starshipwinepineapple @ starshipwinepineapple @programming.dev

Posts

1

Comments

99

Joined

1 yr. ago

No. I said even if they don't maliciously comply with the license [by making the open sourced code unusable without the backend code or some other means outside of scope of this conversation] then they can charge for it.

The malicous part is in brackets in the above paragraph. The license is an OSI approved license that allows commercialization, it would be stupid for me to call that malicious.

Nothing. The context of this comment thread is "fuck corporations" and then proposing AGPL to solve that. I am merely pointing out that if their goal is to have a non-commercial license then AGPL doesn't solve that, which is why i mention they can charge for their services with AGPL.

Who hurt you!?

AGPL is the most restrictive OSI approved license (of the commonly used ones), but it is still a free (libre) open source license. My understanding is just that the AGPL believes in the end-users rights to access to the open source needs to be maintained and therefore places some burden to make the source available if it it's being run on a server.

In general, companies run away from anything AGPL, however, some companies will get creative with it and make their source available but in a way that is useless without the backend. And even if they don't maliciously comply with the license, they can still charge for their services.

As far as documentation goes, you could license documentation under AGPL, and people could still charge for it. It would just need to be kept available for end-users which i don't think is really a barrier to use for documentation.

It would be much more customer and developer friendly to allow linking a service portal instead of providing a phone number. I would go insane if a user called me directly every time one of my projects had a bug or some perceived (non)issue. No, that's not how this works.

Kebab or snake for ease of parsing through them.

Either i wasn't clear or you are replying to the wrong person, but i am in support of foss projects asking for donations in a reasonable manor such as this

There is an option to disable it permanently. Otherwise it is once a year and easily dismissed

It's once per year, easily dismissed, and can be permanently disabled. Seems entirely reasonable for a piece of free software that someone would use everyday

Never. For the most part i haven't had a question that hasn't already asked or that couldn't be answered from reading the docs or some other source. For the cases i get stuck i ask the question to a more focused group

And if you want a private repo, you can also use gitlab and point to custom domain with gitlab pages or cloudflare pages.

Yes, oracle will reclaim your server if it falls under certain thresholds for the resources you've signed up for. So it might be better to request less resources then you need but this will somewhat complicate things if you want more resources in the future since iirc you can't simply resize.

One way to get around all of this though is convert to pay as you go (PAYG). PAYG gets the same always free allocations and you only pay for use above that, and oracle won't reclaim PAYG (at least not my server for ~4 years). Just set up a budget of a $1 and then alerts to email you if you reach 1% of your budget. If you somehow go over your free resources it'll tell you.

Lastly in some cases oracle just straight up loses your data or disables your account. As always practice 3-2-1 backups (don't rely on the free rotating backups on their servers as your only backup).

It's some hoops to jump through but i was paying $5/ month for a digital ocean droplet and the oracle server has been running for 4 years now, and i also have scaled up one project and started a few others that wouldn't have all fit on my droplet. Other than the threat of reclaiming my resources before i switched to PAYG I've been pretty happy with it.

It would be a good idea to at least buy one or several domain .TLDs for open source projects even if you currently aren't planning to make use of them. If nothing else getting a domain prevents someone else from registering it, and you could start using them to make legitimate results higher in search results. This is easiest when you are first starting a project and can check availability before settling on a name.

The problem is that there are hundreds of TLDs so you're not going to be able to register them all. Simplex mentioned they reported the domain. If you do an ICANN lookup you can find an abuse email for the domain, which would be an email for the registrar. You can report to that email and it is likely they will remove the site. You can also go directly to the TLD and report abuse to them as well.

Beyond that search for your project every once and a while and see what comes up or what doesn't come up.

Ive been meaning to move to codeberg, self hosted forgejo, or sourcehut so this will only accelerate that if things get worse.

Thanks! I'll add that to my list to check out

If you only ever keep your repository private AND it is not a fork of a public repo, then you are fine. Full stop.

If you ever fork the repo and make a "INTERNAL" private fork but move the main project public then anything you commit to the private fork will be discoverable through the public project.

Basically you should assume if you make a repo public then the repo and all of its forks will be public-- even if the forks are "private" the commit data can be found through the main repo.

The original report: https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github

Well to speak of the obvious- open source. I've heard good things about obsidian but i am not trusting a closed source app with my notes/ mind-maps

This project looks pretty promising, and is open source.

Pull request aka merge request. Part of the approval process to add/ update code in a repository

Alright, which one of you 🙈 the PR last night