posted Mar 24, 2023 12:01 UTC (Fri)
by rsidd (subscriber, #2582)
[Link]
Posted Mar 31, 2023 1:00 UTC (Fri)
by jschrod (subscriber, #1646)
[Link]
This won't work in the rest of the world, and your suspicious js library won't find any usage there.
Posted Mar 23, 2023 19:17 UTC (Thu)
by NYKevin (subscriber, #129325)
[Link] (4 responses)
I'm not entirely sure I agree with that. The EU is increasingly enforcing laws like GDPR against companies that, at least in some cases, have no direct physical presence in Europe. I expect we will see more regulations of this nature in the future.
The EU does not wield sanctions like the blunt sledgehammer that the US uses, but I think this is at least in part because the EU does not think this is an appropriate way of conducting foreign policy. Or, if you're into realpolitik, it's because the US is bigger (more economically powerful) than the EU and has better coordination (one federal government with plenary power over foreign policy vs. twenty-something national governments who mostly but don't entirely agree on issues of foreign policy). The US also has a much more streamlined foreign policy apparatus (i.e. the President tells the Secretary of State what to do, and the Secretary does it), compared to the EU (a byzantine maze of committees, the Parliament has to vote to do much of anything, etc.). If Joe Biden decides that country X is a problem, then country X will find itself on the wrong end of US foreign policy very quickly. If, say, Emmanuel Macron decides that country X is a problem, translating that into effective foreign policy at the level of the entire EU is a much more complicated and fraught process (at the very least, he probably needs Olaf Scholz to go along with it, but realistically that's just the absolute bare minimum to get things off the ground).
Posted Mar 24, 2023 14:38 UTC (Fri)
by kleptog (subscriber, #1183)
[Link] (1 responses)
That's not possible. The EU (or more accurately, the member states) can only enforce laws within their jurisdiction. A company that has no presence in the EU cannot be directly affected by EU regulations.
Goods are the easy part. Even if the producer is has no EU presence, someone in the EU is the responsible importer, and they're on the hook for complying with all regulations. They'll try to contractually push that onto the producer, and the jurisdiction problem is theirs.
Services are trickier. The provider may not have an EU presence, but if the customer in in the EU, that's where the regulations kick in. There should be a legal representative located in the EU who is responsible for the compliance. If there isn't, well, it gets tricky. The GDPR can't be enforced internationally. So it kinda of depends on that major online services eventually get an EU presence, if only because once a significant amount of money is earned in the EU it's just cheaper that doing it all remotely, and their customers start demanding it.
> Or, if you're into realpolitik, it's because the US is bigger (more economically powerful) than the EU and has better coordination (one federal government with plenary power over foreign policy vs. twenty-something national governments who mostly but don't entirely agree on issues of foreign policy).
This is by design though. We experienced first hand (in various ways) the effects that a single powerful ruler can have and then deliberately set everything up so that that was impossible. So everything everywhere requires votes and meetings. Powers are distributed and cannot be combined. The downside is of course that it's much harder to exercise coherent foreign policy. Them's the breaks. In the current situation people can see the advantage of a single coherent foreign policy, but despite that we'll never vote to make it happen.
It's actually similar to how the large platforms work. A single large online platform benefits from economies of scale and can make huge changes and as long everything is fine its fine. But once they go sour you have a big problem. A smaller collection of competing platforms offers more choice, but will never to be able beat the single large platform.
Posted Mar 29, 2023 16:59 UTC (Wed)
by Wol (subscriber, #4433)
[Link]
Except that services have to be paid for. And the banks / merchant services (such as Visa etc) are on the hook. Governments start forcing them to refund their citizens for services paid for, and they won't be able to do business in the EU because the payment channels will blacklist them.
There's always ways ...
Cheers,
Posted Apr 11, 2023 3:07 UTC (Tue)
by flussence (guest, #85566)
[Link] (1 responses)
It hasn't really had the desired effect of curtailing pervasive online surveillance, but GDPR *has* brought to the surface the full extent of how petty and vindictive many companies can be, ranging from Yahoo's outright abusive 600+ subitem cookie permissions maze, to various news rags' outright blocking of EU readers, to products like Discord making sure to drag its feet for thirty days (the maximum legally permissible delay) when someone tries to self-serve export their data.
And there's a secondary consequence of it being such a toothless law (barring a few headline-making fines, which are rare and seem to have no lasting effect): with those companies having spent this long loudly yelling about how much contempt they have for their users and receiving next to zero pushback, they're starting to realise they can get away with so, so much worse.
