2016-08-17T16:52:47Z via Identi.ca Web To: Public CC: FollowersRead, enjoyed, some things to [not |un]implement http://www.heydonworks.com/article/on-writing-less-damn-code
Jason Self likes this.
Jason Self shared this.
2016-08-15T03:56:52Z via Identi.ca Web To: Public CC: FollowersManually syndicating
Hey @mlinksva and @cwebber, how would I go about publishing my RSS feed to a pump.io account? I had a recipe for this before, but I can't find the packages I knew of. I am considering using various social media networks as alternatives to feed readers for the folks that use them, and I am not going to load up on closed networks before I have my federated eggs in a row. Aside: federated omelets. I suspect I'll need a a small server to poll my site, and then a pump account somewhere that has a security cert installed in a certain way (I couldn't use this on jpope's instance because of the SNI setup, but that feels like the cert dark ages now...). I was hoping one of you could point me in the right direction, or point other folks to this thread. I can also be reached at firstname.lastname@example.org. ^_^
2016-08-04T03:52:29Z via Identi.ca Web To: Public CC: Followers@n8 leaving LWN employment to study fonts and type design and LWN is hiring a writer
Read and subscribe to the best publication.
Iñaki Arenaza shared this.
2016-08-04T03:31:25Z via Identi.ca Web To: Public CC: Followershttp://lists.prplfoundation.org/pipermail/fcc/2016-August/000602.html
https://twitter.com/FCC/status/760178543766626305 Today's groundbreaking settlement: TP-Link must cooperate with #OpenSource community & chipset makers to allow custom router firmware. #tech
Haven't looked closer. Anyone have links to more detail?
2016-08-02T00:46:16Z via Identi.ca Web To: Public CC: FollowersI am further behind on email and related tasks than I ever have been in my life and I am procrastinating by leaving this tombstone. Bankruptcy is not my style though.
Having been there, repeatedly:
First, be ruthless and just delete any unanswered email you don't have to respond to or otherwise react to. It's unfortunate and makes some people unhappy, but if you're in a hole, you need to do what you can to get out. You can always send everyone an email explaining you're under a mountain of email and ask them to mail about the topic again in a month if it's still relevant.
Second, after you've dug yourself out from under the mountain, maintain the ruthlessness until you feel you can stay on top of things easily.
Third, if you haven't already, consider introducing a system for managing email (and other inputs) and actions that should result from that. I happen to favour Getting Things Done (http://gtdfh.branchable.com/) but whatever you fancy and works for you is fine.
I too hold on to e-mail messages, unanswered or not, far too long and I suspect not to my good health. What we require of others, as those we demand to ourselves, are simply too many and too frequent. Everyone needs a break.
Christopher Allan Webber likes this.
2016-07-21T20:52:20Z via Identi.ca Web To: Public CC: FollowersI'd prefer free license for FLOSS rather than promise to use only defensively, but 99% congratulations to @email@example.com and company https://www.eff.org/deeplinks/2016/07/blockstream-commits-patent-nonaggression
2016-07-21T19:41:02Z via Identi.ca Web To: Public CC: Followershttps://lwn.net/Articles/695014/
> Any early successes of troll-like behavior is thus short-lived and evaporates as soon as new Linux adopters learn to adapt quickly with compliant behaviors.
Great. Let's encourage "trolling". Successes of principled behavior haven't led to such quick adaptation.
No surprise. I think of copyleft as regulation, and many regulations need steep fines for non-compliance to encourage proactive compliance. Copyleft doubly so, since it is a private mechanism that has no publicly funded regulators whose job it is to enforce.
I know Conservancy can't explicitly encourage trolling. But I'm hopeful talking about principled enforcement increases awareness that trolling is a possibility, and many copy McHardy.
bthall likes this.In a related thread https://lwn.net/Articles/694906/ bkuhn writes:
> If we did focus on money, we could easily line up an array of less-than-savvy violators, demand funds, not worry about whether the users ever got source code, and have a reliable revenue generator. We don't do that because (a) it's not the intention of the GPL, (b) it's not in the public good, and (c) does not help users of Free Software.
(b) and (c) are false if troll-like behavior causes new adopters to "adapt quickly with compliant behaviors".
> We do think there should be a financial penalty for violating the GPL; I've said so in my talks for at least a decade, and the Principles say the same. The question is what is the priority: revenue or compliance?
Are they not complementary priorities? Could not prioritizing revenue lead to more overall compliance than prioritizing compliance?
Not for Conservancy to pursue, but again, I hope such messaging spurs others to see opportunity.
2016-07-07T19:20:27Z via Identi.ca Web To: Public CC: FollowersGood for Mozilla! http://www.recode.net/2016/7/7/12116296/marissa-mayer-deal-mozilla-yahoo-payment
(Their contract with Y! to be default search engine for Firefox in US has change of control clause that allows Mozilla to back out and still collect $375m/year over next few years.)
