cultural reviewer and dabbler in stylistic premonitions
If copyright holders want to take action, their complaints will go to the ISP subscriber.
So, that would either be the entity operating the public wifi, or yourself (if your mobile data plan is associated with your name).
If you’re in a country where downloading copyrighted material can have legal consequences (eg, the USA and many EU countries), in my opinion doing it on public wifi can be rather anti-social: if it’s a small business offering you free wifi, you risk causing them actual harm, and if it is a big business with open wifi you could be contributing to them deciding to stop having open wifi in the future.
So, use a VPN, or use wifi provided by a large entity you don’t mind causing potential legal hassles for.
Note that if your name is somehow associated with your use of a wifi network, that can come back to haunt you: for example, at big hotels it is common that each customer gets a unique password; in cases like that your copyright-infringing network activity could potentially be linked to you even months or years later.
Note also that for more serious privacy threat models than copyright enforcement, your other network activities on even a completely open network can also be linked to identify you, but for the copyright case you probably don’t need to worry about that (currently).
Mattermost isn’t e2ee, but if the server is run by someone competent and they’re allowed to see everything anyway (eg it’s all group chat, and they’re in all the groups) then e2ee isn’t as important as it would be otherwise as it is only protecting against the server being compromised (a scenario which, if you’re using web-based solutions which do have e2ee, also leads to circumvention of it).
If you’re OK with not having e2ee, I would recommend Zulip over Mattermost. Mattermost is nice too though.
edit: oops, i see you also want DMs… Mattermost and Zulip both have them, but without e2ee. 😢
I could write a book about problems with Matrix, but if you want something relatively easy and full featured with (optional, and non-forward-secret) e2ee then it is probably your best bet today.
As the image transcript in the post body explains, the image at the bottom is a scene from a well-known 1998 film (which, according to Wikipedia, was in 2014 selected for preservation in the United States National Film Registry by the Library of Congress as being “culturally, historically, or aesthetically significant”).
This meme will not make as much sense to people who have not seen the film. You can watch the referenced scene here. The context is that the main character, The Dude (played by Jeff Bridges) has recently had his private residence invaded by a group of nihilists with a pet marmot (actually portrayed by a ferret) and they have threatened to “cut off his Johnson”. In an attempt to express sympathy, The Dude’s friend Walter (played by John Goodman) points out that, in addition to the home invasion and threats, the nihilists’ exotic pet is also illegal. The Dude’s retort “what, are you a fucking park ranger now” is expressing irritation with that observation, because it is insignificant compared with the threat of the removal of his penis.
This meme attempts to draw a parallel between this humorous scene and XZ developer Lasse Collin’s observation that the XZ backdoor was also a violation of Debian’s software licensing policies.
Thank you for reading my artist’s statement.
two weeks later: GitLab confirms it’s removed Suyu, a fork of Nintendo Switch emulator Yuzu
sad to see their new git hosting is behind cloudflare 😢
💯 points for the name.
They should make it use the sosumi sound for something so that maybe they can get sued by Apple Inc too 😂
Poor choice of git hosts though; won’t gitlab.com
take down anything that a big company asks them to?
(before it was Kool, KDE was a reference to CDE, the Common Desktop Environment)
edit: the two issues i raised in this comment had both already been addressed.
this was the developer’s reply on matrix:
- We do have a CLA: https://cla-assistant.io/ente-io/ente
- We will update the iOS app to offer you an option to point to your self hosted instance (so that you can save yourself the trouble of building it): https://github.com/ente-io/ente/discussions/504
- The portion of the document that deals with authentication has been outdated, my bad. We’ve adopted SRP to fix the concerns that were pointed out: https://ente.io/blog/ente-adopts-secure-remote-passwords/
AGPL-3.0
Nice
This would be nice, but, this repo includes an iOS app, and AGPL3 binaries cannot be distributed via Apple’s App Store!
AGPL3 (without a special exception for Apple, like NextCloud’s iOS app has) is incompatible with iOS due to the four paragraphs of the license which mention “Installation Information” (known as the anti-tivoization clause).
Only the copyright holder(s) are able to grant Apple permission to distribute binaries of AGPL3-licensed software to iOS users under non-AGPL3 terms.
Every seemingly-(A)GPL3 app on Apple’s App Store has either copyright assignment so that a single entity has the sole right to distribute binaries in the App Store (eg, Signal messenger) or uses a modified license to carve out an Apple-specific exception to the anti-tivoization clause (eg, NextCloud). In my opinion, the first approach is faux free software, because anyone forking the software is not allowed to distribute it via the channel where the vast majority of users get their apps. (In either case, users aren’t allowed to run their own modified versions themselves without agreeing to additional terms from Apple, which is part of what the anti-tivoization clause is meant to prevent.)
Only really nice when not CLA is required and every contributor retains their copyright. Ente doesn’t seem to require a CLA.
I definitely agree here! But if it’s true that they’re accepting contributions without a CLA, and they haven’t added any iOS exception to their AGPL3 license, then they themselves would not be allowed to ship their own iOS app with 3rd party contributions to it! 😱 edit: it’s possible this is the case and Apple just hasn’t noticed yet, but that is not a sustainable situation if so.
