A technical walkthrough of how the Apple M-Series DMP works, and how the GoFetch proof-of-concept exploits use it to leak private data to unprivileged user-space applications.
I have exactly the same experience. Actually switched from Ubuntu to Arch to have a vanilla Gnome 40.
Maybe we should just admit that this is the Gnome Way. If customization is super important for you, maybe KDE, .. are the better options. There's a choice. =)
I did exactly the same ~4mo ago, vanilla Gnome on Arch is blazing fast compared to the Ubuntu one...hell the whole system is, and the archinstaller is great! Perfect KISS i would say, if one need's more then do it the "old" way.
However Gnome40 was just installed to test it, since i use i3 normally, i cant stand the Windows shuffling anymore, it makes me just angry to sort the space on my screen, and i don't even use the tilling thing "correctly" just tabs, virtual desktops and sometimes a floating window.
Please correct me if I'm wrong but this is not how I understand the meaning of "open source software".
It sounds rather like customers get source access. Do they have the right to sell the source code or re-release it in any way by following an open source license?
( https://opensource.org/licenses )
P.S. I'm not criticizing your business model or anyone elses.
You can download [1] the latest release of open3a to find not only the PHP source code, but also an AGPL license. This isn't open contribution software (no public Gitlab project to do pull requests and such) but the source code itself seems perfectly open source.
Even still, open source licenses may be used to sell software for which the source code is not available before purchase. For example, the Apache 2.0 license can be used for this; it protects users of altered versions of the source code from patent infringement lawsuits and forces the Apache license to be passed on to the end users of the modified work. It doesn't forbid throwing the source onto a repository somewhere, of course, so the source doesn't remain closed for long, but I can imagine many businesses wouldn't want to sell their technical support to a company that published their source code, and businesses are generally wary of using software without any form of support.
There's various ways people use the term "open source" and I think in general people mean "software that's available publicly for free" when they use it, but some of the open source licenses allow for some propietary-like behaviour while using them.
What's to prevent someone from putting it up on GitHub? Of course the customers are buying support too, and OP could probably make a copyright takedown if the name and logos are used as-is, but it sounds somewhat risky. There again I haven't built a successful business like this, so what do I know :-)
Very little, indeed. However, just a blob of source without any updates or progress isn't very useful. I doubt many companies will buy software and take it upon themselves to maintain a public repository of someone else's source code. There's no profit to be made in that.
The copyright itself couldn't be used to take the code down, because the open license allows the customer to do exactly that.
Theoretically, a customer can buy the software, fork it, and turn it into an open source fork. Without the support contract to receive updates, though, I doubt that'll be very useful in the end.
At worst, a competitor buys your software and uses your own software against you by analysing, publishing and extending it, and selling support contracts in your market. However, I strongly doubt there's much money to be made that way.
I'm no businessman either so I wouldn't know what brings companies to make software like that. I think these licenses were born in an era of offline, compiled blobs that received updates every month at the most, whereas modern software development is much more focused on freemium and SaaS.
> It sounds rather like customers get source access.
Technically, you could provide binaries and a GPL license, then provide source code when verified customers (eg they send their receipt/license number with their request) ask for it.
IANAL, but as far as I can tell, there's nothing in GPL that says you can't sell the software and operate this way. If your customers hand out the binaries to third parties, that's on them to provide the GPL and source code, not you. And of course, they could sell, re-release, etc, but anyone else could come and do the same to them.
It's risky, to be sure, and it feels "wrong" only because we've become conditioned to the status quo of so-called "intellectual property". Frankly, I would love if I could write open source software for a living, but there's a big fear of letting go of a steady paycheck (and benefits!), but that has more to do with entrepreneurship fears than software licenses.
That's the business model of grsecurity (selling security patches for the linux kernel). They have an additional clause that if you re-sell/re-release the patches, you lose access to future patches. It's controversial.
As far as I can tell it is AGPL licensed PHP code, you can download the code, run it, and modify/fork it freely. Code is open source, but it is not developed in the open.
The article doesn't mention GPL. It's unlikely that this code is GPL-licensed. Moreover, yeah, probably the customer can modify the code, but can they resell it or share it with someone else for free? If not, it's not open source.
From "The Open Source Definition"[1]:
> The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale.
“I’m contradicting the author without validating my claim. And it’s super easy to validate my claim, but I just didn’t. When confronted, I complain that it takes greater than 10 seconds to verify my claim.”
This is curious behavior. There’s lots of incorrect and misleading articles. But I try to bring up questions only when exhausting reasonable investigations.
1. There is no link in the article to the zip file.
2. Searching for open3A in duckduckgo brings me to a page that spits out PHP errors and doesn't give me anything.
3. The only way that I now know where the zip file is, is because another commenter linked to it.
4. We've seen companies disguise something as open-source, when it wasn't.
5. Open source is commonly hard-to-sell.
So no, it wasn't 10 seconds to verify and the author didn't make it particularly easy to do so. My doubts are completely natural, given past news in "open-source". Are you commenting in bad faith?
