> Additionally, when a critical package has no one maintaining it, Akrites will stand as the maintainer of last resort so a fix can still reach everyone in a timely fashion.
Ambitious and interesting. I wonder how long this will last and on whose dime and time? Akrites employs no engineers, so who will make the fixes and who'll pay them?
Yeah, very commendable. Now I just wish the closed-source software that have lost support could similarly be supported this way, with the help from AI, so we don't have to throw away that many hardwares when their software can no longer be updated.
I'd be interested in 1) what makes a package "critical" 2) how do you take ownership if the original author is unreachable or not cooperating? Are you going to fork it and somehow make everyone switch to your fork, even on older LTS systems?
Why only a focus on Open Source? I feel like vulnerabilities in closed source products like Microsoft Office, Microsoft Windows, and Google Chrome to name a few can be just as essentially and foundational as other open source software for many businesses.
I think the idea is that automated source code processing is making it possible to find vulnerabilities at great speed and in an overwhelming way in software that does not have paid maintainers, whereas closed source software in active use has both less accessible code and paid maintainers.
A charitable foundation might be plausible to help companies secure their closed for-profit software but it doesn’t really have the same urgency for the fabric of the internet (or the same moral clarity)
Yet still important to be secured due to the impact vulnerabilities can have. And LLMs can work without source code access via utilizing things like debug symbols, disassembly, reverse engineering, etc.
>paid maintainers
Just like open source maintainers their time is already being spent on other things which they see as more important over making the project 100% security bug free. Just because they are being paid, that doesn't make security their number 1 priority.
Project Glasswing is already a thing, and the other labs have started their own initiatives too if they want to collaborate and work on securing closed-source software.
Still not addressed the moral clarity point being brought up, nor the ramifications of the Linux Foundation choosing which closed source projects to focus on and alienating their mission statement.
Again, your idea is noble but why should the Linux Foundation be saddled with it when those other options exist? OSS needs their focus as their mission outlines.
> that doesn't make security their number 1 priority.
Well perhaps the companies who employ them to make that software they sell for profit should let them do that first rather than tokenmaxxing, and the great big non-profit effort can get round to them to help a little bit later after it has helped secure all the open-source stuff the internet actually runs on.
Its a worry, but its too early to be sure what the long term effects will be. We will have many eyes on a lot more code. There might be a rush of reports that slows as all the old vulnerabilities are found.
Closed software still has many people with access to the code. Governments or researchers have been given access to lots of critical source code. It can also be leaked. I wonder whether attackers are going to be more willing to bribe people with access to source now they have better odds of finding vulnerabilities with limited effort.
> Closed software still has many people with access to the code.
But in the examples cited (and really any other large closed piece of code of any significance in this era) it also has owners with money, and they should be compelled to fix their own stuff.
I'm extremely concerned about the state of Open Source. The gamification of the whole thing & devstats means that people that are good at gaming metrics are rising up the ranks and people that are genuine high quality contributors and pushed to the sidelines unless they have a very popular profile. Mass generated AI slop and AI content gives people massive devstats boosts.
> We are joined by Amazon Web Services, Anthropic, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, NVIDIA, OpenAI, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone, and Zscaler
Many of the names on the list makes the initiative rather suspect. Companies who do a lot to undermine free and open-source software, who hide critical software behind their walls, preventing both its scrutiny and its adaptation and improvement, and two of the LLM giants - they'll "defend open source"? I don't know about that.
> Akrites gives critical infrastructure stakeholders a confidential, structured place to coordinate vulnerability discovery, remediation, and disclosure across the open source projects they depend on
So, a bunch of large corporations - some of who are known to be in bed with the US government - will share vulnerabilities among themselves, out of the public eye? Fishy.
That's just your typical list that makes up the Linux foundation.
It might not be the idealistic flavour of open source you prefer, but it's the flavour of open source that's actively in use in most tech companies, and that also forms the makeup of most corporate open source participation (e.g. also the top corporate Linux contributors).
Not...really? It's pretty normal. Tech companies share intelligence and knowledge all the time -- there are a lot of birds of a feather and consortium groups out there.
Since a lot of places are close in proximity, companies sometimes run private fiber lines and such to let peers download updates without competing with the entire world lol.
Everyone's fighting the same fight. Sharing and collaborating are normal things.
> Tech companies share intelligence and knowledge all the time
Share it and hide from the public, you mean?
> Everyone's fighting the same fight
Companies really are not "fighting the same fight" as people, generally. And some of these ones are definitely not "fighting the same fight" as FOSS developers, or just people in general.
