Sure it has, reputable news publications as well as scientific journals issue retractions and updates as a matter of course. E.g. NY Times: https://www.nytimes.com/2022/06/30/admin/new-york-times-corr... Additionally, your example of Wikipedia directly works against your argument as one of the core features of Wikipedia is the revision history of every single page. Being able to have an understanding of what it said over time is a feature which counterbalances the nature of it being sourced by pseudononymous writers.
I agree that it does feel a bit paradoxical, but reversing a product for repair purposes verses reversing it for duplication are treated fundamentally differently by reasonable people. One is "right to repair" the other is "counterfeiting" or violating patents. To your statement,
"We have a right to repair, but you don't" -- this clearly is not what is intended by Taylor, to repair these Kytch diagnostic tools. If that were the case, I think that would carry.
Or in this case, sue the company producing the device and (further) threaten your franchisees with (both litigious and economic) harm if they use the product.
IANAL but I believe reverse engineering for duplication is legal. You can't violate a patent, but trade secrets are called "secrets" because once they are out they are out. You protect secrets with NDAs so they don't get out. You're supposed to protect things that the public will see with patents if you want to protect them.
I'm personally working on migrating a DB I've had for tracking some economic time-series data from Influx to TimescaleDB, and I have to say Outflux is the most savage tool name ever.
Just watched a Def Con video where Jmaxxz
self-installs a remote-start system. Lots of interesting details about what could have gone wrong. https://www.youtube.com/watch?v=w8SG2V3n4-U
Wonderful post, so glad that Mrs. Hansson stepped out for this cause, as uncomfortable as it was.
I've personally wondered at credit scores + credit offered for a long time. The amount of regulation provides wonderful cover for these big institutions to really do whatever they want and lean back on "algorithms" / that they can't override the policy due to regulations, etc. Meanwhile, it's becoming more clear that the algorithms have encoded biases. In addition, the whole credit system is not one of those things you can opt out of (if you ever want a home or car, which I get, not everyone needs), and the whole thing is based on previous borrowing, so responsible (using cash) or underprivileged (never had the chance to start the credit bootstrap) folks are extremely disadvantaged.
The interesting twist in this story that I find damning is that Apple actually overrode the algorithm due to pressure -- this pokes a HUGE hole in this "cover" these institutions have created to date.
This concept of reviewing every line of OSS and copy / pasting the ones you agree with is really holding PHP dev back. Embracing dependency management is an important way to focus your codebase on your application code and is just a modern practice in all languages (https://12factor.net/dependencies). This is part of why JS (particularly node / isomorphic) is continuing to take over previously PHP marketshare. The actual (vs handwavey) security risks are low especially for popular projects.
In this case, if the datastructure or algorithm were useful to your project, you could:
1. Not use the algorithm / data structure at all, resulting in worse performance.
2. Hand roll your own version which is more likely to have improper implementation issues than an OSS version, likely resulting in performance or security issues and wasting your time.
3. Use the OSS version which is likely to have bugs / errors / security issues already solved.
This concept of not reviewing any libraries you rely on, and installing them from a third party, mutable source is really holding nodejs back.
Embracing reliable development and deployment practices would prevent you from being the butt of the joke next time someone pulls a leftpad, or what have you.
Sure, so you can represent the other far extreme. I certainly advocate for review, but we should be practical. No one reads all the code down to the proc to ensure nothing malicious is happening, and the average software dev wouldn't be able to understand something malicious at that level anyway. I could have used a more hyperbolic example than a practical one (have you read all the PHP source for the version you're on? Have you read all your PECL libraries? Those ones are okay but OSS in PHP is not? Why? Just because it's harder to read C, right?). Pretending we do review everything is disingenuous -- but we should do what we can. Review doesn't have to be reading lines of code, but it could be ensuring it comes from popular and trusted sources (part of my earlier comment).
It should be noted that your example was not bad source, so rigorously reviewing source code would not have helped. It was an unpublish event which was unexpected but is now differently handled by the package managers + registries.
Your example about php source, or any of the bundled extensions would be a valid point if they were maintained by one or two single developers.
As you say, it’s impossible to review everything.
But how many projects have been caught out by sudden changes to previously working dependencies? Either revoked code, malware inclusion, breaking changes, etc.
If your dependencies are versioned and go through a review like internal changes, it’s much easier to spot changes.
I agree that a trusted source is invaluable- my point is that (a) npm hasn’t shown itself to be that and (b) the “externalise all the things” approach pushed so heavily by the nodejs community means it’s not just your dependencies you need to worry about - it’s the crab-grass like tree of nested dependencies.
That correlation is very frustrating -- people should take this more seriously, but those who discover things are punished... should be pretty obvious why security is way it is, right?
Why would we combine Whole Foods and Trader Joe's? Whew, at least it's not bigger than Target and Walgreens combined though! It is however about 40% the size of Kroger... so there is that.
Yeah I'm honestly not sure why people would be surprised at this comparison - Whole Foods and Trader Joe's are specialty stores. Nobody goes into them just to buy a head of lettuce.
Trader Joe's has their own in-store brands for tons of products, which has spawned various guides on what should/shouldn't be bough there (https://www.thepennyhoarder.com/save-money/what-to-buy-at-tr... for example). CVS, on the other hand, is a far more general store. They both sell food, but they're not in the same market segment - so the comparison is strange.
>Nobody goes into them just to buy a head of lettuce.
wtf are you talking about? I do this (with other greens and vegetables). If anything, the people shopping at WF/TJ don't want a head of lettuce because it's a stupid product, but I think you're using that as an example...but using head of lettuce just makes me believe you don't understand the demographic.
I don't live in the US, but I've been to Whole Foods when visiting and certainly felt like a perfectly normal grocery store, not too different from most other grocery stores I've been to. What makes it a specialty store and why wouldn't you go there to buy a head of lettuce?
It's not very surprising. When you take a broad meta-category like "groceries" and have 10x the number of locations, it isn't shocking that they would move more product.
Trader Joe's and Whole Foods target specific demographics. I live in a metro area of about 300k people and there are 1 each Trader Joe's and Whole Foods. There are probably 40-50 CVS outlets. Their sole income driver is margin on food. CVS focuses on market saturation -- their profit driver is drugs (a market in which they vertically integrate distribution) that are mostly 3rd party paid. They survive in food deserts because the money made on drugs offsets heavy shrink losses.
My guess is they might fill a supermarket niche more in denser urban areas. I don't know first hand but it cluld make sense.
I heard accounts of ironically Whole Foods which is referred to as "whole paycheck" in other areas being the cheap option in some areas. I would guess traffic vs stock would also influence prices in non-obvious ways. With perishables, more expensive real estate, high traffic, and customers more likely to buy everything by foot they may be less of a speciality niche in urban areas than suburbs.
