If you don't want to go macOS route and want to leave Linux world, your destination would be FreeBSD or OpenBSD.
On the other hand, if you're not running Wine, you can't get autorun virii from USB drives, plus the Windows virii just lives there and can't do anything.
Plan9 is like ocean yacht racing. If you have to ask about the "cost" you aren't the target market.
Plan9 is like writing. You either do it, or talk about doing it. I'm talking not doing btw. I tried, but I got stuck on trivial things and the barrier to asking for help over 2+2= is high. (No offence intended. The 9 heads aren't interested in running a kindergarden)
What's written on the can reads "please don't sue us, we're not a monopoly, and we will not gouge users".
On the other hand Netflix will make its subscribers fund everything without reducing their income, and will not give these subscribers at least half of that content, because, why not?
Wasn't that a copyright issue? I thought the point of contention is that Google allegedly copied Oracle's API design when they re-wrote Java for Android.
The license is Apache 2.0. With the trademark, they can tell everyone not to call their thing TypeScript but at this point, given the license, they can't tell them not to copy it and change it and distribute that new thing (assuming the new distributors do so under the correct conditions).
> they are just protecting their business and protecting their business "accidentally" also protecting the customer's benefits.
part is wrong. From my observation, they are protecting their business through protecting their customers' benefits.
Plus, they're building a moat collectively and from an open source stack. So, given the stack gets enough momentum, having Valve or not as a company won't matter anymore.
It's trying to get the elephant out of the bag, and once it's out, then there's really no way to put it back, because it's being out is better for everybody. Game companies and gamers alike.
> From my observation, they are protecting their business through protecting their customers' benefits.
Yeah that's what I mean too, that's why I put the "accidentally" in a double-quote.
This sounds like what Red Hat is doing, they created an open-source software, prove the importance of it in the community then sells the support package to enterprise who interested in using it.
Hope that they will not close the door when Microsoft, AWS or Oracle making their own GabeCube and call it SatyaCube, BozosCube or LarryCube
Microsoft already has the XBox and despite being backed by one of the biggest tech companies in the world it's a rather weak product. To add to this, with every major studio acquisition they have done there has been a noticeable increase in game monetization and decrease in quality.
AWS has tried to get into the gaming market and only succeeded in creating giant money sinks even if some of their products were technically appealing.
Oracle making anything consumer-facing, much less something that isn't a total nightmare, seems inconceivable.
Valve is able to completely outmatch competitors in a chosen field because of what they are like as a company. No shareholders that expect quarterly growth. No massive bureaucratic corporate structure, just highly skilled engineers for the most part.
Microsoft is also moving more and more away from hardware exclusivity. Even their Xbox Game Pass service is now not tied to the console.
More broadly, AAA gaming as a whole is also moving away from hardware exclusivity. Third-party developers (like Square-Enix) have been making recent releases for all major platforms, and even some first-party console titles are now coming to PC (eg, the Horizon games from Sony).
I'm optimistic about the future of non-locked-down gaming.
I think this calls out a subtle, but significant difference between private and public companies.
Public companies as an asset class have to compete with an open market of other investments, so the incentives drive a min-maxing approach to revenue and value. The shareholder mandate dictates the company pursue maximal return in order to stay competitive amongst a sea of other potential investments.
A private company doesn't have this same concern. They still need to pursue profit, but not necessarily MAXIMUM profit. This means that in a sea of hypothetical directions, they are free to choose one that is slightly less profitable but has an abundance of positive externalities, vs. one that is maximally profitable but carries many negative externalities.
The immoral thing about gen-AI is how it's trained. Regardless of source code, images or audio; the disregard of licenses and considering everything fair-use and ingesting them is the most immoral part.
Then there comes the environmental cost, and how it's downplayed to be able to pump the hype.
I'm not worried about the change AI will bring, but the process of going there is highly immoral, esp. when things are licensed to prohibit that kind of use.
When AI industry says "we'll be dead if we obey the copyright and licenses", you know something is wrong. Maybe the whole industry shouldn't build a business model of grabbing whatever they can and running with it.
Because of these zealots, I'm not sharing my photos anymore and considering not sharing the code I write either. Because I share these for the users, with appropriate licenses. Not for other developers or AI companies to fork, close and do whatever do like with them.
I find copyright itself immoral. Intellectual "property" is a made up fiction that shouldn't exist and only entrenches existing players, see Disney lobbying continuously to get higher and higher copyright durations all to keep Mickey under their control, until very recently; patents too are not filed by individual inventors anymore, it's massive corporations and patent trolls that serve no useful purpose. There is a reason many programmers like open source and especially copyleft, the latter of which is an explicit battling of the copyright system through its own means. Information should be free to be used, it should not be hoarded by so-called copyright holders.
I believe I failed to convey what I'm trying to say.
I'm a strong believer on copyleft. I only share my code with GNU/GPLv3+, no exceptions.
