• 0 Posts
  • 30 Comments
Joined 1 year ago
cake
Cake day: June 6th, 2023

help-circle
  • Licensing the source as GPL doesn’t really force the copyright holder (which is 100% BitWarden due to their Contributors Agreement^*, no matter who contributed the code) to do anything - they are absolutely free to release binaries built on the same codebase as proprietary software without any mention of the GPL.

    For example if I write a hello world terminal program, release its source code under GPLv3 and then build it and give the built binary to you (and a permission to use it), you cannot force me to give you the source code for that build because I never gave you a GPL licensed binary.

    If you were to take my GPLv3 source code and distribute a build of it however, you would have to license your binaries under GPLv3, because that’s the terms of the license I provided the source code to you under. Your users would then have the right to request the source code of those binaries from you. And if you released the build under an incompatible license, I (but not the users) could sue you for violating my license.

    Their previous versions, still being under the GPL, would require them to release a change to make it usable on desktops.

    License violations are usually not resolved by making the violator comply retroactively, just going forward. And it’s the copyright holder (so BitWarden themselves) who needs to force the violator to comply.

    ^* this is the relevant part of the CA:

    By submitting a Contribution, you assign to Bitwarden all right, title, and interest in any copyright in the Contribution and you waive any rights, including any moral rights or database rights, that may affect our ownership of the copyright in the Contribution.

    It is followed by a workaround license for parts of the world where copyright cannot be given up.


  • To be fair, giving a company that’s been failing to get themed icons to work on Android for almost four years now less than a month to make a significant change to a core part of their software is… quite weird?

    Like, the EU usually gives companies at least half a year to comply with smaller demands than this, because companies with such a huge bureaucracy load wouldn’t even be able to change an app logo in such a short amount of time.


  • OK, cool. Just remember that the only entity who can sue in this situation is Microsoft (because when you contribute code to VS Code, you must sign a CLA that says you give Microsoft full perpetual rights to distribute your code under any license they wish - it is Microsoft who then “graciously” releases your code under a copy left license while also building their proprietary version of VS Code using it).

    And Microsoft cannot use the code if it gets released under a copyleft license - that wouldn’t allow them to build their proprietary build with it. So the only one who can do anything has less than zero (because it would improve only the FOSS forks, which are meant to be inferior) interest in making these guys publish the source code as proper FOSS.




  • In my very limited experience with my 5400rpm SMR WD disk, it’s perfectly capable of writing at over 100 MB/s until its cache runs out, then it pretty much dies until it has time to properly write the data, rinse and repeat.

    40 MB/s sustained is weird (but maybe it’s just a different firmware? I think my disk was able to actually sustain 60 MB/s for a few hours when I limited the write speed, 40 could be a conservative setting that doesn’t even slowly fill the cache)





  • def generate_proof_of_work_key(initial_key, time_seconds):
        proof_key = initial_key
        end_time = time.time() + time_seconds
        iterations = 0
        while time.time() < end_time:
            proof_key = scrypt(proof_key, salt=b'', N=SCRYPT_N, r=SCRYPT_R, p=SCRYPT_P, key_len=SCRYPT_KEY_LEN)
            iterations += 1
        print(f"Proof-of-work iterations (save this): {iterations}")
        return proof_key
    
    
    def generate_proof_of_work_key_decrypt(initial_key, iterations):
        proof_key = initial_key
        for _ in range(iterations):
            proof_key = scrypt(proof_key, salt=b'', N=SCRYPT_N, r=SCRYPT_R, p=SCRYPT_P, key_len=SCRYPT_KEY_LEN)
        return proof_key
    

    The first function is used during the encryption process, and the while loop clearly runs until the specified time duration has elapsed. So encryption would take 5 days no matter how fast your computer is, and to decrypt it, you’d have to do the same number of iterations your computer managed to do in that time. So if you do the decryption on the same computer, you should get a similar time, but if you use a different computer that is faster at doing these operations, it will decrypt it faster.


  • It’s a very short Python script and I’m confident I get the general idea - there’s absolutely nothing related to current time in the decryption process. What they refer to as a “time lock” is just encrypting the key in a loop (so the encrypted key from one loop becomes the plain text for the next one) for the specified duration and then telling you how many iterations were done. That number then becomes a second part of the password - to decrypt, you simply provide the password and the number of iterations, nothing else matters.


  • Right, now get a borderline computer-illiterate person to connect to your network, ensure their firewall isn’t misconfigured to block all incoming traffic (with TeamViewer, this configuration would still work because the device just connects to the TV server) and open and set up a completely separate screen sharing program.

    I know none of these steps are difficult if you have any idea what you’re doing, but I’ve met plenty of people who would most likely need assistance going through the motions. Funnily enough, the best way to do it remotely would probably be to get them to install TeamViewer to then set this up for them remotely.

