GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Evan B🥥ehs (eb@social.coop)'s status on Saturday, 30-Mar-2024 04:50:43 JST Evan B🥥ehs Evan B🥥ehs

    Unfolding now: https://news.ycombinator.com/item?id=39865810

    - https://www.openwall.com/lists/oss-security/2024/03/29/4
    - https://github.com/tukaani-project/xz/commit/cf44e4b7f5dfdbf8c78aef377c10f71e274f63c0

    An incredibly technically complex #backdoor in xz (potentially also in libarchive and elsewhere) was just discovered. This backdoor has been quietly implemented over years, with the assistance of a wide array of subtly interconnected accounts:

    - https://github.com/tukaani-project/xz/commit/ee44863ae88e377a5df10db007ba9bfadde3d314
    - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708
    - https://github.com/jamespfennell/xz/pull/2

    The timeline on this is going to take so long to unravel

    #security #linux

    In conversation about a year ago from social.coop permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: www.openwall.com
      oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise
    2. No result found on File_thumbnail lookup.
      https://news.ycombinator.com/item?id=39865810-

    3. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
      liblzma: Add ifunc implementation to crc64_fast.c. · tukaani-project/xz@ee44863
      The ifunc method avoids indirection via the function pointer crc64_func. This works on GNU/Linux and probably on FreeBSD too. The previous __attribute((__constructor__)) method is kept for compatib...
    4. Domain not in remote thumbnail source whitelist: bugs.debian.org
      #1067708 - xz-utils: New upstream version available - Debian Bug report logs

    • 13 barn owls in a trenchcoat, clacke, Tobias Hellgren and GreenSkyOverMe (Monika) repeated this.
    • Embed this notice
      Evan B🥥ehs (eb@social.coop)'s status on Saturday, 30-Mar-2024 04:50:42 JST Evan B🥥ehs Evan B🥥ehs
      in reply to

      https://boehs.org/node/everything-i-know-about-the-xz-backdoor

      I have begun a post explaining this situation in a more detailed writeup. This is updating in realtime, and there is a lot still missing.

      #security #xz #linux

      In conversation about a year ago permalink

      Attachments


      Haelwenn /элвэн/ :triskell: and clacke like this.
      GreenSkyOverMe (Monika) repeated this.
    • Embed this notice
      Glyph (glyph@mastodon.social)'s status on Saturday, 30-Mar-2024 07:55:51 JST Glyph Glyph
      in reply to

      @eb I really hope that this causes an industry-wide reckoning with the common practice of letting your entire goddamn product rest on the shoulders of one overworked person having a slow mental health crisis without financially or operationally supporting them whatsoever. I want everyone who has an open source dependency to read this message https://www.mail-archive.com/xz-devel@tukaani.org/msg00567.html

      In conversation about a year ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: www.mail-archive.com
        Re: [xz-devel] XZ for Java
      Haelwenn /элвэн/ :triskell: and clacke like this.
      Haelwenn /элвэн/ :triskell:, Polychrome :blabcat:, pettter and GreenSkyOverMe (Monika) repeated this.
    • Embed this notice
      Evan B🥥ehs (eb@social.coop)'s status on Saturday, 30-Mar-2024 07:55:53 JST Evan B🥥ehs Evan B🥥ehs
      in reply to

      Holy shit.

      In conversation about a year ago permalink

      Attachments


      1. https://social-coop-media.ams3.cdn.digitaloceanspaces.com/media_attachments/files/112/180/890/786/226/686/original/e8f89d36c20ecf7f.png
      Haelwenn /элвэн/ :triskell: and clacke like this.
      pettter, clacke and GreenSkyOverMe (Monika) repeated this.
    • Embed this notice
      Geoffrey Thomas (geofft@mastodon.social)'s status on Saturday, 30-Mar-2024 08:00:48 JST Geoffrey Thomas Geoffrey Thomas
      in reply to
      • Glyph

      @glyph @eb I'm frustrated that big tech's efforts to increase core library security are "your project is too popular, you must use 2FA" and "the best reverse engineers in the world will find your bugs and put you on a 90 day disclosure deadline" and not "here is $100K/year and benefits to keep doing what you're doing at your own pace."