If anyone reading this uses this software, especially on iOS, I highly recommend that you send the developers a link to this comment and encourage them to (after getting the consent of all copyright holders) add something akin to NextCloud’s COPYING.iOS to their repository ASAP.
cc @ioslife@lemmy.ml @baduhai@sopuli.xyz @skariko@feddit.it
(i’m not a lawyer, this is not legal advice, lol)
edit: in case a dev actually sees this… skimming your architecture document it looks like when a user’s email is compromised (“after you successfully verify your email”), the attacker is given the encryptedMasterKey
(encrypted with keyEncryptionKey
, which is derived from a passphrase) which lets them perform an offline brute-force attack on the passphrase. Wouldn’t it make more sense to require the user to demonstrate knowledge of their passphrase to the server prior to giving them the encryptedMasterKey
? For instance, when deriving keyEncryptionKey
, you could also derive another value which is stored on the server and which the client must present prior to receiving their encryptedMasterKey
. The server has the opportunity to do offline attacks on the passphrase either way, so it seems like there wouldn’t be a downside to this change. tldr: you shouldn’t let adversaries who have compromised a user’s email account have the ability to attack the passphrase offline.
(i’m not a cryptographer, but this is cryptography advice)
cloudflare’s service puts them in the middle - so, HTTPS doesn’t encrypt traffic between the browser and your server anymore, but instead between the browser and CF, and then (separately) between CF and your server. CF is an antidote to intelligence agencies’ problem of losing visibility when most of the web switched to HTTPS a decade ago.
The legislation requires web browsers to trust EU countries’ CAs (which browsers already tend to do, but are presently free to remove when they’re observed being misused) and prohibits doing non-ETSI-approved validity checks (eg, certificate transparency, which is a way CA-misusing MITM attackers can be caught).
Wouldn’t you say the point of that particular clause is to reduce browser security (so that cops and intelligence agencies are free to exploit it without interference from CT)?
This is an irritating meme.
Were people saying PHP was dead in 1995, the year it was released? I guess maybe?
But who was suggesting abandoning PHP for Django in 2003, two years before the latter was publicly released? I suppose the person who made this must’ve read that Django development started in 2003 and gone with that; most of these years correspond with when the respective project started.
So, the reason Perl (which remained more popular for web development than PHP or any of these things into the early 2000s) isn’t on the list must be because it actually predates PHP.
But then what is up with Python in 2022?
There are at least four companies listed here selling new laptops with coreboot preinstalled: https://doc.coreboot.org/distributions.html
deviating slightly from pure open source principles
saying that prohibiting redistribution is just “deviating slightly from pure open source principles” is like saying that a dish with a bit of meat in it is just “deviating slightly” from a vegetarian recipe.
if you saw a restaurant labeling their food as vegetarian because their dishes were based on vegetarian recipes, but had some meat added, would you say that it seems like their intentions are good?
to protect their users from scammy clones
As I said in another comment, the way free open source software projects should (and can, and do) generally do this is using trademark law. He could license it under any free software license but require derivatives to change the name to avoid misleading or confusing users. This is what Firefox and many other projects do.
TBH we’re not really into strictly following the letter of the law in the pirate community
In the video announcing the project Louis Rossmann explicitly says he intends to vigorously enforce this license. Since it is a copyright license, the only ways of actually enforcing it are to send DMCA takedowns and/or sue people for copyright infringement.
there is no single universally agreed upon definition
There is an overwhelmingly agreed-upon definition. Look at who agrees with it: https://opensource.org/authority/
And who doesn’t agree? Historically, a few of the giant software companies who were threatened by the free software movement thought that “open source” was a way for them to talk the talk without walking the walk. However, years ago, even they all eventually agreed about OSI’s definition and today they use terms like source-available software for their products that don’t meet it.
Today it is only misinformed people like yourself, and grifters trying to profit off of the positive perception of the term. I’m assuming Louis Rossman is in the former category too; we’ll see in the near future if he acknowledges that the FUTO license is not open source and/or relicenses the project under an open source license.
there are over 80 variations of open source licenses all with different term and conditions. Some are more permissive, some less so. Yet they can all be considered a variation of open source, though I’m anticipating you wouldn’t agree?
There are many open source licenses, and many non-open-source licenses. there is a list of licenses which OSI has analyzed and found to meet their definition; licenses which aren’t on that list can be open source too… but to see if they are, you would need to read the license and the definition.
Have you read The Open Source Definition? I’m assuming not.
I can’t understand why you are acting like the definition police here, it seems very pedantic tbh.
It’s because (1) FUTO are deceiving their customers by claiming that their product is something which it isn’t, and (2) they’re harming the free and open source software movements by telling people that terms mean things contrary to what they actually mean.
since you copy+pasted this wall of confused text to me in 3 different places I guess I’ll reply here too, in the not-deleted thread: https://opensource.org/authority/ (this is not even a controversial topic)
I can understand why someone would say open source
I can understand why too: it’s either because they were not aware of the widely agreed-upon definition of the term, or because they’re being disingenuous. I’m assuming it was the former; whether OP edits the post will reveal if it was actually the latter.
it is open source. Stop gatekeeping the term
i guess you didn’t click the link in my comment? here is another, with a list of governments and other entities who all agree about the definition: https://opensource.org/authority/
please edit this post to remove the incorrect claim that this is open source, as it is clearly not.
garner a community of support ensuring that there is an audience for the project
I’m sure this is true for certain kinds of communities. Personally I’ve never been tempted to try using Discord, because any project that uses it is obviously built by and for people with (imo) very poor taste in technology.
https://en.wikipedia.org/wiki/Grasshopper_3D
https://en.wikipedia.org/wiki/Ratfor
https://en.wikipedia.org/wiki/Turtle_(syntax)
https://en.wikipedia.org/wiki/Zebra_Programming_Language