Conversation
Ryuno-Ki
reviewed
Oct 11, 2024
|
|
||
| In June 2024 I was promoted as one of the maintainers of the [Amber Lang](https://amber-lang.com/) and started coding a bit in Rust. | ||
|
|
||
| In June 2025 (it's the future of the time of writing), I will get married to my wonderful girlfriend Fiamma! |
Ryuno-Ki
reviewed
Oct 11, 2024
Contributor
Ryuno-Ki
left a comment
Ryuno-Ki
left a comment
There was a problem hiding this comment.
Let me know if I shall run it with a local LanguageTool as well.
| Another opinion is by company side when the license topic is on fire, like dual licensing, CLA, abuses or license's restrictiveness, but I don't want to talk about those stuff as it is the most common discussion in this world and there are people who explain a lot better than me, [Open source licensing for supervillains](https://offlinemark.com/2021/01/22/open-source-licensing-for-supervillains/). | ||
| Yes, you need to study a bit because it easy to get a license conflict because [you like to code but you don't care of the legal part](https://arkadiuszkondas.com/dmca-php-ml-and-copyright-boundaries/). | ||
| Yes, you need to study a bit because it easy to get a license conflict because [you like to code but you don't care of the legal part](https://arkadiuszkondas.com/dmca-php-ml-and-copyright-boundaries/). | ||
| Another recent trend, followed by the various Open Source companies that have to fight against various hosting/cloud providers that not contribute back (in money terms) to the project or the fact that "open source" is used for everything that is free to download and use it, is the one [that developers care more about software's access that the license itself](https://www.infoworld.com/article/3703768/the-open-source-licensing-war-is-over.html). Infact there is a new term "post-opensource" about [this new types of licenses for Open Source Business model](https://devclass.com/2024/02/08/preserving-the-magic-of-free-new-types-of-licenses-will-not-solve-open-source-business-model-says-percona-founder/), usually because they are double licensed and not OpenSourceInitiative compatible, as they limit the usage for some specific business cases. |
Contributor
There was a problem hiding this comment.
Suggested change
| Another recent trend, followed by the various Open Source companies that have to fight against various hosting/cloud providers that not contribute back (in money terms) to the project or the fact that "open source" is used for everything that is free to download and use it, is the one [that developers care more about software's access that the license itself](https://www.infoworld.com/article/3703768/the-open-source-licensing-war-is-over.html). Infact there is a new term "post-opensource" about [this new types of licenses for Open Source Business model](https://devclass.com/2024/02/08/preserving-the-magic-of-free-new-types-of-licenses-will-not-solve-open-source-business-model-says-percona-founder/), usually because they are double licensed and not OpenSourceInitiative compatible, as they limit the usage for some specific business cases. | |
| In fact there is a new term "post-opensource" about […] |
Missing space.
Contributor
There was a problem hiding this comment.
- Open Source Initiative (not Pascal Case)
|
|
||
| As today there aren't new licenses that are still Open Source Initiative approved (they don't respect one of the 4 freedom) and at same time a process for OSS projects that let them to survive in this world. At same time as F/OSS user and contributor I think that is important to have more awareness to the consumers like companies to give back something, not just be a consumer. | ||
|
|
||
| For the same reason, since 2023 a lot of companies release their LLM models for AI as open source. At the end they aren't open source, because they just shares to you the final output, so you don't know how it is generated, infact some [big projects don't want contribution generated by AI](https://www.theregister.com/2024/05/18/distros_ai_code/) and at same time they have some limitations. |
Contributor
There was a problem hiding this comment.
Suggested change
| For the same reason, since 2023 a lot of companies release their LLM models for AI as open source. At the end they aren't open source, because they just shares to you the final output, so you don't know how it is generated, infact some [big projects don't want contribution generated by AI](https://www.theregister.com/2024/05/18/distros_ai_code/) and at same time they have some limitations. | |
| in fact some |
with space
| As today there aren't new licenses that are still Open Source Initiative approved (they don't respect one of the 4 freedom) and at same time a process for OSS projects that let them to survive in this world. At same time as F/OSS user and contributor I think that is important to have more awareness to the consumers like companies to give back something, not just be a consumer. | ||
|
|
||
| For the same reason, since 2023 a lot of companies release their LLM models for AI as open source. At the end they aren't open source, because they just shares to you the final output, so you don't know how it is generated, infact some [big projects don't want contribution generated by AI](https://www.theregister.com/2024/05/18/distros_ai_code/) and at same time they have some limitations. | ||
| The [Meta case with LLaMa 2 shown some issues](https://opensource.org/blog/metas-llama-2-license-is-not-open-source), has doesn't follow the 4 freedom, limit the commercial usage and also the purpose of the model. |
Contributor
There was a problem hiding this comment.
Suggested change
| The [Meta case with LLaMa 2 shown some issues](https://opensource.org/blog/metas-llama-2-license-is-not-open-source), has doesn't follow the 4 freedom, limit the commercial usage and also the purpose of the model. | |
| doesn't follow the 4 freedom |
Either hasn't or doesn't.
|
|
||
| [Another story is the one from Thunderbird project](https://fosdem.org/2024/schedule/event/fosdem-2024-2741-take-your-foss-project-from-surviving-to-thriving/), that changed a lot: | ||
|
|
||
| >In 2012, Thunderbird was pronounced dead. What happened next unfolded like a fairytale, as the Thunderbird project roared back to life on the shoulders of an incredibly generous community. Fast-forward to the end of 2022, and Thunderbird raised an astounding $6.4 million in donations. Within the last 3 years, it experienced a 326% revenue increase, quadrupled its core team, visually overhauled the desktop application, and announced plans to expand to Android and iOS. |
Contributor
There was a problem hiding this comment.
