Notices by James Henstridge (jamesh@aus.social)

@tomw Re. the did:plc thing, even if issue over control of the database was fixed, there's the issue of control over the individual records.

If you are a Bluesky user and wanted to move your personal data to another server (or self host), you'd need to update your identity record to point at the new PDS.

The identity record lists a set of keys that are trusted to sign changes to the record. Those keys belong to Bluesky rather than the user.

@tomw It feels like they wanted to build a blockchain identity system, but took some shortcuts in the implementation and left out consensus and rollback prevention. So they could potentially rollback an identity to a state where it was controlled by a different set of keys.

They publish a full transaction log, so this could be detectable in theory. But I'm not sure what recourse you'd have.

@tomw most of these complaints are non-issues if you think of the directory as a centralised service.

But by trying to make it look like it might be decentralised, it seems to have worse privacy than a simple centralised user database would have.

You can enumerate every account, including deleted accounts. You can also see the full username change history of every account. It seems like a great trove of information for research, but I'm not sure users are aware that it is being published.

@ariadne It seems like most of the problems would go away if they added "CLOFORK implies CLOEXEC" or similar. I can't imagine why anyone would want this behaviour to persist past their own process image.

@ocdtrekkie @theuni @schmittlauch @ariadne @wwahammy @scott @msw @Atemu The OSI has not left the license in limbo. https://opensource.org/blog/the-sspl-is-not-an-open-source-license doesn't seem ambiguous at all.

@mjg59 All versions of the GPL define source as "the preferred form of the work for making modifications to it", so the LLM prompt would be source code going by the FSF's definition.

Extending the thought experiment: what if all the code, data, and build scripts used to train the language model was made available under an open license, but it would cost you a billion dollars in compute time to reproduce the model?

@klausman @mjg59 every smartphone I've owned so far has stopped receiving OS version upgrades before it became unusable.

In contrast, I've got a 10+ year old x86 server in my closet running a recent Linux distro. It just works because no one has to do hardware enablement for that specific system in the new OS release.

@klausman @mjg59 The real test is whether it makes the system simpler over all. And I'd argue the one-kernel-device model seen on Android phones is complicated in a different way, even if each individual kernel might be simpler.

@dalias @pid_eins @mariusor I work on a distribution that is only upgrading to a JS-capable polkit in this month's release: more than a decade after upstream made the change.

In the grand scheme of things, I don't think it is particularly important. We're talking about a couple of hundred lines of JS that doesn't make use of loops and is very easy to reason about. A more restricted language could achieve the same thing, but it's not something I think is worth fighting about.

@dalias @pid_eins @mariusor While I'm not the biggest fan of Polkit's JS rules system, the vast majority of access decisions get made based on the default rules in the action files.

And at the end of the day, all access decisions are made by code. Having it in human readable text files is not the worst thing in the world.

@pid_eins @mariusor And polkit still relies on a setuid binary (polkit-agent-helper-1). Of course, that could be fixed by replacing PAM.

@Conan_Kudo @mcepl @blandford I see that poison pill agreement as one of Trolltech's first experiments with not-quite-open-source.

Qt was not available under the LGPL back then: the status-quo license was the Qt Free Edition license, which you can read here: https://invent.kde.org/historical/qt1/-/blob/master/LICENSE. Far fewer people could use this license than the current Qt Open Source edition.

If Qt was the dominant toolkit for Linux desktops and was still under that license, then all most Open Source desktop apps on Linux would be dependent on the commercial license. That's the kind of lock in that led Unity to try this royalty change.

@mcepl @blandford It's not at all clear that Qt would be available under its current license if GTK didn't exist.

They went through a number of "not quite Open Source" licenses before settling on the current licensing. It's not clear they would have gone all the way if there weren't alternatives.

@tubetime This is probably the code triggering the warning:

https://github.com/csrg/original-bsd/blob/master/sys/sparc/sparc/clock.c#L403-L408

It seems to be checking for dates too far in the past (before 1975, by the look) rather than too far in the future. I wonder if it is reading a zeroed sector on the disk where a unix timestamp would be in a running system?

@ajsadauskas @stilgherrian @daedalus And the broadband he was talking about as unnecessary back then would have been around 1 Mb/s.

@federicomena The query component isn't part of the syntax described in https://www.rfc-editor.org/rfc/rfc8089.html#section-2

@federicomena That seems to be an evolution of generic URI syntax (https://www.rfc-editor.org/rfc/rfc3986). That is, rules designed to let you parse arbitrary URLs.

It doesn't mean that every component is meaningful for every scheme. For instance, you could construct a file URI with a hostname that isn't empty or "localhost" and it would parse according to the generic rules, but wouldn't be meaningful.

@wingo Or you could just learn to use while loops like a normal person 😃