Holy shit I can't believe the amount of venom these guys came up with just because some guy wrote a book!
After reading all these war stories from Pieter I'm definitely going to weigh his book on the subject of psychopaths far higher than any controlled experiment psychology BS (those guys can't even reproduce their results most of the time.)
This often happens, the previous article didn't get any visibility so people post it again, not realizing. I think the old one is the dupe :-) We need a name for a "dupe that was ahead of its time."
That's a relief! Glad to hear the plan is on hold.
Hey, noted you writing about not being into this "fight this thing" ("neighbor") but curious how this turn of event alters your views. Just purely in the emotional and psychological sense, does this all of a sudden having an extended expected horizon, doesn't [it] seem like future could be anything in the realm of possible. (I apologize if this is too personal.)
Well, I'm steadily losing weight, down to about 65kg now from 76kg when I was diagnosed. I'm finding it harder and harder to eat, and I've steadily increased my painkillers from 10mg to 50mg or more per 12h.
So, clearly, things are not getting better. I'm dying and it is just a matter of what bed I die in, and whether it'll be a vital organ like the liver that gives up first, or euthanasia if the breathing gets too hard, and the pain too much.
What the extended horizon does is let me write a little more in that article (there are still stories to tell) and wonder if maybe it'll be enough for a book.
Weirdly the main emotion I feel is a kind of embarrassment at raising a false alarm that gets so many people worried. Also, happiness of course to still be alive and see my family & friends and chat a little more with people on the Internet :-)
I love books. I'm finishing for the first time the Foundation Series of Isaac Asimov.
You know what's frighten me? When i read him, i kinda connect with him, his beliefs, fears, opinions, view points ... his soul. Problem is: guy is (physically) dead for over a decade. But when i read his books, it's like if he is alive.
I started reading Confessions of a Necromancer and boy! it's amazing. I'm sure, deep inside, it's a masterpiece and a way for your mind and soul to survive all difficulties you are facing now.
So you are not dying, indeed, you are probably living more then most of your entire life before. Even if your body is in a bad shape, you true self are getting better and better.
Sorry for saying this like that, but keep up the good job!
There's nothing quite like facing one's imminent dissolution to focus the mind.
Some years back, after watching someone very near and close go through and eventually succumb to a situation similar to yours, I used travel as one of my coping and recovery mechanisms.
Came a point on the trip where I found a very high and sheer promintory. I took the opportunity to consider just what it was that made staying alive worthwhile. Few if any religious or philosophical justifications do much for me.
The Talking Heads lyric, "heaven is a place where nothing ever happens" came to mind. And with it the realisation that there's only one sure-fire way to find out what comes next, and that's to be there for it. Regardless of whether that's good, bad, or indifferent.
I've found the argument convincing to date.
I'm also loving your posts and engagement. I've thanked you for them before, but here it is again: thanks.
That's very profound, and I'm glad I was able to discover these writings just today. I also think that the need or desire of transcendence is what drives us to create great things.
lol, yes, Asimov also writes stuff in the preface like he's 35 and people tell him they thought he was long dead, because even their grandparents read his novels. Which gives the feeling he's still with us.
OT: Is foundation better than pebble in the sky and his short stories? I like his philosphical views, but his science ideas feel real outdated to me.
Asimov's science ideas sound outdated in some cases because they became science fact. For example his 1945 proposal on communications satellites in geosynchronous orbit ... Www.lakdiva.org/Clarke/1945ww as quoted in Wikipedis. First successful satellite launch to Earth orbit was Sputnik in 1957. Stuff Asimov proposed 71 years ago is the basis for Pokemon Go ...
I suspect you've got Clarke and Asimov mixed up there. The article that you linked ( http://lakdiva.org/clarke/1945ww/ ) was written by Arthur C. Clarke.
Clarke was a bit more grounded in the harder science fiction disciplines (Fountains of Paradise with its space elevator) while Asimov tended more to the software side looking at psychology and sociology, empires and the people.