      In conversation about a year ago permalink
      clacke and Polychrome :blabcat: like this.
    • Embed this notice
      Glyph (glyph@mastodon.social)'s status on Saturday, 30-Mar-2024 08:02:45 JST Glyph Glyph
      in reply to

      @eb "I never thought a sophisticated APT would backdoor *my* volunteer-maintained infrastructure that I got for free" sobs entire industry who voted for the "volunteer-maintained infrastructure that I get for free with no defense against sophisticated APTs" party

      In conversation about a year ago permalink
      Haelwenn /элвэн/ :triskell: and clacke like this.
    • Embed this notice
      Luis Villa (luis_in_brief@social.coop)'s status on Saturday, 30-Mar-2024 08:04:49 JST Luis Villa Luis Villa
      in reply to
      • Glyph
      • David Zaslavsky
      • Geoffrey Thomas

      @diazona @geofft @glyph @eb there’s a lot of precedent for hiring maintainers of top-level programs whose brand (for lack of a better term) has reached the level of awareness of a C-level with a hiring budget. Collectively pooling money to help the projects C-levels have never heard of… has a much weaker track record. We’ve been trying to tackle it at Tidelift for a while and suffice to say I’ve definitely had a lot of “but it can’t happen to me” conversations.

      In conversation about a year ago permalink
      Haelwenn /элвэн/ :triskell: and clacke like this.
    • Embed this notice
      David Zaslavsky (diazona@techhub.social)'s status on Saturday, 30-Mar-2024 08:04:50 JST David Zaslavsky David Zaslavsky
      in reply to
      • Glyph
      • Geoffrey Thomas

      @geofft @glyph @eb I'm certainly not disputing that it's a real problem that that doesn't happen more often, but isn't there some precedent for big tech companies hiring people to work on specific open source projects? So it's not totally unheard of

      In conversation about a year ago permalink
    • Embed this notice
      Geoffrey Thomas (geofft@mastodon.social)'s status on Saturday, 30-Mar-2024 08:05:40 JST Geoffrey Thomas Geoffrey Thomas
      in reply to
      • Glyph
      • Luis Villa
      • David Zaslavsky

      @luis_in_brief @diazona @glyph @eb Yeah that resonates with my experience. People like GvR get hired (which is great!) but there's a whole dependency stack underneath. Their maintainers often have a strong résumé to get hired for a normal big tech job at a company that uses the language/ecosystem/etc. but not necessarily for maintaining the project as their job. Sometimes the job is even "build something similar for an internal non-OSS ecosystem."

      In conversation about a year ago permalink
      Haelwenn /элвэн/ :triskell: and clacke like this.
    • Embed this notice
      Luis Villa (luis_in_brief@social.coop)'s status on Saturday, 30-Mar-2024 08:06:26 JST Luis Villa Luis Villa
      in reply to
      • Glyph
      • David Zaslavsky
      • Geoffrey Thomas

      @diazona @geofft @glyph @eb I increasingly wonder if we aren’t due for some “defragging” of a lot of core infra, with many projects pooled together, maintained, and funded more collectively, like Ruby Together.

      In conversation about a year ago permalink
      Haelwenn /элвэн/ :triskell: and clacke like this.
    • Embed this notice
      Luis Villa (luis_in_brief@social.coop)'s status on Saturday, 30-Mar-2024 08:07:13 JST Luis Villa Luis Villa
      in reply to
      • Glyph
      • David Zaslavsky
      • Geoffrey Thomas

      @geofft @diazona @glyph @eb yup. Or they get hired with the promise that they’ll get 20% time to work on it, and that goes away for reasons (sometimes good, sometimes bad), or…. Etc etc

      In conversation about a year ago permalink
      Haelwenn /элвэн/ :triskell: and clacke like this.
    • Embed this notice
      Luis Villa (luis_in_brief@social.coop)'s status on Saturday, 30-Mar-2024 08:08:02 JST Luis Villa Luis Villa
      in reply to
      • Glyph
      • David Zaslavsky
      • Geoffrey Thomas

      @glyph @geofft @diazona @eb “Famous maintainers get hired more than critical maintainers.” Owwwwwwww.