2016-07-01T22:21:23Z via Identi.ca Web To: Public CC: FollowersEU regulations on algorithmic decision-making and a "right to explanation" http://arxiv.org/abs/1606.08813
2016-06-01T17:21:46Z via Identi.ca Web To: Public CC: Followershttps://rhodecode.com/blog/113/rhodecode-goes-open-source-unified-security-for-git-svn-mercurial
(I've only skimmed but looks like AGPLv3 and a proprietary 'enterprise' version, presumably an asymmetric CLA.)
(Rhodecode is what Kallithea forked awhile back.)
mray shared this.
2016-05-19T18:38:22Z via Identi.ca Web To: Public CC: FollowersThis week's LWN
It's big, it's hot.
Claes Wallin (韋嘉誠) likes this.I say that with regards to no article in particular. I've only skimmed anything yet. Just reminds me of when a paper periodical had a big issue that at a glance seemed all super interesting and made me want to spend hours reading.
2016-05-16T03:25:03Z via Identi.ca Web To: Public CC: Followers
Jason Self likes this.
2016-05-11T18:53:18Z via Identi.ca Web To: Public CC: Followershttps://whispersystems.org/blog/the-ecosystem-is-moving/
Critique of federation
Show all 10 replies
For the two preceding reasons, scalability and perceived privacy, federation technologies have always degenerated into a slippery slope leading people from free services into the dependency of centralized offerings. It comes as no surprise that at some point the so-called open standards lose their relevance and the big companies procede to lock their users in for good.
http://about.psyc.eu/Federation (linked from the GS discussion)
I have no idea what this secushare or PSYC2 thing is, but they seem to be making interesting conversation.
@firstname.lastname@example.org I saw that and thought the problem is the federation escapes he listed don't generate revenue so there's no full time employees updating pieces. Browsers are federated technology with many complex moving parts, but because they're also ad delivery tools they get updated.
Kete Foy likes this.
2016-05-10T19:04:17Z via Identi.ca Web To: Public CC: FollowersBitKeeper released under Apache License 2.0
See comments from McVoy (user 'luckydude')
Claes Wallin (韋嘉誠) likes this.
Claes Wallin (韋嘉誠) shared this.http://seclists.org/oss-sec/2016/q2/312
We've never had anyone complain about this in a real world situation so we've never focussed on it.I am not sure to fully understand, so allow me to rephrase based on my understanding. Because no one complained and found the problem before among your clients, (that likely didn't had the source code to begin with, and also no expectation of being able to read without likely infriging copyright), the BK team didn't focused on trying to be proactive and fixing security issues that ook 5 minutes to be found ?
2016-05-10T18:26:00Z via Identi.ca Web To: Public CC: Followershttp://www.meetup.com/SFOpenDrinks/events/230892543/ 6pm tonight Internet Archive
2016-05-08T02:25:17Z via Identi.ca Web To: Public CC: FollowersThe GPL Is Almost an All Writs Canary http://2d.laboratorium.net/post/142848414775/the-gpl-is-almost-an-all-writs-canary
Somewhat related, I wonder if there's anything new https://identi.ca/mlinksva/note/aiXESNT8SB-54jvtvGIZfA (2013) in the state of art for remote bricking under control of device owner with only free software?I think you're reading GPLv2 correctly. I'm not sure a device with GPLv3 software must allow anyone in possession of the device to install modified software. The installation information in theory could be specific to an individual device, and provided to the purchaser of the device out of band. Also the ability to replace a device's OS doesn't necessarily give one the ability to decrypt user data.
GPLv2/3 and AGPLv3 might also "almost" serve as canaries when companies are ordered to distribute spy software to and spy on users, respectively. But the OS or the service aren't GPL'd, particular programs are, possibly even every program. But a proprietary program can be installed and run on such systems without violating the GPL. Protection of users to the extent it can be obtained has to come from software update services and general services being run by processes and organizations designed to resist compromising users.
It is very much worthwhile thinking through these issues in more detail!
Note that the scenario posted only is relevant when the organization ordered to comply with a court order is not the sole holder of the copyright. There needs to be a third party, whose copyright interest can be infringed upon.
Regarding the GPLv3 installation information: The user could have access to installation keys specific to the device, and the FBI also given those keys, or the user could have device-specific keys, Apple unlimited keys and the FBI some other unlimited keys. I'm not convinced the GPLv3 adds or removes any features in this scenario. It doesn't force anyone to disclose all keys applicable, just forces the vendor to give you one way of signing that works.
If the installation of spyware or backdoor-ware on your device is distribution to you, they would have to provide you the source code. But that depends whose phone the court thinks it is, when the FBI has seized it.
Mike Linksvayer likes this.
2016-05-06T17:20:31Z via Identi.ca Web To: Public CC: Followershttps://en.wikipedia.org/wiki/Contributor_License_Agreement
A really poor article. Probably almost best to start fresh. Anyone up for fixing it?