I just wanted to thank you for sharing your experiences! I think you are a great inspiration to me and many others, for when our inevitable moment comes. It occurred to me that we are not really prepared for 'the art of dying' (sorry, for the lack of a better term), it is somehow a large taboo.
Still having fond memories of installing Xitami as a kid :-).
Considering your condition it would obviously have to via oral. A CBD tincture would probably be the best path so you could titrate in more controlled manner. It should help with the pain as well (and keep your mental clarity).
Your writing is delightful, thank you for sharing it with us.
> happiness of course to still be alive and see my family & friends and chat a little more with people on the Internet :-)
:) For what it's worth I wish you the full measure of more comfort and happiness.
So in terms of your legacy, I was wondering a while back regarding the split in ZMQ & the news of your health that do you feel you have achieved your broader goal of establishing governance model driven OSS as the basis for new organizations, taming the beast of ego :) More to the point: do you think ZMQ, as an undertaking, will continue to evolve as intended? (Kinda of like Apple: is Apple really Apple without Steve Jobs, so of Q.)
This is a really good article. There's one part in particular that struck me:
"Despite the assumption of some newer open-source developers that sending a pull request on GitHub “automatically” licenses the contribution for distribution on the terms of the project’s existing license—what Richard Fontana of Red Hat calls “inbound=outbound”—United States law doesn’t recognize any such rule. Strong copyright protection, not permissive licensing, is the default."
In other words the fork + pull request + merge flow does not work on a project unless you have an explicit step like a CLA, or an alternative solution.
We faced this problem early on in ZeroMQ, that asking contributors to take this extra step increased the work for maintainers (to check, is this the first time person X contributes, and have they made a CLA?) It also scared off contributors from businesses, where this often took approval (which took time and was often denied).
Our first solution in ZeroMQ was to ask contributors to explicitly state, "I hereby license this patch under MIT," which let us safely merge it into our LGPL codebase. Yet, again, another extra step and again, needs corporate approval.
Our current solution is I think more elegant and is one of the arguments I've used in favor of a share-alike license (xGPL originally and MPLv2 more these days) in our projects.
That works as follows:
* When you fork a project ABC that uses, say, MPLv2, the fork is also licensed under MPLv2.
* When you modify the fork, with your patch, your derived work is now also always licensed under MPLv2. This is due to the share-alike aspect. If you use MIT, at this stage the derived work is (or rather, can be) standard copyright. Admittedly if you leave the license header in the source file, it remains MIT. Yet how many maintainers check the header of the inbound source file? Not many IMO.
* When you then send a patch from that inbound project, the patch is also licensed under MPLv2.
* Ergo there is no need for an explicit grant or transfer of copyright.
I wonder if other people have come to the same conclusion, or if there are flaws in my reasoning.
For Microsoft GitHub repos, there's some kind of automated tool that enforces CLAs. Whenever there's a new pull request, it checks whether the author is a Microsoft employee or not. If not, it checks whether there's a CLA for that person, and if there isn't one, posts a link to a page that handles signing, and records the result for future uses. Repo owners are also notified accordingly.
It also seems to have some kind of threshold for code size, because for small contributions, it says that CLA was not required.
You can see it in action from users' perspective in pretty much any repo under https://github.com/Microsoft/, if you search for "MSBOT" in pull requests. E.g.:
And note the Microsoft CLA says "you grant Microsoft a patent license covering your contribution", while Microsoft grants no patent licenses over (edit: most) of their open source code, and are currently profiting from patent licenses against open source code in android etc.
When it comes to patents, MIT is a closed source proprietary license, while Apache 2.0 and GPL are open source and free software. All these companies spewing bs about how open MIT is bugs me to no end.
