You’re missing the point. Every project has core team/developers. They (the passer-bys) are the most valuable by being the added value, the differentiators that close-source and the (neu) closed-platform open-source projects can’t have.
It is valid that a developer (or developers) of some projects may not want any kind of feedback, and just want to do their own thing. But the original “social coding” platform is not exactly the best fit for such projects.
That’s a weird outlook. I would postulate that (pseudo-)anonymous passer-bys are collectively probably the most valuable contributors to open-source. That one random well-researched easily-reproducible obvious-in-hindsight issue or patch that makes you go wtf.
Annoyance would come from people who would create a “community” construct in the first place, even if it didn’t exist or was needed, just to be a busyworking “member” of. And those types often wouldn’t mind identifying themselves, if not for everyone, for a host like GH.
Recently, I’ve been frequenting an “anonymous” old platform or two which are nowhere near their peak, and have a very high ratio of pure drivel, just in hopes of running into the random anonymous passer-bys of old mentioned above. Passer-bys who would never come near the M$/AI ID-requiring enshitified GH of today. And what do you know! I’ve seen issues (mostly performance ones) show-cased related to a couple of tools I contribute to, that neither I nor the upstream developers knew about.
Anyway, what I was actually hinting at is that online communication existed for a long time before ID-centric social media came into the scene. This even predates the web itself (newsgroups …), and it wasn’t exactly an unmanageable wild west. Most spaces in fact were much nicer than the ID-centric social media platforms of today.
What do you think the internet was like pre-Facebook?
Serious question, how old are you?
Let’s take Lemmy UIs as an example. In a world where this “RCE” is removed, all API calls and returned data would have to go through a “server client” first. I hope this won’t take you long to ponder if that’s an improvement or not 😉
The web is indeed shit. But dumber web means more “clouding”, or if it’s not “clouding”, and to borrow from your reductionist fatalism: Dumber web replaces a potential RCE with a definite MITM.
f-droid represents a distro model with a trust model and certain requirements including build ones. Think of it as the Debian of Android.
When f-droid support is mentioned, it’s not a question of mere APK availability. All APKs after all are available if you know where to look. And it just happens that f-droid compatible 3rd party repositories already exist without the strict requirements (e.g. IzzyOnDroid).
Beyond warring against any kind of third party build (don’t let me get started on forks), Signal uses google services dependencies, so it’s not just about the source of the binary APK. Note that whether these dependencies are hard, or “just!” a default, is not that relevant in my books (this is an active point of contention across many many apps).
This insistent attempt at defending this blessed supposedly secure messenger seems infinitely weirder than what any fanperson of any other app can muster! I put imaginary hypotheticals that don’t even understand the point of f-droid, like “it is perfectly capable of enshittification” into that bracket. The continuous attempt at painting a false binary of Signal and Telegram is even more pathetic.
google-play requirement/lack of f-droid is an immediate disqualifier.
Is that simpler for you to grok?
I hope your failed attempt at red-herring is accidental, and stems from lacking the ability at basic logical understanding.
At least Telegram was always available via f-droid. And good forks are also available, like the self-documentedly named Forkgram ;) Not to mention third party apps.
Signal never was, and moxie is the primary reason why the supposed secure messenger failed what amounts to literally this first requirement. This is also the reason why people were looking for other options like Wire, which eventually did deliver f-droid support, but they took their time, and by the time they did, most of the early “hype” was already dead.
I didn’t care for anything moxie had to say since, as the stench was already too strong. Celebrating his contribution to “secure” messaging in WhatsApp later was the shit-smelling cherry on top. And anyway, the last time I checked, moxie is not even involved with Signal anymore, and it has been in the hands of board suit types, some with public questionable past, for a while.
Good move, removing some incentive from the security theater industry to exaggerate, or even manufacture, problems then “solving” them, while gaining some free ad space and “credibility” in the process, which is something I already pondered in a previous thread that had a bad smell.
They are certainly a member of the community.