Anything they "maintainer of last resort" would actually be forks, or collectively a distribution. We already have hundreds of distributions acting as maintainer of last resort many times over, only with actual developers and not presuming to make themselves the new upstream for anyone else.
Microsoft controls NPM and GitHub. I would not put it past them to truly take over a project if they gauged it in their best interest (though it would be a massive violation of trust, so I'd imagine they'd tread carefully before going there).
If it's sent to Akrites, they can even pretend it's done responsibly – even though only megacorps get a seat around that table.
No we won’t. We’ll make grand statements about it, leave it for commercial entities to corrupt it, then complain loudly about the state of it when we really did nothing about it.
I expect we’ve got a future of “undo forks” as I’ve called them which is rolling back to pre-insanity times and rethinking again. That’s only something people unencumbered by commercial requirements can do.
They wouldn't. But the GPP seemed to be implying that we should be grateful to commercial entities for the existence of those useful open projects, when in fact if the commercial entities had their preferred way the projects would not be (as) open.
> We realize that it is often seen as an economic advantage for one company to "own" a market - in the software industry, that means to control tightly a particular conduit such that all others must pay for its use. This is typically done by "owning" the protocols through which companies conduct business, at the expense of all those other companies. To the extent that the protocols of the World Wide Web remain "unowned" by a single company, the Web will remain a level playing field for companies large and small. Thus, "ownership" of the protocols must be prevented.
You were never at an airport. You fell asleep in your bed and woke up on the plane. Fighting the people taking you somewhere you don't want to go is definitely more work than falling out of the plane. It just has a specific advantage.
Not every airport is a huge commercial building with hundreds of people (also, you wouldn’t visit one of those to parachute jump). Some are akin to cozy shacks without a lot of traffic where you’re in and out in no time.
Acknowledging the result of defeatism should push us toward a different mindset, not more defeatism. Over the long run, humanity has a pretty good record, carried by the people who refuse to give up.
> Acknowledging the result of defeatism should push us toward a different mindset, not more defeatism.
Defeatism says otherwise!
> Over the long run, humanity has a pretty good record, carried by the people who refuse to give up.
Unfortunately when the struggle is against other people, especially the incumbent powers-that-be (in this case the capitalist overlords), those that refuse to give up have to fight long and hard to get enough other properly in the fight, and victory requires something drastic like at very least mass protests perhaps up to civil war level.
Idk I swapped to a Linux-only PC last April and have been steadily shifting over to open source software for basically everything in my life. I haven’t done everything, I doubt I ever will hit 100%, but well over half the stuff I use on a daily basis I have real control over now and can audit.
Keep in mind I am not a coder/engineer, I’m just kind of a tourist in that world, so if I can do it it’s clearly very achievable for many people.
No reason to throw up your hands in defeat. We don’t need everyone to shift over everything. We just need to make sure there’s always space and demand for open source software to keep it alive.
One of the reasons why a source-based system like Gentoo is particularly nice is that you can compile your binaries with debug flags, so if you hit bad behavior you can inspect, write a patch, compile into your running system, and then push the same patch upstream.
I barely have to do it, but imho, this is how software should work and what running a computer should feel like.
It's worth noting that even more staid distributions like Debian provide you with the means to do this. It's arguably bit more complicated, but saves you a lot of time and hassle on the happy path.
I use OpenBSD and it’s actually the same thing with the additional niceties of binary packages. A bug or an issue with any program (including the kernel and drivers)? Patch and rebuild.
I depend on the community tbh. Poor phrasing, it implies I personally audit it. But ultimately if I want to I can and I know plenty of folks scour repos/compile code themselves, so if something is wrong it’ll likely come out. It’s open source, they can’t hide it from people who are looking. Also I’m not entirely ignorant - I can sometimes see when something is up, I am comfortable using a CLI, I know my way around a computer better than most.
Wouldn’t you say that’s way better than the status quo with windows/macOS?
> Wouldn’t you say that’s way better than the status quo with windows/macOS?
I would say it’s irrelevant to the conversation. I wasn’t throwing shade or criticising your approach, I was making an honest question to understand your argument better. I have no interest in flame wars.
I’m not engaging in a flame war, you just seem to have a very terse way of writing that kind of caught me off guard. That initial question felt a bit leading and there’s a bit of a hostile tone coming through. Seems it’s unintentional though so not a big deal.
> you just seem to have a very terse way of writing that kind of caught me off guard.
Fair.