      In conversation about a year ago permalink
      clacke likes this.
      clacke repeated this.
    • Embed this notice
      Glyph (glyph@mastodon.social)'s status on Saturday, 30-Mar-2024 08:08:03 JST Glyph Glyph
      in reply to
      • Luis Villa
      • David Zaslavsky
      • Geoffrey Thomas

      @geofft @luis_in_brief @diazona @eb there are layers and layers to this. Famous maintainers get hired more than critical maintainers. And maintenance is important but how do you pay for the commons of *new* projects? The tidelift model gets us part of the way there, because these costs need to be aggregated and there needs to be some kind of oversight, but even if they were universally adopted (and that is far from true) there are so many missing pieces

      In conversation about a year ago permalink
      clacke likes this.
      Haelwenn /элвэн/ :triskell: repeated this.
    • Embed this notice
      Rich Felker (dalias@hachyderm.io)'s status on Saturday, 30-Mar-2024 08:12:22 JST Rich Felker Rich Felker
      in reply to
      • Glyph
      • Luis Villa
      • David Zaslavsky
      • Geoffrey Thomas

      @geofft @glyph @luis_in_brief @diazona @eb A relationship with a critical FOSS dependency maintainer is very clearly classifiable as independent contractor, and SHOULD or even MUST be for the sake of project integrity. There should be no reason to need US work authorization.

      In conversation about a year ago permalink
      Haelwenn /элвэн/ :triskell: likes this.
    • Embed this notice
      Geoffrey Thomas (geofft@mastodon.social)'s status on Saturday, 30-Mar-2024 08:12:23 JST Geoffrey Thomas Geoffrey Thomas
      in reply to
      • Glyph
      • Luis Villa
      • David Zaslavsky

      @glyph @luis_in_brief @diazona @eb Yes, e.g., what if the current maintainer is genuinely unavailable/uninterested? As may well have happened with xz even with a job offer.

      Funding a new maintainer is by itself defensible, but doing so will drastically change both the pressure on the current maintainer and the choice of who becomes maintainer (e.g. there's now a bias in favor of those who have US work authorization).

      I'm curious if either Tidelift or the commercial distros have norms for this.

      In conversation about a year ago permalink
      clacke likes this.
    • Embed this notice
      Luis Villa (luis_in_brief@social.coop)'s status on Saturday, 30-Mar-2024 16:28:04 JST Luis Villa Luis Villa
      in reply to
      • Glyph
      • Geoffrey Thomas

      @geofft @glyph @eb (sobs in Tidelift)

      In conversation about a year ago permalink
      clacke likes this.
    • Embed this notice
      Geoffrey Thomas (geofft@mastodon.social)'s status on Saturday, 30-Mar-2024 16:28:07 JST Geoffrey Thomas Geoffrey Thomas
      in reply to
      • Glyph
      • Luis Villa

      @luis_in_brief @glyph @eb I should try harder to figure out what a Tidelift is and how to convince my employer to sign up. But also... IMO Microsoft or Google (whom I am subtooting) etc. can singlehandedly employ all the maintainers of `ldd sshd` and that would get results that fractionally paying for the commons never will.

      Like this should be the job of a distro, and RH/SUSE/Canonical/Oracle kinda do this, but clearly none of them actually saved their customers (or the world) from this.

      In conversation about a year ago permalink
      clacke likes this.
    • Embed this notice
      clacke (clacke@libranet.de)'s status on Saturday, 30-Mar-2024 16:28:31 JST clacke clacke
      in reply to

      @eb Great summary of all other summaries, thank you. This is the link I'm sharing to others.

      It's a con heist worthy of a movie script. Amazing and sad.