That isn't to say GDPR is worthless; to borrow from a subthread further down, it turns out asking for an almost satirically bare minimum of goodwill from some people seems to be a cheap and reliable way to get them to follow RFC 3514. But the problem is the overwhelming indifference to acting on that 1 bit of information, and at risk of drifting too far on-topic, I think that indifference might be a large part of how we ended up with everything - at least in the computing world - the way it is now.
Posted Apr 11, 2023 11:07 UTC (Tue)
by kleptog (subscriber, #1183)
[Link]
Concrete example, the local swimming pool used to take photos of their members to print on the membership card. I'm sure someone once thought it was a neat idea, but when you think about it, it serves no business purpose at all. Now the membership cards are just a piece of plastic with a number. That counts as a win for me, especially since they were victim of a ransomware attack at one point.
Sure, it's not a magic bullet, that doesn't exist. But I feel it has been successful in getting people to at least think about what it means for your data to be sold everywhere. It won't solve rampant online surveillance, but helps for the millions of smaller businesses whose administration and data security are on a shoe-string budget.
Posted Mar 23, 2023 18:55 UTC (Thu)
by mfuzzey (subscriber, #57966)
[Link] (2 responses)
They are for stmmac which is a driver for networking hardware in chips made by ST Microelectronics which is not a Russian company. Presumably Baikal use those chips but so do hundreds of other companies all over the world.
So while I understand the quote from Konstantin Ryabitsev it's not as if the funding of the infrastructure was just helping Baikal as the driver is used in lots of places that have nothing to do with Baikal.
What am I missing?
Posted Mar 23, 2023 19:17 UTC (Thu)
by mricon (subscriber, #59252)
[Link] (1 responses)
If you're a US company funding kernel development, you have to worry *any* time your employees interact with sanctioned entities, because what is okay and what isn't okay requires nuanced understanding and proper legal vetting. When a patch comes in with a clear attribution to BE, I can guarantee you that the legal team gets very nervous about their engineers touching it, even if it's not specific to BE architecture (you know this, I know this, but a judge will not know this without a panel of experts).
Posted Mar 29, 2023 3:33 UTC (Wed)
by marcH (subscriber, #57642)
[Link]
Posted Mar 23, 2023 19:52 UTC (Thu)
by atai (subscriber, #10977)
[Link] (8 responses)
Posted Mar 23, 2023 20:04 UTC (Thu)
by mricon (subscriber, #59252)
[Link] (6 responses)
Furthermore, IANAL, but to be in violation of the GPL, you have to refuse to provide the source to the end-user of your product. If all users are internal to the company, then you're not in violation of the GPL even if you make extensive modifications to the code and don't share it.
Posted Mar 23, 2023 20:13 UTC (Thu)
by corbet (editor, #1)
[Link] (3 responses)
Posted Mar 23, 2023 21:40 UTC (Thu)
by pizza (subscriber, #46)
[Link]
Relatedly, many years ago I was told that the Tomohawk missiles ran on Smalltalk, so if you could get your hands on one, you'd have the source code too. And, being executable, was clearly in a machine-readable format. I was also told that to avoid the adverse affect of garbage collection they just turned it off, and ensured the missile had enough RAM to reach a maximal-range target.
Posted Mar 23, 2023 22:27 UTC (Thu)
by leromarinvit (subscriber, #56850)
[Link]
Posted Apr 6, 2023 11:03 UTC (Thu)
by Gladrim (subscriber, #45751)
[Link]
This is the sort of comment one expects to find quoted in LWN's Quote of the Week, ed :-)
Posted Mar 23, 2023 23:29 UTC (Thu)
by rgmoore (✭ supporter ✭, #75)
[Link] (1 responses)
I assume you just got your thoughts tangled, because this is exactly backward. GPL covers distribution of the software and derived works but explicitly says the user has the right to run the software for whatever purpose they choose. The only exception is in the rare case where the output of the program counts as a derivative (e.g. using a compiler to compile itself). You can use GPL software in any kind of project you want, life saving or murderously evil, without violating the license.
Posted Mar 23, 2023 23:38 UTC (Thu)
by mricon (subscriber, #59252)
[Link]
But fine, if it helps, consider that I had meant "GPL primarily governs how software is being distributed." The GPL still says nothing about what kinds of contributions should be accepted, or via what mechanisms.
Posted Mar 23, 2023 20:14 UTC (Thu)
by pbonzini (subscriber, #60935)
[Link]
Posted Mar 23, 2023 21:10 UTC (Thu)
by spacefrogg (subscriber, #119608)
[Link] (2 responses)
This has radically changed after 2005ish. It started with youtube and myspace, because all the aggregators before were just hosting ephemeral data (forums, chats) and the rest were institutional providers. After 2005 the hoster was providing permanent data. This has completely changed the game.