> That initial question felt a bit leading
How would you have phrased it? I’m genuinely asking.
> and there’s a bit of a hostile tone coming through.
It’s been my experience that in online writing with strangers it’s best to assume good faith and not assume tone. Read things imagining the other person is smiling and in a good mood (exceptions for obvious trolls). Not that I can do that every time, mind you, we all have flaws, but it avoids a ton of needless misunderstandings and doesn’t escalate.
> Seems it’s unintentional though so not a big deal.
I understand we need to give people the benefit of the doubt, but take this previous comment for example. It comes off as pretty patronizing, I have to really squint to remove that feeling. I understand I have a responsibility to try and focus on the best possible interpretation of somebody’s comment, but it also behooves you to maybe take a second look at the way you’re writing and maybe consider ways to encourage a more generous interpretation. I can only work with what is given to me at the end of the day. Discussions are a two way street, and sometimes people are just rude/combative, especially online.
Anyway it’s all good. I hope you have a nice weekend.
Oh, sure sure, I am in agreement with you. In no way do I believe this to be the exclusive responsibility of the receiving side. I’m usually competent at detecting this and don’t see why you’d interpret the previous comment as being patronising, but I concede I may be having an off day.
Thank you again for replying. A nice weekend to you too!
I'm doing exactly the same but you really don't have as much control as you may wish. I mean look at Freedesktop which is basically Redhat staff. The biggest Kernel contributor in SLOC a while back was MSFT.
Gnome and Systemd is a fine example of how fucked up this can get.
I’m on bazzite which isn’t perfect but it’s lightyears ahead of windows.
You can always find bad examples. The good news is there’s still lots of good ones out there right now. No point in being defeatist about it, just do what you can
Having coded back end projects in PHP, Perl, Python, and Node idk wtf folks who make comments like this are on about. Node took all of the worst aspects of JavaScript and spread them to back end development. Someone should have ended up on trial in the Hague for that particular crime against humanity and PHP is what you're grumbling about? Seriously?
I’ll grant you that there are good arguments in favor of your position. PHP, and then later JavaScript have both filled the world with more fragility and chaos than was necessary.
The Drupal Association and its mismanagement of the community? I don't know how dead Drupal is, but I used to actively use and promote it and I have long since moved on, due in part to the Drupal Associations shenanigans.
I glanced at D.O the other day and was depressed to find they're reporting 400k active installs. I remember when that was 16M and growing. We're talking a loss of 97.5% of active sites. I'm betting the few that remain are mostly small government and nonprofit websites that haven't managed to put together the budget for a migration away from the platform. So yeah pretty dead. And yeah I blame the Drupal Association by way of Aquia and Microsoft. I left the project with a clear conscience after explaining in detail to an entire roomful of core developers that objectifying the codebase a la Laravel would kill the project stone dead within 5 years. Predictably they offered the typical "community developers are bad and don't want to learn" sneer as their primary defense of the decision. RIP.
Imagine if the AGPL had become the default license for open source projects, as it was intended to when the service provider loophole in the GPL became apparent. The software industry would be unrecognizable.
Instead, millions of developers now gift corporations their work by releasing everything under MIT or Apache, and those corporations take from that treasure trove what they want and give back what they want, which is very often nothing.
lying about the license to linus probably wasn't a smart move for AGPLv3 adoption.
In my experience the virality clause is the main reason those projects don't get used therefor sponsored.
I believe Open Source software sold developers the dream of "to be hired for what they have developed" and cash-in the effort they have spent as a future, stable employment.
Many die on the hill of "developing something required for free with permissive licenses for recognition which will help with their future endeavors", which is the same with other creative lines of work. As a result they are milked of their knowledge and forced to bear the burden of leading the project and handling the community while companies just use what's developed while quietly but strongly nudging the project's direction for their benefit.
If the developer gets rogue, the thing is forked and sometimes closed down with no downside to the company, but the community and the developer(s) are hung to dry, conveniently signaling other developers about what they might face if they disobey their overlords with iron fists in velvet gloves as a secondary effect.
I think you can get recognition just as well with share-alike licenses. Plus you leave the opportunity open to ask for money for a different license grant.
I believe strongly so, however companies doesn't like this, hence the current state we're in. Also it's part of the "advertising" done by the companies.
Last but not the least, many people are very ill-informed about GPL and how it works. I experience this when we discuss this with peers.
This is why I only use copyleft (or non-commercial/share-alike) licenses on what I build/produce/put out.