      In conversation about a year ago permalink

      Attachments

      1. No result found on File_thumbnail lookup.
        others.it
        This domain may be for sale!
    • Embed this notice
      Sylvhem (sylvhem@eldritch.cafe)'s status on Sunday, 31-Mar-2024 22:48:52 JST Sylvhem Sylvhem
      in reply to

      @eb “As I have hinted in earlier emails, Jia Tan may have a bigger role in the project in the future. He has been helping a lot off-list and is practically a co-maintainer already. :-)”

      https://www.mail-archive.com/xz-devel@tukaani.org/msg00571.html

      This is really sad. I’m feeling bad for Lasse Collin.

      In conversation about a year ago permalink
      clacke likes this.
    • Embed this notice
      rugk (rugk@chaos.social)'s status on Sunday, 31-Mar-2024 22:48:57 JST rugk rugk
      in reply to

      @eb aner news, another subtle thing fixed: https://chaos.social/@danderson@hachyderm.io/112185746040563778

      In conversation about a year ago permalink

      Attachments

      1. No result found on File_thumbnail lookup.
        Dave Anderson (@danderson@hachyderm.io)
        from Dave Anderson
        The poor original maintainer of xz is on it now, and has already found another "fun" thing: https://git.tukaani.org/?p=xz.git;a=commitdiff;h=f9cf4c05edd14dedfe63833f8ccbe41b55823b00 . The configure check for enabling the Landlock sandboxing facility was subtly broken, so that Landlock support would never get enabled. The original malicious commit landed around the same timeframe as the main backdoor, also at an abnormal time of day compared to the new maintainer's historical activity pattern.
      clacke likes this.
    • Embed this notice
      Luis Villa (luis_in_brief@social.coop)'s status on Monday, 01-Apr-2024 01:16:22 JST Luis Villa Luis Villa
      in reply to
      • Sumana Harihareswara
      • benwis 🦀

      @benwis @brainwane we do, though sadly not a ton of customer demand yet so not a ton of money going into that ecosystem yet.

      In conversation about a year ago permalink
      clacke likes this.
    • Embed this notice
      benwis 🦀 (benwis@hachyderm.io)'s status on Monday, 01-Apr-2024 01:16:28 JST benwis 🦀 benwis 🦀
      in reply to
      • Sumana Harihareswara
      • Glyph
      • Luis Villa
      • David Zaslavsky
      • Dirkjan Ochtman
      • Geoffrey Thomas

      @luis_in_brief @eb @brainwane @glyph @geofft @diazona @djc

      Does Tidelift support Rust projects?

      In conversation about a year ago permalink
    • Embed this notice
      Luis Villa (luis_in_brief@social.coop)'s status on Monday, 01-Apr-2024 01:16:30 JST Luis Villa Luis Villa
      in reply to
      • Sumana Harihareswara
      • Glyph
      • David Zaslavsky
      • Dirkjan Ochtman
      • Geoffrey Thomas
      • benwis 🦀

      @eb @benwis @brainwane @glyph @geofft @diazona @djc you’re thinking of Back Your Stack, probably.

      On a more sustainable (read: commercial) basis, I co-founded https://tidelift.com to do exactly this.

      In conversation about a year ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: 4008838.fs1.hubspotusercontent-na1.net
        Tidelift | Reduce security risk from bad open source packages
        from Tidelift
        Reduce security risk from bad open source packages and ensure the packages you rely on keep getting better.
    • Embed this notice
      Evan B🥥ehs (eb@social.coop)'s status on Monday, 01-Apr-2024 01:16:32 JST Evan B🥥ehs Evan B🥥ehs
      in reply to
      • Sumana Harihareswara
      • Glyph
      • Luis Villa
      • David Zaslavsky
      • Dirkjan Ochtman
      • Geoffrey Thomas
      • benwis 🦀

      @benwis @brainwane @luis_in_brief @glyph @geofft @diazona @djc there’s some website (I forget what it is) that basically you pay x amount of dollars and it audits your entire dependency tree and attempts to pay maintainers proportionally. Unfortunately iirc it was kinda flawed but I think it’s a solid idea

      In conversation about a year ago permalink
      clacke repeated this.
    • Embed this notice
      benwis 🦀 (benwis@hachyderm.io)'s status on Monday, 01-Apr-2024 01:16:33 JST benwis 🦀 benwis 🦀
      in reply to
      • Sumana Harihareswara
      • Glyph
      • Luis Villa
      • David Zaslavsky
      • Dirkjan Ochtman
      • Geoffrey Thomas

      @brainwane @luis_in_brief @glyph @geofft @diazona @eb @djc How to monetize open source is such an interesting question.