However, this doesn't allow AI companies to scrape it, remix it and sell it under access. This is what I'm against.
If scraping, closing and selling GPLv3 or strong copylefted material is fair use, then there's no use of having copyleft if it can't protect what's intended to be open.
Protecting copyleft requiring protecting copyright, because copyleft is built upon copyright mechanism itself.
While I'm not a fan of a big media company monopolizing something for a century, we need this framework to keep things open, as well. Copyright should be reformed, not abolished.
Consider regulatory capture though. If we have such entrenched copyright that only big companies can afford to pay the licensing fees, then we'll never have actually democratized open source models. It's actually a method of entrenched players of a market to want regulation because they know only they can comply with them, effectively turning it into a de facto monopoly. That is precisely why I want all information to be free, and to allow anyone and everyone to copy my works. And also because copyleft exists only as a response to copyright, otherwise those that favor copyleft would just prefer no copyright at all; many only prefer it because that's the only way to enforce their wishes to have copyright be abolished. In my mind, I see the higher order effects of only allowing big players to pay for copyright, because it's not as simple as licensing it to them. Hopefully I have changed your mind as to copyright, otherwise I'd be happy to continue the conversation.
Yes, copyleft exists as a response to copyright, but it builds something completely different with respect to what copyright promises. While copyright protects creators, copyleft protects users. This part is generally widely misunderstood.
Deregulation to prevent regulatory capture is not a mechanism that works when there's money and a significant power imbalance. Media companies can always put barriers to the consumption of their products through contracts and other mechanisms. Signing a contract not to copy the thing you get to see can get out of hand in very grim ways. Consumers are very weak compared to the companies providing the content, because of the desirability of the content alone, even if you ignore all the monetary imbalance.
Moreover, copyleft doesn't only prevent that kind of exploitation; it actively protects the user by making it impossible to close the thing you get. Copyleft protects all the users of the thing in question. When the issue is viewed in the context of the software, it not only allows the code to propagate indefinitely but also allows it to be properly preserved for the long run.
Leaving things free-for-all again not only fails to protect the user but also profits the bigger companies, since they have the power to hoard, remix, refine, and sell this work, which they get for free. So, it only carries water to the big companies' water wheels. Moreover, even permissive licenses depend on the notion of copyright to attribute the artifact to its original creator.
Otherwise, even permissively licensed artifacts can be embedded in the works of larger companies and not credited, allowing companies to slightly derive the things they got for free and sell them to consumers on their own terms, without any guardrails.
So abolishing copyright not only will further un-democratize things, but it'll make crediting the creators of the building blocks the companies use to erect their empires impossible.
This is why I will always share my work under strong copyleft or non-commercial/share-alike (and no-derivatives, where it makes sense) licenses.
In short, I'm terribly sorry to tell you that you didn't convince me about abolishing copyright at all. The only thing you achieved was to think further on my stance, fill the mental gaps I found in my train of thought, and fill them appropriately with more copyleft support. Also, it looks like my decision not to share my photos anymore is getting more concrete.
For my money, the scorpion is halfway across the river and y’all are about to become the frog. I haven’t touched a windows machine in 15 years and I’d really like to continue that streak to the grave. Gaben is working hard to become my new favorite tech person by trying to claw gaming off of the PC. I really hope he wins.
Crazy. Who would have an incentive to spend resources on DDoS'ing Codeberg? The only party I can think of would be Github. I know that the normalization of ruthlessness and winner-takes-all mentality made crime mandatory for large parts of the economy, but still cannot wrap my mind around it.
Not just them. For example, Qt self hosted cgit got ddos just two weeks ago. No idea why random open source projects getting attacked.
> in the past 48 hours, code.qt.io has been under a persistent DDoS
attack. The attackers utilize a highly distributed network of IP
addresses, attempting to obstruct services and network bandwidth.
Probably some little script kiddie fucks who think they are elite mega haxors and use their mommie's credit card to pay one of the ddos services readily accessible.
DDoS are crazy cheap now, it could be a random person for the lulz, or just as a test or demo (though I suspect Codeberg aren't a bit enough target to be impressive there).
What is cheap and what are the risks of getting caught? I can understand that for a 15 yo it might be for the lulz, but I am having a hard time to imagine that this would give street creds, and why be persistent about it. AI-bots would make more sense, but these can be dealt with.
Big tech would be far more interested in slurping data than DDoS'ing them.
An issue with comments, linked to a PR with review comments, the commit stack implementing the feature, and further commits addressing comments is probably valuable data to train a coding agent.
Serving all that data is not just a matter of cloning the repo. It means hitting their (public, documented) API end points, that are likely more costly to run.
And if they rate limit the scrappers, the unscrupulous bunch will start spreading requests across the whole internet.