If you share your code with me under a copy left license, I will share my contributions under the same copy left license... you will not then be free to ask for money for things built on top of or with my contributions. You may be okay with that, but it is a decision you have to make.
A common misunderstanding with the GPL and other copy left licences is that they care about money and monetary transactions.
They mostly do not.
They only demand that you offer the source code to anyone that asks for it if you also distribute any kind of executable (you may even charge to cover the costs of the distribution).
The AGPL expands this to SaaS's too to close that loophole.
Sorry, I am aware of this, I worded my comment incorrectly. What I meant to say is that one will be unable to ask for money for a ~different license~ to my contributions, becuase my contributions will be under the copyleft license, and I will not sign any agreements that give the project maintainers rights to license my contributions under a proprietary (Non open source) license. Yes, anyone is still free to ask for money for copy left code. But it is still copy left, and as such, the license goes with it.
You are absolutely allowed to use GPL software in commercial products, why are you deliberately lying or misleading?
GitHub could only exist because it was built on top of git, which is also GPL licensed. This is not the only example but should be the immediate one since nearly a vast majority of devs touch git on a daily basis.
Maybe stop listening to your legal team and actually think for a moment. GPL doesn't prevent commercialization, what it does is make sure everyone contributes to the same project equally. Shocker, corporations do not want to contribute to the common good they want to rat fuck it into submission for profit.
Note that the LF of today is basically just like any other global corporation with its own political agenda. You can just follow the money, and see that it is controlled by corporations. They neutered Torvalds, are very woke, and generally a nightmare to work with.
I always advice aspiring open source enthusiasts to stay far, far away from the Linux Foundation. It has become a barrier to software freedom these days, rather than an enabler.
Will they hire the actual maintainers of the software in question, to have time dedicated to the project, or will they as usual, dump AI-generated patches unto maintainers, but this time with even more time pressure to merge, lest them consider projects “unmaintained” if they don't push a fix in 3 femtoseconds, and use it as a rationale to take over the project?
I'm not really a Stallman fanboy but I do find the Free software / Open source distinction really stick out in situations like this.
There isn't a call out for contributors. This is all done behind closed doors. It's the antithesis of free/open source software, presented as defending it.
I don't particularly have any better ideas. And I'm not particularly criticising. It's just a lot of the time the terms are synonymous, but here they starkly different.
Corporates terrorized people with the financial crisis they created and the unemployment weapon.
They terrorized them to abandon their free time.
They terrorized them to find easy solutions in the workplace instead of coming up with solutions that require technical expertise and deep thinking.
They terrorized people to not conform to standards, or create standards but instead patch around lack of standardization.
They terrorized people to not question, but accept. To become slaves.
They did not help them get wide knowledge but be specific on the work, like mass produced meat.
They swept all problems under the carpet and said "This time it will be different". No victories, just silence on the defeats.
It has been happening in the past, has accelerated and made worse as they seized more power.
The leap to AI era is the latest and more violent step of this attack on fundamental human rights.
The problem is political in my opinion. People ought to demand a better life and more free time to work on open source or do their hobbies. They ought to demand human centric laws that stop the greed and by enforcing the laws at last.
Free time is not for consumption, but for production of higher intellectual artefacts.
The French famously got the Congés Payés (paid holidays) in 1936 after the big strike. You have great pictures of entire trains of Parisians going to the beach in Deauville by droves.
Meanwhile the Germans were working overnight to manufacture bombs. That, alone, is already a sufficient explanation on why we got invaded and lost our country to one of the evilest powers of Earth. France had to be rescued by the Russian, the English and the Americans after losing millions of inhabitants. Because we literally took too much holidays.
The one who works the most reaps the entire benefits. And it’s clearly not good to ask for less work all the time. Today France is peanuts on the international market, we are second at everything. Who heard of DailyMotion, which was once as big as Youtube, or Mistral, which was supposed to be our OpenAI?
We really don't give a shit, We will continue to not give a shit. We might give you a credit if threatened by the EU but really? We don't give a shit. Keep sending us that sweet dosh for AWS.
> Anthropic
We underpin the front page of the internet with Ai and in so we allow it to train upon the collective with no recognition. It's great to take and not give back. By the way your vibe coded app is looking ownage.
> Cisco
We are Cisco and we'll license you if we could. We invented the subscription model to charge you per Ethernet port on your router. Opensource is great, we don't even have to contribute upstream. We did once upon a time, isn't that enough?
> Citi
In partnership with Linux Foundation, we will do nothing and keep doing nothing. Linus enjoys his dosh and handjob now and then.
