I missed the part where I said I don’t trust Google. You seemed to have ignored everything of substance in my response, namely putting a password on the passkey doesn’t remove passwords and the extension of things like FIDO2 beyond web auth.
If you replace passwords with passkeys that must be protected by a password, you haven’t replaced passwords, you’ve just moved where the attack can happen. While I think there’s certainly value in that, it’s very disingenuous to say you’ve replaced passwords.
Passkeys are used for more than web services and have the possibility to replace other security options elsewhere (being something you have, one of the three secrets possible). Their lack of protection, at least in the United States, is a very serious problem. Your points do nothing to address this and highlight just how bad the situation is.
The important stuff for privacy is his stance on “accidentally” injecting Brave crypto referral links into user sessions and defending it as a way to make money because he got Mozilla to use Google for cash. Eich will sell your data when he decides it’s the best way for Eich to make money. I got into a Twitter slap fight with him around then about the incongruity of his desire to track and sell users. He doesn’t care. Brave also has VC funding from non-privacy actors which means it’s only a matter of time before everything is monetized. Brave’s layoffs come as Brave is working on monetizing everything its free users do.
You can get free offers from most places. If you juggle accounts and don’t do a ton, you can use AWS for free perpetually without dealing with this odd idle fandango.
I’m not sure why you brought up the CC license; unlicensed GitHub repos do not use that and, generally, it’s understood that CC licenses cover documentation only for the reasons you cited.
I think you and I fundamentally disagree about the point of FSF. Open source is not a vow of poverty, you’re right; copyleft damn near is. Open source is an umbrella that covers both open and copyleft licenses. For the average business that wants to keep closed source code, copyleft modules are poison. I’ve handled the compliance process for both SMB and enterprise companies. Unless you’re someone like Red Hat, copyleft is basically noncommercial. AGPL, SSPL, and BSL are joke licenses that also present the exact same problems as copyleft albeit much worse for businesses to pick up. If you couldn’t tell, I don’t like copyleft code because I don’t think it’s okay to place restrictions on code beyond the basic litigation coverage things like the Apache 2.0 offer.
As for what SN is doing, my read of that was the code would be AGPL moving forward. My understanding is that you don’t need contributor approval to apply it (depending on the original license; in the case of the unlicensed code they have full power) but you do need contributor approval to remove it. If you’re right and they’re going to drop it after applying it, they’re opening themselves up to litigation should someone choose to pursue it.
Edit: just looked at the repo; they replaced the root AGPL with the CC license instead of, say, linking the CC license for docs and leaving AGPL in place. The individual packages don’t have licenses and the root code (eg scripts) don’t have one either. Ignore what I said about SN; they did everything wrong and it’s stressful to look at.
One of the frustrating things with Dagger is that you still have to set up your pipeline tool. Sure, you’re theoretically running the same thing local and remote, but it doesn’t remove much in the way of CI work. Azure stuff is (was?) less supported. And while the move away from CUE was the right one, there’s still a lot of CUE around.
Vanilla cargo.toml files are more akin to a requirements.txt than any of the others, which allow you to do things like set variables or create run scripts. However, vanilla cargo.toml files have some minimal Make functionality so it’s a bit more than just project dependencies. Each of those ecosystems has a slightly different approach to handling build tooling and dependency management. Rust puts the basic build and dependencies in one file with the assumption your system has the right Rust version, which is a lot simpler than others.
If they push AGPL, then the code is still open, it’s just explicitly copyleft. Any GPL license imposes serious restrictions on what the end user can do. AGPL further restricts what end users can do. Copyleft is similar but different from open source. Basically all they’re doing is leaving the code open to view but preventing anyone from money off of it.
Honestly for people like yourself this is exactly what you want for privacy software. Copyleft with commercial restrictions is basically the whole FSF vibe. This is much ado about nothing; previously the code was unlicensed on GitHub which is much more restrictive than AGPL.
I am a very competent developer. Copilot makes me a lot faster with net new code and tests because a lot of that stuff is very close to boilerplate so Copilot can build 95% of it for me. Declarative stuff like HCL is so much faster. Copilot doesn’t necessarily speed me up for things like bug fixes because a lot of that is code reading. Refactoring? Hell yeah. Way faster.
Here’s the study. If you look at the actual prompt (near the end), it’s exactly the kind of thing Copilot kicks ass at: something that’s super fucking common all over GitHub (a toy JavaScript server). I really don’t think my job is in jeopardy yet.
This was a component of a messaging app. I started using Jamboard at a company that used Google Workspace because it was integrated into Google Meet. Real nice and easy way to keep a whiteboard going. They’ve replaced it with other solutions like Figma and Miro now, but that means I now have to create new accounts for my org and unless we pay a premium, the tools don’t have SSO, just social auth. It’s not a personal inconvenience; it is a huge business inconvenience.
It’s one thing to have a bunch of repos up that a couple of people are pushing around here and there. It’s a totally different thing for a major open source presence to prop up a project instead of retiring it. This isn’t some random project; it’s run by a major org, doesn’t have good contribution flows, and has been struggling since 2013.
I do. I put my time where it is best served and makes a difference. That’s not this project. Not every open source project survives. That’s how it works. You make value judgements like the one the original author made that you still have nothing to say about. Your only point continues to be “you don’t get to complain unless you commit” which has been addressed multiple times by “this is not a good project to commit on.” This is a one-sided conversation.
If you work for a company that uses a reasonably good manager such as BitWarden, you should look into whether or not you get it for free or reduced. For the moment, at least, I use Bitwarden because I get it for free (and a families sub to boot!). I know 1password does the same; others might too. Do make sure you’re okay with paying the full price for a period of time in case you get laid off and have to migrate. Also make sure you’re okay with any compromises you make for the price tag. There is no price tag that makes LastPass acceptable, for example.
This was one of my favorite episodes as a kid.