I think the goal is unclear, but the effect will be that Codeberg will be perceived as less of a real, stable alternative. Breaking in was not in my mind, but that will have the same effect, maybe even more damaging.
Now, if that has been the intended effect, I hope I won't have to believe that.
Story time:
I remember that back in the day I had a domain name for a pretty hot keyword with a great, organic position in Google rankings. Then someday it got all of a sudden serious boost from black-SEO, with a bazillion links from all kinds of unrelated websites. My domain got penalized and dropped of from the front page.
For threat analysis, you need to know how hard you are to break in, what the incentives are, and who your potential adversaries are.
For each potential adversary, you list the risk strategy; that's threat analysis 101.
E.g. you have a locked door, some valuables, and your opponent is the state-level. Risk strategy: ignore, no door you can afford will be able to stop a state-level actor.
I concur the question, "Who would have an incentive to spend resources on DDoS'ing Codeberg?" is a bit convoluted in mixing incentive and resources. But it's still, exactly, threat analysis, just not very useful threat analysis.
I said e.V., not EV. Codeberg is an e.V., i.e. a "registered association" in Germany. I am not actually sure if you could technically buy an e.V., but I am 100% certain that all of the Codeberg e.V. members would not take kindly to an attempt at a hostile takeover from Microsoft. So no, buying Codeberg is not easier than DDoSing them.
What do you mean by "orgs", and what do you mean by "the codeberg"?
Sure, they could try to bribe the Codeberg e.V. active members into changing its mission or disbanding the association entirely, but they would need to get a 2/3 majority at a general assembly while only the people actively involved in the e.V. and/or one of its projects can get voting rights. I find that highly unlikely to succeed.
Are there standards committees with 786 voting members, of which you would have to convince at least 2/3 to betray the ideals of the association they chose to actively take part in to get the association to disband or otherwise stop it from pursuing its mission?
~800 members? That's great to hear actually. I like Codeberg and want them to succeed and be protected from outside effects.
That's said, I believe my comparison checks out. Having ~800 members is a useful moat, and will deter actors from harming Codeberg.
OTOH, the mechanism can still theoretically work. Of course Microsoft won't try something that blatant, but if the e.V loses this moat, there are mechanisms which Microsoft can and would like to use as Codeberg gets more popular.
I think another big "moat" is actually that Codeberg is composed of natural people only (those with voting rights, anyway). Real people have values, and since they have to actively participate in Codeberg in some way to get voting rights those values are probably aligned with Codeberg's mission. I don't actually now the details of the standardization process you cite, but I think this is a big difference to it.
Additionally, from skimming the bylaws of Codeberg I'd say they have multiple fail-safes built in as additional protection. For one, you can't just pay ~1600 people to sign up and crash a general assembly, every membership application has to be approved first. They also ask for "support [for] the association and its purpose in an adequate fashion" from its members, and include mechanisms to kick people out that violate this or are otherwise acting against Codeberg's interests, which such a hostile attack would surely qualify as.
Of course it's something to stay vigilant about, but I think Codeberg is well positioned with regard to protecting against a hostile takeover and shutdown situation, to the point that DDoS is the much easier attack against them (as was the initial topic).
Part of the problem is that Codeberg/Gitea's API endpoints are well documented and there are bots that scrape for gitea instances. Its similar to running SSH on port 22 or hosting popular PHP forums software, there are always automated attacks by different entities simply because they recognize the API.
Try exposing a paswordless SSH server to outside to see what happens. It'll be tried immediately, non-stop.
Now, all the servers I run has no public SSH ports, anymore. This is also why I don't expose home-servers to internet. I don't want that chaos at my doorstep.
Yeah, I have been thinking about hosting a small internet facing service on my home server, but I’m just not willing to take the risk. I’d do it on a separate internet connection, but not on my main one.
You can always use a small Hetzner server (or a free Oracle Cloud one if you are in a pinch) and install tailscale to all of your servers to create a P2P yet invisible network between your hosts. You need to protect the internet facing one properly, and set ACLs at tailscale level if you're storing anything personal on that network, though.
Yeah no need for public ssh. Or if you do pick a random port and fail2ban or better just whitelist the one IP you are using for the duration of that session.
To avoid needing SSH just send your logs and metrics out and do something to autodeploy securely then you rarely need to be in. Or use k8s :)
This is just FUD, there is nothing dangerous in having an SSH server open to the internet that only allows key authentication. Sure, scanners will keep pinging it, but nobody is ever going to burn an ssh 0day on your home server.
A few years ago a vulnerable compression library almost got pushed out that major Linux distros linked their OpenSSH implementations to. That was caught by blind luck. I'm confident there's a lot more shit out there that we don't know about.
"opsec" includes well defined things like threat modeling, risk factors, and such. "Things I have seen" and vague "better safe than sorry" is not part of that.
I may try to package it, and if it proves to be easy to maintain, I might file an ITP.
reply