I searched for “open3A” via Google (not ddg, but if I got errors on ddg, I would try “!open3a”) and the first hit is a German site. I don’t speak German, but I saw the download link [0] and downloaded the first zip and viewed the license.
I spent more time downloading the 4mb zip than clicking on stuff.
It’s not the author’s job to make answering my questions easy. It is my job to not make easily verifiable claims without trying.
I’ve dealt with lots of projects that are crappy about licenses and frequently have to download the tarball to look for licenses, just to check if I can actually use.
The author could make this easier, but she didn’t. That doesn’t mean I should go into attack mode because other people make bad claims. (And I suppose I give up after 10 seconds and don’t want to stick around for 20 seconds)
I also noticed that author doesn’t even link to her project. Maybe it’s because her project is in German and the blog is English. But I’d rather have more posts like this with whatever time the author can spend, than wait for it to sit in draft while unimportant details are finally added.
Thanks, I thought it was kind of refreshing how you weren’t linking to your site and liked to see content that didn’t just seem like seo or a sales pitch.
There is a trail of links from the article that will bring you to the download. Click on the author's name to see their profile, click on the project to see the project's profile, click on the link to the project website, then click on the link to the downloads page. While the trail is a bit much, it is important to keep in mind the article was an account of the author's experiences and it published on a portal for indie developers. A direct link may not have been seen as appropriate given the context.
While I agree with companies misrepresenting their products as open source as being a problem and believe the AGPL should have been mentioned, I do not see how the point about open source being hard to sell as being relevant. Not only are there are success stories in the world of open source, but the author made their success sound modest.
Basicaly you are just explaining that you've just done a very quick search. Fact that Duckduckgo doesn't gives the right answer an the first page is not an excuse. Actually, DDG printed a lots of comparison pages of business application for me, so I changed my search string, tried elsewhere, searched on indiehackers.com where she writed the post. This is more completely natural that becoming suspicious from nothing.
BTW typing only "open3A" in DDG gaves me the right answers all on the first page.
> Please correct me if I'm wrong but this is not how I understand the meaning of "open source software".
So you've made the assumption that it's distributed under a source access only license, but instead of verifying that assumption, you're asking others to correct the conclusions you draw from it.
I've found I do this, but the reason I tend to (especially in technical conversations) is to try and establish a shared vocabulary. Often times I find that I understand the words people are saying but not enough of the context. Injecting an example of my own helps anchor the conversation for me and keeps the exchange of ideas going.
I didn't realize until you said it, but yes, I do this for technical discussions too. Sometimes I've volunteered to write up a description of an issue on which I'm knowledgeable but not an expert, and when it comes to write it up, I realize there are subtleties about the situation that I didn't understand. So I just make my best guess as to what I think the situation might be, and post it to people who are the experts, knowing they'll correct any mistakes. It is indeed a much more effective way of getting someone to explain something than going back and forth with questions.
Some of my non-geek friends in a friend circle with quite a few geeks of different flavours call this "geek butt sniffing".
I've been accused of it often, when I meet someone new (who's a geek) and we do what in my head is the "geek subject matter negotiation", where each side narrows down domain expertise and experience by doing a breadth first tree search across all shared geek-domains, followed by a depth first search down the tree paths with significant crossover.
One recovering-geek friend says we're going "Pshhhkkkkkkrrrrkakingkakingkakingtshchchchchchchchcch" at each other before deciding on a conversation topic and speed...
This book [1] by a former FBI interrogator calls this technique "empathetic presumption". You'll hear it used by some of the must successful interviewers like David Letterman and Howard Stern.
Though most open source licensed projects allow anyone to come along and access the source, the strict interpretation of the GPL for instance, is that those rights are only extended to customers/users of the software. Those customers are perfectly within their rights to distribute it openly in turn - but as I understand it, neither the the copywrite holder(s) of the source nor the providers transmitting a GPL project to an end user are obligated to provide a copy to any person who asks. Only that particular user who was provided the binary.
Even though OSI clearly defines what "open source" means, it is sometimes (often even?) used as a synonym for "source available", as opposed to "free software" (which is the term that FSF promotes).
I'm not saying which term is better, just explaining why "open source" might not be objectively wrong in this case.
> Even though OSI clearly defines what "open source" means, it is sometimes (often even?) used as a synonym for "source available"
Where do they define this? In the OSI definition it doesn't mention having the source available for everyone, only that whoever has the program should be able to get the source[0]. I do believe it doesn't follow "open source" the development model where development is in the open and anyone can contribute.
I doubt there's anybody who uses the term "open source" that didn't just read it in the latest issue of CTO Monthly who'd argue against code under the AGPL being "clearly open source".
Being on Github doesn't make a project open source. Having a way for other people to easily contribute doesn't make a project open source. But being licensed under AGPL 100% does make a project open source.
The only thing missing for me to use it would be Vulkan support. I'm sure it will land soon and if not I guess I can put in the effort and make a patch/PR. =)