    By the way, as far as networking goes, Tailscale does the same thing TeamViewer does, just for a VPN instead of a screen sharing application - it will try to do all the NAT punchthrough techniques and IPv6 connection and fall back on tunneling through relay servers if all else fails. It’s not any more of a direct connection than TV.


  • Convenience (after you install it, all you have to do is enter the code and you’re connected, no other setup required), familiarity (it’s the default name people will think of or find if they want remote access - that alone means they can get away with pushing their users slightly more) and - IMHO most importantly - connectivity: if two computers can connect to the TeamViewer servers, they will be able to connect to each other.

    That’s huge in the world of broken Internet where peer to peer networking feels like rocket science - pretty much every consumer device will be sitting behind a NAT, which means “just connecting” is not possible. You can set up port forwarding (either manually or automatically using UPnP, which is its own bag of problems), or you can use IPv6 (which appears to be currently available to roughly 40% users globally; to use it, both sides need to have functional IPv6), or you can try various NAT traversal techniques (which only work with certain kinds of NAT and always require a coordinating server to pull off - this is one of the functions provided by TeamViewer servers). Oh, and if you’re behind CGNAT (a kind of NAT used by internet providers; apparently it’s moderately common), then neither port forwarding or NAT traversal are possible. So if both sides are behind CGNAT and at least one doesn’t have IPv6, establishing a direct link is impossible.

    With a relay server (like TeamViewer provides), you don’t have to worry about being unable to connect - it will try to get you a direct link, but if that fails, it will just act as a tunnel and pass the data between both devices.

    Sure, you can self host all this, but that takes time and effort to do right. And if your ISP happens to use CGNAT, that means renting a VPS because you can’t host it at home. With TeamViewer, you’re paying for someone else to worry about all that (and pay for the servers that coordinate NAT traversal and relay data, and their internet bandwidth, neither of which is free).


  • Are you sure you didn’t set DNS directly on some/all of your devices? Because in that case they won’t care about the router settings and will use whatever you set them to.

    Also as the other commenter said, DNS changes might not propagate to other devices on the network until the next time they connect - a reboot or unplugging the cable from your computer for a few seconds is a dirty but pretty OS agnostic way to do that.


  • No worries, nothing wrong with not knowing everything about every random subject. I would like to apologize for being overly harsh, I assumed that people in c/opensource would have general knowledge of this definition, but that assumption was clearly bad. So again, sorry.

    I assume the term is misused often.

    Yes, companies sometimes do that. Open source is marketable as a guarantee that you won’t fully lose access to a piece of software, and there aren’t any real consequences of misusing it. But there’s also a scheme called dual licensing where the software is available under two licenses - one license is open source but annoying for commercial use, and the other is a “normal” proprietary license under which businesses can buy the code. This is fine (as long as the provider has copyright to all the code being dual licensed) and is pretty common and makes the software open source.


  • But “open source” doesn’t even mean that you can reproduce it or use it for free.

    You’re thinking of source-available licenses. Open source has a clear and widely accepted definition that requires a certain level of freedom. You’re free to ignore this definition, but you can’t expect the rest of the world to do the same.

    To be clear, open source allows for only providing access to paying customers, but those paying customers are then free to use and distribute their copies without any further payment. Then it wouldn’t be open source anymore.


  • I mean, it’s called “LaTeX by example”, so there’s a pretty good chance it’s written in LaTeX, which you do indeed compile to get the PDF or whatever output you want.

    Also, just having access to the source doesn’t make it open source - that requires more freedoms. For example, here’s GitLab Enterprise Edition source code, fully functional and ready to be used. And also officially described as the proprietary edition of GitLab by the GitLab company itself. Why? Because its license pretty much boils down to “you can use this only for testing and development, unless you have paid for it”.



  • So, if I understand this correctly, open source means free beer, just not if you sell the end product.

    Yes, once you give the beer to someone, you can’t require any further payments no matter what they do with it. Free software philosophy says users are free to use the software however they wish and for whatever purpose they wish without any barriers (like having to pay for commercial use).

    its all a scam for free work for corpos then. Very disappointing.

    I’m sorry you feel that way, and it’s becoming a not-so-rare sentiment lately (or at least I’ve started noticing it more), but I don’t agree. Look at (A)GPL and how many companies are doing their best to avoid such code - like when Google made their own C library for Android and even stated that its main goal was to avoid copyleft licenses. I’ve also seen plenty of people say that GPL code is pretty much useless for their work due to their company’s policies forbidding its use.

    I also think that revenue-based loyalties screw over small companies the most - sure, you get the donations from the massive companies that can work with 1% of their revenue gone while also keeping it free for non-commercial users, but in my view you also help those same massive corporations by making the software less viable for their smaller competitors who don’t have the economies of scale on their side, and for whom that 1% might legitimately break the bank.

    And to be clear, I don’t mean any of my arguments as some kind of “gotcha! Look, I’m right and you’re wrong”, I just thought I might share my reasoning for why I don’t think your statement is fair.