Ferk

joined 3 years ago
[–] [email protected] 2 points 1 month ago* (last edited 1 month ago) (1 children)

You share public keys when registering the passkey on a third party service, but for the portability of the keys to other password managers (what the article is about) the private ones do need to be transferred (that's the whole point of making them portable).

I think the phishing concerns are about attackers using this new portability feature to get a user (via phishing / social engineering) to export/move their passkeys to the attacker's store. The point is that portability shouldn't be so user-friendly / transparent that it becomes exploitable.

That said, I don't know if this new protocol makes things THAT easy to port (probably not?).

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago) (1 children)

I'm ok with not considering it "public good" when something has a license that sets conditions and it's under Copyright of a particular private person/entity. But if you do need to ask consent to a private party for the use of something in a derivative work of certain conditions, then I don't think it makes sense to call it a public good.

[–] [email protected] 3 points 1 month ago* (last edited 1 month ago)

Yeah, it protects Jimmy from having to unconditionally contribute to society & its many organizations.

It allows Jimmy to set conditions and control who can use it and who cannot. For example, he can ally with one particular big corpo (or even start building one himself) so they can hold that thing hostage and require agreements/fees for the use of that thing for a long long time.

So now, instead of all people, including big (and small) corpos, having free access to the idea, only the friends of Jimmy will.

The reality is that if it wasn't for Jimmy, it's likely that Tommy would have invented it himself anyway at some point (and even improved on it!). But now Tommy can't work on the thing, cos Jimmy doesn't wanna be his friend.

So not only does it protect Jimmy from having to contribute to society without conditions, it also protects society from improving over what Jimmy decided to allow (some) people access to. No competition against Jimmy allowed! :D

Even without patents, if the invention is useful I doubt the inventor will have problems making money. It would be one hell of a thing to have in their portfolio / CV. Many corpos are likely to want Jimmy in their workforce. Of course, he might not become filthy rich.. but did Jimmy really deserve to be that much more richer than Tommy?

[–] [email protected] 6 points 1 month ago* (last edited 1 month ago)

There are many games that had that mechanic before Arceus.

In particular, Craftopia (which is from the same developers of Palworld) had capsule devices that you can throw to enemies in a "virtual space" while characters "engage in combat" before Arceus was a thing.

Just because they wrote a patent does not make it enforceable... patents don't really mean anything until they are actually tested in court so they are just tools to try and scare people away whenever a company wants to bully with the prospect of a lawsuit.

I feel that Palworld is likely to win this, this actually is an idiotic move from Nintendo and a win for Palworld.. now they will get more publicity, perhaps another spike in sales, and they are finally given the opportunity to prove how they are in the right, so they can shut up all the naysayers who complained about it. I'm hoping all the paranoic empty claims about "blatant asset theft" will be settled once and for all.

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago)

Yes, that's why im saying that this kind of problem isn't something particular about this project.

In fact I'm not sure if it's the case that the builds aren't reproducible/verifiable for these binaries in ventoy. And if they aren't, then I think it's in the upstream projects where it should be fixed.

Of course ventoy should try to provide traceability for the specific versions they are using, but in principle I don't think it should be a problem to rely on those binaries if they are verifiable.. just the same way as we rely on binaries for many dynamic libraries in a lot of distributions. After all, Ventoy is closer to being an OS/distribution than a particular program.

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago)

Yeah, it definitely is more appealing from a marketing perspective.

I do understand why some projects might wanna use the term, it's to their advantage to be associated with "open source" even if the source code itself has a proprietary license.

The problem is that then it makes it harder / more confusing to check for actually openly licensed code, since then it's not clear what term to use. Already "free software" can be confused with "free as in free beer".

[–] [email protected] 3 points 1 month ago* (last edited 1 month ago)

That discussion concluded essentially the same thing I said: that both the OSI and the FSF have essentially the same conditions and that "merely having the source available is not enough to meet what the OSD defines as open source" (sic).

Don’t police perfectly innocent and common use of language please.

Using "open source" for all kinds of source, regardless of how restrictive its license is, is definitely not a common use of the term.

People aren't gonna start using "open source" like that just because a few people find it more convenient for the marketing of their projects. To me it sounds like they are the ones policing to push for a particular language standard against what people commonly use, which is what makes language prescriptive, instead of descriptive.

[–] [email protected] 3 points 1 month ago* (last edited 1 month ago) (5 children)

I guess it's better than not providing any source code. What's wrong is calling it "open source" when it isn't.

VVVVVV and Anodyne are some examples of "source available" games.

[–] [email protected] 6 points 1 month ago* (last edited 1 month ago) (17 children)

According to the definition from the Open Source Initiative, "open source" also requires free redistribution. See the first point (emphasis mine).

  1. Free Redistribution

The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale.

It also requires freedom to distribute modifications:

  1. Derived Works

The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.

CC-BY-NC-ND is not "open source" (both due to the NC and the ND), it's more of a "source available" type of license (when applied to source code). The difference between "free software" and "open source" is more ideological than anything else, they both define the same freedoms, just with different ideological objectives / goals.

[–] [email protected] 1 points 1 month ago

I think that was already done a while ago with Swanstation libretro core.

[–] [email protected] 3 points 1 month ago* (last edited 1 month ago) (2 children)

That's ok if we are talking about malware publicly shown in the published source code.. but there's also the possibility of a private source-code patch with malware that it's secretly being applied when building the binaries for distribution. Having clean source code in the repo is not a guarantee that the source code is the same that was used to produce the binaries.

This is why it's important for builds to be reproducible, any third party should be able to build their own binary from clean source code and be able to obtain the exact same binary with the same hash. If the hashes match, then you have a proof of the binary being clean. You have this same problem with every single binary distribution, even the ones that don't include pre-compiled binaries in their repo.

[–] [email protected] 5 points 2 months ago* (last edited 2 months ago) (2 children)

Also I expect there should be more surveillance around powerful people like Larry Ellison, right?

The more powerful, the more important is to ensure good behavior, and the more public / peer-reviewed the AI model and its logs should be to avoid tampering/laundering.

 

It compiles materials from multiple books by Michael E. Shea: the Lazy Dungeon Master, the Lazy GM's Workbook and the Lazy GM Companion.

view more: next ›