This virus of outsourced content provision is the actual bone breaking element. Corporations and governments are able to control collaboration so easily, because they (once again) consolidated the data hosting. This allows them to control the access to the data, use their own protocols instead of free one, use centralised ones instead of easily multi-hosted ones.
One of the biggest drawbacks for a sustainable and resilient open-source collaboration is the de-facto coercion into using a single online interface (like GitHub) for all relevant collaboration. This ties the ability to communicate to the ability to host and share data together.
Look at the Linux kernel community. Yes, there is a central authoritative repository, but it is completely independent of the communications infrastructure (e-mail using multiple providers not tied to the repository hoster). The way of collaboration requires the users to copy all knowledge (to their local repository). Half of the world could relatively effortlessly switch to a completely different set of repository and mail hosters if need be, in case of a crisis. With GitHub, all communication about ipmitool immediately breaks down, making it hard(er) to establish reliable and trustworthy collaboration on the side.
Long story short, the free-software community has long benefited from cheap hosting and communications provision. We now pay the price for our laziness, because all the infrastructure was there and was left to rot. It was just not sexy enough to maintain it. Code contributers are way too cool with respect to infrastructure maintenance (e.g. IRC / mailing list/ newsgroup / forum moderators). We can be much better off again by using decentralised tools (esp. communications) and start paying again for our stuff.
Posted Mar 24, 2023 17:31 UTC (Fri)
by fuhchee (guest, #40059)
[Link]
Posted Mar 29, 2023 3:50 UTC (Wed)
by marcH (subscriber, #57642)
[Link]
Right, while Github has billions, the development of decentralized infrastructure relies on just guy who just started getting funded on Patreon[*]: https://www.theverge.com/23658648/mastodon-ceo-twitter-in...
Then some people wonder why everyone prefers Github over email.
In theory everyone loves privacy. In practice people want to get their job done and spend time with their family, not learning about DKIM and IRC log bots.
> It was just not sexy enough to maintain it.
Thank you.
[*] lore.kernel.org omitted for exaggeration purposes. Still minuscule compared to Github and similar.
Posted Mar 24, 2023 8:37 UTC (Fri)
by post-factum (subscriber, #53836)
[Link] (5 responses)
Posted Mar 24, 2023 11:51 UTC (Fri)
by gray_-_wolf (subscriber, #131074)
[Link] (1 responses)
Also, technically speaking, "war in Ukraine" is very descriptive, since you know, there is a war and it is happening in Ukraine.
But I'm not a native speaker, so I might be missing some nuance here?
Posted Mar 24, 2023 13:24 UTC (Fri)
by LtWorf (subscriber, #124958)
[Link]
So I don't think it's a language issue at play here.
But I'm also not a native speaker. Perhaps it only applies sometimes.
Posted Mar 25, 2023 23:24 UTC (Sat)
by amarao (guest, #87073)
[Link] (2 responses)
Posted Mar 26, 2023 1:12 UTC (Sun)
by Wol (subscriber, #4433)
[Link] (1 responses)
After all, Kiev was the original capital of Russia.
What happened in history is an accident of history. We shouldn't be using arguments about what happened in the past, to justify bullying and brutality in the present.
Cheers,
Posted Mar 26, 2023 13:23 UTC (Sun)
by corbet (editor, #1)
[Link]
Posted Mar 24, 2023 10:03 UTC (Fri)
by gdt (subscriber, #6284)
[Link]
As far as government mandates, I think it's useful to distinguish the cases of sanctions applying to the Russian invasion of Ukraine, which the article combines somewhat: Cooperation in many international technical projects has been sanctioned by the US, EU and many other jurisdictions as an economic and a cultural sanction. Naturally the development of Linux -- as a premier international technical project -- has been caught up in elements of those sanctions. Governments have not, and are unlikely to, sanction the use or development of Linux for its potential as a dual-use technology for warmaking. Of course, individuals and organisations may be able to apply their own sanctions for any of the three purposes, as many international scientific projects have already done.
Posted Mar 24, 2023 11:37 UTC (Fri)
by taladar (subscriber, #68407)
[Link] (11 responses)
* IANA
but outside the IT field also to
* material science
just because it might benefit the sanctioned country or entity in some way in the future.
Should we stop all cancer research because Putin might benefit from it if he ever grows a tumour in his old age?
Should we stop the efforts against climate change because Russia would also be less doomed if we prevent the rise of global temperatures?