> CNCF
Working on the right fixes before the window closes, we prefer that to be left to the developers and we are very proud to support that effort. Unfortunately, no treats for the developers is written in to our company policy. How does pizza sound?
> RedHat
Open source is the foundation of modern software innovation so we hide answers behind a paywall. We sold ourselves to IBM so we could keep lubing that stripper pole to fill our filthy pockets. Larry Ellison will be here soon for his next lap-dance.
> Microsoft & GitHub
We decided to throw legal action at a security analyst for finding exploits in our OS for laughs. Open source all the way, we don't even allow you to search on GitHub without a rate limit; it's healthy to laugh. How's your mother doing? She seems a keen user of Windows 11 and as she is very important to us,
we've removed that feature she uses most.
> participants will contribute engineering resources
If it works out as planned, we will see. Apart from this, I am not overwhelmed by the claim of this project. It favors centralization and corporate circles, exactly the opposite of what the hacker ethics promotes for good reasons.
You can even shorten that. This is some corporate hollo-bollers takes-your-time-and-gives-nothing-in-return fakery-roo.
> exactly the opposite of what the hacker ethics promotes for good reasons.
Yup. Seems kind of like those zombie plants in the movie "Invasion of the
Body Snatchers" (the first remake; though the original is also great, but
it was more about communism as threat, whereas the first remake added a bit
of alien horror motifes).
Doesn't seem very inclusive. Seems to be another layer to centralize the inbound vulns, gather intelligence and handle them in secret.
It may also turn into another source of pressure. Maybe they manage to sort out the real vulns, but then they come in as high priority to the maintainers.
Many maintainers are already exhausted from their normal work, sans AI noise. Even if they supply fixes, it still requires review.
In best case they could reduce noise but the work is still there. The industry needs to generally fund OS projects to give them the agency to handle it on their own. That's is likely best for quality. If there is still need to filter AI noise then they can add that, but not as a secret opaque thing that controls it all.
So this corporate project wants to spam down more
repositores via AI slop. No, I don't like it. And
no, I am not feeling encouraged to "defend it
together" at the slightest, even more so as many
of these companies don't really contribute anything
at all back.
> The akritai (singular akrites) is a term used in the Byzantine Empire in the 9th–11th centuries to denote the frontier soldiers guarding the Empire's eastern border, facing the Muslim states of the Middle East. (Wikipedia)
Akron means edge or border, so "frontiersman" or "those of the border".
EDIT: Commenters seem upset about the Muslim part, I didn’t mean to imply anything, you cannot just copy-paste contemporary disputes and prejudices a thousand years ago. In the historical context it’s just like most borders between different civilizations. The point is that they were a collective organization getting together to defend their land.
if true, then choosing this name was a very bad decision.
Imagine how Muslims would feel, demonizing them even more, before they were terrorists, now they are attacking open source and hence some organizations need akrites to defend from them.
I really wish such organizations which try to demonize anyone, to fail miserably
To be fair, the Akritai was the Byzantine Empire's effort to use the local population to defend the land, instead of having to deploy regular Army or mercenaries. It happened to be Muslim states that was the border. It bears no anti-muslim connotations as a word in Greek. In fact the epic of Digenes Akritas, speaks of Basil, an Akritas of a Greek mother and an Arab father (hence the name Digenes, of two descents).
Apache is doing pretty well despite them being deathly foes to the Comanche and Texans but I doubt either Texans or Comanches object to the name because of something that happened hundreds of years ago.
I mean I guess we have stop calling things the Great Wall because it repelled incursions from the Manchurians and maybe those people who live in their ancestral lands who were defeated and incorporated into modern Chinese society might feel a tinge of anger…
This is a very simplified and uninformed view of what the Akritai were. The name choice is so wrong, it cannot even be called out as cultural appropriation, because it is far worse than that. LF just stick with languages you understand.
I would be glad to learn if you are willing to explain, this what I found from trusted sources, but it would be great to know if there’s additional nuance.
Ambitious and interesting. I wonder how long this will last and on whose dime and time? Akrites employs no engineers, so who will make the fixes and who'll pay them?
A charitable foundation might be plausible to help companies secure their closed for-profit software but it doesn’t really have the same urgency for the fabric of the internet (or the same moral clarity)
Yet still important to be secured due to the impact vulnerabilities can have. And LLMs can work without source code access via utilizing things like debug symbols, disassembly, reverse engineering, etc.
>paid maintainers
Just like open source maintainers their time is already being spent on other things which they see as more important over making the project 100% security bug free. Just because they are being paid, that doesn't make security their number 1 priority.