Suggested change
| >In 2012, Thunderbird was pronounced dead. What happened next unfolded like a fairytale, as the Thunderbird project roared back to life on the shoulders of an incredibly generous community. Fast-forward to the end of 2022, and Thunderbird raised an astounding $6.4 million in donations. Within the last 3 years, it experienced a 326% revenue increase, quadrupled its core team, visually overhauled the desktop application, and announced plans to expand to Android and iOS. | |
| >In 2012, Thunderbird was considered dead. |
Contributor
There was a problem hiding this comment.
„fairy tale” (with space I believe)
| #### The XZ Utils incident | ||
|
|
||
| In 2024 a very important fact shocked the OSS world, a vulnerability (specifically a backdoor) was inserted in the XZ utility (a compress format, like for tar.xz files) that is a dependence in a lot of projects. | ||
| That code change allowed, as it was loaded the library, to start a backdoor that was hidden pretty good for few months and it was discovered because an user started benchmark why OpenSSH was slow, compared as before, and at the same time systemd was working to optimize their builds to not include the library when it was not used. |
Contributor
There was a problem hiding this comment.
Suggested change
| That code change allowed, as it was loaded the library, to start a backdoor that was hidden pretty good for few months and it was discovered because an user started benchmark why OpenSSH was slow, compared as before, and at the same time systemd was working to optimize their builds to not include the library when it was not used. | |
| compared to before |
|
|
||
| The [timeline](https://research.swtch.com/xz-timeline) was very interesting and as per open source it was transparent online and basically the whole fault is a psychological one. | ||
| The original maintainer, and creator of the project, didn't have so much time to follow the project and there was a lot of pressure in the community to add more maintainers with access to the project to speed up. The maintainer accepted a person that was completely anonymous, there was only a name without a photo. | ||
| The fact that the people giving pressure was other anonymous users just gives you the suspects that was everything planned as this project is present everywhere. |
Contributor
There was a problem hiding this comment.
people is plural => was other anonymous users to „were”
| The same days a lot of people discovered this ticket on [ifupdown](https://github.com/ifupdown-ng/ifupdown-ng/issues/234), where an user just pushed a lot to get another contributor to the project. Also the same user asked in other projects to update the Xz library so there was a lot of attention in similar cases but seems that in this case it was just in good faith. | ||
|
|
||
| I suggest to you to learn from the links otherwise we go outside the scope of the book. | ||
| What we can learn? |
Contributor
There was a problem hiding this comment.
Suggested change
| What we can learn? | |
| What can we learn? |
|
|
||
| * A single maintainer, in a hobby project, can be a base to attack everyone using FOSS projects | ||
| * Many maintainers are helpful and create a healthy project | ||
| * Find maintainers is not easy as requires a lot of skills and thrust |
Contributor
There was a problem hiding this comment.
Suggested change
| * Find maintainers is not easy as requires a lot of skills and thrust | |
| * Find maintainers is not easy as it requires a lot of skills and trust |
| * A single maintainer, in a hobby project, can be a base to attack everyone using FOSS projects | ||
| * Many maintainers are helpful and create a healthy project | ||
| * Find maintainers is not easy as requires a lot of skills and thrust | ||
| * Often maintainers doesn't get credit or compensation for what they are doing |
Contributor
There was a problem hiding this comment.
Suggested change
| * Often maintainers doesn't get credit or compensation for what they are doing | |
| * Often maintainers don't get credit or compensation for what they are doing |
| * Open source doesn't mean it is free, but that the project is under a license allowing specific things. So it's sometimes possible to get the code by paying it for example, like in WordPress plugin/theme ecosystem. | ||
|
|
||
| > About Privacy | ||
| > It is a topic that growth a lot in the past years and there are tons of stories about why you should care of it. I want to share this to you [How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin](https://www.wired.com/story/how-pentagon-learned-targeted-ads-to-find-targets-and-vladimir-putin/), to understand how much bigger can be. |
Contributor
There was a problem hiding this comment.
Suggested change
| > It is a topic that growth a lot in the past years and there are tons of stories about why you should care of it. I want to share this to you [How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin](https://www.wired.com/story/how-pentagon-learned-targeted-ads-to-find-targets-and-vladimir-putin/), to understand how much bigger can be. | |
| > It is a topic that grew a lot in the past years […] |
Owner
Author
|
Thanks the chapter is still a WIP and I have other stuff to add but I didn't have time right now. |
Contributor
|
Yeah, I used the suggestions on purpose here. Might make you read it another time. I invite you to mention me when you're ready for a review. |
♬ Crystal Ball - Paradise
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Yes, a new version is coming.
I don't have so much new stuff but it there will be something new anyway, including the recent typofixes by @22dt91.
If you have something that should be added just comment here :-)
TODO:
What is post-opensource?PS: I will do a grammaer check etc when everything is there