It takes a really warped interpretation of open source to claim MIT is a closed source license. Not even Stallman agrees with that. In his essay on selling exceptions to GPL he gave this argument[0]:
"
If that implication is valid, it would also apply to releasing the same program under a noncopyleft free software license, such as the X11 license. That also permits such embedding. So either we have to conclude that it's wrong to release anything under the X11 license -- a conclusion I find unacceptably extreme -- or reject this implication. Using a noncopyleft license is weak, and usually an inferior choice, but it's not wrong.
In other words, selling exceptions permits some embedding in proprietary software, and the X11 license permits even more embedding. If this doesn't make the X11 license unacceptable, it doesn't make selling exceptions unacceptable
"
It seems everyone except you, including the father of copyleft, agrees that the MIT license is a free and open source license.
And many open source developers are just fine with that. If someone finds a use for my code and even if they make lots of money off it then good for them. It's not like they've stopped me from using it in the original form. I've also had cases at work where we want to use open source and copyleft licences have caused clueless managers to get panicky despite the fact that we don't redistribute anything, only make use of it internally. They also often initially tell me not to contribute anything back but after the work is done and I explain multiple times about the effort of porting the changes to subsequent newer releases they agree (often with the proviso of using my personal e-mail). In summary, I don't follow the RMS line of closed source being morally evil or whatever so a license like ISC or MIT is the best practical match to my wishes when I release stuff.
Most of the big MIT licensed Microsoft projects I know (.Net Core VM and libraries) are licensed under MIT with a separate, explicit patent grant. For example look at the PATENTS.TXT file in this repo: https://github.com/dotnet/corefx
Interesting. It's a non-legally binding patent promise. But honestly, I think MS has waded too far into open source to have the bad publicity of breaking that promise, unless MS gets into very bad finances. Anyways, good enough for me.
And it actually makes my point about the MIT license, it's inadequate for patents.
According to these links, they will probably work in an actual case. They can be revoked at any time, making them inapplicable to future patent use which was not already going on for some period of time.
Definitely not anywhere near as binding as the MIT license, but it's not a good comparison anyways, MIT addresses only covers only copyright and patent law is a very different and separate area of law.
> It also seems to have some kind of threshold for code size, because for small contributions, it says that CLA was not required.
That's because all this copyright stuff is needed only for things that can be protected by copyright in the first place. One of the elements required is creativity of the work and if you only make a trivial change, e.g. Adding an obvious make file rule or adding a file to a project, that's not creative (there's just one obvious way to do it), so not protected, so not needing a CLA.
> In other words the fork + pull request + merge flow does not work on a project unless you have an explicit copyright assignment step (CLA), or some alternative.
> I wonder if other people have come to the same conclusion, or if there are flaws in my reasoning.
Unfortunately, it doesn't work the way you've hoped. Although there are some licenses (e.g., Apache) that purport to apply automatically to new code submitted to the licensed codebase, the MPL doesn't make that claim, and such clauses are legally dubious anyway.
So just because I write some code that can be applied as a patch to your MPL-licensed codebase, my code is not automatically subject to the MPL. By default, I hold the copyright, with all rights reserved, and the MPL license on your code does nothing to change that. You still need explicit agreeement from me to place my code under a compatible license.
Github, Gitlab, et al., should really put a checkbox on pull requests that says, "I hereby license this code under $REPO_LICENSE."
Actually, you're wrong about the MPL. The MPL is a file based copyleft license, the share-alike clause applies to any modifications made to a file already containing MPL'ed code. This is only an issue when you add new files to the project, and any MPL project should be vigilant about accepting patches to ensure new files added contain the MPL header.
Yes, there's a good argument that the license would apply automatically to modifications to an existing file, but even in that case it is somewhat questionable. Is the modification substantial enough that it could be considered a new, stand-alone, derived work? If so, the pre-existing license may not apply. Was the modification submitted as a patch in a file format that does not incorporate all of the pre-existing code? If so, it may be a new, stand-alone work to which the pre-existing license does not apply. Etc., etc. Very little of this stuff has been well tested in court, so there's a lot of room for facially plausible legal challenges.