Still not addressed the moral clarity point being brought up, nor the ramifications of the Linux Foundation choosing which closed source projects to focus on and alienating their mission statement.
Again, your idea is noble but why should the Linux Foundation be saddled with it when those other options exist? OSS needs their focus as their mission outlines.
Well perhaps the companies who employ them to make that software they sell for profit should let them do that first rather than tokenmaxxing, and the great big non-profit effort can get round to them to help a little bit later after it has helped secure all the open-source stuff the internet actually runs on.
Closed software still has many people with access to the code. Governments or researchers have been given access to lots of critical source code. It can also be leaked. I wonder whether attackers are going to be more willing to bribe people with access to source now they have better odds of finding vulnerabilities with limited effort.
But in the examples cited (and really any other large closed piece of code of any significance in this era) it also has owners with money, and they should be compelled to fix their own stuff.
Or open the source code to be fixed, I guess ;-)
Many of the names on the list makes the initiative rather suspect. Companies who do a lot to undermine free and open-source software, who hide critical software behind their walls, preventing both its scrutiny and its adaptation and improvement, and two of the LLM giants - they'll "defend open source"? I don't know about that.
> Akrites gives critical infrastructure stakeholders a confidential, structured place to coordinate vulnerability discovery, remediation, and disclosure across the open source projects they depend on
So, a bunch of large corporations - some of who are known to be in bed with the US government - will share vulnerabilities among themselves, out of the public eye? Fishy.
All they're really missing is Oracle and Bambu Lab.
Just another opaque and exclusive subproject of the Linux Foundation.
It might not be the idealistic flavour of open source you prefer, but it's the flavour of open source that's actively in use in most tech companies, and that also forms the makeup of most corporate open source participation (e.g. also the top corporate Linux contributors).
Since a lot of places are close in proximity, companies sometimes run private fiber lines and such to let peers download updates without competing with the entire world lol.
Everyone's fighting the same fight. Sharing and collaborating are normal things.
Share it and hide from the public, you mean?
> Everyone's fighting the same fight
Companies really are not "fighting the same fight" as people, generally. And some of these ones are definitely not "fighting the same fight" as FOSS developers, or just people in general.
If it's sent to Akrites, they can even pretend it's done responsibly – even though only megacorps get a seat around that table.
https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...
Besides many of the companies on the list are suspext numero uno for the state of open source
> Besides many of the companies on the list are suspext numero uno for the state of open source
On this I agree. This seems indeed just promo advertising to white-wash these companies. They don't really care about ethics in open source.
I expect we’ve got a future of “undo forks” as I’ve called them which is rolling back to pre-insanity times and rethinking again. That’s only something people unencumbered by commercial requirements can do.
https://httpd.apache.org/ABOUT_APACHE.html
> We realize that it is often seen as an economic advantage for one company to "own" a market - in the software industry, that means to control tightly a particular conduit such that all others must pay for its use. This is typically done by "owning" the protocols through which companies conduct business, at the expense of all those other companies. To the extent that the protocols of the World Wide Web remain "unowned" by a single company, the Web will remain a level playing field for companies large and small. Thus, "ownership" of the protocols must be prevented.
I prefer easy.
If you prefer difficult, more power to you.
Not every airport is a huge commercial building with hundreds of people (also, you wouldn’t visit one of those to parachute jump). Some are akin to cozy shacks without a lot of traffic where you’re in and out in no time.
Clearly you don’t feel that strongly about it. You know what would’ve been easier than making an account just to post that comment? Not doing that.
Have you also stopped working, paying your bills, showering, eating, interacting with other people? Not doing any of that is easier than doing it.
I’m here to remind the thousands of readers that they are not alone.
The vast majority (99%?) of us, absolutely do not give a shit about open source.
You made an account to “remind people” they have support in… Doing the easy thing… Which is doing nothing? I fail to see who needs that.
> The vast majority (99%?) of us, absolutely do not give a shit about open source.
Absolutely the wrong website to make that claim. That number is way off.
Defeatism says otherwise!
> Over the long run, humanity has a pretty good record, carried by the people who refuse to give up.
Unfortunately when the struggle is against other people, especially the incumbent powers-that-be (in this case the capitalist overlords), those that refuse to give up have to fight long and hard to get enough other properly in the fight, and victory requires something drastic like at very least mass protests perhaps up to civil war level.
Keep in mind I am not a coder/engineer, I’m just kind of a tourist in that world, so if I can do it it’s clearly very achievable for many people.