      In conversation about a year ago permalink
    • Embed this notice
      Sumana Harihareswara (brainwane@social.coop)'s status on Monday, 01-Apr-2024 01:16:35 JST Sumana Harihareswara Sumana Harihareswara
      in reply to
      • Glyph
      • Luis Villa
      • David Zaslavsky
      • Geoffrey Thomas

      @luis_in_brief @glyph

      I am way overdue in finishing and publishing my negative review of Eghbal's "Working in Public" but one of my critiques is that she basically concludes that maintainers need to become famous and use Substack/Patreon to crowdfund (from individual donors) in order to sustain their work. Which really doesn't fit what we have found in critical FLOSS infrastructure IMO.

      @geofft @diazona @eb

      In conversation about a year ago permalink
    • Embed this notice
      Luis Villa (luis_in_brief@social.coop)'s status on Monday, 01-Apr-2024 01:16:46 JST Luis Villa Luis Villa
      in reply to
      • Sumana Harihareswara
      • Glyph
      • David Zaslavsky
      • Dirkjan Ochtman
      • Geoffrey Thomas
      • benwis 🦀

      @eb @benwis @brainwane @glyph @geofft @diazona @djc Thanks! admittedly on a day like today, mostly I'm focused on how many projects we can't yet cover.

      So, yeah, send people our way!

      In conversation about a year ago permalink

      Attachments

      1. No result found on File_thumbnail lookup.
        Coming
        from artrescape
      clacke likes this.
    • Embed this notice
      Evan B🥥ehs (eb@social.coop)'s status on Monday, 01-Apr-2024 01:16:47 JST Evan B🥥ehs Evan B🥥ehs
      in reply to
      • Sumana Harihareswara
      • Glyph
      • Luis Villa
      • David Zaslavsky
      • Dirkjan Ochtman
      • Geoffrey Thomas
      • benwis 🦀

      @luis_in_brief @benwis @brainwane @glyph @geofft @diazona @djc oh that’s sick, it’s so funny that you never know who you’re speaking to on here lol. Congrats on how successful tidelift has been :)

      In conversation about a year ago permalink
    • Embed this notice
      Sumana Harihareswara (brainwane@social.coop)'s status on Monday, 01-Apr-2024 01:17:00 JST Sumana Harihareswara Sumana Harihareswara
      in reply to
      • Paul Barker

      @pbarker Thanks! That is motivating and I appreciate you telling me. It'll expand on

      my comment in https://www.metafilter.com/191414/Free-as-in-free-puppy-not-free-as-in-free-beer

      and

      https://www.harihareswara.net/posts/2022/what-you-miss-by-only-checking-github/

      In conversation about a year ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: cdn.mefi.us
        Free as in 'free puppy,' not free as in 'free beer.'
        Nadia Eghbal gives a Long Now Foundation seminar on the maintenance of open source software. (SL one hour of video or audio)
      clacke likes this.
    • Embed this notice
      Paul Barker (pbarker@social.afront.org)'s status on Monday, 01-Apr-2024 01:17:02 JST Paul Barker Paul Barker
      in reply to
      • Sumana Harihareswara

      @brainwane I dropped you a follow because I am *very* interested in reading a critique like that when it is published!

      In conversation about a year ago permalink
      clacke likes this.
      clacke repeated this.
    • Embed this notice
      Sumana Harihareswara (brainwane@social.coop)'s status on Monday, 01-Apr-2024 01:17:07 JST Sumana Harihareswara Sumana Harihareswara
      in reply to
      • Glyph
      • Luis Villa
      • Thomas Depierre
      • David Zaslavsky
      • Geoffrey Thomas

      @Di4na

      If you have an unfinished or unpublished draft review I would very much like to read it. My own critique will/would expand on what I wrote in https://www.harihareswara.net/posts/2022/what-you-miss-by-only-checking-github/ as well as my comment at the top of https://www.metafilter.com/191414/Free-as-in-free-puppy-not-free-as-in-free-beer .