And it's fairly clear that new files are new works. So, really, in all cases, unless you're getting an explicit statement from contributors that they have placed their contributions under the relevant license, there will be a a lot of uncertainty about whether they really have been—particularly if the contributor (or his or her employer) later challenges your claim.
That's why Github and other platforms for projects on the pull-request model should really build explicit consent to licensing into the process.
> And it's fairly clear that new files are new works. So, really, in all cases, unless you're getting an explicit statement from contributors that they have placed their contributions under the relevant license, there will be a a lot of uncertainty about whether they really have been
For a project using the MPLv2, new files added to the project would include the following header at the top:
> This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
Yes, absolutely a code file can be transformed enough that the original license no longer applies. Copyright law in the United States applies the same tests to code as to textual works and works in other media: is the transformation substantial enough to consider the transformation a new (derived) work, copyrightable in its own right? If so, its author holds its copyright completely independently of any copyrights or licenses attached to the work from which it is derived.
The case law on what constitutes a new, derived work is not at all well developed in the context of software. But looking at analogues from other media—and that's what the law does—it is easy to imagine that a very substantial refactor, touching basically every line, or a less substantial refactor with substantial additions, might qualify as a new, separately copyrightable work.
The claims of copyleft are almost entirely untested in court, and it's very likely that many of them will prove empty if they're ever challenged. Indeed, many of copyleft's claims, those which place obligations on users and contributors, are more TOS-style claims than claims that look like ordinary "reserved rights" under copyright law, and therefore presumably have a legal basis of enforcement in contract law, not in copyright law.
Explicit agreement by contributors to be bound by a license, however, covers most bases, whether the license is interpreted as a license per se, pursuant to copyright law, or whether it's ibstead interpreted as a contract under contract law (or both).
I was discussing this once with the maintainer of an MIT licensed scientific software. The solution in the end IIRC was to require all first-time contributors to agree in writing to a Contributor Agreement that states (among other things) that all code submitted to the project would be licensed under the project license.
It's not much of an obstacle really, just whenever someone submits a PR for the first time, say "I'll look at your code and comment anything that may need improvements. Also, you have to agree to these conditions [link]."
I imagine that issue will give some lawyers a hell of a time if it comes up, because by sending someone a pull request on GitHub you're actually sending them a copy of the modified file including any header claiming that the contents are under the MIT license or whatever other license it was under - even though the pull request displayed as a simple diff. Except that behind the scenes it may be stored as some kind of diff again.
> It also scared off contributors from businesses, where this often took approval (which took time and was often denied).
This is one of my biggest reasons for not working at Google/Facebook/etc. I really don't want to have to get management approval for every random PR I submit in my free time.
For people working at big companies, how do you handle this? Do you just stop contributing to open source?
I'm not from the US and don't know the US employment law, but you generally don't have to ask permission from your employer on things you do in your free time.
Unless you signed a contract that specifically forbids you from contributing to open source / other software projects (why would you do that? what is the exact wording? is such clause even legal?), your free time is your own, to freelance or work for other employers.
Working on open source on your employer's time and money is a different thing, and asking for permission makes perfect sense there.
> I'm not from the US and don't know the US employment law, but you generally don't have to ask permission from your employer on things you do in your free time.
Employment contracts for developers in the US, particularly at big companies, are very broad and try to lay claim to any development work you do (regardless of whether it's in your "free time" or not). They often expressly forbid freelancing or open source work unless it is approved by the company.
In most European countries those type of clauses are anyway invalid, even if written in the contract, as the company doesn't have a say on how you are supposed to live your private life.
Small correction, but a CLA is a contributor licensing agreement, not a copyright assignment. The contributor still owns the copyright to their code, they've just explicitly allowed the project to license their code under the terms of the project license.
Depends on the CLA. Many CLAs (for example the one that RoboVM used that allowed them to switch their GPL licensed compiler to a closed source model more easily) do require copyright assignment.