No reason to throw up your hands in defeat. We don’t need everyone to shift over everything. We just need to make sure there’s always space and demand for open source software to keep it alive.
I barely have to do it, but imho, this is how software should work and what running a computer should feel like.
> Keep in mind I am not a coder/engineer
How do you control and audit something you don’t understand? What specific steps are you taking?
Wouldn’t you say that’s way better than the status quo with windows/macOS?
I would say it’s irrelevant to the conversation. I wasn’t throwing shade or criticising your approach, I was making an honest question to understand your argument better. I have no interest in flame wars.
Fair.
> That initial question felt a bit leading
How would you have phrased it? I’m genuinely asking.
> and there’s a bit of a hostile tone coming through.
It’s been my experience that in online writing with strangers it’s best to assume good faith and not assume tone. Read things imagining the other person is smiling and in a good mood (exceptions for obvious trolls). Not that I can do that every time, mind you, we all have flaws, but it avoids a ton of needless misunderstandings and doesn’t escalate.
> Seems it’s unintentional though so not a big deal.
It was. Thank you for replying.
Anyway it’s all good. I hope you have a nice weekend.
Thank you again for replying. A nice weekend to you too!
Gnome and Systemd is a fine example of how fucked up this can get.
You can always find bad examples. The good news is there’s still lots of good ones out there right now. No point in being defeatist about it, just do what you can
Instead, millions of developers now gift corporations their work by releasing everything under MIT or Apache, and those corporations take from that treasure trove what they want and give back what they want, which is very often nothing.
Many die on the hill of "developing something required for free with permissive licenses for recognition which will help with their future endeavors", which is the same with other creative lines of work. As a result they are milked of their knowledge and forced to bear the burden of leading the project and handling the community while companies just use what's developed while quietly but strongly nudging the project's direction for their benefit.
If the developer gets rogue, the thing is forked and sometimes closed down with no downside to the company, but the community and the developer(s) are hung to dry, conveniently signaling other developers about what they might face if they disobey their overlords with iron fists in velvet gloves as a secondary effect.
Last but not the least, many people are very ill-informed about GPL and how it works. I experience this when we discuss this with peers.
This is why I only use copyleft (or non-commercial/share-alike) licenses on what I build/produce/put out.
They mostly do not.
They only demand that you offer the source code to anyone that asks for it if you also distribute any kind of executable (you may even charge to cover the costs of the distribution).
The AGPL expands this to SaaS's too to close that loophole.
Apologies for my poorly worded comment!
Occasionally, EA for example, a big corp will donate some money to. Apple has created PRS to add support for Vision Pro.
If Godot was GPL it would be useless for most commercial game devs.
GitHub could only exist because it was built on top of git, which is also GPL licensed. This is not the only example but should be the immediate one since nearly a vast majority of devs touch git on a daily basis.
Maybe stop listening to your legal team and actually think for a moment. GPL doesn't prevent commercialization, what it does is make sure everyone contributes to the same project equally. Shocker, corporations do not want to contribute to the common good they want to rat fuck it into submission for profit.
The Godot foundation picked MIT for a good reason. If your legal team says no GPL then no GPL. This has been standard practice for decades.
The changes you make to a game engine are almost never the important part of your game's IP.
I guess you could sell the game ready to play, and then upload its source code without needed assets somewhere else.
Most companies aren’t going to be ok with this.
I know when I write a project, I just MIT license it. If some of the code I wrote helps you get your job done, go for it.
I always advice aspiring open source enthusiasts to stay far, far away from the Linux Foundation. It has become a barrier to software freedom these days, rather than an enabler.
“Maintainers of last resort”, my [back].
There isn't a call out for contributors. This is all done behind closed doors. It's the antithesis of free/open source software, presented as defending it.
I don't particularly have any better ideas. And I'm not particularly criticising. It's just a lot of the time the terms are synonymous, but here they starkly different.
They terrorized them to abandon their free time. They terrorized them to find easy solutions in the workplace instead of coming up with solutions that require technical expertise and deep thinking. They terrorized people to not conform to standards, or create standards but instead patch around lack of standardization. They terrorized people to not question, but accept. To become slaves. They did not help them get wide knowledge but be specific on the work, like mass produced meat. They swept all problems under the carpet and said "This time it will be different". No victories, just silence on the defeats.
It has been happening in the past, has accelerated and made worse as they seized more power.
The leap to AI era is the latest and more violent step of this attack on fundamental human rights.