That obviously can not be the intention of sanctions and there must be some political debate of that very issue somewhere in the history of sanctions?
Posted Mar 24, 2023 16:18 UTC (Fri)
by jafd (subscriber, #129642)
[Link] (10 responses)
No, no one would ban general research, or medical research, or mathematics (but maybe cryptography). It's not feasible and simply won't work, not in the least because research data and papers tend leak even more than hydrogen. It sure would be a big symbolic populistic gesture, but no more than that. Banning tzdata is something like banning export of Arabic digits.
But you miss the fact that to benefit from things like cancer research you need properly placed capital and educated people. In closed authoritarian countries with militant dear leaders — the kind usually ending up being sanctioned — none of this exists. Educated people tend to flee, and the capital is allocated towards building a lush February residence for the dear leader, smuggling in a fleet of luxury cars, that sort of thing.
Posted Mar 26, 2023 11:03 UTC (Sun)
by anticodon (guest, #95450)
[Link] (9 responses)
As for other countries, there's simply no way for them to stop migration of brains towards USA. US prints money in absurd quantities, but since it's the world trade currency, they can do it without raising inflation too much inside the country. This give US a huge advantage over any other country in the world: US consumes roughly 4 times more resources and goods that it produces.
USA can buy any programmer, any scientist from any country because they can print whatever amount of money needed. There's simply no way any other government can compete with that. It's a flawed system and I hope it'll end soon.
Posted Mar 26, 2023 15:10 UTC (Sun)
by mpr22 (subscriber, #60784)
[Link]
And which opinion that is, depends on where in the country you are.
Posted Mar 29, 2023 4:07 UTC (Wed)
by marcH (subscriber, #57642)
[Link] (7 responses)
It's not very clear what your definition of "authoritarian" is. "Authoritarian" means that you can't say and do what you want _inside_ the country without ending in jail or worse. In other words "authoritarian" has absolutely nothing to do with wars or anything international.
If you don't think the US is a great place for the freedom to say any random crazy stupid thing you want, then you've been living under a stone for a while.
Posted Mar 29, 2023 11:23 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (3 responses)
We're getting like that over here with the "woke" mob :-(
In the US, the Government won't punish you for saying what you like, but there's plenty of people who will ... "without ending in jail or worse" so the US fits that definition of "Authoritarian" pretty well. It's just not the Government doing it.
Look at yourself through others' eyes - it can be quite a shock. For me even changing my perspective from "English" to "British" was quite a shock ...
Cheers,
Posted Mar 29, 2023 12:16 UTC (Wed)
by pizza (subscriber, #46)
[Link]
... Hardly.
> In the US, the Government won't punish you for saying what you like, but there's plenty of people who will ...
Welcome to every human society, ever.
Posted Apr 6, 2023 9:26 UTC (Thu)
by davidgerard (guest, #100304)
[Link] (1 responses)
this word means "awareness of systemic racism", fwiw
Posted Apr 6, 2023 10:58 UTC (Thu)
by james (subscriber, #1325)
[Link]
Or maybe we could automatically set the RFC 3514 evil bit based on semantic analysis.
(Incidentally, RFC 9401 was published a few days ago, complementing RFC 3514. Readers may find it informative.)
Posted Mar 29, 2023 12:27 UTC (Wed)
by kleptog (subscriber, #1183)
[Link] (2 responses)
The democracy index worldwide has been steadily declining for a while now and shows no sign of improving any time soon.
But the invasion and occupation of a foreign country most definitely imposes a form of authoritarianism on that country.
Posted Mar 29, 2023 15:57 UTC (Wed)
by marcH (subscriber, #57642)
[Link] (1 responses)
Yes of course, I tried to keep it short and simple.
> Enforcement can include being ostracised to not being able to get a job. In extreme forms the enforcement is done by the population itself, rather than by authorities.
Yes you can be "cancelled" but that's true in every country, social pressure can be very strong but out of respect for people dying in say Iran, don't confuse social pressure with authoritarian regimes.
The reason "cancellations" are much more visible in the US is precisely because social pressure is much, much lower which makes some people think they can think aloud on the Internet megaphone and expect some positive effect without anticipating actual consequences. In other places all children are taught to keep their mouth shut at a young age (= social pressure).
Unlike many other countries, you can also evade social pressure in the US by simply moving to a different place. This is not theoretical, I've met a number of people who actually did that.
> But the invasion and occupation of a foreign country most definitely imposes a form of authoritarianism on that country.