      @luis_in_brief @glyph @geofft @diazona @eb

      In conversation about a year ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: cdn.mefi.us
        Free as in 'free puppy,' not free as in 'free beer.'
        Nadia Eghbal gives a Long Now Foundation seminar on the maintenance of open source software. (SL one hour of video or audio)
      2. Domain not in remote thumbnail source whitelist: www.harihareswara.net
        What You Miss By Only Checking GitHub
        from @changesetllc
        Too many researchers, entrepreneurs, marketers, open source sustainability activists, and commentators assume that activity on GitHub and data from the GitHub API is a reasonable proxy for activity in and data about open source as … | Cogito, Ergo Sumana | Blog by Sumana Harihareswara, Changeset founder
      clacke likes this.
    • Embed this notice
      Thomas Depierre (di4na@hachyderm.io)'s status on Monday, 01-Apr-2024 01:17:08 JST Thomas Depierre Thomas Depierre
      in reply to
      • Sumana Harihareswara
      • Glyph
      • Luis Villa
      • David Zaslavsky
      • Geoffrey Thomas

      @brainwane @luis_in_brief @glyph @geofft @diazona @eb yep i never published my own review because of that. The Road and Bridges report was great. The book felt like a massive PR piece for GitHub sponsor feature and a way to hide the problem.

      In conversation about a year ago permalink
      clacke likes this.
    • Embed this notice
      Irenes (many) (irenes@mastodon.social)'s status on Monday, 01-Apr-2024 09:22:19 JST Irenes (many) Irenes (many)
      in reply to
      • Glyph
      • Peter Brett

      @krans @glyph @eb we're very proactive-death-of-the-author about this. the FSF has failed to provide ideological leadership due to RMS's top-down style, but many of the ideals are good ones and it's the job of the current generation to renew the movement if we want our children to be able to enjoy its fruits the way we did

      In conversation about a year ago permalink
      Haelwenn /элвэн/ :triskell: and clacke like this.
    • Embed this notice
      Peter Brett (krans@mastodon.me.uk)'s status on Monday, 01-Apr-2024 09:22:20 JST Peter Brett Peter Brett
      in reply to
      • Glyph
      • Irenes (many)

      @irenes @glyph @eb I thought it was called "free software" because users are allowed to do whatever they want to with it including modifications, not because it's provided free of charge.

      The founders of the Free Software movement were Libertarians, not Socialists (unfortunately).

      I guess we were talking at cross purposes — sorry.

      In conversation about a year ago permalink
      clacke repeated this.
    • Embed this notice
      Irenes (many) (irenes@mastodon.social)'s status on Monday, 01-Apr-2024 09:22:21 JST Irenes (many) Irenes (many)
      in reply to
      • Glyph
      • Peter Brett

      @krans @glyph @eb sure. well, so the reason we personally call the thing we do "free software" is precisely to highlight the point that our own goal in publishing stuff without charge is very much to work towards a world without that problem, by creating something that exists as far outside it as we can manage (not all the way - obviously we have the free time to do that because of our other privileges)

      In conversation about a year ago permalink
    • Embed this notice
      Irenes (many) (irenes@mastodon.social)'s status on Monday, 01-Apr-2024 09:22:22 JST Irenes (many) Irenes (many)
      in reply to
      • Glyph

      @glyph @eb please note that we are ALSO no fans of the "subsume free software into capitalism" solution that corporate and statist rhetoric has been pushing for a couple years now

      In conversation about a year ago permalink
    • Embed this notice
      Peter Brett (krans@mastodon.me.uk)'s status on Monday, 01-Apr-2024 09:22:22 JST Peter Brett Peter Brett
      in reply to
      • Glyph
      • Irenes (many)

      @irenes @glyph @eb It's tricky to avoid the challenge that arises from the problem that (1) producing free software is work and (2) the workers live in a capitalist society and (3) the workers therefore need to pay for food and shelter.