The problem is political in my opinion. People ought to demand a better life and more free time to work on open source or do their hobbies. They ought to demand human centric laws that stop the greed and by enforcing the laws at last.
Free time is not for consumption, but for production of higher intellectual artefacts.
Meanwhile the Germans were working overnight to manufacture bombs. That, alone, is already a sufficient explanation on why we got invaded and lost our country to one of the evilest powers of Earth. France had to be rescued by the Russian, the English and the Americans after losing millions of inhabitants. Because we literally took too much holidays.
The one who works the most reaps the entire benefits. And it’s clearly not good to ask for less work all the time. Today France is peanuts on the international market, we are second at everything. Who heard of DailyMotion, which was once as big as Youtube, or Mistral, which was supposed to be our OpenAI?
There goes all the credibility of this post
> Amazon Web Services
We really don't give a shit, We will continue to not give a shit. We might give you a credit if threatened by the EU but really? We don't give a shit. Keep sending us that sweet dosh for AWS.
> Anthropic
We underpin the front page of the internet with Ai and in so we allow it to train upon the collective with no recognition. It's great to take and not give back. By the way your vibe coded app is looking ownage.
> Cisco
We are Cisco and we'll license you if we could. We invented the subscription model to charge you per Ethernet port on your router. Opensource is great, we don't even have to contribute upstream. We did once upon a time, isn't that enough?
> Citi
In partnership with Linux Foundation, we will do nothing and keep doing nothing. Linus enjoys his dosh and handjob now and then.
> CNCF
Working on the right fixes before the window closes, we prefer that to be left to the developers and we are very proud to support that effort. Unfortunately, no treats for the developers is written in to our company policy. How does pizza sound?
> RedHat
Open source is the foundation of modern software innovation so we hide answers behind a paywall. We sold ourselves to IBM so we could keep lubing that stripper pole to fill our filthy pockets. Larry Ellison will be here soon for his next lap-dance.
> Microsoft & GitHub
We decided to throw legal action at a security analyst for finding exploits in our OS for laughs. Open source all the way, we don't even allow you to search on GitHub without a rate limit; it's healthy to laugh. How's your mother doing? She seems a keen user of Windows 11 and as she is very important to us, we've removed that feature she uses most.
> participants will contribute engineering resources
If it works out as planned, we will see. Apart from this, I am not overwhelmed by the claim of this project. It favors centralization and corporate circles, exactly the opposite of what the hacker ethics promotes for good reasons.
> exactly the opposite of what the hacker ethics promotes for good reasons.
Yup. Seems kind of like those zombie plants in the movie "Invasion of the Body Snatchers" (the first remake; though the original is also great, but it was more about communism as threat, whereas the first remake added a bit of alien horror motifes).
You can complain about supply chain problems, or you can actually try to work on it. They're trying to work on it.
It may also turn into another source of pressure. Maybe they manage to sort out the real vulns, but then they come in as high priority to the maintainers.
Many maintainers are already exhausted from their normal work, sans AI noise. Even if they supply fixes, it still requires review.
In best case they could reduce noise but the work is still there. The industry needs to generally fund OS projects to give them the agency to handle it on their own. That's is likely best for quality. If there is still need to filter AI noise then they can add that, but not as a secret opaque thing that controls it all.
Probably not as impressive to a non-Greek, but to a Greek person it creates very strong imagery.
> The akritai (singular akrites) is a term used in the Byzantine Empire in the 9th–11th centuries to denote the frontier soldiers guarding the Empire's eastern border, facing the Muslim states of the Middle East. (Wikipedia)
Akron means edge or border, so "frontiersman" or "those of the border".
EDIT: Commenters seem upset about the Muslim part, I didn’t mean to imply anything, you cannot just copy-paste contemporary disputes and prejudices a thousand years ago. In the historical context it’s just like most borders between different civilizations. The point is that they were a collective organization getting together to defend their land.
if true, then choosing this name was a very bad decision.
Imagine how Muslims would feel, demonizing them even more, before they were terrorists, now they are attacking open source and hence some organizations need akrites to defend from them.
I really wish such organizations which try to demonize anyone, to fail miserably
But still, the name is a bad, uninformed choice.
It's not Muslim related even at the time they exists.
I mean I guess we have stop calling things the Great Wall because it repelled incursions from the Manchurians and maybe those people who live in their ancestral lands who were defeated and incorporated into modern Chinese society might feel a tinge of anger…
I wish malicious interpretations like yours would fail miserably. The word for the soldiers is about them, not who they fought.