Most of the time but not necessarily. They're just different things, that's all. The war in Iraq was one of the biggest lies, crimes and disasters of the century and Iraq is a possibly worse place to live right now but I don't think anyone would argue that the current Iraq regime is more "authoritarian" than Saddam Hussein was.
Posted Mar 29, 2023 16:04 UTC (Wed)
by corbet (editor, #1)
[Link]
Posted Mar 24, 2023 20:39 UTC (Fri)
by stybla (subscriber, #64681)
[Link]
Do you mean EU's Cyber Resilience Act? Yeah, I too can't wait! :\
Posted Mar 27, 2023 0:46 UTC (Mon)
by mtaht (subscriber, #11087)
[Link]
This piece of his, in particular, had been on my mind.
Posted Apr 3, 2023 14:55 UTC (Mon)
by sleepyfox (subscriber, #129531)
[Link]
This article almost did not get posted, and fear of the comment stream was one reason why.
A note to commenters
A note to commenters
A note to commenters
A note to commenters
A note to commenters
A note to commenters
A note to commenters
A note to commenters
That was the intent, for the record. But this is all off topic. That paragraph glossed over everything it mentioned; they weren't really the point of the article.
A note to commenters
A note to commenters
A note to commenters
A note to commenters
Free software during wartime
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Wol
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
user@bad.example.com
This is probably just an oversight in some js library, but it is impossible to get it fixed.
Support service just tell you to use your gmail address.
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Wol
Actually, the standards say that:Concentration and centralization (was Free software during wartime)
Nobody actually implements case-sensitive mailboxes, though, because the easiest way to get PoStMaStEr working is making everything case-insensitive, and a number of mailers (historically, at least) upper-cased everything.
The local-part of a mailbox MUST BE treated as case sensitive.
Therefore, SMTP implementations MUST take care to preserve the case
of mailbox local-parts. In particular, for some hosts, the user
"smith" is different from the user "Smith". However, exploiting the
case sensitivity of mailbox local-parts impedes interoperability and
is discouraged.
(RFC 5321 section 2.4)
Concentration and centralization (was Free software during wartime)
Nobody actually implements case-sensitive mailboxes, though
Concentration and centralization (was Free software during wartime)
Concentration and centralization (was Free software during wartime)
Free software during wartime
Free software during wartime
Free software during wartime
Wol
Free software during wartime
Free software during wartime
Free software during wartime
Free software during wartime
Free software during wartime
Free software during wartime
Free software during wartime
Of course ... launching the missile might well be considered distributing it (and the software contained therein) to the target. I suspect they are not expecting many source requests from that direction.
Free software during wartime
Free software during wartime
Free software during wartime
Free software during wartime
Free software during wartime
GPL is a license governing how the software is being used, not how development is done, so it's not really relevant here.
Free software during wartime
Free software during wartime
Free software during wartime
Free software during wartime
Free software during wartime
Free software during wartime
Free software during wartime
Free software during wartime
Free software during wartime
Free software during wartime
Wol
Please, this is just the sort of off-topic discussion I was hoping to avoid. Let's stop it here.
Off topic
Free software during wartime
Free software during wartime
* tzdata
* medical research
* any kind of pure research
Free software during wartime
Free software during wartime
But you miss the fact that to benefit from things like cancer research you need properly placed capital and educated people. In closed authoritarian countries with militant dear leaders — the kind usually ending up being sanctioned — none of this exists.
No, it's not that simple. For one thing, US is the most militant authoritarian countries in the world. The former is quite obvious, probably no other country killed so many non-combatants directly (and much more indirectly) in the recent country. The latter is less obvious, but pretty evident for anyone living outside US. There can be only one opinion on just about every question in life: external politics, sex/gender, equality, etc, etc. All other opinions you can only say if you are willing to risk losing your job and career if not something worse.
Free software during wartime
Free software during wartime
Free software during wartime
Wol
Free software during wartime
Free software during wartime
Free software during wartime
"woke" means "awareness of systemic racism", fwiw
I have an alternative theory: it's a Secret Experiment. If we can persuade certain people to use the word "woke" as a Bad Thing, maybe we can persuade them to set the RFC 3514 evil bit, too, and we'll all be much happier.
Free software during wartime
Free software during wartime
Please...let's keep the discussion on the topic of the original article. We've done a pretty good job of that so far, and I would love to see that continue. This thread has drifted away, though.
Off-topic
Free software during wartime
Free software during wartime
while security and patch continuity
ipmitool may be rehoused quickly, the knock-on administrative overhead could mean that patches for this software are delayed -- including security patches (like this old example). Will it be on distributions to handle projects where the upstream is not abandoned but considered unreliable or unusable?