      Verily, there is no ethical consumption under capitalism.

      In conversation about a year ago permalink
      clacke likes this.
    • Embed this notice
      Peter Brett (krans@mastodon.me.uk)'s status on Monday, 01-Apr-2024 10:11:11 JST Peter Brett Peter Brett
      in reply to
      • Glitzersachen.de

      @glitzersachen No. I think the project was a tasty target because it was barely maintained (due to capitalism) and no-one was actually looking at the code being submitted in detail (also because of capitalism).

      In conversation about a year ago permalink
      clacke likes this.
    • Embed this notice
      Glitzersachen.de (glitzersachen@hachyderm.io)'s status on Monday, 01-Apr-2024 10:11:12 JST Glitzersachen.de Glitzersachen.de
      in reply to
      • Glyph
      • Irenes (many)
      • Peter Brett

      @krans @irenes @glyph @eb

      Do you think he inserted the backdoor for money?

      In conversation about a year ago permalink
    • Embed this notice
      Irenes (many) (irenes@mastodon.social)'s status on Monday, 01-Apr-2024 10:11:19 JST Irenes (many) Irenes (many)
      in reply to
      • Glyph
      • Peter Brett
      • Richard Stallman
      • Shamar

      @Shamar @rms @krans @glyph @eb that's a good analysis. we do agree that, like, any complete statement of values should have more than one thing on it, or at least more elaboration of what they mean in-context.

      we'll take a look at the license. we do think the work to be done is more social than legal, we suspect copyright law as a tool for change has gone about as far as it can.

      In conversation about a year ago permalink
      clacke likes this.
    • Embed this notice
      shamar@qoto.org's status on Monday, 01-Apr-2024 10:11:20 JST Shamar Shamar
      in reply to
      • Glyph
      • Irenes (many)
      • Peter Brett
      • Richard Stallman

      @irenes

      I think @rms did a huge error basing what was a hacker¹ movement on the value of freedom alone.

      #Freedom (like #Communion) is a totalizant value, a value that can blind people from other important values, so much that it's the foundational value of #Capitalism (much like what #Communion was for #Comunism).

      As we can all see that #FreeSoftware lost its political goals, being used much more to reduce human freedom than to increase it (#Google and #Facebook would not exists without exploiting huge amount of developers' work donated as Free Software, much like #GitHub #Copilot / #CopyALot), we should really move to something different.

      Years ago I wrote the #HackingLicense ² to this aim, a (network) #copyleft license (and a shrink-wrap contract) that has been used successfully in a couple of projects.

      It doesn't forbid commercial use of the covered works and even share the copyright with the users that comply with the license itself, BUT contractually impose a complete reciprocity, as any work that benefit in any way from the covered work must be distributed in the same way.

      IOW, if you use my work under the Hacking License, I can use and distribute your work under the same terms. Even if it's a LLM, or a software including its output.

      I'm not sure the Hacking License is the best tool to get back freedom, communion and #Curiosity, but at least it's a step in the right direction.

      ¹ http://www.tesio.it/2020/09/03/not_all_hackers_are_americans.html
      ² http://www.tesio.it/documents/HACK.txt

      @krans @glyph @eb

      In conversation about a year ago permalink

      Attachments

      1. No result found on File_thumbnail lookup.
        PROJECTS.IT
      2. No result found on File_thumbnail lookup.
        Not all hackers are... Americans
        Giacomo Tesio - Not all hackers are... Americans.

    • Embed this notice
      Irenes (many) (irenes@mastodon.social)'s status on Monday, 01-Apr-2024 10:11:21 JST Irenes (many) Irenes (many)
      in reply to
      • Glyph
      • Peter Brett

      @krans @glyph @eb but you're right, of course, it's a valid point. we just don't think trying to coin a new term would be useful, if anything it would be a distraction from the cultural work that matters

      In conversation about a year ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.