There is no “community”. The GPL itself was explicitly created for the freedom(s) of the individual. The faux-“community” is just an attempt to create an “identity” in hopes of encouraging people to contribute, or at least advocate. And many projects don’t even like being advocated for outside of potential contributor pools (a few hate any level of advocacy outright).
Incidentally, liberally licensed software, on average, tend to value adoption at least as much as direct contribution, and thus would usually appreciate advocacy more.
is a political decision
Or a practical one, or …
Everything can be argued to have a political aspect to it. But what people (often non-contributors) have in mind ignores many relevant technical/practical aspects that may play a role.
that empowers corporations
Open-source license choice is practically near the bottom of an endless list of things that actually empower corporations. Most of the empowerment comes from the inherent nature of the system, which is something software licenses, GPL included, don’t even pretend to try to fix.
But that’s not why I asked.
Do you know how many liberally licensed essential packages are installed in your system right now, and can you name them? From my experience, most of the people who quibble about this don’t and can’t.
* Not that it matters, but I personally use AGPL or MPLv2 for my own stuff.
Are you a (potential) contributor?
I didn’t. And I was specifically referring to the published “analysis”.
How do we know the supposedly malicious content (which hasn’t provably affected a single person) a security company finds, didn’t originate from that same company?
It all sounds like a joke, and a lazily written one at that (Edit for fairness: the ctor part was a nice touch tbf).
And this is not limited to this analysis, or this company, or the Rust ecosystem. The era of CVE logos and all that theater can become rather tiring, and AI slop took the silliness to a whole other level. Or as our friend Daniel puts it, it’s a “Death by a thousand slops”.
Maybe it’s a bug, but my false flag alarm bells are ringing loudly here. Although to be fair, they always do that whenever they get a whiff of anything from the modern security theater industry.
Or maybe my mind is wrongly biased towards applying a “Problem - Reaction - Solution” reading to many “commercial” moves.
Super-human claims require evidence. And asking for that evidence is not an insult.
I think it’s time for this instance to consider introducing a filter where users have to choose a language they know (any language), and then have to answer easy questions about it (in a specific way), before being able to post here.
It can be limited to specific posts, to limit the false-negative filtering of genuine discourse.
This should help with bots, or worse, actual humans who accepted being shaped into acting like ones. The line separating the two has become very thin anyway, given the prevalence of LLM use, both automatic AND manual.
Can you point to relevant non-trivial public work of yours that has zero CVE’s?
The more you learn and know, the more you refrain from making such statements. This is universally applicable, and not limited to C or programming. And that’s what makes your “story” suspect.
Or maybe it’s a reading comprehension issue.
I used to write non-trivial C code myself btw.
It is guaranteed those who talk about this have ZERO clue about the licenses of the software they directly use, or have been always installed on their systems.
waypipe support input (keyboard+mouse)? because if it doesn’t, it’s kind of useless. you might as well just use ffmpeg with kmsgrab (provided that the pixel format the compositor uses is supported).I have no intention of switching to wayland, but I did try wayvnc a couple of times. The first time it was very buggy. The second time it seemed to have improved. But I see now that it isn’t actively developed anymore!
Rust has features that are not directly related to memory safety, but introduce paradigmatic and ergonomic improvements that help writing correct logic more often. Features like sum types (powerful enums) and type classes (traits, how generics are implemented) quickly come to mind. Hygienic macros and procedural macros are also very powerful features.
Sometimes the two aspects (language feature and memory safety) come together. For example, the Send and Sync traits is the part of the type system that contributes to implementing thread safety.
So it’s not all just about (im)mutability, lifetimes, and the borrow checker, the directly relevant safety features.
Also, the tooling and the ecosystem are factors the value of which can not be understated.
You can obviously want whatever you want. But this was not a part of the implied social contract in GH. And people are objecting to it becoming one, hence this thread.
GH always had “moderation tools”, so you can ban people or restrict access. They could have added a restriction level for “verified users”. But they are choosing not to.
And yes, people will be hosting/moving projects elsewhere. Many already did.