A more dangerous side-effect of branding Tor as a "human rights" tool is that whereas if it's a "privacy" tool, people in oppressive regimes can legitimately use it (e.g. people working for such regimes), whereas as a "human rights" tool, its simple presence on a computer is evidence of guilt.
I haven't live in a lot of oppressive regimes, but usually this is not how it works. I lived two close examples
When i was a kid a friend of my grand mother was arrested because a neighbor said he was a communist. He was tortured for a week and his party, kind of center/right wing took him out as they were a close party to the current government. Oppressive regimes usually don't need evidences.
A friend of mine was arrested for two years, accused for terrorism. The proofs? a war and peace copy (not even a photocopied book) and a guns and roses poster. And this was in "democracy"... so stupid proofs are also used, and whatever can be a proof, like a book about cubism was considered that was a book of cuba's ideology.
Tor has been for years looked by "regular"/"normal"/"common" people as a tool for drug dealers or child molesters. The switch to a human rights tool doesn't seem to really put it more into the illegal line.
Anyway, oppressive regimes do whatever they want, Tor can avoid some of the spying but if the state is already taking your computer you are screw up with Tor or without it.
I think you're missing his point. Many people in oppressive regimes, including oppressors, are interested in a bit of extra privacy. Regime might even be able to get around it since a lot of "privacy" tools are bullshit. A tool saying it's specifically designed to defeat oppressive regimes is practically an attack on them. Even possessing it says you're fighting the regime. So, eliminating all such tools or people using them is a logical response for oppressive regimes.
And people on Pieter's side of this issue probably think it also logically follows to prevent that mental connection from happening in government officials' minds. Just gotta change how it's branded.
I understand the point, what I am saying is that things don't work this way, neither in my personal experience (which i told) and neither in the areas i work (i work for a human rights organization, which doesn't recommend any software btw). There is a difference on what you think people should react and what people really react.
If it's as concepts, "human rights" triggers less alarms than anonymity, first because while I don't know which regimes you consider oppressive there is a big probability they themselves think they comply and/or promote human rights. Iran for example have a Islamic Human Rights Commission and proudly promote it. Israel would be another country that fits this example.
Then we have that anonymity could mean something it scares them the most, which is not human rights defenders but spying. Tor is already in a bad list for this reason, same as any anonymity software. The biggest threat those countries face is still military intervention or terrorism. A friend was arrested while taking pictures in Palestine, when questioned he was asked if he had Tor or i2p installed, PGP or any encryption software on his laptop. They didn't took his laptop away, but that was before the switch to "human rights" brand.
Then there is another vector we can take, Tor as circunvention. Another friend when visiting sudan got a pamflet to not use Tor, VPNs or Proxies when asked for the visa. The hotel made the same requeriment. This was 4 years ago. The reason was not that Sudan has been in the list of the worst human rights offenders but that you could access immoral content with it.
So, while I understand the point, it doesn't seem to have a backed reality to be sustained.
I disagree. I'm happy to install Linux from a USB stick. I'm not happy reflashing a BIOS. Have installed many, many laptops with Linux (ironically, my all time favorites are older Lenovos like the X220). I've not once flashed a BIOS.
Not being able to change the OS on a laptop severely reduces its aftermarket value too. My laptop originally ran Windows. I bought it second hand to run Linux on.
Flashing a BIOS takes about 1/10th the time and effort of installing Linux.
Unless you're under the age of about 25 I'm not sure how you've never once flashed a BIOS unless you aren't in tech. Pretty much every new server from Dell/HP/Cisco/IBM/name your vendor requires a BIOS flash at least once in it's lifetime. Usually at the time of acquisition for HBA compatibility.
"It was a shame to see the initial posts this morning hit the top of the page..."
If it raises the issue of running Linux on laptops, it's fine IMO. And both Lenovo and Microsoft have a lot of accumulated badwill that does not play in their favor. Guilty until proven innocent seems fair here.
